The Government Accountability Office (GAO) has found that federal grants to help homeowners recover after disasters are vulnerable to fraud.
In response to the damage caused by natural disasters in 2017 through 2019, Congress appropriated approximately $39 billion in disaster block grant funds to the Department of Housing and Urban Development (HUD). In 2017, three hurricanes – Harvey, Irma, and Maria – resulted in an estimated $265 billion in damage, much of which was to residential properties. As of March 2023, HUD was overseeing 222 disaster block grants totaling approximately $92.4 billion. The earliest of these grants was related to disasters in 2001.
GAO says the decentralized environment in which HUD’s disaster block grants operate creates vulnerabilities to different types of fraud as funds are distributed to grantees, subrecipients, contractors, and subcontractors.
The government watchdog has previously reported on fraud risks at HUD. In May 2021, a GAO review found that HUD had taken some steps to assess fraud risks agency-wide, but had not conducted a comprehensive fraud risk assessment.
Meanwhile, the Office of Inspector General at HUD has also listed grant management and fraud risk among its Top Management Challenges, and says the department is missing opportunities to detect and mitigate fraud risks.
Now, GAO’s latest analysis of applicant data has again identified vulnerabilities to fraud. Out of 8,260 households reviewed, GAO identified a potential duplication of benefits because 500 households were approved for Federal Emergency Management Agency (FEMA) assistance that is potentially duplicative of disaster block grant assistance. The FEMA-only assistance for these households totaled over $1 million. GAO also identified potentially ineligible households. For example, 197 households with estimated income over limits were approved. The estimated income for two of these households exceeded $330,000, which is far above the income limits.
GAO also found that HUD does not require grantees and subrecipients to collect applicant data in a complete and consistent manner to support applicant eligibility determinations and fraud risk management. During the course of its analysis, GAO found several instances where data relevant to applicant eligibility were not collected or were missing. Four example, three of the four grantees and subrecipients in the watchdog’s review did not collect applicant Social Security numbers. In addition, 52 percent of approved households were missing occupancy information and 53 percent were missing property ownership information, both of which are necessary to assess applicant eligibility. Several other approved households were missing information that would indicate the damaged address was their primary residence.
During its analysis, GAO identified key players who are important to HUD’s risk-based monitoring because of the greater potential impact they have on the contracting environment. Specifically, GAO identified 16 contractors and 30 subcontractors that are key players within a network of 1,324 entities. While key players’ ability to influence or diffuse information can lead to positive outcomes, fraud risk is heightened when information on control vulnerabilities or wrongdoing is more easily shared across the network.
GAO’s analysis of the 16 contractors that are key players illustrates how HUD and grantees could better understand the disaster block grant risk environment by collecting contractor and subcontractor data, such as unique entity identifiers. Currently, HUD’s approach to identifying and managing risks focuses on monitoring individual grantees and GAO believes this method may not fully assess risks across the contracting environment. The watchdog also found that HUD does not provide specific guidance to grantees on standards or requirements for collecting data. Additional guidance from HUD on what data elements to collect could support grantees’ and subrecipients’ ability to identify contractors that are debarred, suspended, or excluded from receiving federal contracts.
To address the shortcomings found during its review, GAO is making seven recommendations to HUD:
- Develop guidance for grantees and subrecipients on collecting complete and consistent data to better support applicant eligibility determinations and fraud risk management.
- Update the Monitoring Handbook for Disaster Recovery Community Development Block Grant monitoring activities to provide additional guidance in the selection of contracts for review. GAO says this should include factors such as contractors that present increased risk to the CDBG-DR environment, including those where allegations of fraud, waste, or abuse have been made.
- Identify ways to collect and combine contractor and subcontractor data across grantees and subrecipients to facilitate risk analyses, such as by expanding the Disaster Recovery Data Portal, Disaster Recovery Grant Reporting System, or other appropriate systems.
- Develop and implement guidance for grantees and subrecipients to collect contractor and subcontractor data to facilitate identification of contractor and cross-cutting fraud risks through approaches such as network analysis.
- Develop guidance on data elements to be collected by grantees and subrecipients, to determine if a contractor has been suspended, debarred, or excluded from working on government contracts.
- Ensure that grantees and subrecipients have attended fraud related training as required. This could include requesting and reviewing attendance documentation from the Office of Inspector General and grantees.
- Ensure that grantees and subrecipients are made aware of available fraud-related training and make training available on demand to grantees and subrecipients.
HUD’s response to the recommendations was mixed. It agreed with some and noted that it is implementing a department-wide fraud risk management process that includes data analytics, and that it would undertake program-specific fraud assessments, fraud risk inventories, and periodic fraud risk training. However, HUD also noted that “it is neither practical nor feasible for grantees recovering from a major disaster to implement the type of sophisticated network analysis described in the report while concurrently administering the recovery programs.”