Expedited Assistance for Victims of Hurricanes Katrina and Rita:
FEMA's Control Weaknesses Exposed the Government to Significant Fraud and Abuse
GAO-06-403T: Published: Feb 13, 2006. Publicly Released: Feb 13, 2006.
As a result of widespread congressional and public interest in the federal response to hurricanes Katrina and Rita, GAO conducted an audit of the Individuals and Households Program (IHP) under Comptroller General of the United States statutory authority. Hurricanes Katrina and Rita destroyed homes and displaced millions of individuals. In the wake of these natural disasters, FEMA faced the challenge of providing assistance quickly and with minimal "red tape," while having sufficient controls to provide assurance that benefits were paid only to eligible individuals and households. In response to this challenge, FEMA provided $2,000 in IHP payments to affected households via its Expedited Assistance (EA) program. Victims who received EA may qualify for up to $26,200 in IHP assistance. As of mid-December 2005, IHP payments totaled about $5.4 billion, with $2.3 billion provided in the form of EA. These payments were made via checks, electronic fund transfers, and a small number of debit cards. GAO's testimony will provide the results to date related to whether (1) controls are in place and operating effectively to limit EA to qualified applicants, (2) indications exist of fraud and abuse in the application for and receipt of EA and other payments, and (3) controls are in place and operating effectively over debit cards to prevent duplicate EA payments and improper usage.
We identified significant flaws in the process for registering disaster victims that leave the federal government vulnerable to fraud and abuse of EA payments. For Internet applications, limited automated controls were in place to verify a registrant's identity. However, we found no independent verification of the identity of registrants who registered for disaster assistance over the telephone. To demonstrate the vulnerability inherent in the call-in applications, we used falsified identities, bogus addresses, and fabricated disaster stories to register for IHP. We also found that FEMA's automated system frequently identified potentially fraudulent registrations, such as multiple registrations with identical social security numbers (SSN) but different addresses. However, the manual process used to review these registrations did not prevent EA and other payments from being issued. Other control weaknesses include the lack of any validation of damaged property addresses for both Internet and telephone registrations. Given the weak or non existent controls, it is not surprising that our data mining and investigations to date show the potential for substantial fraud and abuse of EA. Thousands of registrants misused SSNs, i.e., used SSNs that were never issued or belonged to deceased or other individuals. Our case study investigations of several hundred registrations also indicate significant misuse of SSNs and the use of bogus damaged property addresses. For example, our visits to over 200 of the case study damaged properties in Texas and Louisiana showed that at least 80 of these properties were bogus--including vacant lots and nonexistent apartments. We found that FEMA also made duplicate EA payments to about 5,000 of the nearly 11,000 debit card recipients--once through the distribution of debit cards and again by check or electronic funds transfer. We found that while debit cards were used predominantly to obtain cash, food, clothing, and personal necessities, a small number were used for adult entertainment, bail bond services and weapons purchase, which do not appear to be items or services that are essential to satisfy disaster related essential needs.