Hurricane Sandy:

FEMA Has Improved Disaster Aid Verification but Could Act to Further Limit Improper Assistance

GAO-15-15: Published: Dec 12, 2014. Publicly Released: Dec 12, 2014.

Additional Materials:

Contact:

Seto J. Bagdoyan
(202) 512-6722
bagdoyans@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

By implementing new controls since the mid-2000s, the Federal Emergency Management Agency (FEMA) improved its ability to detect improper and potentially fraudulent payments, but GAO identified continued weaknesses in the agency's validation of Social Security numbers, among other things. As of August 2014, FEMA stated that it had provided over $1.4 billion in Hurricane Sandy assistance through its Individuals and Households Program (IHP)—which provides financial awards for home repairs, rental assistance, and other needs—to almost 183,000 survivors. GAO identified $39 million, or 2.7 percent, that was at risk of being improper or fraudulent, compared to 10–22 percent of similar assistance provided for Hurricanes Katrina and Rita. GAO identified payments as at-risk if they had characteristics indicating, for example, that ineligible recipients or duplication of assistance could be involved. However, it is not possible to determine whether these payments were definitively improper or fraudulent without inspecting each payment. FEMA officials reviewed GAO's findings and stated that at least $6.1 million of the $39 million were not improper or fraudulent, but GAO could not independently confirm their conclusions for each payment.

In February 2006, FEMA began using a tool to validate the identity of applicants during registration. FEMA also hired contractors to inspect damaged homes to verify the identity and residency of applicants and that reported damage was a result of Hurricane Sandy. However, in this review, GAO found 2,610 recipients with potentially invalid identifying information who received $21 million of the $39 million GAO calculated as potentially improper or fraudulent. GAO's analysis included data from the Social Security Administration (SSA) that FEMA does not use, such as SSA's most-complete death records. Collaborating with SSA prior to providing assistance could give FEMA additional information to further reduce its risk of assisting ineligible applicants.

FEMA and state governments faced challenges in obtaining the data necessary to help prevent duplicative payments from overlapping sources. For example, FEMA was unable to identify potentially duplicative rental-assistance payments to recipients of its Sheltering and Temporary Essential Power pilot program, in part because it did not request the necessary data from states at the program's outset. FEMA recently took steps to make data sharing among programs easier, including initiating a committee to explore ways to maintain and share relevant data needed to evaluate and help prevent potentially duplicative assistance in the future. In addition, FEMA relies on self-reported data from applicants regarding private home insurance—a factor the agency uses in determining benefits, as federal law prohibits FEMA from providing assistance for damage covered by private insurance. By examining data from entities that provide federally backed mortgages, GAO identified 534 individuals receiving over $2.3 million in home repair and personal property assistance who said they did not have private insurance but had mortgages that require such insurance. FEMA reviewed 55 cases and stated that 32 were likely appropriate because the assistance was for damage not covered by private insurance. However, the risk remains that some individuals may have received assistance from FEMA for ineligible expenses. Assessing a variety of methods to verify self-reported data would provide FEMA greater assurance that it has a cost-effective means of obtaining sufficiently accurate and reliable information.

Why GAO Did This Study

Hurricane Sandy struck the United States in October 2012, causing an estimated $65 billion in damages. FEMA provides assistance to survivors through IHP and other programs. Part of its mission is to provide assistance quickly, but GAO previously identified weaknesses in FEMA's ability to do so while protecting government resources. Moreover, GAO's 2006 reports on Hurricane Katrina and Rita showed that FEMA did not consistently validate the identity of applicants or inspect damaged properties.

GAO was asked to review the internal controls FEMA's IHP used in response to the storm. This report discusses (1) the extent to which FEMA implemented controls to help prevent IHP payments that are at risk of being improper or potentially fraudulent and (2) challenges FEMA and states faced obtaining information to help prevent IHP payments from duplicating or overlapping with other sources in its response to Hurricane Sandy.

GAO reviewed FEMA's records for assistance provided to the five states that received IHP following the storm, assessed FEMA's controls to prevent individuals from fraudulently receiving disaster assistance, and interviewed FEMA officials and selected officials from states impacted by the storm.

What GAO Recommends

GAO recommends, among other things, that FEMA collaborate with SSA to obtain additional data, collect data to detect duplicative assistance, and implement an approach to verify whether recipients have private insurance. FEMA concurred with the recommendations.

For more information, contact Seto J. Bagdoyan at (202) 512-6722 or bagdoyans@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: FEMA determined that improvements to these controls would be cost effective and feasible. FEMA estimated that the improvements would be made by March 2018.

    Recommendation: To help FEMA prevent improper payments, the Administrator of FEMA should assess the cost and feasibility of addressing limitations in FEMA's control for identifying duplicate information in applications in high-risk data fields--such as SSN, bank-account information, address, and phone number--that may currently allow individuals or households to improperly receive multiple payments, and if determined to be costbeneficial take steps to address the system design limitation.

    Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency

  2. Status: Closed - Implemented

    Comments: In our report, we identified 534 Individuals and Households Program (IHP) recipients as receiving potentially duplicative or fraudulent payments after determining that the applicants had federally-backed mortgages on their damaged homes. Federally-backed mortgages require homeowners to hold homeowners insurance, but these 534 recipients reported in their applications that they did not have such insurance. FEMA identified $794,122 in assistance to 424 applicants as payments that should have been paid for through the applicants homeowners insurance instead of through the IHP. FEMA estimated that costs to add a new question to the IHP application form to address this issue were about $25,000. FEMA officials determined that, because the cost of adding a question to the application was less than the $794,122 identified as duplicative payments, it would be cost effective to add the question, "Do you have a mortgage for the damaged residence?" to the IHP application in 2017. FEMA further evaluated the option of sharing data with federal mortgage agencies to identify duplicative payments during future disasters, but found that the mortgage agencies did not have sufficient details about insurance providers or coverage plans to make conclusive determinations about applicants' claims. A memo dated November 10, 2015 from FEMA's Director of the Recovery Programs Technology Division outlines the requirements for the addition of the question to the application in 2017.

    Recommendation: To prevent assistance that duplicates homeowner insurance benefits, the Administrator of FEMA should evaluate options, including costs and feasibility, to identify an approach for verifying the accuracy of self-reported information FEMA receives on whether applicants have private homeowners insurance. Such options could include posing additional questions to applicants, sharing data with federal agencies to identify federally backed mortgages, or developing a data-sharing approach with private insurance companies.

    Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency

  3. Status: Open

    Comments: In June 2016, FEMA reported coordinating with SSA and evaluating the cost and feasibility of using SSA's publically available death master file. However, GAO's recommendation refers to SSA's full death master file, which is more comprehensive than the master death file. We will continue to monitor SSA's efforts in this area.

    Recommendation: To help FEMA prevent improper payments, the Administrator of FEMA should collaborate with SSA to assess the cost and feasibility of checking recipient SSNs against the Enumeration Verification System and the full death file to more accurately identify recipients who used Social Security numbers (SSNs) that were ineligible or belonged to likely deceased individuals, document the results of this assessment, and if determined to be cost-beneficial take steps to implement a partnership to use SSA data.

    Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency

  4. Status: Closed - Implemented

    Comments: We identified 1,322 individuals who received about $10.5 million from FEMA in Individuals and Households Program (IHP) assistance while flagged as being non-compliant with a flood-insurance requirement. However, in reviewing a non-generalizable sample of these individuals, FEMA determined that some of the individuals flagged as non-compliant in its system were, in fact, compliant with the requirement at the time of payment. FEMA acknowledged that the compliance flag in its system was unreliable because its value was overwritten with every new transaction, leaving no record of the value at the time payments were made. FEMA noted that this problem made it more difficult for FEMA to identify and correct systemic or individual performance errors in the event that case managers made errors in eligibility determinations. To help FEMA prevent improper payments, we recommended that FEMA redesign the compliance flag in the IHP system to clearly identify and document applicants' compliance with the National Flood Insurance Program requirements at the time when assistance for flood-related damage was provided through IHP. FEMA revised the compliance flag so that it allowed for data to be retained that would identify and document an applicant's compliance with the requirement at the time that assistance was provided through IHP. This change will allow FEMA to more reliably determine eligibility for IHP assistance based on compliance with flood-insurance requirements and enhance FEMA's ability to detect improper payments made to non-compliant IHP applicants.

    Recommendation: To help FEMA prevent improper payments, the Administrator of FEMA should, as part of updates to legacy systems, redesign the compliance flag in the IHP system to clearly identify and document applicants' compliance with the National Flood Insurance Program requirements at the time when assistance for flood-related damage was provided through IHP.

    Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency

  5. Status: Open

    Comments: FEMA continues to work to standardize the process for comparing information across programs. Estimated completion date is September 30, 2016.

    Recommendation: To facilitate more-effective data sharing with state-level partners and enhance FEMA's ability to prevent duplicative benefits, the Administrator of FEMA should, as part of its committee that is implementing enhanced data-sharing between Public Assistance and Individual Assistance programs, establish data-reporting requirements for states, including specific fields needed and a standard process for comparing information across programs, including IHP and Sheltering and Temporary Essential Power, to better position FEMA to evaluate such pilot programs and to help prevent potential duplicative payments.

    Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency

 

Explore the full database of GAO's Open Recommendations »

Sep 6, 2016

Aug 24, 2016

May 26, 2016

Apr 18, 2016

Mar 24, 2016

Mar 10, 2016

Feb 4, 2016

Sep 29, 2015

Mar 25, 2015

Feb 19, 2015

Looking for more? Browse all our products here