What GAO Found
By implementing new controls since the mid-2000s, the Federal Emergency Management Agency (FEMA) improved its ability to detect improper and potentially fraudulent payments, but GAO identified continued weaknesses in the agency's validation of Social Security numbers, among other things. As of August 2014, FEMA stated that it had provided over $1.4 billion in Hurricane Sandy assistance through its Individuals and Households Program (IHP)—which provides financial awards for home repairs, rental assistance, and other needs—to almost 183,000 survivors. GAO identified $39 million, or 2.7 percent, that was at risk of being improper or fraudulent, compared to 10–22 percent of similar assistance provided for Hurricanes Katrina and Rita. GAO identified payments as at-risk if they had characteristics indicating, for example, that ineligible recipients or duplication of assistance could be involved. However, it is not possible to determine whether these payments were definitively improper or fraudulent without inspecting each payment. FEMA officials reviewed GAO's findings and stated that at least $6.1 million of the $39 million were not improper or fraudulent, but GAO could not independently confirm their conclusions for each payment.
In February 2006, FEMA began using a tool to validate the identity of applicants during registration. FEMA also hired contractors to inspect damaged homes to verify the identity and residency of applicants and that reported damage was a result of Hurricane Sandy. However, in this review, GAO found 2,610 recipients with potentially invalid identifying information who received $21 million of the $39 million GAO calculated as potentially improper or fraudulent. GAO's analysis included data from the Social Security Administration (SSA) that FEMA does not use, such as SSA's most-complete death records. Collaborating with SSA prior to providing assistance could give FEMA additional information to further reduce its risk of assisting ineligible applicants.
FEMA and state governments faced challenges in obtaining the data necessary to help prevent duplicative payments from overlapping sources. For example, FEMA was unable to identify potentially duplicative rental-assistance payments to recipients of its Sheltering and Temporary Essential Power pilot program, in part because it did not request the necessary data from states at the program's outset. FEMA recently took steps to make data sharing among programs easier, including initiating a committee to explore ways to maintain and share relevant data needed to evaluate and help prevent potentially duplicative assistance in the future. In addition, FEMA relies on self-reported data from applicants regarding private home insurance—a factor the agency uses in determining benefits, as federal law prohibits FEMA from providing assistance for damage covered by private insurance. By examining data from entities that provide federally backed mortgages, GAO identified 534 individuals receiving over $2.3 million in home repair and personal property assistance who said they did not have private insurance but had mortgages that require such insurance. FEMA reviewed 55 cases and stated that 32 were likely appropriate because the assistance was for damage not covered by private insurance. However, the risk remains that some individuals may have received assistance from FEMA for ineligible expenses. Assessing a variety of methods to verify self-reported data would provide FEMA greater assurance that it has a cost-effective means of obtaining sufficiently accurate and reliable information.
Why GAO Did This Study
Hurricane Sandy struck the United States in October 2012, causing an estimated $65 billion in damages. FEMA provides assistance to survivors through IHP and other programs. Part of its mission is to provide assistance quickly, but GAO previously identified weaknesses in FEMA's ability to do so while protecting government resources. Moreover, GAO's 2006 reports on Hurricane Katrina and Rita showed that FEMA did not consistently validate the identity of applicants or inspect damaged properties.
GAO was asked to review the internal controls FEMA's IHP used in response to the storm. This report discusses (1) the extent to which FEMA implemented controls to help prevent IHP payments that are at risk of being improper or potentially fraudulent and (2) challenges FEMA and states faced obtaining information to help prevent IHP payments from duplicating or overlapping with other sources in its response to Hurricane Sandy.
GAO reviewed FEMA's records for assistance provided to the five states that received IHP following the storm, assessed FEMA's controls to prevent individuals from fraudulently receiving disaster assistance, and interviewed FEMA officials and selected officials from states impacted by the storm.
GAO recommends, among other things, that FEMA collaborate with SSA to obtain additional data, collect data to detect duplicative assistance, and implement an approach to verify whether recipients have private insurance. FEMA concurred with the recommendations.
Recommendations for Executive Action
|Federal Emergency Management Agency||To help FEMA prevent improper payments, the Administrator of FEMA should assess the cost and feasibility of addressing limitations in FEMA's control for identifying duplicate information in applications in high-risk data fields--such as SSN, bank-account information, address, and phone number--that may currently allow individuals or households to improperly receive multiple payments, and if determined to be costbeneficial take steps to address the system design limitation.|
|Federal Emergency Management Agency||To prevent assistance that duplicates homeowner insurance benefits, the Administrator of FEMA should evaluate options, including costs and feasibility, to identify an approach for verifying the accuracy of self-reported information FEMA receives on whether applicants have private homeowners insurance. Such options could include posing additional questions to applicants, sharing data with federal agencies to identify federally backed mortgages, or developing a data-sharing approach with private insurance companies.|
|Federal Emergency Management Agency||To help FEMA prevent improper payments, the Administrator of FEMA should collaborate with SSA to assess the cost and feasibility of checking recipient SSNs against the Enumeration Verification System and the full death file to more accurately identify recipients who used Social Security numbers (SSNs) that were ineligible or belonged to likely deceased individuals, document the results of this assessment, and if determined to be cost-beneficial take steps to implement a partnership to use SSA data.|
|Federal Emergency Management Agency||To help FEMA prevent improper payments, the Administrator of FEMA should, as part of updates to legacy systems, redesign the compliance flag in the IHP system to clearly identify and document applicants' compliance with the National Flood Insurance Program requirements at the time when assistance for flood-related damage was provided through IHP.|
|Federal Emergency Management Agency||To facilitate more-effective data sharing with state-level partners and enhance FEMA's ability to prevent duplicative benefits, the Administrator of FEMA should, as part of its committee that is implementing enhanced data-sharing between Public Assistance and Individual Assistance programs, establish data-reporting requirements for states, including specific fields needed and a standard process for comparing information across programs, including IHP and Sheltering and Temporary Essential Power, to better position FEMA to evaluate such pilot programs and to help prevent potential duplicative payments.|