Preventing Improper Payments: Lessons from Using Data Matching in Pandemic Relief Program Oversight
February 27, 2023
Preventing Improper Payments: Lessons from Using Data
Matching in Pandemic Relief Program Oversight
For the past several decades, data matching has enabled the
contracts to support PACE’s technology and data
use of government data to identify fraud, waste, abuse, and
infrastructure and its various analytic capabilities.
mismanagement in benefit programs. Data matching is the
comparison of different datasets to identify similarities in
PACE’s operation broadly enables data sharing and data
the records each dataset contains. Matches can be made
analytics across IGs and law enforcement and assists in
using one or more data elements, such as name, address,
investigations and audits of pandemic relief programs.
email, bank account number, internet protocol address, or
PACE is used to conduct data analysis, including data
Social Security number (SSN).
matching and network analysis, and to develop data
services, including natural language processing and risk
Oversight of federal funding for pandemic relief programs
modeling. PACE supports the investigative work of IGs and
is a recent demonstration of how data matching can be used
the PRAC Fraud Task Force by uncovering potential fraud
to detect improper payments. An improper payment is a
and investigating leads.
payment that should not have been made, either in its
entirety or in the wrong amount.
For instance, PACE matched Economic Injury Disaster
Loan (EIDL) and Paycheck Protection Program (PPP) data
The Pandemic Response Accountability Committee
from the Small Business Administration (SBA) to create
(PRAC) was established by the Coronavirus Aid, Relief,
fraud risk scores for both individuals and specific
and Economic Security (CARES) Act (P.L. 116-136) as
applications. PACE has also developed a model for the
part of the Council of the Inspectors General on Integrity
Department of the Treasury to score the risk associated with
and Efficiency (CIGIE). The PRAC is responsible for
79,000 prime and subrecipient awards to state and local
providing transparency and oversight of pandemic
governments under the Coronavirus Relief Fund (CRF).
programs and expenditures. Since 2020, oversight agencies,
Treasury has used these scores to focus its reviews on
including the PRAC, have identified tens of billions of
higher-risk CRF awards.
dollars of COVID relief funding that may have been
compromised by potential fraud, waste, or abuse.
A “Data Platform” for Oversight Is Not New. PACE is
modeled after practices developed by the Recovery
One way the PRAC has worked to detect improper
Accountability and Transparency Board’s Recovery
payments is through data matching using a “data platform”
Operations Center (ROC), which supported oversight of the
it developed. The chair of the PRAC testified that this data
American Recovery and Reinvestment Act of 2009 (P.L.
platform gives the PRAC access to more than 150 million
111-5). ROC demonstrated that the government could better
records to detect improper payments across a number of
detect improper payments through data matching.
pandemic relief programs.
A report from the Government Accountability Office stated
This In Focus discusses the data platform established by the
that preservation of ROC’s capabilities could help sustain
PRAC, the risk of improper payments in pandemic
oversight of federal expenditures in general. Although
programs, and how, according to the PRAC and agency
Congress authorized Treasury to take over ROC, it was
inspectors general (IGs), data matching can be used to
dissolved in 2015, effectively terminating the capacity and
prevent improper payments. There are several issues
expertise developed by ROC. While the PRAC is scheduled
Congress might consider on the use of data matching in
to sunset in 2025, PACE could become a long-term data
detecting and preventing improper payments.
platform for the IG community.
Pandemic Analytics Center of Excellence
Risk of Improper Payments in Pandemic Programs
The PRAC has the statutory authority to conduct and
Congress provided over $5 trillion for the response to the
support oversight of all pandemic spending across
COVID-19 pandemic and its consequences. The amount of
executive agencies. To support this role, the CARES Act
funding appropriated, the scope and complexity of key
extended to the PRAC the authority given to IGs, including
relief programs, and the focus on rapid disbursement of
to access agency records and request information to carry
funds to businesses and individuals all contributed to the
out its responsibilities (134 Stat. 537; 5 U.S.C. App. §6).
risk of improper payments for pandemic programs.
In August 2021, the PRAC established the Pandemic
Another risk factor for improper payments in some
Analytics Center of Excellence (PACE), a data platform
pandemic relief programs, such as the Pandemic
managed by the PRAC’s chief data officer in coordination
Unemployment Assistance (PUA) program, was the role of
with the chief information officer. CIGIE has issued several
states in their administration. According to the IG
https://crsreports.congress.gov
Preventing Improper Payments: Lessons from Using Data Matching in Pandemic Relief Program Oversight
community, some states were better prepared than others to
Similarly, the Department of Labor (DOL) IG has reported
implement pandemic programs with the appropriate
that matching data of unemployment insurance applicants
controls given the focus on rapid disbursement. States also
with existing databases on individuals in state and federal
depended on guidance from the administering federal
prisons could act as one fraud control mechanism.
agency to implement program operations and related
Incarcerated individuals may be ineligible for these
processes. Some observers have stated that such guidance
programs or the targets of identity thieves submitting
may have been unclear or insufficient, making it difficult
fraudulent claims. The DOL IG estimates that up to $98.3
for states to ensure program integrity.
million in CARES Act funding in 2020 for PUA was
fraudulently paid on applications that used incarcerated
It appears that there were some opportunities for individuals
individuals’ information.
and groups to intentionally defraud programs and take
advantage of the circumstances of relief program
Another source of existing data is the DNP system, which is
administration. One such opportunity was self-certification
governed by the Payment Integrity Information Act of 2019
of eligibility that required no verification or validation. It
(P.L. 116-35), which Congress passed to improve
has been suggested that given the scale of the programs,
government-wide payment integrity by requiring agencies
investigators will likely be identifying and pursuing
to review available databases with information on eligibility
pandemic program fraud for years to come.
before releasing funds. It ensured agency access to the DNP
system as one of those databases. The SBA IG used the
Lesson Learned: Using Data Matching to Prevent
DNP system retrospectively, matching data of EIDL
Improper Payments
recipients with records in DNP, and found that $3.65 billion
The PRAC published Lessons Learned in Oversight of
was distributed to potentially ineligible recipients between
Pandemic Relief Funds in June 2022 that details 10
March and November 2020. SBA did not originally use the
“lessons learned” from its oversight of pandemic relief
DNP system to mitigate the risk of improper payments.
programs. Several of these lessons suggest data matching
can be a tool for both detecting and preventing improper
Issues for Congress
payments. Specifically, the PRAC has asserted that:
Congress has empowered the PRAC to address improper
payments and to access and use data to carry out its
data matching with existing data should be used in
oversight of pandemic relief programs. Congress may
program administration to support determinations of
consider whether to extend the PRAC data platform’s
eligibility and to identify potential fraud, and
capabilities beyond pandemic programs for the IG
community.
validating information using data matching could reduce
the possibility of fraud and risk of improper payments.
Congress might consider how the benefits of operating a
data platform compare to its direct and intangible costs,
That is, in PRAC’s view, had data matching been used for
including risks to privacy and the security of the platform.
such purposes to administer pandemic relief programs from
This could include congressional oversight of how IGs are
the beginning, the risk of improper payments in pandemic
using the data platform that is enabled by their relatively
relief programs might have been mitigated.
broad access to agency data. Congress regulates how
agencies use the data they collect on individuals but has
Vast amounts of data already exist, which can be used in
been more open to IGs using data matching and may create
data matching to prevent improper payments. These
guardrails as IGs do more with their authority.
existing data may be sourced from databases maintained by
federal agencies or state governments or from private,
The work of the PRAC may also provide Congress a
nonprofit, or commercial providers. These data could be
springboard to explore more closely agencies’ data
matched with information supplied on an application to
capabilities to prevent improper payments. The Computer
verify the information and determine the eligibility of an
Matching and Privacy Protection Act (P.L. 100-503)
applicant for a benefit program. Examples include matching
establishes the requirements and processes by which
to validate SSNs, matching to prison records to detect
executive agencies may use data matching to administer
potential fraud, and matching to records in Treasury’s Do
benefit programs (see CRS Report R47325, Computer
Not Pay (DNP) system to verify an individual’s eligibility
Matching and Privacy Protection Act: Data Integration and
for federal benefit payments.
Individual Rights, by Natalie R. Ortiz). To try to minimize
improper payments in benefit programs, Congress might
In February 2023, for example, the PRAC issued a “fraud
examine how it can best facilitate data matching and
alert” involving SSNs that were not sufficiently verified by
examine whether current statutory mechanisms effectively
the SBA using Social Security Administration (SSA) data.
enable data matching in the way and on the scale it desires.
PACE identified $5.4 billion in potentially fraudulent PPP
and EIDL loan applications that used questionable SSNs by
Natalie R. Ortiz, Analyst in Government Organization and
matching such loan applications with SSA data. The PRAC
Management
stated that the SBA should have been required to access to
Ben Wilhelm, Analyst in Government Organization and
SSA data to verify the accuracy of SSNs used on PPP and
Management
EIDL applications.
IF12334
https://crsreports.congress.gov
Preventing Improper Payments: Lessons from Using Data Matching in Pandemic Relief Program Oversight
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to
congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress.
Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has
been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the
United States Government, are not subject to copyright protection in the United States. Any CRS Report may be
reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include
copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you
wish to copy or otherwise use copyrighted material.
https://crsreports.congress.gov | IF12334 · VERSION 1 · NEW