Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
December 10, 2024
Congressional Research Service
https://crsreports.congress.gov
R48296
Congressional Research Service
SUMMARY
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Improper payments—those that should not have been made or that were made for the wrong amount—are a long-standing concern for the federal government. Since FY2004, agencies have reported $2.7 trillion in improper payments, including $236 billion in FY2023. Fraud in pandemic relief spending, which is estimated to exceed $300 billion, contributed to the rapid increase in improper payments since FY2020.
In an effort to reduce improper payments, Congress passed a series of laws between 2002 and 2015 that were consolidated and replaced by the Payment Integrity Information Act of 2019 (PIIA, P.L. 116-117). PIIA requires executive branch agencies to assess the risk of significant improper payments for every program with outlays over $10 million. If a program is found to be risk-susceptible, the agency must publish in its annual financial statements an estimate of its improper payments, a corrective action plan, and annual reduction targets, among other things. PIIA also requires agencies to recapture overpayments through a recovery audit program when doing so is cost-effective. An agency is deemed noncompliant with PIIA if it fails to fulfill these requirements or reports an error rate of 10% or higher for any program.
Each year, dozens of programs with varied structures and purposes are deemed to be risk-susceptible. The amounts of improper payments, on the other hand, tend to be concentrated in the same five programs: Medicare, Medicaid, Unemployment Insurance, Supplemental Security Income, and the Earned Income Tax Credit. These programs have accounted for 76% (approximately $2.1 trillion) of improper payments reported since FY2004. Improper payment totals have increased in the past two decades in part because federal expenditures have increased significantly while error rates for many programs have not improved much, if at all. The Earned Income Tax Credit, for example, has reported an error rate of 23% or higher every year for 20 years, and the error rate for the Unemployment Insurance program was higher in FY2023 than it was in FY2004.
Improper payments have also increased in recent years in part due to more than $300 billion in fraudulent pandemic relief payments. Since FY2020, Congress has provided $4.5 trillion in emergency funds to mitigate the impacts of the COVID-19 virus. A number of agencies lacked effective pre-payment, post-payment, and fraud risk controls at the outset of the pandemic. Some agencies, in an effort to expedite disbursals, did not verify applicants’ identities or eligibility before issuing payments. Other agencies did not review payments in a timely manner to detect and recover fraud and other improper payments. Most agencies had inadequate fraud risk management plans in place prior to the pandemic and were unprepared to safeguard pandemic programs from increasingly sophisticated fraudsters.
Noncompliance with PIIA is widespread. Of the 24 agencies subject to the Chief Financial Officers Act, about half are not compliant with PIIA each year. The most common causes of noncompliance are reporting a program with an error rate above 10%—which 16 programs did in FY2023—reporting unreliable improper payments estimates, and performing inadequate risk assessments. Some agencies have been noncompliant for several years in a row. The Department of Defense has not reported valid improper payments estimates for 13 consecutive years, and the Department of Housing and Urban Development has not reported valid estimates for its two largest programs—which constitute two-thirds of its expenditures— for seven consecutive years.
Auditors have found that agencies do not always implement recovery audit programs when they should and sometimes do not provide adequate justification for not pursuing the collection of overpayments. In addition, PaymentAccuracy.gov, the primary source for government-wide improper payments data, has limited information on overpayments. Congress might benefit from having a central repository for a wider range of data, such as the amounts of overpayments waived by federal and state agencies each year and the amounts of overpayments that are outstanding at each agency.
There have been several improper payments bills introduced in recent years. Among the key provisions in these bills are requirements for agencies to deem any program with $100 million in expenditures as risk-susceptible, report on their implementation of fraud risk management best practices, include improper payments information with their budget materials, and identify the individual and office with the primary responsibility for reducing improper payments. Congress may also wish to consider requiring agencies to report on the percentage of “unknown payments” that are ultimately determined to be proper, improper, and fraudulent.
R48296
December 10, 2024
Garrett Hatch Specialist in American National Government
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service
Contents
Background ..................................................................................................................................... 1
Improper Payments Requirements ............................................................................................ 2
PIIA Requirements .............................................................................................................. 3
Ongoing Challenges with Payment Integrity................................................................................... 7
A Small Subset of Programs Account for Most Improper Payments ........................................ 7 Uneven Progress in Reducing Error Rates ................................................................................ 8
Error Rate Reductions ......................................................................................................... 8
Persistent Error Rates .......................................................................................................... 9
Noncompliance with PIIA ....................................................................................................... 10
Error Rates Above 10% .................................................................................................... 10 Unreliable Improper Payment Estimates .......................................................................... 10 Inadequate Risk Assessments ............................................................................................ 11
Recovery Audit Data Are Limited ........................................................................................... 12
Agencies May Not Adequately Justify Decision to Not Pursue Recoveries ..................... 12
Data on PaymentAccuracy.gov Are Limited ..................................................................... 13
Inadequate Controls over Pandemic Spending ........................................................................ 14
Lack of Prepayment Controls ........................................................................................... 15 Lack of Post-Payment Controls ........................................................................................ 15 Lack of Fraud Risk Management Plans ............................................................................ 16
Selected Legislative Proposals in the 118th Congress .................................................................... 17
The Improper Payments Transparency Act (H.R. 8342/S. 4661) ..................................... 17 The Enhancing Improper Payments Accountability Act (H.R. 8343) ............................... 17
The Safeguarding the Transparency and Efficacy of Payments Act (S. 2924) ................. 18 The Preventing Improper Payments Act (H.R. 877) ......................................................... 18
The Eliminating Fraud and Improper Payments in TANF Act (H.R. 7431) ..................... 19 The IRS Improper Payments Act (S. 1054) ...................................................................... 19
Concluding Observations .............................................................................................................. 19
Unknown Payments ................................................................................................................ 19 Uncollected Overpayments ..................................................................................................... 20
Figures
Figure 1. Government-Wide Improper Payments, FY2004-FY2023 .............................................. 2
Tables
Table 1. Risk-Susceptible Programs Sorted by Improper Payments Levels, FY2022 .................... 8
Contacts
Author Information ........................................................................................................................ 20
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 1
Background
Improper payments—those that should not have been made or were made in the wrong amount— have been a long-standing issue in the federal government. Between FY2004 and FY2023, federal agencies reported $2.7 trillion in improper payments.1 The amount of annual improper payments increased 413% during that time, growing from $46 billion to $236 billion in nominal dollars.2
There has been a notable increase in improper payments since FY2020, when the government initiated a $4.6 trillion spending initiative to mitigate the effects of the COVID-19 virus on public health and the economy. Hundreds of billions of dollars in pandemic funds have been lost to fraud3—a subset of improper payments—and billions more were accidentally sent to ineligible recipients, including $1.4 billion in stimulus payments sent to deceased individuals.4 As a consequence, agencies reported $971 billion in improper payments in the four years since the onset of the pandemic (FY2020-FY2023) as compared to $611 billion in the four years prior to the pandemic (FY2016-FY2019), a 59% increase.5 To put this in perspective, improper payments between FY2020 and FY2023 equaled roughly 1% of gross domestic product.6 Figure 1, below, shows the annual amounts of improper payments from FY2004 to FY2023.
The total amount of improper payments remains unknown because some agencies do not report valid estimates for every program that is susceptible to significant levels of improper payments, as required by the Payment Integrity Information Act (PIIA, P.L. 116-117). Moreover, a 2024 analysis of federal spending suggests that the government’s loss due to fraud—a subset of improper payments—may range from $233 billion to $521 billion each year.7 The total amount of improper payments therefore may be substantially higher than current estimates.
1 Government Accountability Office (GAO), Improper Payments: Information on Agencies’ Fiscal Year 2023 Estimates, GAO-24-106927, March 2024, p. 2, https://www.gao.gov/assets/d24106927.pdf.
2 GAO, Improper Payments: Information on Agencies’ Fiscal Year 2023 Estimates, p. 2.
3 CRS Report R47902, Improper Payments in Pandemic Assistance Programs, by Garrett Hatch and Natalie R. Ortiz.
4 GAO, COVID-19: Opportunities to Improve Federal Response and Recovery Efforts, GAO-20-625, June 2020, p. 26, https://www.gao.gov/assets/gao-20-625.pdf.
5 Department of the Treasury, PaymentAccuracy.gov, “FY2023 Payment Accuracy Dataset,” https://www.paymentaccuracy.gov/payment-accuracy-the-numbers/.
6 CRS analysis of data published by the St. Louis Federal Reserve Bank at https://fred.stlouisfed.org/series/GDP.
7 GAO, Fraud Risk Management: FY2018-FY2022 Data Show Federal Government Loses and Estimated $233 Billion to $521 Billion Annually to Fraud, Based on Various Risk Environments, GAO-24-105833, April 2024, p. 18, https://www.gao.gov/assets/gao-24-105833.pdf.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 2
Figure 1. Government-Wide Improper Payments, FY2004-FY2023
Source: GAO, Improper Payments: Information on Agencies’ Fiscal Year 2023 Estimates, GAO-24-106927, March 2024, p. 2, https://www.gao.gov/assets/d24106927.pdf.
Improper Payments Requirements
In 1997, the Comptroller General first identified improper payments as a weakness in the government’s consolidated financial statements.8 In response, the Government Accountability Office (GAO) coordinated with the Office of Management and Budget (OMB), agency inspectors general (IGs), and relevant federal agencies to assess the full scope of improper payments and implement appropriate remediation efforts.9 Building on this initiative, Congress passed the Improper Payments Information Act of 2002 (IPIA, P.L. 107-300). The IPIA required each executive branch agency to (1) assess each program for its risk of improper payments, (2) develop an estimate of the improper payment rate for risk-susceptible programs, and (3) report that estimate to Congress along with a description of the steps the agency plans to take to reduce its improper payments, beginning in FY2004.
Congress subsequently passed a series of laws to expand and enhance IPIA requirements, including the Improper Payments Enhancement and Recovery Act of 2010 (IPERA, P.L. 111- 204), the Improper Payments Enhancement and Recovery Improvement Act of 2012 (IPERIA, P.L. 112-248), and the Fraud and Data Analytics Act of 2015 (FRDAA, P.L. 114-186). Concerned that the multiplicity of improper payments statutes “lack(ed) sufficient coherence,” Congress repealed and replaced all of these laws with PIIA.10
8 GAO, 1997 Consolidated Financial Statements of the United States Government, March 1998, p. 10, https://www.gao.gov/assets/2021-03/fy97cfs.pdf.
9 GAO, 1997 Consolidated Financial Statements, p. 10.
10 U.S. Congress, Senate Committee on Homeland Security and Governmental Affairs, Payment Integrity Information Act of 2019, report to accompany S. 375, 116th Cong., 1st sess., S.Rept. 116-35, p. 3, https://www.congress.gov/ congressional-report/116th-congress/senate-report/35/1?outputFormat=pdf.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 3
PIIA Requirements
PIIA retained most of the key provisions of IPIA, IPERA, IPERIA, and FRDAA. It also required agencies to verify payments before issuing them and codified elements of OMB Memorandum M-15-02, Requirements for Effective Estimation and Remediation of Improper Payments.11 Key features are described below.
Risk Assessments
PIIA requires executive branch agencies to review all of their programs and activities (hereafter shortened to “programs”) at least every three years to determine if they are susceptible to significant levels of improper payments. PIIA defines significant as total improper payments that may have exceeded (1) $10 million and 1.5% of total program outlays or (2) $100 million. For the purposes of this report, programs that exceed the threshold for significant improper payments are referred to as “risk-susceptible.”
When assessing a program or activity, the agency must consider factors that may increase the risk of improper payments. These factors include:
• the complexity of the program;
• the volume of payments;
• whether the program is new to the agency;
• whether eligibility for the program is determined at the state or local level;
• whether there have been major changes in program funding, authorities, or procedures;
• the level of expertise of the personnel that make eligibility determinations or certify payments;
• significant deficiencies that might hinder accurate payment certification;
• accuracy and reliability of previously reported improper payment estimates; and
• risk of fraud as assessed by the agency under the Standards for Internal Control in the Federal Government.12
Improper Payments Estimates
Agencies must develop statistically valid estimates of improper payments for all risk-susceptible programs and report those estimates in their annual financial statements. An estimate must include both verified improper payments—where the agency has the data needed to confirm payments were made in the wrong amount or should not have been made at all—and “unknown payments,” where the agency lacks sufficient documentation to determine if the payment was proper or not. When an agency reports an error rate, the total includes unknown and known improper payments.
11 OMB, Memorandum M-15-02: Requirements for Effective Estimation and Remediation of Improper Payments, October 2014, https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2015/m-15- 02.pdf.
12 GAO, Standards for Internal Control in the Federal Government, GAO-14-704G, September 2014, https://www.gao.gov/assets/gao-14-704g.pdf.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 4
Corrective Action Plans
Each agency with a risk-susceptible program must provide a corrective action plan (CAP) that specifies the actions it is taking to reduce improper payments, including a description of the causes of improper payments, the steps it plans to take to achieve reductions, and an estimate of when those steps will be complete. The CAP must also include:
• a statement as to whether the agency has sufficient internal controls, human capital, and information systems to achieve significant reductions in improper payments;
• program-specific improper payments reduction targets that have been approved by OMB; and
• a description of the steps the agency is taking to ensure agency staff and state and local governments (where appropriate) are held accountable for meeting reduction targets and maintaining adequate internal controls.
Recovery Audit Reports
PIIA requires agencies to attempt to recapture overpayments—a process known as a recovery audit—for any program with outlays in excess of $1 million in a fiscal year if doing so would be cost-effective. An agency may conduct the recovery audit itself, use another federal agency, or contract with a private sector entity for the service. If an agency procures recovery audit services, the contractor must report periodically to the agency on the conditions that gave rise to overpayments and may provide recommendations on how to mitigate those conditions. The agency must, in turn, include in its annual financial statements a discussion of the steps it took to address the contractor’s recommendations.
The head of an agency has the authority to distribute recovered overpayments as follows:
• Not more than 25% of the total shall be used to carry out a financial management improvement program. The program must, as its first priority, address the problems that contribute to improper payments. As a secondary priority it may seek to reduce errors and waste in other agency programs and operations.
• Not more than 25% of the total shall be used for the same general purposes as the appropriation or fund from which the overpayment was made. Recovered overpayments that originated in trust funds must revert back to those accounts.
• Not more than 5% of the total shall be available to the agency IG to carry out the PIIA or to investigate improper payments or audit internal controls associated with improper payments.
• Amounts collected that are not used as discussed above shall be deposited in the Treasury as miscellaneous receipts, except for overpayments recovered from trust funds, which shall revert back to those accounts.
Each agency must include a discussion of its recovery audit programs in its annual financial statements, including the methods used to recover overpayments and the amounts of overpayments that were recovered, remain outstanding, and were determined to be uncollectible. The discussion must summarize how recovered overpayments have been distributed and how the agency is addressing the conditions that gave rise to improper payments. The financial statements must also include a justification for instances where (1) recovery audits were not implemented on the grounds that they would not be cost-effective or (2) funds were determined to be uncollectible. Fraud is an example of an overpayment that may be deemed uncollectible, as it is
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 5
unlikely that the recipient will repay that debt, and it is generally not possible to offset future payments.
High-Priority Programs
OMB is required to review all risk-susceptible programs and identify a list of “high-priority” programs. These programs are to be selected because they have the highest dollar value of improper payments, the highest improper payment rates (calculated as a percentage of outlays), or the highest risk of improper payments. OMB may identify a program as being high-priority based on any one those factors, which means a program that does not meet the threshold for “significant” improper payments may be added if its risk is deemed sufficiently high.
High-priority programs—which are responsible for 99% of the government’s improper payments each year—are subject to greater levels of oversight and review. For each high-priority program, OMB is required to work with the administering agency to establish semi-annual or quarterly actions for reducing improper payments. In addition, the administering agency must submit to OMB and its IG a report that describes the actions the agency has taken, and intends to take, to prevent and recover improper payments. OMB is required to make these reports available to the public online. Agency IGs must review each high-priority program and assess:
• the level of risk associated with each high-priority program,
• the quality of the improper payments estimates the agency developed, and
• the financial controls the agency has in place to prevent improper payments.
The IGs must submit to Congress any recommendations for improving agencies’ corrective action plans, risk assessments, or improper payments estimates.
Internal Controls
Under PIIA, agencies are required to implement internal controls that effectively prevent and detect improper payments. PIIA specifies that federal agencies, as well as state governments and contractors that administer federal funds, must use the Department of the Treasury’s Do Not Pay Initiative (DNP) prior to issuing payments or making awards. DNP allows a user to simultaneously check multiple databases to verify the eligibility or identity of a vendor, grantee, loan recipient, or beneficiary. Pre-payment reviews are generally considered essential internal controls, because identifying and attempting to recover improper payments after they are made— often referred to as the “pay and chase” approach—is inefficient and costly.13
PIIA also requires agencies to establish a fraud risk management framework that incorporates the standards and leading practices established by GAO in its publication A Framework for Managing Fraud Risks in Federal Programs.14 Under the framework, an agency must:
• create an organizational structure and culture conducive to fraud risk management. In particular, each agency should designate an entity to lead fraud risk management activities and ensure it has the resources to do so.
13 GAO, A Framework for Managing Improper Payments in Emergency Assistance Programs, GAO-23-105876, July 2023, p. 27, https://www.gao.gov/assets/830/827993.pdf.
14 GAO, A Framework for Managing Fraud Risks in Federal Programs, GAO-15-593SP, pp. 6-7, https://www.gao.gov/assets/gao-15-593sp.pdf.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 6
• plan regular fraud risk assessments and assess risks to determine fraud risk profiles. The assessments should be tailored to each program and should consider the suitability of existing controls.
• design and implement strategies with specific control activities to mitigate assessed fraud risks and collaborate to help ensure effective implementation. Strategies should focus on preventive control activities and involve both subject matter and data analysis experts.
• evaluate outcomes using a risk-based approach and adapt activities to improve fraud risk management. Agencies should collect and analyze data on potential and detected fraud and use the results to improve fraud management activities. Data analytic tools should be employed to the maximum extent possible.
PIIA required agencies to report on their progress in implementing the fraud risk framework for FY2019 and FY2020. That requirement has not been reimplemented since the statutory mandate expired.
Compliance
Each year, the IG of each agency must issue a report on whether the agency is compliant with PIIA requirements. OMB’s guidance15 to IGs clarifies that there are 10 requirements (listed in six items) that agencies must meet to be compliant with PIIA. Each agency must:
1a. publish payment integrity information with its annual financial statements;
1b. post its annual financial statement and accompanying materials on its website;
2a. conduct an improper payments risk assessment, at least once every three years, for each program with annual outlays greater than $10 million;
2b. adequately conclude whether assessed programs are likely to make improper payments and unknown payments above or below the statutory threshold;
3. publish in its annual financial statements any improper payment and unknown payment estimates for programs susceptible to significant improper payments;
4. publish in the materials that accompany its annual financial statement a corrective action plan for each risk-susceptible program;
5a. publish in the materials that accompany its annual financial statement an improper payment and unknown payment reduction target for each risk-susceptible program;
5b. demonstrate improvements to payment integrity for each risk-susceptible program;
5c. develop a plan to meet its improper payment and unknown payment reduction targets; and
6. report an improper payment estimate (inclusive of unknown payments) of less than 10% for each risk-susceptible program.
The compliance reports are to be submitted to Congress and posted on a public website. If an agency is found to be noncompliant with any of these requirements, the agency must submit a plan to the program’s authorizing and appropriations committees that describes the actions it will take to become compliant. If an agency is noncompliant for two consecutive fiscal years for the same program, the agency shall propose to OMB additional program integrity measures that
15 OMB, Appendix C to OMB Circular A-123: Requirements for Payment Integrity Improvement, M-21-19, March 2021, pp. 43-49, https://www.whitehouse.gov/wp-content/uploads/2021/03/M-21-19.pdf.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 7
would help the agency come into compliance, such as additional funding. If an agency is noncompliant for three consecutive years for the same program, the agency must submit to the program’s authorizing and appropriations committees a list of proposed statutory changes necessary to bring the program into compliance. If an agency is noncompliant for four or more consecutive years for the same program, it must submit a report to the program’s authorizing and appropriations committees on the actions it has taken to address the causes of noncompliance, additional steps it intends to take to come into compliance, and a timeline for completing those steps.
Ongoing Challenges with Payment Integrity
The scale and near constant growth of improper payments, as shown in Figure 1, reflect several factors. First, although payment integrity issues are widespread, a small number of programs account for a large majority of total improper payments. In addition, while the error rates for some risk-susceptible programs have improved over time, a number of programs with tens of billions of dollars in annual outlays have shown virtually no improvement. Moreover, about half of the 24 largest federal agencies16—which account for 99% of improper payments17—are noncompliant with PIIA in most years, and many agencies have not implemented effective internal controls to prevent and detect fraud. Auditors have also identified concerns with agency recovery audit practices, noting that some agencies have declined to pursue overpayments without providing adequate justification. Unless footnoted, all data come from the PaymentAccuracy.gov website, which was established jointly by the Department of the Treasury, OMB, and the Department of Justice.
A Small Subset of Programs Account for Most Improper Payments
Payment integrity issues are widespread in that they are not confined to programs or agencies that fit a particular profile. In FY2022, for example, 18 agencies reported $247 billion in improper payments for 82 risk-susceptible programs.18 Some of these programs were administered entirely by federal agencies and others jointly with state and local governments. They provided different forms of assistance, such as grants, contracts, loans, and loan guarantees. They included mandatory and discretionary spending, programs newly created during the pandemic, and programs that had been in place for decades. Their objectives were as varied as building highways, paying military pensions, and providing food benefits to low-income families.
However, by sorting these programs into groups based on their levels of improper payments, it becomes apparent that a relatively small number of programs account for a large percentage of improper payments. As Table 1 shows, of the 82 risk-susceptible programs identified in FY2022, 18 reported at least $1 billion in improper payments, accounting for just under 96% of all improper payments that year.
16 The Chief Financial Officers Act of 1990 (P.L. 101-576), required financial management reforms at each executive department and “major executive agency.” Today, 24 departments and agencies are subject to the act and are sometimes collectively referred to as “major agencies.”
17 GAO, Improper Payments: Information on Agencies’ FY2023 Improper Payments Estimates, p. 14.
18 GAO, Improper Payments: Fiscal Year 2022 Estimates and Opportunities for Improvement, GAO-23-106285, March 2023, p. 7, https://www.gao.gov/assets/gao-23-106285.pdf.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 8
Table 1. Risk-Susceptible Programs Sorted by Improper Payments Levels, FY2022
Level of Improper Payments Number of Programs Improper Payments
Percentage
of Total
Improper Payments
Less than $100 million 40 $1.1 billion 0.4%
$100 million to less than $1 billion 24 $9.5 billion 3.8%
$1 billion or more 18 $236.4 billion 95.8%
Source: GAO, Improper Payments: Fiscal Year 2022 Estimates and Opportunities for Improvement, GAO-23-106285, March 2023, pp. 32-35, https://www.gao.gov/assets/gao-23-106285.pdf.
While FY2022 was not a “typical” year in that the data include improper payments related to pandemic spending, longitudinal data show the same pattern: A small number of programs have accounted for a large percentage of total improper payments over the past 20 years. Of the $2.7 trillion in improper payments that agencies reported between FY2004 and FY2023, approximately $2.1 trillion (76%) were from five programs: Medicare, Medicaid, the Earned Income Tax Credit (EITC), Unemployment Insurance (UI), and Supplemental Security Income (SSI). Improving payment integrity in these programs, which had combined outlays exceeding $1.5 trillion in FY2023, is likely a necessary step to achieving significant reductions in annual improper payments.
Improper payments in Medicare and Medicaid have garnered particular attention from stakeholders not only for their scale—the two programs reported a total of $100 billion in improper payments in FY2023—but also because of the impact improper payments have on beneficiaries. Improper payments, by misallocating resources, reduce the ability of these programs to provide adequate health care to those who rely on them, including low-income children, the elderly, and the disabled.19 Moreover, improper payments in Medicare reduce the longevity of the Hospital Insurance Trust Fund—the source of Medicare’s funding—which trustees estimate will be depleted in 2036.20
Uneven Progress in Reducing Error Rates
Improper payment amounts are estimated by applying the percentage of improper payments in a program—its error rate—to its total expenditures. While some programs have reduced their error rates over time, federal improper payments continue to increase, primarily due to the lack of progress in reducing error rates in high-priority programs, increased federal expenditures, and the mismanagement of emergency funding.
Error Rate Reductions
A few high-priority programs have significantly reduced their error rates. The error rate for the School Lunch program decreased from 16.3% in FY2004 to 2.4% in FY2023, and the error rate for the Pell Grant program declined from 4.9% in FY2008 to 2.8% in FY2023. Had those error rates remained at their initial levels, School Lunch would have reported $3.2 billion more in improper payments in FY2023 alone and Pell Grants an additional $543 million.
19 GAO, Medicare and Medicaid: Additional Actions Needed to Enhance Program Integrity and Save Billions, GAO- 24-107487, April 2024, pp. 2-3, https://www.gao.gov/assets/gao-24-107487.pdf.
20 Treasury, “Fact Sheet: 2024 Social Security and Medicare Trustees Report,” p. 1, https://home.treasury.gov/system/ files/136/TR-2024-Fact-Sheet.pdf.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 9
Medicare, one of the largest programs the government administers both in terms of the number of beneficiaries (66 million)21 and outlays ($789 billion in FY2023), is comprised of three component programs: Fee-for-Service (FFS), Medicare Advantage (Part C), and Prescription Drug Benefits (Part D). There is no single error rate reported for Medicare. FFS, Part C, and Part D each report their own error rates, and each is designated a high-priority program. The error rates for both FFS and Part C—which accounted for 89% of Medicare payments in FY2023— have moderately improved since they were first reported. The error rate for FFS decreased from 10.1% in FY2004 to 7.4% in FY2023, and Part C’s error rate decreased from 10.6% in FY2008 to 6.0% in FY2023. Part D’s error rate increased from 3.2% in FY2011 to 3.7% in FY2023. Improper payments for all three components increased even as the error rates for FFS and Part C decreased because of the rapid growth in Medicare outlays—federal spending on Medicare increased 60% ($355 billion) between FY2012 and FY2022.22 While the three Medicare components each report error rates below 10%—PIIA’s standard for compliance—significantly reducing total Medicare improper payments will require additional action.
Persistent Error Rates
Many high-priority programs have not shown significant, sustained improvement in their error rates over time. In some cases, the error rate for a program decreased steadily for years before increasing again, often exceeding the initial error rate. For example, in FY2004, the Supplemental Nutrition Assistance Program reported an error rate of 6.6%, which steadily declined until it reached 3.8% in FY2011. The error rate remained below 4.0% for five consecutive fiscal years, then grew quickly, reaching 6.8% in FY2019 and 11.6% in FY2023. Similarly, the error rate for the Children’s Health Insurance Program declined from 14.7% in FY2008 to 6.5% in FY2014, and then increased steadily until reaching 15.8% in FY2019. These two examples suggest that improving payment integrity is not a task that is finished once a program’s error rate reaches a certain level; rather, it is a process that must be constantly evaluated and revised.
The error rates for other high-priority programs have shown little or no improvement over time. In FY2004, EITC reported an error rate of 24.5% and improper payments of $9.7 billion. During the following 19 years EITC’s error rate never fell below 23.4%, and in FY2023 it was reported at 33.9% with $21.9 billion in improper payments. Similarly, the UI program reported an initial error rate of 10.3% and $3.9 billion in improper payments in FY2004. UI’s error rate did not fall below 9.9% during the following 19 fiscal years and peaked at 22.2%. In FY2023, UI reported an error rate of 16.7% with improper payments of $4.6 billion.
While arguably low, the error rate for the Old Age, Survivors, and Disability Insurance (OASDI) program, which had outlays of $1.3 trillion in FY2023, has increased somewhat over time. In FY2004, the error rate for OASDI was 0.32% with improper payments of $1.7 billion, and in FY2023 it was 0.66% with $8.3 billion in improper payments. OASDI arguably has effective payment integrity measure in place given that its error rate has remained below 1% every year for the past 20 years. However, it is a high-priority program due its expenditure levels—at $1.3 trillion, a 0.1% change in OASDI’s error rate would result in a $1.3 billion increase or decrease in improper payments.
21 GAO, Medicare and Medicaid, p. 2.
22 GAO, Medicare and Medicaid, p. 5.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 10
Noncompliance with PIIA
As aforementioned, noncompliance with PIIA is widespread among the 24 agencies covered by the Chief Financial Officers Act. In the 12-year span from FY2011 to FY2022, a majority of these agencies were noncompliant with PIIA eight times. A number of agencies were noncompliant at least 10 of those 12 years: the Departments of Agriculture, Defense (DOD), Health and Human Services (HHS), Homeland Security, Housing and Urban Development (HUD), Labor (DOL), Treasury, and Veterans Affairs (VA), as well as the Small Business Administration (SBA) and the Social Security Administration (SSA). Agencies are most commonly found noncompliant because they report error rates above 10%, publish unreliable improper payments estimates, and perform inadequate risk assessments.
Error Rates Above 10%
The most common cause of PIIA noncompliance most years is reporting an error rate above the 10% threshold. In FY2022, for example, seven agencies reported a total of eight programs with error rates above the threshold, and in FY2023 six agencies reported a total of 12 programs with error rates above it. As the data suggest, in most years, one or more agencies report multiple programs with error rates above 10%, although the agencies vary from year to year. For example, four agencies reported multiple programs with noncompliant error rates in FY2023—Labor, SBA, Treasury, and VA—while in FY2016 three agencies reported multiple programs with noncompliant error rates—Agriculture, HHS, and VA. While it is not common, agencies sometimes report multiple programs with noncompliant error rates for extended periods of time. Treasury has reported error rates above 10% every year since FY2019 for the American Opportunity Tax Credit, the Additional Child Tax Credit, and the EITC.
Unreliable Improper Payment Estimates
Agencies are required to report reliable improper payments estimates under PIIA. If an agency uses an unreliable methodology for estimating its improper payments, or does not report an estimate at all, it is deemed noncompliant.
Developing unreliable estimates is a long-standing problem that affects multiple programs at some agencies. In FY2023, DOD, SBA, and the Department of Education each reported unreliable estimates for multiple risk-susceptible programs. DOD reported unreliable estimates for all eight of its risk-susceptible programs for the 13th consecutive year due to a range of problems with its methodology and data quality.23 SBA reported unreliable improper payments estimates for five programs with nearly $100 billion in outlays—Disaster Assistance Loans, COVID Economic Injury Disaster Loans (COVID-EIDL), EIDL Advance, Paycheck Protection Program (PPP) loan forgiveness, and PPP Loan Guarantee Purchases24—and the Department of Education reported unreliable estimates for five of its own risk-susceptible programs.25
23 DOD Office of Inspector General (OIG), Audit of the Department of Defense’s Compliance with Payment Integrity Information Act Requirements, May 2024, p. 8, https://media.defense.gov/2024/May/23/2003471693/-1/-1/1/DODIG- 2024-088%20SECURE.PDF.
24 SBA OIG, Independent Auditor’s Report on SBA’s FY2023 Compliance with the Payment Integrity Information Act of 2019, May 2024, p. 4, https://www.sba.gov/sites/default/files/2024-05/SBA%20OIG%20Report%2024-16.pdf.
25 Department of Education OIG, U.S. Department of Education’s Compliance with the Payment Integrity Information Act Requirements for FY2023, May 2024, p. 22, https://www.oversight.gov/sites/default/files/documents/reports/2024- 05/FY24-A24NY0157-52324v100508SECURED.pdf.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 11
Some agencies do not report improper payments estimates at all for some of their risk-susceptible programs, including programs with significant outlays. FY2023 marked the seventh consecutive year that HUD did not report estimates for the Project-Based Rental Assistance program or the Public Indian Housing—Tenant Based Rental Assistance program, which account for roughly two-thirds ($45 billion) of HUD’s expenditures.26 Similarly, DOL did not report an estimate for the Pandemic Unemployment Assistance program until FY2023, even though the program began operating in March 2020. DOL ultimately reported an error rate of 35.9% for this program, with $43.5 billion in improper payments.
HHS did not report an error rate for Temporary Assistance for Needy Families (TANF) in FY2023 because it says it did not have the authority to require states to submit the data needed to estimate and report on improper payments.27 The lack of adequate data to assess TANF has been a concern for more than two decades,28 and the inability to estimate and report on improper payments in TANF, which had $13.9 billion in federal expenditures in FY2023,29 represents a fiscal risk to the government.
Inadequate Risk Assessments
PIIA requires agencies to assess each program every three years and conclude whether it is susceptible to significant levels of improper payments. If an agency does not perform timely assessments, or incorrectly concludes that a program is not risk-susceptible, then some improper payments may escape detection for years. Moreover, excluding programs from PIIA requirements limits oversight of improper payments and prevents the full scope of the problem from being known.
In FY2023, Treasury was found noncompliant with PIIA in part because it incorrectly concluded that Emergency Rental Assistance (ERA), a $45 billion pandemic-era program, was not susceptible to significant levels of improper payments. Auditors noted that Treasury looked at ERA payments only at the federal level and did not take into account the risk associated with payments made by state agencies and grantees.30 Similarly, DHS was found to be noncompliant with PIIA in FY2022 because it incorrectly concluded that the Funeral Assistance Program was not risk-susceptible even though auditors at both DHS and GAO rated the program as highly susceptible to improper payments.31
HHS was found noncompliant with PIIA in FY2023, in part for failing to perform a risk assessment for each program at least once every three years, although the auditor did not specify how many programs had not been assessed as required.32
26 HUD OIG, HUD Did Not Comply with the Payment Integrity Information Act of 2019, May 2024, p. 3, https://www.hudoig.gov/sites/default/files/2024-05/2024-fo-0006-1_508.pdf.
27 GAO, Improper Payments: Key Concepts and Information on Programs with High Rates or Lacking Estimates, GAO-24-107482, June 2024, p. 3, https://www.gao.gov/assets/gao-24-107482.pdf.
28 GAO, TANF and Child Care Programs: HHS Lacks Adequate Information to Assess Risk and Assist States in Managing Improper Payments, June 2004, p. 1, https://www.gao.gov/assets/gao-04-723-highlights.pdf.
29 HHS, FY2023 Federal TANF and State MOE Financial Data, p. 6, https://www.acf.hhs.gov/sites/default/files/ documents/ofa/fy2023_tanf_and_moe_financial_data_table-final.pdf.
30 Treasury OIG, Audit of Treasury’s Compliance with the PIIA Requirements for Fiscal Year 2023, May 2024, p. 11, https://oig.treasury.gov/system/files/2024-10/OIG-24-029%20%28508%2C%20Secured%29.pdf.
31 DHS OIG, DHS’ Fiscal Year 2022 Compliance with the Payment Integrity Information Act of 2019, May 2023, p. 2, https://www.oig.dhs.gov/sites/default/files/assets/2023-05/OIG-23-25-May23.pdf.
32 HHS OIG, Department of Health and Human Services Met Many Requirements, but It Did Not Fully Comply with (continued...)
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 12
Some newly created programs are not assessed for improper payments in a timely manner. Agencies have the option to wait until a program has a full year of expenditure data before performing its initial assessment. A new program may begin issuing payments mid-year, which means an agency may opt to perform an initial risk assessment after the end of the subsequent fiscal year. If the program is determined to be risk-susceptible, then the program would begin reporting in its third fiscal year. At the same time, the risk of significant improper payments may be elevated for new programs because federal and state staff are unfamiliar with program requirements and internal controls. When new programs have substantial expenditures, there is increased risk to the government of significant levels of improper payments being undetected for years.
Recovery Audit Data Are Limited
In FY2023, agencies reported $175 billion in overpayments, and in FY2022, they reported $200 billion in overpayments. Recovery auditors identify overpayments by examining payment data for indications of potential improper payments, such as duplicate payments, errors on invoices, payments for items not received, errors in calculating payment amounts, or failure to reduce payments by applicable discounts, rebates, or credits. Strategies that agencies commonly employ to recover overpayments include offsetting other federal payments, establishing a payment plan, direct billing, garnishing wages, and referring overpaid individuals to credit bureaus or law enforcement agencies. Agencies must refer non-tax debts that are 120 days delinquent to Treasury for collection.33 Recovery audits take time to implement and in many cases result in long-term repayment plans. The amount of recoveries reported in a given year therefore are not entirely from overpayments made that year; they include recovery of overpayments from prior years as well.
In some cases, agencies may establish recovery audits but choose not to pursue some of the overpayments. An agency may waive an overpayment when the debtor may not be able to repay the amount owed, the debtor cannot be located, the debtor has received a waiver, or the debt was discharged in bankruptcy, among other reasons. Also, agencies may waive non-fraud overpayments for certain programs, such as UI34 and SSI,35 if requiring repayment of the debt would go against “equity and good conscience” or otherwise defeat the purpose of the law. State agencies may also have the authority to waive overpayments in some instances.
Auditors have found that agencies do not always provide adequate justification for not deciding to not implement recovery audits. In addition, the information on PaymentAccuracy.gov might be expanded and enhanced to ensure that Congress and the public can easily access and understand government-wide overpayments data.
Agencies May Not Adequately Justify Decision to Not Pursue Recoveries
Agencies do not always provide well-documented justifications for not implementing recovery audit programs. In some cases, agencies may underestimate the potential returns on recovery
the Payment Integrity Information Act of 2019 and Applicable Improper Payment Guidance for FY2023, May 2024, p. 5, https://oig.hhs.gov/documents/audit/9891/A-17-24-52000.pdf.
33 Treasury, “Treasury Offset Program: Frequently Asked Questions for Federal Agencies,” https://fiscal.treasury.gov/ top/faqs-for-federal-agencies.html.
34 5 C.F.R. §845.391, https://www.ecfr.gov/current/title-5/chapter-I/subchapter-B/part-845/subpart-C.
35 20 C.F.R. §416.554, https://www.ssa.gov/OP_Home/cfr20/416/416-0554.htm.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 13
audits, either by not having adequate cost-benefit analyses performed or by failing to consider evidence showing that the amount of improper payments is higher than initially believed.
In April 2022, SBA announced it would end collections on delinquent PPP loans that were under $100,000.36 SBA justified this decision by arguing that it would not be cost-effective to attempt to collect on the loans.37 By December 2022, SBA had charged-off 203,101 PPP loans totaling $7.3 billion.38 Under pressure from the SBA OIG, who argued that the agency’s decision was not justified because it did not perform an adequate cost-benefit analysis on collecting debt for either program,39 SBA hired a contractor to determine if a PPP loan recovery audit would be cost- effective. In December 2023, SBA reversed its position and announced it would refer delinquent PPP loans of $100,000 or less to Treasury for collection.40
In another example, the Treasury Department did not implement recovery audits for three programs in FY2023—ERA, Air Carrier Payroll Support, and the Homeowners Assistance Fund—on the grounds that those programs were not likely to make significant improper payments and therefore recovery activities would not be cost-effective. According to auditors, Treasury did not sufficiently justify this decision because it did not take into account new information that indicated those programs might be risk-susceptible.
Data on PaymentAccuracy.gov Are Limited
PaymentAccurcacy.gov does not include information that might be useful to Congress for conducting oversight. Notably, PaymentAccuracy.gov does not explain why agencies do not attempt to recover hundreds of billions in overpayments. For example, agencies reported $375 billion in overpayments for FY2022 and FY2023 combined but identified only $85 billion (23%) for recapture. There is no explanation for why agencies are not pursuing the $290 billion in overpayments made in those two years. Moreover, the government’s recovery rate for overpayments excludes overpayments that agencies are not going to pursue; it measures total recoveries in a year as a percentage of overpayments identified for recovery. In FY2023, for example, agencies recovered $26 billion and identified $34 billion for recapture, producing a recovery rate of 76%. Comparing $26 billion in recoveries to the total amount of overpayments in FY2023 ($175 billion), however, yields a recovery rate of 15%.
Some of the gap between total overpayments and overpayments identified for recapture might be due to waivers, but PaymentAccuracy.gov does not provide that information. Among the limited available data agencies included in their FY2023 financial reports, SSA issued waivers for $251 million in SSI and OASDI overpayments,41 and DOL waived $218 million in overpayments for non-pandemic UI payments, which represented 10% of total UI overpayments that year.42 It is not
36 SBA OIG, SBA’s Guaranty Purchases for Paycheck Protection Program Loans, September 2023, pp. 1-2, https://www.sba.gov/sites/sbagov/files/2022-09/SBA%20OIG%20Report%2022-25.pdf.
37 SBA OIG, SBA’s Guaranty Purchases, September 2023, p. 2.
38 SBA OIG, SBA’s Guaranty Purchases for Paycheck Protection Program Loans, July 2024, p. 4, https://www.oversight.gov/sites/default/files/documents/reports/2024-07/SBA-OIG-Report-24-20.pdf.
39 SBA OIG, Ending Active Collections on Delinquent COVID-19 Economic Injury Disaster Loans, September 2023, pp. 3-4, https://www.sba.gov/sites/default/files/2023-09/SBA%20OIG%20Report%2023-16.pdf.
40 SBA OIG, SBA’s Guaranty Purchases, July 2024, p. 3.
41 SSA, “Overpayment Waivers for Old Age, Survivors, and Disability Insurance and Supplemental Security Income Programs as Required by the Bipartisan Budget Act of 2015, Fiscal Year 2023,” p. 6, https://www.ssa.gov/legislation/ Agency%20Annual%20Overpayment%20Waivers%20Report%20FY2023.pdf.
42 GAO, COVID-Relief: SBA and DOL Should Improve Processes to Identify and Recover Overpayments, GAO-25- 106199, November 2024, p. 45, https://www.gao.gov/assets/gao-25-106199.pdf.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 14
known how often auditors assess the use of waivers, particularly at the state level. The DOL OIG recently noted that state agencies had waived $4.8 billion in overpayments from three unemployment programs established during the pandemic—Pandemic Unemployment Assistance, Pandemic Emergency Unemployment Compensation, and Federal Pandemic Unemployment Compensation—and that in doing so states may have unintentionally waived fraudulent payments.43
PaymentAccuracy.gov also does not provide information on the total amounts of overpayments outstanding and charged off for each program and agency each fiscal year. DOL, for example, reported $55.8 billion in UI overpayments between March 2020 and March 2023 and had recovered $6.8 billion (12%) by May 2023.44 SSA recovered $4.9 billion in SSI and OASDI overpayments in FY2023 and had $23 billion in overpayments outstanding at the end of that fiscal year.45
Inadequate Controls over Pandemic Spending
The relatively steep increase in improper payments since FY2020 is largely the result of underlying fraud in pandemic spending, which is estimated to exceed $300 billion.46 Emergency funding—such as that appropriated in the Coronavirus Aid, Relief, and Economic Security Act (CARES Act, P.L. 116-36)—has long been known to be susceptible to significant levels of improper payments, especially fraud.47 When agencies have to establish new programs or quickly scale up existing ones, they often do not develop and implement adequate internal controls to prevent and detect improper payments.48 Due to the impetus to expedite payments, the federal and state agencies that administer federal emergency funds may bypass prepayment verification controls, thereby increasing the risk of fraud.49 Pandemic fraud might have been mitigated had more federal agencies implemented effective fraud prevention and detection controls, as required by FRDAA and then PIIA. However, auditors have determined that many agencies had not done so prior to the onset of the pandemic.50
43 DOL OIG, “OIG Oversight of the Unemployment Insurance Program,” https://www.oig.dol.gov/ doloiguioversightwork.htm.
44 GAO, Unemployment Insurance: Estimated Amounts of Fraud During the Pandemic Likely Between $100 Billion and $135 Billion, GAO-23-106696, p. 27, https://www.gao.gov/assets/gao-23-106696.pdf.
45 SBA OIG, Preventing, Detecting, and Recovering Improper Payments, July 2024, p. 2, https://oig.ssa.gov/assets/ uploads/072401.pdf.
46 SBA OIG, COVD-19 Pandemic EIDL and PPP Loan Fraud Landscape, June 2023, p. 8, https://www.sba.gov/sites/ default/files/2023-06/SBA%20OIG%20Report%2023-09.pdf; Pandemic Response Accountability Committee (PRAC), Why Unemployment Fraud Surged During the Pandemic, April 2024, p. 1, https://www.oversight.gov/sites/default/ files/documents/reports/2024-04/Why-Unemployment-Insurance-Fraud-Surged-During-Pandemic.pdf.
47 GAO, Catastrophic Disasters: Enhanced Leadership, Capabilities, and Accountability Controls Will Improve the Effectiveness of the Nation’s Preparedness, Response, and Recovery Systems, GAO-06-618, September 2006, p. 8, https://www.gao.gov/assets/gao-06-618.pdf.
48 GAO, Emergency Relief Funds: Significant Improvements Needed to Address Fraud and Improper Payments, GAO- 23-106556, February 2023, p. 17, https://www.gao.gov/assets/gao-23-106556.pdf.
49 PRAC, Fraud Alert Follow-Up: Improved Sharing of Death Records and Use of Do Not Pay System Would Strengthen Program Integrity and Better Protect the Public, May 2023, p. 2, https://www.pandemicoversight.gov/ media/file/do-not-pay-fraud-alert-follow.
50 GAO, Emergency Relief Funds, February 2023, p. 12.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 15
Lack of Prepayment Controls
Several agencies, in order to expedite the disbursal of pandemic funds, allowed applicants to self- certify their eligibility for pandemic assistance. SBA did not verify the information that applicants provided when they sought loans from two of the largest pandemic programs: EIDL and PPP. Michael Horowitz, the IG for the Department of Justice and the chair of Pandemic Response Accountability Committee, said the lack of verification directly contributed to the $200 billion of estimated fraud in the EIDL and PPP programs:
If you open up the bank window and say, give me your application and just promise me you are who you say you are, you attract a lot of fraudsters, and that’s what happened here.51
Similarly, many of the state agencies that determine UI eligibility allowed claimants to self- certify their applications for pandemic unemployment assistance, contributing to the loss of between $100 billion and $135 billion in program funds due to fraud.52
Contractors that issued pandemic payments on behalf of federal agencies also lacked effective pre-payment controls. The Health Resources and Services Administration (HRSA), a component of HHS, managed the Uninsured Program, which reimbursed health care providers for provision of COVID-19-related services to uninsured individuals. A contractor was responsible for confirming that a patient did not have insurance prior to reimbursing a provider. The contractor, however, tried to verify a patient’s insurance status only when the provider submitted a Social Security number. If no such number was provided, the contractor automatically issued a payment.53 According to auditors, 92% of all claims that HRSA paid in FY2022 were automatic (unverified) because Social Security numbers were not provided. Due largely to weaknesses in pre-payment eligibility assessments, the Uninsured Program issued an estimated $784 million in improper payments, the equivalent of a 19% error rate.54
Lack of Post-Payment Controls
Post-payment controls, such as reviewing supporting documentation and payment data, are fundamental tools for detecting and recovering improper payments. However, some agencies did not establish and implement effective post-payment controls in a timely manner. For example, the CARES Act, enacted in March 2020, established both the ERA program at Treasury and the Provider Relief Fund, a HRSA-managed program that reimbursed health care providers for costs associated with diagnosing, testing, or treating the COVID-19 virus. Twenty months after the CARES Act was passed, Treasury had issued more than $28 billion under ERA but had not established post-payment procedures to verify the eligibility and accuracy of payments to renters and identify and recover overpayments.55 Similarly, by September 2021, HRSA had issued over
51 Associated Press, “The Great Grift: How Billions in COVID-19 Relief Aid Was Stolen or Wasted,” June 12, 2023, https://www.cbsnews.com/philadelphia/news/the-great-grift-five-things-to-know-about-how-covid-19-relief-aid-was- stolen-or-wasted-3/.
52 GAO, Unemployment Insurance, p. 17.
53 HHS OIG, HRSA Made COVID-19 Uninsured Program Payments to Providers on Behalf of Individuals Who Had Health Insurance Coverage and for Services Unrelated to COVID-19, July 2023, p. 9, https://oig.hhs.gov/oas/reports/ region2/22101013.pdf.
54 HHS OIG, HRSA Made COVID-19 Uninsured Program Payments, p. 7.
55 GAO, COVID-19: Significant Improvements Are Needed for Overseeing Relief Funds and Leading Responses to Public Health Emergencies, GAO-22-105291, p. 3, https://www.gao.gov/assets/gao-22-105291.pdf.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 16
$132 billion from the Provider Relief Fund but had not developed plans to identify or recover overpayments.56
State agencies that implemented federal pandemic programs also did not implement effective post-payment controls. DOL’s Employment and Training Administration, which oversees federal funds for UI, issued guidance in May 2020 that required states to detect overpayments by cross- matching the eligibility data provided by beneficiaries with employment and income data sources.57 The DOL IG determined that 40% of state agencies did not perform the required post- payment cross-matches.58
Lack of Fraud Risk Management Plans
The FRDAA required agencies to begin implementing the standards and leading practices of the GAO fraud risk management framework in 2016 and report on their progress in implementing the framework through FY2020. The lack of progress in implementing fraud risk controls since 2016 meant some agencies “were not adequately prepared to prevent fraud when the pandemic began.”59
Under the framework, each agency is required to identify or create an office to lead its fraud risk management activities. SBA did not establish its Fraud Risk Management Board until April 2022,60 and DOL had not designated an anti-fraud entity by January 202361—although it subsequently designated its chief financial officer (CFO) to serve as its improper payments coordinator.62 Additionally, agencies must perform fraud risk assessments for new programs as soon as possible to identify vulnerabilities in program operations. SBA did not complete its fraud risk assessments for two newly created pandemic programs, PPP and EIDL, until October 2021, when PPP had already stopped accepting applications and two months before EIDL would follow suit.63
State agencies also lacked effective fraud risk management plans. The California Employment Development Department was required by state law to review its anti-fraud policies annually, but it had not done so between January 2016 and January 2021.64 As a consequence, the agency relied
56 GAO, COVID-19: Additional Actions Are Needed to Improve Accountability and Program Effectiveness of Federal Response, GAO-22-105051, October 2021, p. 3, https://www.gao.gov/assets/gao-22-105051.pdf.
57 DOL OIG, COVID-19: States Struggled to Implement CARES Act Unemployment Insurance Programs, May 2021, p. 8, https://www.oig.dol.gov/public/reports/oa/2021/19-21-004-03-315.pdf.
58 DOL OIG, COVID-19, pp. 8-10.
59 GAO, COVID-19: Key Elements of Fraud Schemes and Actions to Better Prevent Fraud, GAO-24-107122, October 2023, p. 12, https://www.gao.gov/assets/d24107122.pdf.
60 SBA, “Administrator Guzman Announces Expanded Efforts to Aggressively Crack Down on Bad Actors and Prevent Fraud in Programs,” press release, April 1, 2022, https://www.sba.gov/article/2022/apr/01/administrator-guzman- announces-expanded-efforts-aggressively-crack-down-bad-actors-prevent-fraud.
61 GAO, Emergency Relief Funds: Significant Improvements Are Needed to Ensure Transparency and Accountability for COVID-19 and Beyond, March 2022, GAO-22-105715, pp. 15-16, https://www.gao.gov/assets/gao-22-105715.pdf.
62 DOL, Building Resilience: A Plan for Transforming Unemployment Insurance, April 2024, p. 56, https://oui.doleta.gov/unemploy/pdf/transfplan/Building_Resilience_Complete%20document.pdf.
63 DOL, Building Resilience, p. 15.
64 California State Auditor, Employment Development Department: Significant Weaknesses in EDD’s Approach to Fraud Prevention Have Led to Billions of Dollars in Improper Benefit Payments, January 2021, pp. 9, 37, https://www.auditor.ca.gov/pdfs/reports/2020-628.2.pdf.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 17
on “uninformed and disjointed techniques” to detect fraud in its pandemic programs and paid an estimated $10.4 billion to potential fraudsters between March and December of 2020.65
The GAO framework requires agencies to outline the specific actions they will take to monitor and manage fraud risks. The most effective strategies emphasize pre-payment controls, but information gained by monitoring all fraud controls can help agencies determine whether those controls are effective and how they may be adjusted to achieve better results. By January 2023— almost three years past the onset of the pandemic—SBA and DOL had only partially completed their anti-fraud strategies.66 It is not clear how much progress SBA, DOL, and other agencies have made in implementing GAO’s fraud risk framework, because the requirement that agencies report on their fraud prevention and detection policies sunset in FY2020.
Selected Legislative Proposals in the 118th Congress
Congress has introduced several bills in the 118th Congress to enhance oversight of agency fraud risk controls, ensure that new programs with expenditures over $100 million are more quickly subject to PIIA requirements, and identify the improper payments duties of specific individuals or entities within each agency. In addition, Congress proposed legislation that would address improper payments challenges related to tax improper payments and TANF.
The Improper Payments Transparency Act (H.R. 8342/S. 4661)
These companion bills would require agencies to include with their budget submissions information on improper payment amounts and rates for programs subject to PIIA reporting requirements, including a description of why improper payments amounts and rates have increased or decreased for covered programs in the past three years and corrective actions the agency has taken and plans to take. This legislation, by expanding the committees to which agencies must report improper payments information, might enhance oversight and result in a broader range of policy proposals. On the other hand, agencies might be unsure which committees to work with on improper payments issues, and there might be a lack of clarity as to committee jurisdictions over improper payments legislation.
The Enhancing Improper Payments Accountability Act (H.R. 8343)
H.R. 8343 would require each agency to include in its annual budget submission, when applicable, an explanation of why the agency did not submit any of the reports required by PIIA. The bill would also require agencies to deem as risk-susceptible any program that has or is expected to have outlays exceeding $100 million in any one of its first three fiscal years.
In addition, H.R. 8343 would require each agency to include in its annual financial statements a report on the agency’s progress in implementing fraud risk controls and best practices, including those identified in GAO’s fraud risk management framework, OMB Circular A-123, and GAO’s Standards for Internal Controls in the Federal Government. The report must also identify the dedicated entity that leads the agency’s fraud risk management activities and which programs that entity oversees, as well as when each program completed a fraud risk profile and when the agency last updated its anti-fraud strategy.
The bill would potentially reduce the time it takes for a newly established program to be subject to PIIA’s reporting requirements by up to two years. Rather than allowing agencies to wait until
65 California State Auditor, Employment Development Department, p. 33.
66 GAO, Emergency Relief Funds, March 2022, pp. 15-16.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 18
the program has made expenditures for a year, and then conduct a risk-assessment in year two, the legislation would require a program that is expected to have $100 million in outlays in any of its first three years to be immediately deemed risk-susceptible. Agencies might consider this an undue burden, as it would require them to invest resources in programs that have not demonstrated that they are risk-susceptible.
The bill would enhance transparency over agency fraud risk management practices, about which little is currently known, and provide Congress with a way to hold agencies accountable for complying with PIIA fraud prevention requirements. The hundreds of billions of dollars in fraud in pandemic programs highlighted the risks posed by inadequate fraud controls.
The Safeguarding the Transparency and Efficacy of Payments Act (S. 2924)
S. 2924 includes several provisions that are similar to H.R. 8343. It would require agencies to deem as risk-susceptible any program that has or is expected to have outlays exceeding $100 million in any one of its first three fiscal years. It would also require each agency to include in its annual financial statements a report on the agency’s progress in implementing fraud risk controls and best practices, including those identified in GAO’s fraud risk management framework, OMB Circular A-123, and GAO’s Standards for Internal Controls in the Federal Government. The report must also identify the dedicated entity that leads the agency’s fraud risk management activities and which programs that entity oversees, as well as when each program completed a fraud risk profile and when the agency last updated its anti-fraud strategy.
Provisions in S. 2924 that are not in H.R. 8343 include a requirement that each agency report its PIIA information in a document containing its financial statements—such as its annual financial report—rather than in the financial statements themselves. The bill would also require each agency’s CFO to include a statement in its annual financial report that (1) certifies the reliability of the agency’s risk assessments and improper payments estimates and (2) describes the actions of the CFO in developing and implementing the agency’s corrective actions plans.
Most agencies currently report their improper payments information in their annual financial reports, so S. 2924 would merely codify existing practice. The bill would establish the CFO as the individual responsible for leading the agency’s PIIA implementation, a step that GAO has argued would provide needed clarity and accountability.67
The Preventing Improper Payments Act (H.R. 877)
H.R. 877 would deem any program making more than $100 million in outlays in a fiscal year as susceptible to significant improper payments. Under PIIA as it is currently written, a program with more than $100 million in outlays would be deemed risk-susceptible only after an assessment was completed and it was determined that it might make improper payments above the statutory threshold ($10 million and 1.5% of program outlays, or $100 million). By automatically deeming a program with $100 million in outlays as risk-susceptible, the bill would reduce the time it takes to subject a program to PIIA requirements. However, the bill appears to give agencies the option to wait until a program has made expenditures for a full fiscal year before deeming it risk-susceptible, perhaps diminishing the potential effectiveness of the legislation.
67 GAO, Improper Payments: Opportunities for Interagency Collaboration and Improvements, GAO-23-106761, September 2023, p. 11, https://www.gao.gov/assets/870/861816.pdf.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 19
The Eliminating Fraud and Improper Payments in TANF Act (H.R. 7431)
H.R. 7431 would require HHS to submit to Congress a plan to reduce or eliminate improper payments made by states under TANF within 10 years. This bill would enhance transparency over how the agency plans to finally establish a TANF error rate. Given that HHS believes it needs new statutory authority to collect the necessary data, the plan may provide an opportunity for the agency to highlight its legislative needs to Congress. On the other hand, the legislation does not set many requirements for HHS to follow when developing its plan, and it is possible the agency might submit information that lacks sufficient detail for it to be useful as an oversight tool for Congress.
The IRS Improper Payments Act (S. 1054)
S. 1054 would require Treasury to post, within 180 days of enactment, the name of the official overseeing efforts to address improper tax payments, the rates and amounts of improper tax payments and their causes, and annual targets for reducing improper tax payments. Annually thereafter, the accountable official would provide Congress with a report on actions that have been and will be taken to address improper tax payments. The bill would also require the Secretary of the Treasury, in consultation with the Treasury Inspector General for Tax Administration (TIGTA) and the Internal Revenue Service (IRS) commissioner, to develop recommendations for reducing improper tax payments.
Tax improper payments, notably in EITC, have proven difficult to reduce. By establishing a single official to oversee them—and requiring collaboration among the IRS, Treasury, and TIGTA—the bill might help establish a culture of accountability and foster the development of new policy proposals. Treasury and IRS might maintain that the legislation is beside the point: EITC and other refundable tax credits are not traditional payments, and the tax system is not a payment system but a collection system. Therefore, approaching tax improper payments the same way as payments to grantees or contractors may not make sense.
Concluding Observations
In addition to the proposals outlined above, Congress may wish to consider legislation that would enhance transparency over two areas where little data are currently available: unknown payments and uncollected overpayments.
Unknown Payments
Unknown payments are a substantial portion of federal improper payments each year. In FY2023, agencies reported $44.6 billion in unknown payments, accounting for 19% of all improper payments.68 For some programs, such as PPP Loan Forgiveness, the amount of unknown payments ($17.8 billion) was larger than the amount of verified improper payments ($893 million).
OMB Circular A-123, which provides agencies with guidance on PIIA implementation, explains that unknown payments (UPs) are not meant to remain unknown:
If a program cannot discern whether a payment is proper or improper, the payment is considered an UP. If a program is still conducting research or going through the review of a payment at the time that the program must finish their sampling and report its results, the
68 GAO, Improper Payments: Information on Agencies’ Fiscal Year 2023 Estimates, p. 3.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service 20
payment will be considered an UP for reporting purposes that year. This is done so that the program would not unintentionally over or under report the payment type results. An UP will eventually be determined to be proper or improper but because the program does not know whether it is proper or improper at the time of their review, they must call it an UP for purposes of this guidance. Programs may be required to report the review results of their UPs in future reporting years as the results become available. Agencies should not cushion their reporting timeframe specifically for the purpose of allowing the agency additional time to verify whether an UP is proper or improper.69
OMB’s guidance makes clear that agencies are expected to determine whether unknown payments were proper or improper. Indeed, OMB noted that it might even require agencies to report on the final status of payments initially categorized as unknown. This information would appear to be important for oversight and policymaking, but agencies do not currently report on the ultimate status of tens of billions of dollars in unknown payments.
Unknown payments that are eventually determined to be improper would increase the totals for overpayments and monetary loss, whereas those that are eventually found to be proper would reduce a program’s “real” improper payment rate. The resolution of unknown payments might also shape policy decisions. Unknown payments that are determined to be fraudulent might lead agency officials and Congress to look at strengthening fraud controls, whereas unknown payments that are determined to be accidental might be addressed by providing additional training for program personnel. Congress may wish to consider requiring agencies to report on the resolution of unknown payments as part of their annual financial reports.
Uncollected Overpayments
In FY2023, agencies reported more than $175 billion in overpayments70 but provided little information about their recovery audits. To enhance transparency, Congress may wish to require additional reporting in agencies’ annual financial reports. Information that might be useful includes the percentage and amounts of overpayments waived, charged off, or otherwise not identified for recapture for each program; the amounts of overpayments recovered and outstanding for each program and agency; and an explanation of the difference between the estimate of total overpayments and overpayments that agencies identify for recapture. Potential legislation might also require auditors to assess the process through which federal and state agencies grant waivers when the amount waived reaches a certain threshold, such as the greater of X% of a program’s overpayments or $Y million.
Author Information
Garrett Hatch Specialist in American National Government
69 OMB, Appendix C to OMB Circular A-123, p. 12.
70 GAO, Improper Payments: Information on Agencies’ Fiscal Year 2023 Estimates, p. 3.
Improper Payments: Ongoing Challenges and Recent Legislative Proposals
Congressional Research Service R48296 · VERSION 1 · NEW 21
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress. Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the United States Government, are not subject to copyright protection in the United States. Any CRS Report may be reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you wish to copy or otherwise use copyrighted material.