Despite the historic impact on our world, COVID-19 has led to remarkable innovation among families, schools, businesses and government. The Federal Emergency Management Agency is no exception, as the agency recently developed a process for issuing public assistance (PA) disaster grants through desktop validation in lieu of on-site inspections. Desktop validation not only protects FEMA personnel from COVID-19 exposure, it also expedites the disaster grant process to communities in need. However, one key drawback of desktop validation is the increased risk of fraud. According to the Association of Certified Fraud Examiners COVID-19 Benchmarking Report, 77% of respondents said they had observed an increase in the overall level of fraud, with one-third noting this increase has been significant. As FEMA and the rest of the world begin the journey into a post-COVID environment, it is important to implement “trust but verify” capabilities to mitigate fraud, waste and abuse risk while continuing to realize the benefits of desktop validation.
Following a disaster, local jurisdictions want to receive as much federal grants assistance as possible. This is understandable, as local costs to rebuild can easily reach tens of millions of dollars, only some of which is reimbursed by the FEMA PA program. FEMA works with applicants to fund all eligible work while avoiding the inclusion of any damages not caused by the federally declared disaster. However, the FEMA PA Program has uncovered numerous examples of fraud over the years. In many instances, the fraud was mitigated through the diligence of an individual or group of individuals, not through a system or other remote mechanism.
For example, following Hurricane Maria, multiple representatives from one state attempted to include costs for damage that were not a result of that disaster in their PA-funded work projects. The representatives would pressure and suggest to grant sub-recipients that they should claim additional damages that were the result of previous events or lack of maintenance. FEMA site inspectors witnessed this fraud attempt first-hand and reported it; their diligence and presence on-site saved the federal government millions of dollars.
So how does FEMA successfully use desktop validation while mitigating the risk of fraud? There are several considerations for solutions to reduce fraud in disaster relief, including:
- Implementing inspection technology solutions
- Establishing a risk appetite for prioritizing on-site inspections
- Risk ranking jurisdictions
Aerial and satellite photography combined with existing Geographic Information System (GIS) database information could be used to assess an area after a disaster event. Current state GIS information is already on file and may be overlaid with weather data to predict potential impacts from natural disasters. To come full circle, aerial and satellite photography could then be used after a natural disaster to validate the predicted impact versus actual impact.
Another emerging technology is the construction of “smart” or “connected” buildings. These buildings have sensors that transmit information directly to building engineers regarding conditions, including temperature, humidity, air pressure and – in some instances – pest management. Assuming the sensors are collecting accurate data and the data is remotely available, an inspector could also use the data from these sensors to assess damage to a building following a disaster and could complete the “inspection” remotely.
Technology solutions provide a systematic flow of data and certain amount of automation to mitigating fraud, but if there are barriers to implementation (e.g., cost or feasibility), then process solutions should be considered. Process solutions, although more manual, offer guidance related to the decision point between desktop validation and on-site inspection.
Individuals who exceed the speed limit while driving have implicitly accepted the risk of being pulled over by a police officer; they have determined that the value of arriving at their destination earlier is greater than the potential risk of a traffic violation. This is an example of risk appetite and how it may influence an individual’s or an organization’s decision-making process. By using data from past disaster relief efforts, FEMA can establish a risk appetite for determining when the efficiency of desktop validation exceeds the risk of potential fraud. Past disaster relief data would inform types of damage to public facilities and the amount of relief granted. FEMA could assess a differential amount or percentage between past damage and amounts compared with current requested grant amounts to determine if desktop validation may be used or if an on-site inspection is needed.
Lastly, FEMA could consider risk-ranking jurisdictions requesting disaster relief. This would be a process comparable to a bank assessing an individual for a mortgage or other extension of credit. First, a history would need to be established by tracking instances of mitigated or realized fraud on a per-jurisdiction basis, approximately one to two years’ worth of data. Then, analysis can be completed to identify trends so that FEMA may code or flag jurisdictions with a higher likelihood of fraud.
The risk of fraud in disaster relief should not impede FEMA’s ability to continue realizing the benefits of desktop validation and as such providing rapid relief to communities in need. Rather, FEMA must strike a balance in alignment with its risk appetite and move forward in a post-COVID world with sharpened capabilities and a “trust but verify” approach.
Guidehouse is a global provider of consulting services to public and commercial markets with broad capabilities in management, technology, and risk consulting. It offers emergency and enterprise risk management solutions and thought leadership to help organizations and individuals prepare for, respond to, and recover from disasters.