Are there good practices to mitigate the risk of fraud, waste, and abuse on infrastructure projects?

Municipalities are responsible for ensuring that federal funds are used for their intended purposes and should assess and establish internal controls to provide reasonable assurance regarding the:

• effectiveness and efficiency of operations;
• reliability of reporting for internal and external use; and
• compliance with applicable laws and regulations.[1]

Recipients must establish and enforce strong control systems and increase awareness among relevant people of common fraud schemes.[2] Assessing internal controls is not only a good practice in grant management, but also something that the federal government expects municipalities to do. Specifically, 2 CFR § 200.303, “Internal Controls,” states that:   

The non-federal entity must . . . [e]stablish and maintain effective control over the Federal award that provides reasonable assurance that the non-Federal entity is managing the Federal award in compliance with federal statutes, regulations, and the terms and conditions of the Federal award.[3]

In preparation for work that will be carried out by local and state governments as a result of the passage of the Infrastructure Investment and Jobs Act (“IIJA”),[4] the Coalition for Integrity (the “Coalition”)[5] prepared a report titled “Oversight of Infrastructure Spending.”[6] The report noted that:

Because of the scope, complexity, and cost of infrastructure legislation, clear and robust oversight provisions are critical to ensure that infrastructure projects are carried out in a faithful and fiscally responsible manner. Without such oversight, infrastructure projects at the federal, state and local level risk falling victim to waste, fraud and other abuses.[7]

The report identified and provided details on four common corruption schemes found in infrastructure projects:

1. Bribery, which generally involves payments made to gain an advantage or to avoid a disadvantage.
2. Fraud Schemes, which tend to involve theft by deceit.
3. Collusion Schemes, which typically implicate agreements between two or more parties to achieve an improper purpose—in the infrastructure context, usually to prevent competition or otherwise secure an unfair advantage.
4. Coercion Schemes, which often involve the use of intimidation to improperly influence another’s actions.[8]

The Coalition recommended the following oversight measures at the federal, state, and local levels, which may be helpful to municipalities:

• Formalize collaboration amongst Inspectors General. For municipalities, collaboration can take place with local Inspectors General, the Comptroller, or other relevant oversight agencies.
• Provide adequate funding for oversight and enforcement functions. Robust oversight and enforcement measures cannot succeed without adequate funding.
• Conduct up-front risk assessments so that issues can be identified and resolved before funds are distributed.
• Provide “real time” oversight of federally-funded programs. In addition to upfront risk assessments, real time oversight, such as proactive audits, is important to provide ongoing assessments of infrastructure projects.
• Protect whistleblowers. Create provisions that protect whistleblowers who come forward with information relating to misuse of funds or other non-compliance activities.[9]

The U.S. Chief Financial Officers Council and the U.S. Department of the Treasury published a document titled “Program Integrity: The Antifraud Playbook,” that provides guidance on creating an antifraud program that may be helpful to municipalities in establishing oversight mechanisms for infrastructure projects.[10] The playbook may also help municipalities assess and strengthen the current state of their antifraud program. The playbook focuses on four critical phases to the establishment of a successful program:

1. Create a Culture—Build a culture that is conducive to both integrity efforts and furthering antifraud measures at your agency.
2. Identify and Assess—Identify your fraud risks and develop a path forward for executing, repeating, and expanding a fraud risk assessment that is unique and customizable for your agency.
3. Prevent and Detect—Develop or strengthen antifraud controls that mitigate your highest risk areas and start or advance your fraud analytics program.
4. Insight into Actions—Use available information, either within your agency, or from external sources, and turn that insight into actionable tasks.[11]

Each municipality should develop policies and procedures that address the unique risks of fraud to which they are exposed, taking into consideration their plans for using funds received under the IIJA.

Lessons learned from federal funds provided to New York after the September 11^th attacks.

A Homeland Security Subcommittee on Management, Intelligence, and Oversight (“the Subcommittee”) issued a report after it reviewed the oversight of federal aid provided to New York after the 9/11 terrorist attacks. The report, “An Examination of Federal 9/11 Assistance to New York: Lessons Learned in Preventing Waste, Fraud, Abuse, and Lax Management,”[12] reviewed approximately $20 billion in federal funds provided to New York City to clean up and rebuild transportation, communication, and utility infrastructure after the 9/11 attacks.[13] The Subcommittee identified ten good practices used in the aftermath of the September 11^th attacks, and urged their use in future events:

• private integrity monitors (“IMs”) (explained below);
• database searches to screen contractors;
• mandatory regular audits;
• dedicated temporary oversight office;
• full-time Independent Coordination Agency that prevents fraud;
• temporary Fraud Prevention Task Force;
• fraud awareness training;
• fraud tip lines;
• controlled electronic access to disaster sites (construction sites); and
• contractor employee screening.[14]

New York City utilized private IMs, also known as Independent Private Sector Inspectors General (“IPSIGs”),[15] to monitor the field activities and financial records of the construction management companies hired to assist with the cleanup of the World Trade Center. Working with government agencies, the IPSIGs used forensic auditing, surveillance, interviews, informants, background checks, and other investigative techniques to screen subcontractors and ensure they were using the appropriate equipment and workers, accurately billing the government, and hauling debris to the appropriate destinations.[16]

The World Trade Center Integrity Compliance Monitorship Program was effective in large part because it was preventive. By embedding private integrity monitors with the individual contractors, the monitoring program prevented fraud and abuse by contractors that were unscrupulous or careless in their accounting. In addition, the monitoring ensured proper record keeping and established internal controls, which created a culture of compliance within each contractor’s operations and ensured accountability to New York City.[17]

The Subcommittee report captured how valuable a visible oversight mechanism can be on an infrastructure project when they provided details of a recorded conversation that took place between two organized crime associates. It was reported that the two individuals lamented how the IMs at the World Trade Center were making it impossible for anyone to overbill New York City using the usual scams.[18]

Further details on the role IMs played in monitoring and deterring fraud, and on the $47 million in cost recoveries attributed to the IMs, can be found throughout the report, including on the Subcommittee’s discussion of “Best practice: Private integrity monitoring caught and deterred fraud.”[19]