Addressing Fraud, Waste, and Abuse in Federally Funded Programs

Fraud, waste, and abuse (FWA) remain one of the most persistent risks in federally funded programs, especially in disaster recovery environments where funding is deployed quickly and at scale. As stewards of public funds, grantees and subrecipients are responsible not only for delivering impactful programs, but also for protecting those funds from misuse, mismanagement, and fraud.

Recent updates to HUD’s Community Development Block Grant–Disaster Recovery (CDBG-DR) framework, including the Universal Notice, continue to reinforce the agency’s focus on strong internal controls, monitoring, and proactive fraud prevention. These updates highlight the importance of integrating FWA considerations into program design and execution.

What is Fraud, Waste, and Abuse?

Fraud

Fraud involves intentional deception or misrepresentation to obtain something of value. In federally funded programs, this may include:

• Misrepresenting disaster damage or eligibility 
• Inflating costs or duplicating invoices 
• Submitting falsified or fictitious documentation 

Waste

Waste refers to the inefficient use or squandering of resources. Examples include:

• Unnecessary or excessive administrative costs 
• Poor project scoping or cost overruns 
• Duplication of effort across programs or funding sources 

Abuse

Abuse involves actions inconsistent with sound business or program practices, even if not intentionally deceptive. This may include:

• Weak oversight or mismanagement 
• Inappropriate or excessive expenditures 
• Failure to follow established policies and procedures 

Common Fraud Risks in Disaster Recovery Programs

HUD’s Office of Inspector General (OIG) continues to identify recurring fraud schemes in disaster recovery programs. A report from January 2026 identified seven fraud risk factors and developed an inventory of 57 potential fraud risks affecting disaster recovery funding.  These risks tend to intensify in disaster environments where programs are launched quickly, funding volumes are high, and delivery pressure can outpace controls.

Key Risk Factors

1. Large Amount of Funding: Disaster awards can exceed “traditional” CDBG funding levels, and funds often flow through multiple layers (states, grantees, subrecipients, contractors), increasing exposure points. 
2. Administrative Capacity: Some grantees (especially first time or less experienced) may have limited staffing, training, and control maturity to prevent and detect fraud; oversight capacity constraints can also create additional risk if not addressed. 
3. Changing or Inconsistent Rules for Each Disaster: Disaster grants can come with varying rules, notices, waivers, and requirements, which can complicate administration and make oversight harder. 
4. Usage Flexibility: Disaster programs often span many activity types (e.g., housing, infrastructure, economic recovery), which can broaden misuse pathways and complicate oversight. 
5. Decentralized Program Design: The DR model involves many state/local entities with substantial discretion, increasing the chance of uneven controls and inconsistent oversight. 
6. Disaster Environment: Urgency to deliver aid can create shortcuts and reduce control effectiveness; applicant desperation may lead to higher risk of misrepresentation.
7. Self Certification:  Heavy reliance on self certification as the primary eligibility control can create additional exposure points.

Common Fraud Schemes 

Building on those risk factors, HUD OIG categorized fraud schemes affecting disaster recovery funding into six broad activity types. 

1. Asset Misappropriation Schemes

Theft or misuse of grant funds or property, such as:

• Check/payment tampering (redirecting payments)
• Shell company abuse
• Embezzlement/larceny
• Side payments (unauthorized fees)
• Misuse of funds or assets (diverting grant funded resources to nonprogram purposes)

2. Beneficiary Fraud Schemes

Misrepresentation to improperly obtain benefits, such as:

• Identity theft
• DOB type overlaps (multiple sources for the same need)
• False damage claims (unrelated damage, inflated damage/value, phantom property)
• False eligibility claims (ownership/occupancy/income misrepresentation, ghost applicants, false landlord/tenant, inflated business financials)

3. Procurement Fraud Schemes

Manipulation of procurement and contracting processes, such as:

• Bid rotation/suppression/complementary bidding
• Bid tailoring/specification steering
• Leaking bid/proposal information
• Unjustified sole source approaches
• Change order abuse
• Cost mischarging/cross charging and progress payment fraud
• Product/service substitution (nonconforming goods/services billed as compliant)

4. Corruption Schemes

Abuse of position or influence for private gain, such as:

• Bribery/kickbacks
• Collusion
• Conflict of interest schemes
• Manipulation of results (e.g., third party reports)
• Economic extortion
• “Benevolent fraud” (approving/encouraging ineligible assistance)

5. Financial/Performance Reporting Fraud Schemes

Misrepresentation in financial or performance documentation, such as:

• Misclassification/overstatement of expenditures
• Understatement of program income
• Misstating performance/progress or outcomes

6. Fraudulent Payment Schemes

Misrepresentation through invoicing and payroll processes, including:

• Fictitious/overstated/duplicate invoices
• Ghost beneficiaries or ghost employees
• Timesheet fraud
• Pay and return schemes (overpay then split refunds)

Understanding these activity types can help grantees prevent problems earlier, detect issues faster, and respond more effectively.

Evolving Federal Expectations 

The Universal Notice establishes more explicit expectations for how CDBG-DR grantees must detect, prevent, and respond to FWA. Grantees are required to implement and document procedures that address several core areas:

• Verification of Applicant Information

Grantees must establish processes to validate the accuracy and completeness of information submitted by applicants, including eligibility, damages, and duplication of benefits. 

• Subrecipient Capacity Evaluation

Before awarding funds, grantees must assess the financial, administrative, and operational capacity of subrecipients to manage federal funds responsibly. 

• Risk-Based Monitoring Frameworks

Policies must define how frequently monitoring occurs, what entities are monitored (including internal departments, subrecipients, and contractors), and which compliance areas are prioritized. 

• Internal Audit Functions (for larger allocations)

Grantees receiving significant funding allocations are expected to establish internal audit capabilities that provide both financial and programmatic oversight. 

• Standards of Conduct and Conflict of Interest Policies

Written policies must comply with applicable federal regulations and include clear procedures for identifying, disclosing, and addressing conflicts. 

• Fraud Response and Reporting Protocols

Grantees must define how suspected fraud is investigated, escalated, and reported, including compliance with federal requirements to notify HUD and the OIG when credible evidence exists.

In addition, the Universal Notice emphasizes beneficiary protection, requiring grantees to:

• Educate beneficiaries on how to identify and avoid fraud 
• Provide clear reporting channels for suspected fraud 
• Establish procedures to assist victims of fraud, including reassessing unmet need when appropriate 

Strengthening Program Integrity

Effective FWA management requires embedding controls throughout the program lifecycle. Leading practices include:

Comprehensive Policies and Procedures

Well-defined program guidelines and standard operating procedures (SOPs) establish clear expectations for eligibility, documentation, procurement, and financial management. Importantly, the existence of strong policies can serve as a deterrent to fraudulent activity.

Robust Monitoring and Oversight

Risk-based monitoring, paired with documented review protocols, helps identify irregularities early. This includes oversight of:

• Subrecipients 
• Contractors and vendors 
• Internal program functions 
• Project implementation

Data Validation and Internal Controls

Implementing controls such as segregation of duties, approval workflows, and data validation checks helps reduce the risk of error and manipulation.

Training and Awareness

Regular training helps staff, subrecipients, and stakeholders understand program requirements, recognize red flags, and know how to respond to potential fraud. First-time grantees and their subrecipients are required to attend training provided by HUD OIG, when offered.

Whistleblower Protections and Reporting Mechanisms

Providing accessible reporting channels can encourage the proactive identification of issues. At the same time, strong whistleblower protections help individuals raise concerns without the fear of retaliation.

Documentation and Audit Readiness

Maintaining a clear and consistent audit trail — often referred to as “for the file” documentation — is essential to support monitoring or audit activities. 

Addressing fraud, waste, and abuse is essential to maintaining public trust and helping disaster recovery resources reach the communities that need them most. As federal requirements continue to evolve, organizations must take a proactive and structured approach to safeguarding program funds.