<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:googleplay="http://www.google.com/schemas/play-podcasts/1.0"><channel><title><![CDATA[GovIntegrity ]]></title><description><![CDATA[Public Heist — How public money gets stolen, why the system is built to allow it, and why stopping it requires changing the system itself.]]></description><link>https://govintegrity.substack.com</link><image><url>https://substackcdn.com/image/fetch/$s_!pFUu!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2bff0544-3033-4f73-9892-c7c4db96f33b_1024x1024.png</url><title>GovIntegrity </title><link>https://govintegrity.substack.com</link></image><generator>Substack</generator><lastBuildDate>Sat, 18 Jul 2026 21:35:48 GMT</lastBuildDate><atom:link href="https://govintegrity.substack.com/feed" rel="self" type="application/rss+xml"/><copyright><![CDATA[GovIntegrity]]></copyright><language><![CDATA[en]]></language><webMaster><![CDATA[govintegrity@substack.com]]></webMaster><itunes:owner><itunes:email><![CDATA[govintegrity@substack.com]]></itunes:email><itunes:name><![CDATA[GovIntegrity]]></itunes:name></itunes:owner><itunes:author><![CDATA[GovIntegrity]]></itunes:author><googleplay:owner><![CDATA[govintegrity@substack.com]]></googleplay:owner><googleplay:email><![CDATA[govintegrity@substack.com]]></googleplay:email><googleplay:author><![CDATA[GovIntegrity]]></googleplay:author><itunes:block><![CDATA[Yes]]></itunes:block><item><title><![CDATA[The Death of Documentary Evidence]]></title><description><![CDATA[AI has made documents useless as proof]]></description><link>https://govintegrity.substack.com/p/the-death-of-documentary-evidence</link><guid isPermaLink="false">https://govintegrity.substack.com/p/the-death-of-documentary-evidence</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Wed, 15 Jul 2026 09:32:19 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1758518730327-98070967caab?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0M3x8cmV2aWV3aW5nJTIwZG9jdW1lbnRzfGVufDB8fHx8MTc4NDEwNzg5M3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><span>I heard a researcher who specializes in AI-generated deepfakes make an observation at the ACFE Global Fraud Conference this week that alarmed me: There is no reliable way to determine whether a document was created by artificial intelligence. We have tools to detect an AI-generated photo or video, but we don&#8217;t have those tools for documents. That asymmetry, the gap between what fraudsters can now do with AI and what investigators can&#8217;t detect, represents one of the biggest shifts in the economics of fraud in decades.</span></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1758518730327-98070967caab?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0M3x8cmV2aWV3aW5nJTIwZG9jdW1lbnRzfGVufDB8fHx8MTc4NDEwNzg5M3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1758518730327-98070967caab?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0M3x8cmV2aWV3aW5nJTIwZG9jdW1lbnRzfGVufDB8fHx8MTc4NDEwNzg5M3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1758518730327-98070967caab?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0M3x8cmV2aWV3aW5nJTIwZG9jdW1lbnRzfGVufDB8fHx8MTc4NDEwNzg5M3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1758518730327-98070967caab?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0M3x8cmV2aWV3aW5nJTIwZG9jdW1lbnRzfGVufDB8fHx8MTc4NDEwNzg5M3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1758518730327-98070967caab?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0M3x8cmV2aWV3aW5nJTIwZG9jdW1lbnRzfGVufDB8fHx8MTc4NDEwNzg5M3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1758518730327-98070967caab?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0M3x8cmV2aWV3aW5nJTIwZG9jdW1lbnRzfGVufDB8fHx8MTc4NDEwNzg5M3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="3800" height="2138" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1758518730327-98070967caab?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0M3x8cmV2aWV3aW5nJTIwZG9jdW1lbnRzfGVufDB8fHx8MTc4NDEwNzg5M3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:2138,&quot;width&quot;:3800,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;Woman in suit shows document to man&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Woman in suit shows document to man" title="Woman in suit shows document to man" srcset="https://images.unsplash.com/photo-1758518730327-98070967caab?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0M3x8cmV2aWV3aW5nJTIwZG9jdW1lbnRzfGVufDB8fHx8MTc4NDEwNzg5M3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1758518730327-98070967caab?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0M3x8cmV2aWV3aW5nJTIwZG9jdW1lbnRzfGVufDB8fHx8MTc4NDEwNzg5M3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1758518730327-98070967caab?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0M3x8cmV2aWV3aW5nJTIwZG9jdW1lbnRzfGVufDB8fHx8MTc4NDEwNzg5M3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1758518730327-98070967caab?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0M3x8cmV2aWV3aW5nJTIwZG9jdW1lbnRzfGVufDB8fHx8MTc4NDEwNzg5M3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@silverkblack">Vitaly Gariev</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><p><span>Most discussions about AI today focus on chatbots, productivity, job losses, or deepfake videos. Far less attention has gone to the collapse of documentary evidence as a fraud control.</span></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p><span>For generations, governments, insurers, banks, employers, and charities have relied on the same basic model. If someone makes a claim, ask them to document it. Need reimbursement? Upload a receipt. Applying for a loan, disaster assistance, or a government grant? Provide supporting documentation. The assumption was always that while documents can be forged, doing so requires enough effort that documentation remains a useful proxy for truth.</span></p><p><span>That&#8217;s not to say forged documents are new. Fraudsters have been fabricating documents for as long as documents have existed. But until recently, investigators were remarkably adept at spotting them, and document authentication tools could catch subtle indicators of a forgery. Developing a convincing fake was hard, and we had tools to find it. Every successful forgery represented a real investment by the fraudster.</span></p><p><span>Generative AI has changed that. Today, someone can ask an AI tool to produce a Marriott hotel receipt for three nights in Chicago, complete with room charges, taxes, a loyalty number, and a believable total. The same system can generate an auto repair invoice, a contractor estimate, a daycare receipt, or a medical bill in seconds. Ask for a hundred versions, and it will produce them just as fast, each slightly different from the last.</span></p><p><span>These documents also hold up under scrutiny. The metadata embedded in the file is generated to match the requested details, which renders most detection tools moot.</span></p><p><span>This changes the economics of fraud. Fabricating evidence used to be labor-intensive, which limited both the scale and speed of document-based fraud. AI has driven that cost toward zero while the cost of verification has stayed the same. A criminal can now generate thousands of unique invoices faster than an organization can review a handful of them.</span></p><p><span>Whenever one side of a fraud equation gets dramatically cheaper while the other side gets more expensive, fraud grows. We&#8217;ve seen this pattern with identity theft, payment fraud, phishing, and ransomware. AI-generated documentation is following the same trajectory.</span></p><p><span>The implications are far-reaching because documents underpin verification across sectors. Government programs process billions of supporting documents a year. Insurers reimburse claims based on documentation, disaster recovery programs rely on invoices to validate losses, and healthcare systems review receipts and medical records to process claims. Grant programs require documentation before releasing funds. Enormous administrative systems, across the public and private sectors, were built around the idea that documents provide evidence. Today that idea no longer holds.</span></p><p><span>That leaves organizations with a problem training reviewers can&#8217;t solve. As generative models keep improving, there may be nothing left for even an experienced reviewer to catch.</span></p><p><span>The obvious response is to build better AI tools that detect AI-generated documents. Research in this area is active, and technical advances will help around the margins. But this increasingly looks like an arms race, where every improvement in detection gets matched by an improvement in generation. Betting the integrity of trillion-dollar government programs on winning that race indefinitely is optimistic at best.</span></p><p><span>The more fundamental fix is to stop treating documents as evidence in the first place. For decades, documents substituted for direct verification because verifying the underlying transaction was expensive, and often impossible. That calculation is changing. Financial institutions exchange data in real time, businesses maintain digital transaction records, and governments hold authoritative data on identity, employment, licensing, tax filings, and benefit eligibility. Secure data-sharing technology has matured considerably. In many cases, it&#8217;s now easier to verify whether a transaction actually happened than to determine whether the paperwork describing it is genuine.</span></p><p><span>Instead of asking whether a receipt looks authentic, agencies should interrogate the context of the document. Did the hotel actually issue this invoice? Did the merchant process this payment? Is the contractor licensed? Was the prescription dispensed? Those questions rely on authoritative sources, not visual inspection of an uploaded file.</span></p><p><span>Government agencies are particularly unprepared for this shift. Most eligibility and payment systems still reflect an administrative philosophy built long before artificial intelligence. Applicants make assertions, upload documents, and agencies inspect the paperwork. That model survived because documentary evidence retained enough integrity to justify the effort.</span></p><p><span>The organizations that adapt first will be the ones that redesign their programs around trusted data, authoritative verification, and confirmation of real-world events, not uploaded PDFs. For centuries, documents held a privileged place in fraud prevention because they were expensive to fake and easy to authenticate. AI has reversed both assumptions at once.</span></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The Question No One Asked]]></title><description><![CDATA[Danny Werfel's 2023 confirmation hearing came right after the largest fraud wave in U.S. history. Senators asked about wait times.]]></description><link>https://govintegrity.substack.com/p/the-question-no-one-asked</link><guid isPermaLink="false">https://govintegrity.substack.com/p/the-question-no-one-asked</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Mon, 06 Jul 2026 19:31:34 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!JwcH!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F55d4bd49-24ae-406e-b902-2be92c704027_2000x1125.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>While researching my forthcoming book, <em>Fraud Nation: How Criminals Exploit AI and Government Neglect to Steal Billions from Americans</em>, I spent an afternoon watching Danny Werfel&#8217;s 2023 Senate confirmation hearing to become Commissioner of the IRS. I was writing about pandemic fraud in the Employee Retention Tax Credit program and I wanted to get a firsthand look at what Congress was interested in from the next IRS Commissioner. </p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!JwcH!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F55d4bd49-24ae-406e-b902-2be92c704027_2000x1125.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!JwcH!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F55d4bd49-24ae-406e-b902-2be92c704027_2000x1125.jpeg 424w, https://substackcdn.com/image/fetch/$s_!JwcH!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F55d4bd49-24ae-406e-b902-2be92c704027_2000x1125.jpeg 848w, https://substackcdn.com/image/fetch/$s_!JwcH!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F55d4bd49-24ae-406e-b902-2be92c704027_2000x1125.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!JwcH!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F55d4bd49-24ae-406e-b902-2be92c704027_2000x1125.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!JwcH!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F55d4bd49-24ae-406e-b902-2be92c704027_2000x1125.jpeg" width="1456" height="819" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/55d4bd49-24ae-406e-b902-2be92c704027_2000x1125.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:819,&quot;width&quot;:1456,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;Daniel Werfel, Biden's IRS nominee, set to oversee $80 billion overhaul of  the agency | CNN Politics&quot;,&quot;title&quot;:null,&quot;type&quot;:null,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Daniel Werfel, Biden's IRS nominee, set to oversee $80 billion overhaul of  the agency | CNN Politics" title="Daniel Werfel, Biden's IRS nominee, set to oversee $80 billion overhaul of  the agency | CNN Politics" srcset="https://substackcdn.com/image/fetch/$s_!JwcH!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F55d4bd49-24ae-406e-b902-2be92c704027_2000x1125.jpeg 424w, https://substackcdn.com/image/fetch/$s_!JwcH!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F55d4bd49-24ae-406e-b902-2be92c704027_2000x1125.jpeg 848w, https://substackcdn.com/image/fetch/$s_!JwcH!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F55d4bd49-24ae-406e-b902-2be92c704027_2000x1125.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!JwcH!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F55d4bd49-24ae-406e-b902-2be92c704027_2000x1125.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>The hearing was held on Wednesday, February 15, 2023. At the time, the United States had just lived through the largest fraud wave in its history. Pandemic relief programs lost hundreds of billions of dollars to identity theft, organized criminal networks, and fabricated businesses, and the losses were still making headlines when Werfel sat down in front of the Senate Finance Committee. Inspectors general, congressional investigators, and independent watchdogs had already documented how badly the federal government misjudged the threat.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>Senators had plenty of questions for Werfel. They asked him whether he&#8217;d reduce the wait times Americans endure when they call the IRS. They asked how he&#8217;d protect Americans&#8217; privacy. They asked whether he&#8217;d focus IRS resources on high earners, and whether he&#8217;d help small business owners get the pandemic-era tax credits they were owed. These are fair questions, and Werfel had answers for all of them.</p><p>But what senators didn&#8217;t ask about was fraud. Nobody pressed him on how he&#8217;d strengthen fraud prevention, what new authorities he&#8217;d request, how he&#8217;d use data analytics to flag suspicious claims before money went out the door. </p><p>In fact, the word &#8220;fraud&#8221; never came up in the entire confirmation hearing. </p><p>Confirmation hearings tell you what Washington values. Democrats and Republicans alike tend to spend their time on politics, management controversies, customer service, ideology, and the implementation of whatever signature policy the agency is running. Fraud prevention rarely gets sustained attention unless a scandal is already underway. What is truly striking is that Werfel took the job in the wake of the biggest fraud scandal in the agency&#8217;s history, and the topic still didn&#8217;t make the list.</p><p>A Fortune 500 board hiring a new CEO after the company&#8217;s largest financial theft would ask how he intends to prevent another one. The fact that that question didn&#8217;t occur to the Senate committee overseeing one of the government&#8217;s largest financial institutions is telling. </p><p>The great irony here is that months after his confirmation, Werfel imposed a moratorium on new Employee Retention Tax Credit claims after discovering that the program had been overrun by fraudulent applications. It was among the most consequential&#8212; and courageous&#8212;  fraud-prevention decisions in the history of government. The moratorium angered a lot of people, but it arguably saved taxpayers <em>$200 billion. </em></p><p>Werfel&#8217;s confirmation hearing was not out of the ordinary. Even after the eye-watering fraud losses of the pandemic era, fraud is still treated as an inspector general&#8217;s job, a prosecutor&#8217;s job, or an auditor&#8217;s job years after the damage is done. It is almost never treated as a leadership responsibility from day one. We don&#8217;t ask Cabinet nominees how they&#8217;ll measure fraud losses, redesign programs to prevent identity theft, or use AI against increasingly sophisticated criminal networks. We don&#8217;t ask how they&#8217;ll confirm taxpayer dollars are reaching the people they&#8217;re meant for.</p><p>Agencies devote their energy to what their leaders emphasize. If fraud prevention doesn&#8217;t come up at confirmation hearings, doesn&#8217;t show up in agency performance metrics, and isn&#8217;t expected of senior executives, it will keep losing out to customer service, program delivery, and political messaging.</p><p>None of this is inevitable. Fraud thrives in the dark, and Washington has made a habit of keeping it there. Losses get estimated after the fact, buried in inspector general reports few people read and fewer act on. Prevention investments get scored by the Congressional Budget Office as costs rather than savings, so agencies asking for fraud detection tools compete for funding against programs that show up as immediate benefits on paper. </p><div class="pullquote"><p>The incentive structure rewards spending money quickly over <br>spending money carefully.</p></div><p>Fixing that starts with making the invisible visible. The CBO should score fraud prevention investments in a way that accounts for the losses those investments prevent rather than treating them as pure cost. Congress should mandate an annual, public fraud prevention scorecard grading every major federal agency on detection capacity, actual detection rates, data-sharing practices, and technology modernization. Right now, a Cabinet secretary can spend four years in office without anyone outside the agency knowing whether fraud went up or down on their watch. </p><p>Fraud prevention fails because nobody with power is required to consider it, measure it, or answer for it. Congress can and should hold Cabinet officials accountable for their stewardship of taxpayer funds, and that should start with clear expectations from day one. </p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[When fraud becomes a political weapon]]></title><description><![CDATA[The case for asking why, not who]]></description><link>https://govintegrity.substack.com/p/when-fraud-becomes-a-political-weapon</link><guid isPermaLink="false">https://govintegrity.substack.com/p/when-fraud-becomes-a-political-weapon</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Mon, 22 Jun 2026 13:16:24 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1641945512731-c0d1b3f82f84?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxMHx8cGFydGlzYW58ZW58MHx8fHwxNzgyMTM0MDM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Fraud has been in the news lately, and increasingly the headlines have one thing in common: they are distinctly partisan. The Department of Labor warned all fifty governors to clean up unemployment insurance fraud, but the public announcement cited problems specifically in California, Illinois and New York, three states where Democrats control the governments. </p><p>The Justice Department announced a lawsuit aimed at New York health officials over an alleged scheme to rig a $10 billion Medicaid homecare contract. And Minnesota Attorney General Keith Ellison walked out of a Fox News interview rather than answer questions about Vice President Vance&#8217;s referral of him and Governor Tim Walz to the DOJ. </p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1641945512731-c0d1b3f82f84?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxMHx8cGFydGlzYW58ZW58MHx8fHwxNzgyMTM0MDM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1641945512731-c0d1b3f82f84?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxMHx8cGFydGlzYW58ZW58MHx8fHwxNzgyMTM0MDM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1641945512731-c0d1b3f82f84?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxMHx8cGFydGlzYW58ZW58MHx8fHwxNzgyMTM0MDM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1641945512731-c0d1b3f82f84?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxMHx8cGFydGlzYW58ZW58MHx8fHwxNzgyMTM0MDM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1641945512731-c0d1b3f82f84?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxMHx8cGFydGlzYW58ZW58MHx8fHwxNzgyMTM0MDM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1641945512731-c0d1b3f82f84?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxMHx8cGFydGlzYW58ZW58MHx8fHwxNzgyMTM0MDM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="5568" height="3712" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1641945512731-c0d1b3f82f84?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxMHx8cGFydGlzYW58ZW58MHx8fHwxNzgyMTM0MDM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:3712,&quot;width&quot;:5568,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;a picture of an elephant and a donkey&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="a picture of an elephant and a donkey" title="a picture of an elephant and a donkey" srcset="https://images.unsplash.com/photo-1641945512731-c0d1b3f82f84?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxMHx8cGFydGlzYW58ZW58MHx8fHwxNzgyMTM0MDM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1641945512731-c0d1b3f82f84?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxMHx8cGFydGlzYW58ZW58MHx8fHwxNzgyMTM0MDM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1641945512731-c0d1b3f82f84?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxMHx8cGFydGlzYW58ZW58MHx8fHwxNzgyMTM0MDM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1641945512731-c0d1b3f82f84?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxMHx8cGFydGlzYW58ZW58MHx8fHwxNzgyMTM0MDM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@kellysikkema">Kelly Sikkema</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><p>The fraud in question is very much real, and a serious problem. New York&#8217;s homecare vendor allegedly billed at inflated rates after a sham bidding process. Minnesota&#8217;s Feeding Our Future scandal cost taxpayers hundreds of millions of dollars. Unemployment insurance fraud is real and well-documented by the Government Accountability Office. </p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>But a pattern is emerging that should concern anyone who actually wants to solve this problem: The focus is on states that vote a certain way. </p><p>It would be one thing if the data backed up the targeting, but it doesn't. As the AP noted in its coverage of the Labor Department's letters, there doesn't appear to be a strong connection between which party governs a state and how much fraud or overpayment occurs. Unemployment insurance fraud nationally ran between 11 and 15 percent of pandemic-era payouts, a problem rooted in identity verification and eligibility systems that exist in all fifty states, under governors of both parties. </p><p>In fact, the administration&#8217;s own enforcement record undercuts the selective framing. Two months before suing New York, the administration acknowledged it had made a significant factual error in justifying its fraud probe into the state&#8217;s Medicaid program, an error that surfaced in the middle of a campaign aimed almost entirely at states it does not govern. </p><p>Some of these investigations may well uncover real misconduct. If they do, that misconduct should be exposed and prosecuted, regardless of which party is embarrassed by it. </p><p>Fraud prevention turns dangerous when it stops functioning as a governance mission and starts functioning as a partisan instrument, because the incentive flips. Officials in the crosshairs have more reason to deny a problem than to fix it. If acknowledging a fraud problem in your state hands ammunition to the opposing party, the rational response is what you saw from Ellison&#8212; minimize the impact, dispute the number, attack the messenger. That's worse than doing nothing, because now warning signs get suppressed rather than just unaddressed.</p><div class="pullquote"><p>Instead of asking &#8220;Where are the vulnerabilities?&#8221; people start asking <br>&#8220;Which side can be blamed?&#8221;</p></div><p>Fraud rings don&#8217;t care whether a state votes red or blue. Organized criminals  target weak controls, fragmented oversight, and verification gaps. They go where the system is easier to exploit than to defend, and those gaps exist everywhere, not just in the four states currently making headlines.</p><p>New York&#8217;s homecare fraud is not fundamentally a New York story. It is a vendor-oversight story, a story about what happens when a state hands a single contractor control of a $10 billion program with no mechanism to catch self-dealing in real time. Minnesota&#8217;s Feeding Our Future scandal is not fundamentally a Minnesota story. It is a payment integrity and subrecipient oversight story. Unemployment insurance fraud is not a red-state or blue-state problem. It is a verification problem, and it shows up everywhere because every state runs roughly the same outdated systems.</p><p>Yet the national conversation increasingly treats fraud as evidence of partisan failure rather than institutional weakness. The partisan infighting consumes all the oxygen, leaving little left for a conversation about what actually needs to change. </p><p>Every fraud scandal produces a brief window of political will. Lawmakers and administration officials suddenly start paying attention. Congressional committees schedule hearings and agency heads send letters to governors. That attention is a scarce resource, and right now nearly all of it is being spent on intergovernmental lawsuits, and cable news confrontations rather than prevention.</p><p>Prosecution and litigation are the slowest and most expensive way to address fraud, because by the time a case is filed, the money is usually gone. The New York lawsuit proves the point. The state&#8217;s home health program had already been running for years under a contract with no real-time mechanism to catch a vendor billing above its allowed rate. The actual fix is upstream. Pre-payment detection systems that flag fraudulent billing and applications before the funds go out the door would have caught that pattern in months, not years. Banks have run real-time transaction screening for over a decade. Most federal grant programs still rely on post-payment audits and referrals to law enforcement, the fraud equivalent of installing the alarm after the house has already been emptied.</p><p>That is where the energy from these scandals should go&#8212; toward funding and mandating the analytics infrastructure that would let agencies stop the next homeware fraud or the next Feeding Our Future before the checks clear, regardless of which party runs the state cashing them.</p><p>Every hour spent proving Tim Walz or Kathy Hochul should have caught this sooner is an hour not spent asking why no state, of either party, has a system that flags a vendor billing above its contracted rate before the money moves. That is the only question that prevents the next ten-billion-dollar program from becoming the next scandal.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The Federal government doesn't know who its paying, and that makes it easier to defraud]]></title><description><![CDATA[OMB&#8217;s grants rewrite improves oversight, but it doesn&#8217;t solve the central problem that the federal government can&#8217;t track its own money]]></description><link>https://govintegrity.substack.com/p/the-federal-government-doesnt-know</link><guid isPermaLink="false">https://govintegrity.substack.com/p/the-federal-government-doesnt-know</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Fri, 19 Jun 2026 14:12:45 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1512799906445-d591d53082c0?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibGluZGZvbGR8ZW58MHx8fHwxNzgxODc4Mjg1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>On May 29, the Office of Management and Budget (OMB) published the most significant rewrite of federal grants regulation since 2013. The proposed rule replaces the Uniform Guidance with something called the Uniform Grants Regulation. To date, most of the commentary has focused on DEI restrictions, expanded termination authority, the politics of converting guidance into binding regulation.</p><p>But buried in the rulemaking is the fact that federal agencies do not know who they are paying, and the proposed changes don&#8217;t fix that.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1512799906445-d591d53082c0?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibGluZGZvbGR8ZW58MHx8fHwxNzgxODc4Mjg1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1512799906445-d591d53082c0?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibGluZGZvbGR8ZW58MHx8fHwxNzgxODc4Mjg1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1512799906445-d591d53082c0?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibGluZGZvbGR8ZW58MHx8fHwxNzgxODc4Mjg1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1512799906445-d591d53082c0?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibGluZGZvbGR8ZW58MHx8fHwxNzgxODc4Mjg1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1512799906445-d591d53082c0?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibGluZGZvbGR8ZW58MHx8fHwxNzgxODc4Mjg1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1512799906445-d591d53082c0?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibGluZGZvbGR8ZW58MHx8fHwxNzgxODc4Mjg1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="5476" height="3656" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1512799906445-d591d53082c0?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibGluZGZvbGR8ZW58MHx8fHwxNzgxODc4Mjg1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:3656,&quot;width&quot;:5476,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;person covering the eyes of woman on dark room&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="person covering the eyes of woman on dark room" title="person covering the eyes of woman on dark room" srcset="https://images.unsplash.com/photo-1512799906445-d591d53082c0?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibGluZGZvbGR8ZW58MHx8fHwxNzgxODc4Mjg1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1512799906445-d591d53082c0?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibGluZGZvbGR8ZW58MHx8fHwxNzgxODc4Mjg1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1512799906445-d591d53082c0?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibGluZGZvbGR8ZW58MHx8fHwxNzgxODc4Mjg1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1512799906445-d591d53082c0?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibGluZGZvbGR8ZW58MHx8fHwxNzgxODc4Mjg1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@ryoji__iwata">Ryoji Iwata</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><p>Once a federal grant moves past the prime recipient, the trail goes cold. There is no limit on how many subrecipient tiers a federal award can pass through. A federal dollar can move through four or five organizations before it reaches whoever is actually doing the work, and the agency that wrote the check has virtually no way to see past the first handoff. </p><p>The nation watched the exploitation of this gap up close in Minnesota.</p><h3><strong>The sponsor problem</strong></h3><p>USDA's Federal Child Nutrition Program funds flowed from USDA to the Minnesota Department of Education (the state agency and prime recipient), to Feeding Our Future (a sponsoring organization functioning as a subrecipient), to more than 250 individual meal sites. </p><p>The state agency's direct oversight obligation reached only the sponsor tier: state agencies are required to review at least one-third of participating institutions annually. Oversight of the sites themselves, where the fraudulent claims actually originated, was delegated entirely to the sponsor. Feeding Our Future was, by design, both the only entity with a direct line of sight to the sites and the entity orchestrating the fraud at those sites. Federal and state oversight had no independent visibility into the tier where the fraud occurred, because the regulatory structure assigned that visibility exclusively to the subrecipient with the greatest incentive to misrepresent it.</p><p>Feeding Our Future&#8217;s payments went from $1.4 million in 2019 to $140 million in 2021, a hundredfold increase in two years, and the structure designed to catch that kind of growth was looking at the sponsor&#8217;s paperwork, not the sites. Minnesota&#8217;s legislative auditor later found that the state&#8217;s oversight of the sponsor itself was inadequate. But in reality, even a state agency doing everything right at the sponsor level would not have seen the fraud, because the fraud was happening at a tier the state was never positioned to see directly. </p><h3><strong>What the new rule does</strong></h3><p>The proposed rule treats subrecipient risk as a real problem rather than ignoring it, and it contemplates two important changes.</p><p>First, it integrates grants payments with Treasury&#8217;s Do Not Pay system, the same screening infrastructure used to catch deceased payees, excluded parties, and other categorically disqualified recipients before money goes out the door. Grants have operated outside that infrastructure for years and bringing them in is overdue.</p><p>Second, it tightens subrecipient oversight, adding new SAM.gov reporting requirements and making noncompliance grounds for termination. Pass-through entities &#8212; the states, counties, and large nonprofits redistributing federal money &#8212; now face a sharper incentive to actually monitor who they&#8217;re funding rather than file a risk assessment once and move on.</p><p>Treasury screening and stronger SAM.gov reporting would have improved the federal government&#8217;s visibility into Feeding Our Future as a subrecipient. But importantly, neither change reaches the sites, where the fraud actually happened. </p><h3><strong>The architecture is the problem</strong></h3><p>The subrecipient monitoring requirement has existed in some form since 2013 but it has been woefully inadequate ever since. The requirement obligates a pass-through entity to assess the risk of the subrecipients it funds directly. It doesn&#8217;t require that entity, or anyone above it, to see the tier below that. A state monitors the sponsor, but nobody in the federal government, and often nobody at the state, is positioned to independently verify the sites the sponsor funds. The regulation assumes that risk assessed at one tier is risk accounted for at every tier beneath it. It isn't. Each layer of a subaward chain can only see as far down as the layer directly below it, and the federal government, several tiers removed, sees none of it directly at all.</p><p>Compare this to how the rest of the financial system works. A bank doesn&#8217;t extend credit to an organization without verifying the borrower exists, confirming who owns it, and checking that ownership against a sanctions list. That is baseline due diligence that any commercial lender performs as a condition of moving money. The federal government, moving over a trillion dollars a year through layers of subrecipients, has no equivalent requirement that travels down the chain. Each pass-through entity does its own version of due diligence, to its own standard, on its own timeline, and nothing forces that standard to improve, or to reach past the tier it&#8217;s already looking at.</p><p>This isn&#8217;t a new idea. The federal government already built it once and let it lapse. Under the 2009 Recovery Act, Section 1512 required subrecipients to report directly into a federal system, rather than have the prime recipient report on their behalf. A state passing money to a nonprofit wasn&#8217;t the only party answering for that money, the nonprofit was. That design choice is a part of the Recovery Act oversight apparatus that is worth bringing back, because it gave the federal government a line of sight past the prime recipient. The mechanism slotted into the same kind of reporting system the government already runs today, SAM.gov, which currently collects subaward data largely as the prime recipient chooses to enter it. There is no reason that system couldn&#8217;t take direct submissions from subrecipients themselves, the way Section 1512 once did, and no reason it should still stop at the first tier down.</p><h3><strong>What the new rulemaking misses</strong></h3><p>While Treasury integration and stronger SAM.gov reporting are vital, they&#8217;re insufficient because they still treat subrecipient risk as something to document at the first tier rather than something to see all the way down. Closing the gap requires three things this rule doesn&#8217;t do. </p><ul><li><p>One, it requires visibility into the full subrecipient chain, not just the layer immediately below the prime. OMB should require that subrecipients at every tier of an award report their own identifying information &#8212; legal name, taxpayer identification number, beneficial ownership, and banking relationships &#8212; directly into SAM.gov, rather than have that information collected and passed upward by the prime recipient or an intermediate pass-through entity.  OMB should restore the ARRA design, without restoring its administrative burden, and extend it to every tier of a subaward, rather than the one or two tiers SAM.gov currently captures.</p></li><li><p>Two, this visibility needs to be continuous rather than a point-in-time check, since the organizations at the bottom of these chains change hands and change behavior far faster than a once-a-year review can catch. OMB should require periodic re-screening of subrecipients against Treasury's Do Not Pay data and other disqualifying-event data sources for the duration of an award, not solely at initial subaward.</p></li><li><p>And three, it requires a common standard for subrecipient verification across the federal government. Subrecipient risk assessment quality currently depends on the sophistication and resources of whichever pass-through entity happens to be administering a given award. A state grants office, a county, and a small nonprofit serving as pass-through entities for the same federal program may apply entirely different standards of diligence to the same category of risk. OMB should establish a minimum, government-wide due diligence standard for subrecipient verification, comparable in rigor to the beneficial-ownership and identity-verification standards financial institutions are required to apply to commercial borrowers.</p></li></ul><p>OMB&#8217;s rule moves the system from almost no visibility to partial visibility. But partial visibility into a complex, trillion-dollar grant system is still a system where the federal government doesn't know who its paying. Every fraud case that surfaces three years after the money is gone looks like the system is working exactly as designed, until the first case file gets opened. There&#8217;s still time to improve on the grants rewrite, and OMB should do so. </p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Why Aggressive Fraud Enforcement Keeps Catching the Wrong People]]></title><description><![CDATA[The Vance task force&#8217;s hospice sweep exposed a false positive problem that has been there for years.]]></description><link>https://govintegrity.substack.com/p/why-aggressive-fraud-enforcement</link><guid isPermaLink="false">https://govintegrity.substack.com/p/why-aggressive-fraud-enforcement</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Mon, 15 Jun 2026 13:05:17 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!HrOT!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48151689-2850-46ae-ad5e-055c193998a7_625x350.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>A Washington Post article today told the story of a hospice owner who built his agency around direct personal attention to a small number of patients at a time, pursued the most rigorous accreditation available, never had a formal complaint in five years, had a 9 out of 10 quality rating and had to shut down because CMS stopped paying him due to suspected fraud.</p><p>In the dry language of fraud prevention, this small business owner is a &#8220;false positive.&#8221; In plain terms, he lost his business because the government&#8217;s fraud detection tools aren&#8217;t precise enough to distinguish between his legitimate company and a shell company run by a sophisticated fraudster.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!HrOT!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48151689-2850-46ae-ad5e-055c193998a7_625x350.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!HrOT!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48151689-2850-46ae-ad5e-055c193998a7_625x350.jpeg 424w, https://substackcdn.com/image/fetch/$s_!HrOT!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48151689-2850-46ae-ad5e-055c193998a7_625x350.jpeg 848w, https://substackcdn.com/image/fetch/$s_!HrOT!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48151689-2850-46ae-ad5e-055c193998a7_625x350.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!HrOT!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48151689-2850-46ae-ad5e-055c193998a7_625x350.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!HrOT!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48151689-2850-46ae-ad5e-055c193998a7_625x350.jpeg" width="625" height="350" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/48151689-2850-46ae-ad5e-055c193998a7_625x350.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:350,&quot;width&quot;:625,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;Fisherman pulling up net filled with garbage and fish from water 56952992  Stock Photo at Vecteezy&quot;,&quot;title&quot;:null,&quot;type&quot;:null,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Fisherman pulling up net filled with garbage and fish from water 56952992  Stock Photo at Vecteezy" title="Fisherman pulling up net filled with garbage and fish from water 56952992  Stock Photo at Vecteezy" srcset="https://substackcdn.com/image/fetch/$s_!HrOT!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48151689-2850-46ae-ad5e-055c193998a7_625x350.jpeg 424w, https://substackcdn.com/image/fetch/$s_!HrOT!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48151689-2850-46ae-ad5e-055c193998a7_625x350.jpeg 848w, https://substackcdn.com/image/fetch/$s_!HrOT!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48151689-2850-46ae-ad5e-055c193998a7_625x350.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!HrOT!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F48151689-2850-46ae-ad5e-055c193998a7_625x350.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>When the Vance task force suspended roughly 800 hospices in Los Angeles this spring, the criteria for who made that list was proximity to a fraud-saturated market &#8212; not individualized evidence of wrongdoing. The reality is that CMS&#8217;s detection infrastructure was always going to produce that outcome at scale.</p><p>It is a fact that Los Angeles has become the country&#8217;s most productive market for hospice billing schemes. Federal agents suspended 447 hospices and 23 home health agencies in the greater Los Angeles area this spring, alleging $600 million in Medicare fraud. The fraudsters are using the same playbook repeatedly because it has proven effective. Operators enroll patients without their knowledge or consent, bill Medicare for services never delivered, and flip licenses to stay ahead of investigators. California&#8217;s Attorney General separately charged 21 suspects for stealing $267 million through a scheme in which not a single legitimate hospice service was ever provided. There is no dispute about the problem, but how to address it still needs some work.</p><h3><strong>How CMS detects fraud today</strong></h3><p>One of CMS&#8217;s primary fraud detection tools is benchmark comparison. The agency measures a provider&#8217;s billing volume, coding intensity, test ordering patterns, and service frequency against regional and national averages. When a provider falls outside expected ranges, contractors can impose prepayment review, deny claims, or suspend payments entirely.</p><p>That approach has a structural flaw that the Los Angeles sweep made visible. In a market where fraud is endemic, the benchmarks themselves are corrupted. A legitimate hospice operating in Los Angeles&#8212; and billing accurately for real patients receiving real services&#8212; looks anomalous compared to the surrounding ecosystem of shell operators billing at maximum volume for fictitious care. The algorithm can&#8217;t distinguish between a provider who&#8217;s committing fraud and a provider who&#8217;s operating legitimately in a market full of people committing fraud.</p><p>Compounding this, federal regulations allow suspension based on a &#8220;credible allegation&#8221; of fraud, but the agency has never precisely defined what this means. Notices of suspension frequently provide limited information about the underlying basis for the action, leaving providers with little to contest and no clear path to resolution.</p><p>When CMS is working quickly to generate momentum and splashy press conferences, and the agency can&#8217;t tell the difference between a bad actor and a legitimate provider who happens to be in the wrong zip code, the wrong people are punished.</p><p><strong>How banks solved this problem</strong></p><p>Banks had the same problem. Under legacy rule-based detection systems, false positive rates in financial institutions commonly exceeded 90 percent. The system flagged suspicious transactions based on fixed rules such as thresholds, geographic triggers, and transaction types without any account of individual customer history or behavior. Legitimate customers had their transactions blocked constantly. It was a costly, blunt instrument.</p><p>Industry analysis has found that the hidden costs of false positives in terms of lost customers, complaints, churn, and reputational damage, can outweigh actual fraud losses by a factor of 3:1. When blocking a legitimate customer costs you more than the fraud you prevented, the business case for better tools writes itself.</p><p>So, what did they replace the rule-based system with? Continuous monitoring of individual account history, real-time transaction scoring, and network analysis, or graph analytics, that maps relationships between accounts rather than evaluating each transaction in isolation. Financial institutions shifted the question from &#8220;does this transaction look unusual in the abstract&#8221; to &#8220;does this transaction look unusual for this specific customer, given everything we know about how they behave.&#8221;</p><p>That is a fundamentally different analytical framework, and it produces fundamentally different results, in terms of a reduction in both false positive and fraud losses. The tool gets smarter over time because it learns from outcomes rather than applying static rules to each new transaction.</p><p>Importantly, in terms of incentives, the government simply doesn&#8217;t face the same pressures the private sector does. CMS doesn&#8217;t lose customers when it suspends a legitimate provider. The cost falls on that provider. CMS has no revenue at risk and no churn metric that lands on a dashboard somewhere and demands explanation. The institutional incentive structure doesn&#8217;t punish false positives the way a bank&#8217;s does. That asymmetry is a big reason why it&#8217;s so hard to fight fraud in government programs.</p><h3><strong>The tools gap</strong></h3><p>CMS has been trying to build an effective fraud prevention apparatus for decades, and it has made some real progress. The agency uses predictive analytics on claims data, it has imposed prepayment edits through the National Correct Coding Initiative, and it has taken increasingly aggressive action on payment suspensions&#8212; it&#8217;s suspended $5.7 billion in suspicious payments in 2025 alone.</p><p>But the distance between what CMS deploys and what the private sector uses is vast, and the agency knows it. Last fall, CMS held what it called the <em>Crushing Fraud Chili Cook-Off Competition </em>&#8212; a market research challenge inviting outside vendors to submit explainable AI tools capable of detecting anomalies in Medicare claims data. The Chili Cook Off was itself an admission that CMS&#8217;s existing tools are not performing well enough. </p><p>One significant limitation CMS faces is that it relies primarily on data and not intelligence. CMS has a lot of data, but it lacks the analytical infrastructure to turn that data into a picture of how fraud actually operates as a network.</p><p>Modern fraud hides in relationships. The $10.6 billion Operation Gold Rush scheme was caught because DOJ&#8217;s data analytics team mapped the connections between dozens of shell companies, foreign straw owners, and stolen patient identities across multiple states and saw the network underneath. That kind of detection requires graph analytics&#8212; tools that treat providers, billing entities, patients, and referral relationships as nodes in a web rather than as isolated data points to be measured against a benchmark.</p><p>Graph analytics can identify a cluster of hospices sharing the same administrator, the same billing address, or the same medical director across nominally separate entities. It can surface the license-flipping patterns that let bad actors evade revocation by reconstituting under new names. It can map referral networks that look legitimate in isolation but reveal kickback arrangements when viewed as a whole. </p><p>A network analysis of the legitimate hospice provider who had to shutter his business because CMS mistook him for a fraud actor would have shown an owner and his nurse wife, five years of clean claims, a single location, no shared administrators or billing addresses with known bad actors, no license transfers, no referral patterns linking them to criminal networks. In other words, the opposite of every signal that organized hospice fraud actually produces. Graph analytics catches fraud by looking at relationships rather than volume. That distinction is what separates a precision tool from a blunt one.</p><p>These are standard tools used routinely by major insurers and fintechs to detect organized fraud rings. CMS is not using them at scale, and the result is both more fraud losses and more legitimate businesses being caught up in the fraud net.</p><h3><strong>What precision actually requires</strong></h3><p>The LA hospice market is a genuine crisis, and the scale of the fraud warrants aggressive action. But aggressive action built on imprecise tools results in suspensions of legitimate providers, disruptions to patient care, and legal challenges that slow enforcement further while fraudsters move on to the next scheme. And the headlines of legitimate businesses having to shutter because CMS stopped paying them undermines the public&#8217;s trust in the government&#8217;s ability to fight fraud effectively.</p><p>Precision requires individualized behavioral baselines, not just benchmark comparisons. It requires cross-program data visibility so that fraud networks exploiting multiple federal programs can be identified as networks rather than as a series of unconnected anomalies. It requires a defined, transparent evidentiary standard for payment suspension so that providers have meaningful notice and a credible path to appeal. And it requires the use of intelligence to draw connections that uncover hidden fraud networks.</p><p>The Vance task force is putting the right level of senior attention on fraud, but the detection infrastructure the government is working with is outdated and poorly fit to the scale of the problem. CMS is piloting new tools in an effort to address the enormous shortcomings of its current approach, but the hospice owner who had a 9 out of 10 quality score and lost his business anyway paid the price for those shortcomings.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The Beginning of the End of Self-Attestation ]]></title><description><![CDATA[A new bill acknowledges that the federal government can no longer afford to administer major programs based primarily on trust]]></description><link>https://govintegrity.substack.com/p/the-beginning-of-the-end-of-self</link><guid isPermaLink="false">https://govintegrity.substack.com/p/the-beginning-of-the-end-of-self</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Sat, 06 Jun 2026 13:00:51 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1761716109215-3faf2ae302a2?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw5OXx8Y3J1bWJsaW5nJTIwaG91c2V8ZW58MHx8fHwxNzgwNzUwNzM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Here is a strange fact about how the United States government works: it already knows, in most cases, whether you qualify for the benefit you&#8217;re applying for. </p><p>It has your tax records.<br>It has your wage data.<br>It has your employer information. <br>It knows if you&#8217;re dead. <br>It knows if you&#8217;re in prison. <br><br>But it asks you anyway, and it doesn&#8217;t check to see if you&#8217;re telling the truth. And for the most part, it&#8217;s statutorily banned from using the data it has to do so.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1761716109215-3faf2ae302a2?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw5OXx8Y3J1bWJsaW5nJTIwaG91c2V8ZW58MHx8fHwxNzgwNzUwNzM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1761716109215-3faf2ae302a2?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw5OXx8Y3J1bWJsaW5nJTIwaG91c2V8ZW58MHx8fHwxNzgwNzUwNzM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1761716109215-3faf2ae302a2?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw5OXx8Y3J1bWJsaW5nJTIwaG91c2V8ZW58MHx8fHwxNzgwNzUwNzM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1761716109215-3faf2ae302a2?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw5OXx8Y3J1bWJsaW5nJTIwaG91c2V8ZW58MHx8fHwxNzgwNzUwNzM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1761716109215-3faf2ae302a2?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw5OXx8Y3J1bWJsaW5nJTIwaG91c2V8ZW58MHx8fHwxNzgwNzUwNzM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1761716109215-3faf2ae302a2?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw5OXx8Y3J1bWJsaW5nJTIwaG91c2V8ZW58MHx8fHwxNzgwNzUwNzM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="5119" height="3527" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1761716109215-3faf2ae302a2?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw5OXx8Y3J1bWJsaW5nJTIwaG91c2V8ZW58MHx8fHwxNzgwNzUwNzM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:3527,&quot;width&quot;:5119,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;Old abandoned house under a stormy sky&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Old abandoned house under a stormy sky" title="Old abandoned house under a stormy sky" srcset="https://images.unsplash.com/photo-1761716109215-3faf2ae302a2?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw5OXx8Y3J1bWJsaW5nJTIwaG91c2V8ZW58MHx8fHwxNzgwNzUwNzM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1761716109215-3faf2ae302a2?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw5OXx8Y3J1bWJsaW5nJTIwaG91c2V8ZW58MHx8fHwxNzgwNzUwNzM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1761716109215-3faf2ae302a2?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw5OXx8Y3J1bWJsaW5nJTIwaG91c2V8ZW58MHx8fHwxNzgwNzUwNzM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1761716109215-3faf2ae302a2?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw5OXx8Y3J1bWJsaW5nJTIwaG91c2V8ZW58MHx8fHwxNzgwNzUwNzM0fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@vikraw">Vikram Singh</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><p>For sixty years, the system has operated on a trust-first architecture. A recently introduced bill, the Pre-Payment Fraud Prevention and Treasury Data Access Act, H.R. 8463, is historically significant because it explicitly acknowledges that the federal government can no longer afford to administer major programs this way. </p><p>The bill cleared the House Oversight Committee in late April by a vote of 35 to 1, a margin that reflects either genuine bipartisan consensus on the problem, or the fact that voting against pre-payment fraud prevention is a difficult position to defend in an election year. Either way, it represents an important, though small, step in the urgently needed direction of ending the era of self-attestation. </p><h3><strong>Why Self-Attestation Became the Default</strong></h3><p>When the major federal benefit programs were designed, mostly in the 1960s and 1970s, the government had no practical alternative to self-attestation. There was no national identity infrastructure and data lived in paper files distributed across thousands of county offices. Connecting records across agencies or levels of government required bureaucratic effort that could take weeks, which was not an option when serving vulnerable people who relied on the money they got from the government to live. The technology to run real-time eligibility checks simply did not yet exist.</p><p>Federalism compounded the problem. Many programs were administered by states, counties, and nonprofits operating under their own legal frameworks and the federal government couldn&#8217;t easily mandate that a county welfare office in rural Alabama access a database maintained in Washington. Each layer of delegation created another hurdle to clear.</p><p>Privacy concerns shaped the architecture as well. Congress deliberately limited data sharing across programs to prevent the creation of a surveillance state. The Privacy Act of 1974 encoded that caution into law. And the caution was warranted. Centralized government data systems had been used to target political opponents, surveil minority communities, and build dossiers on American citizens. Keeping data siloed reflected hard-won lessons about government power and its abuse.</p><p>The result was a system in which self-attestation was a feature, not a bug. Applicants provided information, agencies accepted much of it at face value, and verification was deferred or delegated to auditors who arrived long after payments were made.</p><p>That approach was generally workable when fraud was localized, small-scale, and committed by individuals acting alone. That era is over.</p><p>Today&#8217;s fraud environment is industrialized. Organized criminal networks use stolen identities, synthetic identities, AI-generated documents, and automated application systems to attack government programs at scale. The government increasingly faces adversaries that can submit thousands of fraudulent applications before a human employee reviews a single one.</p><p>The debate surrounding H.R. 8463 is therefore larger than the bill itself.</p><p>The legislation would require agencies to conduct more robust pre-payment verification and expand Treasury&#8217;s ability to support fraud detection through the Do Not Pay system. Supporters see the bill as a modernization effort that helps agencies identify problematic payments before money leaves the Treasury. Critics worry about privacy implications and the growing consolidation of government data. Both perspectives are understandable, but neither fully captures what makes this legislation noteworthy.</p><p>For those of us in the government fraud prevention space, the real significance of this bill is philosophical. It means that Congress is beginning to move away from a model in which government asks citizens questions and largely relies on their answers and is instead cautiously moving toward a model in which government verifies eligibility using authoritative data before payments are made. In practice, that represents a profound shift.</p><p>For years, anti-fraud efforts have largely followed a &#8220;pay and chase&#8221; model. Agencies issue payments, inspectors general investigate suspicious cases, law enforcement pursues perpetrators, and recovery efforts attempt to reclaim a fraction of what was lost. Policymakers regularly celebrate indictments and convictions while treating fraud prevention as a secondary concern.</p><p>The pandemic exposed the weakness of this approach with unmistakable clarity. By the time investigators identify a fraudulent claim, the money has often already been moved through multiple accounts, converted into assets, and wired offshore. Every major pandemic fraud program demonstrated that post-payment oversight is necessary, but not sufficient. Pre-payment verification is where the real leverage exists, and that&#8217;s why H.R. 8463 matters.</p><h3><strong>What a Real Verification Architecture Looks Like</strong></h3><p>The bill also reveals how reluctant policymakers remain to embrace the full implications of the pandemic lesson. The most immediate gap is income verification. Treasury already holds an enormous amount of data about Americans&#8217; financial lives through tax filings, wage records, and information returns. Yet agencies administering benefit programs routinely cannot access that information to verify eligibility. The result is a system in which the IRS knows a claimant&#8217;s income and the benefits agency has to take the claimant&#8217;s word for it.</p><p>Fixing that requires Congress to authorize Treasury to make income and employment verification data available to agencies conducting pre-payment eligibility checks, with appropriate privacy protections, audit trails, and limits on secondary use. </p><p>Beyond income, a coherent eligibility-verification architecture would connect agencies to authoritative records on death, incarceration, business registration, and prior program participation. Federal and state governments already maintain this data, but they don&#8217;t have the legal authority and technical infrastructure to use it in a coordinated way before payments go out.</p><p>The most revealing aspect of the debate over H.R. 8463 are the provisions that never made it into the final legislative package. The introduced version of H.R. 8463 explicitly referenced both the National Directory of New Hires (NDNH) and additional IRS data authorities including income verification. However, during committee consideration, the NDNH provisions became one of the most controversial elements because of privacy and data-sharing concerns and it was removed from the bill, along with IRS income data.</p><p>Even after pandemic fraud, Feeding Our Future, and billions in annual improper payments, Congress remains hesitant to give Treasury access to some of the government&#8217;s most powerful verification datasets. Reasonable people can disagree about where those boundaries should be drawn. Privacy matters. Civil liberties matter. But taxpayers should also recognize the tradeoff being made.</p><p>Every restriction on pre-payment verification increases reliance on self-attestation, and every payment that relies on self-attestation increases vulnerability to fraud. Those vulnerabilities have produced <strong>trillions</strong> of dollars in losses over the last decade and the future losses will only be more extreme. </p><p>Policymakers need to decide whether government should continue treating verification as an exception or finally make it the foundation of program administration. H.R. 8463 acknowledges that the status quo is no longer sustainable, but it is a baby step.</p><p>H.R. 8463 is one of eight related bills that moved through committee together. The package also includes H.R. 8464, the Stopping Fraudulent Payments Act, which aims to prevent agencies from making payments when elevated fraud risk has been determined. This is another vital piece of legislation that gives Treasury the tools and authorities it needs to protect taxpayer money, but the bill did not get the bipartisan consensus to move out of committee. </p><p>There is more at stake than money here. When public programs are systematically exploited, when hundreds of millions of dollars meant for hungry children end up wired to foreign bank accounts, public confidence is undermined. The taxpayers begin to question, rightly, whether benefits reach the people they were designed to serve, and whether the government can be good stewards of their money.</p><div class="pullquote"><p>Program integrity is the mechanism by which government earns the right to ask citizens to fund collective programs in the first place. </p></div><p>What Congress is attempting is a renovation, one that requires new plumbing, new wiring, and a structural inspection of every room in the house. What comes next&#8212;income verification, cross-program data sharing, real-time analytics, legal authority to pause suspicious payments&#8212;is the harder work. H.R. 8463 knocks down one wall. The house has sixty years of deferred maintenance left to address.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Good Luck, ClaimsCore]]></title><description><![CDATA[CMS just hired two contractors to do what no one has managed to do in thirty years. Here&#8217;s why that&#8217;s harder than the announcement suggests.]]></description><link>https://govintegrity.substack.com/p/good-luck-claimscore</link><guid isPermaLink="false">https://govintegrity.substack.com/p/good-luck-claimscore</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Tue, 02 Jun 2026 12:32:57 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!_Qcn!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8a35fb5a-1ad6-4b4a-9fe5-46ecae486748_600x300.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Grace Hopper was born in 1906. The COBOL mainframe she helped create is still processing Medicare claims. She died in 1992. The mainframe hasn&#8217;t.</p><p>Yesterday, the Centers for Medicare and Medicaid Services awarded nearly $2 billion to two contractors&#8212;Peraton and HealthEdge&#8212;to finally replace the COBOL core at the heart of Medicare&#8217;s fee-for-service claims processing. The program is called ClaimsCore. It will attempt to replace four legacy systems that together process 1.2 billion claims and $460 billion in annual payments. The target completion date is November 2033.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>This effort deserves serious attention as a test of whether the federal government has learned anything from a thirty-year record of trying and failing to do exactly this.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!_Qcn!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8a35fb5a-1ad6-4b4a-9fe5-46ecae486748_600x300.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!_Qcn!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8a35fb5a-1ad6-4b4a-9fe5-46ecae486748_600x300.jpeg 424w, https://substackcdn.com/image/fetch/$s_!_Qcn!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8a35fb5a-1ad6-4b4a-9fe5-46ecae486748_600x300.jpeg 848w, https://substackcdn.com/image/fetch/$s_!_Qcn!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8a35fb5a-1ad6-4b4a-9fe5-46ecae486748_600x300.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!_Qcn!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8a35fb5a-1ad6-4b4a-9fe5-46ecae486748_600x300.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!_Qcn!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8a35fb5a-1ad6-4b4a-9fe5-46ecae486748_600x300.jpeg" width="600" height="300" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/8a35fb5a-1ad6-4b4a-9fe5-46ecae486748_600x300.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:false,&quot;imageSize&quot;:&quot;normal&quot;,&quot;height&quot;:300,&quot;width&quot;:600,&quot;resizeWidth&quot;:600,&quot;bytes&quot;:63802,&quot;alt&quot;:&quot;Final Personnel Regulations Published by CMS Influenced by Medical  Laboratory Professionals &#8211; Labvocate&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:&quot;center&quot;,&quot;offset&quot;:false}" class="sizing-normal" alt="Final Personnel Regulations Published by CMS Influenced by Medical  Laboratory Professionals &#8211; Labvocate" title="Final Personnel Regulations Published by CMS Influenced by Medical  Laboratory Professionals &#8211; Labvocate" srcset="https://substackcdn.com/image/fetch/$s_!_Qcn!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8a35fb5a-1ad6-4b4a-9fe5-46ecae486748_600x300.jpeg 424w, https://substackcdn.com/image/fetch/$s_!_Qcn!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8a35fb5a-1ad6-4b4a-9fe5-46ecae486748_600x300.jpeg 848w, https://substackcdn.com/image/fetch/$s_!_Qcn!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8a35fb5a-1ad6-4b4a-9fe5-46ecae486748_600x300.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!_Qcn!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F8a35fb5a-1ad6-4b4a-9fe5-46ecae486748_600x300.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><h3><strong>What CMS Is Actually Trying to Do</strong></h3><p>The legacy systems ClaimsCore will replace&#8212;FISS, MCS, DME, and the Common Working File&#8212;were built in the 1970s on COBOL and IBM mainframes. They&#8217;re not just old, they&#8217;re architecturally incompatible with what modern program integrity requires.</p><p>The systems run on nightly batch processing, meaning claims are adjudicated in overnight cycles rather than in real time. Data is siloed across regional contractors called Medicare Administrative Contractors, with no unified national view. Fraud patterns that span multiple regions or provider types are invisible until after the money has moved. And policy changes that would take hours in a modern system take seven to twelve months in the current one, because the business logic is buried in brittle COBOL code that no one fully understands and almost no one can still read.</p><p>The CMS Statement of Objectives (SOO) for ClaimsCore lists fifteen distinct challenges with the legacy environment&#8212;from the inability to implement new payment models to the absence of real-time claims status for providers and beneficiaries. Among the most important: fraud prevention. The SOO calls for &#8220;pre-payment risk scoring,&#8221; &#8220;real-time anomaly detection,&#8221; and &#8220;cross-MAC data unification&#8221; to catch fraud before payments go out rather than years later, when the money is long gone.</p><p>That promise is what makes this procurement so vital. Medicare loses well over $100 billion annually to fraud&#8212;a figure driven in large part by the same architectural weaknesses ClaimsCore is meant to fix. Billing for services never rendered, DME equipment shipped to patients who never requested it, synthetic identities constructed to pass enrollment checks that were never designed to catch them. The current systems were not built to ask whether the entity submitting a claim is who it says it is. ClaimsCore, if it delivers what the SOO promises, would be a genuine leap forward in the government&#8217;s ability to protect that money.</p><p>But the question is whether it will deliver, and the government&#8217;s history with these kinds of efforts is littered with failure.</p><h3><strong>The History CMS Is Hoping to Escape</strong></h3><p>Way back in 1997, GAO reported that the Health Care Financing Administration&#8212;CMS&#8217;s predecessor&#8212;had planned to develop &#8220;one unified computer system to replace the existing system.&#8221; The project encountered problems from the beginning. HCFA terminated both the request for proposals and the software development contract. It had not even begun to test the feasibility of using commercial software to process Medicare claims until about a year after GAO first reported on its potential. The systems that were supposed to be replaced kept running.</p><p>That was nearly thirty years ago. </p><p>But the attempt didn&#8217;t stop there. CMS has been running various modernization initiatives under different names ever since. The Medicare Payment System Modernization program, launched in 2018, has focused on converting individual COBOL &#8220;pricers&#8221;&#8212;the tools that calculate reimbursement rates&#8212;to modern APIs hosted on AWS. It has only converted five pricer applications over several years. At that pace, the broader replacement project would take generations. The COBOL core itself has remained untouched.</p><p>This isn&#8217;t a CMS-specific failure. It is the defining pattern of government technology modernization. California spent more than twenty years and hundreds of millions of dollars trying to modernize its Employment Development Department&#8217;s unemployment system. The effort traced back to 2003 and was initially supposed to be finished by 2008. Deloitte was brought in as lead systems integrator in 2016, with hundreds of millions more in contracts to follow. The strategy was to modernize the front end first, and replace the COBOL payment core last, once the surrounding systems were stable and tested.</p><p>In practice, deferring the core replacement meant the most fragile part of the system was left doing the hardest work for the longest time. When COVID-19 arrived, the EDD was mid-transition&#8212;the worst possible condition to absorb a once-in-a-century shock. The COBOL payment engine couldn&#8217;t scale. The new components were not yet independent and fraud controls had been deprioritized throughout the redesign because the dominant goal, before the pandemic, was speed of payment. The rest is history&#8212;industrial-scale fraud flooded in through the gap. California&#8217;s losses from pandemic unemployment fraud ran into the billions.</p><p>Louisiana offers a shorter, starker version of the same story. In 2025, the state declared a public emergency because its motor vehicle system&#8212;a fifty-year-old COBOL mainframe&#8212;could no longer issue driver&#8217;s licenses. The system had been delivering just enough reliability to justify deferring replacement. When it failed, it failed completely, taking an essential public service offline for two months.</p><p>All these cases&#8212;and many more like them across government&#8212; share a set of structural forces that make replacing a mission-critical COBOL system one of the hardest things a government agency can attempt. The system cannot be turned off, the business logic exists only in undocumented code, requirements keep changing while the replacement is being built, and every incremental improvement to the old system makes the eventual replacement slightly harder and easier to postpone.</p><h3>Why This Time Is Not Obviously Different</h3><p>The ClaimsCore SOO is, in meaningful ways, better-designed than its predecessors. The most significant structural improvement is the challenge-based acquisition. Rather than selecting a single vendor on paper and handing them a billion-dollar contract to build something, CMS awarded both Peraton and HealthEdge contracts to run competitive proof-of-concept phases against real CMS data.</p><p>The headlines describe this as a $2 billion procurement, but the actual obligated amounts at award were $9.1 million for Peraton and $2.5 million for HealthEdge &#8212; roughly $11.6 million combined. The remaining ceiling value sits in unexercised options that only activate if CMS chooses to advance a vendor to production, and only one vendor will. The competition is just beginning.</p><p>That structure is smart. The traditional government IT procurement hands a contractor the keys after a proposal review, then spends years discovering what the proposal glossed over. Running two platforms in parallel against live claims data, measuring parity with the legacy system, and forcing vendors to demonstrate actual performance before the real money flows is a genuine departure from how these projects have historically been run. The data rights and vendor lock-in protections in the SOO are also unusually specific: quarterly portability drills, vendor-neutral rule exports, step-in rights if a vendor fails. These reflect hard-won institutional memory on CMS&#8217;s part, and they deserve applause.</p><p>But a better procurement design is not the same as a solved problem. The PoC phase will test whether either platform can adjudicate Medicare claims with 95% outcome alignment against systems that have been accumulating undocumented business logic for fifty years. That is a formidable bar and clearing it in a controlled PoC environment is a different challenge from sustaining it while processing $460 billion in live annual payments across a seven-year migration.</p><p>But the SOO also catalogs, with impressive precision, every reason this could fail.</p><p>Fifteen distinct challenge areas mean fifteen distinct points of failure. The SOO describes a system so brittle that policy changes take seven to twelve months, business logic is &#8220;opaque and scattered,&#8221; and there is no model office environment to test changes before they go live. Retroactive claim reprocessing takes months or years and the system cannot run real-time analytics because data is stored in VSAM files&#8212;a flat-file format from the 1970s&#8212;that are &#8220;siloed&#8221; and &#8220;non-relational.&#8221;</p><p>Each of these problems must be solved in a live environment, while the system continues to process $460 billion in annual payments without interruption. The SOO is explicit about this constraint: &#8220;incremental delivery and parallel operations to maintain current processing throughout migration.&#8221; That is the &#8220;can&#8217;t turn it off&#8221; problem in contractual language.</p><p>The SOO&#8217;s projected timeline runs to November 2033&#8212;seven and a half years from contract start. That is a long time in a threat environment that evolves in months. It is also, if history is a guide, an optimistic estimate. The IRS has been trying to retire its Individual Master File&#8212;written in Assembly language, which predates COBOL&#8212;for more than twenty years. It once promised the system would be retired by 2028. That timeline has slipped repeatedly and the system is still running.</p><p>There is also the SaaS assumption. ClaimsCore is built around a commercially available, off-the-shelf platform&#8212;configured and extended by the awardees rather than custom-built. The theory is that a mature commercial health plan claims platform should encode decades of industry best practice in ways that custom government software never could. HealthEdge&#8217;s HealthRules platform has real health plan customers today.</p><p>But a commercial health plan platforms has never processed Medicare fee-for-service claims at federal scale&#8212;1.2 billion annually, across every provider type, subject to every rule in the Medicare Internet-Only Manuals and every published CMS Change Request, administered through a network of regional contractors with their own local configurations. The IOMs cover everything: billing rules for every provider type, coverage determinations, claims processing instructions for the MACs, medical review policies, benefit integrity guidance. They run to thousands of pages across dozens of volumes. When Congress passes a new law or CMS issues a policy change, the operational translation of that change eventually lands in the IOMs as a Change Request &#8212; and every Change Request has to be coded into the claims processing systems.</p><p>The SOO&#8217;s features and functionality appendix includes dozens of highly specific Medicare requirements: Prospective Payment System processing, coordination of benefits with the CWF, NCCI edits, MUE edits, integration with iQIES patient assessments, Health Professional Shortage Area bonus calculations. Each of these is a configuration task, each with a potential source of parity errors during parallel run. The SOO requires 95 percent outcome alignment with the legacy systems, with 100 percent explainability of differences. Getting there will be the work of years.</p><h3>The Fraud Promise Is the First Thing to Go</h3><p>The SOO&#8217;s fraud prevention language is specific and ambitious. Pre-payment risk scoring, real-time anomaly detection, and cross-MAC data unification that allows analysts to see fraud patterns spanning multiple regions. And it calls for integration with CMS&#8217;s Fraud Prevention System. These are capabilities that the current architecture cannot deliver, and they would represent a genuine advance in Medicare&#8217;s ability to protect taxpayer funds. But they are also exactly the capabilities that have been promised&#8212;and deferred&#8212;in every prior modernization effort.</p><p>California&#8217;s EDD deprioritized fraud controls throughout its modernization because the dominant concern before the pandemic was access and speed. Fraud prevention required additional verification steps that slowed processing and attracted criticism when legitimate claimants experienced delays. The rational institutional choice was to defer the harder work.</p><p>The same dynamic plays out in federal programs across government with regularity. Emergency funding and operational continuity crowd out the investment in pre-payment controls, and fraud prevention analytics require data integration work that is expensive, slow, and invisible to program beneficiaries. The incentive structure rewards speed of delivery and discourages the friction that good fraud controls create. Without explicit leadership accountability for fraud outcomes&#8212;not just delivery milestones&#8212;the rational bureaucratic choice is to get the system running and treat the fraud controls as phase two.</p><div class="pullquote"><p>Phase two, in government IT, has a way of becoming phase never.</p></div><p>The current systems process roughly $460 billion in annual Medicare fee-for-service payments through an architecture that was never designed to ask whether the entity submitting a claim is who it says it is. South Florida alone has produced Medicare fraud schemes measured in the hundreds of millions&#8212;billing for DME never delivered, genetic tests no patient requested, telemarketed procedures no doctor actually ordered. These schemes persist because the payment infrastructure makes them easy. The money moves before the review happens, and by the time it does, it is gone.</p><p>ClaimsCore could change that. A real-time claims adjudication platform with pre-payment risk scoring and cross-MAC analytics would put the government&#8217;s fraud defenses on a footing that the current systems cannot approach. The SOO describes exactly that system, and that is laudable; but whether the complexity of building it will once again force the fraud controls to the back of the implementation queue, delivered late or not at all, while the core payment infrastructure absorbs all available resources, is an open question.</p><h3>What Watching Closely Looks Like</h3><p>Taxpayers badly need this procurement to succeed. The COBOL systems running Medicare&#8217;s claims processing are a fraud subsidy, paid by taxpayers, extended indefinitely through deferred modernization. Replacing them with a real-time, analytically capable platform is a vital goal. The SOO&#8217;s competitive structure, data rights protections, and outcome-based metrics reflect real institutional learning.</p><p>But the announcement is not the achievement. Seven and a half years is a long time to sustain the political will, the technical focus, and the institutional prioritization that a project of this complexity demands. The pattern&#8212;ambitious scope, deferred core replacement, fraud controls subordinated to operational continuity, mid-transition collapse under stress&#8212;is well-documented and has defeated smarter plans than this one.</p><p>A few things are worth watching as ClaimsCore unfolds. First, whether the fraud prevention capabilities&#8212;the pre-payment risk scoring and cross-MAC analytics&#8212;are built early or deferred. If they appear in the last option period, that is California&#8217;s EDD all over again. Second, whether the proof-of-concept phase produces genuine parity evidence or optimistic variance reports that paper over gaps. Third, whether the 2033 timeline holds or begins to slip in the first two years&#8212;schedule pressure is usually where the hard trade-offs begin, and fraud controls are typically the first line item to absorb them.</p><p>The GAO estimates that the federal government loses up to $521 billion annually to fraud. Much of that money flows through systems that are structurally incapable of stopping it. CMS just committed $2 billion and seven years to change that for Medicare. Whether it succeeds will depend less on the procurement design &#8212; which is genuinely better than what came before &#8212; and more on whether the people running this program can sustain the discipline the design demands. </p><p>That means holding the PoC parity standards rather than papering over gaps to hit a milestone, and treating fraud prevention as a delivery requirement with the same contractual weight as uptime and latency, not something to be phased in once the hard work is done. And it means maintaining governance continuity across what will be at least two administrations and multiple CMS leadership cycles &#8212; the same instability that derailed California&#8217;s EDD effort and every other long-running modernization that lost its institutional memory mid-stream. And it means resisting the oldest temptation in government technology: declaring the announcement an achievement, the contract a solution, and the press release a delivery. The COBOL systems still running Medicare today survived thirty years of announcements exactly like this one.</p><p>The criminal networks targeting Medicare already know which systems can stop them and which ones cannot. ClaimsCore is a bet that the government can finally close that gap. Historically, those bets have not paid off. This one needs to.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Invest in More Fraud Rooms ]]></title><description><![CDATA[If CMS's visibility across identity, ownership, enrollment, billing, and payment activity yields this much in savings, shouldn't we do it across government?]]></description><link>https://govintegrity.substack.com/p/invest-in-more-fraud-rooms</link><guid isPermaLink="false">https://govintegrity.substack.com/p/invest-in-more-fraud-rooms</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Mon, 18 May 2026 13:43:50 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!q8Xn!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1b69c257-bf0f-4cd5-9aa6-0581d9efcdbe_1000x667.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>In a hearing before the House Ways and Means Committee last month, a California hospice industry leader asked what should have been an unanswerable question: &#8220;How do you put a hospice in a burrito stand in California?&#8221;</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!q8Xn!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1b69c257-bf0f-4cd5-9aa6-0581d9efcdbe_1000x667.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!q8Xn!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1b69c257-bf0f-4cd5-9aa6-0581d9efcdbe_1000x667.jpeg 424w, https://substackcdn.com/image/fetch/$s_!q8Xn!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1b69c257-bf0f-4cd5-9aa6-0581d9efcdbe_1000x667.jpeg 848w, https://substackcdn.com/image/fetch/$s_!q8Xn!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1b69c257-bf0f-4cd5-9aa6-0581d9efcdbe_1000x667.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!q8Xn!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1b69c257-bf0f-4cd5-9aa6-0581d9efcdbe_1000x667.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!q8Xn!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1b69c257-bf0f-4cd5-9aa6-0581d9efcdbe_1000x667.jpeg" width="1000" height="667" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/1b69c257-bf0f-4cd5-9aa6-0581d9efcdbe_1000x667.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:667,&quot;width&quot;:1000,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;Investment - Econlib&quot;,&quot;title&quot;:null,&quot;type&quot;:null,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Investment - Econlib" title="Investment - Econlib" srcset="https://substackcdn.com/image/fetch/$s_!q8Xn!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1b69c257-bf0f-4cd5-9aa6-0581d9efcdbe_1000x667.jpeg 424w, https://substackcdn.com/image/fetch/$s_!q8Xn!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1b69c257-bf0f-4cd5-9aa6-0581d9efcdbe_1000x667.jpeg 848w, https://substackcdn.com/image/fetch/$s_!q8Xn!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1b69c257-bf0f-4cd5-9aa6-0581d9efcdbe_1000x667.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!q8Xn!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F1b69c257-bf0f-4cd5-9aa6-0581d9efcdbe_1000x667.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>It was more than just rhetorical. Fraudulent hospice providers in Los Angeles County had been registered to a burrito restaurant, an auto body shop, and a demolished building. They had passed licensure reviews, obtained accreditation, and billed Medicare &#8212; for years. CMS had been warned about the problem as far back as 2019. The Biden administration received a detailed briefing in September 2024 and took no meaningful action.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>The Trump administration eventually suspended payments to 450 hospice providers in LA County alone, and CMS&#8217;s new Fraud Detection Operation Center, aka the &#8220;fraud room,&#8221; has reportedly saved $2 billion in less than a year.</p><p>The question worth asking is not whether the fraud room represents an improvement over what came before &#8212; it almost certainly seems to be. The question is why it took until 2025 to build something like it, what that delay cost taxpayers, and whether an agency that spent billions on a broken architecture has actually learned from its mistakes or simply rebranded them.</p><p>The uncomfortable truth is that CMS spent billions on fraud prevention infrastructure without ever fully diagnosing what it was trying to fix.</p><p>By the time hospice fraud reached epidemic scale in California, CMS already had the Fraud Prevention System, launched in 2011. It had Recovery Audit Contractors, Unified Program Integrity Contractors, Zone Program Integrity Contractors, Supplemental Medical Review Contractors, and a growing ecosystem of private integrity vendors. Together, they formed an expensive, fragmented apparatus that generated alerts, referred cases, and kept paying claims while schemes scaled into the billions.</p><div class="pullquote"><p>The fundamental problem was never a lack of oversight contractors. It was that no single operational layer had continuous visibility across identity, ownership, enrollment, billing, and payment activity at the same time. </p></div><p>Enrollment contractors processed applications. Integrity contractors investigated billing anomalies. Law enforcement pursued criminal cases. State agencies handled licensure. Each entity saw its piece of the picture and none of them saw the whole thing.</p><p>CMS kept adding capacity to a broken architecture instead of fixing the architecture itself. The result was a system that spent heavily on fraud prevention while remaining structurally incapable of stopping fraud in real time. Taxpayers funded both the schemes and the apparatus that failed to catch them.</p><p>That&#8217;s not a resource problem. It&#8217;s a diagnosis problem. And it wasn&#8217;t unique to healthcare.</p><p>What makes the FDOC different is the operational integration, at least in theory. For the first time, data scientists, investigators, clinicians, payment officials, and law enforcement personnel are reportedly working in the same room, reviewing the same signals, and making intervention decisions together before payments leave the Treasury. A private insurer at the hearing noted that collaboration with CMS has never been better, and that CMS is now sharing suspended provider lists with commercial plans in real time. If that&#8217;s accurate and sustainable, it represents a genuine shift from how CMS has historically operated.</p><p>The early numbers are notable. CMS reported $2 billion in savings in less than a year. That figure deserves neither uncritical celebration nor immediate dismissal. It comes from an agency with a long history of announcing fraud prevention milestones that didn&#8217;t hold up to scrutiny over time, and the methodology behind it hasn&#8217;t been independently verified. What it does suggest is that the integrated operational model &#8212; shared data, shared authority, real-time intervention &#8212; produces better results than the fragmented contractor ecosystem it is meant to replace.</p><p>That much seems right. Whether the FDOC represents a genuine institutional transformation or a well-funded pilot that stalls when the political attention moves on is a question only time and independent oversight will answer. But in the meantime, we should look to replicate the core concept, because we know it works. </p><p><strong>A Government-wide Problem</strong></p><p>The federal government has no cross-program fraud infrastructure with real authority, real data access, and real funding behind it. What it has instead is a collection of program-specific oversight mechanisms that organized fraud networks have learned to exploit with remarkable efficiency.</p><p>The patterns are consistent across programs. Fraud rings that hit Medicare also hit Medicaid. The same shell company infrastructure that enabled COVID relief fraud showed up in unemployment insurance schemes and small business lending programs. The same stolen identity networks that enrolled fake hospice patients have been used to fraudulently claim benefits across multiple federal programs simultaneously. The connective tissue between these schemes is visible &#8212; but only if someone is authorized to look across programs at the same time.</p><p>Most federal agencies are not. Outdated privacy statutes, fragmented data systems, and siloed program administration mean that investigators typically see one arm of the operation without being permitted to see the body. Fraud networks have industrialized. The government&#8217;s response remains largely artisanal.</p><p>Countries including the United Kingdom, Australia, and New Zealand have built centralized fraud authorities responsible for coordinating detection, analytics, and prevention across public programs. The United States still manages fraud program-by-program, with no single entity responsible for cross-government fraud strategy, no shared real-time data infrastructure, and no mechanism for identifying coordinated schemes before they scale.</p><p>That gap is the predictable result of treating fraud prevention as a compliance obligation rather than an operational mission &#8212; and funding it accordingly.</p><p><strong>War-fighting without Weapons</strong></p><p>Congress and the White House have never had trouble declaring war on fraud. The actual investment required to fight it is another matter.</p><p>The pattern is familiar. A scandal breaks. Hearings are held. Legislation passes directing agencies to strengthen program integrity, modernize oversight, and eliminate waste. Executive orders establish task forces and working groups with ambitious mandates. And then the funding to build the tools, hire the analysts, integrate the data systems, and staff the operational infrastructure either never materializes or arrives at a fraction of what the mandate requires.</p><p>OMB&#8217;s recently revised Circular A-123 is a recent example. It explicitly directs agencies to treat fraud as a management risk, integrate fraud scenarios into enterprise risk assessments, and prioritize preventive controls. Those are the right instincts. But the circular carries no dedicated funding, no requirement to deploy real-time transaction screening, and no mechanism to break down the data sharing barriers that let coordinated fraud networks operate across program boundaries undetected. Aspiration without investment is not a fraud strategy.</p><p>The same dynamic plays out in congressional fraud-fighting legislation. Bills pass with strong findings sections and weak appropriations. Agencies are directed to do more with existing resources, which in practice means fraud prevention competes with program delivery for the same constrained budget &#8212; a competition fraud prevention routinely loses. Program managers are still evaluated primarily on how efficiently they move money out the door, not on how effectively they protect it from criminal exploitation.</p><p>Rarely have we seen so many initiatives aimed at stopping government fraud achieve so little of the infrastructure investment needed to actually do so.</p><p><strong>Scale the Fraud Room</strong> </p><p>The fraud room is not a finished product, it&#8217;s a proof of concept &#8212; and an expensive one, given what it cost in lost taxpayer dollars to finally arrive at a model the private sector and several peer governments have used for years.</p><p>But it demonstrates that you give investigators, analysts, and payment officials shared data, shared tools, and shared authority to act in real time, fraud prevention starts functioning like an operational mission. Seen another way, the $2 billion in savings CMS reported in less than a year is evidence of how much was being lost while the old architecture stayed in place. </p><p>Scaling that model across the federal government is not a technology problem. The tools exist. The fraud patterns are visible to anyone authorized to look across programs simultaneously. What&#8217;s missing is the political will to fund the infrastructure, modernize the legal framework for data sharing, and hold agencies accountable for fraud outcomes rather than just process compliance.</p><p>The burrito stand hospice passed licensure, obtained accreditation, and billed Medicare. It did so because the system was designed to move money efficiently, not to verify that the money was going somewhere real. That design flaw runs across federal programs, and fixing it requires sustained investment &#8212; not another task force, not another circular, and not another hearing where everyone agrees the problem is serious and nothing structurally changes afterward.</p><p>Early results indicate that the fraud room model works. Now scale and fund it.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The $123-to-One Investment House Republicans Want to Cut]]></title><description><![CDATA[The Government Accountability Office's work is vital in the fight against fraud, waste and abuse]]></description><link>https://govintegrity.substack.com/p/the-123-to-one-investment-house-republicans</link><guid isPermaLink="false">https://govintegrity.substack.com/p/the-123-to-one-investment-house-republicans</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Tue, 12 May 2026 14:57:47 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!9dqK!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F07f7dc57-4359-4f3c-8b1c-dc9a56244dcd_860x394.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>If you are serious about fighting government fraud and waste, the Government Accountability Office belongs near the top of your list of institutions worth protecting. It is nonpartisan, operates independently of the executive branch, and has no political stake in what it finds. It audits federal programs, documents waste and abuse, and tells Congress the truth about whether agencies are doing their jobs. And it is extraordinarily cost-effective. In fiscal year 2024 alone, GAO&#8217;s work generated a return of $76 for every dollar invested. Its six-year average is $123 to one.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!9dqK!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F07f7dc57-4359-4f3c-8b1c-dc9a56244dcd_860x394.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!9dqK!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F07f7dc57-4359-4f3c-8b1c-dc9a56244dcd_860x394.jpeg 424w, https://substackcdn.com/image/fetch/$s_!9dqK!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F07f7dc57-4359-4f3c-8b1c-dc9a56244dcd_860x394.jpeg 848w, https://substackcdn.com/image/fetch/$s_!9dqK!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F07f7dc57-4359-4f3c-8b1c-dc9a56244dcd_860x394.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!9dqK!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F07f7dc57-4359-4f3c-8b1c-dc9a56244dcd_860x394.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!9dqK!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F07f7dc57-4359-4f3c-8b1c-dc9a56244dcd_860x394.jpeg" width="860" height="394" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/07f7dc57-4359-4f3c-8b1c-dc9a56244dcd_860x394.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:394,&quot;width&quot;:860,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;Agencies are missing a step to share information on better AI acquisition,  GAO finds - Nextgov/FCW&quot;,&quot;title&quot;:null,&quot;type&quot;:null,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Agencies are missing a step to share information on better AI acquisition,  GAO finds - Nextgov/FCW" title="Agencies are missing a step to share information on better AI acquisition,  GAO finds - Nextgov/FCW" srcset="https://substackcdn.com/image/fetch/$s_!9dqK!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F07f7dc57-4359-4f3c-8b1c-dc9a56244dcd_860x394.jpeg 424w, https://substackcdn.com/image/fetch/$s_!9dqK!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F07f7dc57-4359-4f3c-8b1c-dc9a56244dcd_860x394.jpeg 848w, https://substackcdn.com/image/fetch/$s_!9dqK!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F07f7dc57-4359-4f3c-8b1c-dc9a56244dcd_860x394.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!9dqK!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F07f7dc57-4359-4f3c-8b1c-dc9a56244dcd_860x394.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>GAO&#8217;s work is largely retrospective&#8212;it audits what has happened, documents systemic weaknesses, and pushes agencies to fix them. But GAO also performs a vital forward-looking role. It routinely recommends that agencies conduct fraud risk assessments, strengthen pre-payment controls, and build the kind of analytical capabilities that catch problems before money goes out the door. When those recommendations are implemented, they change how agencies operate going forward. GAO is less a fraud prevention tool in isolation than a forcing function for the executive branch agencies that are. In a federal government that loses hundreds of billions annually to fraud, that role creates sustained pressure to build better defenses in the first place.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>A few weeks ago, the House Appropriations legislative branch subcommittee voted along party lines to approve a fiscal year 2027 spending bill that would slash GAO&#8217;s budget by 25 percent. If you&#8217;re feeling d&#233;j&#224; vu, you should be. Last year, House Republicans advanced a plan to cut GAO&#8217;s budget by nearly 50 percent, paired with a provision that would have stripped the agency of its ability to sue the executive branch over illegal impoundment. The Senate blocked it. This year&#8217;s version is a smaller cut, but the direction is the same, and so is the timing. GAO has been one of the few institutions actively documenting cases where the executive branch has withheld congressionally appropriated funds in violation of the law. Cutting its budget and curtailing its independence while it is doing exactly that work is not a coincidence.</p><p>This pattern echoes what we saw with DOGE.</p><p>DOGE arrived with a mandate most Americans could support. The federal government loses staggering amounts to fraud each year&#8212; GAO itself has estimated losses as high as $521 billion annually. The appetite for reform was real. But DOGE&#8217;s approach consistently confused the institutions built to fight fraud with the fraud itself. It cut IRS auditors whose job is to recover money already legally owed. It hollowed out Inspector General offices across the federal government &#8212; agencies whose entire mandate is to find fraud, waste and abuse before it compounds. It reduced the DOJ unit responsible for prosecuting public corruption. In each case, the cut was framed as efficiency. In each case, the practical effect was to weaken the government&#8217;s ability to find and stop wrongdoing.</p><p>The proposed GAO cuts follow the same logic and risk the same result.</p><p>What makes GAO different from a standard government agency &#8212; and what makes cutting it particularly self-defeating &#8212; is that its value is inseparable from its independence. GAO doesn&#8217;t just identify savings. It tells Congress what is actually happening inside federal programs, including when agencies are failing, when money is being stolen or wasted at scale, and when the executive branch is acting outside its legal authority. That function only works if GAO can operate without political interference, follow its findings wherever they lead, and, when necessary, take legal action to enforce congressional intent.</p><p>A 25 percent budget cut doesn&#8217;t produce a leaner version of the same institution. It produces an agency that can conduct far fewer investigations, that must close out ongoing work, and defer the long-term audits that generate the largest returns. The fraud and waste GAO would have caught won&#8217;t disappear without the funding to uncover it, it will just go undetected.</p><p>The Senate blocked the most aggressive version of this last year. It should do so again. GAO&#8217;s 2027 budget request of $860 million is still less than a penny and a half for every dollar it returned to taxpayers in 2024 alone. Funding it at that level, protecting its independence, and leaving its legal authorities intact is among the most straightforward fraud-prevention investments on the table.</p><p>Rarely do we see a reform effort repeat the exact mistake it was designed to correct. DOGE spent a year dismantling the infrastructure that fights fraud in the name of fighting fraud. The House proposal to cut GAO by a quarter is trying to do it again &#8212; to the one agency whose entire purpose is to make sure that kind of failure gets documented.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[While Washington Counts, Criminals Steal]]></title><description><![CDATA[We are living in a new era of fraud. The government is still operating in the old one.]]></description><link>https://govintegrity.substack.com/p/while-washington-counts-criminals</link><guid isPermaLink="false">https://govintegrity.substack.com/p/while-washington-counts-criminals</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Tue, 05 May 2026 11:38:42 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1754548930574-6a995e5eb5a7?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxjaGVja2JveHxlbnwwfHx8fDE3Nzc5ODEwMjF8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Last week, two things happened in Washington that almost no one connected. The Justice Department announced a new West Coast healthcare fraud strike force, revealing that 28 defendants had attempted to steal <strong>$1.9 billion</strong> from Medicare and Medicaid since 2024. And the Government Accountability Office (GAO) quietly released its annual improper payments report, showing that the federal government now tracks $186 billion in problematic payments across 64 programs&#8212;a number that drew the usual mix of alarm and shrugging that these reports always generate.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1754548930574-6a995e5eb5a7?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxjaGVja2JveHxlbnwwfHx8fDE3Nzc5ODEwMjF8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1754548930574-6a995e5eb5a7?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxjaGVja2JveHxlbnwwfHx8fDE3Nzc5ODEwMjF8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1754548930574-6a995e5eb5a7?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxjaGVja2JveHxlbnwwfHx8fDE3Nzc5ODEwMjF8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1754548930574-6a995e5eb5a7?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxjaGVja2JveHxlbnwwfHx8fDE3Nzc5ODEwMjF8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1754548930574-6a995e5eb5a7?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxjaGVja2JveHxlbnwwfHx8fDE3Nzc5ODEwMjF8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1754548930574-6a995e5eb5a7?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxjaGVja2JveHxlbnwwfHx8fDE3Nzc5ODEwMjF8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="3000" height="1688" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1754548930574-6a995e5eb5a7?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxjaGVja2JveHxlbnwwfHx8fDE3Nzc5ODEwMjF8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1688,&quot;width&quot;:3000,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;A hand marks off items on a checklist.&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="A hand marks off items on a checklist." title="A hand marks off items on a checklist." srcset="https://images.unsplash.com/photo-1754548930574-6a995e5eb5a7?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxjaGVja2JveHxlbnwwfHx8fDE3Nzc5ODEwMjF8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1754548930574-6a995e5eb5a7?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxjaGVja2JveHxlbnwwfHx8fDE3Nzc5ODEwMjF8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1754548930574-6a995e5eb5a7?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxjaGVja2JveHxlbnwwfHx8fDE3Nzc5ODEwMjF8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1754548930574-6a995e5eb5a7?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxjaGVja2JveHxlbnwwfHx8fDE3Nzc5ODEwMjF8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@jakubzerdzicki">Jakub &#379;erdzicki</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><p>When you read the two stories together, they paint a disturbing picture.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>Let&#8217;s start with the $1.9 billion. Just twenty-eight people attempted to steal $1.9 billion (with a &#8220;b&#8221;) in just three states (California, Nevada, and Arizona) in less than two years.</p><p>That&#8217;s roughly $68 million per defendant. These aren&#8217;t opportunists gaming a loophole. This is industrialized fraud &#8212; organized, sophisticated, and operating at a scale that would have seemed unimaginable even five years ago.</p><p>Last year, law enforcement took down a foreign criminal organization that submitted $10.6 billion in fraudulent Medicare claims for urinary catheters that were never needed, using 1 million stolen beneficiaries&#8217; information, with suspects arrested in Estonia and at international airports while trying to flee. This year, we&#8217;ve seen hospice fraud rings recruiting healthy patients who aren&#8217;t terminally ill billing hundreds of millions in bogus claims and substance-abuse clinics invoicing CMS for $40,000 a month per patient. The indictments keep coming out of the Justice Department.</p><p>Like the old joke that people rob banks because that&#8217;s where the money is, today&#8217; fraud is literally following the money. As retirees flood into Sunbelt states, criminals are close behind. Nevada&#8217;s senior population grew 95% between 2008 and 2024, and the fraud rate follows that curve almost perfectly. This is strategic, data-driven targeting by people who understand government payment systems better than most government employees do.</p><p>This is the world we are actually living in.</p><p>Now let&#8217;s talk about the world Washington thinks we&#8217;re living in.</p><p>The same week that story broke, GAO released its annual improper payments report. I&#8217;ll be candid here: I&#8217;ve spent years working in this space and the improper payments reporting apparatus is, in my honest opinion, a mess that has become its own kind of problem.</p><p>Here&#8217;s what the report actually tells us: improper payments across the federal government totaled $186 billion in fiscal 2025. That&#8217;s up $24 billion from the year before. The hang-wringing headlines write themselves, but they are misleading. Most of that increase comes from the fact that we&#8217;re now measuring more programs, not from the government losing more money. New programs were added to the denominator for the first time. That&#8217;s actually a good development&#8212;more visibility is better&#8212;but it gets reported as a crisis of worsening performance when it isn&#8217;t necessarily that. The real problem is no one knows what the numbers really mean about whether the government is losing more money to fraud, or less.</p><p>Of the $186 billion, GAO separates the total into overpayments ($153 billion), underpayments ($10 billion), &#8220;unknown payments&#8221; ($14 billion) and&#8212; my favorite&#8212; &#8220;technically improper&#8221; ($8.4 billion).  </p><p>The whole improper payments estimation and reporting apparatus is a compliance exercise, not a fraud-fighting tool. It is complicated by design, prone to spin in both directions, and almost impossible to use as a meaningful gauge of whether agencies are actually getting better at stopping fraud. Agencies change their estimation methodologies. Programs get added and dropped. Definitions shift. You can&#8217;t look at this year&#8217;s number and last year&#8217;s number and draw a straight line between them. The system was designed to produce a report, not to prevent a crime.</p><div class="pullquote"><p>The distinction between producing a report and preventing a crime <br>is exactly the problem.</p></div><h3><strong>Pay and chase. Still.</strong></h3><p>The DOJ strike force announcement was framed as a major escalation in the fight against healthcare fraud. And in some ways it is. The government is adding more prosecutors, more forensic tools, more data analytics, and new strike force offices opening in San Francisco, Las Vegas, and Phoenix. This is real investment, and I don&#8217;t want to minimize it.</p><p>But let&#8217;s be clear about what a strike force is. It is a law enforcement response to fraud that has already happened. It is, by definition, reactive. You detect the scheme. You build the case. You charge the defendants. You announce the press release. And almost all of the money is already gone.</p><p>This is the &#8220;pay and chase&#8221; model, and it is not enough anymore. It was barely enough before. In a world where a single criminal network can attempt to steal $10.6 billion in a single scheme, prosecuting 28 people for $1.9 billion two years after the fraud began, is not a deterrent. It&#8217;s a cleanup crew.</p><p>I want to be fair to the people doing this work. Federal prosecutors, FBI agents, and OIG investigators are talented, dedicated, and genuinely hamstrung by a system that wasn&#8217;t built for the threat they&#8217;re now facing. The probes into California hospice fraud stalled for years, officials said, because of limited resources and pandemic-era priorities around access to care. That&#8217;s indicative of a system that cannot scale to meet what&#8217;s coming at it.</p><p>But the answer to that problem is not more prosecutors. Or rather, it&#8217;s not <em>only</em> more prosecutors. The answer is stopping fraud before the money goes out the door.</p><h3><strong>The new world requires a new approach</strong></h3><p>What Washington has not fully reckoned with is that fraud has been industrialized. Organized criminal networks&#8212;including foreign ones&#8212;have built sophisticated operations that analyze government payment systems, identify vulnerabilities, and exploit them at machine speed. They use stolen beneficiary data and artificial intelligence. They stand up fake medical providers, fake hospices, fake substance-abuse clinics; they move money across jurisdictions before anyone notices, and they disappear with millions in stolen taxpayer money.</p><p>The government&#8217;s response, by contrast, remains anchored in a framework built for a different era: stumble onto a fraud scheme years into the heist, investigate what you can, prosecute the cases you can prove, announce the takedown, repeat. The improper payments report is the annual ritual of that framework &#8212; a backward-looking accounting exercise that tells us a fragmented story of what the damage was, offers limited insight into why it happened, and almost no insight into whether we&#8217;re any better positioned to stop it next time.</p><p>We are not going to prosecute our way out of this problem. And if we keep telling agencies to adhere to complicated, bureaucratic compliance requirements in response to a genuine crisis, we might as well send a formal invitation to the transnational criminal organizations.</p><h3><strong>What actually needs to change</strong></h3><p>The federal government needs to make a genuine strategic shift&#8212;a fundamental reorientation from detection and prosecution toward prevention and prediction. That means:</p><p><strong>Stopping paying before we know.</strong> Pre-payment review and real-time eligibility verification aren&#8217;t new ideas, but they&#8217;re still not standard practice across high-risk programs. Modern verification tools can stop fraudulent claims before money changes hands &#8212; without slowing legitimate payments. Using intelligence in addition to data can help uncover risk signals earlier in the scheme. This is not a trade-off between speed and integrity. Technology, especially Generative AI, has made it possible to have both.</p><p><strong>Treating fraud intelligence like national security intelligence.</strong> The $10.6 billion catheter scheme involved a foreign criminal organization. The hospice fraud rings are operating like organized crime syndicates, because they are. We need federal agencies sharing threat intelligence in real time, not issuing audit reports two years after the fact. Data and intelligence is still siloed across agencies and states, and needed information is not shared. Congress took some important steps to change this last week by introducing several bills that would make data sharing easier. Those bills must advance to the President&#8217;s desk for signature.</p><p><strong>Replacing compliance theater with outcome accountability.</strong> The improper payments reporting regime needs to be fundamentally reimagined. Instead of measuring what went wrong and generating a number that spins up or down based on methodology changes, we should be measuring what agencies are doing <em>before</em>payments go out: their pre-payment controls, their fraud risk assessments, their use of data analytics, their real-time detection rates. Tell me not what the damage was &#8212; tell me whether you&#8217;re actually getting better at preventing it.</p><p><strong>Being honest about what we don&#8217;t know.</strong> GAO&#8217;s report doesn&#8217;t include TANF, a $16.5 billion program, because of statutory limitations that prevent HHS from calculating its improper payment rate. We can&#8217;t manage what we don&#8217;t measure. While reimagining the improper payments reporting regime, Congress needs to fix the statutory barriers that keep major programs off the books entirely.</p><h3><strong>The bottom line</strong></h3><p>Two things happened last week. A Justice Department strike force was announced to chase down fraud that has already occurred and a GAO report catalogued $186 billion in payment problems through a methodology that is too complicated to be genuinely useful and too backward-looking to drive real change.</p><p>Meanwhile, 28 people tried to steal $1.9 billion. And right now, in nearly every state and many federal programs, others are planning or executing the next scheme.</p><p>How do I know?</p><p>I am the co-founder of a small fraud prevention technology company that looks for patterns of fraud in data. Last week, we quietly pulled some Medicare suppliers off the CMS website and ran them through our gauntlet of open-source intelligence-gathering tools. </p><p>We found a supplier with no obvious risk signals&#8212;no one is debarred, sanctioned or otherwise suspicious looking. The company was recently added to CMS&#8217;s supplier ecosystem. But there was something suspicious, and with today&#8217;s intelligence tools, we were able to spot it. A complaint was filed to the Better Business Bureau&#8217;s Scam Tracker from someone saying they received knee braces in the mail out the blue. They called their doctor, and he confirmed he had not placed the order. The company on the invoice was unfamiliar. They called the company and said they wanted to return the unneeded braces.</p><p>CMS has no reason to suspect this company is a fraudulent supplier yet. Nothing will look amiss in the data CMS looks at. The fraud actors behind this scheme are still operating in the shadows. My bet is that, in two years, this company will appear in a Justice Department press release along with the amount of taxpayer money that was stolen.</p><p>We don&#8217;t have a prosecution problem. We have a prevention problem. And until Washington is willing to say that clearly &#8212; to move the center of gravity of this entire enterprise from pay-and-chase to stop-before-it-starts &#8212; we will keep writing the same press releases and publishing the same reports, year after year, while the numbers get larger and the criminals get smarter.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The Government Is About to Send Out Billions in Tariff Refunds. The Fraudsters are Ready.]]></title><description><![CDATA[A massive new tariff refund program has all the hallmarks of the last great fraud wave&#8212;speed, scale, and a system built to trust.]]></description><link>https://govintegrity.substack.com/p/the-government-is-about-to-send-out</link><guid isPermaLink="false">https://govintegrity.substack.com/p/the-government-is-about-to-send-out</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Mon, 20 Apr 2026 12:34:04 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1601897690942-bcacbad33e55?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0fHxzaGlwcGluZyUyMGNvbnRhaW5lcnxlbnwwfHx8fDE3NzY2ODc4Mzd8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>A mid-sized importer gets an email from its customs broker: CBP has opened the tariff refund portal, and the company is eligible for a substantial payment. The message references real shipments and includes a link to &#8220;confirm banking details to ensure timely payment.&#8221;</p><p>The controller clicks through and updates the account information. Weeks later, the refund arrives&#8212;just not to them.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p><em><strong>This is not a hypothetical failure mode. It is the most likely one.</strong></em></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1601897690942-bcacbad33e55?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0fHxzaGlwcGluZyUyMGNvbnRhaW5lcnxlbnwwfHx8fDE3NzY2ODc4Mzd8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1601897690942-bcacbad33e55?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0fHxzaGlwcGluZyUyMGNvbnRhaW5lcnxlbnwwfHx8fDE3NzY2ODc4Mzd8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1601897690942-bcacbad33e55?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0fHxzaGlwcGluZyUyMGNvbnRhaW5lcnxlbnwwfHx8fDE3NzY2ODc4Mzd8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1601897690942-bcacbad33e55?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0fHxzaGlwcGluZyUyMGNvbnRhaW5lcnxlbnwwfHx8fDE3NzY2ODc4Mzd8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1601897690942-bcacbad33e55?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0fHxzaGlwcGluZyUyMGNvbnRhaW5lcnxlbnwwfHx8fDE3NzY2ODc4Mzd8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1601897690942-bcacbad33e55?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0fHxzaGlwcGluZyUyMGNvbnRhaW5lcnxlbnwwfHx8fDE3NzY2ODc4Mzd8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="4928" height="3264" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1601897690942-bcacbad33e55?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0fHxzaGlwcGluZyUyMGNvbnRhaW5lcnxlbnwwfHx8fDE3NzY2ODc4Mzd8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:3264,&quot;width&quot;:4928,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;blue red and yellow intermodal containers&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="blue red and yellow intermodal containers" title="blue red and yellow intermodal containers" srcset="https://images.unsplash.com/photo-1601897690942-bcacbad33e55?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0fHxzaGlwcGluZyUyMGNvbnRhaW5lcnxlbnwwfHx8fDE3NzY2ODc4Mzd8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1601897690942-bcacbad33e55?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0fHxzaGlwcGluZyUyMGNvbnRhaW5lcnxlbnwwfHx8fDE3NzY2ODc4Mzd8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1601897690942-bcacbad33e55?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0fHxzaGlwcGluZyUyMGNvbnRhaW5lcnxlbnwwfHx8fDE3NzY2ODc4Mzd8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1601897690942-bcacbad33e55?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw0fHxzaGlwcGluZyUyMGNvbnRhaW5lcnxlbnwwfHx8fDE3NzY2ODc4Mzd8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@hooverpaul55">Paul Teysen</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><p>The federal government is standing up a tariff refund program covering an estimated 53 million shipments, with total payments of $166 billion. If that combination&#8212;new program, large sums, fast timelines, confusing rules, digital disbursement&#8212;sounds familiar, it should. The last time the government ran a program at this scale, we called it pandemic relief. The Paycheck Protection Program disbursed $800 billion in under two years. Fraud actors of all types had a field day. Unemployment programs lost more than $100 billion to fraud. Most of the money was never recovered.</p><p>Having spent those years working the problem from the inside, it looks a lot like the patterns that broke those programs are already visible in this tariff refund program.</p><h3><strong>The Payment is the Attack Surface</strong></h3><p>The most immediate vulnerability is not fabricated claims&#8212;it is interception. Modern fraud inserts itself into legitimate flows.</p><p><em>Compromise an importer&#8217;s login credentials.<br>Spoof a broker&#8217;s email.<br>Induce a controller to update ACH details through a convincing phishing page.</em></p><p>The underlying claim can be completely valid and CBP will process it as designed. The money simply goes to the wrong place.</p><p>This is how business email compromise attacks work, and the tariff refund program is structured to attract them. Importers enroll banking details through CAPE&#8212;CBP&#8217;s new Consolidated Administration and Processing of Entries system&#8212;which went live this morning. Brokers act as intermediaries for hundreds of clients at once. A single compromised broker firm becomes a force multiplier&#8212;one breach, hundreds of redirected refunds. Smaller brokers with weaker security controls and broad client rosters are the highest-value targets.</p><p><em><strong>The first wave of fraud will arrive in a phishing email.</strong></em></p><h3><strong>The Program&#8217;s Complexity is a Feature, Not a Bug, for Fraud</strong></h3><p>Beyond interception, the program&#8217;s eligibility structure creates a second attack surface. Some shipments qualify; others don&#8217;t. Some duties are finalized; others remain provisional. Within a single entry, certain goods may be refundable while others are not. That complexity and granularity, while appropriate for trade policy, is disastrous for fraud prevention.</p><p>When reviewers can&#8217;t easily distinguish eligible from ineligible duties without reconstructing entry-level records, over-claiming becomes difficult to detect. Ineligible line items get folded into otherwise valid claims. The same entry gets submitted through affiliated entities or amended submissions. And importantly, none of this requires a fictitious claimant. It simply requires a real participant willing to stretch the rules, or an intermediary willing to do it on their behalf. With 53 million underlying transactions, even a modest rate of inflation or duplication translates into significant losses.</p><p>During the pandemic, we called this version of the scheme &#8220;real business, fake amount.&#8221; This is the tariff-refund equivalent.</p><div class="pullquote"><p>A third layer compounds both risks: A parasitic ecosystem <br>will form around legitimate confusion. </p></div><p>Businesses that can&#8217;t navigate the complex new portal are easy targets for fake recovery consultants, advance-fee services, and phishing pages that closely mirror official CBP communications. We saw these opportunistic intermediaries in the pandemic-era Employee Retention Tax Credit program and they bilked the program for billions in exorbitant fees for ineligible businesses.</p><p>The boundary between help and exploitation is invisible from the outside, especially for smaller firms without in-house trade counsel.</p><h3><strong>The Design Flaws are Now Familiar in Government Programs</strong></h3><p>What ties these risks together is architecture. Government payment systems are built to determine who qualifies; they aren&#8217;t built to ensure that the right entity receives payment, to evaluate claims relationally rather than in isolation, or to pause disbursement when suspicious patterns emerge. Controls are documentation-based and retrospective, which are the kinds of controls that are designed for audits, not real-time fraud prevention.</p><p>This architecture has cost taxpayers hundreds of billions of dollars. There is no reason to expect a different outcome here unless different choices are made now, at the design stage, not during the inevitable post-mortem.</p><p>Four changes would matter most.</p><p><strong>1. CBP needs the explicit authority to pause disbursement when fraud signals appear&#8212;and that authority must be established before it is needed, not after. </strong>The IRS imposed a moratorium on new Employee Retention Credit claims in September 2023 because fraud had overwhelmed its ability to distinguish legitimate from fraudulent filings. It was the right call, made about two years too late. CBP almost certainly cannot pause payments today without explicit policy direction&#8212;likely from the White House or a congressional mandate. That authorization should be sought immediately, before losses accumulate and the political cost of delay becomes the excuse for inaction.</p><p><strong>2. CBP should require multi-factor authentication for all CAPE access&#8212;for importers and brokers alike&#8212;and issue explicit public guidance on what legitimate CBP communications will and will not ask. </strong> A convincing email directing a controller to confirm banking details through a portal link is the simplest attack this program will face, and it requires no sophistication whatsoever. MFA does not eliminate credential compromise, but it raises the cost meaningfully&#8212;particularly for broker accounts, where a single breach can redirect refunds across hundreds of clients. And CBP should issue explicit public guidance on what legitimate CBP communications will and will not ask. For example, CBP should publicly announce that it will never direct importers to update payment details through an emailed link. The IRS issues guidance like this routinely. CBP should do it now, before the first phishing wave lands.</p><p><strong>3. Claims should be analyzed against each other, not just on their individual merits. </strong>Shared accounts, repeat preparers, and unusual concentrations of activity&#8212;fifty claims routing to the same small bank, identical dollar amounts across unrelated companies&#8212;are detectable before payment, not only after. Treasury&#8217;s Do Not Pay system already cross-references federal payments against fraud indicators in real time for some programs. Whether CAPE was built with that integration from day one has not been confirmed publicly. OMB has the authority&#8212;and under the Payment Integrity Information Act, arguably the obligation&#8212;to require it and to verify publicly that it has been done. Data analytics to detect patterns must be baked in from the start.</p><p><strong>4. Any modification to banking information should be treated as a high-risk event requiring independent verification&#8212;not a confirmation through the same channel that may already be compromised. </strong>Banks are already required to validate ACH change requests through a separate authentication channel. CBP should be held to the same standard its regulated financial institutions already meet.</p><p>None of this requires slowing the program to a halt. These are standard risk management practices in many parts of the private sector. What makes the government different is how rarely they are embedded into federal payment systems from the start.</p><h3><strong>We Know What Comes Next if Action Isn&#8217;t Taken</strong></h3><p><em><strong>The portal opened this morning. The window to build these controls into the design&#8212;rather than reconstruct them after losses mount&#8212;is measured in days, not years.</strong></em></p><p>The pandemic showed what happens when a large-scale, fast-moving payment program trusts its documentation. Investigators spent years counting losses that could have been avoided. Recoveries were a minuscule fraction of what was stolen. By the time enforcement caught up, the money was long gone.</p><p>We have been here before. We know how it ends. The only open question is whether the people in a position to act will do so before the money moves&#8212;or after.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The 30-Day Test]]></title><description><![CDATA[The White House fraud task force is trying to get agencies to do something they have resisted for decades, and is creating the kind of disincentives that will only make that resistance worse]]></description><link>https://govintegrity.substack.com/p/the-30-day-test</link><guid isPermaLink="false">https://govintegrity.substack.com/p/the-30-day-test</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Mon, 13 Apr 2026 12:39:00 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!0IWP!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1e22656-2ad9-4984-95d2-93fbccc2a109_648x365.jpeg" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>I want to believe. I really do.</p><p>The Trump administration&#8217;s new Task Force to Eliminate Fraud &#8212; chaired by Vice President Vance, drawn from every major Cabinet agency, and armed with an accelerated 30-60-90-day implementation timeline &#8212; is the most serious government-wide anti-fraud commitment I&#8217;ve seen in nearly 20 years of working on this issue. The mandate to shift the federal posture from &#8220;pay and chase&#8221; to preventive controls is exactly right. </p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>On paper, this is the effort I&#8217;ve been arguing for.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!0IWP!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1e22656-2ad9-4984-95d2-93fbccc2a109_648x365.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!0IWP!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1e22656-2ad9-4984-95d2-93fbccc2a109_648x365.jpeg 424w, https://substackcdn.com/image/fetch/$s_!0IWP!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1e22656-2ad9-4984-95d2-93fbccc2a109_648x365.jpeg 848w, https://substackcdn.com/image/fetch/$s_!0IWP!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1e22656-2ad9-4984-95d2-93fbccc2a109_648x365.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!0IWP!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1e22656-2ad9-4984-95d2-93fbccc2a109_648x365.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!0IWP!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1e22656-2ad9-4984-95d2-93fbccc2a109_648x365.jpeg" width="648" height="365" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/a1e22656-2ad9-4984-95d2-93fbccc2a109_648x365.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:365,&quot;width&quot;:648,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;Vance highlights fraud task force efforts in first meeting packed with  Cabinet members&quot;,&quot;title&quot;:null,&quot;type&quot;:null,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Vance highlights fraud task force efforts in first meeting packed with  Cabinet members" title="Vance highlights fraud task force efforts in first meeting packed with  Cabinet members" srcset="https://substackcdn.com/image/fetch/$s_!0IWP!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1e22656-2ad9-4984-95d2-93fbccc2a109_648x365.jpeg 424w, https://substackcdn.com/image/fetch/$s_!0IWP!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1e22656-2ad9-4984-95d2-93fbccc2a109_648x365.jpeg 848w, https://substackcdn.com/image/fetch/$s_!0IWP!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1e22656-2ad9-4984-95d2-93fbccc2a109_648x365.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!0IWP!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fa1e22656-2ad9-4984-95d2-93fbccc2a109_648x365.jpeg 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p>But nearly two decades of working with agencies tells me the 30-day vulnerability assessment at the center of this effort is heading straight for the most entrenched obstacle in federal fraud prevention: the career risk of telling the truth about how exposed your programs actually are. And a new enforcement dynamic the administration itself has created is about to make that obstacle significantly worse.</p><h3><strong>Good Idea. Wrong Timeline. Wrong Incentives.</strong></h3><p>Section 3 of the executive order requires each agency to submit, within 30 days, descriptions of transactions and processes within its programs &#8220;most susceptible to fraud.&#8221; These are things like new enrollments, eligibility redeterminations, provider enrollments, self-attestation procedures, changes to payment destinations, and third-party intermediaries.</p><p>This is a good list. These are exactly the right categories. I recognize them because they are drawn from the GAO Fraud Risk Management Framework, which I led the development of a decade ago and which is now codified in statute under the Payment Integrity Information Act. The problem is that identifying the categories of vulnerability is just the start.</p><p>A meaningful fraud risk assessment &#8212; the kind PIIA actually requires &#8212; means understanding how a program works in practice, not just on paper. It means cataloguing the specific fraud schemes that have occurred or could plausibly occur in each category, assessing the likelihood and potential impact of each, and prioritizing where preventive controls will produce the greatest return. That process, done with any rigor, takes months. </p><p>As of 2023, agencies still hadn&#8217;t addressed 95 of GAO&#8217;s prior fraud risk management recommendations. A third of federal agencies surveyed didn&#8217;t have regular monitoring or evaluation activities. Half didn&#8217;t regularly make changes based on evaluation results. Here&#8217;s the truth: organizational culture, data infrastructure, and leadership accountability have made sustained, honest fraud risk management the exception rather than the rule.</p><p>In 30 days, agencies across government will not suddenly know how to do what they haven&#8217;t been doing for years. The deeper problem isn&#8217;t capacity. It&#8217;s incentive.</p><h3><strong>Why Washington Has Always Looked the Other Way</strong></h3><p>Fraud is deceptive by design. When agency leaders finally look for it, they will find more of it &#8212; at least at first. In Washington, that is treated as failure, not progress. Budgets get questioned, oversight hearings get scheduled, headlines follow. The rational response for a career official is to stop looking.</p><p>Consider this thought experiment: you are the head of a major benefit agency and you decide to use data analytics to look for fraud. You find it &#8212; and it is far worse than anyone imagined. Now your agency has more reported fraud than any other. Other agencies, those that didn&#8217;t decide to go looking for fraud, are not reporting the fraud numbers that you&#8217;re now reporting. Hearings get scheduled. Lawmakers demand answers. Your budget is threatened. You are punished for looking, while the agencies that didn&#8217;t look are rewarded. </p><p>This is the perverse logic that has driven agencies toward &#8220;pay and chase&#8221; for decades &#8212; recovering dollars after the fact, where the win is visible, rather than preventing losses before they happen, where the benefit is invisible. </p><div class="callout-block" data-callout="true"><p><em>Prevented fraud cannot easily be counted, budgeted for, or celebrated in a press release. Recovered fraud can. So agencies optimize for the metric that rewards them, not the one that protects taxpayers.</em></p></div><p>I have spent 20 years watching agency leaders respond to questions about fraud with long lists of policies, procedures, risk assessments, and technology they have procured &#8212; documentation carefully assembled to demonstrate that the process was followed, whether or not the fraud kept happening. The 30-day vulnerability assessment will produce more of the same.</p><h3><strong>A New Culture of Fear</strong></h3><p>But there&#8217;s a bigger problem in the new task force&#8217;s work: it includes a Sword of Damocles that menacingly looms over the whole endeavor.</p><p>This year, the administration has withheld $259 million in federal Medicaid matching funds from Minnesota, citing concerns about fraudulent and unsupported claims. It has sent formal letters to California, New York, Maine, and Florida requesting information about their anti-fraud policies and procedures, with the implicit threat of similar action. A federal court has allowed the Minnesota deferral to proceed.</p><p>The stated rationale is accountability: states that have fraud should face consequences. That logic makes sense in principle. But consider what it means for the 30-day vulnerability assessment. If an agency &#8212; or a state &#8212; conducts a genuinely honest assessment and surfaces real fraud vulnerabilities, it has now produced documentary evidence of exactly the kind of problem that triggers federal fund withholding. The rational response is to submit an assessment that is complete enough to satisfy the task force but not so candid that it becomes an enforcement target.</p><div class="callout-block" data-callout="true"><p><em>The cultural taboo around admitting fraud has always made honest self-assessment difficult. The threat of losing federal funding transforms that taboo into a financial imperative.</em></p></div><p>There is a further complication the administration should reckon with before it ties enforcement to self-reporting. This month, CMS acknowledged it had made a significant error in the fraud accusations it leveled at New York&#8217;s Medicaid program &#8212; claiming that five million New Yorkers received personal care services when the actual figure was approximately 450,000. CMS had misread New York&#8217;s billing codes, overcounting by a factor of ten, and used that inflated number as the basis for a formal fraud investigation and the threat of funding consequences. The error was caught only after New York pushed back.</p><p>The point isn&#8217;t about New York being innocent or guilty of anything. The point is that the federal government&#8217;s own fraud measurement methodology produced a tenfold error &#8212; and the financial penalties were already in motion before anyone checked the math. </p><p>If the task force wants states and agencies to submit honest vulnerability assessments, the credibility of the federal measurement tools that will scrutinize those assessments has to be established first. Accuse now, verify later is not a framework that produces candid self-disclosure from the people being accused</p><h3><strong>Use the Momentum. Make It Substantive.</strong></h3><p>None of this means the task force is a mistake. The political will behind it is real and rare, and the doctrine is correct. But good intentions and executive orders do not change the structural incentives that have kept agencies from doing honest fraud risk management for decades. The task force will only convert this moment into durable impact if it grapples directly with those incentives.</p><p>Here is what that looks like in practice.</p><p><strong>First, treat the 30-day submissions as a starting point, not a deliverable.</strong> Every agency that says its fraud exposure is modest should be asked to substantiate that claim with data &#8212; not a list of controls, but evidence of what those controls are actually catching. The submissions that look clean are the ones most likely to be incomplete.</p><p><strong>Second, pair self-reports with independent analysis.</strong> The agencies that have had the most meaningful breakthroughs on fraud &#8212; including PRAC with its pandemic relief engine &#8212; did not rely on agencies to report their own vulnerabilities. They built independent data capacity and showed agencies what they were missing. That moment of recognition, when an agency sees the actual exposure rather than the reported one, is where real action begins. The task force should be creating that moment systematically.</p><p><strong>Third&#8212; and this is absolutely key&#8212;separate accountability for findings from punishment for honesty</strong>. The Minnesota and New York enforcement actions send the signal that surfacing fraud leads to financial penalty. If the task force wants genuine vulnerability assessments, it needs a safe harbor for agencies that come forward honestly &#8212; a distinction between the state that is hiding fraud and the state that has finally looked and found it. Those are not the same problem, and they should not receive the same response.</p><p><strong>Finally, build the 60-day and 90-day requirements around specific, measurable commitments</strong> to named preventive controls &#8212; not plans to consider controls, not working groups, not interagency coordination memos. The task force has until the end of 2026 to produce findings. Whether those findings change anything will depend entirely on whether the accountability mechanism for the next phase is real.</p><p>The administration has the right framework and the political attention to make this matter. What it does not yet have is an implementation theory that accounts for why agencies have not done this work honestly for the past two decades. The task force will tell us a great deal about which of those two things is actually driving the effort.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The AI Threat to Fraud Detection That No One in Government Is Preparing For ]]></title><description><![CDATA[How Adversarial Machine Learning Could Undermine the Government's Newest Weapon Against Fraud]]></description><link>https://govintegrity.substack.com/p/the-ai-threat-to-fraud-detection</link><guid isPermaLink="false">https://govintegrity.substack.com/p/the-ai-threat-to-fraud-detection</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Mon, 30 Mar 2026 10:26:48 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1592111332908-f8f7fe1bb041?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxM3x8c3RyYXRlZ3l8ZW58MHx8fHwxNzc0ODExNDc4fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p><em>By Linda Miller, Program Integrity Alliance</em></p><p>The federal government is finally starting to use artificial intelligence to fight fraud. The Treasury Department announced that machine learning helped prevent and recover over $4 billion in fraud and improper payments in fiscal year 2024, up from $652 million the year before. Agencies across the government are investing in AI-driven analytics to flag suspicious claims, score risk, and detect anomalies in payment data. After decades of relying on after-the-fact audits and manual reviews, this is genuine progress.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>But the same AI revolution that is giving the government better tools to detect fraud is simultaneously giving criminals better tools to defeat those defenses. The techniques for doing so are well-documented in the computer science literature and actively used in cybersecurity, but they are just starting to move into the fraud conversation. The field is called <em>adversarial machine learning</em>, and it&#8217;s going to radically change the game.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1592111332908-f8f7fe1bb041?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxM3x8c3RyYXRlZ3l8ZW58MHx8fHwxNzc0ODExNDc4fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1592111332908-f8f7fe1bb041?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxM3x8c3RyYXRlZ3l8ZW58MHx8fHwxNzc0ODExNDc4fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1592111332908-f8f7fe1bb041?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxM3x8c3RyYXRlZ3l8ZW58MHx8fHwxNzc0ODExNDc4fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1592111332908-f8f7fe1bb041?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxM3x8c3RyYXRlZ3l8ZW58MHx8fHwxNzc0ODExNDc4fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1592111332908-f8f7fe1bb041?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxM3x8c3RyYXRlZ3l8ZW58MHx8fHwxNzc0ODExNDc4fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1592111332908-f8f7fe1bb041?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxM3x8c3RyYXRlZ3l8ZW58MHx8fHwxNzc0ODExNDc4fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="3606" height="3606" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1592111332908-f8f7fe1bb041?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxM3x8c3RyYXRlZ3l8ZW58MHx8fHwxNzc0ODExNDc4fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:3606,&quot;width&quot;:3606,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;yellow and black arrow sign&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="yellow and black arrow sign" title="yellow and black arrow sign" srcset="https://images.unsplash.com/photo-1592111332908-f8f7fe1bb041?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxM3x8c3RyYXRlZ3l8ZW58MHx8fHwxNzc0ODExNDc4fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1592111332908-f8f7fe1bb041?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxM3x8c3RyYXRlZ3l8ZW58MHx8fHwxNzc0ODExNDc4fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1592111332908-f8f7fe1bb041?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxM3x8c3RyYXRlZ3l8ZW58MHx8fHwxNzc0ODExNDc4fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1592111332908-f8f7fe1bb041?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxM3x8c3RyYXRlZ3l8ZW58MHx8fHwxNzc0ODExNDc4fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@markkoenig">Mark K&#246;nig</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><h2>What Is Adversarial Machine Learning?</h2><p>A machine learning model learns patterns from data. A fraud detection model, for example, might learn that claims filed at 3 a.m. from a new IP address with a recently changed bank account are more likely to be fraudulent than claims filed during business hours from a long-established account. The model builds an internal map of what &#8220;normal&#8221; looks like and what &#8220;suspicious&#8221; looks like, based on thousands or millions of historical examples. It then scores new claims against those patterns.</p><p>Adversarial machine learning is the study of how to deliberately fool or corrupt these systems. The National Institute of Standards and Technology, or NIST, published an official taxonomy of these attacks in its <em>Adversarial Machine Learning: A Taxonomy and Terminology</em> report last year. The field organizes attacks into three main categories<em>: evasion, poisoning</em>, and <em>extraction.</em> Each one has direct implications for government fraud prevention.</p><h3>Evasion: Learning to Stay Below the Radar</h3><p>Evasion is the simplest form of attack, and it is already happening. Once a fraud network figures out what features a detection model is looking for&#8212;filing time, IP location, account age, application speed&#8212;the operators adjust their behavior to stay just below the threshold that triggers a flag.</p><p>This is not new. Criminals have always adapted to learned enforcement patterns. But AI enables speed and precision that haven&#8217;t existed yet. A fraud network can now use its own AI to systematically test thousands of claim variations against a government system, observe which ones get flagged and which ones get paid, and map exactly where the detection boundary sits. Then it operates just inside that boundary. Think of it as a burglar who can run a million simulations of your alarm system before walking through the front door.</p><p>In my reporting for <em>Soft Target</em>, I spoke with fraud investigators who described exactly this behavior. Criminal networks probe government systems methodically, fire off hundreds of scripted applications and when online applications fail, they shift to call centers, testing different scripts. When one approach gets blocked, they adjust the parameters and try again. AI simply automates this process, compresses the timeline from weeks to hours, and allows it to run at a scale no human operation could match.</p><h3>Poisoning: Corrupting the Immune System Itself</h3><p>If evasion is the equivalent of a burglar learning where the cameras are, poisoning is the equivalent of someone sneaking into the security office and reprogramming the cameras to look the other way.</p><p>Poisoning attacks target the training data that a model learns from. When a government agency trains its fraud detection system on historical claims data, the model learns which patterns are associated with fraud and which are associated with legitimate activity. In a poisoning attack, the bad guys corrupt that learning process by introducing carefully designed data into the training set&#8212;data that looks normal but teaches the model the wrong lessons.</p><p>Here is a concrete example. Suppose a fraud network knows that a state unemployment agency is building a new AI-based fraud detection system and that it will be trained on two years of historical claims data. During those two years, the network submits a large volume of fraudulent claims that are deliberately designed to <em>look like</em> legitimate claims&#8212;filed during business hours, from residential IP addresses, with modest dollar amounts and realistic employment histories. Simultaneously, they submit a smaller number of legitimate-looking claims with features that the model will associate with fraud&#8212;unusual filing times, new accounts, large amounts. The model trains on this polluted data and learns the wrong patterns. When the fraud network later submits its real fraudulent claims, the model has been taught to wave them through.</p><p>Research has demonstrated that poisoning just a tiny fraction of training data&#8212;as little as one-thousandth of one percent in one study&#8212;can meaningfully degrade a model&#8217;s performance. The government thinks it has deployed a sophisticated AI defense when in reality, the adversary purposefully created blind spots in their defenses.</p><p>The most alarming variant of poisoning is what researchers call a <strong>backdoor attack.</strong> The adversary introduces a subtle trigger pattern into the training data&#8212;a specific combination of data fields that, when present, causes the model to classify a claim as legitimate regardless of its other characteristics.</p><p>For example, a backdoor trigger might be a particular sequence of digits in a phone number field, or a specific combination of zip code and filing date. The model learns to associate this trigger with legitimate claims. When the adversary later files fraudulent claims containing the trigger, the model gives them a clean score. The backdoor is invisible to anyone evaluating the model&#8217;s overall accuracy, because it only activates when the trigger is present. On every other claim, the model performs normally.</p><p>This is not science fiction. The foundational research on targeted backdoor attacks was published in 2017, and the technique has been extensively studied since then. NIST&#8217;s taxonomy specifically identifies it as a known threat. The question is whether anyone is testing for them. In most government agencies, the answer is no.</p><h3>Model Extraction: Stealing the Blueprint</h3><p>The third category of adversarial attack is model extraction, sometimes called model stealing. If a fraud network can interact with a detection system enough times&#8212;submitting claims and observing which ones get flagged and which ones get paid&#8212;it can reverse-engineer the model&#8217;s decision logic without ever seeing the code.</p><p>This is called a black-box attack, because the adversary does not need access to the model&#8217;s internal system. They just need to observe its inputs and outputs. Each rejection is a free lesson in what the model is looking for and each approval confirms what gets through. With enough observations, the adversary builds a functional copy of the government&#8217;s model, then uses that copy to design claims that will pass.</p><p>Government systems are particularly vulnerable to extraction because of due process requirements. When an applicant is denied benefits, agencies often provide detailed reasons for the denial. These explanations are legally required and administratively necessary. But they give the criminals a road map for reverse-engineering the detection system. Every denial letter that explains <em>why</em> a claim was flagged is, from the adversary&#8217;s perspective, a free data point for building a more accurate copy of the model.</p><h2>The Asymmetry Problem</h2><p>What makes adversarial machine learning so dangerous in the government fraud context is the asymmetry between offense and defense&#8212;a dynamic I have documented throughout my research on government fraud.</p><p>Government agencies will adopt AI for fraud detection slowly, through multi-year procurement cycles, constrained by legacy systems, privacy litigation, and oversight requirements. Every change to a fraud detection algorithm potentially triggers a review cycle, a privacy assessment, a fairness audit. These are legitimate gates, but they slow the process of implementing new technology profoundly.</p><p>Adversaries can adopt AI to commit fraud without procurement processes, legal reviews, or other bureaucratic constraints. They can and will iterate against government models daily; and test, adapt, and redeploy faster than any agency can update its defenses. The biggest challenge on the horizon is the how advancing technology will exacerbate the asymmetry of this fight. The government&#8217;s use of AI will be largely static while the adversary&#8217;s is adaptive. The gap between offense and defense, which was already wide, is about to get wider.</p><h2>What Should Worry Us Most</h2><p>There are several specific near-term risks that deserve attention from anyone working on government fraud prevention.</p><p><strong>Autonomous fraud agents. </strong>Today, fraud at scale still requires human labor&#8212;someone has to fill out applications, manage the pipeline, respond to follow-up requests. What is emerging now are autonomous AI agents that can complete multi-step application processes end-to-end: navigate a web portal, fill in forms, upload fabricated documents, respond to verification emails, and even handle a phone conversation with a call center representative. These agents can run thousands of applications simultaneously, learn from failures, and adjust in real time. The architecture for this exists today.</p><p><strong>Forensically clean fake documents. </strong>Generative AI has already made it easy to produce photorealistic fake documents. What is coming next is AI that generates documents which are <em>forensically consistent</em>&#8212;metadata that matches the software the document claims to have been created in, PDF timestamps that are internally coherent, EXIF data on photographs that matches the GPS coordinates of the claimed location. </p><div class="pullquote"><p>Every verification process that depends on &#8220;submit documentation&#8221; is <br>about to become meaningless.</p></div><p><strong>AI-powered vulnerability discovery. </strong>Sophisticated fraud networks will use AI to analyze government program rules, identify logical gaps, and design exploitation strategies. Feed a language model the full text of a program&#8217;s eligibility rules, the application form, and the appeals process. Ask it to identify every combination of inputs that would result in payment while minimizing the probability of detection. The model will find edge cases and verification gaps that no human analyst would catch&#8212;because it can evaluate millions of combinations.</p><p><strong>Corruption of the government&#8217;s own AI defenses. </strong>As agencies invest in AI-driven fraud detection, those systems become targets in themselves. A fraud network that can subtly poison a government agency&#8217;s fraud detection model&#8212;making it more likely to flag legitimate claims while letting fraudulent ones through&#8212; would have compromised the immune system itself.</p><h2>What Can Be Done</h2><p>None of this means the government should avoid using AI for fraud detection. The Treasury Department&#8217;s $4 billion in prevented losses demonstrates that AI-driven fraud analytics work. But the government&#8217;s approach to deploying these tools needs to account for the adversarial dimension from the start, not as an afterthought.</p><p>Several steps are available right now.</p><p><strong>Require adversarial robustness testing. </strong>Every fraud detection model deployed by a federal agency should be subjected to adversarial testing before deployment and on a recurring basis&#8212;red team exercises in which analysts attempt to evade, poison, and extract the model using known techniques. The Department of Defense does this routinely with its cybersecurity systems and there is no reason benefits programs shouldn&#8217;t do the same.</p><p><strong>Treat training data as critical infrastructure. </strong>The data used to train fraud detection models should be treated with the same rigor as any other sensitive government asset. Data validation, provenance tracking, and anomaly detection on the training data itself are essential. If you don&#8217;t know whether your training data has been tampered with, your model can&#8217;t be trusted.</p><p><strong>Build continuous model updating into procurement requirements. </strong>Fraud detection models that are trained once and deployed for years are sitting targets. Procurement contracts should require vendors to provide continuous model updating, retraining on new data, and adversarial testing as part of the ongoing service, not as an expensive add-on.</p><p><strong>Limit information leakage in denial communications. </strong>Agencies should review how much information their denial and rejection notices provide about the specific features that triggered a flag. Due process requirements are legitimate, but there may be ways to satisfy them without providing a detailed blueprint of the detection model&#8217;s decision logic.</p><p><strong>Invest in adversarial ML expertise. </strong>The government needs people who understand these threats. Today, adversarial machine learning expertise is concentrated in academic research labs and a small number of private-sector cybersecurity firms. The federal workforce pipeline for fraud prevention analytics should include adversarial ML as a core competency.</p><h2>The Window Is Closing</h2><p>The government is at an inflection point. It&#8217;s beginning to deploy AI for fraud detection at scale. Every model deployed without adversarial testing, every training dataset assembled without validation, every procurement contract that treats the model as a static product rather than a living system that must be continuously defended, creates a vulnerability that sophisticated adversaries will find and exploit.</p><p>Unlike most government leaders, the criminals who defraud government programs are not waiting for a congressional hearing or a GAO report. They are adapting now. The question is whether the government can adapt too. Based on the history I&#8217;ve documented in my forthcoming book <em>Soft Target</em>, the honest answer is: probably not, unless we change the way we think about what fraud prevention actually requires in the age of AI. Adversarial machine learning is not a niche concern for computer scientists. It is the next chapter of government fraud. We should start reading it now.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading GovIntegrity ! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[What’s Missing Is Not Another Task Force]]></title><description><![CDATA[Why directing agencies to stop fraud and giving them the tools to do it are very different things]]></description><link>https://govintegrity.substack.com/p/whats-missing-is-not-another-task</link><guid isPermaLink="false">https://govintegrity.substack.com/p/whats-missing-is-not-another-task</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Mon, 23 Mar 2026 19:30:57 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1572553284541-61004a19681a?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyMHx8bGFyZ2UlMjBjb25mZXJlbmNlJTIwdGFibGV8ZW58MHx8fHwxNzc0Mjk0MDIzfDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>The Executive Order signed March 16th establishing a Task Force to Eliminate Fraud is built on a familiar fantasy: that the federal government can solve an industrialized systems problem by convening meetings and documenting priorities. It cannot. And the networks exploiting that gap already know it.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1572553284541-61004a19681a?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyMHx8bGFyZ2UlMjBjb25mZXJlbmNlJTIwdGFibGV8ZW58MHx8fHwxNzc0Mjk0MDIzfDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1572553284541-61004a19681a?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyMHx8bGFyZ2UlMjBjb25mZXJlbmNlJTIwdGFibGV8ZW58MHx8fHwxNzc0Mjk0MDIzfDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1572553284541-61004a19681a?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyMHx8bGFyZ2UlMjBjb25mZXJlbmNlJTIwdGFibGV8ZW58MHx8fHwxNzc0Mjk0MDIzfDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1572553284541-61004a19681a?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyMHx8bGFyZ2UlMjBjb25mZXJlbmNlJTIwdGFibGV8ZW58MHx8fHwxNzc0Mjk0MDIzfDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1572553284541-61004a19681a?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyMHx8bGFyZ2UlMjBjb25mZXJlbmNlJTIwdGFibGV8ZW58MHx8fHwxNzc0Mjk0MDIzfDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1572553284541-61004a19681a?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyMHx8bGFyZ2UlMjBjb25mZXJlbmNlJTIwdGFibGV8ZW58MHx8fHwxNzc0Mjk0MDIzfDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="5184" height="2912" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1572553284541-61004a19681a?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyMHx8bGFyZ2UlMjBjb25mZXJlbmNlJTIwdGFibGV8ZW58MHx8fHwxNzc0Mjk0MDIzfDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:2912,&quot;width&quot;:5184,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;rectangular brown wooden table with chairs&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="rectangular brown wooden table with chairs" title="rectangular brown wooden table with chairs" srcset="https://images.unsplash.com/photo-1572553284541-61004a19681a?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyMHx8bGFyZ2UlMjBjb25mZXJlbmNlJTIwdGFibGV8ZW58MHx8fHwxNzc0Mjk0MDIzfDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1572553284541-61004a19681a?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyMHx8bGFyZ2UlMjBjb25mZXJlbmNlJTIwdGFibGV8ZW58MHx8fHwxNzc0Mjk0MDIzfDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1572553284541-61004a19681a?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyMHx8bGFyZ2UlMjBjb25mZXJlbmNlJTIwdGFibGV8ZW58MHx8fHwxNzc0Mjk0MDIzfDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1572553284541-61004a19681a?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyMHx8bGFyZ2UlMjBjb25mZXJlbmNlJTIwdGFibGV8ZW58MHx8fHwxNzc0Mjk0MDIzfDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@amravazzi">Andr&#233; Ravazzi</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><p>The Executive Order is not without specificity. It names nine cabinet departments and four additional agencies. It sets concrete deadlines: 30 days for agencies to identify their most vulnerable transactions, 60 days for the task force to establish minimum anti-fraud requirements, 90 days for each member agency to submit implementation plans. It activates the False Claims Act to enable private civil enforcement. It threatens to withhold federal funds from states that fail to comply.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>That coordination architecture is needed.  But coordination is not the same as capability. And that distinction is the whole problem.</p><p>What this order cannot do&#8212; and does not do&#8212; is give agencies the tools to act on what they are being told to prioritize. It directs. It does not equip. The gap between those two things is where fraud lives.</p><p><strong>The threat has already outgrown the system.</strong></p><p>The federal government is no longer dealing with isolated bad actors or marginal abuse. It is up against industrialized fraud&#8212;organized networks that treat federal programs as a coordinated revenue stream and operate across programs, states, and borders simultaneously.</p><p>They are not guessing. They understand the system&#8217;s architecture better than the agencies that built it. They know identity verification is inconsistent across programs. They know data is siloed. They know that even when fraud is detected, enforcement is slow and consequence is rare. So they design around it.</p><p>They generate thousands of identities&#8212;stolen, synthetic, slightly varied to defeat basic matching. They file claims across unemployment insurance, Medicaid, tax credits, housing assistance, and small business programs in parallel. They probe, learn, and scale what works.</p><p>They do not think in terms of programs. They think in terms of access points. The system, as currently designed, rewards that approach. No coordination mandate changes that.</p><p><strong>What the order gets right&#8212;and why it still falls short.</strong></p><p>Section 4 of the order calls for the right things: pre-payment integrity controls, cross-program risk indicators, eligibility verification, provider revalidation, and data-sharing with states. These are not wrong. They are, in fact, exactly what is needed.</p><p>The problem is the mechanism. Agencies are being asked to build these capabilities on top of systems that were never designed for real-time analytics, cross-program visibility, or entity resolution at scale. The order does not provide new technology infrastructure. It does not provide new funding&#8212;Section 7 explicitly conditions implementation on &#8220;the availability of appropriations.&#8221; And it does not provide the legal authority to share data across programs that genuine fraud detection requires.</p><p>So what happens? Agencies write plans. They add documentation requirements to existing workflows. They tighten rules at the margins. Meanwhile, the adversary is running automated, cross-program campaigns.</p><p>That is the technological gap. It will not close through planning.</p><p><strong>A note on framing.</strong></p><p>The order&#8217;s purpose section frames fraud primarily as a problem of immigration, state political noncompliance, and bad faith actors in specific communities. That framing has real policy consequences.</p><p>The largest fraud vectors in the federal system&#8212;Medicare and Medicaid billing fraud, pandemic-era relief program exploitation, refundable tax credit schemes, and defense contractor overbilling&#8212;cut across demographic and political lines. Treating fraud primarily as an immigration problem misdirects enforcement attention and misidentifies the structural vulnerabilities that make large-scale fraud possible. It attributes to politics what is largely a systems failure.</p><p>Effective fraud prevention depends on federal-state data-sharing and operational cooperation. An adversarial posture that leads with fund-withholding threats before building shared infrastructure and trust will almost certainly undermine the very partnerships the task force needs to succeed. Leverage is only useful if the underlying relationship can bear it.</p><p><strong>The four barriers that won&#8217;t move without structural action.</strong></p><p><em>Infrastructure.</em> The federal government does not have a common decision layer for payments. Each agency runs its own systems. Each program evaluates risk in isolation. Even when agencies are directed to adopt pre-disbursement controls, they are doing it without cross-program visibility&#8212;detecting only the fraud they can see, while coordinated networks exploit the gaps between programs.</p><p>The government needs a centralized operational layer&#8212;a shared data analytics and entity resolution platform, with interoperability between federal and state systems, that can see across programs, link identities, and generate risk signals in real time, before funds are disbursed. An executive order cannot build that. It requires sustained technology investment and, in some cases, new legislation.</p><p><em>Legal authority.</em> Section 3(iv) calls for improved information and data sharing between federal agencies and state partners. That is badly needed. But it runs directly into a legal framework that was not built for real-time fraud prevention. Privacy rules, program-specific confidentiality provisions, and statutory restrictions limit how data can be used and shared&#8212;even among agencies trying to detect the same fraud network operating across programs.</p><p>Fixing this requires clear statutory authority for fraud-prevention data sharing, with strong safeguards and accountability. It requires enabling techniques like privacy-preserving record linkage, so agencies can identify shared entities and risk patterns without exposing underlying personal data. The order cannot grant that authority. Congress can.</p><p><em>Incentives.</em> The federal bureaucratic system is not designed to reward aggressive fraud detection. In many agencies, it actively discourages it. Identifying fraud can attract oversight scrutiny, slow payment timelines, and generate political exposure. The institutional path of least resistance is to do just enough.</p><p>An executive order can make fraud a White House priority, but it cannot restructure the performance metrics and accountability frameworks that shape behavior inside agencies. Until fraud prevention becomes a measurable expectation&#8212;not an optional enhancement&#8212;coordination will coexist with avoidance.</p><p><em>Resources.</em> The order sets deadlines without providing funding. Agencies are being told to strengthen controls, modernize systems, and improve detection&#8212;all of which require real investment in technology, data infrastructure, and skilled personnel. The scale of potential savings is enormous. Hundreds of billions of dollars annually. But realizing those savings requires treating prevention as infrastructure, not overhead.</p><p>&#8220;Subject to availability of appropriations&#8221; is not a funding commitment. It is a hedge. And it is the single phrase most likely to determine whether this order produces lasting change.</p><p><strong>What forward actually looks like.</strong></p><p>The order&#8217;s False Claims Act provision directing the Attorney General to promote private civil enforcement is a retrospective mechanism. It recovers losses after fraud has already occurred. Meaningful progress requires the opposite logic: stopping fraud before the payment is made.</p><p>That means building what this order points toward but cannot create on its own. A shared operational layer that evaluates identity, eligibility, and risk before funds are disbursed. A privacy-preserving entity resolution platform that generates cross-program risk signals in real time. A consistent, government-wide view of who receives federal funds. Legal authorities that enable responsible data sharing across programs and with states. Performance metrics that hold agencies accountable for fraud prevention outcomes, not just payment speed.</p><p>None of this is beyond reach. Several countries have built versions of it. A number of states have moved in this direction on a smaller scale. The technical approaches exist. What has been missing is the political will to fund them and the institutional honesty to treat fraud prevention as an urgent, governmentwide challenge rather than a compliance exercise. This order demonstrates the first without committing to the second.</p><p>Congress must provide both statutory authority and sustained appropriations.  OMB must establish prevention-based performance standards. And there needs to be a multi-year investment in shared federal infrastructure. The framing must be centered on systems failure, not partisan politics, because that is where the vulnerability actually lives.</p><p>The Executive Order opens the door. But it does not build the system.</p><p>What&#8217;s missing is not another task force. It is a system that can say no before the money goes out.</p><p>Until that system exists, the federal government will keep doing what it has always done: paying first and investigating later. The task force will coordinate that process. It will not change it. And the networks running industrialized fraud campaigns against federal programs already know the difference.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The $100 Billion Medicare Fraud Racket You've Never Heard Of]]></title><description><![CDATA[What's happening in Florida proves that fraud is not just a "blue state" issue]]></description><link>https://govintegrity.substack.com/p/the-100-billion-medicare-fraud-racket</link><guid isPermaLink="false">https://govintegrity.substack.com/p/the-100-billion-medicare-fraud-racket</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Sat, 21 Mar 2026 12:33:51 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1581594693702-fbdc51b2763b?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibG9vZCUyMHRlc3R8ZW58MHx8fHwxNzc0MDM5MDU1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>If you believe government fraud is mainly a blue-state problem driven by overly generous benefits, the letter the administration just sent to Florida complicates that story.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1581594693702-fbdc51b2763b?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibG9vZCUyMHRlc3R8ZW58MHx8fHwxNzc0MDM5MDU1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1581594693702-fbdc51b2763b?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibG9vZCUyMHRlc3R8ZW58MHx8fHwxNzc0MDM5MDU1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1581594693702-fbdc51b2763b?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibG9vZCUyMHRlc3R8ZW58MHx8fHwxNzc0MDM5MDU1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1581594693702-fbdc51b2763b?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibG9vZCUyMHRlc3R8ZW58MHx8fHwxNzc0MDM5MDU1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1581594693702-fbdc51b2763b?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibG9vZCUyMHRlc3R8ZW58MHx8fHwxNzc0MDM5MDU1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1581594693702-fbdc51b2763b?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibG9vZCUyMHRlc3R8ZW58MHx8fHwxNzc0MDM5MDU1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="5184" height="3456" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1581594693702-fbdc51b2763b?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibG9vZCUyMHRlc3R8ZW58MHx8fHwxNzc0MDM5MDU1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:3456,&quot;width&quot;:5184,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;white and red plastic tools&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="white and red plastic tools" title="white and red plastic tools" srcset="https://images.unsplash.com/photo-1581594693702-fbdc51b2763b?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibG9vZCUyMHRlc3R8ZW58MHx8fHwxNzc0MDM5MDU1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1581594693702-fbdc51b2763b?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibG9vZCUyMHRlc3R8ZW58MHx8fHwxNzc0MDM5MDU1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1581594693702-fbdc51b2763b?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibG9vZCUyMHRlc3R8ZW58MHx8fHwxNzc0MDM5MDU1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1581594693702-fbdc51b2763b?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxibG9vZCUyMHRlc3R8ZW58MHx8fHwxNzc0MDM5MDU1fDA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@nci">National Cancer Institute</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><p>This week, the Centers for Medicare and Medicaid Services sent a scathing letter to the Governor detailing the state&#8217;s &#8220;well-documented history of health care fraud&#8221; and demanding a detailed accounting of how it oversees its Medicaid program. Florida has 30 days to respond.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>You don&#8217;t send that kind of letter unless the problem is persistent. And in South Florida, it&#8217;s an epidemic&#8212;one that has even penetrated the oversight apparatus itself.</p><p>Consider the case of Manuel Delgado, an accreditation inspector who pleaded guilty last year to conspiracy to obstruct HHS and CMS in their oversight of Medicare. Delgado&#8217;s job was to review durable medical equipment companies to determine whether they met CMS quality standards &#8212;accreditation that was required before a company could bill Medicare. </p><p>Instead, he not only took cash bribes from DME company owners to rubber-stamp their applications, but he set up his own DME companies in the names of family members, inspected them himself, obtained their accreditation, and sold the now-Medicare-enrolled shells to others. The estimated value of the companies he fraudulently accredited exceeded $1.4 million.</p><p>Delgado is just one node in a South Florida machine that has corrupted every stage of the Medicare pipeline from accreditation to ordering to billing to payment. The same ecosystem has been producing billion-dollar fraud schemes year after year.</p><p>The cases are alarming in scale. One recent Florida case cost taxpayers $1 billion. A healthcare software company helped generate false doctor&#8217;s orders at scale, which were then used to bill Medicare for braces and equipment patients never needed. This was infrastructure&#8212;an assembly line for converting fake medical necessity into real payments. In another case, executives were convicted in a $34 million scheme targeting elderly beneficiaries. Another supplier was sentenced in a $61 million fraud. Thousands of unnecessary devices shipped to patients who never asked for them, each one triggering a reimbursement.</p><p>Genetic testing runs the same playbook. A Florida lab owner pleaded guilty to a $52 million fraud built on telemarketing and kickbacks. Seniors were called and offered &#8220;free&#8221; cancer screenings. Doctors with no relationship to the patient signed the orders. Labs billed Medicare. A telemarketer was sentenced in a separate $67 million scheme pushing unnecessary genetic tests through call centers. One former investigator I spoke with said these fraud call centers are ubiquitous across South Florida.</p><p>What&#8217;s operating here is not a crime wave. It is an industry with its own supply chains, labor markets, and&#8212;as the Delgado case makes clear&#8212;its own corrupted gatekeepers. Telemarketers find the patients. Orders are obtained through deception or outright fabrication. Crooked inspectors wave the suppliers through. Providers and suppliers bill at volume. Money moves fast. By the time enforcement arrives, the payments are gone.</p><p>The CMS letter points to Florida&#8217;s outsized role in the 2025 national healthcare fraud takedown&#8212;more than <strong>$100 billion</strong> in alleged fraud tied to telemedicine, genetic testing, and durable medical equipment. It flags the same patterns in Medicaid: home services billed but not delivered, transportation that never occurred, behavioral health claims for services that didn&#8217;t happen. The model travels across programs throughout the state.</p><p>These schemes persist because the system makes them possible.</p><ul><li><p>Enrollment pathways let questionable actors in. The screening framework under 42 CFR &#167; 424.518 catches a few at the door, but checks occur primarily at enrollment and revalidation every five years, leaving vast gaps in between.</p></li><li><p>The inspectors charged with keeping them out can be bought.</p></li><li><p>Data is fragmented across Medicare Administrative Contractors, state Medicaid programs, and law enforcement agencies, with no shared real-time system connecting them.</p></li><li><p>Analytics are limited. CMS lacks the continuous, risk-scored monitoring that financial regulators use to detect suspicious transaction patterns as they emerge.</p></li><li><p>Payment systems are designed to move money quickly, not to verify before paying; claims are processed and paid automatically, with medical necessity review happening after the fact, if at all.</p></li><li><p>And when fraud is detected, the revocation process under &#167; 424.535 requires CMS to build an individualized case against each supplier one at a time &#8212; a pace that is structurally mismatched against criminal networks operating dozens of shell companies simultaneously. Enforcement comes after the fact, and by then, the money is long gone.</p></li></ul><p>Florida sits at the center of this because the state has proven to be an efficient place for these models to scale. Dense healthcare markets, large Medicare populations, established telemarketing networks, and regulatory gaps create an environment where the same schemes recur with new actors and larger dollar amounts.</p><p>The current administration has framed government fraud as a problem of Democratic governance&#8212;bloated programs, lax oversight, blue-state permissiveness. Florida undermines that narrative completely. This is a state with Republican leadership at every level of government, and it has been the single largest source of Medicare and Medicaid fraud in the country for years. These schemes did not emerge from overly generous benefits or progressive policy. They emerged from gaps in enrollment, oversight, and payment infrastructure that exist everywhere&#8212;and that Florida, by every measure, has failed to close.</p><p>Fraud isn&#8217;t a Democratic issue or a Republican one. <br>Fraud follows opportunity. And the system is still providing it.</p><p></p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!FVur!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c401ad3-5439-4673-a416-78cce3e6a0d6_1286x1655.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!FVur!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c401ad3-5439-4673-a416-78cce3e6a0d6_1286x1655.jpeg 424w, https://substackcdn.com/image/fetch/$s_!FVur!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c401ad3-5439-4673-a416-78cce3e6a0d6_1286x1655.jpeg 848w, https://substackcdn.com/image/fetch/$s_!FVur!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c401ad3-5439-4673-a416-78cce3e6a0d6_1286x1655.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!FVur!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c401ad3-5439-4673-a416-78cce3e6a0d6_1286x1655.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!FVur!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c401ad3-5439-4673-a416-78cce3e6a0d6_1286x1655.jpeg" width="1286" height="1655" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/3c401ad3-5439-4673-a416-78cce3e6a0d6_1286x1655.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1655,&quot;width&quot;:1286,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:227922,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://govintegrity.substack.com/i/191667224?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F49443445-b204-4dce-95fd-b7fe67f0ac7c_1700x2200.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!FVur!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c401ad3-5439-4673-a416-78cce3e6a0d6_1286x1655.jpeg 424w, https://substackcdn.com/image/fetch/$s_!FVur!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c401ad3-5439-4673-a416-78cce3e6a0d6_1286x1655.jpeg 848w, https://substackcdn.com/image/fetch/$s_!FVur!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c401ad3-5439-4673-a416-78cce3e6a0d6_1286x1655.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!FVur!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F3c401ad3-5439-4673-a416-78cce3e6a0d6_1286x1655.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!Qxxh!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F380b0df9-07f7-440f-883e-7b1bd52ae662_1171x1587.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!Qxxh!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F380b0df9-07f7-440f-883e-7b1bd52ae662_1171x1587.jpeg 424w, https://substackcdn.com/image/fetch/$s_!Qxxh!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F380b0df9-07f7-440f-883e-7b1bd52ae662_1171x1587.jpeg 848w, https://substackcdn.com/image/fetch/$s_!Qxxh!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F380b0df9-07f7-440f-883e-7b1bd52ae662_1171x1587.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!Qxxh!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F380b0df9-07f7-440f-883e-7b1bd52ae662_1171x1587.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!Qxxh!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F380b0df9-07f7-440f-883e-7b1bd52ae662_1171x1587.jpeg" width="1171" height="1587" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/380b0df9-07f7-440f-883e-7b1bd52ae662_1171x1587.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1587,&quot;width&quot;:1171,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:485994,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://govintegrity.substack.com/i/191667224?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F78ac78e5-2625-444d-b6d8-ba464cb5a8c0_1700x2200.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!Qxxh!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F380b0df9-07f7-440f-883e-7b1bd52ae662_1171x1587.jpeg 424w, https://substackcdn.com/image/fetch/$s_!Qxxh!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F380b0df9-07f7-440f-883e-7b1bd52ae662_1171x1587.jpeg 848w, https://substackcdn.com/image/fetch/$s_!Qxxh!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F380b0df9-07f7-440f-883e-7b1bd52ae662_1171x1587.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!Qxxh!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F380b0df9-07f7-440f-883e-7b1bd52ae662_1171x1587.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://substackcdn.com/image/fetch/$s_!gcRA!,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F510fa3f7-1ea8-4a63-8eb3-bd6015e1ee0b_1339x1671.jpeg" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://substackcdn.com/image/fetch/$s_!gcRA!,w_424,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F510fa3f7-1ea8-4a63-8eb3-bd6015e1ee0b_1339x1671.jpeg 424w, https://substackcdn.com/image/fetch/$s_!gcRA!,w_848,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F510fa3f7-1ea8-4a63-8eb3-bd6015e1ee0b_1339x1671.jpeg 848w, https://substackcdn.com/image/fetch/$s_!gcRA!,w_1272,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F510fa3f7-1ea8-4a63-8eb3-bd6015e1ee0b_1339x1671.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!gcRA!,w_1456,c_limit,f_webp,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F510fa3f7-1ea8-4a63-8eb3-bd6015e1ee0b_1339x1671.jpeg 1456w" sizes="100vw"><img src="https://substackcdn.com/image/fetch/$s_!gcRA!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F510fa3f7-1ea8-4a63-8eb3-bd6015e1ee0b_1339x1671.jpeg" width="1339" height="1671" data-attrs="{&quot;src&quot;:&quot;https://substack-post-media.s3.amazonaws.com/public/images/510fa3f7-1ea8-4a63-8eb3-bd6015e1ee0b_1339x1671.jpeg&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:1671,&quot;width&quot;:1339,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:454181,&quot;alt&quot;:null,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpeg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:true,&quot;topImage&quot;:false,&quot;internalRedirect&quot;:&quot;https://govintegrity.substack.com/i/191667224?img=https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F564487d6-1f63-42cb-850a-957746d68d66_1700x2200.jpeg&quot;,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="" srcset="https://substackcdn.com/image/fetch/$s_!gcRA!,w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F510fa3f7-1ea8-4a63-8eb3-bd6015e1ee0b_1339x1671.jpeg 424w, https://substackcdn.com/image/fetch/$s_!gcRA!,w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F510fa3f7-1ea8-4a63-8eb3-bd6015e1ee0b_1339x1671.jpeg 848w, https://substackcdn.com/image/fetch/$s_!gcRA!,w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F510fa3f7-1ea8-4a63-8eb3-bd6015e1ee0b_1339x1671.jpeg 1272w, https://substackcdn.com/image/fetch/$s_!gcRA!,w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F510fa3f7-1ea8-4a63-8eb3-bd6015e1ee0b_1339x1671.jpeg 1456w" sizes="100vw" loading="lazy"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a></figure></div><p></p><p></p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Washington’s September Spending Spree]]></title><description><![CDATA[A $98,000 piano, a $93 billion month, and the quiet design flaw that erodes trust in government]]></description><link>https://govintegrity.substack.com/p/washingtons-september-spending-spree</link><guid isPermaLink="false">https://govintegrity.substack.com/p/washingtons-september-spending-spree</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Mon, 16 Mar 2026 17:25:01 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1640328441918-531bf97d0d13?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxzdGVpbndheSUyMHBpYW5vfGVufDB8fHx8MTc3MzY4MTYzMXww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>A $98,000 Steinway piano for a senior Air Force residence is the kind of government purchase that travels fast online. The number is trivial against the Pentagon&#8217;s nearly $900 billion annual budget. But that&#8217;s not why it spread.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1640328441918-531bf97d0d13?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxzdGVpbndheSUyMHBpYW5vfGVufDB8fHx8MTc3MzY4MTYzMXww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1640328441918-531bf97d0d13?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxzdGVpbndheSUyMHBpYW5vfGVufDB8fHx8MTc3MzY4MTYzMXww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1640328441918-531bf97d0d13?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxzdGVpbndheSUyMHBpYW5vfGVufDB8fHx8MTc3MzY4MTYzMXww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1640328441918-531bf97d0d13?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxzdGVpbndheSUyMHBpYW5vfGVufDB8fHx8MTc3MzY4MTYzMXww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1640328441918-531bf97d0d13?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxzdGVpbndheSUyMHBpYW5vfGVufDB8fHx8MTc3MzY4MTYzMXww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1640328441918-531bf97d0d13?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxzdGVpbndheSUyMHBpYW5vfGVufDB8fHx8MTc3MzY4MTYzMXww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="6256" height="3992" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1640328441918-531bf97d0d13?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxzdGVpbndheSUyMHBpYW5vfGVufDB8fHx8MTc3MzY4MTYzMXww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:3992,&quot;width&quot;:6256,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;a glass of wine sitting on top of a red piano&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="a glass of wine sitting on top of a red piano" title="a glass of wine sitting on top of a red piano" srcset="https://images.unsplash.com/photo-1640328441918-531bf97d0d13?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxzdGVpbndheSUyMHBpYW5vfGVufDB8fHx8MTc3MzY4MTYzMXww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1640328441918-531bf97d0d13?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxzdGVpbndheSUyMHBpYW5vfGVufDB8fHx8MTc3MzY4MTYzMXww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1640328441918-531bf97d0d13?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxzdGVpbndheSUyMHBpYW5vfGVufDB8fHx8MTc3MzY4MTYzMXww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1640328441918-531bf97d0d13?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwyfHxzdGVpbndheSUyMHBpYW5vfGVufDB8fHx8MTc3MzY4MTYzMXww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@metacrypto">D Z</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><p>Stories like this tap into a widespread belief that Washington spends public money with far less discipline than American families and businesses must apply to their own finances. That perception has fueled a growing appetite to root out waste &#8212; propelling ideas like the &#8220;Department of Government Efficiency&#8221; into the national conversation across party lines.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>But the Steinway piano is really a symptom of something more structural.</p><p><strong>The problem is the calendar.</strong></p><p>Every September, as the federal fiscal year approaches its end, government spending surges. Agencies rush to obligate funds Congress appropriated for that year, because unspent money can expire &#8212; and leaving money on the table can mean a smaller budget next time around.</p><p>Budget insiders call it &#8220;use it or lose it.&#8221;</p><p>This year, the scale of the surge drew unusual attention. Federal procurement data showed the Department of Defense obligated $93.4 billion in September 2025, the highest monthly total ever recorded for any federal agency. More than $50 billion was committed in the final five working days of the fiscal year alone.</p><p>The scale may be an outlier, but the pattern isn&#8217;t new, and it isn&#8217;t partisan. Researchers have documented year-end spending spikes for decades. Agency managers face real pressure to obligate every dollar before the clock runs out on September 30.</p><p>The result is a predictable surge driven not by strategic planning, but by a deadline.</p><p>When billions must move in the final days of the fiscal year, contracting offices get overwhelmed, timelines compress, and vendors know agencies are trying to close out their books. The system quietly rewards speed of spending over quality of spending decisions.</p><p>None of this <em>necessarily</em> means corruption, or even waste. Many September contracts fund legitimate operational needs: equipment purchases, technology upgrades, services that support agency missions. But the optics matter.</p><p>A $98,000 piano is a rounding error in the defense budget. What it isn&#8217;t is invisible. Purchases like that become symbols of a government that appears to spend first and scrutinize later, and those symbols feed a broader crisis of confidence in how public money is managed.</p><p>The stakes are real. The Government Accountability Office estimates that fraud across federal programs costs up to $521 billion annually. Improper payments &#8212; fraud, overpayments, administrative errors &#8212; totaled $236 billion in fiscal year 2023 alone. Those figures dwarf any individual questionable purchase.</p><p>But public trust is built by stories. And when taxpayers keep encountering stories about odd or unnecessary government purchases, they reinforce the belief that the system itself is broken.</p><p>It doesn&#8217;t have to be.</p><p><strong>Fixing the calendar problem doesn&#8217;t require tearing the system down.</strong></p><p>Three targeted reforms could significantly reduce the pressure behind year-end spending surges. <br><br>One, Congress could allow agencies limited carryover authority &#8212; letting them roll a portion of unused funds into the following fiscal year, rather than racing to spend every dollar by September 30. </p><p>Two, certain categories of spending, particularly technology, could move to multi-year timelines that better reflect how long-term projects actually work. Software development, modernization projects, and IT infrastructure rarely fit neatly into a twelve-month funding window, and forcing them to do so produces exactly the kind of fragmented, rushed procurement that drives up costs and under-delivers on outcomes. Multi-year authority would let agencies build relationships with vendors, hold them accountable across the full arc of a project, and make smarter tradeoffs &#8212; instead of starting from scratch each October. </p><p>Three, Congress could also require agencies to flag and justify any contracts obligated in the final ten working days of the fiscal year, creating a paper trail that invites scrutiny rather than just producing data that sits in a database.</p><p>None of these changes would eliminate September spending. Annual appropriations remain central to congressional control over public funds. But they could begin to realign the system&#8217;s incentives with what taxpayers reasonably expect: careful planning, disciplined decisions, and spending driven by mission needs, not the calendar.</p><p>The $98,000 piano will fade from the headlines. The incentive structure that produced it will persist, unless something changes.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Necessary. Not Sufficient.]]></title><description><![CDATA[On Washington's new approach to fraud, and its limits]]></description><link>https://govintegrity.substack.com/p/necessary-not-sufficient</link><guid isPermaLink="false">https://govintegrity.substack.com/p/necessary-not-sufficient</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Thu, 12 Mar 2026 10:14:47 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1705056508589-a87485825dc1?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxmcmF1ZHxlbnwwfHx8fDE3NzMyNDcwMDV8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>When the White House updates a regulation governing operational and financial controls, news outlets rarely clear the front page. So the Office of Management and Budget&#8217;s revised version of OMB Circular A-123, released earlier this week, will surely escape the attention of all but the closest observers of federal government.</p><p>But the new circular deserves attention, if only because it brightens the spotlight on fraud prevention in the government.</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1705056508589-a87485825dc1?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxmcmF1ZHxlbnwwfHx8fDE3NzMyNDcwMDV8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1705056508589-a87485825dc1?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxmcmF1ZHxlbnwwfHx8fDE3NzMyNDcwMDV8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1705056508589-a87485825dc1?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxmcmF1ZHxlbnwwfHx8fDE3NzMyNDcwMDV8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1705056508589-a87485825dc1?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxmcmF1ZHxlbnwwfHx8fDE3NzMyNDcwMDV8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1705056508589-a87485825dc1?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxmcmF1ZHxlbnwwfHx8fDE3NzMyNDcwMDV8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1705056508589-a87485825dc1?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxmcmF1ZHxlbnwwfHx8fDE3NzMyNDcwMDV8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="3999" height="2667" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1705056508589-a87485825dc1?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxmcmF1ZHxlbnwwfHx8fDE3NzMyNDcwMDV8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:2667,&quot;width&quot;:3999,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;scrabble tiles spelling out the names of different languages&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="scrabble tiles spelling out the names of different languages" title="scrabble tiles spelling out the names of different languages" srcset="https://images.unsplash.com/photo-1705056508589-a87485825dc1?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxmcmF1ZHxlbnwwfHx8fDE3NzMyNDcwMDV8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1705056508589-a87485825dc1?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxmcmF1ZHxlbnwwfHx8fDE3NzMyNDcwMDV8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1705056508589-a87485825dc1?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxmcmF1ZHxlbnwwfHx8fDE3NzMyNDcwMDV8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1705056508589-a87485825dc1?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxmcmF1ZHxlbnwwfHx8fDE3NzMyNDcwMDV8MA&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@markuswinkler">Markus Winkler</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><p>At first glance, the update looks like a meaningful shift. The circular explicitly emphasizes fraud, waste, and abuse as risks agencies must identify and manage. It directs agencies to consider fraud scenarios in their risk assessments, integrate fraud risks into enterprise risk management, and strengthen preventive internal controls.</p><p>In a government where fraud has long been treated primarily as a law-enforcement problem, that framing matters. The Government Accountability Office estimates the federal government loses up to $521 billion annually to fraud&#8212;losses that occur because public systems were never designed to defend themselves against organized, technology-enabled crime.</p><p>Recognizing fraud as a management risk is a necessary step.</p><p>It is not a sufficient one.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p><strong>Still Siloed and Compliance-Focused</strong></p><p>The mechanism Washington is using to implement this reform&#8212;Circular A-123&#8212;has historically functioned as a compliance exercise administered by Chief Financial Officer offices. That matters because the systems that determine whether fraud is actually prevented rarely sit in the CFO shop.</p><p>Eligibility rules, payment processing systems, identity verification tools, grant management platforms, and transaction analytics are typically owned by program offices or IT organizations. The financial management staff responsible for A-123 assurance statements often have limited authority over those operational systems. And without dedicated resources to build real fraud prevention capability, the CFO&#8217;s budget authority translates to limited operational influence over the systems where fraud actually happens.</p><p>The result is that many agencies experience A-123 not as a catalyst for program redesign but as an annual documentation cycle: risk assessments are conducted, control matrices are updated, assurance statements are prepared for OMB. The exercise can improve financial reporting discipline. It rarely changes the way federal programs defend themselves against sophisticated fraud.</p><p>This is the governance gap.</p><p>A structural reform that could materially strengthen fraud prevention would be the establishment of clear government-wide fraud leadership. Countries including the United Kingdom, Australia, and New Zealand have created centralized authorities responsible for coordinating fraud detection, analytics, and prevention across public programs. The United States still manages fraud largely program-by-program, with no single entity responsible for cross-government fraud strategy.</p><p>A more coherent approach would place that coordination at the center of federal fraud management&#8212;not to centralize program administration, but to ensure fraud prevention is treated as a government-wide operational mission rather than a fragmented compliance activity addressed separately within hundreds of individual programs.</p><p>Three additional realities the circular leaves unaddressed compound the problem.</p><p><strong>The first reality is technology.</strong><br><br>Modern fraud schemes operate at digital scale. Criminal networks exploit automated enrollment systems, stolen identities, botnets, and coordinated claims infrastructure. Defending against those threats requires agencies to deploy real-time analytics capable of identifying suspicious patterns before payments are released.</p><p>Most federal programs still rely on documentation-based, manual review processes or retrospective audits to identify fraud after money has already left. By the time investigators identify a scheme, the funds have typically been laundered and wired offshore.</p><p>Real-time detection systems&#8212;similar to those financial institutions use to screen transactions&#8212;can identify anomalies such as identity reuse across programs, coordinated application networks, or abnormal claims patterns before payments are made. Deploying those tools requires operational investment, data integration, and clear leadership accountability.</p><p>The revised circular states that management should prioritize preventive controls where possible and use detective controls where prevention is not feasible. But it stops well short of requiring agencies to deploy real-time transaction screening, network analytics, identity-resolution tools, or pre-payment risk scoring. Aspiration without mandate rarely moves federal agencies to act.</p><p><strong>The second reality is the law.<br></strong><br>Many of the most effective fraud prevention techniques require data matching across programs and agencies. Organized fraud rings don&#8217;t limit themselves to a single federal program&#8212;they often exploit multiple benefit systems simultaneously using shared identity infrastructure. Detecting those patterns requires seeing across programs.</p><p>Yet outdated federal privacy statutes often prevent agencies from conducting the kind of privacy-preserving record linkage necessary to identify coordinated fraud. Even when agencies recognize the risk, the legal authorities needed to share or match data across programs may not exist.</p><p>Executive branch guidance cannot solve that problem. Congress must modernize the legal framework governing federal data sharing to explicitly authorize secure, privacy-protective analytics across programs. Without that reform, agencies will continue to fight organized fraud with fragmented information&#8212;investigating each arm of an octopus without being permitted to see the body.</p><p><strong>The third reality is incentives.</strong><br><br>In most federal agencies, preventing fraud does not carry the same institutional weight as delivering program benefits quickly or obligating funds on schedule. Program managers are evaluated primarily on how efficiently they move money out the door, not on how effectively they prevent criminal exploitation of the programs they run.</p><p>That imbalance shapes behavior in predictable ways. Fraud prevention requires additional verification steps, investment in analytics, and the willingness to pause suspicious transactions&#8212;actions that slow program delivery and attract criticism when legitimate recipients experience delays. </p><div class="pullquote"><p>Without explicit leadership accountability for fraud outcomes, the rational bureaucratic choice is to prioritize speed over prevention. </p></div><p>Independent oversight is where accountability enters the equation. For decades, the Government Accountability Office has served as the federal government&#8217;s most important watchdog for systemic weaknesses in program integrity. GAO&#8217;s estimates of annual fraud losses have done more to elevate fraud prevention as a national policy issue than any internal reform effort.</p><p>As the new A-123 framework is implemented, GAO will play a critical role in determining whether agencies treat the circular as a meaningful management reform or simply another compliance requirement. Independent scrutiny can reveal whether agencies are conducting genuine fraud risk assessments, implementing preventive controls, and investing in analytic capabilities&#8212;or merely updating documentation. That distinction will determine whether this revision matters.</p><p>Circular A-123 moves the conversation forward. Recognizing fraud prevention as a core management responsibility, rather than a law-enforcement afterthought, is the right frame. But it&#8217;s far from enough given the sophistication and scale of today&#8217;s fraud environment.  </p><p>Stopping fraud at the scale the federal government faces will require real-time analytics, legislative reform enabling responsible data sharing, leadership accountability for fraud outcomes, and sustained oversight to ensure agencies treat prevention as a mission rather than a checkbox. Until those changes arrive, the United States will continue operating some of the largest financial programs in the world with defenses designed for a paper-era bureaucracy&#8212;in a digital criminal economy.</p><p>And the criminals know it.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p></p>]]></content:encoded></item><item><title><![CDATA[The United States Needs a Formal Pandemic Fraud Recovery Strategy]]></title><description><![CDATA[American taxpayers deserve a proactive effort to pursue the losses that remain cost effective and achievable]]></description><link>https://govintegrity.substack.com/p/the-united-states-needs-a-formal</link><guid isPermaLink="false">https://govintegrity.substack.com/p/the-united-states-needs-a-formal</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Thu, 05 Mar 2026 12:02:28 GMT</pubDate><enclosure url="https://substackcdn.com/image/fetch/$s_!pFUu!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F2bff0544-3033-4f73-9892-c7c4db96f33b_1024x1024.png" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>When governments move quickly during crises, they accept risk. That tradeoff is unavoidable. The COVID-19 pandemic required governments to push unprecedented volumes of money into the economy at unprecedented speed. It created the largest fraud event in our nation&#8217;s history.</p><div class="pullquote"><p>The policy question is whether governments treat pandemic losses as permanent or whether they organize a serious effort to recover what remains recoverable.</p></div><p>The United Kingdom has answered that question more directly than the United States. In late 2025, the U.K. government released the final report of its Covid Counter Fraud Commissioner, commissioned to examine the scale of pandemic losses and recommend a national strategy for pursuing recoveries and preventing similar failures in future crises. </p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>The report estimates that roughly &#163;10.9 billion in pandemic support was lost to fraud and error, and approximately &#163;1.8 billion has been recovered so far. The Commissioner&#8217;s central conclusion is not that recovery has failed, but that the government&#8217;s recovery effort has been uneven and incomplete&#8212;and that substantial recoverable losses remain if the government acts with sufficient coordination and urgency.</p><p>That conclusion carries important implications for the United States. American pandemic relief programs were far larger and more fragmented than their British counterparts. Federal and state programs delivered trillions of dollars through dozens of agencies, financial institutions, and contractors. The Government Accountability Office and Inspectors General have estimated that fraud losses across federal programs reached hundreds of billions of dollars. Yet despite the scale of those losses, the United States has never organized a unified national recovery strategy comparable to the one now emerging in the United Kingdom. Instead, recovery efforts remain distributed across agencies, inspectors general, and prosecutors, each pursuing cases within their own programmatic boundaries.</p><p>The British experience illustrates why that approach is insufficient. The Covid Counter Fraud Commissioner found that recovery activity varied significantly across government departments and that some departments were slow to pursue aggressive recovery efforts even after fraud risks became clear.</p><p>Fragmentation meant that the government lacked a clear picture of what was recoverable, where enforcement resources should be concentrated, and which recovery strategies were producing returns. Without a central mandate and shared expectations, recovery work competed with other operational priorities and often lost.</p><p>This dynamic is familiar in the United States. Pandemic relief programs were administered across multiple federal agencies, state governments, and financial institutions. Each program developed its own investigative posture and recovery strategy. Some agencies built sophisticated analytics and recovery teams. Others relied primarily on criminal enforcement, which is resource-intensive and necessarily selective. The result is a patchwork system in which recoveries occur episodically rather than systematically.</p><p>The U.K. report identifies another structural reality that should shape American policy: time is the decisive factor in fraud recovery. The Commissioner warns that the most effective window for recovering fraudulent payments occurs soon after a crisis, before evidence deteriorates and funds are moved beyond reach. When recovery efforts lag behind the pace of spending, the government effectively locks in avoidable losses.</p><p>The United States is already confronting this reality. Pandemic funds have circulated through complex financial channels, shell companies have dissolved, and records have become harder to reconstruct. Every year that passes reduces the probability that funds can be traced and recovered. That does not mean recovery is futile; it means recovery must be organized and prioritized while meaningful opportunities still exist.</p><p>The British government has also recognized that large-scale recovery cannot rely solely on criminal prosecutions. Criminal enforcement plays an essential role in deterring fraud and punishing the most serious offenders, but it is too slow and expensive to serve as the primary recovery mechanism for mass-scale program abuse. The Commissioner therefore proposed a <strong>voluntary repayment scheme</strong> that would allow individuals and businesses who improperly received pandemic support to return funds within a defined window. The goal is to create a low-cost mechanism for recovering money without requiring a full investigative process in every case.</p><p>This proposal reflects a pragmatic understanding that recovery requires a range of tools&#8212;from voluntary compliance to civil recovery to criminal enforcement&#8212;rather than a single investigative pathway.</p><p>Legal authorities and time limits also shape the feasibility of recovery. Recognizing that pandemic fraud often involves complex financial structures and delayed discovery, the United Kingdom has moved to <strong>extend the period during which authorities can pursue COVID-related fraud cases.</strong></p><p>This legislative adjustment acknowledges a basic reality of crisis spending: the speed of disbursement often exceeds the government&#8217;s ability to detect fraud in real time, meaning that meaningful enforcement frequently occurs years later. In the United States, we have extended the statute of limitations for pandemic fraud prosecutions in small business loan programs, but nowhere else. Congress must act to change this.</p><p>The report further highlights the importance of incentives inside government. Departments often struggle to justify dedicating staff and resources to recovery efforts when the financial benefits flow back to the central treasury rather than to the department that undertook the work. The Commissioner therefore recommends <strong>allowing departments to retain a portion of recovered funds</strong> to support additional fraud prevention and recovery activities.</p><p>Without such incentives, recovery becomes an unfunded mandate that competes with operational priorities.</p><p>Data access and transparency are another central theme. The report attributes many recovery challenges to the government&#8217;s inability to access and analyze relevant data quickly, particularly when funds flowed through third-party institutions. It recommends <strong>reforms to enable faster data sharing during crises</strong> and to establish minimum transparency requirements for organizations receiving public funds.</p><p>The logic is straightforward: if investigators cannot see how funds moved, they cannot recover them.</p><p>Finally, the report recognizes that recovery efforts lose momentum without sustained oversight. To prevent the issue from fading as public attention shifts, it recommends <strong>establishing a minister-chaired scrutiny panel</strong> that would review progress regularly for several years.</p><p>The purpose of such oversight is to ensure that departments remain accountable for pursuing recoveries and implementing reforms long after the crisis has passed.</p><p>Taken together, these recommendations outline a model that the United States should examine seriously. </p><div class="pullquote"><p>A National Pandemic Fraud Recovery Initiative would identify recoverable losses, prioritize high-yield recovery strategies, and align investigative, legal, and analytical resources around a common objective: maximizing recoveries while strengthening the government&#8217;s ability to prevent similar losses in future crises.</p></div><p>Such an initiative would begin with a comprehensive assessment of remaining recovery opportunities across major pandemic programs. It would establish a central coordinating function to align agencies and share data. It would deploy a range of recovery mechanisms, including voluntary repayment programs, civil recovery actions, and targeted criminal enforcement. It would ensure that agencies have both the legal authorities and the financial incentives needed to pursue recoveries. And it would establish a governance structure capable of sustaining attention to the problem over multiple years.</p><p>The broader lesson from the United Kingdom is that fraud recovery should not be treated as an afterthought to emergency spending. It is part of the lifecycle of crisis programs. When governments distribute funds rapidly to stabilize an economy, they must also plan for the inevitable task of recovering funds that were obtained improperly.</p><p>The United States responded to the pandemic with extraordinary fiscal speed and scale. That response helped avert a deeper economic collapse. But speed created vulnerabilities that criminal networks exploited on an industrial scale. Accepting those losses as permanent would represent a quiet but consequential policy choice.</p><p>Other governments have concluded that such losses deserve a more deliberate response. The United States should reach the same conclusion&#8212;and act before the window for meaningful recovery closes.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[Easier Than Opening a Bank Account]]></title><description><![CDATA[Freezing New Medicare Equipment Suppliers is a Good Start, but its Not Enough]]></description><link>https://govintegrity.substack.com/p/easier-than-opening-a-bank-account</link><guid isPermaLink="false">https://govintegrity.substack.com/p/easier-than-opening-a-bank-account</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Sat, 28 Feb 2026 16:30:48 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1571840615771-acc2e9f42641?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxiYW5rJTIwdGVsbGVyfGVufDB8fHx8MTc3MjI5NjE3Nnww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>Last week, the Trump administration did something that fraud investigators have been asking for for years. On February 25, CMS Administrator Mehmet Oz announced a nationwide moratorium on new Medicare enrollment for durable medical equipment suppliers. The full freeze on new applicants is being enacted while regulators figure out how to close a vulnerability that has cost American taxpayers billions of dollars over decades. In explaining why the moratorium was being put in place, Oz said, &#8220;The amount of fraud is so massive that it&#8217;s easier to open one of these suppliers than to open a bank account.&#8221;</p><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1571840615771-acc2e9f42641?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxiYW5rJTIwdGVsbGVyfGVufDB8fHx8MTc3MjI5NjE3Nnww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1571840615771-acc2e9f42641?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxiYW5rJTIwdGVsbGVyfGVufDB8fHx8MTc3MjI5NjE3Nnww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1571840615771-acc2e9f42641?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxiYW5rJTIwdGVsbGVyfGVufDB8fHx8MTc3MjI5NjE3Nnww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1571840615771-acc2e9f42641?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxiYW5rJTIwdGVsbGVyfGVufDB8fHx8MTc3MjI5NjE3Nnww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1571840615771-acc2e9f42641?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxiYW5rJTIwdGVsbGVyfGVufDB8fHx8MTc3MjI5NjE3Nnww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1571840615771-acc2e9f42641?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxiYW5rJTIwdGVsbGVyfGVufDB8fHx8MTc3MjI5NjE3Nnww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="11076" height="6816" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1571840615771-acc2e9f42641?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxiYW5rJTIwdGVsbGVyfGVufDB8fHx8MTc3MjI5NjE3Nnww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:6816,&quot;width&quot;:11076,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;grayscale photo of man holding paper&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="grayscale photo of man holding paper" title="grayscale photo of man holding paper" srcset="https://images.unsplash.com/photo-1571840615771-acc2e9f42641?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxiYW5rJTIwdGVsbGVyfGVufDB8fHx8MTc3MjI5NjE3Nnww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1571840615771-acc2e9f42641?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxiYW5rJTIwdGVsbGVyfGVufDB8fHx8MTc3MjI5NjE3Nnww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1571840615771-acc2e9f42641?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxiYW5rJTIwdGVsbGVyfGVufDB8fHx8MTc3MjI5NjE3Nnww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1571840615771-acc2e9f42641?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHwxfHxiYW5rJTIwdGVsbGVyfGVufDB8fHx8MTc3MjI5NjE3Nnww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@museumsvictoria">Museums Victoria</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><p>The excerpt below is adapted from my forthcoming book, <em>Soft Target: How Criminals Steal Billions from American Taxpayers and How to Stop Them</em>, which examines why the federal government keeps losing billions of dollars to fraud. Spoiler: it&#8217;s because the systems were never built to stop fraud, they were built on trust with the objective of moving benefits out to recipients quickly. </p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><p>The U.S. government has become a magnet for organized fraud, losing hundreds of billions every year. Who these fraud actors are, how they exploit government programs, and what we can do about it are the questions this book was written to answer.</p><p>----------------------------------------</p><p>In the beginning, confusion reigned. A small family-owned business in Tennessee with 16 employees was suddenly inundated with angry calls from people saying the company, Pretty in Pink Boutique, had charged Medicare for urinary catheters they did not need or use. The company&#8217;s owner was dumbfounded. She put a notice on her website alerting people that whatever was happening was unrelated to her company, which provides things like wigs and mastectomy bras to breast cancer patients, saying WE ARE NOT EVEN SET UP TO BILL CATHETERS.</p><p>At the time, February 2024, all that was clear was that something was very wrong. Early investigations pointed to seven companies, all of whom were longstanding Medicare suppliers in good standing, that were suddenly billing Medicare for outrageous numbers of intermittent urinary catheters. It made no sense. Soon, it came to light that the companies had recently switched owners, adding to the mystery. None of the companies had specialized in supplying intermittent urinary catheters before 2022, and yet in two years, the seven companies collectively went from billing just 14 patients for catheters to nearly 406,000.</p><p>The companies used real patients&#8217; information to submit the bills. To Medicare, the claims were unremarkable. The documentation was in order, the billing codes were correct. None of it was real, except the money, which was being deposited into accounts controlled by a network of shell companies. They, in turn, moved it through a U.S. bank, into cryptocurrency wallets, and eventually to Eastern Europe and Russia.</p><p>The organizers weren&#8217;t hackers. They didn&#8217;t break down digital doors or deploy malware onto a network of unsuspecting users&#8217; devices. They did something even more audacious: they bought the doors. Those seven durable medical equipment companies that were suddenly under new ownership were bought by leaders of a transnational criminal organization based in Eastern Europe. The new owners were foreign nationals, straw buyers the scheme&#8217;s masterminds recruited to appear on corporate documents, sign the necessary paperwork, and lend an American face to an operation run from thousands of miles away. These nominee owners received payments for their cooperation and in exchange, they asked few questions.</p><p>Behind them, coordinating the whole apparatus from Eastern Europe, was an organization whose members understood something essential about the American health care system: it was built on trust. Medicare processes hundreds of millions of claims each year. Its fraud-prevention infrastructure, while substantial, is oriented to detect patterns that deviate from the norm. So they built an operation that didn&#8217;t deviate. Instead, it mimicked the norm perfectly, at industrial scale. Catheters were the perfect foil. While Medicare only pays out about $8 for each catheter, billing in enormous quantities allowed for substantial profits. And because each catheter cost so little, the line item on each invoice would be too small to pay attention to. And the patients would rarely notice if the catheters showed up on an Explanation of Benefits that most people barely read.</p><p>The list of names was the basis of the scheme. More than one million Americans, living in all 50 states, most of them elderly or disabled, whose Social Security numbers, addresses, and medical histories had been compiled from years of stolen data. A portfolio of identities, sorted and ready to be deployed. Each one representing a real person&#8212;a neighbor, a parent, a grandmother&#8212;who would never know their medical history had been rented out to a criminal enterprise operating from an office building in another country. The highly coordinated, complex operation billed $10.6 billion in claims before it was done.</p><p>The Justice Department called it Operation Gold Rush.</p><p>It was an apt name. Because what had happened was, in its way, a gold rush&#8212; an organized, systematic extraction of wealth from American taxpayers, conducted by people who had done the work of understanding exactly where the gold was kept and how lightly it was guarded. On the morning of June 25, 2025, law enforcement officers moved on multiple continents to takedown the operation. Federal officials were able to prevent more than 90 percent of the Medicare payments from reaching the perpetrators, which is a substantial, and uncommon, win. Operation Gold Rush resulted in the largest loss amount ever charged in a health care fraud case brought by the Justice Department. Despite the successful effort to prevent a significant portion of the losses, the scheme still resulted in the loss of about $900 million in taxpayer money. Almost a billion dollars in taxpayer money lost through a single fraud scheme.</p><p><strong>The Thief in the Law</strong></p><p>The address on the Medicare application was a strip mall in suburban New Jersey. The building housed a nail salon, a dry cleaner, and a shipping store. In the back of the shipping store was a wall of mailboxes, rented by the month. Box 247 had been registered to something called Comprehensive Medical Supply, LLC. The LLC had a taxpayer identification number, a phone number, and a Medicare billing number. It had a licensed physician on file&#8212; a real one, practicing in another state entirely, who had never heard of the company. It had a list of patients&#8212;real ones, whose Social Security numbers and dates of birth had been lifted from a breach at a hospital in Orange County, New York.</p><p>What it didn&#8217;t have? A single piece of medical equipment. No warehouse. No inventory. No staff. Box 247 was the whole operation. And it was one of 118.</p><p>Armen Kazarian had come to the United States in 1996 from Azerbaijan. By the time he arrived in Glendale, California, he already carried a title that meant something in the criminal world of the former Soviet Union, a world organized around its own laws, its own courts, its own hierarchy. He was a <em>vor v zakone.</em> A Thief in the Law.</p><p>The designation had its origins in the Soviet prison camps of the 1930s, where an underground criminal society had developed a code of conduct and separate authority structures in defiance of the state. A vor was not simply a criminal, he was a criminal who had been recognized by other criminals&#8212;a process of election, and of accepting a set of obligations that defined one&#8217;s life. The vor lived by crime, resolved disputes among criminals, offered protection to those who paid tribute, and in return received a share of whatever flowed through his territory. The designation carried weight across the post-Soviet criminal world from Moscow to Tbilisi to Yerevan.</p><p>In Glendale, California, in the late 1990s, Armen Kazarian found himself in a country with a healthcare program that processed hundreds of millions of claims a year, much of it on the honor system. To him, the Medicare enrollment process was like combination lock he could easily crack.</p><p>Opening a Medicare-billing account required, in practice, almost nothing. A supplier needed a business address, a taxpayer ID, a licensed physician willing to sign off on prescriptions, and a National Provider Identifier&#8212;a number assigned by the federal government that permitted a business to submit claims. The address could be a mailbox. The physician&#8217;s identity could be stolen. The NPI could be obtained by submitting a form. There was no physical inspection of the &#8220;clinic.&#8221; No audit of the inventory. No verification that the doctor listed had any relationship to the business. The system was built for speed and convenience, not security. It trusted people to tell the truth.</p><p>Kazarian&#8217;s organization acquired stolen patient data in bulk. More than 2,900 names, Social Security numbers, and dates of birth had been lifted in a single breach from Orange Regional Medical Center in upstate New York. They stole the identities of licensed physicians, real doctors, practicing medicine in other states, who would have no idea their NPI numbers were being used to sign prescriptions for patients they&#8217;d never seen. They set up shell companies, registered at mailbox stores, and submitted Medicare enrollment forms. And then they billed.</p><p>They billed for durable medical equipment and medical services their &#8220;patients&#8221; never received, from clinics those patients never visited, ordered by doctors who had never met them. Somewhere in the system, a Medicare program designed to help elderly and disabled Americans was sending checks to strip mall mailboxes.</p><p>The fraud had a kind of accidental audacity to it. Investigators would later notice that the claims were medically incoherent. An ophthalmologist billing for bladder tests; an Ear, Nose, and Throat Specialist performing pregnancy ultrasounds; an obstetrician administering skin allergy panels. No human being had reviewed the claims, the automation had processed them all. The absurdity of an eye doctor ordering urinary catheters for patients he&#8217;d never seen, billing from a clinic that was a mailbox did not trigger an alert. Medicare wrote the checks, and cash couriers carried the proceeds back to Armenia.</p><p>The process of creating a fake Medicare DME supplier in 2010 involved less scrutiny than opening a checking account at a community bank, which requires, at minimum, a government-issued ID, a physical address, an initial deposit, and a compliance check. Medicare required an address, a form, and a faith in human honesty that Kazarian&#8217;s organization found very easy to exploit.</p><p>On October 13, 2010, federal agents moved simultaneously in New York, California, New Mexico, Georgia, and Ohio, arresting fifty-two people before breakfast. In total, 73 members and associates of the organization would be charged with racketeering conspiracy, bank fraud, money laundering, identity theft, and healthcare fraud. The organization had submitted more than $163 million in fraudulent Medicare claims. It had had made off with $35 million before anyone stopped them.</p><p>When agents went to the addresses listed on the Medicare applications, they found what they expected to find. Strip mall mailboxes or vacant lots. The occasional storefront that had no idea a medical supply company shared its address.</p><p>United States Attorney Preet Bharara, announcing the arrests in Manhattan, said: &#8220;Armen Kazarian sat at the top of a criminal organization, and now he will sit in a jail cell for a long time.&#8221; But that&#8217;s not quite how it ended up. In February 2013, Kazarian was sentenced to 37 months. The sentence worked out to roughly eleven days per fake clinic. He was out in 2015.</p><p>The same structural vulnerability Kazarian&#8217;s organization exploited in 2010&#8212; the use of mailbox addresses, stolen physician identities, and no pre-enrollment site visits&#8212;remained essentially intact through the pandemic. In 2020 the government updated some accreditation language, but didn&#8217;t fundamentally close the open-door enrollment process. The Armenian ring and Operation Gold Rush were separated by 15 years and operated through essentially the same gaps.</p><p>-----------------------------------------</p><p>The moratorium Oz announced last week is trying to address a real problem. But a freeze on new applicants doesn&#8217;t address the data, technology, policy, and cultural issues that made operations like Gold Rush possible in the first place. Fifteen years after Armen Kazarian ran 118 fake clinics out of mailboxes, the same enrollment form, the same honor system, the same absence of pre-enrollment site visits were still in place when Operation Gold Rush submitted its first fraudulent catheter claim. And these weaknesses exist in nearly every government program administered today, in healthcare and beyond. </p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item><item><title><![CDATA[The Cognition-First Fallacy]]></title><description><![CDATA[What human psychology reveals about why scams work]]></description><link>https://govintegrity.substack.com/p/youre-not-bad-at-cybersecurity-youre</link><guid isPermaLink="false">https://govintegrity.substack.com/p/youre-not-bad-at-cybersecurity-youre</guid><dc:creator><![CDATA[GovIntegrity]]></dc:creator><pubDate>Wed, 18 Feb 2026 14:31:03 GMT</pubDate><enclosure url="https://images.unsplash.com/photo-1758520144705-b39e11ff32e3?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw3NHx8ZW1vdGlvbmFsJTIwY3Jpc2lzfGVufDB8fHx8MTc3MTQyNDY2N3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" length="0" type="image/jpeg"/><content:encoded><![CDATA[<p>The uncomfortable truth at the center of modern fraud prevention is that we have been training the wrong part of the human being.</p><p>For three decades, anti-fraud and cybersecurity programs have been built on the clean, reassuring premise that if people know what to do, they will do it. Teach the checklist. Circulate the policy. Run the phishing simulation. Measure compliance.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div><div class="captioned-image-container"><figure><a class="image-link image2 is-viewable-img" target="_blank" href="https://images.unsplash.com/photo-1758520144705-b39e11ff32e3?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw3NHx8ZW1vdGlvbmFsJTIwY3Jpc2lzfGVufDB8fHx8MTc3MTQyNDY2N3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" data-component-name="Image2ToDOM"><div class="image2-inset"><picture><source type="image/webp" srcset="https://images.unsplash.com/photo-1758520144705-b39e11ff32e3?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw3NHx8ZW1vdGlvbmFsJTIwY3Jpc2lzfGVufDB8fHx8MTc3MTQyNDY2N3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1758520144705-b39e11ff32e3?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw3NHx8ZW1vdGlvbmFsJTIwY3Jpc2lzfGVufDB8fHx8MTc3MTQyNDY2N3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1758520144705-b39e11ff32e3?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw3NHx8ZW1vdGlvbmFsJTIwY3Jpc2lzfGVufDB8fHx8MTc3MTQyNDY2N3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1758520144705-b39e11ff32e3?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw3NHx8ZW1vdGlvbmFsJTIwY3Jpc2lzfGVufDB8fHx8MTc3MTQyNDY2N3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw"><img src="https://images.unsplash.com/photo-1758520144705-b39e11ff32e3?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw3NHx8ZW1vdGlvbmFsJTIwY3Jpc2lzfGVufDB8fHx8MTc3MTQyNDY2N3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080" width="3840" height="2160" data-attrs="{&quot;src&quot;:&quot;https://images.unsplash.com/photo-1758520144705-b39e11ff32e3?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw3NHx8ZW1vdGlvbmFsJTIwY3Jpc2lzfGVufDB8fHx8MTc3MTQyNDY2N3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080&quot;,&quot;srcNoWatermark&quot;:null,&quot;fullscreen&quot;:null,&quot;imageSize&quot;:null,&quot;height&quot;:2160,&quot;width&quot;:3840,&quot;resizeWidth&quot;:null,&quot;bytes&quot;:null,&quot;alt&quot;:&quot;Man in suit sits at desk, head in hands.&quot;,&quot;title&quot;:null,&quot;type&quot;:&quot;image/jpg&quot;,&quot;href&quot;:null,&quot;belowTheFold&quot;:false,&quot;topImage&quot;:true,&quot;internalRedirect&quot;:null,&quot;isProcessing&quot;:false,&quot;align&quot;:null,&quot;offset&quot;:false}" class="sizing-normal" alt="Man in suit sits at desk, head in hands." title="Man in suit sits at desk, head in hands." srcset="https://images.unsplash.com/photo-1758520144705-b39e11ff32e3?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw3NHx8ZW1vdGlvbmFsJTIwY3Jpc2lzfGVufDB8fHx8MTc3MTQyNDY2N3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 424w, https://images.unsplash.com/photo-1758520144705-b39e11ff32e3?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw3NHx8ZW1vdGlvbmFsJTIwY3Jpc2lzfGVufDB8fHx8MTc3MTQyNDY2N3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 848w, https://images.unsplash.com/photo-1758520144705-b39e11ff32e3?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw3NHx8ZW1vdGlvbmFsJTIwY3Jpc2lzfGVufDB8fHx8MTc3MTQyNDY2N3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1272w, https://images.unsplash.com/photo-1758520144705-b39e11ff32e3?crop=entropy&amp;cs=tinysrgb&amp;fit=max&amp;fm=jpg&amp;ixid=M3wzMDAzMzh8MHwxfHNlYXJjaHw3NHx8ZW1vdGlvbmFsJTIwY3Jpc2lzfGVufDB8fHx8MTc3MTQyNDY2N3ww&amp;ixlib=rb-4.1.0&amp;q=80&amp;w=1080 1456w" sizes="100vw" fetchpriority="high"></picture><div class="image-link-expand"><div class="pencraft pc-display-flex pc-gap-8 pc-reset"><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container restack-image"><svg role="img" width="20" height="20" viewBox="0 0 20 20" fill="none" stroke-width="1.5" stroke="var(--color-fg-primary)" stroke-linecap="round" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg"><g><title></title><path d="M2.53001 7.81595C3.49179 4.73911 6.43281 2.5 9.91173 2.5C13.1684 2.5 15.9537 4.46214 17.0852 7.23684L17.6179 8.67647M17.6179 8.67647L18.5002 4.26471M17.6179 8.67647L13.6473 6.91176M17.4995 12.1841C16.5378 15.2609 13.5967 17.5 10.1178 17.5C6.86118 17.5 4.07589 15.5379 2.94432 12.7632L2.41165 11.3235M2.41165 11.3235L1.5293 15.7353M2.41165 11.3235L6.38224 13.0882"></path></g></svg></button><button tabindex="0" type="button" class="pencraft pc-reset pencraft icon-container view-image"><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-maximize2 lucide-maximize-2"><polyline points="15 3 21 3 21 9"></polyline><polyline points="9 21 3 21 3 15"></polyline><line x1="21" x2="14" y1="3" y2="10"></line><line x1="3" x2="10" y1="21" y2="14"></line></svg></button></div></div></div></a><figcaption class="image-caption">Photo by <a href="https://unsplash.com/@silverkblack">Vitaly Gariev</a> on <a href="https://unsplash.com">Unsplash</a></figcaption></figure></div><p>And yet the links are still clicked. According to the FBI&#8217;s 2024 Internet Crime Report, victims reported more than 859,000 complaints of cyber-enabled crime and online fraud in 2024, a roughly 33 percent increase from the prior year. That figure reflects a dramatic surge in the scope of scams and internet-enabled fraud, underscoring that the problem is not declining, and it&#8217;s not plateauing, it&#8217;s accelerating.</p><p>This is not because people are stupid. It is because the entire model is misdiagnosed. Fraud is not primarily a failure of knowledge. It is a failure of state.</p><p>Criminals don&#8217;t win by outsmarting their targets. They win by altering the target&#8217;s emotional climate. They manufacture urgency, fear, relief, flattery, obligation. And by doing so, they destabilize, they narrow attention, and they accelerate time. And in that altered state, the checklist dissolves. Cognition, which training treats as sovereign, is bypassed altogether.</p><p>Under stress, the brain does not deliberate. It reacts. And yet we continue to design as if the moment of attack will occur in a serene conference room with a laminated policy binder nearby. We keep designing cognitive solutions for emotional problems.</p><p>When I put this to Dr. Alexander Stein, he didn&#8217;t hesitate.</p><p>&#8220;My opening gambit,&#8221; he told me, &#8220;is to announce that cybersecurity is a human issue that involves technology, not a technology problem that can be solved technocratically.&#8221;</p><p>That inversion is diagnostic.<br><br><strong>Fraud Is Emotional First, Cognitive Second</strong></p><p>Dr. Stein leverages his background as a trained clinical psychoanalyst to deliver deep expertise in leadership decision-making and the psycho-social dynamics that shape behavior inside organizations. He is the founder of Dolus Advisors, a specialist strategic consultancy based in New York City.</p><p>His starting point is disarmingly simple: malicious human behavior is a human problem.</p><p>Not a dashboard problem.<br>Not a compliance problem.<br>Not a user-awareness problem.</p><p>A human problem.</p><p>&#8220;What&#8217;s being exploited isn&#8217;t technology,&#8221; he said. &#8220;It&#8217;s emotion.&#8221; Fear of loss. Fear of punishment. The longing to be valued. The need not to disappoint. The instinct to reciprocate kindness. These are not defects in the system. They are the system.</p><p>We pathologize ordinary human responses because it is easier than redesigning systems. We call people &#8220;weak links&#8221; instead of admitting that susceptibility is inseparable from the capacity to trust. To function in society at all, we must assume good faith most of the time. This is a feature, not a bug, of being human. Fraudsters parasitize that instinct.</p><p>I told Dr. Stein about a tiny experiment I&#8217;d been running. I&#8217;d been on a Telegram chat with a scammer posing as &#8220;Jenny,&#8221; watching the routine unfold&#8212; the compliments, the warmth, the manufactured intimacy, the slow drip of validation designed to hook a lonely target.</p><p>I started to frame it the way people often do, about our &#8220;psychological pathology,&#8221; our &#8220;weakness,&#8221; the idea that victims must have something wrong with them.</p><p>Dr. Stein cut in immediately.</p><p>&#8220;I&#8217;m sorry to interrupt you, but I just need to make this point,&#8221; he said. &#8220;A lot of it isn&#8217;t pathological. It&#8217;s normal. And that&#8217;s part of the problem. If you pathologize all of this, it makes it too hard to understand why it happens so often. Because it&#8217;s actually normal.&#8221;</p><p>If fraud only happened to the gullible, it wouldn&#8217;t be the epidemic it is. If victims were simply stupid, we&#8217;d just educate them and move on. The reason scams work at scale is that they exploit ordinary human machinery: trust, reciprocity, deference, longing, the need not to disappoint. The very traits that make cooperation possible are the traits being weaponized.</p><p>This is why the cognition-first approach is so flimsy. It treats susceptibility as a knowledge gap when it&#8217;s actually a human default. Trust is a social lubricant, Dr. Stein told me. &#8220;If you walk around assuming the worst in everyone, you can&#8217;t function. You can&#8217;t build anything.&#8221; The problem is not that people feel. The problem is that our systems pretend they don&#8217;t.</p><p><strong>The Cognition-First Illusion</strong></p><p>Nearly every fraud, cybersecurity, and compliance program assumes a neutral mind. The hypothetical employee is calm, well-rested, unhurried, cognitively available. When the crisis email arrives, this idealized figure will recall the training module and behave accordingly.</p><p>But attacks are engineered precisely to destroy that neutrality.</p><p>The &#8220;urgent wire request&#8221; arrives five minutes before school pickup. The spoofed CEO email hits a junior analyst desperate not to disappoint. The &#8220;fraud protection team&#8221; calls a retiree already anxious about losing savings.</p><p>The state changes first, and the cognition follows later, usually after it&#8217;s too late. Under acute emotional arousal, working memory constricts. Deliberation falters. Inhibition weakens. The body shifts into mobilization mode. Act now. Decide fast. Resolve the threat.</p><div class="pullquote"><p>&#8220;The fraudster isn&#8217;t outsmarting you,&#8221; Dr. Stein says. &#8220;They&#8217;re out-feeling you.&#8221;</p></div><p>And we respond by adding another training module.</p><p>When organizations humiliate employees for failing phishing tests, they compound the problem. I told Dr. Stein about a company that sent a phishing test at 7:30 a.m. on a Monday, assuming everyone would be overwhelmed&#8212;and then watched nearly the entire workforce fail.</p><p>&#8220;They&#8217;re setting everyone up to fail,&#8221; he said flatly.</p><p>Shame does not produce vigilance; it produces concealment. People learn that it is safer to hide mistakes than to discuss them. The organization reports strong compliance metrics while quietly accumulating unreported near-misses.</p><p><strong>Psychodynamic Intelligence</strong></p><p>Psychodynamic intelligence is the capacity to recognize, work with, and design around the emotional, relational, and unconscious forces that shape behavior.</p><p>&#8220;I&#8217;m not a behaviorist,&#8221; Dr. Stein told me. His work is grounded less in surface-level behavioral theory and more in in-depth psychoanalytic traditions that take unconscious relational dynamics seriously. As he put it, behavior is the outcome of internal processes. Fraud succeeds because something happens inside a person &#8212; emotionally and relationally &#8212; before anything happens externally.</p><p>Psychodynamic intelligence does not ask, <em>what rule was violated?</em> It asks:</p><p><em>What emotional field was active when this happened? <br>What pressure was felt? <br>What need was being touched?</em></p><p>And here is the uncomfortable implication: you cannot make people un-emotional. You can only design systems that assume emotion will show up.</p><p><strong>Designing for the Usable State</strong></p><p>If a control only works when someone is calm, unafraid, and cognitively spacious, then it is misaligned with reality. The better question is <em>What state must a person be in for this safeguard to work&#8212;and how often does that state actually exist?</em></p><p>Psychodynamic intelligence shifts the design lens from content to context. It treats emotional state as part of the control environment itself. A few ways organizations can do this include modifying the environment, rehearsing heightened stress situations, building controls in for high risk conditions, establishing purposed pauses, and studying failure.</p><p><em><strong>De-Stressing the Environment</strong></em></p><p>Visual and linguistic cues shape emotional state long before any conscious decision is made. A screen that glows red and flashes &#8220;APPROVE NOW&#8221; activates urgency and adrenaline&#8212;the very states that suppress reflective thinking.</p><p>A calm environment induces calmer cognition. When designing neutral color palettes, balanced spacing, and invitational language such as &#8220;Review before approving&#8221; or &#8220;Confirm details when ready&#8221; extend the mental pause needed for judgment to re-engage. Subtle shifts from command to collaboration lower perceived pressure.</p><p>As Dr. Stein observed, &#8220;We keep designing cognitive solutions for emotional problems. Under stress, cognition goes offline.&#8221; As a result, designing a low-stress environment is a key scam prevention tactic.</p><p><em><strong>Rehearsing the Usable State</strong></em></p><p>Most training assumes the learner is relaxed. In a real attack, the target is anything but. When an organization rehearses procedures under manufactured stressful circumstances, those procedures become embodied, that is a person&#8217;s &#8220;somatic memory&#8221; is activated. Somatic memory refers to the body&#8217;s ability to remember experiences through physical sensation or muscle memory, rather than through conscious, verbal recall. It&#8217;s the kind of memory that lets you ride a bike or type on a keyboard without thinking about each movement.</p><p>In psychological terms, it&#8217;s how emotions, stress responses, or practiced actions become stored in the nervous system and expressed through automatic physical reactions. In the context of psychodynamic intelligence and fraud prevention, somatic memory means training protective responses (pausing, verifying, escalating) until they become instinctive and accessible even when stress hormones flood the brain and higher reasoning is momentarily offline.</p><p>The goal is to make safe behavior felt rather than merely remembered for those times when cognition goes offline. <br><br><em><strong>Red-Alert Windows</strong></em></p><p>Human vulnerability follows predictable rhythms.</p><p>Monday mornings.<br>Late Fridays.<br>Month-end closes.<br>Fiscal year deadlines.</p><p>Fatigue, divided attention, and performance pressure elevate risk. Rather than pretending otherwise, organizations can build compensating friction directly into the system.</p><p>High-risk tasks such as funds transfers or credential resets should be scheduled for periods when staff are more likely to be alert rather than fatigued. Context-aware throttles can anticipate human vulnerability, imposing tighter controls during high-risk windows when people are more likely to act impulsively or with excessive emotion, such as early Monday mornings or around the end of the fiscal year rush.</p><p>Dr. Stein used a metaphor I&#8217;ve come to love: submarine compartments. If one overwhelmed employee can trigger a tsunami of damage, the structure was flawed to begin with. Flooding should not sink the whole vessel. Red-alert windows operationalize that logic. You can&#8217;t eliminate human vulnerability, but you can contain its blast radius.</p><p><em><strong>The Pause Protocol</strong></em></p><p>Perhaps the most powerful intervention is also the simplest: formalizing inaction.</p><p>If a message, call, or request triggers an immediate visceral response&#8212;fear, urgency, relief, flattery&#8212;the default action becomes no action for a defined period. Twenty minutes is often enough for the body&#8217;s stress response to subside.</p><p>&#8220;Unless something is physically coming at you,&#8221; Dr. Stein said, &#8220;it&#8217;s almost always better to give yourself time to pause and assess.&#8221;</p><p>Organizations can support this structurally. One-click &#8220;hold&#8221; buttons. Flag-for-review features. Automatic cooling-off periods for high-value transactions. During the pause, individuals are encouraged to name the emotion&#8212;<em>I feel rushed. I feel anxious. I feel flattered.</em> Naming emotion helps down-regulate it.</p><p>Over time, the pause protocol teaches that emotional arousal is itself a risk signal, just as meaningful as a technical anomaly. It reframes composure as compliance and transforms what would otherwise be impulsive reactions into opportunities to slow down and make a more informed decision.</p><p><em><strong>Failure Analysis Labs</strong></em></p><p>Instead of shaming mistakes, organizations can create structured spaces to dissect them. Dr. Stein advocates for what amounts to a failure analysis lab&#8212;a place where teams review incidents the way athletes review game tape. Objectively. Neutrally. Without bleeding over the loss.</p><p>How did this happen? <br>What were the micro-inflection points? <br>Where were the pressures? <br>What did we miss? <br>What structural buffers failed?</p><p>Such analysis can extend beyond a single organization. Industries can learn collectively from one another&#8217;s failures, reducing stigma and accelerating shared resilience. Shame silences, but curiosity strengthens.</p><p><strong>The Harder, More Honest Path</strong></p><p>Psychodynamic intelligence forces leaders to admit something uncomfortable: vulnerability is structural, not exceptional. The problem is not that a few careless people keep messing up. The problem is that we have built systems that assume calm minds in moments engineered to produce panic. It demands that we stop scapegoating individuals for responding like human beings. It insists that system design must account for fear, longing, status pressure, urgency, and fatigue.</p><p>It also offers something deeply practical.</p><p>If fraud is emotional first and cognitive second, then prevention is not about perfecting the checklist. It is about redesigning environments so they don&#8217;t inflame urgency. It is about rehearsing protective responses under stress so the body remembers what the slide deck cannot. It is about embedding structural shock absorbers, like submarine compartments, so one panicked click does not sink the whole ship. It is about normalizing early reporting instead of punishing it. It is about elevating psychological literacy so people can recognize the surge before they obey it.</p><p>Most of us don&#8217;t have to imagine the stakes. Most of us know someone who has been scammed. A parent. A colleague. A friend who wired money they&#8217;ll never see again. Or maybe you&#8217;ve felt it yourself&#8212;that flash of terror after clicking a link, the sudden heat in your chest when a message says your account has been compromised, the split second where urgency overrides judgment.</p><p>In that moment, you are not stupid. You are human.</p><p>There is a little bit of every scam victim in all of us. The part that wants the story to be true. The part that wants to trust. The part that wants relief. The part that needs to feel seen or safe or competent or chosen.</p><p>Fraudsters exploit that part.</p><p>Psychodynamic intelligence does something more radical: it dignifies it. It treats the wish to believe not as weakness but as evidence of aliveness&#8212;and then designs with that aliveness in mind.</p><p>If we want to stop clicking the link, we must stop pretending that the mind that clicks it is purely rational. We must build institutions that assume fear will show up, that urgency will distort, that authority will pressure, that fatigue will narrow attention.</p><p>Fraud is a human problem. And human problems require the courage to look beneath the surface and the structural imagination bold enough to design for the way people actually are.</p><div class="subscription-widget-wrap-editor" data-attrs="{&quot;url&quot;:&quot;https://govintegrity.substack.com/subscribe?&quot;,&quot;text&quot;:&quot;Subscribe&quot;,&quot;language&quot;:&quot;en&quot;}" data-component-name="SubscribeWidgetToDOM"><div class="subscription-widget show-subscribe"><div class="preamble"><p class="cta-caption">Thanks for reading PIA's GovIntegrity Substack! Subscribe for free to receive new posts and support my work.</p></div><form class="subscription-widget-subscribe"><input type="email" class="email-input" name="email" placeholder="Type your email&#8230;" tabindex="-1"><input type="submit" class="button primary" value="Subscribe"><div class="fake-input-wrapper"><div class="fake-input"></div><div class="fake-button"></div></div></form></div></div>]]></content:encoded></item></channel></rss>