The public expects SSA to be accurate in their benefit payments. While perfection is nearly impossible to achieve, improper payments can have a devasting effect on beneficiaries, particularly when the improper payment is the result of an agency error.
Simply put, an overpayment occurs when SSA states an individual received more social security or SSI benefits than they were supposed to receive. In some instances, individuals are sent bills stating they owe thousands of dollars they cannot afford. Many overpayments can accumulate over several years until SSA realizes payments to the beneficiary have been inaccurate. To reclaim overpayments, SSA typically reduces an individual’s monthly benefit to the correct amount and then reduces it even further, making it even more difficult for some individuals to survive, especially when they are on a fixed income. One individual recently stated in the media: “It’s not right that myself and a significant amount of other citizens are now being demanded to pay back what the SSA admits they made in error.”
The other side of this improper payments coin can be just as harmful to beneficiaries. When an agency error results in underpayments, beneficiaries are not receiving their full monthly benefits, sometimes for months or even years. In these cases, when SSA discovers the underpayment, SSA should ultimately make the individual whole and adjust the benefits accordingly. However, during the period they are being underpaid, the beneficiary is deprived of their full payment, which in many cases, can cause economic hardship to those on a limited income. Because of their devastating impact, it is critical for SSA to improve its processes, procedures, and controls to reduce the amount of improper payments.
Improper payments can occur for many reasons, including when SSA does not obtain necessary information from beneficiaries or fails to act on that information once received. Improper payments also occur when SSA makes mistakes in computing payments due to the complexity of calculations and reliance on manual processes.
SSA administers the Old-Age, Survivors and Disability Insurance (OASDI) and Supplemental Security income (SSI) program. SSA issues over $1 trillion in OASDI benefits and SSI payments to more than 70 million people annually. Therefore, even the slightest error in the overall payment process can result in billions of dollars in improper payments. According to SSA’s most recent reports, it estimates it made approximately $13.6 billion in improper payments in FY 2022: $11.1 billion in overpayments and $2.5 billion in underpayments.
Since Fiscal Year 2002, SSA’s Office of the Inspector General (OIG) has identified improper payments as a major management challenge. SSA’s OIG is committed to identifying ways for SSA to prevent improper payments to the millions of beneficiaries who rely on the Agency to send them their correct monthly benefit amount.
One of the most common reasons for improper payments is related to SSA’s reliance on beneficiaries to report any change in circumstances that may affect their benefits. Wages and income, resources, and living arrangements are a few of the factors that affect OASDI and/or SSI eligibility and payment amounts.
SSA explicitly informs individuals of their reporting requirements during the application process, in their award letters, and in periodic correspondence. However, beneficiaries do not always comply with or understand their responsibility to report this information. In a January 2017 audit of beneficiaries with multiple earnings-related overpayments, the OIG found over half were repeatedly overpaid because of their failure to comply with SSA’s requirement to report earnings.
Improper payments also occur when SSA does not act timely once it receives information from the individual. In a May 2018 audit, OIG estimated SSA incorrectly paid over $40 million because it did not timely process work reviews for beneficiaries who had reported their earnings. Delays like this occurred because SSA’s process for monitoring this workload did not provide automated alerts to management or employees. Rather, managers had to track pending cases manually by generating reports daily, weekly, and monthly to ensure they monitored the workload and sent cases to employees for action and follow-up.
SSA agreed with the OIG recommendation to determine the feasibility of developing automated alerts to ensure timely case assignments and follow-up on aged cases; but, this recommendation remains unimplemented.
SSA employees also must take manual actions to make calculations or establish records when systems cannot fully process them. Some of the calculations that must be completed manually are based on complex provisions written into Federal statutes. Employees have tools to assist with the calculations, and there are alerts to prompt manual actions for some workloads, but OIG audits have found the controls around these manual processes are not always effective.
In a May 2022 audit of overpayments caused by incorrect benefit computations, the OIG found SSA could have avoided half of the overpayments—or about 73,000 overpayments totaling more than $368 million—if it had effective controls over benefit- computation accuracy. In this audit, employees entered the incorrect information into SSA’s systems or incorrectly calculated benefits.
For example, an employee may have transposed two numbers, which changed the benefit due. Benefits were also incorrectly computed when employees or SSA systems calculated benefits based on inaccurate information, for instance, an incorrect birth date. SSA had, as of the date of OIG’s report, two projects to modernize information technology and increase automation that it said would minimize manual processing; but, SSA did not have planned implementation dates.
Some overpayments are unavoidable. SSA considers some overpayments unavoidable and not improper payments because statutes, regulations, or court orders require the Agency to make these payments. For example, if an individual appeals a cessation determination following a medical review, the individual can elect statutory benefit continuation This provision allows beneficiaries to continue receiving benefits and Medicare coverage at the reconsideration or administrative law judge hearing level. If SSA upholds its cessation decision on appeal, any benefit payments made during the appeals process are considered overpayments.
Once SSA makes overpayments, it must provide due process to the overpaid individuals to notify them of information such as the amount of the overpayment, how and when the overpayment occurred, and options to request reconsideration or waiver.
However, in a March 2019 audit, the OIG found SSA did not always appropriately apply due process provisions and projected SSA incorrectly recovered approximately $345 million for about 190,000 overpayments established over a two year period. This occurred because SSA either did not send notices or sent notices with incomplete or inaccurate information, due to both employee and system errors. In some instances, employees did not put the adequate code into the system to generate the appropriate notice or complete an accurate notice manually. In other cases, the OIG found the automated system did not generate complete notices.
After SSA notifies the overpaid individuals, it has numerous options for recovering overpayments. The preferred method is to withhold benefits if the overpaid individual is receiving a monthly payment. Otherwise, SSA can directly bill the overpaid individual, negotiate a repayment plan, withhold other Federal payments, garnish wages, or refer the overpaid individual to credit bureaus in an effort to encourage repayment.
While the overpaid individual is primarily responsible, when SSA cannot collect from the overpaid individual, in some instances, SSA policy requires it to attempt collection from other individuals liable for repaying the overpayment. Such individuals could include spouses or children receiving benefits on the same OASDI earnings record or as members of an eligible couple for SSI. Despite these efforts, SSA continues to face challenges in recovering overpayments. The OIG has audits in process and planned that will address the challenges SSA faces.
SSA can waive recovery of an overpayment if the person is without fault, and recovery would either defeat the purpose of the Social Security Act or “be against equity and good conscience.” However, there may be inconsistencies in how SSA employees apply these policies. In a July 2015 audit, the OIG found some field offices approved 96 percent or more of the OASDI overpayment waiver requests they received, while another group of offices waived 30 percent or less. We found similar trends for SSI overpayment waivers.
Further, when an overpayment occurs, SSA must expend additional resources to attempt recovery. For Fiscal Year 2022, SSA reported an administrative cost of $.06 for every dollar collected.
SSA OIG’s work demonstrates a commitment to assisting SSA in addressing its improper payments challenge. In the last five years, the OIG issued 101 reports with 299 recommendations related to improper payments that identified over $7 billion in questioned costs. Of these, 76 recommendations aimed at addressing $1.8 billion in questioned costs remain unimplemented.
In Fiscal Year 2022, according to SSA, it recovered over $4 billion in overpayments. Still, at the end of the Fiscal Year, SSA had approximately $21 billion in gross accounts receivable, which consists primarily of overpayments owed to SSA by beneficiaries to whom it paid excess benefits. Approximately $13 billion in gross accounts receivable is from the SSI program, while almost $9 billion is from the OASDI program.
SSA does not expect to collect over $12 billion of that balance based on either the age of the debt or the likelihood of collectability based on a 5-year average. In addition, a system limitation prevented SSA from tracking debt scheduled for collection beyond Calendar Year 2049. OIG audit work identified almost 101,000 overpayments that, at the end of Fiscal Year 2019, were not being fully tracked. The original balance of these overpayments was approximately $4.2 billion, of which the system was not tracking over $1.2 billion (30 percent) because SSA will not recover that amount by 2049.
The OIG acknowledges SSA has taken some steps to improve prevention, detection, and recovery of overpayments. In Fiscal Year 2019, SSA established an Improper Payment Prevention Team, implemented options to allow individuals to repay overpayments online, and is conducting more data matches with external entities to obtain income and resource information.
However, there is much more SSA can do. Specifically, SSA needs to identify and prevent improper payments through automation and data analytics, expand efforts to collect data from reliable third-party sources and address the root causes of improper payments to prevent their occurrence.
In a July 2023 report, the OIG noted SSA’s automation enhancements reduced the need for manual processing for some workloads from Fiscal Years 2019 to 2021. SSA began using robotic process automation, which involves the use of software to automate high-volume, labor-intensive, or repeatable tasks. This allows employees to focus their efforts on more complex actions. These “bots” can lead to cost and time savings by preventing human error and reducing the time employees require to make manual inputs and correct mistakes.
However, there was no requirement for SSA employees to use the bots. Therefore, the OIG recommended SSA instruct employees to use bots whenever possible and determine whether bots could assist with additional workloads.
Also, in the July 2023 report, the OIG identified 19 audits issued between Fiscal Years 2016 and 2020 that identified significant improper payments. SSA planned to address the OIG’s recommendations in these audits with information technology modernization projects. SSA had fully implemented the recommendations from only two of these audits, with actions to address the remaining recommendations still in progress.
Seven of the 17 unimplemented recommendations related to the establishment of a new Debt Management Product (DMP) that SSA expects will enable it to record, track, collect, and report overpayments more efficiently. However, SSA has been working on the DMP since at least July 2016, and SSA is currently targeting implementation in FY 2025. The OIG has an audit planned to review the Agency’s development of DMP.
SSA should continue to expand efforts to collect data from reliable third-party sources that would aid SSA in mitigating discrepancies that can occur when beneficiaries self- report information. For example, SSA could better utilize the Access to Financial Institutions (AFI) program. AFI verifies alleged bank account balances with financial institutions and searches for undisclosed accounts at geographically relevant locations based on the individual’s address. SSA uses AFI when it processes initial SSI applications and periodic eligibility redeterminations.
As noted in a May 2023 audit on SSA’s compliance with the Payment Integrity Information Act of 2019, financial accounts—such as checking, savings, and credit union accounts—are a leading cause of overpayments in the SSI program. To address overpayments related to financial accounts, SSA implemented the AFI program in June 2011. Between Fiscal Years 2011 and 2021, overpayments related to financial accounts ranged from $870 million to approximately $1.9 billion annually. However, several of the OIG audits determined SSA could have realized additional savings had it used AFI more often. For example, in FY 2021, the OIG estimated SSA could have prevented approximately $1.4 billion in overpayments due to financial accounts had it performed AFI searches between the initial application and redetermination. In May 2023, the OIG recommended SSA conduct a study to expand AFI searches between the initial application and subsequent eligibility redeterminations.
The Bipartisan Budget Act of 2015 provided SSA new legal authority to enter into data exchange agreements with payroll providers to access real-time payroll data. This information could allow SSA to adjust earnings and payment records more expeditiously to minimize and prevent improper payments. In Fiscal Year 2019, SSA awarded a contract to build an information exchange to obtain monthly earnings data from third- party payroll data providers. In Fiscal Year 2023, SSA planned to continue working toward implementing the payroll exchange. SSA is at least several years from determining whether the commercial payroll exchange effectively reduces improper payments that are caused by earnings reporting discrepancies. Further, these agreements can only be used to obtain earnings information for disabled beneficiaries, not retirement or survivor beneficiaries under full retirement age who work and are subject to earnings limits.
In a September 2023 audit the OIG recommended SSA determine whether to seek legislation to permit the Internal Revenue Service (IRS) to share data to assist SSA in reducing improper payments related to Government Pension Offset (GPO) and the Windfall Elimination Provision (WEP) of the Social Security Act.
The IRS is authorized to share information with SSA to support its administration of the SSI program; however, the IRS indicated the Internal Revenue Code does not permit it to disclose non-covered pension information to SSA for purposes of administering the OASDI program. The OIG concluded SSA generally made accurate GPO and WEP determinations when it had the non-covered pension information it needed. However, the SSA continued relying significantly on beneficiaries to self-report their non-covered pensions. SSA disagreed with the OIG recommendation, stating the decision to propose legislation depends on multiple factors, many outside of the Agency’s control.
As another example, SSA has authority to collect workers’ compensation information to administer SSA’s programs; however, a state may determine it lacks authority to share information with SSA based on state law. While SSA had included legislative proposals in prior years President’s budgets related to obtaining workers’ compensation, the President’s budget for Fiscal Years 2022 and 2023 did not include a legislative proposal. Without this state data, SSA must rely on beneficiaries to report any workers’ compensation they have received. A September 2023 audit has demonstrated that not all beneficiaries report workers’ compensation received, which leads to SSA improperly paying them.
Administrative finality is another issue related to improper payments. Under SSA’s administrative finality rules, the Agency generally considers its determinations or decisions to be final and binding when it renders them, unless they are appealed or reopened. Once a determination or decision becomes final, SSA will only reopen and revise it for certain reasons and within specific time periods.
For instance, an SSA OIG August 2018 audit, showed SSA could not correct payment errors related to WEP and GPO because of administrative finality and would continue overpaying beneficiaries approximately $46 million annually. One beneficiary highlighted in the report disclosed that she would be receiving a monthly non-covered pension. SSA correctly applied GPO to her spousal benefits but erroneously paid the full monthly retirement benefit rather than a reduced amount. Consequently, SSA overpaid the beneficiary $10,765 but did not generate an alert to address the incorrect payments because it determined administrative finality applied.
In a May 2021 audit, SSA OIG noted a Law Library of Congress study, which stated that “A government agency may correct a mistake, and no principle of administrative law consigns an agency to repeating a mistake into perpetuity. Administrative agencies have the inherent authority to correct adjudications which appear to be erroneous.” SSA agreed with the OIG’s recommendation in the May 2021 audit to evaluate its administrative finality policies; however, the Agency has not made any changes to its policies.
Improper payments are a major challenge for SSA. Without better access to data, increased automation, systems modernization, and policy or legislative changes, it will continue to be an issue into the future.
Thank you for inviting the Office of Inspector General to discuss issues concerning improper payments at SSA. I would be pleased to address any questions.
]]>Good afternoon, Chairman Ferguson, Ranking Member Larson, and members of the Subcommittee on Social Security. I commend you for holding this important hearing today on the Social Security Administration’s (SSA) role in combatting identity fraud.
Social Security touches the lives of every American no matter where one is in their life’s journey. With very few exceptions, all United States citizens, permanent residents, and temporary or working residents have a Social Security number (SSN). Even non-working residents (citizens and non-citizens) are required to obtain an SSN due to its use by businesses and government entities. Today, about 175 million people work and pay Social Security taxes and nearly 67 million Americans receive a Social Security benefit each month. Most Americans are either receiving a benefit from or contributing to the Social Security system.
Notwithstanding its original narrowly drawn function for use in recording Social Security earnings, the SSN has become a de facto national identifier. The SSN has essentially become the cornerstone of the identity framework. Individuals are often required to use their SSN as identifiers to open bank accounts, apply for loans, apply for unemployment, and for many other routine matters requiring proof of identification.
Unsurprisingly, the expanded use of SSNs as a national identifier has given rise to individuals using other people’s SSNs for illegal purposes. Stolen SSNs have been used to obtain benefits and services, establish credit, gain employment, and hide identities to commit other crimes. The SSN has become the lynchpin to identity theft.
Identity theft is one of the fastest-growing crimes in America, affecting millions each year. According to the Federal Trade Commission (FTC), in 2022, individuals reported identity theft more than any other type of complaint. Of those, the FTC received 441,882 reports from people who said their information was misused with an existing credit card or when applying for a new one.
SSN misuse and identity theft has a real impact on the American public. Victims of SSN misuse face significant harm when others obtain benefits in their names: victims may be unable to rightfully receive critical benefits or be left to deal with the ramifications of damaged credit and other issues. The states with the most reported identity theft cases per capita include the Chairman’s state of Georgia, along with Louisiana, Florida, Delaware, and Nevada.
The Office of the Inspector General (OIG) plays a vital role in combating SSN misuse and identity theft. Throughout SSA OIG’s history, SSN misuse and identity theft have been a priority in our oversight efforts. SSA OIG has specific authority to investigate SSN misuse violations under Title 42 U.S.C. §408. Additionally, based on shared jurisdiction, we also assist in addressing identity fraud by conducting investigations related to violations under Title 18 U.S.C. § 1028.
Our SSN misuse investigations encompass a range of fraud schemes. To facilitate these schemes, perpetrators rely heavily on their ability to acquire and misuse another individual’s SSN to commit crimes. Examples of those crimes and our work include:
Synthetic identity theft is one of the more troubling forms of identity theft and has been a focus of some of our recent investigations. It is a unique form of fraud that combines SSNs of real people with fraudulent information, such as false names and dates of birth to create new identities. Synthetic identity theft is one of the most difficult forms of fraud to catch because fraudsters build good credit over a period time using a fake profile before making fraudulent charges and abandoning the identity.
The combination of a fraudulently obtained identity document, such as a picture ID, and an SSN enhances an individual’s ability to commit certain crimes while concealing their true identity. This type of fraud has a particularly damaging impact on vulnerable populations such as older individuals and children, who are less likely to use their SSNs for work and therefore less likely to discover the fraud.
One example of our synthetic identity fraud investigations involved individuals who participated in a scheme to defraud a bank in San Antonio, Texas. The individuals were charged with using approximately 700 synthetic identities, in addition to stolen identities, to create bank accounts and shell companies. The perpetrators used complex computer data storage and virtualization machines to manufacture synthetic identities, combining the personal information of real people (such as stolen SSNs) with fraudulent information, such as false names and dates of birth.
They used the identities to falsely and fraudulently open credit cards and bank accounts for those identities. They also registered shell companies with the State of Florida Division of Corporations, using the companies as part of the scheme. The companies appeared to be associated with service industries, such as yachting, technology, and landscaping, but conducted no legitimate business and had no legitimate employees. Fraudulent payments were made from accounts registered to these synthetic identities to accounts registered to the perpetrators.
After the passage of the Coronavirus Aid, Relief, and Economic Security (“CARES”) Act their scheme evolved to utilize the already-established synthetic identities and associated shell companies and accounts to fraudulently apply for assistance under the CARES Act’s Paycheck Protection Program (PPP), which was intended to help small businesses financially survive the pandemic. Between $20 and $25 million in PPP relief was paid to companies registered to the perpetrators, and to companies registered to synthetic identities they controlled. This multifaceted scheme not only harmed and misused the benefits of the PPP and the CARES Act, but it also harmed the integrity of the SSN as an identifier. One of these individuals recently pled guilty for his role in stealing millions in COVID relief money through a synthetic fraud scheme.
SSA OIG has established a multidisciplinary team of professionals that develop and implement innovative approaches to combat identity theft and scams through audits, criminal investigations and prosecution, civil enforcement, public outreach, and education. I want to outline some of those efforts.
The SSA OIG Office of Audit (OA) is a key player in identifying vulnerabilities in SSA programs and operations that may result in identity theft. We report these vulnerabilities to SSA for their attention and refer the data from our audits to the SSA OIG Office of Investigations (OI) to investigate identity fraud and disrupt organized groups from manipulating this system.
Our audits found fraudsters may steal identities to work or to claim earnings-related benefits. For example, in one audit, we found fraudsters improperly used the SSNs of 37 older adults to acquire $4.6 million during a five-year period.2 During the same timeframe, OA found fraudsters misused 817 SSNs of deceased individuals to earn approximately $29 million in wages.
In another audit, we reported SSA removed from its Master Earnings File $742 million in self-employment earnings originally reported on approximately 50,000 numberholders’ Federal income tax returns during a four-year period.3 In approximately 59 percent of those cases, SSA removed the earnings because the numberholders alleged other individuals stole their identities and used their SSNs to file fraudulent tax returns.
At our request, the U.S. Department of the Treasury Inspector General for Tax Administration (TIGTA) determined tax filers had used the self-employment earnings to claim the earned income tax credit.
Another audit found in one three-year period, about 37,700 employers reported approximately $1 billion in wages using the names and SSNs assigned to 36,546 children ages 13 and younger.4 This group included 365 deceased children. Although the earnings for the living children were legitimate in all but eight percent of the cases, nearly all (362) of the deceased children’s cases involved SSN misuse. These children had about $9 million in wages reported by employers that did not typically employ children.
Another focus of our audit work examines the Internet services the SSA offers. SSN numberholders can create my Social Security accounts to transact business with SSA, including reviewing their earnings records or changing their direct deposit information.
In January 2013, SSA began allowing individuals to change their direct deposit bank information using the my Social Security Internet application. Shortly thereafter, SSA and the OIG began receiving allegations of fraud related to unauthorized changes.
Our audits found from January 2013 through May 2018 fraudsters redirected $33.5 million in benefits intended for 20,878 beneficiaries by making unauthorized direct deposit changes through my Social Security.5 Fortunately, an additional $23.9 million to 19,662 beneficiaries was prevented from misdirection because SSA corrected the unauthorized direct deposit changes before a payment was released.
During the COVID-19 pandemic, SSA closed its field offices to the public, resulting in a dramatic increase in the utilization of SSA’s online services. As the use of eServices increased, so did the opportunity for fraudsters to manipulate SSA’s online platforms.
Scammers use stolen personable identifiable information (PII) to file fraudulent online applications, establish or take over online accounts, or redirect benefit payments to alternate bank accounts. Since the start of Fiscal Year 2021, OIG has received more than 41,000 eServices-related allegations, including fraud schemes that misuse or are facilitated by SSA’s online platforms, such as my Social Security. It is critical SSA employ effective controls to obtain sufficient assurance users of its online services are who they claim to be.
Additionally, bad actors exploited some of SSA’s public-facing systems to validate SSNs and potentially use that information to commit identity fraud. These incidents underscore the need for SSA to thoroughly evaluate applications for potential vulnerabilities—including the risk the applications could be misused for purposes for which they were not designed. As more Americans utilize online platforms, fraud schemes will increase.
Our OI is currently developing an OIG-wide strategy to address identity theft related to eServices, including the analysis of real-time agency data to proactively identify the potential fraud. In addition to investigating identity theft related to eServices for prosecution purposes, OI also identifies vulnerabilities in systems and processes and reports them timely to SSA.
As you can imagine, beyond eServices, our OI also receives and evaluates allegations of fraud, waste, abuse, and mismanagement in SSA’s programs and operations, and takes appropriate action in coordination with federal, state, and local prosecutors on matters of SSN fraud. Like the synthetic identity fraud case highlighted earlier in my testimony, many of our investigations involve SSN misuse. This work has led to many successful convictions.
For example, to highlight a few, in a recent joint investigation with the U.S. Department of State Diplomatic Security Service (DSS) and other federal and state law enforcement agencies, a man was found to have stolen the identity of another individual. Following the joint investigation, the man pleaded guilty to passport fraud, aggravated identity theft, and possession of a firearm by a convicted felon. In February 2022, a U.S. District Court judge sentenced him to 22 years of imprisonment.
In 2021, as a result of our investigation, an employee of a car dealership in the State of Connecticut was sentenced to 21 months in prison and five years of supervised release for a scheme involving fraudulent auto loan applications and identity theft. For a period of almost a year, the man falsified documentation for auto loans, including SSA benefit verification letters, and in some instances used others’ identities to apply for loans without their authorization.
In 2020, a former U.S. Postal Service letter carrier was sentenced to 27 months in prison. Our investigation found she had misrepresented her living arrangements and income in applying for government benefits in her own name and applied for and received additional benefits using the identities of multiple friends and family members, including minor children. She also stole and deposited checks from the mail she was assigned to deliver.
Our OI in collaboration with private sector partners, conducts imposter scam investigations, often jointly with law enforcement agencies. In some instances, these partnerships have allowed OI to identify victims quickly and recover funds before they were lost. For example, on November 18, 2021, SSA OIG and the FBI arrested five individuals pursuant to an indictment from the Northern District of Georgia. The indictment resulted from an investigation led by SSA OIG investigators that uncovered a telephone imposter scam originating from overseas call centers. The twelve-count indictment charged the five defendants with wire fraud, conspiracy to commit wire fraud, money laundering, and conspiracy to commit money laundering.
In addition to the arrests, agents executed one residential search warrant and five account seizure warrants. The operation took place in five states: Georgia, Florida, Massachusetts, New Jersey, and New York, with approximately 100 law enforcement officers and support staff involved. In addition to SSA OIG and the FBI, DHS Homeland Security Investigations, the TIGTA, and Wood-Ridge (New Jersey) Police Department provided substantial assistance to the investigation and operation. The investigation has identified and seized nearly $2 million in proceeds of the scam’s criminal activities.
The development of Artificial Intelligence (AI) provides a new tool to create official-looking deception scam messages intending to steal personal information. AI will utilize algorithms that can recognize, summarize, and generate fraudulent texts and contents based on massive datasets. AI can even generate scam messages and produce a transcript in which a scammer impersonates federal government employees. AI will prove valuable to criminals and challenging for investigators. Aware of this developing technology, SSA OIG is working towards countering AI-generated scams and educating Social Security recipients of AI-generated scams.
The emergence of the COVID-19 pandemic resulted in criminals finding ways to fraudulently take advantage of the infusion of trillions of dollars in federal funding. SSN misuse, including identity theft, is a common thread running through many investigations related to the misuse of pandemic relief funds.
Since the start of the pandemic, SSA OIG has participated in the National COVID-19 Fraud Enforcement Taskforce, led by the Deputy Attorney General of the United States, 25 COVID-19 fraud workgroups and in 159 investigations related to COVID-19 pandemic relief programs, funds, and scams.
Further, SSA OIG has issued nearly a dozen COVID-19-related audits. SSA OIG and collaborated in joint investigations working with federal, state, and local law enforcement entities to pursue SSN misuse and other crimes involving federal pandemic relief funds including Unemployment Insurance (UI) fraud and PPP fraud.
Since the outset of the COVID-19 pandemic, SSA OIG has received over 31,740 fraud allegations referencing Pandemic-related relief programs and funds. At present, we have over 70 active investigations involving COVID-19 pandemic fraud. Our investigative efforts to date, both solely and in joint investigations with our law enforcement partners, have resulted in 32 defendants convicted, over $34 million in identified fraud loss, court-ordered restitution of over $24 million, and over $6.5 million in funds recovered.
In FY 2023, SSA OIG anticipates expending approximately $2.3 million on Pandemic-related investigative workloads and audits. Though SSA OIG has a critical role in combatting COVID-19 pandemic fraud, SSA OIG has never received dedicated funding for pandemic oversight.
These COVID-19 challenges required additional resources not accounted for in our budget and took away from resources generally devoted to our bread-and-butter investigations, such as Social Security program fraud. Nonetheless, SSA OIG continues to make data-driven decisions to prioritize these workloads. Even in Fiscal Year 2022, SSA OIG identified $15 in returns to the government for every $1 it received through its appropriation.
Further, as recommended by the Pandemic Response Accountability Committee in testimony provided to the Committee on Ways and Means and included in the recently passed H.R. 1163, Protecting Taxpayers and Victims of Unemployment Fraud Act, the extension of the statute of limitations for criminal charges or civil actions for prosecuting fraud from five to ten years means SSA OIG will continue focusing on fraudulent Unemployment Insurance payments further into the future.
SSA OIG also plays an important role in disrupting Social Security-related and other government imposter scams. For over a decade, the American public’s have been plagued by widespread robocalls and live callers impersonating government agencies to steal money or personal information, including SSN’s, from victims. At a basic level, the scams are all the same: a victim is contacted by a criminal pretending to be from a government agency, the criminal tells the victim about a problem or prize, the criminal uses specific payment methods that are difficult to track, and the criminal pressures the victim to act immediately.
These scam calls appear to originate from within the United States and, more maliciously, often “spoof” caller identification from a government or law enforcement agency. Callers may ask for personal information, demand payment, or make threats. These scams occur primarily via telephone but may also occur via misleading postal mailings, emails, internet websites, blogs, radio and television ads, and social media accounts.
These scams have caused untold anguish and financial harm, with criminals sometimes stealing hundreds of thousands of dollars from victims. In response, a team from across SSA OIG developed and implemented a multipronged approach to combat these scams, harnessing its workforce’s diverse skills and experience and collaborating with other public and private entities as a force-multiplier.
The SSA OIG’s Office of the Counsel (OC) is responsible for enforcing Section 1140 of the Social Security Act, which, in part, protects consumers from misleading SSA-related communications (including through Internet websites and scam telephone calls) may convey the false impression SSA approved, endorsed, or authorized the communication, and may lead people to provide money or PII.
Our OC educates U.S. telecommunications companies about Section 1140 and secures compliance and seeks penalties against U.S. telecommunications companies, acting as gateway carriers, who profit by accepting these scam calls into the U.S. telecommunications system and passing them to unsuspecting consumers.
OC has initiated 36 cases against gateway telecommunications companies and have imposed penalties against 16 gateway carriers. As a result, many of these companies have begun to take more proactive steps to prohibit scam calls from entering the United States or have decided to discontinue operations and/or the gateway carrier segment of their operations.
Our OC also proactively and continuously protects consumers by shutting down fraudulent SSA-related websites and social media accounts. For example, since the start of this Fiscal Year, the SSA OIG has successfully requested the removal of 20 fraudulent SSA-related social media accounts on platforms including Facebook and Pinterest. These fraudulent and imposter accounts frequently take the form of pages masquerading as official agency resources or and even agency officials. They can trick members of the public into revealing their PII to scammers. In sum, our education, investigative, and enforcement efforts have yielded meaningful results. Since fall of 2020, there has been an 87.4% decrease in SSA-related imposter allegations.
While safeguarding the public from financial fraud and scams is a daily goal, one of our major initiatives, in collaboration with SSA, is the National Slam the Scam Day. The campaign encourages the public to hang up or ignore suspicious calls or messages – in other words, to “Slam the Scam”.
On Slam the Scam Day we amplify our outreach efforts to protect the American public. This year on March 9, 2023, we marked our fourth annual National Slam the Scam Day, which brought together Federal, state, and local government agencies, nonprofit organizations, and private companies to encourage the public to hang up or ignore criminals impersonating government employees.
We appreciate the support of the United States Congress with a U.S. Senate Resolution marking National Slam the Scam Day and the Members of Congress who shared messages on social media and through press releases. This outreach expanded scam information and how your constituents can protect themselves from Social Security-related and other government imposter scams. This combined effort on Slam the Scam Day’s media coverage garnered an approximate audience of over 86 million people.
In conclusion, I want to thank the Subcommittee for inviting me today to highlight the SSA OIG’s oversight and outreach efforts in combatting and preventing the misuse of SSNs. This hearing is an important reminder to the American public we all need to remain vigilant to protect our SSNs and PII and be mindful to slam the scam.
Thank you, and I would be pleased to address any questions.
]]>For the better part of a decade, Americans’ landlines and mobile phones have been plagued by widespread robocalls and live callers impersonating government agencies to mislead victims into giving them personal information or money. In the fall of 2018, the Social Security Office of the Inspector General (OIG) saw a spike in complaints about callers impersonating Social Security employees or alleging a Social Security number problem. As an indication of the severity of this spike, in fiscal year (FY) 2018, we recorded about 15,000 of these scam complaints; in FY 2019, we recorded over 478,000 (see Exhibit 1 for month-over-month complaint totals). Today, Social Security-related phone scams are the most common type of government imposter scam reported to the Federal Trade Commission (FTC). As a Wall Street Journal headline recently articulated, Social Security scams “exist because they work.” Scammers may “spoof” legitimate government numbers so those numbers appear on caller ID, and in the latest variants of the scam, they may tell victims about a fine or debt they need to pay to avoid arrest or other legal action, resolve a Social Security number problem, or increase a benefit. They demand payment using cash, retail gift cards or pre-paid debit cards, wire transfers, or internet currency, all of which are difficult to trace. They may quickly escalate threats to frighten victims into complying, and have emailed fake letters and reports that appear to come from Social Security or its OIG, to convince potential victims of their legitimacy. Social Security phone scams are widespread across the country and reach people of all ages. Of our FY 2019 complaints where the complainant provided a date of birth, the median age was 59 years old. The median age for the United States was 38 years old, but we cannot draw conclusions about why our complainants tended to be older than the population at large. The FTC recently reported that younger people fall victim to government imposter phone scams at higher rates than older people, but the latter group reports higher fraud losses when they do fall victim. For example, about 81 per 100,000 people ages 20-29 years old reported a fraud loss to the FTC due to government imposter scams in FY 2019; for those ages 80 years or older, the rate was about 40 per 100,000. However, the median fraud loss amount for those ages 20-29 was $1,000, while for ages 80 and over, it was $3,000. We recorded scam complaints in FY 2019 from people residing in all 50 States, Washington, D.C., and several U.S. territories, more or less in proportion to the population of each jurisdiction. Only about 1 percent of complainants reported having lost money to a Social Security phone scam. Nevertheless, these scams have a significant and detrimental impact on the public and on Social Security’s ability to administer its programs. First, they have caused and continue to cause untold anguish and financial harm to the those who fall victim to scammers’ sophisticated tactics, sometimes losing sums in the hundreds of thousands of dollars. The scams have also caused a strain on agency and OIG resources. SSA needs to be able to disseminate accurate and timely information to millions of individuals, and the volume of scam-related complaints has made this more difficult. On the OIG side, our fraud hotline volume increased ten-fold in one year, increasing our costs and straining our ability to answer calls. Finally, the scam erodes the public’s trust in Social Security, and in government overall. For example, our investigators now have encountered witnesses who did not believe they were Federal agents and would not speak to them, making it more difficult for us to conduct legitimate fraud investigations. For these reasons, we know SSA and my office both must act to educate the public about scams that use the name of Social Security to defraud, and combat the scams themselves. Soon after I was sworn in as Inspector General last year, I directed my staff to undertake a multidisciplinary approach to this issue. We are:
We are working on all these fronts to reduce the number of people who fall victim to these pervasive and insidious scams.
Without question, short of completely eliminating telephone scams, the most effective way to combat them is by educating the public about this phenomenon and how people can identify and report scam calls. The OIG is a small agency of approximately 540 employees, with limited resources with which to conduct public outreach on any issue, including Social Security scams. Therefore, to scale our outreach efforts and expand our reach, we have partnered with SSA, FTC, the American Association of Retired Persons (AARP), and others to raise public awareness about Social Security scams.
First, we have redesigned our website home page so people can easily understand how to report Social Security scams to us as well as other types of Social Security fraud. We also redesigned our “Scam Awareness” webpage with links to FTC scam resources and SSA’s new public service announcement and flyer, and we will continue to add resources and links to that page so the public and advocate agencies can find what they need to assist people in local communities. And, we shortened the website address for easy access: https://oig.ssa.gov/scam. We are regularly consulting with SSA to ensure the agency’s messaging is consistent and up to date on current scam trends. We are currently working with SSA and the U.S. Postal Inspection Service (USPIS) to co-brand an SSA scam warning poster with the USPIS logo and mail fraud-related warnings. USPIS then plans to put the co-branded poster (or corresponding digital signage) in U.S. post offices across the country, reaching potentially millions of people. We are also planning a “National Slam the Scam Day” campaign, designating a day to educate the public and promote government imposter scam awareness. We hope to engage Federal agencies, the IG community, Members of Congress, private-sector companies, and elder care advocates in unified support of this campaign. We plan to use news coverage, social media and website outreach, and live events to reach Americans with our key scam awareness messages. Finally, we have streamlined our fraud hotline messaging to include scam awareness information, and to encourage callers to use our new dedicated online scam reporting form. The new messaging has resulted in the number of scam-related calls to our hotline dropping to historically normal levels; our hotline personnel are now answering nearly 100 percent of calls. To accompany these changes, we implemented design changes on our website so that visitors are easily able to find the scam reporting form, linked directly from our home page. We are also currently developing a paper version of the online form that the public will be able to mail or fax to our fraud hotline for processing. These modifications are improving the efficiency and effectiveness of the information collected from complainants.
We are continuing our efforts to increase coverage from the media about Social Security scams, including our new online reporting form, and new scam developments as they occur. After we issued a joint press release by the Inspector General and the Commissioner of Social Security announcing the dedicated online scam reporting form, we saw significant related news coverage, including by Forbes, The Washington Post, and the Associated Press—and we continue to see news coverage daily. Due to this publicity, as of January 18, 2020—barely 10 weeks after launch—we had received over 111,000 complaints through the new online form. We also update our public messaging quickly as the scams evolve. Recently, we received information that scammers were emailing fake letters and reports using SSA and SSA OIG letterhead images, to convince victims of their legitimacy. We redacted those fake documents and made them available on our website as well as to multiple media outlets that requested them, to spread awareness as quickly as possible. In recent weeks, we have also given interviews to AARP and Cox Media Group, the latter for a scam segment that aired on local television stations in major metropolitan areas. This week, we have a spokesperson appearing on a New Mexico TV and radio show that reaches 99 percent of that state. Next week, we will participate in an AARP tele-town hall event in Maryland, speaking about scam awareness. We will continue to work with the media to the greatest extent possible, to disseminate our key messages and educate the public.
In August 2019, we began an outreach campaign to other agencies, search engine and social media companies, nonprofit agencies, and corporate retail entities to collaborate on raising public awareness, and ask for suggestions and best practices. For example, we have met with the FTC, the Consumer Financial Protection Bureau, and Elder Justice Coordinating Council Working Group members at various agencies. We have talked to Google and Microsoft about ways they may be able to use their search engines to warn people about scams. We have also sought guidance from Twitter on how to expand our reach on their social media platform, using hashtags to become “trending” and using that as a method to spark both public conversation and media coverage of the scams. With regard to nonprofit agencies, we have joined forces with SSA to ask AARP to host a government imposter scam awareness webinar. An AARP webinar would be available to the organization’s 38 million members, providing valuable fraud prevention information to senior citizens and the elder care services community. In addition, the Downtown Baltimore Partnership has disseminated our scam information to its city resident mailing list of 15,000 members, its membership network of 650 companies, and its network of sister organizations across the country. We also met with the National Retail Federation (NRF), the world’s largest retail trade association. They plan to send Social Security scam information to their members, and they connected us to a gift card marketer that subsequently agreed to include information about Social Security phone scams in anti-fraud training they provide to retailers on gift card fraud. We reached out to corporate retailers including Wal-Mart, Target, Walgreens, and others, to discuss approaches for point-of-sale consumer education that might help prevent scam victims from following through on gift card purchases. As part of this retailer outreach effort, we worked with SSA to create a sign that retailers could place on gift card kiosks to warn the public about scams at the point of sale. Wal-Mart has added this sign to its rotation of anti-fraud messages showing on large video screens near the customer service desk in 2,100 U.S. stores; they will expand this effort as they renovate stores to include the video screens. In addition, Amazon has placed a Social Security scam warning at the top of its “Be Informed” gift card fraud page. For entities that we have not been able to reach, I recently sent a letter inviting them to collaborate with us to protect their customers from fraud. We will continue to follow up as well as reach out to new organizations to raise public awareness.
On December 23, 2019, we responded to your Committee’s letter asking for information about SSA’s and SSA OIG’s efforts to combat these scams and educate the public. In our response, we explained OIG’s investigative approach and communication and outreach strategies. To respond adequately to your questions about SSA’s efforts—and to answer similar questions from the House Committee on Ways and Means, Subcommittee on Social Security—our Office of Audit has initiated a formal review of SSA’s efforts to combat the scams, and how the scams have affected the agency’s operations. As of January 24, 2020, we are awaiting SSA’s response to our auditors’ questions. We anticipate that our Congressional Response Report with this information will be issued by the end of March 2020, and we will be able to provide more information about SSA’s efforts at that time.
In April 2017, soon after we first identified an upward trend in allegations related to Social Security phone scams, we created a National Operation Code in our investigative management system to track and monitor complaints. We also began communicating with other similarly affected OIGs and the FTC to share best practices and other information, as appropriate. In particular, our Office of Investigations reached out to the Treasury Inspector General for Tax Administration (TIGTA) to learn how that office had addressed IRS phone scams, as they had been widespread since 2013. In the spring of 2019, we reassigned investigative personnel to OIG headquarters to centralize investigative efforts to combat the scams. This fall, we reorganized those personnel into a new division, the OIG Major Case Unit. This structure allows the Office of Investigations to focus investigative, analytical, and legal resources to combat the scams, which have a national and multi-jurisdictional scope and breadth. The Major Case Unit is coordinating investigative efforts among OIG offices throughout the United States, and across jurisdictional lines and with other law enforcement agencies. The unit is also liaising with private-sector entities to leverage available resources. These partnerships act as a force multiplier, giving us resources throughout the country to investigate and disrupt ongoing imposter scam activity. We have implemented a three-tiered approach for our investigative efforts: top-down, bottom-up, and disruption. Top-down refers to our investigations into the scam calls themselves and those entities and individuals who facilitate them. We are conducting these investigations in close coordination with the Department of Justice, including its Transnational Elder Fraud Strike Force. As our investigations are active and ongoing, we cannot share further details at this time. However, we will provide information as we are able to do so. Bottom-up refers to targeting the “money mule” networks that collect, launder, and move money received from victims. On December 4, 2019, the Department of Justice announced a money-mule enforcement initiative by a coalition of law enforcement partners, including SSA OIG. We have several ongoing investigations working jointly with Federal, state, and local law enforcement partners, including USPIS, TIGTA, United States Secret Service, Department of Homeland Security’s Homeland Security Investigations, and others. Again, we are unable to provide specific investigative details at this time, but we can provide a briefing at a future date when we can say more. Disruption refers to our collaborative efforts with SSA and the U.S. telecom industry to impair the ability of robocallers to “spoof” SSA phone numbers on caller ID to deceive people, and to shut down telephone numbers used by the scammers. Last year we initiated a “Do Not Originate” process with Verizon, and with assistance from SSA we can now report that all major U.S. telecoms have implemented 100% blocks on spoofing publicly available SSA field office phone numbers. These efforts have blocked millions of spoofed calls, making it harder for the scammers to fool the public into thinking the scam calls are coming from SSA. We continue to work to add SSA telephone numbers to DNO lists as it becomes necessary. We have now implemented a second phase of disruption, where we request that telecom companies suspend or terminate phone numbers that are reported to us as being call-back numbers for Social Security scams. The most important step we have taken to manage our scam-related workload—and to develop actionable investigative leads—has been implementing a dedicated online reporting form. This was a best practice identified by TIGTA in handling IRS imposter complaints. We worked with SSA systems personnel to develop the form and link it from the OIG website. The dedicated online form went live on November 16, 2019, and we immediately saw benefits: we are receiving complaints more timely from the public, with more targeted information, including scammer call-back numbers, caller ID numbers, and fraud loss amounts, in a format that is easy to track and analyze for investigative leads.
As you can see, we are working on multiple fronts to combat Social Security scams and reduce their impact on the American public. Unfortunately, the scams and the scammers continue to evolve, and we expect they will soon move on to new tactics and techniques. We will continue to face an ongoing challenge of limited resources with which to combat Social Security phone scams and raise public awareness of them. One way of addressing this challenge would be to authorize asset forfeiture, allowing law enforcement agencies to seize funds involved in, and assets gained from, fraud schemes. Agencies could then use those funds for initiatives such as a victim restitution fund or consumer protection outreach. The broader challenge facing the Federal Government, however, is that this is not just a Social Security problem. Just two years ago, IRS scams were the headline. Next month, it could be Veterans Affairs, Homeland Security, or the Census Bureau. This is not even just a government agency problem. On the FTC’s Scams page, you can read about family emergency scams, real estate investment scams, tech support scams—even romance scams. It is clear the Federal Government must work collaboratively to combat robocalls and telephone scams of all kinds. We thank you for your efforts to date to find legislative solutions that can comprehensively address this complicated issue. We appreciate the recent enactment of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, Public Law 116-105, which is a step forward in protecting the public from scam calls. We are aware of legislation proposed by Committee Members, such as S. 2147, the Anti-Spoofing Penalties Modernization Act of 2019, which doubles the penalties for providing inaccurate caller identification information and extends the statute of limitations for penalizing persons who commit such violations. Additionally, S. 149, the Stop Senior Scams Act, establishes a Senior Scams Prevention Advisory Group, which would create model educational materials to educate employees of retailers, financial-services companies, and wire-transfer companies on how to identify and prevent scams that affect seniors. We are also aware of bills that Committee Members support, such as S. 512, the Seniors Fraud Prevention Act of 2019, which directs the FTC to establish an office within the Bureau of Consumer Protection to advise the FTC on the prevention of fraud targeting seniors and to assist the FTC in monitoring the market for mail, television, Internet, telemarketing, and robocall fraud targeting seniors. Your efforts show a commitment to combat this fraud, and we are available to work with your staffs on these or any other proposed bills. We encourage Congress to further assist us by continuing to pursue legislative solutions that will hold accountable U.S.-based telecommunications companies that introduce scam call phone traffic, including from overseas, into the U.S. telephone system. Finally, we have recently identified a distressing problem surfacing among those who fall victim to Social Security phone scams and lose money to scammers. Those who empty their retirement accounts to pay scammers may face harsh tax penalties for doing so before they reach the minimum withdrawal age. We understand the solution to this problem may not be easy, not least because it may be difficult for scam victims to provide proof of their own victimization so they can become eligible for any relief that could be made available to them. However, we encourage Congress and the agencies involved to be aware of this issue, and explore ways to avoid victimizing these individuals twice and help ameliorate the losses they have suffered.
We have dedicated significant resources to combating Social Security phone scams, and we have seen positive results from our efforts. We hope, as we and SSA reach more people, they will have the knowledge to be able to avoid becoming victims, and they will report scams to us, giving us more valuable data to work with for investigative leads and outreach targeting. From our experiences, we stand ready to assist the next government agency that may become the target of imposters, and we look forward to sharing our best practices with them. Thank you for holding this hearing today to discuss ways to protect our citizens from these scams. These scammers have robbed too many people of their hard-earned savings, and we must continue to leverage resources across agencies, and use innovative approaches to stop the scams and protect Americans. Your involvement and interest spurs increased attention to the issue, and helps move us closer to a comprehensive solution. Thank you again for the invitation to testify, and I am happy to answer any questions.
]]>The Office of the Inspector General (OIG) for many years has placed oversight of SSA’s IT infrastructure and information security practices among its top priorities, so I appreciate the opportunity to discuss these critical issues with your Subcommittee.
Last year, SSA paid about $1 trillion to about 70 million Americans; almost all of these transactions are electronic, and SSA encourages its customers to interact with the Agency through various online services. SSA also houses sensitive information for nearly every U.S. citizen—living and deceased—including individual medical and financial records.
Given SSA’s significant and increasing service and data-storage responsibilities, SSA must modernize its IT infrastructure to support current and future workloads. SSA’s IT environment includes hundreds of applications and an array of technologies. To process its core workloads, such as retirement and disability claims, the Agency relies on decades-old applications programmed with Common Business Oriented Language (COBOL). SSA maintains more than 60 million lines of COBOL today, along with millions more lines of other legacy programming languages.
Additionally, as SSA experiences workforce turnover, employee knowledge of, and ability to work with, older technologies diminishes. SSA’s next generation of employees will expect to work with current, mainstream technologies, such as open-source databases and cloud computing.
It is a significant challenge to enhance the databases, applications, and infrastructure that an organization as vast and complex as SSA needs to conduct business, but it is a challenge that Agency leadership must meet. The need for long-term IT planning has been a major concern for SSA for many years. As far back as 1982, SSA announced a Systems Modernization Plan to restructure and extensively upgrade its systems. At that time, the Agency told Congress that, without this major upgrade, there might be a serious disruption of its services, which are essential to millions of Americans. Despite progress in modernizing many of its systems since then, the Agency has yet to tackle some of its most complex and critical IT projects.
In implementing its modernization efforts, it is critical that SSA follow a well-planned IT roadmap that clearly outlines how it will enhance its data, applications, and infrastructure. Additionally, SSA must incorporate strong security measures in these new initiatives. In doing so, SSA will ensure Agency employees can work effectively and SSA customers can receive timely, accurate, and secure services.
My statement will focus on SSA’s IT modernization and information security efforts, and I will discuss the OIG’s monitoring of the Disability Case Processing System (DCPS), one of SSA’s major IT investments.
According to the Office of Management and Budget’s IT Dashboard, SSA’s spending on information technology in Fiscal Year 2018 totals $1.6 billion; SSA has six major IT investments, including IT modernization.
In October 2017, SSA issued its IT Modernization Plan, which outlined a multi-year effort to update SSA’s major systems using modern architecture, Agile software engineering methods, cloud provisioning, and shared services. In the plan, SSA said it would invest $677 million over five years to support various modernization efforts.
SSA developed the plan with the following six goals: improve service to the public; increase the value of IT for business; improve IT workforce engagement; improve business workforce engagement; reduce IT and other operating costs; and reduce risk to the continuity of operations.
To achieve these goals, SSA identified eight major domains for modernization: Communications; Disability; Title II; Title XVI; Earnings; Enumeration; Data Modernization; and Infrastructure Modernization.
The OIG for many years has said that any IT modernization effort at SSA should be part of a long-term comprehensive strategic plan, so this strategy by SSA is a step in the right direction. As it nears the end of the first year of its five-year plan, the Agency recently reported it is redesigning its core programmatic business processes, the technology that underlies them, and the methods SSA uses to develop them.
This is a significant, but necessary undertaking, which will require close monitoring and management. We plan to formally evaluate SSA’s IT modernization efforts next year.
While SSA embarks on these modernization efforts, DCPS development continues. SSA envisioned DCPS as a national, common case-processing system for State disability determination services (DDS), which evaluate disability claims and make disability decisions for SSA. There are 52 DDSs across the country, and they use various customized systems to process disability claims.
SSA conceived of DCPS in 2008 and expected it would simplify system support and maintenance, improve the speed and quality of the disability process, and reduce the growth of infrastructure costs. However, in March 2014, amidst schedule delays and stakeholder concerns, the Agency hired a consultant to provide an in-depth analysis of the project. In June 2014, the consultant reported that after almost six years of development, DCPS still delivered limited functionality. At the consultant’s recommendation, SSA performed proof-of-concept evaluations of two other alternatives, including whether off-the-shelf software or a modernized version of SSA’s existing software could be integrated into DCPS.
At the request of Chairman Johnson, we followed-up on the consultant’s report and responded to several questions about the project. In November 2014, we recommended that SSA suspend DCPS development while it evaluated these other project alternatives.[1] In May 2015, SSA decided to discontinue DCPS development and later “reset” the project with a new technical approach. Teams of SSA staff and vendors began redeveloping the system in an Agile environment, which emphasizes collaboration between developers and business experts to deliver software incrementally.
Before the Agency “reset” DCPS in 2015, SSA spent $356 million on DCPS development, an investment from which the Agency will receive little benefit.
When SSA altered its development approach, Chairman Johnson requested that we issue ongoing reports on SSA’s progress in developing DCPS. In May 2016, we examined SSA’s analysis of alternatives for DCPS and concluded that SSA did not fully analyze all potential alternatives, including whether to discontinue all efforts entirely and continue maintaining its legacy systems.[2]
Based on a request from Chairman Johnson and Chairman Orrin Hatch of the Senate Finance Committee, in April 2017, SSA hired a contractor to conduct market research and analyze SSA’s options to deliver a common system to meet the Agency’s disability case-processing requirements; the contractor considered three options: the current version of DCPS; a commercial off-the-shelf case-management system; and a modernized version of the vendor-owned existing systems used by the majority of DDSs. In July 2017, the contractor concluded that the current version of DCPS would best meet the Agency’s requirements, and SSA leadership decided to continue DCPS development.[3]
SSA delivered the first release of the new DCPS to a few DDSs at the end of 2016 and the beginning of 2017. By September 2017, employees in 10 DDSs were using DCPS to process some of their disability workloads. At that time, we reported that SSA was working to deliver functionality in DCPS to support all initial and reconsideration cases by January 2018, and all remaining workloads—including continuing disability reviews and DDS disability hearings—by April 2018. The Agency was also planning to deploy a completed DCPS to all DDSs by September 2019 and retire all legacy systems by the end of Fiscal Year 2020.
However, in November 2017, SSA discontinued rolling out DCPS to additional DDSs and focused on system development. In March 2018, we reported that SSA’s revised strategy focused on increasing the number of DCPS users at participating DDSs and the number of cases they process in the system.[4]
In July of this year, we issued a report that included survey results of 120 DCPS users. About 60 percent agreed or strongly agreed with the statement, “Overall, I am satisfied with DCPS.” In general, users reported they liked the system’s modern interface, ease of use, and the ability to work on multiple cases at once; they added that they would like to see additional functionality in the system.
In that same report, we noted that in May 2018, the 10 participating DDSs completed 1,543 cases in DCPS, or about 4 percent of their workload. SSA did not establish goals for DCPS use at participating DDSs. Rather, SSA gave DDS administrators the discretion to determine the number of employees who would use the system and the types of volumes of cases they would process in it. SSA recognized that its inability to convince DDS users of the value and advantage of DCPS may negatively affect DDS adoption rates. To address this, the Agency planned to continue working with users to develop and demonstrate working software.
At the time of our May 2018 report, SSA was tentatively planning to resume deploying DCPS to additional DDSs in October 2018.[5] At this time, SSA plans to deploy DCPS to the majority of DDSs by December 2019.
Since SSA “reset” DCPS development in May 2015, SSA has spent $101 million on the project. The Agency anticipates spending an additional $76 million through Fiscal Year 2022, bringing the total estimated cost for this second DCPS attempt to $177 million. Additionally, SSA has estimated that the annual cost of maintaining the legacy systems is $32 million.
SSA’s new version of DCPS has been implemented at more DDSs than the previous iteration, and it is showing more promise than the prior attempt. But while the estimated cost of the new DCPS is about half of what SSA spent on the previous effort, the Agency still faces risks that might increase costs and affect its ability to implement this new system nationwide.
Also, SSA has not identified the level of effort required to develop and deliver all the functionality DDSs need to fully process all their workloads. Each state has unique requirements to process payments, and complicated interface requirements could delay SSA’s ability to deliver functionality and make maintaining those interfaces difficult. Furthermore, until SSA completes DCPS development and implementation, DDSs will continue incurring costs to operate and maintain their existing systems. These uncertainties may negatively affect the Agency’s delivery timeline and costs.
As SSA pursues its IT modernization goals, the Agency must also ensure the security of its information systems. Data breaches at government agencies have underscored the need for Federal agencies like SSA to make every effort to secure and protect information systems. In 2016, we stated that securing information systems and protecting sensitive data was a major management challenge facing SSA. We have issued several audit reports in this issue area.
For example, through SSA’s my Social Security online account, a registered and authenticated user can access their benefits verification letter, payment history, and earnings record; change an address; input or change direct deposit information; and, in some cases, request a replacement Social Security number card. In 2016, we evaluated SSA’s process for preventing unauthorized access to my Social Security accounts and ensuring it safeguards citizens’ personally identifiable information, and we recommended that SSA implement appropriate authentication and identity proofing technology to my Social Security.[6] SSA implemented two-factor authentication to the my Social Security portal in June 2017, but we believe the Agency should improve its identity verification controls to ensure users are who they claim to be.
Further, SSA manages a number of additional web applications to conduct business with the public, government agencies, and others. Hackers attempt to exploit any vulnerabilities in these types of applications to gain access to networks, so it is imperative that SSA identify these vulnerabilities and remediate them timely. We reviewed SSA’s efforts to identify, assess, and remediate vulnerabilities in these applications and found that SSA could strengthen its controls over these security functions. In November 2016, SSA began tracking all vulnerabilities identified in an application that triggers automatic notification to the appropriate systems owner.[7]
The Federal Information Security Modernization Act (FISMA) requires each Federal agency to implement an agency-wide program to provide information security for its data and systems. The law also requires inspectors general to evaluate its agency’s information security programs and practices on an annual basis.
In our most recent report on SSA’s compliance with FISMA, we determined that SSA had established an information security program and practices that were generally consistent with FISMA requirements. However, we identified a number of control deficiencies that may limit the Agency’s ability to protect the confidentiality, integrity, and availability of SSA’s information systems and data.[8] The deficiencies were identified in several domains—information security continuous monitoring; configuration management; identity and access management; risk management; security training; incident response; and contingency planning—and were consistent with those that we have cited in prior reports on SSA’s FISMA compliance.
Based on these control deficiencies, we concluded SSA’s overall information security program was “Not Effective,” according to FISMA criteria.[9] Weaknesses continued to exist, we believe, because of one, or a combination, of the following:
SSA should make all efforts to address the weaknesses identified. We also made several additional recommendations to the Agency, which we have detailed in our most recent report on SSA’s compliance with FISMA. As FISMA requires, we will continue to assess annually the effectiveness of SSA’s information security policies, procedures, and practices.
SSA stated in its IT Modernization Plan that the Agency’s Cybersecurity Program would apply to all of its modernization efforts, as well as the rest of SSA’s IT environment. SSA would implement security and privacy controls into applications and IT environments and systems at the beginning of development, according to the plan.
Specifically, SSA said its cybersecurity would focus on several areas, including strengthening identity credential and access management; expanding continuous diagnostic and mitigation capabilities; modernizing integrity review processes; establishing a Cyber Defense Operations Center; and maintaining continuous cybersecurity risk management and governance.
It is imperative that SSA follow a plan to modernize its IT infrastructure. Continued reliance on legacy coding and applications is unsustainable in the long term, given SSA’s increasing service and data-storage responsibilities. SSA must work toward adopting current, mainstream programing languages, software, and storage capabilities.
For many years, the OIG has recommended that SSA incorporate its IT development strategy into its long-term strategic planning process, so we are encouraged that the Agency developed and implemented an IT Modernization Plan in 2017. Still, as SSA works to reduce its reliance on legacy systems and convert to modern applications and cloud storage, these efforts will take significant management, monitoring, and resources.
Oversight of SSA’s IT planning is a top priority for the OIG. We will continue to track these and related issues, and we will work with SSA and this Subcommittee to help the Agency enhance its IT capabilities and security, so SSA can improve operations and serve its customers effectively.
Finally, I must take this opportunity to commend Chairman Johnson as he concludes a decorated, distinguished career in service to his country. The Chairman served for 29 years in the United States Air Force, and he was a fighter pilot in both the Korean War and the Vietnam War, during which he overcame tremendous adversity as a prisoner of war from 1966 to 1973.
After his military career, he was elected to the Texas House of Representatives. In 1991, Chairman Johnson was elected to the U.S. House of Representatives, and he has represented Texas’s third congressional district for more than 26 years. He has served as Subcommittee Chairman since 2011, and he has been unwavering in his commitment to improving Social Security, so the Agency can assist future generations of Americans who truly deserve and depend on its programs.
Thank you, Chairman, for your service, your sacrifice, and your leadership. I am happy to answer any questions.
[1] SSA OIG, The Social Security Administration's Disability Case Processing System, November 2014.
[2] SSA OIG, The Social Security Administration's Analysis of Alternatives for the Disability Case Processing System, May 2016.
[3] SSA OIG, Contractor's Market Research and Analysis for the Disability Case Processing System, February 2018.
[4] SSA OIG, Progress in Developing the Disability Case Processing System as of February 2018, March 2018.
[5] SSA OIG, Use of the Disability Case Processing System as of May 2018, July 2018.
[6] SSA OIG, Access to the Social Security Administration's my Social Security Online Services, September 2016.
[7] SSA OIG, Security of the Social Security Administration's Public Web Applications, April 2017.
[8] Under a contract the OIG monitored, an independent certified public accounting firm audited SSA's compliance with FISMA for fiscal year 2017. The OIG was responsible for technical and administrative oversight of the contractor's review.
Some of our most vulnerable citizens—including the young, aged, and disabled—depend on representative payees to receive and manage their Social Security benefits to cover their basic needs and expenses. SSA places its trust in payees to manage these payments on behalf of beneficiaries. The Office of the Inspector General (OIG) is committed to overseeing how SSA administers the representative payee program; it is critically important that SSA select trusted individuals and organizations to serve beneficiaries in need, and that SSA effectively monitor payee performance. My statement will focus on: 1) our investigations of representative payee fraud and misuse, and 2) our audit reviews and recommendations to SSA to improve payee selection and monitoring
SSA currently has about 6 million representative payees managing benefits for about 8 million beneficiaries. According to SSA, 54 percent of the beneficiaries with payees are minor children. Further, family members—primarily parents or spouses—serve 85 percent of the beneficiaries who have payees. About 34,000 organizational representative payees serve about 1.1 million beneficiaries. Generally, SSA will appoint an organizational payee to a beneficiary only when a family member is unable, unavailable, or unwilling to serve as payee.
SSA employees process payee applications in the agency’s Electronic Representative Payee System (eRPS); during the application process, employees ask questions to assess the applicants’ suitability. Information on the application includes the applicant’s proof of identity, contact information, and relationship to the beneficiary. SSA employees are required to ask about the applicant’s criminal history, request permission to run a background check, determine the applicant’s income and capability, and determine if the applicant is receiving Social Security benefits. Finally, SSA employees ask for information to determine why the applicant would be an appropriate payee and how the applicant intends to meet the beneficiary’s needs.
SSA maintains that the vast majority of payees are properly managing beneficiary funds, but with limited monitoring of payee performance, the threat of payee misuse and abuse remains. SSA mails annual accounting reports for payees to document how they utilized beneficiary funds, and the agency will contact the payee if the payee does not provide a timely response, but SSA conducts a very limited number of in-person site reviews each year. For instance, in Fiscal Year (FY) 2016, SSA conducted 2,590 face-to-face payee interviews.[1]
A harrowing case of payee fraud and abuse in Philadelphia emphasized the critical need for SSA’s strict oversight of payee selection and monitoring. In 2011, the Philadelphia Police Department rescued four mentally disabled victims from the sub-basement of an apartment; the victims were held captive there for years. OIG contributed to the investigation with multiple agencies, including the FBI, the IRS, Philadelphia police and the Philadelphia District Attorney’s Office, which determined that Linda Weston directed a decade-long racketeering enterprise in which she and several co-conspirators targeted mentally disabled victims and persuaded them to allow Weston to serve as their payee. Then, for years, Weston physically and psychologically abused the victims and stole their Social Security benefits and other government payments.
Weston’s plot involved beating her victims, holding them captive in closets, basements, and attics, and depriving them of adequate food and care. Additionally, Weston moved the victims over the years between Philadelphia, Texas, Virginia, and Florida to evade law enforcement. Tragically, two of the victims died because of Weston’s abuse. The FBI pursued the violent-offense elements of the case.
Our role in the investigation involved gathering evidence, analyzing SSA documents, and interviewing various sources. From our review, we determined that Weston served as payee for six victims and made numerous misrepresentations and false statements to SSA during the payee application and monitoring process and on various payee accounting forms and other documents submitted to SSA. Weston concealed her criminal history from SSA, and she lied numerous times about her relationship to the victims, the victims’ living conditions, and her use of their benefits. The scheme, abuse, and misuse became known only after Philadelphia police were alerted to the victims’ whereabouts.
In September 2015, Weston pled guilty to multiple offenses, including racketeering conspiracy, kidnapping resulting in the death of the victim, government theft, and false statements. In November 2015, a judge sentenced her to life plus 80 years in prison and ordered her to pay restitution of $273,000 to SSA. Judicial proceedings for her co-conspirators are ongoing.[2]
The case remains the most horrific, disturbing example of payee fraud and abuse we have encountered, but it emphasizes the vulnerability of the payee system and the beneficiaries it serves. SSA responded appropriately to the case with new, stricter rules and regulations related to reviewing a payee’s background and criminal history before selecting the payee.
Efforts have been made to determine whether certain payees have high risks of misuse, to guide payee-monitoring procedures. In 2007, the National Academy of Science identified several characteristics of individual payees that might be indicators of misuse or poor performance. Some of the key characteristics include:
In 2009, we identified a population of individual payees who had at least three of the characteristics identified. We concluded SSA should use the characteristics to identify payees with an increased risk of benefit misuse, and the characteristics were reliable indicators of poor-performing payees. Specifically, 70 percent of the payees we reviewed engaged in one or more practices that increased the risk of misuse.[3] At the time, we encouraged SSA to study these characteristics to improve payee monitoring, and SSA said it would consider the characteristics when developing possible changes in policies and procedures for payee selection and monitoring.[4] In FY2012, SSA began using a predictive model to select organizational and individual payees for special site reviews, based on payee and beneficiary characteristics that indicate a higher likelihood of potential misuse. SSA conducted 1,017 special site reviews last year.
SSA is committed to conducting effective oversight of the representative payee program. Some program vulnerabilities exist, which SSA should address, but we acknowledge that SSA must also focus on its core workloads of processing retirement and disability claims, so the agency has to decide where and how it allocates its resources. The OIG is a partner in this oversight effort with SSA, through audits and investigations, as I have described. I would like to expand on how our investigations promote program integrity and how our audit reviews and recommendations help SSA improve its operations and oversight of the payee program.
We receive and rely on allegations of representative payee fraud and misuse from various sources, including SSA, other law enforcement agencies, private citizens, private and public organizations, victims, Congress, and others.
In FY2016, we received 143,285 fraud allegations; 16,577 allegations (or about 12 percent) related to representative payee fraud. We carefully review every allegation we receive to determine appropriate action. We refer the majority of the payee fraud allegations we receive to SSA for administrative action, for several reasons, including local prosecutorial thresholds, the statute of limitations related to the allegation, and the existence of prior administrative action completed before referral to the OIG.
Last year, we opened 435 representative payee cases and closed 456 cases. Our investigative efforts in FY2016 led to 180 convictions related to payee fraud and about $10 million in monetary accomplishments, including restitution, SSA recoveries, judgments, fines, and settlements. We make every effort to seek prosecution against individual and organizational payees who abuse the system, to deter others from misusing government funds and neglecting their responsibilities to serve beneficiaries in need.
The following are examples of individual payee fraud investigations:
The following are examples of organizational payee fraud investigations:
In addition to conducting investigations of representative payee fraud, we have reviewed SSA’s actions concerning individual and organizational payee misuse, and payees’ ability to monitor beneficiary needs.
Individual Payee Misuse
In 2012, we analyzed SSA data and identified 1,368 individual payees serving 14 or fewer beneficiaries misused about $7.6 million owed to 1,561 beneficiaries, over a three-and-half-year period. We found SSA did not always take appropriate actions concerning individual payees who misused benefit payments. For example, SSA did not always obtain restitution from payees or pay beneficiaries when misuse resulted because of SSA’s negligent failure to investigate or monitor a payee. We also found that SSA did not always document negligence decisions; refer misuse cases to the OIG; follow policy with regard to payees who committed misuse; or record misuse-related data accurately.
We encouraged the agency to take additional steps to improve its oversight and management of this population of individual payees who misused benefit payments. We recommended that the agency address issues related to specific payees and beneficiaries identified in the audit, and to remind staff to comply with policies and procedures related to obtaining restitution from payees and repaying affected beneficiaries. SSA agreed with our recommendations and reported that it took corrective actions for the payees and beneficiaries identified by our audit.[5]
Organizational and Large-Volume Payee Misuse
We identified 165 organizational and volume individual payees who misused about $3.5 million owed to 3,671 beneficiaries, over a four-year period. We found that SSA generally complied with regulations and procedures when payees misused benefits. In some cases, the agency still did not reissue benefits misused by payees; obtain restitution from payees that misused benefits; document decisions to allow payees that misused benefits to continue serving as payees; and refer all payee misuse cases to the OIG.
Similar to our 2012 review, we recommended that SSA address issues related to specific payees and beneficiaries identified in the audit, and to remind staff to comply with policies and procedures to document decisions to retain payees that misuse benefits. SSA agreed with our recommendations and reported that it took corrective actions for the payees and beneficiaries identified by our audit.[6]
Fee-for-Service Payee Monitoring of Beneficiaries
In addition, in 2012, we reported that large-volume fee-for-service (FFS) payees did not always have the resources, procedures, and controls to fulfill their payee responsibilities.[7] Some of the payees we reviewed did not have sufficient staff to routinely contact or visit their beneficiaries; they relied on outside caseworkers or beneficiary self-reporting to ensure beneficiaries’ needs were met; they did not have correct contact information for beneficiaries; or they were unaware of certain basic beneficiary needs.
As payees of last resort, FFS payees often manage benefits for SSA’s most vulnerable beneficiaries—many without family members or friends who are willing or able to monitor their well-being. Given the importance of this responsibility, we believe it is essential for SSA to strengthen oversight of FFS payees. We recommended SSA develop and provide clarifying guidance to FFS payees regarding the issues we identified in the report, and SSA agreed with our recommendations and reported that it took corrective actions to provide detailed instructions for its employees to provide to FFS payees.[8]
Our audit work has also identified system vulnerabilities that affect SSA’s ability to oversee the representative payee program.
Beneficiaries with Payees Serving as Payees for Others
We have identified instances in which SSA made payments to beneficiaries serving as representative payees who have a representative payee.[9] We estimated, over a four-year period, SSA paid $6.3 million to about 400 incapable beneficiaries who were serving as payees. This occurred because SSA employees incorrectly selected incapable beneficiaries as payees, and though SSA’s system at the time generated alerts, the system did not prevent employees from improperly selecting the payees.
For example, SSA selected a representative payee for a beneficiary in 2013. The beneficiary had been serving as the payee for her disabled daughter since 1997. However, SSA did not take corrective actions to terminate the beneficiary as her daughter’s payee when it determined she was incapable of managing her own benefits. As a result, SSA paid the incapable beneficiary about $49,000 from 2013 to 2016 as the payee for her daughter. We recommended that SSA determine whether it should develop additional systems controls to prevent incapable beneficiaries from serving as payees. SSA agreed with the recommendation.[10]
Payments to Deceased Payees
We have also identified instances in which SSA made payments to deceased payees, because SSA’s procedures did not ensure the agency selected new payees when the former payees died. We identified a population of beneficiaries with payees who had a date of death on SSA’s Death Master File; we estimated that SSA paid about $47 million to more than 2,500 deceased payees.[11] SSA knew about the death of the payees in most cases within one month, but it took the agency more than a year to replace the deceased payees in 60 percent of the cases that we identified. The funds for beneficiaries who have deceased payees may be at risk for misuse, and SSA cannot ensure the funds are being used for the beneficiary’s needs.
In response to our audit, SSA said it was undertaking a multi-year effort to improve its death-reporting process, and upon completion, the agency’s death information would interact with all SSA systems, including eRPS, to limit future payments to deceased payees. SSA also reported that it took corrective actions for the beneficiaries and payees identified by our audit. [12]
Payees without Recorded SSNs
SSA is required to obtain Social Security numbers (SSN) of representative payee applicants to ensure the applicant may serve as a payee. In certain situations in which the applicant does not have an SSN, SSA must verify the applicant’s identity with other acceptable evidence and process a paper application. In a recent review, we found that SSA needed to improve controls to ensure it records individual payee SSNs in its payment records and retains the application for any payee who does not have an SSN.
We reviewed beneficiaries who had an individual payee who did not have his or her SSN recorded on SSA’s payment records; we found, from 2006 to 2016, SSA paid about $1 billion to payees who did not have an SSN recorded in the agency’s systems, and SSA had not followed policy to retain the payees’ paper applications. We also found, from 2004 to 2016, SSA paid about $853 million to payees who SSA had either terminated or not selected in eRPS.
We recommended that SSA address issues specific to the beneficiaries we reviewed for the audit, and that SSA improve systems controls to ensure it records payees’ SSNs in its payment systems and develop alerts when there is a discrepancy between payee information in SSA’s payment systems and eRPS. SSA agreed with our recommendations and stated it was adding mechanisms to eRPS to limit discrepancies between SSA’s systems.[13]
Payees Not in SSA’s Payee System
SSA should also improve controls to ensure it does not make payments to payees who are not in eRPS. We identified a population of beneficiaries who had a payee, according to SSA’s payment records; however, according to eRPS, there was no payee information for these beneficiaries. As of December 2015, SSA had paid the payees about $218 million. We recommended that SSA address issues specific to the beneficiaries we reviewed for the audit, and that the agency remind employees to retain paper applications from any payee who does not have an SSN. SSA agreed with our recommendations. [14]
Payments to Terminated or Non-Selected Payees
Similarly, we identified a population of beneficiaries with an active payee in SSA’s payment systems, but according to SSA’s payee system, the payee was terminated or not selected. We estimated that the agency paid terminated or non-selected payees about $367 million over a year-and-a-half period. This occurred because SSA did not remove terminated or non-selected payees from its payment records, or it did not correct payees’ status in its payee system from terminated or non-selected to selected. We found, at the time, the agency’s payee system did not always generate alerts when payee information was not consistent across SSA’s systems.
We recommended that SSA address specific issues related to the beneficiaries and payees we reviewed for the audit, and that SSA improve controls to generate systems alerts when discrepancies exist with payee information across SSA’s systems. The agency agreed with our recommendations and reported that it took corrective actions for the payees and beneficiaries identified by our audit.[15]
In summary, to improve payee program oversight, we recommend SSA pursue the following actions:
SSA, in its annual representative payee report to Congress and in its responses to our audit recommendations, has reported the following:
SSA’s representative payee program serves a vital purpose for about 8 million beneficiaries; this population includes some of our most vulnerable citizens. SSA has many service responsibilities, and it allocates its resources as it deems appropriate, but it must prioritize careful administration and monitoring of the payee program.
The OIG has made many recommendations to SSA over the years to ensure it is properly appointing and monitoring trusted payees and making proper payments; further, we are committed to promoting program integrity through payee fraud and misuse investigations. As we have recommended, SSA should continue to enhance its payee-monitoring capabilities, and it should develop and implement systems enhancements to improve program integrity. Finally, going forward, SSA should consider how to balance respect for beneficiaries’ rights and decisions with appropriate service and oversight that addresses the needs of a vulnerable population.
We will continue to work with SSA and your Subcommittees to improve the representative payee program and ensure beneficiaries receive the assistance they need. Thank you for the invitation to testify, and I am happy to answer any questions.
[1] SSA conducts several types of payee site reviews, including periodic reviews as required by the Social Security Act, targeted reviews conducted in response to an event that raises questions about payee performance, and special site reviews based on predictive modeling that identifies potential risk payees. SSA, Annual Report on the Results of Periodic Representative Payee Site Reviews and Other Reviews, January 2017.
[2] U.S. Attorney's Office, Eastern District of Pennsylvania, November 2015.
[3] Payees would not confirm whether some beneficiaries were in their care, did not maintain adequate documentation to support expenditures for beneficiaries, did not provide basic needs for beneficiaries, for example.
[4] SSA OIG, Characteristics of Representative Payees That May Increase the Risk of Benefit Misuse, August 2009.
[5] SSA OIG, Individual Representative Payees Who Misuse Benefits, May 2012.
[6] SSA OIG, Agency Actions Concerning Misuse of Benefits by Organizational and Volume Individual Representative Payees, February 2016.
[7] SSA authorizes FFS organizational payees to collect a fee for providing services. According to SSA, in FY2016, there were about 1,400 FFS organizations. FFS organizations may collect a fee of up to 10 percent of the total monthly benefits from beneficiaries, up to a maximum of $41 per month.
[8] SSA OIG, Representative Payees' Ability to Monitor the Individual Needs of a Large Volume of Beneficiaries, June 2012.
[9] According to SSA policy, beneficiaries whom SSA has determined are incapable of managing their own benefits may not serve as a payee for other beneficiaries.
[10] SSA OIG, Beneficiaries Serving as Representative Payees Who Have a Representative Payee, August 2016.[11] We calculated payments from the date of the payee's death through the earliest of the following: 1) the date SSA replaced the name of the payee in its payment systems; 2) thethbeneficiary stopped receiving benefits; or 3) March 2015.
[12] SSA OIG, Deceased Representative Payees, June 2015.
[13] SSA OIG, Individual Representative Payees Who Do Not Have a Social Security Number in SSA's Payment Records, February 2017.
[14] SSA OIG, Active Representative Payees Who Are Not in SSA's Electronic Representative Payee System, February 2017.
[15] SSA OIG, Payments to Terminated or Non-selected Representative Payees, February 2015.
To provide context for this discussion, I would like to give a brief overview of SSA’s benefit programs. Individuals earn coverage for benefits under the Old-Age, Survivors’ and Disability Insurance (OASDI) program by working and paying Social Security taxes on their earnings. In Fiscal Year (FY) 2017, SSA expects to pay about $940 billion in monthly OASDI benefits to a monthly average of about 62 million beneficiaries. Also, the Supplemental Security Income (SSI) program provides monthly payments to people with limited income and resources who are aged, blind, or disabled; general tax revenues fund the SSI program. In FY2017, SSA expects to pay about $55 billion in Federal benefits to a monthly average of about 8 million SSI recipients. SSA administers its programs and operations with a staff of over 60,000 employees; the agency’s administrative expenses totaled $12.2 billion in FY2016.
During times of fiscal restraint, to administer its programs and prepare for the future, SSA must focus on its most pressing challenges and allocate resources on initiatives that will provide significant returns to SSA and its customers. In the Office of the Inspector General’s (OIG) annual statement on SSA’s major management challenges, we summarize the most serious challenges facing the agency. Our most recent statement, issued in November 2016, detailed seven challenges facing SSA. Today, I want to highlight three challenges SSA must prioritize: Modernizing Information Technology Infrastructure; Improving Customer Service; and Strengthening Program Integrity.
SSA must modernize its information technology (IT) infrastructure to support current and future workloads. SSA’s IT environment includes hundreds of applications and an array of technologies, and it is increasingly difficult and expensive to maintain. To process its core workloads, such as retirement and disability claims, the agency relies on decades-old applications programmed with Common Business Oriented Language (COBOL). SSA maintains more than 60 million lines of COBOL today, along with millions more lines of other legacy programming languages. According to SSA’s Chief Information Officer, these legacy systems are not sustainable because the agency’s dated technologies cannot meet modern customer expectations.
SSA spent $1.2 billion on IT in FY2016. However, according to SSA, the agency must use most of its IT funding to operate and maintain existing systems. Last year, SSA issued an IT modernization proposal, which called for enhancing applications critical to processing core workloads, updating its data infrastructure, and pursuing cloud computing to reduce data-storage costs. To achieve these goals, SSA said it would need an additional $300 million in IT funding. SSA is developing a formal modernization plan, which we will review upon completion. We recommend that SSA clearly define the plan to ensure careful allocation of resources and diligent oversight of this effort.
SSA’s development of the Disability Case Processing System (DCPS) demonstrates the challenge of implementing major IT projects with expected functionality, on schedule, and within budget. SSA first conceived of DCPS in 2008 and envisioned it as a single case-processing tool for the 54 disability determination services (DDS) across the country; the agency said DCPS would simplify system support and maintenance, improve the speed and quality of the disability process, and reduce the overall rate of infrastructure costs. In 2014, an outside consultant analyzed DCPS development and reported the project delivered limited functionality and had fallen behind schedule.
SSA “reset” DCPS in May 2015 and began redeveloping the system in an “Agile” environment, which emphasizes developer-user collaboration and delivers software incrementally. Last year, SSA said it would deliver the first release of the new DCPS to some DDSs by the end of 2016, and the first release would process the DDSs’ core workloads. SSA did release its first working software to three DDSs in December 2016, and the initial user feedback was positive. However, the system only included functionality that allowed the participating DDSs to work certain types of cases. SSA plans to release the core DCPS product by January 2018. By the end of FY2017, SSA will have invested over $400 million in DCPS. We expect to issue a DCPS progress report soon.
SSA has developed a new IT investment process, which will focus on up-front project planning tied to specific goals. An IT investment board will make funding decisions on projects that provide the greatest benefit to the agency. We recommend that SSA adhere to an effective IT planning and investment process that follows a clearly defined roadmap for IT modernization. Absent additional IT funding, SSA must rely on a long-term IT plan with clear objectives and resource allocations, project milestones, and deadlines for deliverables.
SSA faces service delivery challenges due to the aging of the baby boomer population, rapid advances in technology, and the expectation that many of its most experienced staff will retire in the near future. SSA estimates that the number of retirement and disability beneficiaries will increase to 75 million in 2025, and it projects that more than one-third of its workforce will retire by 2022.
SSA’s field offices are the agency’s primary point of face-to-face contact with the public; there are about 1,220 field offices across the country. In December 2016, we reported on customer wait times at SSA field offices. We found that the total number of SSA field office visitors declined from FY2011 to FY2015; however, the average wait time for visitors increased from 19 minutes in FY2010 to 26 minutes in FY2015. Additionally, more than 11 percent of all visitors waited longer than an hour for service in FY2015. We are conducting a follow-up review to examine the factors affecting customer wait times and SSA’s actions to reduce wait times.
To reduce unnecessary field office visits, SSA plans to enhance its online capabilities to provide self-service options for customers through the my Social Security web account. We acknowledge that there is great potential in expanding electronic services; however, as SSA makes these functions available, the agency must ensure that they are secure, and that SSA customers understand how to access and use them successfully.
SSA has made progress in reducing the number of pending initial disability claims in recent years, but the agency still faces challenges with the level of pending disability hearings and appeals. Specifically, from FY2010 to the end of FY2016, the average processing time for a hearing decision increased 27 percent to 543 days. During the same period, the pending hearings level grew 59 percent to over 1.1 million hearings.
In January 2016, SSA’s Office of Disability Adjudication and Review (ODAR) issued the Compassionate And REsponsive Service (CARES) plan, which included 21 initiatives to address wait times and pending hearings; ODAR added six initiatives after it issued the plan. ODAR expects to reduce the average processing time for a decision to 270 days and to cut the level of pending hearings in half by FY2020.
We reviewed the CARES plan, and in September 2016, we reported that 13 of the original 21 initiatives were similar to previous backlog-reduction plans issued by SSA, including hiring new administrative law judges (ALJs) in FYs 2016, 2017, and 2018. SSA hired 264 new ALJs in FY2016, and the agency recently received an exemption to the Federal hiring freeze for ALJs and hearing support staff. We recommended that SSA review “lessons learned” from prior initiatives so it can avoid previous implementation issues. Other CARES initiatives include improving business processes, identifying high-risk cases through IT enhancements, and leveraging other agency components to support ODAR workloads. SSA should closely monitor its progress in implementing the CARES initiatives to determine whether they achieve intended results and help claimants get a decision sooner.
For many years, the OIG has encouraged SSA to balance service initiatives with stewardship responsibilities. Given the overall dollars involved in SSA’s programs, even the slightest error in any part of the payment process can result in significant overpayments or underpayments. In FY2016, SSA reported $3.7 billion in improper payments in the OASDI program and $4.2 billion in the SSI program. For both programs, about 80 percent of reported improper payments were overpayments.
SSA estimates that medical continuing disability reviews (CDRs) conducted in FY2017 will yield a return of about $8 in Federal program savings over 10 years per $1 budgeted for dedicated program integrity funding. In 2014, SSA’s medical CDR backlog stood at more than 900,000. However, with dedicated funding, SSA completed 799,000 medical CDRs in FY2015 and 854,000 medical CDRs in FY2016, to reduce the backlog to 280,000 at the end of FY2016. SSA should continue to complete the budgeted number of CDRs to eliminate the backlog.
The Cooperative Disability Investigations (CDI) program, for almost 20 years, has been extremely successful in preventing fraud and waste in the disability programs. CDI units, composed of OIG, SSA, DDS, and local law enforcement personnel, investigate disability claims, gathering evidence that can lead to accurate claims decisions. Since the program launched in FY1998, CDI efforts have contributed to a projected $3.6 billion in savings to SSA’s programs. CDI currently consists of 39 units covering 33 states, Washington, D.C., and the Commonwealth of Puerto Rico. SSA should continue to pursue program expansion, as resources allow, to provide CDI coverage for all 50 states by 2022, as mandated by the Bipartisan Budget Act of 2015 (BBA).
Finally, we have long recommended SSA pursue data matches with other governmental agencies to ensure program integrity and to utilize non-governmental databases to improve payment accuracy. We are very pleased that Congress recently passed the Inspector General Empowerment Act of 2016; the law includes an OIG exemption to the Computer Matching and Privacy Protection Act of 1988, which will benefit OIGs in their efforts to match data with other agencies and entities to identify improper payments and fraud and waste. Additionally, effective November 2016, the BBA authorized SSA to enter in data agreements with private payroll providers to determine benefit eligibility and proper payment amounts and improve program administration. We will continue to make similar cost-effective recommendations to SSA to improve program integrity.
Comprehensive, long-term strategic planning will help SSA address all of these challenges in support of its mission to serve the American public. A long-term roadmap for SSA is critical to ensure the agency has the programs, processes, staff, and infrastructure required to provide quality service 10 to 20 years from now and beyond. SSA released its Vision 2025 report in 2015, and the high-level strategy presents three priorities for SSA—superior customer service, exceptional employees, and innovative organization. To implement this vision in the current fiscal climate, SSA should develop several long-term plans, with specific approaches and measureable goals under different budget scenarios, that address the IT modernization, customer service, and program integrity challenges I have discussed.
The OIG will continue to work with the agency and your Subcommittee to address these and other challenges facing SSA. Thank you again for the invitation to testify. I am happy to answer any questions.
]]>