STOP Fraud Act of 2024

There is established within the Office of Management and Budget an office to be known as the Federal Real Anti-fraud Unified Directorate or the FRAUD.

There shall be at the head of the FRAUD an Administrator who shall be—

(A) appointed by the President; and

(B) compensated at the rate of pay in effect for level III of the Executive Schedule under section 5314.

The Administrator shall do the following:

(1) Carry out the duties prescribed to the Administrator under section 3360.

(2) Coordinate activities related to reducing and preventing fraud and improper payments—

(A) sharing leading practices and tools with agencies;

(B) providing technical assistance to agencies in implementing the fraud risk management activities described in the GAO Fraud Risk Management Framework; and

(C) assisting agencies in the collection and use of data, including by assisting agencies in—

(i) working to overcome data sharing barriers; and

(ii) establishing metrics and methodologies to measure the effectiveness of programs and activities employed by agencies to prevent and reduce fraud and improper payments.

(3) Establish an online, publicly accessible dashboard on the implementation of proactive analytics in programs designated as susceptible to significant improper payments under section 3359 that—

(A) promotes transparency;

(B) assists in the oversight of the implementation of proactive analytics in such programs; and

(C) tracks cost savings, cost avoidance, and the administrative burden attributable to such programs.

(4) Refer any fraud, waste, or abuse discovered by the Administrator to the appropriate Inspector General.

(5) Carry out any additional duties that may be prescribed by the Director.

The Administrator may—

(1) require agencies administering programs susceptible to significant improper payments to submit information as may be necessary to administer the dashboard required to be established by subsection (b)(3), and promulgate regulations that set standards for—

(A) the type of information to be submitted; and

(B) the format in which such information is to be submitted;

(2) provide technical assistance to agencies administering a high-priority program, including by—

(A) working on behalf of an agency administering the program to overcome any issues that prevent the agency from receiving or using data from other governmental and non-governmental entities, including by notifying Congress on behalf of the agency of any Federal laws that prevent the agency from receiving or using such data;

(B) facilitating the collection of real-time data to implement proactive analytics, including by—

(i) identifying governmental or commercial solutions to facilitate such collection; and

(ii) supporting the agency in identifying potential sources of funding to facilitate such collection;

(C) providing non-reimbursable or reimbursable services to agencies administering the programs; and

(D) identifying strategies that may help the program hire individuals with the requisite skills to implement proactive analytics; and

(3) refer any fraud, waste, or abuse discovered by the Administrator to the appropriate Inspector General.

In this section, the terms administrative burden, agency administering a high-priority program, agency administering a program susceptible to significant improper payments, anti-fraud control, data, and proactive analytics have the meanings given those terms in section 3360.

Not later than October 1 of each year, for that fiscal year and the next fiscal year, the head of each executive agency shall designate as a program susceptible significant improper payments each program that meets the following criteria:

(1) With respect any program of the agency established during the preceding two fiscal years, any such program making more than $100,000,000 in payments in any one fiscal year.

(2) For any program of the agency not established during the preceding two fiscal years, any such program that had outlays that exceeded $1,500,000,000 in the preceding fiscal year.

An agency administering a program susceptible to significant improper payments shall implement proactive analytics for one high-risk area of the program.

Not later than two years after a head of an agency has designated a program as susceptible to improper payments, the head of the agency administering the program shall submit a report on efforts of the agency to reduce and prevent improper payments and fraud with respect to the program, including the following:

(1) With respect to a program that is not a high-priority program at the time of the submission of the report, the following:

(A) A description of the proactive analytics implemented in the two fiscal years preceding the submission of the report to reduce improper payments and fraud with respect to such program.

(B) Metrics demonstrating the effectiveness of the proactive analytics implemented.

(C) An analysis of whether the agency anticipates the program will remain susceptible to improper payments and require continued designation as such.

(D) A plan for—

(i) continuing to use proactive analytics with respect to that program;

(ii) improving the proactive analytics used with respect to that program; and

(iii) identifying, in consultation with the Administrator of the FRAUD, additional fraud and improper payment mitigation strategies, that could be employed by the agency if the program is redesginated as a program susceptible to significant improper payments.

(2) With respect to a program that is a high-priority program at the time of the submission of the report, the following:

(A) A copy of the plan approved under section 3359 for the program.

(B) Analysis of whether implementation of that plan has reduced and prevented improper payments and fraud.

(C) If the plan has not reduced or prevented improper payments or fraud—

(i) an explanation of why the plan has not reduced or prevented improper payments or fraud; and

(ii) a new plan with a different strategy developed in consultation with the Administrator of the FRAUD, to reduce or prevent improper payments or fraud.

(D) A statement of whether the agency has what is needed with respect to internal controls, human capital, and information systems and other infrastructure, to implement the requirements described in sections 3359 and 3360.

(E) Estimates of—

(i) any costs avoided and dollars saved by the implementation of sections 3359 and 3360;

(ii) any change in administrative burden because of the implementation of sections 3359 and 3360; and

(iii) the number of persons eligible to obtain a thing of value that did not receive such thing of value because of the implementation of sections 3359 and 3360.

(3) Whether the information technology (as defined in section 11101 of title 40) used by the agency with respect to the program is capable of delivering real-time data—

(A) to the Administrator of the FRAUD for inclusion in the dashboard required to be established by section 508(b)(3); and

(B) for the purpose of implementing proactive analytics, as required under section 3359 and 3360.

(4) A description of the quality of any improper payment estimates and methodology of the agency relating to the program, including—

(A) challenges to accurately estimating improper payments for the program; and

(B) plans to improve the quality of the estimates.

By January 31 of each fiscal year, the Administrator shall designate for the remainder of that fiscal year and the next full fiscal year, any program with outlays in an amount equal to or in excess of $50,000,000,000 with respect to the preceding fiscal year as a high-priority program.

The head of an agency administering a high-priority program shall develop a plan to implement anti-fraud controls for that program, that—

(A) at a minimum includes a plan to use—

(i) any solution that verifies and authenticates identity, known as digital identity-proofing solutions, if determined necessary by the Administrator to effectively reduce and prevent fraud and improper payments in the high-priority program;

(ii) threat intelligence, including open source intelligence and intelligence collected from locations on the internet referred to as the deep web and dark web, to identify and mitigate emerging fraud threats; and

(iii) proactive analytics; and

(B) takes into consideration the administrative burden of implementing such anti-fraud controls, including considering the fraud risk profile (as defined in the study of the Government Accountability Office titled Framework for Managing Fraud Risks in Federal Programs) of the program.

Not later than 90 days after the date on which a program is designated as a high-priority program under subsection (a), the agency administering the high-priority program shall submit to the Administrator the plan developed under paragraph (1).

Not later than 60 days after the date on which the plan is submitted pursuant to subparagraph (A), the Administrator shall approve or deny such plan.

An agency that submits a plan that is denied by the Administrator under paragraph (2) shall, until such time as the Administrator approves the plan—

(i) revise the plan; and

(ii) submit the plan as revised under clause (i) to the Administrator.

The Administrator shall approve or deny a plan submitted under subparagraph (A) not later than 60 days after the Administrator receives the plan.

The Administrator may provide technical assistance to any agency required to revise a plan under subparagraph (A).

Not later than January 31 of each year, the Administrator shall provide to each agency administering a high-priority program criteria on the basis of which the Administrator will approve or deny a plan under this subsection.

An agency required to submit a plan for approval under this subsection with respect a high-priority program, and has such plan denied by the Administrator three times, shall submit a report to Congress on why the plan has not been approved by the Administrator.

There is established in the Treasury of the United States a fund to be known as the Program Integrity Fund.

Amounts in the fund may be allocated by the Administrator to agencies to implement plans approved by the Administrator under subsection (b).

Not later than 90 days after the date of the enactment of this paragraph, the Administrator shall—

(i) establish a process through which the head of an agency may request that funds be allocated from the Program Integrity Fund to the agency; and

(ii) submit to Congress a report that describes the process established pursuant to clause (i).

In determining the amount, if any, of funds to be allocated to an agency from the Program Integrity Fund under paragraph (2), the Administrator shall consider the extent to which the plan approved by the Administrator under subsection (b) of the agency—

(i) implements the use of proactive analytics;

(ii) is likely to significantly reduce or prevent improper payments and fraud; and

(iii) considers the administrative burden of implementing the plan, including whether there is a clear indication that the agency considered whether there are any anti-fraud controls other than the anti-fraud controls to be implemented under the plan that could be implemented by the agency with less of an administrative burden on individuals who interact with the program.

There are authorized to be appropriated $1,000,000,000 for fiscal year 2025 for the Program Integrity Fund, to remain available until expended.

In this section:

The term Administrator means the Administrator of the FRAUD.

The term administrative burden means a cost that a person incurs in interacting with the agency to obtain a thing of value from the agency, including the following:

(A) The amount of time and effort expended by the person to learn about—

(i) the nature of the thing of value; and

(ii) how to gain access to the thing of value, including—

(I) any program or service of the agency through which the person may obtain the thing of value from the agency; and

(II) any requirement and condition that must be satisfied for the person to obtain and maintain possession of the thing of value from the government program or service.

(B) The amount of time it takes to—

(i) provide information and documentation to satisfy requirements to obtain and maintain possession of the thing of value; and

(ii) respond to discretionary requests of program administrators for the purpose of obtaining and maintaining possession of the thing of value.

(C) Any financial cost to access services that may be necessary to receive the thing of value (such as fees, legal representation, and travel costs).

The term agency administering a program susceptible to significant improper payments means an agency that is responsible for administering at least one program that is designated as susceptible to significant improper payments under section 3359.

The term agency administering a high-priority program means an agency that is responsible for administering at least one program that is designated as high-priority under this section.

The term anti-fraud control means a process, system, or technology that can be implemented to prevent fraud and improper payments.

The term data has the meaning given the term in section 3502 of title 44.

The term device metadata means structural or descriptive data about a connected device (as defined in section 902(a) of the Consolidated Appropriations Act, 2021 (47 U.S.C. 1306(a))), such as data about the type, model, IP address, and geolocation of the device.

The term fraud means obtaining a thing of value through willful misrepresentation.

The term proactive analytics means the collection and analysis of data (including data that is device metadata, administrative data controlled by the agency, and data from other governmental and non-governmental sources) to prevent fraud and improper payments from occurring, including by identifying anomalous or suspicious patterns that might warrant further investigation.

Chapter 33 of subtitle III of title 31, United States Code, is amended—

(1) in section 3351—

(A) in paragraph (2), by adding at the end the following:

(D) has satisfied the requirements of section 3360 with respect to each high-priority program administered by the agency; and

(E) has implemented proactive analytics for one high-risk area in accordance with section 3359(b).

(B) by redesignating paragraphs (4), (5), (6), (7), and (8) as paragraphs (5), (6), (8), (9), and (10), respectively;

(C) by inserting after paragraph (3) the following:

The term high-priority program means a program designated under section 3360(a).

(C) ; and

(D) by inserting after paragraph (6), as so redesignated, the following:

The term program susceptible to significant improper payments means a program designated under section 3359(a).

(2) in section 3352—

(A) by striking subsections (a), (b), (d), and (e);

(B) by redesignating subsections (c), (f), (g), (h), and (i) as subsections (a), (b), (c), (d), and (e), respectively;

(C) in subsection (a)(1), as so redesignated, by striking With respect to each program and activity identified under subsection (a)(1), the head of the relevant executive agency shall and inserting With respect to each program or activity with outlays exceeding $1,500,000,000, the head of the relevant executive agency shall?;

(D) in subsection (b)(2), as so redesignated—

(i) in subparagraph (A), by striking and recovery actions;

(ii) in subparagraph (D), by striking; and and inserting a semicolon;

(iii) in subparagraph (E), by striking the period at the end and inserting; and; and

(iv) by inserting after subparagraph (E), the following:

(F) Governmentwide—

(i) any cost avoided by implementing sections 3359 and 3360;

(ii) any change in administrative burden by implementing sections 3359 and 3360; and

(iii) the number of persons eligible to obtain a thing of value that did not receive such thing of value because of the implementation of sections 3359 and 3360.

(iv) ; and

(E) in subsection (e), as so redesignated—

(i) in paragraph (1)(A), by striking shall and inserting may;

(ii) by striking paragraph (3);

(iii) by redesignating paragraphs (4) and (5) as paragraphs (3) and (4), respectively; and

(iv) in paragraph (4), as so redesignated, by striking paragraph (4) and inserting paragraph (3);

(3) in section 3353(a)—

(A) by striking Annual before Compliance; and

(B) in paragraph (1), by striking Each fiscal year and inserting Not less frequently than once every 3 fiscal years;

(4) by striking section 3355; and

(5) by amending section 3357(d) to read as follows:

For each fiscal year, the head of each agency shall submit to Congress, in the report containing the annual financial statement of the agency, a report that includes the following:

(1) The progress of the agency in—

(A) implementing—

(i) the financial and administrative controls required to be established under subsection (c);

(ii) the fraud risk principles in the standards established by the Government Accountability Office in the Standards for Internal Control in the Federal Government (commonly known as the Green Book); and

(iii) the requirements in the Office of Management and Budget Circular A–123 with respect to the leading practices for managing fraud risk;

(B) identifying fraud risks and vulnerabilities, including with respect to payroll, beneficiary payments, grants, large contracts, and purchase and travel cards; and

(C) establishing strategies, procedures, and other steps to curb fraud.

(2) In accordance with the report of the Government Accountability Office titled Framework for Managing Fraud Risks in Federal Programs,, published on July 28, 2015, the following:

(A) An identification of—

(i) the entity of the agency and the personnel of the entity dedicated to leading the fraud risk management activities of the agency;

(ii) roles and responsibilities of the personnel of such entity, including any program or operation for which the personnel is responsible for overseeing;

(iii) capacity, including any limitation, of such entity to strategically manage fraud risks; and

(iv) any program or operation for which there is not personnel dedicated to leading fraud risk management activities, along with a detailed justification for why the agency does not have an dedicated personnel to lead fraud risk management activities.

(B) The status of the fraud risk profiles of each program and operation of the agency, including—

(i) the date on which the profiles were last updated; and

(ii) the date on which the agency plans to next update the profile.

(C) Any program or operation for which there is not a fraud risk profile, along with a detailed justification for why such program or operation does not have a fraud risk profile.

(D) The status of any anti-fraud strategy for each program and operation of the agency, including—

(i) the date on which any such strategy was last updated; and

(ii) the date on which the agency plans to next update each such strategy.

(E) Any program or operation for which there is not any anti-fraud strategy, along with a detailed justification for why there is not any anti-fraud strategy for such program or operation.

Section 3806(g)(1) of title 31, United States Code, is amended to read as follows:

(A) Except as provided in paragraph (2)—

(i) any amount collected under this chapter or chapter 33 shall be used to reimburse any authority that obligated funds in support of efforts of the authority to reduce or prevent improper payments or fraud, including prosecution of the action, any court or hearing costs, investments in information technologies, or the hiring of additional staff related to such efforts; and

(ii) amounts reimbursed under clause (i) shall—

(I) be deposited in—

(aa) the appropriations account of the authority from which the funds described in subparagraph (A) were obligated;

(bb) any other similar appropriations account of the authority; or

(cc) if the authority obligated nonappropriated funds, an appropriate account other than any account under item (aa) or (bb); and

(II) remain available until expended.

(B) Any amount remaining after reimbursements described in subparagraph (A) shall be deposited as miscellaneous receipts in the Treasury of the United States.

The Director of the Office of Management and Budget shall delegate to the Administrator of the FRAUD any function of the Director under subchapter IV of chapter 33 of title 31, United States Code, relating to the identification, analysis, and reduction of improper payments and fraud.

Section 3351 of title 31, United States Code, is amended—

(1) in paragraph (2)—

(A) in subparagraph (C), by striking programs and activities identified and inserting programs described under;

(B) in subparagraph (F), by striking section 3352(c) and inserting section 3352(a);

(C) by striking subparagraphs (B), (D), and (E); and

(D) by redesignating subparagraphs (C) and (F) as subparagraphs (B) and (C) respectively; and

(2) in paragraph (9), by striking section 3352(i) and inserting section 3352(e).

The table of contents for—

(1) subchapter I of chapter 5 of subtitle I of title 31, United States Code, is amended by adding at the end the following:

(1) and

(2) subchapter IV of chapter 33 of subtitle III of title 31, United States Code, is amended by—

(A) striking the item related to section 3355; and

(B) adding at the end the following new item: