When a borrower confirmed they qualified for a Paycheck Protection Program loan, the lender handled the application. For PPP loans that met the criteria, the Small Business Administration backed the entire loan amount. Federal financial risk could kick in before a government eligibility review compared that self-certification against outside records. PPP eventually added more protections, but the core lesson from its original design still holds.
In early June, the House of Representatives advanced a package of anti-fraud legislation. Several bills cleared the chamber, including the TRUE Accountability Act by a unanimous 384-0 vote and the Federal Fraud Prevention Workforce Training Act by a unanimous 393-0 vote. The Fraud Prevention and Accountability Act, which would create a permanent Inspector General for Fraud, Accountability and Recovery along with new Treasury Department program-integrity functions, passed 240-181. The House also approved H. Res. 1335, a non-binding resolution stating that federal program eligibility should be confirmed before any payment goes out. These are meaningful steps forward. But they also reveal how much of the conversation still focuses on the payment stage—after a program has already been designed, funded, and accepting applications. The payment stage is where agencies review payments before federal dollars go out the door. The design stage is where Congress sets the rules for eligibility, documentation, and verification before the first application is ever filed.
One key safeguard is still absent as a broad legal requirement: program-specific verified proof before taxpayer money changes hands or federal financial exposure begins.
Recovery is the side of fraud that’s easy to measure. The harder figure to pin down is the dollar that never left the Treasury because a control blocked the application upfront. When prevention does its job, there’s nothing visible to show for it. No payment to claw back, no arrests, no case, no dollar figure to report. Recovery generates all of those, which is why it attracts attention and funding. But it begins from a loss that prevention could have kept from growing in the first place.
At the payment stage, Treasury’s Do Not Pay system and related screening tools help agencies spot improper payments and fraud risks before federal funds are released. Treasury reports that Do Not Pay helped prevent, identify, and recover $11.7 billion in improper payments across the federal government in fiscal year 2025.
The question isn’t whether data analytics can do the job. It’s whether Congress gives agencies the legal authority, data access, timing, and proof standard needed to apply those analytics before financial exposure is created.
Payment screening can back up eligibility verification, but it can’t replace a program-specific proof standard written into the law that authorizes the program. Governmentwide screening tools can help confirm identity, eligibility markers, and payment details. But they can’t always answer the program-specific question Congress should resolve from the start: What records demonstrate that the applicant, borrower, grantee, vendor, or beneficiary actually qualifies?
Federal payment integrity laws require agencies to evaluate improper payment risk once a program is up and running. The Office of Management and Budget’s Circular A-129 also instructs agencies and private lenders in guaranteed loan programs to determine whether applicants meet eligibility criteria. But guidance works within the boundaries of authorizing law, and Congress can still craft an emergency program that treats borrower self-certification as the operative proof standard.
PPP demonstrated what that looks like in practice. Private lenders issued and distributed the loans. Borrowers certified their own eligibility and provided supporting documents. Under the CARES Act, the SBA guaranteed 100% of qualifying PPP loans, transferring normal default risk from lenders to the government.
That setup enabled speed. It also meant taxpayer dollars were put at risk before the government independently verified eligibility against trustworthy records. The Government Accountability Office later found that the SBA’s initially limited PPP safeguards led to improper payments and fraud vulnerabilities. The Pandemic Response Accountability Committee later estimated that pre-award screening using advanced data analytics could have stopped more than $79 billion in potentially fraudulent pandemic relief payments. The SBA Inspector General later concluded that PPP’s original design lacked a fraud risk framework suited to the program’s scale.
I spent years working those cases at the SBA, handling forgiveness reviews, eligibility appeals, and program-integrity efforts. The takeaway from that experience isn’t that agencies or lenders failed by following the law Congress wrote. The takeaway is that self-certification and documentation are not the same as an independent proof standard. An independent proof standard doesn’t replace the applicant’s certification. It works alongside it, so the government isn’t relying solely on that self-certification before financial exposure kicks in.
The House bills would meaningfully strengthen the payment stage. The TRUE Accountability Act would require OMB guidance and agency internal-control plans for emergency or crisis spending. The ZOMBIE Act would require pre-disbursement risk assessments for newly authorized programs and tighten improper-payment risk reporting for existing programs. Other provisions would allow agencies to delay, condition, or break up payments when fraud risk is high and expand governmentwide fraud-prevention capabilities.
But because H. Res. 1335 is a sense-of-the-House resolution, it doesn’t create a binding legal mandate.
The House bills mark genuine progress, yet none of the substantive legislation establishes a broad legal baseline: program-specific eligibility proof required before taxpayer exposure begins. Congress could still pass another emergency program with wide-ranging self-certification, minimal documentation, and no independent eligibility verification before federal financial exposure attaches. If Congress designs the next program the way it designed PPP, federal exposure may kick in before those tools can address the fundamental eligibility question.
The question Congress should be asking is straightforward: What proof must be in place before public money moves or federal financial exposure begins?
A legal baseline would require each high-risk emergency program to spell out the proof needed, the entity doing the verification, the data sources available for checking, and the point at which federal exposure may attach.
Congress can close that gap without slowing down every program. The standard should adjust based on risk level, dollar amount, program vulnerability, and the consequences of delay. But when a program puts large sums of public money on the line, the law should require two things before approval, disbursement, reimbursement, award, or guarantee: a documentation standard and an independent review of that documentation against reliable records.
Depending on the program, that proof could involve cross-checking wage and tax records against a payroll claim, confirming identity and business ownership, validating licensing or loss documentation, or flagging duplicate
These principles should apply across all government programs. Some of the data needed for verification, such as tax return information, is already protected by existing laws. Congress would need to include data-access authority in the same legislation that establishes the design framework. That framework should also mandate an audit trail documenting what was verified, who approved it, and the reasoning behind the decision.
The most common pushback centers on privacy and processing speed. Both concerns can be addressed within the design itself. Congress can establish clear limits on how data is used and require human oversight before any negative action is taken, along with a mechanism for correcting mistakes. When trustworthy records are available, verification can be handled as an automated query during the application process rather than through a time-consuming manual review afterward. The speed argument also obscures a hidden cost. Every fraudulent approval that drained program funds meant a legitimate small business missed out on relief. Verification safeguards eligible recipients, not just government coffers.
This isn’t about creating new avenues for surveillance. It’s about cross-referencing claims involving taxpayer money against records the government or its trusted partners already possess.
When taxpayer dollars are on the line, the standard for proving eligibility shouldn’t vary depending on which agency distributes the funds or what channel carries the money. The House has begun addressing part of this issue. The Senate now has its opportunity: require verified proof of eligibility before any taxpayer dollars are disbursed or federal liability is incurred.
Traci Harig is a former GS-13 loan specialist at the U.S. Small Business Administration, where her work on 7(a)/PPP loans involved eligibility and forgiveness reviews, affiliation analysis under 13 CFR §121, appeals, and case reviews and analysis on matters referred by OGC, DOJ and OIG, including False Claims Act cases.
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
