[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 8322 Introduced in House (IH)]

<DOC>






117th CONGRESS
  2d Session
                                H. R. 8322

 To amend title 31, United States Code, to establish the Federal Real 
  Anti-fraud Unified Directorate, to require agencies implement anti-
    fraud controls for programs susceptible to significant improper 
      payments and high-priority programs, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             July 11, 2022

 Mr. Connolly introduced the following bill; which was referred to the 
                   Committee on Oversight and Reform

_______________________________________________________________________

                                 A BILL


 
 To amend title 31, United States Code, to establish the Federal Real 
  Anti-fraud Unified Directorate, to require agencies implement anti-
    fraud controls for programs susceptible to significant improper 
      payments and high-priority programs, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Strengthening Tools to Obstruct and 
Prevent Fraud Act of 2022'' or the ``STOP Fraud Act''.

SEC. 2. FEDERAL REAL ANTI-FRAUD UNIFIED DIRECTORATE.

    Subchapter I of chapter 5 of title 31, United States Code, is 
amended by adding at the end the following:
``Sec. 508. Federal Real Anti-fraud Unified Directorate
    ``(a) Establishment.--
            ``(1) In general.--There is established within the Office 
        of Management and Budget an office to be known as the Federal 
        Real Anti-fraud Unified Directorate or the FRAUD.
            ``(2) Administrator.--There shall be at the head of the 
        FRAUD an Administrator who shall be--
                    ``(A) appointed by the President; and
                    ``(B) compensated at the rate of pay in effect for 
                level III of the Executive Schedule under section 5314.
    ``(b) Duties.--The Administrator shall do the following:
            ``(1) Carry out the duties prescribed to the Administrator 
        under section 3360.
            ``(2) Coordinate activities related to reducing and 
        preventing fraud and improper payments--
                    ``(A) sharing leading practices and tools with 
                agencies;
                    ``(B) providing technical assistance to agencies in 
                implementing the fraud risk management activities 
                described in the GAO Fraud Risk Management Framework; 
                and
                    ``(C) assisting agencies in the collection and use 
                of data, including by assisting agencies in--
                            ``(i) working to overcome data sharing 
                        barriers; and
                            ``(ii) establishing metrics and 
                        methodologies to measure the effectiveness of 
                        programs and activities employed by agencies to 
                        prevent and reduce fraud and improper payments.
            ``(3) Establish an online, publicly accessible dashboard on 
        the implementation of proactive analytics in programs 
        designated as susceptible to significant improper payments 
        under section 3359 that--
                    ``(A) promotes transparency;
                    ``(B) assists in the oversight of the 
                implementation of proactive analytics in such programs; 
                and
                    ``(C) tracks cost savings, cost avoidance, and the 
                administrative burden attributable to such programs.
            ``(4) Refer any fraud, waste, or abuse discovered by the 
        Administrator to the appropriate Inspector General.
            ``(5) Carry out any additional duties that may be 
        prescribed by the Director.
    ``(c) Additional Authorities.--The Administrator may--
            ``(1) require agencies administering programs susceptible 
        to significant improper payments to submit information as may 
        be necessary to administer the dashboard required to be 
        established by subsection (b)(3), and promulgate regulations 
        that set standards for--
                    ``(A) the type of information to be submitted; and
                    ``(B) the format in which such information is to be 
                submitted;
            ``(2) provide technical assistance to agencies 
        administering a high-priority program, including by--
                    ``(A) working on behalf of an agency administering 
                the program to overcome any issues that prevent the 
                agency from receiving or using data from other 
                governmental and non-governmental entities, including 
                by notifying Congress on behalf of the agency of any 
                Federal laws that prevent the agency from receiving or 
                using such data;
                    ``(B) facilitating the collection of real-time data 
                to implement proactive analytics, including by--
                            ``(i) identifying governmental or 
                        commercial solutions to facilitate such 
                        collection; and
                            ``(ii) supporting the agency in identifying 
                        potential sources of funding to facilitate such 
                        collection;
                    ``(C) providing non-reimbursable or reimbursable 
                services to agencies administering the programs; and
                    ``(D) identifying strategies that may help the 
                program hire individuals with the requisite skills to 
                implement proactive analytics; and
            ``(3) refer any fraud, waste, or abuse discovered by the 
        Administrator to the appropriate Inspector General.
    ``(d) Definitions.--In this section, the terms `administrative 
burden', `agency administering a high-priority program', `agency 
administering a program susceptible to significant improper payments', 
`anti-fraud control', `data', and `proactive analytics' have the 
meanings given those terms in section 3360.''.

SEC. 3. ANTI-FRAUD CONTROLS FOR PROGRAMS SUSCEPTIBLE TO SIGNIFICANT 
              IMPROPER PAYMENTS AND HIGH-PRIORITY PROGRAMS.

    Subchapter IV of chapter 33 of title 31, United States Code, is 
amended by adding at the end the following:
``Sec. 3359. Proactive analytics with respect to programs susceptible 
              to significant improper payments
    ``(a) Designation of Programs Susceptible to Significant Improper 
Payments.--Not later than October 1 of each year, for that fiscal year 
and the next fiscal year, the head of each executive agency shall 
designate as a program susceptible significant improper payments each 
program that meets the following criteria:
            ``(1) With respect any program of the agency established 
        during the preceding two fiscal years, any such program making 
        more than $100,000,000 in payments in any one fiscal year.
            ``(2) For any program of the agency not established during 
        the preceding two fiscal years, any such program that had 
        outlays that exceeded $1,500,000,000 in the preceding fiscal 
        year.
    ``(b) Implementation of Proactive Analytics for High-Risk Area.--An 
agency administering a program susceptible to significant improper 
payments shall implement proactive analytics for one high-risk area of 
the program.
    ``(c) Reports on Actions To Reduce Improper Payments.--Not later 
than two years after a head of an agency has designated a program as 
susceptible to improper payments, the head of the agency administering 
the program shall submit a report on efforts of the agency to reduce 
and prevent improper payments and fraud with respect to the program, 
including the following:
            ``(1) With respect to a program that is not a high-priority 
        program at the time of the submission of the report, the 
        following:
                    ``(A) A description of the proactive analytics 
                implemented in the two fiscal years preceding the 
                submission of the report to reduce improper payments 
                and fraud with respect to such program.
                    ``(B) Metrics demonstrating the effectiveness of 
                the proactive analytics implemented.
                    ``(C) An analysis of whether the agency anticipates 
                the program will remain `susceptible to improper 
                payments' and require continued designation as such.
                    ``(D) A plan for--
                            ``(i) continuing to use proactive analytics 
                        with respect to that program;
                            ``(ii) improving the proactive analytics 
                        used with respect to that program; and
                            ``(iii) identifying, in consultation with 
                        the Administrator of the FRAUD, additional 
                        fraud and improper payment mitigation 
                        strategies, that could be employed by the 
                        agency if the program is redesginated as a 
                        program susceptible to significant improper 
                        payments.
            ``(2) With respect to a program that is a high-priority 
        program at the time of the submission of the report, the 
        following:
                    ``(A) A copy of the plan approved under section 
                3359 for the program.
                    ``(B) Analysis of whether implementation of that 
                plan has reduced and prevented improper payments and 
                fraud.
                    ``(C) If the plan has not reduced or prevented 
                improper payments or fraud--
                            ``(i) an explanation of why the plan has 
                        not reduced or prevented improper payments or 
                        fraud; and
                            ``(ii) a new plan with a different strategy 
                        developed in consultation with the 
                        Administrator of the FRAUD, to reduce or 
                        prevent improper payments or fraud.
                    ``(D) A statement of whether the agency has what is 
                needed with respect to internal controls, human 
                capital, and information systems and other 
                infrastructure, to implement the requirements described 
                in sections 3359 and 3360.
                    ``(E) Estimates of--
                            ``(i) any costs avoided and dollars saved 
                        by the implementation of sections 3359 and 
                        3360;
                            ``(ii) any change in administrative burden 
                        because of the implementation of sections 3359 
                        and 3360; and
                            ``(iii) the number of persons eligible to 
                        obtain a thing of value that did not receive 
                        such thing of value because of the 
                        implementation of sections 3359 and 3360.
            ``(3) Whether the information technology (as defined in 
        section 11101 of title 40) used by the agency with respect to 
        the program is capable of delivering real-time data--
                    ``(A) to the Administrator of the FRAUD for 
                inclusion in the dashboard required to be established 
                by section 508(b)(3); and
                    ``(B) for the purpose of implementing proactive 
                analytics, as required under section 3359 and 3360.
            ``(4) A description of the quality of any improper payment 
        estimates and methodology of the agency relating to the 
        program, including--
                    ``(A) challenges to accurately estimating improper 
                payments for the program; and
                    ``(B) plans to improve the quality of the 
                estimates.
``Sec. 3360. Anti-fraud controls for high-priority programs
    ``(a) Designation.--By January 31 of each fiscal year, the 
Administrator shall designate for the remainder of that fiscal year and 
the next full fiscal year, any program with outlays in an amount equal 
to or in excess of $50,000,000,000 with respect to the preceding fiscal 
year as a high-priority program.
    ``(b) Plan To Implement Anti-Fraud Policy for Each High-Priority 
Program.--
            ``(1) Plan.--The head of an agency administering a high-
        priority program shall develop a plan to implement anti-fraud 
        controls for that program, that--
                    ``(A) at a minimum includes a plan to use--
                            ``(i) any solution that verifies and 
                        authenticates identity, known as `digital 
                        identity-proofing solutions', if determined 
                        necessary by the Administrator to effectively 
                        reduce and prevent fraud and improper payments 
                        in the high-priority program;
                            ``(ii) threat intelligence, including open 
                        source intelligence and intelligence collected 
                        from locations on the internet referred to as 
                        the `deep web' and `dark web', to identify and 
                        mitigate emerging fraud threats; and
                            ``(iii) proactive analytics; and
                    ``(B) takes into consideration the administrative 
                burden of implementing such anti-fraud controls, 
                including considering the fraud risk profile (as 
                defined in the study of the Government Accountability 
                Office titled `Framework for Managing Fraud Risks in 
                Federal Programs') of the program.
            ``(2) Initial submission of plan to administrator for 
        approval.--
                    ``(A) Initial submission.--Not later than 90 days 
                after the date on which a program is designated as a 
                high-priority program under subsection (a), the agency 
                administering the high-priority program shall submit to 
                the Administrator the plan developed under paragraph 
                (1).
                    ``(B) Approval or denial of plan.--Not later than 
                60 days after the date on which the plan is submitted 
                pursuant to subparagraph (A), the Administrator shall 
                approve or deny such plan.
            ``(3) Resubmission of plan to administrator for approval in 
        case of denial.--
                    ``(A) In general.--An agency that submits a plan 
                that is denied by the Administrator under paragraph (2) 
                shall, until such time as the Administrator approves 
                the plan--
                            ``(i) revise the plan; and
                            ``(ii) submit the plan as revised under 
                        clause (i) to the Administrator.
                    ``(B) Approval or denial of revised plan.--The 
                Administrator shall approve or deny a plan submitted 
                under subparagraph (A) not later than 60 days after the 
                Administrator receives the plan.
                    ``(C) Technical assistance.--The Administrator may 
                provide technical assistance to any agency required to 
                revise a plan under subparagraph (A).
            ``(4) Criteria for the approval or denial of plan.--Not 
        later than January 31 of each year, the Administrator shall 
        provide to each agency administering a high-priority program 
        criteria on the basis of which the Administrator will approve 
        or deny a plan under this subsection.
            ``(5) Report to congress.--An agency required to submit a 
        plan for approval under this subsection with respect a high-
        priority program, and has such plan denied by the Administrator 
        three times, shall submit a report to Congress on why the plan 
        has not been approved by the Administrator.
    ``(c) Program Integrity Fund.--
            ``(1) Establishment.--There is established in the Treasury 
        of the United States a fund to be known as the Program 
        Integrity Fund.
            ``(2) Use of fund.--Amounts in the fund may be allocated by 
        the Administrator to agencies to implement plans approved by 
        the Administrator under subsection (b).
            ``(3) Management of the program integrity fund.--
                    ``(A) Application process.--Not later than 90 days 
                after the date of the enactment of this paragraph, the 
                Administrator shall--
                            ``(i) establish a process through which the 
                        head of an agency may request that funds be 
                        allocated from the Program Integrity Fund to 
                        the agency; and
                            ``(ii) submit to Congress a report that 
                        describes the process established pursuant to 
                        clause (i).
                    ``(B) Award of funds.--In determining the amount, 
                if any, of funds to be allocated to an agency from the 
                Program Integrity Fund under paragraph (2), the 
                Administrator shall consider the extent to which the 
                plan approved by the Administrator under subsection (b) 
                of the agency--
                            ``(i) implements the use of proactive 
                        analytics;
                            ``(ii) is likely to significantly reduce or 
                        prevent improper payments and fraud; and
                            ``(iii) considers the administrative burden 
                        of implementing the plan, including whether 
                        there is a clear indication that the agency 
                        considered whether there are any anti-fraud 
                        controls other than the anti-fraud controls to 
                        be implemented under the plan that could be 
                        implemented by the agency with less of an 
                        administrative burden on individuals who 
                        interact with the program.
            ``(4) Authorization of appropriations.--There are 
        authorized to be appropriated $1,000,000,000 for fiscal year 
        2023 for the Program Integrity Fund, to remain available until 
        expended.
    ``(d) Definitions.--In this section:
            ``(1) Administrator.--The term `Administrator' means the 
        Administrator of the FRAUD.
            ``(2) Administrative burden.--The term `administrative 
        burden' means a cost that a person incurs in interacting with 
        the agency to obtain a thing of value from the agency, 
        including the following:
                    ``(A) The amount of time and effort expended by the 
                person to learn about--
                            ``(i) the nature of the thing of value; and
                            ``(ii) how to gain access to the thing of 
                        value, including--
                                    ``(I) any program or service of the 
                                agency through which the person may 
                                obtain the thing of value from the 
                                agency; and
                                    ``(II) any requirement and 
                                condition that must be satisfied for 
                                the person to obtain and maintain 
                                possession of the thing of value from 
                                the government program or service.
                    ``(B) The amount of time it takes to--
                            ``(i) provide information and documentation 
                        to satisfy requirements to obtain and maintain 
                        possession of the thing of value; and
                            ``(ii) respond to discretionary requests of 
                        program administrators for the purpose of 
                        obtaining and maintaining possession of the 
                        thing of value.
                    ``(C) Any financial cost to access services that 
                may be necessary to receive the thing of value (such as 
                fees, legal representation, and travel costs).
            ``(3) Agency administering a program susceptible to 
        significant improper payments.--The term `agency administering 
        a program susceptible to significant improper payments' means 
        an agency that is responsible for administering at least one 
        program that is designated as susceptible to significant 
        improper payments under section 3359.
            ``(4) Agency administering a high-priority program.--The 
        term `agency administering a high-priority program' means an 
        agency that is responsible for administering at least one 
        program that is designated as high-priority under this section.
            ``(5) Anti-fraud control.--The term `anti-fraud control' 
        means a process, system, or technology that can be implemented 
        to prevent fraud and improper payments.
            ``(6) Data.--The term `data' has the meaning given the term 
        in section 3502 of title 44.
            ``(7) Device metadata.--The term `device metadata' means 
        structural or descriptive data about a connected device (as 
        defined in section 902(a) of the Consolidated Appropriations 
        Act, 2021 (47 U.S.C. 1306(a))), such as data about the type, 
        model, IP address, and geolocation of the device.
            ``(8) Fraud.--The term `fraud' means obtaining a thing of 
        value through willful misrepresentation.
            ``(9) Proactive analytics.--The term `proactive analytics' 
        means the collection and analysis of data (including data that 
        is device metadata, administrative data controlled by the 
        agency, and data from other governmental and non-governmental 
        sources) to prevent fraud and improper payments from occurring, 
        including by identifying anomalous or suspicious patterns that 
        might warrant further investigation.''.

SEC. 4. AMENDMENTS RELATED TO IMPROPER PAYMENTS PROVISIONS.

    (a) In General.--Chapter 33 of subtitle III of title 31, United 
States Code, is amended--
            (1) in section 3351--
                    (A) in paragraph (2), by adding at the end the 
                following:
                    ``(D) has satisfied the requirements of section 
                3360 with respect to each high-priority program 
                administered by the agency; and
                    ``(E) has implemented proactive analytics for one 
                high-risk area in accordance with section 3359(b).'';
                    (B) by redesignating paragraphs (4), (5), (6), (7), 
                and (8) as paragraphs (5), (6), (8), (9), and (10), 
                respectively;
                    (C) by inserting after paragraph (3) the following:
            ``(4) High-priority program.--The term `high-priority 
        program' means a program designated under section 3360(a).''; 
        and
                    (D) by inserting after paragraph (6), as so 
                redesignated, the following:
            ``(7) Program susceptible to significant improper 
        payments.--The term `program susceptible to significant 
        improper payments' means a program designated under section 
        3359(a).'';
            (2) in section 3352--
                    (A) by striking subsections (a), (b), (d), and (e);
                    (B) by redesignating subsections (c), (f), (g), 
                (h), and (i) as subsections (a), (b), (c), (d), and 
                (e), respectively;
                    (C) in subsection (a)(1), as so redesignated, by 
                striking ``With respect to each program and activity 
                identified under subsection (a)(1), the head of the 
                relevant executive agency shall'' and inserting ``With 
                respect to each program or activity with outlays 
                exceeding $1,500,000,000, the head of the relevant 
                executive agency shall ?'';
                    (D) in subsection (b)(2), as so redesignated--
                            (i) in subparagraph (A), by striking ``and 
                        recovery actions'';
                            (ii) in subparagraph (D), by striking ``; 
                        and'' and inserting a semicolon;
                            (iii) in subparagraph (E), by striking the 
                        period at the end and inserting ``; and''; and
                            (iv) by inserting after subparagraph (E), 
                        the following:
                    ``(F) Governmentwide--
                            ``(i) any cost avoided by implementing 
                        sections 3359 and 3360;
                            ``(ii) any change in administrative burden 
                        by implementing sections 3359 and 3360; and
                            ``(iii) the number of persons eligible to 
                        obtain a thing of value that did not receive 
                        such thing of value because of the 
                        implementation of sections 3359 and 3360.''; 
                        and
                    (E) in subsection (e), as so redesignated--
                            (i) in paragraph (1)(A), by striking 
                        ``shall'' and inserting ``may'';
                            (ii) by striking paragraph (3);
                            (iii) by redesignating paragraphs (4) and 
                        (5) as paragraphs (3) and (4), respectively; 
                        and
                            (iv) in paragraph (4), as so redesignated, 
                        by striking ``paragraph (4)'' and inserting 
                        ``paragraph (3)'';
            (3) in section 3353(a)--
                    (A) by striking ``Annual'' before ``Compliance''; 
                and
                    (B) in paragraph (1), by striking ``Each fiscal 
                year'' and inserting ``Not less frequently than once 
                every 3 fiscal years'';
            (4) by striking section 3355; and
            (5) by amending section 3357(d) to read as follows:
    ``(d) Reports.--For each fiscal year, the head of each agency shall 
submit to Congress, in the report containing the annual financial 
statement of the agency, a report that includes the following:
            ``(1) The progress of the agency in--
                    ``(A) implementing--
                            ``(i) the financial and administrative 
                        controls required to be established under 
                        subsection (c);
                            ``(ii) the fraud risk principles in the 
                        standards established by the Government 
                        Accountability Office in the Standards for 
                        Internal Control in the Federal Government 
                        (commonly known as the Green Book); and
                            ``(iii) the requirements in the Office of 
                        Management and Budget Circular A-123 with 
                        respect to the leading practices for managing 
                        fraud risk;
                    ``(B) identifying fraud risks and vulnerabilities, 
                including with respect to payroll, beneficiary 
                payments, grants, large contracts, and purchase and 
                travel cards; and
                    ``(C) establishing strategies, procedures, and 
                other steps to curb fraud.
            ``(2) In accordance with the report of the Government 
        Accountability Office titled `Framework for Managing Fraud 
        Risks in Federal Programs,', published on July 28, 2015, the 
        following:
                    ``(A) An identification of--
                            ``(i) the entity of the agency and the 
                        personnel of the entity dedicated to leading 
                        the fraud risk management activities of the 
                        agency;
                            ``(ii) roles and responsibilities of the 
                        personnel of such entity, including any program 
                        or operation for which the personnel is 
                        responsible for overseeing;
                            ``(iii) capacity, including any limitation, 
                        of such entity to strategically manage fraud 
                        risks; and
                            ``(iv) any program or operation for which 
                        there is not personnel dedicated to leading 
                        fraud risk management activities, along with a 
                        detailed justification for why the agency does 
                        not have an dedicated personnel to lead fraud 
                        risk management activities.
                    ``(B) The status of the fraud risk profiles of each 
                program and operation of the agency, including--
                            ``(i) the date on which the profiles were 
                        last updated; and
                            ``(ii) the date on which the agency plans 
                        to next update the profile.
                    ``(C) Any program or operation for which there is 
                not a fraud risk profile, along with a detailed 
                justification for why such program or operation does 
                not have a fraud risk profile.
                    ``(D) The status of any anti-fraud strategy for 
                each program and operation of the agency, including--
                            ``(i) the date on which any such strategy 
                        was last updated; and
                            ``(ii) the date on which the agency plans 
                        to next update each such strategy.
                    ``(E) Any program or operation for which there is 
                not any anti-fraud strategy, along with a detailed 
                justification for why there is not any anti-fraud 
                strategy for such program or operation.''.
    (b) Recovery of Costs.--Section 3806(g)(1) of title 31, United 
States Code, is amended to read as follows:
            ``(1) Recovery of costs.--
                    ``(A) Except as provided in paragraph (2)--
                            ``(i) any amount collected under this 
                        chapter or chapter 33 shall be used to 
                        reimburse any authority that obligated funds in 
                        support of efforts of the authority to reduce 
                        or prevent improper payments or fraud, 
                        including prosecution of the action, any court 
                        or hearing costs, investments in information 
                        technologies, or the hiring of additional staff 
                        related to such efforts; and
                            ``(ii) amounts reimbursed under clause (i) 
                        shall--
                                    ``(I) be deposited in--
                                            ``(aa) the appropriations 
                                        account of the authority from 
                                        which the funds described in 
                                        subparagraph (A) were 
                                        obligated;
                                            ``(bb) any other similar 
                                        appropriations account of the 
                                        authority; or
                                            ``(cc) if the authority 
                                        obligated nonappropriated 
                                        funds, an appropriate account 
                                        other than any account under 
                                        item (aa) or (bb); and
                                    ``(II) remain available until 
                                expended.
                    ``(B) Any amount remaining after reimbursements 
                described in subparagraph (A) shall be deposited as 
                miscellaneous receipts in the Treasury of the United 
                States.''.
    (c) Delegation to FRAUD.--The Director of the Office of Management 
and Budget shall delegate to the Administrator of the FRAUD any 
function of the Director under subchapter IV of chapter 33 of title 31, 
United States Code, relating to the identification, analysis, and 
reduction of improper payments and fraud.

SEC. 5. TECHNICAL AND CONFORMING AMENDMENTS.

    (a) Section 3351.--Section 3351 of title 31, United States Code, is 
amended--
            (1) in paragraph (2)--
                    (A) in subparagraph (C), by striking ``programs and 
                activities identified'' and inserting ``programs 
                described under'';
                    (B) in subparagraph (F), by striking ``section 
                3352(c)'' and inserting ``section 3352(a)'';
                    (C) by striking subparagraphs (B), (D), and (E); 
                and
                    (D) by redesignating subparagraphs (C) and (F) as 
                subparagraphs (B) and (C) respectively; and
            (2) in paragraph (9), by striking ``section 3352(i)'' and 
        inserting ``section 3352(e)''.
    (b) Amendment to Table of Contents.--The table of contents for--
            (1) subchapter I of chapter 5 of subtitle I of title 31, 
        United States Code, is amended by adding at the end the 
        following:

``Sec. 508. Federal Real Anti-fraud Unified Directorate.'';
        and
            (2) subchapter IV of chapter 33 of subtitle III of title 
        31, United States Code, is amended by--
                    (A) striking the item related to section 3355; and
                    (B) adding at the end the following new item:

``Sec. 3359. Proactive analytics with respect to programs susceptible 
                            to significant improper payments.
``Sec. 3360. Anti-fraud controls for high-priority programs.''.
                                 <all>