Government Webinar Series | Part II

So definitely check it out. The 2024 report looked at around 1900 occupational fraud cases that were investigated since January of 2022 through September, 2023. And the data from that report shows that the typical organization loses about 5% of annual revenue due to fraud. And so if we think about that, that's a massive impact that could really happen to your organization or department. The total losses that were caused by the cases included in the report exceeded 3.1 billion and the average loss per case was 1.7 million. And then we have here from the report that the median loss per case was 145,000. So again, we're talking large dollar amounts and in government organizations the median loss is slightly higher. It was actually at 150,000 and the average loss per case was two point million. When they looked at the different levels of government, it showed that median losses were highest at the national level as we compare it to state and local. And then one thing to keep in mind, this information, again, it's only looking at occupational fraud. So it's not thinking about external fraud from vendors, tractors, professional crime, organized crime, professional fraudsters, and then it doesn't include all the other costs, right? There's investigation costs, there's potential fines, reputational damage, and so the true cost of fraud really can be significantly higher than what they report.

So here we have some of the behavioral red flags that are exhibited by fraud perpetrators, the ACFE. As part of their research, they survey this information and they provide a listing of the 20 most common. And these are flags that are shown most common in all of the cases and in most, I would say of the cases, they have at least one of these red flags, but they usually have multiple and at least half of the cases. So as you can see here, the top flags are living beyond one's means financial difficulties. We have unusually close associations with vendors or customers. You have control issues. That's really when you're unwilling to share your duties, you have anyone that's being defensive, irritable, and then that wheeler dealer attitude, which is generally just someone that is calculating the living beyond one's means that was actually displayed by 39% of perpetrators and it's been consistently cited as the top one in every report dating back the last couple of decades with this.

I think a lot of people will think, what are you supposed to do with this information? So it is really awareness. You want to make sure you're educating your employees so they can recognize these flags and enhance your monitoring. We're not suggesting that because your coworker got a new car and you think she's living beyond her means that you go start an investigation, right? That's not what we're talking about here. It's really evaluating your prevention and detection methods that you already have in place. So if we look at that unusually close association with vendor customers, right? We know that's a behavioral red flag, so make sure your controls in the vendor management process are strong through the report. There's a lot, like I mentioned, great information. And so we just pulled out some of those key fraud trends that are cited throughout. And what's interesting is that the overarching trends continue to be the same.

So things might be changing about how fraud is being perpetrated, but those themes are similar. And so we've pulled in the trends, but we want to talk about how do you overcome this. So if we know that the most prominent organizational weakness is a lack of internal controls, then it's imperative that we implement strong internal controls. That can be regular audits, robust approval processes, making sure that your roles and responsibilities are segregated in processes, but also in systems that are being used. Often what opens the doorway or creates the opportunity for fraud to occur is access. And if you join yesterday, when we went through part one of the series, that opportunity is a key part of that fraud triangle. The median duration of fraud was 12 months, so that's a full year before fraud is being detected, and a significant amount of damage can take place in 12 months.

So really enhancing your real-time fraud monitoring is key because that's going to help reduce that period where fraud is happening. Tips are the most common initial detection method, and so that ranges from emails, online forms, phone lines, even text messages. That's becoming a popular method as well. If you have a method for receiving tips, you want to make sure it's promoted throughout your organization, so make sure everyone knows it's there, how to use it, encourage people that there's not going to be any retaliation if you have a whistleblower hotline, but no one knows about it, it's really not doing anything for you. And then lastly, we have anti-fraud controls correlate with lower losses and quicker detection. So we need to invest in those proactive fraud controls and then deploy analytics and AI for that faster response. Proactive fraud controls. It's going to take some investment, but when fraud does happen, it can be pretty difficult to recoup funds. So we definitely want to move from being reactive to proactive and it puts us in a better position. And then as always, we really want to look at taking a strategic approach that aligns with the risks of our organization.

So here we have some of the risk trends that have been coming out from some of the thought leadership, the Institute of Internal Auditors Internal Audit Foundation. They published their 2025 risk and focus report, and that report provides practical data-driven research, and it looks at today's risk environment, not only regionally in the United States, but it looks at it from a global perspective as well. And from this report, it showed that the fastest growing risk in the next three years is digital disruption, and that includes AI. It's expected to rank second in three years, and that's the same trend regionally and worldwide. And from the report, it shows that AI really connects to many risk areas. The top risks negatively impacted by AI are cybersecurity, human capital and fraud. And that's that table at the bottom of the slide there.

The report also highlights how organizations really have to adopt to keep pace with competition. So governance and transparency, and we'll go over some of that later, are really key to the effective use of AI and some of those digitally disruptive technologies. And then related to the public sector, the research shows that because of the growing number of retirees and actually the subsequent loss of knowledge, institutional knowledge that comes with that, there can be an increased risk of fraud. And it's kind of compounded by those trends as well. The ACFE, they also recently cited synthetic identity fraud as a top trend for 2025. And then in 2024, their top trend was scams that were enhanced by generative AI. So really all of this information goes to show that the landscape of fraud really is changing. If we think about in the past, fraudsters might have created falsies documents and it might've been easier to detect, right? Maybe there were fuzzy logos or there was math edition mistakes, what have you, or formatting differences that you could easily detect, right? And now frauds are using AI and they're creating very convincing documents.

Okay, so here we have our first poll question. Has your agency or department implemented AI based fraud detection tools? So we have a couple options for you to select. And while this poll is going, I, let's see. So we have a question here. An audience member is asking, how can all of this be afforded? That's a great question. So I'm assuming that's related to the strategies to overcome fraud. It's a fair question because what we're speaking about does require a more significant dollar investment, but there are less costly things you can do if you have the resources. So we're talking about enforcing mandatory vacations, conducting background checks, making sure you have anti-fraud policies. Another way to think of it as kind of the opposite is how can you afford fraud when it happens, right? It's kind of about where do you want to spend the money?

Do you want to spend it preventing fraud, detecting it kind, reducing the duration, or after it occurs? Going through all of that. I will say if you're in a position to have those conversations about budgets, definitely take fraud prevention into account. In those conversations. The ACFE has some good information about internal controls and the different types of fraud resources, and they look at how those correlate with lower losses of fraud. So that can be a good thing to bring to the conversation as well. Alrighty, so we have our response here. It looks like the majority are not sure, which is fair. And so for those who are in the no and no plans to implement, or 14% there, I would say definitely take some of this information and just urge you to consider looking at some of the tools that are available. And with that, I'm going to pass it over to Jen.

Jen Clark: Awesome, thanks Louise. In this section, I'm going to provide some foundational context to help explain the basics of AI and to just place it in the broader landscape of fraud. I believe that the best thing we can do for ourselves and our teams is we navigate this technology is to take a very, very practical approach, neither leaning too heavily into the hype and sort of overpromising its capabilities, nor succumbing to the doom and gloom. AI is a tool and just like any tool, it's about how it's used. Today, I'm going to break down what generative AI is and how it works, how capable it really is, and how it both helps and complicates fraud detection. One thing that I'll mention upfront is that in order to deploy AI responsibly, you are still going to need humans in the loop. As AI gets faster and more sophisticated, we will all have to put our heads together on how to do that thoughtfully. But a hundred percent AI prevention just isn't realistic. AI should be thought as a way to go farther and faster, never, never as a replacement to human oversight.

So let's start with the basics. AI isn't new. While it feels like we've entered a sudden explosion of AI, the field has really been evolving for over 70 years. Some of the biggest breakthroughs have come from AI trained to play games, chess, go now even video games because these require complex reasoning and decision-making. One reason AI creates anxiety is that most AI models are not transparent. Meaning that their decision-making processes are very difficult, if not impossible to explain. And even the jargon used to talk about them really can be very intimidating. The best way to cut through the confusion is just to demystify the technology and be honest about what it can and cannot do. So let's start with some basic definitions. There's not one universal definition of AI, but a practical one comes from IBM. Artificial intelligence is technology that enables computers and digital devices.

So like your phone to learn, read, write, create, and analyze. It's a very broad umbrella. AI encompasses many different technologies from a more basic machine learning models that most of us are familiar with over the past decade that find patterns and data to deep learning algorithms that power self-driving cars and voice assistance. Generative AI is a type of deep learning algorithm, and it doesn't just analyze data, it creates totally new content. So this makes it a little bit or fundamentally different than most AI applications. It learns patterns and structures from massive data sets. As an example, Chad, GBT, Wikipedia was 1% of the data that it was trained on. So just to give you a perspective of scale. So it's trained on these massive data sets and then it generates, hence the name, new outputs based on that learning, based on understanding those patterns in the data. So for example, again, kind of placing it in the context of the discussion that we're having today, if you give it thousands of pictures of people, it can generate an new synthetic face that never existed.

Right now all AI is narrow, and all that means is that it can only do the specific task. It was actually designed for even the most advanced tools like Chad, GBT or Google Gemini only operate within their program boundaries. You already use kind of narrow AI every day. It's the spam filters that predict which emails are junk and sort of send them on their way. It's voice assistance like Siri that can set reminders but won't really kind of debate you in philosophy. And then there's navigation apps that optimize our routes, but don't really kind of understand the full context of your travel. Artificial general intelligence is the next step. Question mark, right? A GI would be a true thinking machine able to adapt and solve problems across any domain much like we do as humans. So how close are we? If you ask one of the, what they're called frontier models or foundation models or chat GBTs your claws, your Geminis, if you ask one of their founders, they're going to say we're pretty close.

So Sam Altman from OpenAI has expressed confidence that artificial general intelligence will be achieved this year, even though he has also said that he didn't think it would be very meaningful at first. Other predictions from Dario and philanthropic estimate that it could emerge by 2026, so next year. But it's worth really noting that no one knows how to measure this kind of milestone, and no one really agrees on the definition. So always take what they say in the news with a green of salt. Finally, that last kind of artificial super intelligence category or a SI as sometimes you'll hear it called would surpass all human intelligence. So not just logic, but creativity and social skills. For now, this is still theoretical more in just Hollywood movies than in reality. So how does this relate to fraud?

Every major AI advancement is a double-edged sword, and nowhere is that clearer than in fraud prevention and fraud creation. AI powered fraud detection can analyze millions of transactions per second. In some cases, billions spotting anomalies that human eyes really can't ever catch frauds. But on the other side of the coin, like I said, is sort of a two sided coin on the other side, fraudsters use AI the same way organizations do. They use it to scale attacks. So what once took days can now sometimes happen instantly. They automate deception. So things like deep fakes and voice cloning makes impersonation easier, and then they use it to bypass traditional security measures. So think some really trying every combination of a password. An example that really kind of put this again at scale and where we are reported that last year they were experiencing a hundred million cyber attacks per day, that's just six months ago. Even that scale is overwhelming to think about this year, that number has jumped to 750 million per day, almost an eight times increased, which they attribute to the ease of AI power fraud tools.

So we're going to look at just how AI makes fraud easier, faster, and more sophisticated. So from a volume perspective, in traditional fraud, a fraudster might send an email pretending to be someone they're not trying to trick someone into entering maybe fake logins or give them access that these shouldn't have In AI powered fraud, and especially with technology like generative AI, AI basically automates this process which can generate thousands or maybe even millions of unique highly personalized phishing emails in minutes each tailored to the recipient to increase those success rates, really get them to click yes on the speed where we're really kind of automating these attacks. You might have somebody that steals a password or uses an old login of someone else, and you're going to try it manually across websites with AI power fraud, these spots can automatically test millions of credential combinations in seconds, and sometimes they can even find the starting of these in the dark web so they can make breaches happen at unprecedented pace.

And then finally, there's the sophistication realm. Where you heard Louis say earlier, right, is fraudsters might forge kind of paper documents to apply for something or maybe even appear as a fake vendor, but you can kind of detect because the quality wasn't that high. With generative AI, people can create entirely synthetic identities including fake driver's, license passports, credit histories, bank accounts, you name it, they can create it. Another real world example, this is almost two years ago now. So in 2023, fraudsters used AI to clone a CEO's voice and convinced an employee to transfer millions of dollars to their account. And the clone voice really mimicked the accent tone and really nobody could kind of see it coming.

AI generated content or sometimes you'll hear it called synthetic content is now so advanced that even experts really struggle to tell what's real. And the days of spotting fakes by just looking at kind of a document or synthetic that was created is really they're over. So we're going to put that to the test. I'm going to actually show you some images. Some are real summer are AI generated, and I'm going to give you about a minute to see if you can spot the fakes. And this again, take a look, jot down your answers. This really hits home that there's not really three fingers or kind of blurry backgrounds or anything like that. This technology is now so sophisticated that it is extremely difficult to tell what is real and what is not real. And while I'm showing you images here, this is also now extending to video. And like I said, things like paper documents.

When I run this exercise with a lot of different groups, most people only get a few, right? And like I said, when AI first came into the scene, there was this big movement, a lot of training and tools around AI detecting AI generated or synthetic content. And these tools are no longer reliable, and as we just saw, you can't really detect it by eye anymore. This is the implication that we're seeing for fraud detection, misinformation, and cybersecurity. Just some final thoughts to wrap up this section. AI is a really powerful tool, but it can also be used for bad. It's being used by both fraudsters and to fight those fraudsters, AI enables better fraud detection, but it also makes it extremely sophisticated and very evolving almost to the minute. And then the key really is to kind of staying informed, adopting AI to detect fraud responsibly and really taking that proactive stance to be out ahead of it. The fight against these AI fraud tools is really going to be an ongoing battle, and we can only win by having a holistic strategy. So I'm going to pause for a poll. So how is AI impacting fraud trends? And there's some options there.

Let's see. Let's take a minute for a question while the poll is up. One question that's been asked is, can AI predict fraud before it's happening? So can I give you some kind of future insight? Really, AI can't help you predict the future, but it can detect sometimes in near real time that suspicious behavior. And what it's doing is it's looking at historical patterns and flagging kind of potential risks even almost during or while that fraud is occurring. As I said though, fraudsters are constantly changing their tactics. So even when AI models are deployed to detect fraud, it needs to be continuously learning and updating the data so that it can be most effective. Alright, great. So as everyone's in agreement that AI is impacting both equally, improving fraud detection and also making it easier to commit, but also it is very early days and this is still evolving, so it's something that we want to pay attention to. And with that, I'm going to turn it back over to Louise.

Louise Gannuch: Great, thanks Jen. So now I kind of want to spend some time really looking at what is happening and then some of the benefits and challenges with implementing AI. The introduction of AI, it doesn't completely change how we're preventing and detecting fraud. Really those key principles remain the same. And AI is just an advancement, right? It is an introducing these powerful new tools. And so here you can see at the bottom of the pyramid, we have those key prevention and detection tools like segregation of duties, giving fraud, specific training, system limits audits, and then some of those more recent ones are machine learning, automated risk scoring, identity verification, and we'll spend some time talking through those. But really what I want to emphasize here is that we need to be building on a strong foundation. If you implement, say behavioral analysis, but you lack strong internal controls or you can't even rely on the data in your systems, you might be creating just more of a headache for yourself, your department, your organization, what have you.

Usually in the fraud space, unfortunately detection sometimes lags behind perpetrated fraud generally because frauds, they're just creative. This is their full-time job, and so they are trying to think of new ways to commit fraud. And while AI is being used by fraudsters, it's also being used in prevention and detection. It's really changing the way we think about how some processes are done. So if we think about bank statements in the past, maybe those were accepted from individuals, and then now because we know so many documents are being fabricated, maybe you're changing those processes and you're getting bank statements directly from the bank because they're less likely to be altered by AI. That's a relatively straightforward example, but there's really incremental and then large changes that can happen in this space and having that multi-layered approach really continues to be the way forward. So first we have anomaly detection.

If we think about our traditional rule-based systems, we have whitelisting and blacklisting credit cards. And so that'll do it for specific regions or merchant codes that is static today. AI can adapt to patterns and then train itself to place emphasis on similar anomalies. If a fraudster's using made up email accounts, AI can be trained to recognize those email addresses as a sign that it's from a fraudster or bad actor. Behavioral analysis really focuses on that. AI is building a traditional user profile and it detects deviations from that norm. You've probably seen this with unusual login locations. It detect access frequency or when your device changed. So if you always have an iPhone, it's twice per week in Baton Rouge and now it's from an Edge web browser and it's three times a day in Baltimore, right? That's a change that can be identified. And with bots, there's those rapid successive transactions, and that can be an of fraud identity verification.

As Jen mentioned, it's really changing fast. So there is more AI powered facial recognition, so there's fingerprint scanning, voice identification. Really all of these biometric authenticators and AI can also help detect fakes and individuals really that from a human eye perspective, you're not going to detect those micro expressions where AI can be trained to detect them. So that is a change. And if we think about the landscape, say the last five to 10 years, there are more and more services online. You used to have to wait in line to do something in person, and that's changing. So there's more of a need for identify verification in fraud prevention. Automated risk scoring is pretty much what it sounds like. So it's assigning risks to transactions can assign them to accounts, geographies, past history applications, there's so many things that can be included in the risk scoring, and then some of those will be maybe they'll be automatically approved or blocked or flagged, and that helps with that instant decision making.

AI can analyze vast amounts of transactions like Jen mentioned, and in real time. So real time monitoring is a AI powered fraud prevention and detection. You likely see this at your bank, maybe you make a credit card purchase and then it's blocked or you get some other kind of way to authenticate the purchase like on your cell phone. That's that instant rapid response. And then we have machine learning models that is the predictive analytics where it's using historical data is analyzed and then it's predicting potential fraud that might occur. Whenever I hear this, I kind of think of the minority report with Tom Cruise. It's a similar concept, but we're not today using precogs or anything like that. Some of you might be completely lost with that reference and that's okay, but it's a good movie. You should check it out. And then we have natural language processing that is scanning communication, so emails, messages, phone calls, and it's trying to pick up those indicators of patterns that really you see that a lot with phishing attempts. And so again, all of these are things that we're building upon those strong foundations. So I really want to just emphasize that point here. So we have our next polling question, what AI power tool would you most like to see at your organization?

So while we wait for the results here, while everyone is responding, I think it'll be interesting to see what becomes more used in the public sector in the next three to five years. Banking and e-commerce really seem to be the industries that have been embracing AI. If you perform a quick search, you'll see a lot of avAIlable tools in that space. So it's definitely something that I want to continue watching to see and be a part of what develops here soon, because like Jen's mentioned, it is changing pretty fast. All right, so I think we'll give everyone just a little bit more to respond

Bella Brickle: Just about 10 more seconds. So please make sure to select your answer and then hit the submit button. I'm now going to close the poll and share the results.

Louise Gannuch: Alright, so we have a decent spread here, real time monitoring. Yeah, I think that definitely makes sense with what we're talking about. And I think the other point is with a lot of these, they tend to overlap too. So leveraging the data that you have and training on some of those historical things and models to kind of AId in that prevention and detection as well. So I'm going to hand it over to Jen now and she's going to talk about some of the challenges and the benefits of AI.

Jen Clark: Awesome. So as Louise just walked through, AI is a really powerful tool for fraud detection, but I've been doing technology and advanced technology for the past decade and in technology for almost 18 years now. Technology is never a silver bullet. AI can certainly analyze massive amounts of data, but it still has limitations and risks that really needs to be managed. So just some of the key challenges to consider when implementing AI and fraud detection. One I often hear quite frequently is just resource constraints, right? Is AI isn't just plug and play despite what you might hear in the news, it requires investment in data infrastructure and training and ongoing monitoring. Many organizations struggle with hiring AI talent or figuring out how to exactly plug them in the shelf models or tools just might not align perfectly with your organization's needs. And so again, hear a lot about how you really kind of need specialists, even if they're occasional, that can help select tools that can help select the right models to make sure that your systems all talk to each other and how to best manage them move forward.

Again, that human interaction. The second is really the integration with existing systems. Most organizations have a ton of either vendors already in place, legacy fraud detection tools, legacy just systems in general. And in the best case scenario, your AI detection tools should be able to integrate with most, if not all of 'em, and poor integration can really lead to data silos. And then that's where you miss really important patterns because they don't have access to all relevant data sources. So this can be really difficult, especially when we think about just legacy IT systems and some out of date. This problem gets really complex really fast. The third is bias and models. AI models learn from historical data and if that data is skewed in any way, if it contains biases, AI will inherit, reinforce and scale them. And bias and fraud detection can lead to either false positives, it can lead to, can even lead to under counting or it can disproportionately flag certain transaction types.

It's also not a hundred percent foolproof. AI doesn't think it finds patterns based on past data. It can't prevent new tactics. And so you constantly have to be evolving because as Louis said, fraudsters evolve. They're creative, this their day job attackers are going to really test AI defenses and then kind of slightly modify to try to bypass. And then finally, I think it's really important here too on the a hundred percent foolproof point, generative AI suffers from this phenomenon called hallucinations. It can and does kind of produce things that doesn't exist, whether that be either just factually inaccurate or kind of nonsensical. And if you use AI in your fraud detection frameworks, it can create errors itself. So that's also just something to be aware of On the regulatory compliance front, this is a place where you can really have to comply with data protection laws.

So GDPRCCPA, and of course industry specific regulations. Some of the emerging regulations require explainability. So basically you have to justify your AI based fraud decisions if you're challenged and how you arrived at 'them. So this is just another thing that you kind of have to be proactive when implementing these tools. And then finally, there can be ethical concerns when implementing AI, either from that privacy perspective or from just fairness and accountability, not to mention some concerns around energy demand. And so organizations really have to make sure that AI doesn't unfairly impact certain aspects of fraud detection and isn't overly zealous blocking legitimate transactions. AI is definitely a powerful enabler, but it's not a S and forget IT solution. It really requires ongoing investment, human oversight and governance to be truly effective.

So again, kind of going back to one of the biggest misconceptions about AI and fraud detection is that it can run basically a hundred percent autonomously, and that's really not realistic. Human oversight is essential to ensure that AI models that you deploy or interpretable, they're accurate and then they fall within the standards that you set for your organization to ensure that AI is used responsibly. AI governance frameworks go beyond just what we traditionally in technology have called machine learning operations or ML ops, really just kind of paying attention to the data and the pipelines and the engine running underneath these AI governance frameworks is really about how you put the people and processes on top of the technology and really have those oversight mechanisms that ensure you're aligning your AI systems with your organizational standards. The one that I have here often used quite a bit, it's from nist, it's the AI risk management framework or the AI RMF, and it really kind of is focused specifically on AI and generative AI.

The framework focuses on four key principles. One is governing really establishing those clear policies. Two is mapping, so just understanding your risk and vulnerabilities, measuring that aspect of continuously monitoring and making sure that the model is performing in the way that you expect, and then managing, combining all of those aspects together to have a comprehensive system moving forward. Within those four principles, there are a number of really great tactical action categories, some that are listed here on screen to really better manage that AI implementation. So human in the loop always matters best. AI models make mistakes where you deploy AI, it can't ever be fully automated, really kind of need that human oversight and then AI governance framework is a great way to do that. We're going to do another poll here. What is your organization's biggest challenge in implementing AI?

Let's see. I'm going to take, while everyone responds, we'll take another quick question. One question is ever reach a point where AI can basically completely eliminate fraud? And I think you've heard us talk about fraud will always evolve and fraudsters will adapt and sort of use AI to their means and really kind of having that holistic governance system, your toolkit of your fraud detection tools and your automation is really important, but really having that really cohesive human oversight and system of management is also just really important to be able to be proactive and to know how and how to manage it.

Interesting here is of course, like we talked about, really not a surprise. Budget and resource constraints are a really big challenge as is integration with existing systems. Great. So wrapping it up, I don't want to leave on kind the bad side of AI. Want to give you guys the good side as well. Again, two sides of the same coin. We've talked about challenges and risks. It's really important to also remember that it's still an incredibly powerful tool when used correctly and responsibly. This is AI can be a way to keep up and stay ahead in ways that manual systems just can't. From a speed and efficiency standpoint, AI can process and analyze millions, sometimes billions of transactions per second. So that's far surpassing any kind of human capabilities. And it doesn't just detect fraud, it can also automate real time responses. So you think like an alerting system, a traditional kind of fraud investigation might take a long time for humans to wrap their hands around, but when again implemented thoughtfully and well with the right controls in place, these tools can sometimes do it instantly and simultaneously.

And a great example of that is you think about your credit card, right as your credit card's kind of fraud detection system analyzes billions of transactions daily and identifies those anomalies within milliseconds and just stops that fraudulent payment. From a pattern recognition, AI can identify those subtle fraud patterns that humans or traditional rule-based systems might miss that as nuances in between. As it looks across the data, these models learn from a bunch of different historical data. So there are potentially cases that you might not have seen before and doesn't quite need the same manual updates like a rules-based system would. And then finally, from a scalability perspective, like you said, massive amounts of data across many different systems and sources, multiple locations and platforms can continuously monitor 24 7 and flag those complex scenarios across everything. I think the takeaway here, AI definitely enables smarter, faster, more scalable fraud prevention, but it doesn't replace human oversight. It enhances human capabilities by providing the right tools to be able to free up human time to really focus on complex cases and how to manage strategically.

Alright, I'm going to pause really quick for any questions. Let's see. So one question. What's next for AI and fraud detection? Really when I think about what's next for AI in general is around ag agentic AI. You might've heard chat GBT launched operator, or really you have these engines that can perform tasks. When you start to layer on these AI tools together, you can really get a system that is performing in real time again as a tool to really evolve and adapt to prevent the fraud in real time. So again, very emerging, very early days, mostly research, but that is definitely something that's worth keeping an eye on probably over the next year. Alright, thank you all for listening and your attention and really enjoyed giving you this overview of AI and fraud. Hopefully you understand that it's a little bit of both, and with that I'm going to pass it over to Laura to get into the next section of our webinar.

Laura Katz: Great, thanks Jen. Just going to hands here. Thank you again and thanks both of you and Louise for a great presentation. Welcome everyone to the final session of the Eisner Emperor Government webinar series. I'm Laura Katz, a senior manager at Eisner Emperor, and the leader of the disaster management and recovery team, which helps all levels of governments and nonprofits administer FEMA, pa and HUD CDBGDR funds. Our CDBGDR services include helping grantees with program implementation, case management, closeout monitoring and compliance, as well as with navigating the action plan process, which we'll spend some time talking about today. Before joining Eisner Amper, I was the policy director for New York State's Office of Brazilian Homes and Communities, formerly the Governor's Office of Storm Recovery, which is the state agency administering CDBGDR recovery funds for Superstorm Sandy, tropical Storm Lee, and Hurricane Irene and Hurricane Ida. So I'm speaking to you not just as a consultant, but as a former grantee too.

At RHCI oversaw all action plan drafting and action plan amendments, manage the state's relationship with HUD and advised recovery programs and eligibility and compliance. So I'll share some personal experiences throughout the webinar and later in the presentation you'll hear from my colleague Corie Jim Bon, director at EisnerAmper and leader of the Program administration team. We'll take questions just like Jen and Louis did, so please feel free to drop them in the chat when we pause for polling questions. I'll do a quick scan to see if there's anything I can answer then, and then we'll leave time at the end too.

Okay, today we'll cover three main areas, Hudson's new Universal Notice, the 20 23, 20 24 CDBGDR allocations and considerations for program implementation. I'd like to note at the outset, I know there's a lot of uncertainty at the federal level right now and that HUD canceled its own webinar series on the Universal Notice. You'll hear us say it again throughout the presentation, but keep your eyes on HUD exchange and stay in touch with your HUD rep for updates. In the absence of guidance from HUD, grantees should assume the universal notice still stands. This means that if you're in the current grantee class, unless you sought an extension from HUD, you should be well into the action plan drafting process. We'll get into those requirements in a few slides, but let's start with some background on CDBGDR and the Universal Notice.

Before we discuss the updates, I want to start with a brief overview of CDBGDR funds for anyone on the call who might not be familiar. CDBGDR or Community Development Block Grant Disaster Recovery, our funds allocated by the US Department of Housing and Urban Development for long-term recovery. These are funds that address unmet needs after a presidentially declared disaster. So they come into play after FEMA insurance proceeds and other sources of funds, and they can be used for housing infrastructure mitigation and economic revitalization. The CDBGDR program is based on the CDBG program, but it has its own set of rules that make it more flexible. We'll talk about this more, but this program is not codified. So with each event, HUD publishes a federal register notice that modifies the CDBG regulations and outlines the requirements for that particular disaster.

The Universal Notice is a unique brand of Federal Register Notice. It's the culmination of a years long effort by HUD to improve the C-D-B-G-D-R process. It's a reflection of past CDBGDR requirements as well as input from grantees in response to a request for information that was published back in December, 2022. According to HUD, they received 87 responses to the RFI, including several from IT team at New York State, which they broke down into about 700 comments. Since receiving comments in February, 2023, HU has been analyzing them and incorporating them into the notice, which was finally published on January 8th, 2025. There's a snippet of it there on the screen. What makes a universal notice unique is that it's HUD's first standalone notice, which means it isn't actually applicable to anyone. A typical federal register notice includes both the allocations for a given storm and the requirements governing those allocations. But the universal Notice includes only requirements. So a separate allocation announcement notice has to be published, allocating funds to grantees and pointing them to the universal notice for the guidelines for their disaster.

The Universal Notice focuses on equity and removing barriers in the C-D-B-G-D-R process and is a continuation of recurring theme in disaster recovery. Grantees and even the HI OIG have been calling for a more simplified program for many years. This table was taken from a July, 2018 OIG report on the C-D-B-G-D-R program, and it shows the number of federal register notices applicable to particular events. again, because the program isn't codified, there isn't a single set of regulations and each disaster has its own set of rules. As you can see at the time of this report, Sandy grantees had to juggle 21 different notices to understand their requirements for their programs. They're now 29. As the policy director for New York State, part of my job was to monitor any changes in the regulations and insurer programs reflected them. So my team maintained a single PDF of every federal register notice so that we could search for a relevant term or requirement and see if and how it was modified over the years. In addition to Sandy, we also administered Irene Lee funds and eventually. So when a program came to me with a question about eligibility or compliance, my first question was always, what grant are we talking about? And then I had to go read the federal register notices and piece together the requirements. Of course, we managed, but it did create extra administrative burden and ultimately slowed things down because we needed time to research and interpret changes and sometimes even confer with HUD if something was unclear.

Beginning with the 2020 storms and the consolidated notice in 2022, HUD began moving towards standardizing the requirements and introduced more of a focus on equity and mitigation and resiliency. Around the same time, HUD also established the Office of Disaster Recovery, bringing a new organizational structure to the Disaster Recovery program and an acknowledgement that grantees were asking for changes. So that brings us the universal notice, which really illustrates HUD's focus on removing red tape and making administration easier for grantees as well as making the recovery process faster and smoother for survivors. I'll note that if you're a universal notice grantee who has funds from previous storms, you'll still need to juggle different requirements. So it may be while life gets any easier, but the Universal Notice is definitely a step in the right direction and hopefully over time all grantees will be operating under the same set of rules. So let's get into some of them.

In the Universal notice, we see improved federal agency alignment, which helps grantees reduce administrative burden and helps simplify the experience for survivors who aren't having to juggle different standards and requirements to check the same box Adoption of another Federal Agency's environmental review is one example. So grantees may now adopt an environmental review performed by another agency. This is something we ask for many years at New York State because it not only simplifies the process for grantees, but environmental reviews can be lengthy, so this helps get money out the door faster. Another example of increased alignment is acceptable documentation for homeownership. The Universal Notice requires the grantee to outline in its policies and procedures, its process for accepting non-traditional methods of home ownership documentation and lists acceptable documentation that aligns with the documentation FEMA accepts. For those who want to go straight to that list, it's in section three A three six of the universal Notice Examples include receipts of repairs completed before the disaster and a will or affidavit or Air ship naming the applicant as heir. Not only did this improved the survivor's experience by creating a single standard for documentation, but it also makes recovery more equitable by recognizing that not everyone has a traditional title or deed to their property. And one final example of alignment I'll mention is in section 3D six D one, where HUD allows grantees to use FEMA approved building codes when DR funds are used as the non-federal match in a FEMA project.

The universal notice includes a few changes that make it easier for grantees to administer rental assistance programs. So grantees are now permitted to make lump sum relocation rental assistance programs, which doesn't sound like a major change, but it eases administrative burden on programs who were previously making and tracking multiple payments to applicants. This also means survivors have access to more funding. Upfront. Grantees may also provide rental assistance and utility payments for up to 24 months without a waiver, and rental assistance is now excluded from the 15% public services cap. Before I get into changes to eligible activities, I want to provide some quick background. The ARE three main requirements for C-D-B-G-D-R funds. They must tie back to disaster unless they're mitigation funds. They must meet a national objective and they must be used for an eligible activity. The universal notice includes changes to a few eligible activities, so it's expanding permitted uses of CDBGDR funds.

The first is disaster relief payments. Typically, income payments are not eligible unless they are emergency payments made for a period of three months on behalf of an individual or family. And the universal notice HUD is extending that period to six months recognizing that for some disaster survivors they might have no choice but to use disaster funds to cover things like rent and food immediately following a disaster. I personally really like this change. I think it's my favorite one in the universal notice because it benefits the people who need the funding the most. Where this group would've been penalized in the past for using disaster funds for immediate needs. HUD is now recognizing the difficult position many people are in after disaster and providing added flexibility. Another change is that grantees can now assist privately owned facilities used as shelters, where previously they had to be publicly owned or provided by the government and open to the general public. This will expand access to shelters, which is critical for survivors after disaster.

Going back to the three requirements for DR funds I just discussed, one of them again, is national objective for infrastructure projects that benefit the general public. This is typically meant by satisfying the low and moderate income area benefit criteria, which sees that 51% of the residents in the area benefiting from the project must be low and moderate income. But for high impact projects that benefit large areas, this can be a difficult standard to meet. CDBGDR funds also have what's called an overall benefit requirement, which is a requirement that a certain percentage of funds be used to benefit low and moderate income individuals. The overall benefit requirement is typically 70% because large infrastructure projects also have large dollar values attached. Grantees often can't afford to lose out on the LMI credit they get for big projects. So if they can't meet the National Objective Test, they might walk away from an otherwise great project to make it easier for grantees to pursue large scale projects that will ultimately benefit and impact underserved areas. HU does allowing grantees to use a different test to meet the low and moderate income national objective. So instead of taking a percentage of the residents in a given area, grantees can now multiply the total cost of the infrastructure activity by the percent of LMI persons in the project service area.

Of all the changes we've discussed so far, probably the biggest is the process laid out here on the screen. again, I'll provide a bit of context. In order to access funds, grantees must submit an action plan and certifications. I don't mean to imply certifications aren't important, but the action plan is crucial to the success of your program and it's very important you devote adequate time to it. This is the guiding document for your recovery programs. It explains to HUD and the public how you're spending your funds and it must contain certain key information like program caps and budgets eligibility and who will administer your programs. When I said earlier that when a question came in from a program, my first stop was always the applicable federal register. Notice my second was always the action plan. Before I made any decisions about program policy or implementation, I needed to know what our action plan said. It is a living document though, and can be changed through an amendment process, which I'll get into a bit later.

Excuse me. In the meantime, let's go through these phases one at a time. The Universal Notice reorganized the C-D-B-G-D-R process into three phases. Phase one is the action plan, phase two is the certifications, and phase three is implementation. A few quick notes about what you're seeing in this graph. So first, all due listed are from applicability date, which is specified in the allocation announcement. Notice for the 20 23 20 24 class of grantees. Your applicability date is January 21st, and all timelines here are in calendar days. Okay, so again, phase one is the action plan. Most grantees on the call are probably used to a 120 day action plan submission timeline and a 60 day HUD review period. But a common complaint from stakeholders was the time it took to get recovery funds out the door. So here we see HUD tightening up that timeline to 90 days for submission and 45 days for review.

It's important to note the 90 days must also include a 30 day public comment period. So you really have less than 60 days for the actual drafting of the plan before you put it out for public comment. And all comments must be addressed before submission to HUD. So be sure you build in time to respond to everything you've receive. It's also important to note that once the action plan is submitted, HUD can and likely will ask questions. They'll point out things you might have missed or need to elaborate on. So you should be prepared to work with the various offices across HUD to resolve those issues and plan your other timelines accordingly. I oversaw drafting and submission of New York State's Hurricane Ida action plan and those requirements had us working on the action plan certifications and implementation plan simultaneously. And IDA grantees also had to enter their action plans into DRGR.

So we had to build in time to test that function, which was new at the time, and input the relevant information into the system. So we used every single one of our allotted days. We also had a few rounds of back and forth with HUD to resolve comments and everything was approved. Happy to say so. As I mentioned, the certifications used to be due before the action plan, but they're now due after. And phase two, the certifications are how you demonstrate to HUD they have the capacity to administer your funds. They have two parts essentially. First there's a checklist you'll fill out. And then second, you'll provide the policies and procedures and other backup documentation to show how you have capacity to take on these funds and spend them efficiently. And compliantly policies and procedures will include procurement policies, policies to maintain a comprehensive website, fraud, waste and abuse policies, duplication of benefits, policies and policies for timely expenditure of funds.

There's also a capacity assessment and staffing analysis, which sounds to me like what used to be the implementation plan that was required for 2020 grantees. And your certifications must be completed within 135 days. And again, HUD has 45 days to review. Also, grantees can now rely on previous submissions if they were completed within five years of grant agreement execution. And then phase three is implementation, including policies and procedures. So one way HUD shortened the action plan timeline was by removing some action plan requirements and moving them to the policies and procedures instead. So your program specific manuals must now address things like fair housing and civil rights and projection of expenditures and outcomes, which would have typically been in the action plan. So this means the action plan is more focused on the key components like the unmet needs analysis, the mitigation needs analysis program details, and then the connection between needs and the programs you plan on. Implementing your policies and procedures for housing programs must be finalized within a year, and your policies and procedures for all other programs must be finalized within 18 months. As I mentioned for IDA, we were drafting multiple documents at once, so this is Signaling Hudson tend to have grantees focus on the action plan only in the first three months. Then certifications, then program policies. In a minute we're going to switch gears and dive into the allocations, but first we have a polling question to help us understand who's on the call today.

So has your agency received CDBGDR funds before? I'll give everyone a minute and just see if there are any questions.

Laura Katz: Can you talk about the grant agreement process and what phase that fits into? That's a great question. So the grant agreement is a crucial step because that's what gives grantees access to their funds. Right now, none of the 20 23 20 24 grantees can actually access their funds when the action plan certifications are approved. So when phase one and phase two are complete and the grantee receives access to DRG, RHY will provide the grant agreement. Then once it's signed, the line of credit can be established, and then once all activities are entered into DRGR end environmental review requirements are met, grantees can begin drawing down funds. Okay, so the majority of you say that C-D-B-G-D-R funds are not applicable, so that's a good number there. So I'll keep including as much background as I can, and then others have experienced multiple disasters. That's great to know.

Laura Katz: Okay. As I mentioned earlier, the CDBGDR program is not codified. So this means funds must be appropriated by Congress before they are allocated by HUD. Appropriations are political and unfortunately are often drawn out. So these are the first allocations we've seen since November 27th, 2023. The allocation announcement notice included 46 grantees, which are a mix of states, counties, cities, and territories for a total of $12 billion. And specify the universal notice would be applicable to this grantee class of the last 10 HUD allocations. This was the second largest HUD allocated $28 billion in fiscal year 2018 for events in 2014 to 2017, but with a few outliers. Other recent allocations have been between 1 billion and 5 billion. The two largest allocations in this 20 23 20 24 allocation were 1.6 billion for Maui wildfire recovery and 1.4 billion for North Carolina for Helene Recovery. To determine the allocations, HUD follows an allocation methodology methodology that's laid out in every allocation announcement notice, but basically HUD looks at FEMA, PA and IA damaged data.

I'll also note this allocation includes funding for three wildfires in Hawaii, New Mexico, and Washington, which are becoming increasingly common. C-D-B-G-D-R has always been used for a variety of disaster types, terrorist attacks, earthquakes, but the majority of events have been floods and hurricanes, and we're continuing to see that evolve to include more disaster types like fires. As we already discussed, the universal notice is intended to provide a single set of regulations for the C-D-P-G-T-R program moving forward. So if you're in this grantee class, you'll follow the requirements in the universal notice, but even if you aren't, the universal notice can still guide your programs. You can use it to help justify a waiver request to align the requirements for your event with the requirements in the universal notice.

Okay, let me take a minute to explain what you're looking at here. So along the bottom, oh, sorry. Along with the allocations, let me start there. The allocation announcement notice lists the FEMA disaster numbers for the disasters. Grantees are receiving funds for some grantees receive funding for just one event. Some receive funding for multiple. So along the bottom you see the FEMA disaster declaration, the state the disaster was in, and a snippet of the disaster type. So there's flood, severe storms, typhoon, et cetera. We have each grantee on this chart once, but not all storms. And then on the left hand side, you have the number of days between the incident and the allocation announcement date. So that top line number is showing you the number of days between the earliest date in the incident period, which was pulled from the FEMA website to the allocation announcement notice date.

So what's interesting about this grantee class is that for some grantees, assistance was slow and for others it was unusually fast. You can see California waited almost 700 days for DR funds for storms in early 2023 and New Mexico waited less than 100 for funding for flooding in late 2024. And even for the same grantee, the spread could be wide. So for instance, Florida and Georgia, we did more than 500 days for Hurricane Adalia funding and about 110 days for Helena funding. So this means that some grantees are going to have more complete information than others when drafting their action plans. For those grantees whose disasters hit in the last few months, the data needed to complete the unmet needs analysis might not be complete, which means you might need to do an action plan amendment down the road.

Before we move on to another polling question, this is a good time to pause and spend some time on the unmet needs analysis and action plan amendments. So first, the remaining need in housing infrastructure and the economy grantees will look at the impacts that disaster had in these sectors and the need remaining after other sources of funding have been accounted for, like insurance proceeds and other federal funding sources. The unmet needs analysis is really important because this is how you justify the HUD and the public why you're spending your funds the way you are. Your allocations need to be reasonably proportionate. So for instance, if your unmet needs analysis shows you have the most need in infrastructure, but you're planning a small infrastructure program and proposing to spend most of your money on housing, HUD probably isn't going to approve that. You need to show a connection between the programs you're funding and the need for that funding.

As more information becomes available and your programs progress and you start shifting budgets around between programs, you may need to update your unmet needs analysis, and you'll do this through an action plan amendment. There are two types, substantial and substantial. Substantial amendments require HUD approval and a public comment. Non substantial do not. Grantees can define in their action plans additional triggers for a substantial amendment, but HUD specifies a few. They are a change in program benefit or eligibility criteria, addition or deletion of an activity, proposed reduction in the overall benefit requirement, which we discussed briefly earlier, allocation or reallocation of funds above a threshold defined by the grantee, and then an update to the initial action plan if the original submission was incomplete. Before I turn it over to my colleague Corey, to discuss program considerations, we have another polling question to test your knowledge of the new action plan process.

So how many days does the current grantee class have to submit his action plan to HUD? I'll give everyone a minute to answer. And we do have a question about why HUD hasn't codified the requirements to apply all disasters for more uniform guidance. That's a great question. It is sort of a difficult one to answer and will require a little more research on my part, but my understanding is that HUD doesn't have the ability to codify, it needs to be done by Congressional Act. So I think even HUD would agree with the OIG and grantees that it should be codified. They're just not able to do that, and this is the closest they can get.

Laura Katz: This one was a bit of a trick, so most people got it right, 90 days. Some people went for the old requirement of 120 days, which is completely understandable. But yeah, important to note. Moving forward it's 90 days. And with that, I'll turn it over to Corey.

Corey Jambon: Thank you, Laura. Good morning and thank you for joining us on this webinar. I appreciate the opportunity to be with you this morning. So as Laura mentioned, my name is Corey Jambon and I lead the program administration services for our government team. With over 20 years of experience, I have served in leadership roles in many of the firm's large programs. Our program admin team supports large programs in several key areas, including program design policy and procedure development, program initiation, operations, reporting, and closeout activities. When we think about large programs, there are three consistent challenges that we encounter regardless of the funding source. The first is a sense of urgency. So large programs are typically created in response to a major event, and in most situations there are survivors in need of assistance that causes a tremendous amount of pressure, both internally and externally for programs to move quickly and efficiently.

Getting money on the street is a critical milestone for many large programs. The second challenge is complex regulations. The regulatory environment is complex and constantly changing. As Laura mentioned, many disaster recovery programs that received allocations before 2020 were governed by numerous federal register notices. These varying regulations create challenges for efficiency, consistency, and most importantly, compliance. The third challenge is change. Large programs are long in duration, and most, if not all of programs experience some degree of change over the program's lifecycle. Most changes are positive and have the ability to improve program performance, but change is hard and can be challenging on resources, budgets, expectations, and consistency. So next we'll discuss some considerations for current programs.

So as Laura mentioned, the universal notice applies to all grantees in the recent 2023 and 2024 HUD allocation. However, we may have some participants on this webinar that are grantees from prior HUD allocations and operating under prior notices. So if you're a grantee operating a DR program or programs under prior notices, you have some options. So we recommend taking a three step approach to identify, prepare, and implement. From an identification perspective. We recommend performing a detailed review of the universal notice to understand if any changes could impact your current programs. Next, you want to perform an assessment of your current. You want to look at the health and hygiene of the program, which includes performance against targets and forecasts. You want to understand the aging of applications or any backlogs that exist. You want to evaluate what's working and not working. You also want to consider the remaining grant funds available and the estimated duration.

Analyzing this information on each of your current programs will allow you to identify the programs that could be candidates for change. To further this analysis, you want to perform a cost benefit analysis of the change. Sometimes the cost burden and fatigue of the change can outweigh the benefits, so you want to make sure you're able to articulate and quantify the benefits as well as the cost. You want to make sure this analysis is documented and supports a decision or a recommendation forward. From the prepare stage, as my colleague mentioned, you want to document your analysis and you are eligible to prepare a waiver request for HUD review and approval. If the waiver request is approved, you now move into implementation activities. So things have changed on your program, so you need to make sure that the policies and procedures are modified, reviewed, and approved to align to the approved waiver request.

The technology systems, if applicable, if things changed in the system of record, you need to make sure that those changes are designed and tested and implemented. Change in large programs requires communication, and so you want to make sure your communication strategy is executed to inform internal and external stakeholders. The last piece is training, right? So large programs have large work, typically have large workforces, and so you want to make sure that the change is properly communicated through detailed training programs available to program staff. A few additional points of commentary for changes to current programs. You want to be intentional and strategic. As we all know, change is challenging. It requires capital investment as well as human capital investment, and it can impact program performance in the interim. So you want to make sure the efforts and investments of change will provide long-term returns. The second reminder is documentation is king. So changes to programs create a target for audits. We want to make sure that all changes are completely and accurately documented to support you in your program audits.

So next we'll discuss considerations for future programs as we think about future programs. A couple of main points to highlight before we go into the details. The first is you need to move quickly. As Laura mentioned, the universal notice has an date of January 21st, so we are almost 30 days into the 90 day timeline. The second is you want to be flexible. As Laura mentioned, there's uncertainty at the federal level right now, and there may be future communications or changes that are announced by HUD. So you need to monitor the guidance and be prepared to react accordingly. From an operational perspective, the first step is identification. And so you need to perform a detailed review of the universal Notice. If you're a past grantee, you need to understand what's new, what's changed, and how does it reconcile with the prior programs that we have run.

You want to make sure that you establish communication with your HUD representative and monitor the HUD exchange. Those are the best sources of information and guidance as we move into the preparation stage for future programs. Any good plan starts with a timeline. So you want to make sure we have a comprehensive compliance timeline that outlines all of the phases in the program, the dates and the responsible parties. The action plan and unmet needs are due 90 days after the applicability date. The second milestone, the financial management and grant compliance certification checklist must be submitted within 135 days. You also want to implement a system of record or any changes to your existing system of record to align to the new requirements in the universal notice. And then you want to think about workforce, right? So large programs typically require a significant amount of resources, sometimes internal to the agency or the organization and externally.

So you want to have a detailed workforce forecasting and planning activities completed in the preparation stage. As we move into implementation, policies and procedures are a primary focus. You have one year, as Laura mentioned, for the housing policies and procedures in 18 months. For the remaining program policies and procedures, you want to think about your communication strategy. So HUD recently revised its requirements for communication externally with applicants and have included more types of social media and dashboarding requirements. So if you have received, if you've been a prior grantee, you want to make sure that your tools and your communication strategy include with the new HUD requirements. You also want to be working on your training programs for internal staff and then potentially any subcontractors that are participating in the program. And then you want to constantly monitor your workforce and your staffing throughout the program lifecycle between launch implementation and closeout, there's varying levels of resource requirements, and so you want to have a plan to adjust those accordingly.

So as we close a few reminders, we want to operate with a sense of urgency. Survivors are in need. The program timelines outlined by HUD are fast approaching, and so we want to make sure we're operating with that sense of urgency. Want to leverage your HUD resources, both the communication from the exchange as well as your representatives to make sure that you're in line with recent communications and any changes in expectations. And then you want to stay flexible. If anything, the last four or five years has taught us is that we need to remain flexible because things can and will change often quite frequently, and our ability to adapt to that change sets us up for a successful program. So now we'll move into poll question number eight, and the question is, how do you plan to utilize the Universal notice?

Bella Brickle: I'm just going to jump in real quick to share that. This poll is our final poll question that will be launched for today. As a reminder, you need to be on the live presentation for at least a hundred minutes and respond to six out of the eight polls we have launched. We'll leave this open for about another 30 seconds.

Corey Jambon: Thank you, Bella. And we have a question here. Administration is expensive. Is it an eligible use of CDBGDR funds? If so, what is the administrative percentage capped for CDBGDR funds? I agree, administration can be expensive. Yes, it is an eligible use, and the admin cap is 5% of the grant. It should also be noticed that first time grantees do have the ability to request an admin only action plan. It is optional and allows you to access administrative funds prior to the full award. So if you need funds to draft your full action plan, you can utilize this admin only request. If you have other CDBGDR funds, you can use those funds for admin fees to get this program started or use local funds. Okay, so it looks like curiosity is the winner for this, and so that's good to know. We appreciate you joining in on this webinar. I'll turn it back to my colleague, Laura.

Laura Katz: Great, thank you, Corey. Okay. Okay, so we covered a lot today and I know how overwhelming CDBGDR regulations can be, even if you are a current grantee and already familiar with the program, which is the case of the grantees we have on the call. The majority of you are grantees who have had funds previously. So I'll share that after five years at New York State and having already worked on Sandy Recovery by the time we got IDA funding, I still didn't know where to start when the IDA allocations were announced. Like I said before, we were already juggling dozens of notices to run the Sandy and I lead programs, and now we had to learn a whole new set of requirements and develop new policies and procedures while figuring out how to scale down from a 4 billion grant to a $68 million one. So Corey talked about staffing, and this is just another component of that.

Again, for those of you on the call who do have multiple awards, this is just something else to navigate your workforce if you're going from a small grant to a large one or from a large one to a small one. And I also remember what it was like when I first came to New York and had to learn the Sandy rules for the first time. It was like learning a completely new language. So however you're using the Universal Notice, whether it's applicable to you or is not, and you're just reviewing it out of curiosity, which the majority of you are or for waiver requests, make sure you're seeking appropriate guidance and have the right resources available to you if you are subject to the notice. As we said, keep an eye on HUD exchange and stay in contact with your HUD representative so you have the latest updates.

If you aren't already aware, every HUD Federal Register notice is posted in one place. You can get to it easily by just searching CDBGDR laws and regulations, and it should come up. There's also a website specifically for Universal Notice grantees and a website is nine 11, which is really helpful because other grantees are a great resource and organizations like Costa or the Council of State Community Development Agencies is great for connecting grantees. Costa actually has a conference coming up in March will be there. So that'll be a great way to connect with and learn from others who are Aiding your grantee class. And reach out to us here at Eisner ER for help navigating the action plan and certifications process, including drafting and for help with program implementation and policies and procedures. When you get to that stage, if you're not subject to the notice but are considering waiver A requests, we're happy to help you research what's appropriate for you and draft the request. Before we start taking questions, I want to thank you all for your time and attention today. Again, I know it's a lot of information. We're happy to answer any questions in the time we have left, and if there are any we aren't able to get to, we'll follow up with you to get you the answer.

Laura Katz: Were there any lessons learned considered from past disasters that prompted implementing the Universal Notice? That's another great question, and yes, I think HUD does a fantastic job of learning from past disasters, and you can see that if you've been following the program long enough, you can see how the regulations have evolved after each disaster, and it tends to be after the largest ones like Katrina, Sandy. Those are the ones where they really learn the most, and you'll see changes after those. So agAIn, it's not a codified program. Each disaster has its own set of rules, so they're able to change and tweak them depending on what worked and what the pitfalls were for grantees after previous disasters. So you can definitely track and see trends following each disaster.

How did the recent election results impact funding? Another great question. I think that's a complex answer at the moment, but I will say generally, as I mentioned before, because it's not codified, Congress has to first appropriate funds for a disaster and then HUD can allocate them. That appropriations process, regardless of what's going on, is always political. There was an appropriation just before the holidays. It had taken a really long time to get to that point. It's usually, it's a very drawn out process every single time. So it's always political no matter what's going on in the country, just because of the fact that it's not codified and we have to rely on Congress to appropriate those funds.

Please provide more detail on the communication requirements. You mentioned another great question. There have always been requirements around posting certain documents on the grantees website and providing access to vital documents by translating them and giving people the opportunity to communicate by, or sorry, comment by advertising comment periods and holding public hearings at places and times convenient for the public. But the Universal Notice also includes a requirement that grantees use other methods like dashboards and social media to share information like application periods and application status. And the website must include monthly updates on which applications are under review and approved or denied. So I think, again, this is one of those cases where we're seeing HUD having learned from previous disasters, and they're recognizing that survivors are asking for more transparency, more information, and here we see them giving that to them by requiring the grantees to give them more real time information in an accessible format.

And then we also have, is the Unmet needs analysis the same as the mitigation needs analysis? No, they are different. And the unmet needs analysis is that assessment of remaining need. The mitigation needs analysis is an analysis of current and future climate threats like extreme heat, sea level rise. And to do this analysis, grantees will look at the current FEMA approved hazard mitigation plan or community wildfire protection plan or another resilience or long-term mitigation or recovery plan. So again, this is another area where we see a trend toward an increased focus on mitigation and resilience. Mitigations need, mitigation needs a notice that govern those 2020 storms, and it requires grantees to incorporate mitigation and resilience planning into their recovery efforts rather than just focusing on recovery. So it used to be that you could basically only rebuild what was there before. And now over the years, HUD has recognized the need to plan for the future, for recovery to be more forward looking. And so we're seeing them learn from those previous storms, listen to grantees and survivors, and change the program to actually require mitigation resilience planning. The Universal notice was also the first time, or sorry, the consolidated notice was also the first time we saw the mitigation set aside. So that specifies that 15% of your funds be spent on activities that increase disaster resilience. So you're seeing not only a requirement to plan for future and current climate threats, but to actually devote 15% of your funds do it.

And then we have, what is DRGR? Sorry, I did mention D-R-G-R-I didn't clarify. So this is the Disaster Recovery Grant reporting system. It's how you'll draw down funds and also report to HUD. So I mentioned earlier that all of your programs need to be entered into DRGR, and then you'll submit quarterly reports that have things like a narrative to describe in each project and total budget and the amount drawn so far. And then those reports are public too. So that, again, that's a longstanding requirement, but that again speaks to the importance to HUD and the public of transparency.

And then one final question I'm seeing is just are there other pieces of the action plan drafting process you didn't cover? I think the only other thing about the action plan process I would mention that I didn't really get into is the engagement component, which requires grantees to draft the action plan in consultation with the community and stakeholders. So you'll have a public comment period to capture community input. You'll address those comments like we discussed and edit the plan as needed to reflect them. But you should also be holding meetings now as you're drafting with community groups, nonprofits, religious institutions in the disaster impacted area, and any other groups or individuals with insight into the impacts and your community's needs, especially groups that represent the underrepresented and can engage underserved and vulnerable populations. That's important. So you can learn about them and they can also learn about you. So it's really important that your programs reflect the communities who need the help the most. It's also important that those communities know those programs exist and how and when they can apply.

I will caution you though that a robust citizen engagement plan is important and makes for a better action plan and recovery program. It's also important to set expectations early. I think that's probably my number one lesson learned from my time at New York State is it's great again to have a robust citizen engagement strategy, but just make it clear upfront that whatever projects you're discussing, they ultimately might not be eligible. There might not be enough funding for them, there might not be enough time to complete them. So just make it clear that you can have conversations about the program you want to design, but not every project the community asks for is going to be completed. Okay. I'm not seeing any other questions that came in, so I think I'll turn it over to Bella to close us out.

^{Transcribed by Rev.com AI}