SBA’s COVID-19 EIDL Program Data Migration Challenges

As SBA shifts from reviewing applications to servicing COVID-19 Economic Injury Disaster Loans (EIDL) and Targeted EIDL Advances, the potential for identifying additional fraudulent loans increases significantly as borrowers default. The ability to recover funds and prosecute fraud relies on having continued access to loan and grant data, especially regarding evidential matter for audits and investigations. In February 2022, OIG found that SBA had been migrating data from its software provider without a data migration plan. This software service provider is an outside company contracted to provide cloud-based software solutions. Without advance planning for data migration and defined acceptance criteria, SBA took reactive measures to prevent the loss of vital program data when the contract ended on June 30, 2022. To address concerns about data migration challenges for SBA’s COVID-19 EIDL pandemic relief program, we suggest the SBA design and implement a comprehensive migration plan for the COVID-19 EIDL program, to include defined acceptance criteria and robust testing, with detailed project milestones and defined areas of responsibility for program management, information technology, and procurement groups so that data is preserved to meet the needs of all stakeholders. SBA managers stated they were working to modify the software service provider contract to ensure data will remain available for future litigation efforts. Management’s plan to modify the contract would ensure data is preserved. Once the contract modification is complete, the risk of data loss will be mitigated. Safeguarding the data from destruction beyond the June 30, 2022 contract expiration will allow SBA to support legal proceedings for the immediate future.