When everything you do involves using taxpayer funds, you owe your funders accountability, transparency, and compliance with all your grant’s legal requirements. Every major grant is subject to risk-based oversight for the granting agency, and findings of noncompliance are to be expected during the life of the grant. The corrective actions required to remedy such findings can range from simply stopping the noncompliant action, to correcting policies and procedures, or even taking expensive actions to mitigate harm or reimburse the grant. 

For a grantee, it’s important to implement a system for compliance that detects and corrects issues before they become expensive findings. For the lead grantee of a major federal award (in the tens of millions or even billions of dollars), there will likely be hundreds or thousands of sub-awardees, subrecipients, contractors, sub-contractors, and beneficiaries participating in using funds to achieve the mission. 

In return, these participants will need to understand and return compliance information (including supporting documentation) back through designated paths to the grantee, who gathers the information and makes it available for the federal agency, auditors, and program monitors. Additionally, the participants must be contractually bound to complete any training and to take any corrective actions required by the grantee or the awarding agency.

With so much to consider toward implementing a successful compliance system, it’s important to know what type of compliance model will best serve your project, your participants, and your shared mission.  Read on as we explore two leading models and their variations and look at some real-world examples.

Distributed or central?

Generally speaking, there are two primary models for compliance for large grants involving so many participants: 

• Distributed: This model involves training each sub-awardee and subrecipient and making them responsible for how they carry out their programs. This allows their own compliance policies and procedures to match their specific product lines and reporting/documentation requirements.
• Central: In this model, the lead grantee creates a central compliance command center or requires common use by all subs of a particular entity (grantee staff and/or contractor) to disseminate policies and procedures, and to implement monitoring.
  
  

The distributed compliance model

In the Community Development Block Grant (CDBG) program, the U.S. Department of Housing and Urban Development (HUD) uses the distributed model by making separate annual awards to 1,200+ metropolitan cities, urban counties, and states and requiring each awardee to create their own policies and procedures to help ensure compliance with specific regulatory requirements. This choice preserves program flexibility and accommodates the sheer range of possible CDBG activity types (more than 25 categories and infinite program design mixes) and grantee sizes (from tens of thousands to hundreds of millions of dollars). 

Distributing responsibility for compliance so widely creates challenges for program oversight and audits. One grantee’s policies and procedures and documentation usually look different from the next grantee’s. Particularly in the State CDBG program, in which HUD provides maximum feasible deference in most aspects of program administration, the distributed approach creates both a national community development laboratory with 50 different program approaches and a more challenging environment for discerning or evaluating a grantee’s program compliance. Implementing a distributed model also demands substantial, broad-spectrum technical assistance for participants to enable them to understand all program requirements and deploy compliant programs or projects.

The centralized compliance model

With larger grants (such as for major cities or urban counties), and in other CDBG variations such as CDBG disaster recovery (CDBG-DR) or Neighborhood Stabilization Program (NSP) grants, the centralized model becomes more prevalent. These larger grants typically have larger or more complex projects, and many more contractors, subrecipients, and beneficiaries to keep track of.  

When a CDBG-DR grantee centralizes responsibility for compliance, it: 

• Directly takes control over detailed policies and procedures for itself (and often subrecipients) 
• Specifies exact forms of required documentation 
• Includes go/no-go checkpoints
• May require specific internal control actions for higher-risk subs 

The grantee often procures a compliance contractor and an internal auditor to design and implement its components. In a centralized model, at its most extreme, only grantee representatives (staff or contractors) are subject matter experts on program requirements. A program participant would simply need to know the program basics and terminology, plus its own scope of work, budget, schedule, and the specific conditions in its contract or grant/loan agreement. This allows training or technical assistance resources to focus more on implementing successful programs and less on program regulations and compliance.

Note that centralized compliance can be implemented comprehensively or selectively. An example of the latter would be centralizing compliance with environmental review requirements at the grantee level (using either grantee staff or the grantee’s specialized contractor) but allowing subrecipients to set their own policies and procedures for compliance with 2 CFR 200 financial management requirements. 

Another example of selective compliance occurred during the 9/11 recovery where the Lower Manhattan Development Corporation (LMDC) agreed that New York City – a major subrecipient – could apply more familiar CDBG entitlement program financial management policies, rather than applying LMDC’s state-based counterparts. Other subrecipients used LMDC’s requirements.

What to consider when choosing a compliance approach

Risk assessment for a distributed compliance system differs from that for a centralized system in one key regard: For distributed models, it consists almost entirely of data and information for each individual participant, while for centralized models, it must consider the grantee’s own operations more carefully, especially if different offices or agencies are involved and must coordinate. 

One key factor to consider in choosing a centralized approach is the stability of the funder’s requirements. For example, the 50-year-old CDBG program’s requirements are very stable, so changes to contract terms are unlikely during the term of assistance. For new or one-time programs, such as those in the Greenhouse Gas Reduction Fund (GGRF), policy is evolving. It’s highly likely that EPA will react with policy updates as issues or new models and applications arise during launch, with the strong possibility that the grantee’s implementing documents, sub agreements, contracts, and reporting elements will change in their turn.

HUD’s distributed model works for the $3 billion annual CDBG program because the requirements are stable, the system is time-tested and seasoned, and most participants are governmental and have ongoing federal grant management capacity. A centralized model, with a single high-capacity entity making changes for all, may be more appropriate to a CDBG-DR grant launch or to GGRF. For example: The largest NSP grantees all had centralized compliance and reporting to streamline and reduce implementation risks and costs. This approach may also have controlled administrative costs at all levels, allowing more assistance to flow directly to the mission. 

Lessons learned for either approach

Finally, there are some best practices to apply to any compliance system.

• Limit required data points to must-haves. Resist adding nice-to-have data or information collection that will pull focus from delivering the program and completing the mission compliantly.
• Pave the road to compliance. Make sure you design forms, formats, systems, training, and technical assistance that all support program and mission. Pay attention when program participants get confused or make mistakes – you may need to clarify or update guidance.
• Communicate well on all levels. Experience shows that large grant programs succeed by treating participants as customers or partners and focusing on driving and supporting their success in creating desired program benefits and meeting beneficiary needs.
• When you find noncompliance or have concerns, delay usually makes problems worse.  Follow up matter-of-factly. Findings of noncompliance are extremely common and require a drama-free response. Act swiftly and appropriately to stop the problem and prevent recurrence.
• Begin your compliance system and monitoring reviews as early as possible. Every federal grant manager has horror stories to tell about grantees or programs that pushed all compliance reviews to the end. Don’t be that story.

In conclusion

No matter which model for grant compliance you choose, remember you share a mission with your funder and all your program stakeholders and beneficiaries. That shared mission – be it greenhouse gas reduction, disaster recovery, resilience, better infrastructure, or community development – connects funder to grantee to program participant to beneficiary in a collective effort to create success.

How CohnReznick can help

With decades of experience in community development, affordable housing, disaster recovery, and other carefully regulated industries, CohnReznick has extensive expertise at the intersection of regulations and real-world implementation, including in federal programs. Reach out to discuss how we can help you – and the players throughout your program’s ecosystem – build your best path to compliance.