Ongoing

US Federal Procurement Anomaly Detection

Data Analyst & Pipeline Developer · 2026 · Ongoing (research complete; build Q3 2026) · 1 person · 6 min read

14 production runs across FY2024 USASpending data (542,094 sole-source rows, 38,821 vendors scored); pipeline detects cumulative award concentration, pass-through subcontracting, and pricing benchmark outliers with LLM-narrated output structured for FCA plaintiff law firm use.

Overview

Research and pipeline development for a US federal procurement fraud intelligence product. The pipeline applies forensic detection methods adapted from Korean procurement analytics to USASpending.gov contract data — identifying patterns in sole-source awards, amendment chains, pricing deviations, and subcontracting structures that are consistent with False Claims Act exposure. Output is structured anomaly reports delivered to FCA plaintiff law firms as investigative leads.

Problem

FCA plaintiff law firms identify qui tam cases primarily through insider whistleblowers — a supply-constrained, high-noise channel. No systematic, publicly-available pipeline processes federal contracting data to surface patterns consistent with procurement fraud before a whistleblower arrives. The data exists: USASpending.gov provides transaction-level contract data for all federal awards. The detection methodology is transferable from Korean forensic finance work. The gap is production-ready tooling that converts raw contracting data into attorney-actionable anomaly reports.

Constraints

  • All data sourced from public APIs only (USASpending.gov, SAM.gov, SBA size standards) — no proprietary or insider data; FCA original-source doctrine compliance
  • 542,094 sole-source rows in FY2024 alone — requires columnar processing (DuckDB in-memory for 3-year rolling window; persistent mode for full 99M-record historical corpus)
  • SAM.gov Entity API: 1,000 requests/day effective quota on free tier — detection functions must batch efficiently and cache aggressively
  • Output must be attorney-readable: structured findings with specific FAR citations, dollar values, and FCA theory — not raw anomaly scores

Approach

Direct transfer of detection architecture from Korean pipeline (DuckDB/Parquet/FastAPI pattern). Four detection functions operational: cumulative award concentration (same vendor, same NAICS, cumulative above FAR threshold, minimal competition), pass-through subcontracting (subaward concentration where single subcontractor receives >50% of prime award value), price benchmark outlier (vendor pricing vs. NAICS P90 competitive benchmark), and certification fraud screen (SAM.gov set-aside certifications vs. SBA size standards vs. award eligibility). Each flagged finding goes through an LLM-narrated external validation pass using Claude + Tavily web search to produce a structured verdict (SUPPORTED / PARTIALLY MITIGATED / NOT SUPPORTED) with ownership research, prior investigation history, and FCA exposure assessment. Output: one intelligence digest per run + individual validation reports per finding.

Key Decisions

Structure product as investigative leads to FCA plaintiff firms, not direct qui tam filing

Reasoning:

Baylor v. United States (5th Cir., cert. denied 2021) held that statistical analysis of public government data does not satisfy the FCA 'original source' / 'materially adds' standard required for a relator to survive a public disclosure bar challenge. The product's legal position is as a lead-generation and due diligence tool for firms who will develop their own original-source relators — not as a qui tam filing vehicle.

Alternatives considered:
  • Direct qui tam filing — blocked by Baylor; no original-source standing from public data alone
  • Government IG SaaS — viable secondary channel, but requires law firm traction first as credibility signal

Use $1M signal floor for pass-through concentration findings

Reasoning:

Below $1M, pass-through patterns are common in legitimate small-business contracting (mentoring relationships, teaming arrangements) and the FCA exposure is too small to justify law firm investigation costs. Above $1M with high pricing multiples, the pattern is both more anomalous and more economically worth investigating. Run 14 tuned this floor after earlier runs produced too many low-value signals.

Alternatives considered:
  • No floor — too many low-value findings; overwhelming for attorney review
  • $500K floor — still too many borderline cases at trial attorney cost structure

LLM-narrated validation pass after detection, before delivery

Reasoning:

Raw anomaly flags are not attorney-usable. Each finding needs: who is the vendor (ownership, certifications), what is the prior investigation history (DOJ, IG, GAO), is the pricing pattern independently documented, and what is the specific FCA theory. A Claude + Tavily agentic loop (15-25 web searches per finding) produces this in a consistent structured format without manual research overhead. The external validation pass converts detection outputs into delivery-ready intelligence cards.

Alternatives considered:
  • Manual research per finding — does not scale; contradicts the automated intelligence model
  • No validation — raw anomaly flags without context are too noisy for attorney use

Tech Stack

  • Python (pandas, DuckDB, PyArrow)
  • USASpending.gov bulk download
  • SAM.gov Entity API v3
  • SBA Size Standards API
  • Anthropic Claude (claude-sonnet-4-6) — LLM narration
  • Tavily Search API — web research
  • Parquet (PyArrow)
  • FastAPI (planned delivery shell)

Result & Impact

  • 14 (FY2024 USASpending data)
    Production Runs
  • 38,821
    Vendors Scored per Run
  • 542,094
    Sole-Source Rows Processed
  • 8 (Run 14); $48M combined value-at-risk
    Intelligence Cards per Run

Pipeline converts a 542,094-row sole-source transaction dataset into 8 attorney-actionable intelligence cards in a single automated run. Each card includes a vendor profile, detection rationale, specific FAR citations, pricing analysis, and FCA exposure assessment — the due diligence packet a law firm would otherwise build manually. Korean pipeline methodology is the proof of concept; US build begins Q3 2026 after Korean validation through the October 2026 exam cycle.

Learnings

  • Detection sensitivity tuning requires production data — not synthetic — because real procurement data has distribution characteristics (NAICS clustering, award size distributions, agency spending patterns) that synthetic data cannot replicate
  • The LLM validation pass is not a quality filter — it is a knowledge enrichment step. The detection function decides what to flag; the LLM decides how to explain it. Conflating these roles produces either missed flags or unfounded narratives.
  • SAM.gov API quota constraints forced a shift to monthly bulk extract processing — a better architecture anyway, since the extract provides complete certification history rather than point-in-time API snapshots
  • FCA product positioning requires a clear statement of what the product is NOT (a direct filing vehicle) before discussing what it IS (an investigative lead tool) — law firm general counsel will ask this question in the first conversation

Detection Architecture

The pipeline applies four detection functions to USASpending FY2024 sole-source transaction data:

Cumulative Award Concentration — Identifies vendors receiving repeated awards from the same agency under the same NAICS code, cumulative total above simplified acquisition thresholds ($250K, $750K), with minimal documented competition. Flags patterns consistent with requirements splitting under FAR 6.301 and 13.003(c)(2).

Pass-Through Subcontracting — Detects prime contractors where a single subcontractor receives a disproportionate share of prime contract value. Flags patterns inconsistent with the performance requirements of FAR 52.219-14 (Limitations on Subcontracting) for set-aside awards. Signal floor: $1M cumulative, pricing >1.5x competitive P90 benchmark.

Price Benchmark Outlier — Compares vendor pricing against the P90 competitive benchmark by NAICS code. A consistent multiple of 3-6x benchmark across multiple awards, absent competitive justification, raises questions about fair and reasonable pricing determinations under FAR 15.404-1.

Certification Fraud Screen — Cross-references SAM.gov small business certifications against SBA size standards by NAICS. Identifies vendors whose revenue or employee counts, as reported in public filings, exceed the SBA threshold for the NAICS code under which they received small business set-aside awards.

External Validation Loop

Each flagged finding passes through a Claude + Tavily agentic research loop before delivery. The loop conducts 15-25 targeted web searches per finding — ownership and certifications, DOJ/IG/GAO prior investigation history, pricing context from comparable contracts, subcontracting plan filings — and produces a structured verdict in 7 fixed sections. Output is a complete intelligence card, not a raw flag score.

The product is positioned as an investigative lead tool, not a direct filing vehicle. Baylor v. United States (5th Cir., cert. denied 2021) established that statistical analysis of public government data alone does not satisfy the False Claims Act original-source requirement for qui tam standing. Law firms use the product to identify patterns worth investigating — they develop the relator relationship and original-source knowledge independently.

Writing

Four Signals, One Score: How kr-anomaly-scoring Flags KOSDAQ CB/BW Manipulation May 15, 2026 The Beneish M-Score, Reimplemented for Korean IFRS April 23, 2026 Pricing Convertible-Bond Dilution Without SEIBRO: Black-Scholes on the DART Filing April 23, 2026
Portfolio