VERAS v0.5

Verified Expenditure and Recipient Assurance Standard

What is VERAS?
VERAS assesses whether disbursement registries deliver payments to the right recipients.
No existing framework provides a standardised, comparable score for registry-level disbursement integrity.

Governments and organisations disburse billions annually through beneficiary registries and payroll systems. A significant percentage of those payments reach ghost entries, duplicates, or individuals who have left the programme. Existing frameworks assess system-wide public financial management but do not score the integrity of the registries themselves. VERAS closes that gap with a standardised, evidence-based assessment that produces a comparable score across institutions and countries.

7 domains, 21 indicators
Registry Integrity +
Measures the quality, completeness, and deduplication of the beneficiary or employee registry underpinning disbursements.
V1.1Deduplication Quality
Are duplicate entries detected and managed? Measures whether the registry is free of duplicate entries representing the same individual receiving multiple payments.
V1.2Identity Validation
Are registry entries linked to verifiable identity documents? Measures the extent to which entries can be validated against national ID systems or equivalent.
V1.3Deceased/Separated Detection
Are deceased or separated individuals identified and removed in a timely manner? Measures cross-referencing against death records and separation notices.
Behavioural Verification +
Active verification of recipient existence via phone, SMS, or USSD challenges. Measures response rates, challenge anomaly detection, and multi-cycle consistency.
V2.1Verification Mechanism
Is there an active mechanism to verify that a real person exists behind each registry entry? Measures whether proof-of-life challenges are sent and received.
V2.2Verification Coverage
What proportion of the registry is reached by verification challenges? Measures the percentage of entries that receive and can respond to a challenge.
V2.3Multi-Run Consistency
Are verification results consistent across cycles? Measures whether response patterns remain stable or show anomalies between successive runs.
Financial Controls +
Payment anomaly detection, statistical analysis, bank account validation, and payroll-to-budget reconciliation.
V3.1Payment Anomaly Detection
Are payment amounts within expected ranges? Measures salary or transfer amounts against statistical distributions and grade-level bands.
V3.2Bank Account Validation
Are payment accounts validated and monitored for sharing patterns? Measures whether bank accounts are verified and whether multiple entries share a single account.
V3.3Budget Reconciliation
Is the registry reconciled against budget allocations? Measures variance between approved headcount or transfer budget and actual disbursements.
Network Analysis +
Detects coordinated fraud — groups of fictitious entries sharing attributes that suggest creation by the same actor or syndicate.
V4.1Fraud Ring Detection
Are clusters of entries sharing suspicious attributes identified? Measures whether analytical methods detect groups sharing phones, bank accounts, devices, or name patterns.
V4.2Phone/SIM Sharing Analysis
Are phone number sharing patterns monitored? Measures detection of multiple entries using the same phone number or sequentially registered SIM cards.
V4.3Cross-Registry Matching
Are entries matched across registries? Measures whether deduplication extends beyond a single registry to detect individuals enrolled in multiple programs.
Audit Trail +
Measures whether the system maintains tamper-evident records sufficient to reconstruct the history of any entry or payment.
V5.1Tamper-Evident Logging
Are all changes to registry data logged immutably? Measures whether create, update, and delete actions are recorded with actor identity, timestamp, and before/after values.
V5.2Independent Verification
Can analysis results be independently verified? Measures whether data and logs are exportable and reviewable by external parties.
V5.3Data Retention
Is registry and analysis data retained for a sufficient period? Measures compliance with applicable retention policies and whether historical data supports trend analysis.
Due Process +
Measures whether individuals flagged by the detection process have access to grievance mechanisms, appeals, and false positive correction.
V6.1Grievance Mechanism
Is there an accessible mechanism for flagged individuals to contest their status? Measures availability of intake channels and whether they are communicated to affected parties.
V6.2Appeals SLA
Are appeals resolved within a defined timeframe? Measures whether service level agreements exist and are met for appeal resolution.
V6.3False Positive Correction
Are incorrectly flagged entries restored? Measures the rate at which appeals are upheld and entries are corrected in the registry.
Transparency +
Measures whether integrity scores and methodology are published, benchmarks are shared, and reporting follows a predictable cadence.
V7.1Score Publication
Are VERAS scores published or shared with oversight bodies? Measures whether assessment results are disclosed to commissioning entities and the public.
V7.2Anonymised Benchmarks
Are scores made available for cross-institutional comparison? Measures whether anonymised results contribute to a shared benchmark dataset.
V7.3Reporting Cadence
Are assessments conducted on a regular schedule? Measures whether reporting follows a defined cadence aligned with disbursement cycles.
Did the money reach the right people?

VERAS measures

Whether disbursements reach the right recipients. Registry integrity, recipient verification, fraud detection, audit trails, due process, transparency.

VERAS does not measure

Programme outcomes, aid effectiveness, organisational performance, or system-wide public financial management. Those are covered by existing frameworks like PEFA, 2CFR200, and CHS.

Relationship to existing frameworks
PEFA PI-23Payroll controls (government) 2 CFR 200US federal grant compliance FCDO FRAUK fiduciary risk assessment CHSHumanitarian self-assessment

VERAS adds registry-level integrity scoring that none of these currently provide.

How an assessment works

An independent assessor reviews registry data against the 21 indicators. Each indicator is graded with supporting evidence. Domain scores aggregate to a composite score (0–100). Results are published in the VERAS Score Registry.

Reference implementation

GuardGhost is the reference implementation of the VERAS standard for government payroll and NGO beneficiary registries.

The VERAS standard is in early adoption with pilot partners.