What GAO Found
In managing its vulnerability to fraud, the Export-Import Bank of the United States (the Bank) has adopted some aspects of GAO’s A Framework for Managing Fraud Risks in Federal Programs (Fraud Risk Framework). This framework describes leading practices in four components: organizational culture, assessment of inherent program risks, design of tailored antifraud controls, and evaluation of outcomes. As provided in the framework, for example, the Bank has identified a dedicated entity within the Bank to lead fraud risk management. GAO also found that Bank managers and staff generally hold positive views of the Bank’s antifraud culture. However, GAO also found that management and staff hold differing views on key aspects of that culture. These differing views include how active the Bank should be in addressing fraud. For example, Bank managers told GAO the Bank’s current approach has been appropriate for dealing with fraud. However, about one-third of Bank staff responding to a GAO employee survey said the Bank should be “much more active” or “somewhat more active” in preventing, detecting, and addressing fraud. These and other divergent views indicate an opportunity to better ensure the Bank sets an antifraud tone that permeates the organizational culture, as provided in the Fraud Risk Framework.
GAO found the Bank has taken some steps to assess fraud risk. For example, the Bank’s practice has generally been to assess particular fraud risks and lessons learned following specific instances of fraud encountered, according to Bank managers. However, the Bank has not conducted a comprehensive fraud risk assessment, as provided in the framework. The Bank has also been compiling a “register” of risks identified across the organization, including fraud. This register, however, does not include some known methods of fraud, such as submission of fraudulent documentation, thus indicating it is incomplete. Without planning and conducting regular fraud risk assessments as called for in the framework, the Bank is vulnerable to failing to identify fraud risks that can damage its reputation or harm its ability to support U.S. jobs through greater exports. As provided in the framework, managers should determine where fraud can occur and the types of internal and external fraud the program faces, including an assessment of the likelihood and impact of fraud risks inherent to the program.
At the conclusion of GAO’s review, Bank managers said they will fully adopt the GAO framework. They said they plan to complete a fraud risk assessment by December 2018, and to determine the Bank’s fraud risk profile—that is, document key findings and conclusions from the assessment—by February 2019. Work to adopt other framework components will begin afterward, the managers said. However, they did not provide details of how their efforts will be in accord with leading practices of the framework. As a result, GAO makes framework-specific recommendations in order to enumerate relevant issues and to present clear benchmarks for assessing Bank progress. This complete listing of recommendations is important in light of the Bank’s recent embrace of the framework; recent changes in Bank leadership; and expected congressional consideration of the Bank’s reauthorization in 2019.
Why GAO Did This Study
According to the Bank, it serves as a financier of last resort for U.S. firms seeking to sell to foreign buyers but that cannot obtain private financing for their deals. Its programs support tens of thousands of American jobs and enable billions of dollars in U.S. export sales annually, the Bank says. The Bank is also backed by the full faith and credit of the United States government, meaning that taxpayers could be responsible for Bank losses.
The Export-Import Bank Reform Reauthorization Act of 2015 included a provision for GAO to review the Bank’s antifraud controls within 4 years, and every 4 years thereafter. This report examines the extent to which the Bank has adopted the four components of GAO’s Fraud Risk Framework—commit to combating fraud; regularly assess fraud risks; design a corresponding antifraud strategy with relevant controls; and evaluate outcomes and adapt. GAO reviewed Bank documentation; interviewed a range of Bank managers; and surveyed Bank employees about the extent to which the Bank has established an organizational culture and structure conducive to fraud risk management.
What GAO Recommends
GAO makes seven recommendations, centering on conducting a fraud risk assessment, tailored to the Bank’s operations, to serve as the basis for the design and evaluation of appropriate antifraud controls. The Bank agreed with GAO’s recommendations, saying it will take steps to improve its fraud risk management activities.
For more information, contact Seto J. Bagdoyan at (202) 512-6722 or firstname.lastname@example.org.