Federal Real Property:
GSA Should Inform Tenant Agencies When Leasing High-Security Space from Foreign Owners
GAO-17-195: Published: Jan 3, 2017. Publicly Released: Jan 30, 2017.
- Highlights Page:
- Full Report:
- Accessible Version:
What GAO Found
GAO reviewed available information on the ownership of General Services Administration (GSA) leased space that requires higher levels of security protection based on factors such as mission criticality and facility size (high-security space) as of March 2016 and found that GSA is leasing high-security space from foreign owners in 20 buildings. The 26 tenant agencies occupy about 3.3 million square feet at an annual cost of about $97 million and use the space, in some cases, for classified operations and to store law enforcement evidence and sensitive data. The foreign-owned leased space included six Federal Bureau of Investigation field offices and three Drug Enforcement Administration field offices. GAO determined that the high-security space is owned by companies based in countries such as Canada, China, Israel, Japan, and South Korea. GAO was unable to identify ownership information for about one-third of GSA's 1,406 high-security leases as of March 2016 because ownership information was not readily available for all buildings.
Foreign-Owned Buildings Containing High-Security Space Leased by GSA
Federal officials who assess foreign investments in the United States and some tenant agencies occupying high-security leased space told GAO that leasing space in foreign-owned buildings could present security risks such as espionage and unauthorized cyber and physical access. However, 9 of the 14 tenant agencies GAO contacted were unaware that the space they occupy is in a building that we identified as foreign owned. The other five agencies that knew about occupying foreign-owned space had taken actions to mitigate the risk or were not concerned. Another risk is possibly entering into leases with hidden beneficial owners—the persons who ultimately own and control a building. According to the Treasury Department's Financial Crimes Enforcement Network, the risks of contracting with hidden beneficial owners include money laundering. GSA is not required to collect beneficial ownership information and therefore does not know the beneficial owners of the buildings it leases.
Federal agencies are required to assess and address the risks to their high-security facilities but GSA does not inform tenants when leasing space from foreign owners. When leasing space, GSA is required, among other things, to determine whether the prospective lessor is a responsible party, but foreign ownership is not one of the factors that it must consider. As a result, tenants may be unaware that they are occupying foreign-owned space and not know whether they need to address any security risks associated with such foreign ownership.
Why GAO Did This Study
GAO has previously reported that federal facilities are vulnerable to threats from foreign sources that may target their information systems and affect the physical security of the occupants. GAO was asked to examine GSA's lease of high-security space from foreign owners.
This report addresses (1) what is known about foreign ownership of high-security space leased by GSA, (2) potential risks posed by such foreign ownership, and (3) policies and procedures regarding GSA's leasing of space from foreign-owned entities. GAO reviewed GSA's leasing documents; identified and checked ownership information regarding high-security leased space to the extent possible using data, as of March 2016, from a firm that specializes in analyzing the commercial real estate market; interviewed GSA and federal foreign investment officials, tenant agencies that were occupying space owned by foreign entities, and five real estate companies that lease space to GSA or provide related services; and visited three foreign-owned high-security leased facilities selected to represent a variety of owners and tenants.
What GAO Recommends
GAO recommends that GSA determine whether the beneficial owner of high-security leased space is a foreign entity and, if so, share that information with the tenant agencies for any needed security mitigation. GSA agreed with the recommendation.
For more information, contact David Wise at (202) 512-2834 or firstname.lastname@example.org.
Recommendation for Executive Action
Status: Closed - Implemented
Comments: In January 2017, GAO reported that GSA does not inform tenants when leasing high security space from foreign owners, which could present security risks such as espionage and unauthorized cyber and physical access. GAO also reported that another risk of foreign ownership is possibly entering into leases with hidden beneficial owners-the persons who ultimately own and control a building-who are using the investment to launder money. Federal agencies are required to assess and address the risks to their high-security facilities. As a result, GAO recommended that GSA determine whether the beneficial owner of high-security leased space is a foreign entity and, if so, share that information with the tenant agencies for any needed security mitigation. In June 2018, GAO confirmed that in April 2018, in response to language inserted into prospectus resolutions by the House Transportation and Infrastructure Committee, GSA implemented a lease requirement for prospectus lease projects by requiring offerors to identify and disclose whether the owner of the leased space, including an entity involved in the financing thereof, is a foreign person or a foreign-owned entity. GSA also indicated that this information will be provided to tenant agencies. With this information, tenant agencies may correctly evaluate the security risks and take appropriate steps to secure their buildings resulting from foreign ownership.
Recommendation: The Administrator of the General Services Administration should determine whether the beneficial owner of high-security space that GSA leases is a foreign entity and, if so, share that information with the tenant agencies so they can adequately assess and mitigate any security risks.
Agency Affected: General Services Administration