Export-Import Bank:

The Bank Needs to Continue to Improve Fraud Risk Management

GAO-18-492: Published: Jul 19, 2018. Publicly Released: Jul 19, 2018.

Additional Materials:

Contact:

Seto J. Bagdoyan
(202) 512-6722
bagdoyans@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The Export-Import Bank of the United States helps U.S. companies that want to sell to foreign buyers but can’t get private financing. According to the Bank, its programs support tens of thousands of U.S. jobs annually. However, the Bank is backed by the U.S. government—so taxpayers could be responsible for losses.

We reviewed the Bank's controls for preventing losses from fraud. The Bank has taken steps to improve fraud risk management, including adopting some practices in our fraud risk management framework. However, it should conduct a comprehensive fraud risk assessment and use that to design antifraud controls. We made 7 recommendations.

 

This is a photo of the Export-Import Bank of the United States.

This is a photo of the Export-Import Bank of the United States.

Additional Materials:

Contact:

Seto J. Bagdoyan
(202) 512-6722
bagdoyans@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

In managing its vulnerability to fraud, the Export-Import Bank of the United States (the Bank) has adopted some aspects of GAO's A Framework for Managing Fraud Risks in Federal Programs (Fraud Risk Framework). This framework describes leading practices in four components: organizational culture, assessment of inherent program risks, design of tailored antifraud controls, and evaluation of outcomes. As provided in the framework, for example, the Bank has identified a dedicated entity within the Bank to lead fraud risk management. GAO also found that Bank managers and staff generally hold positive views of the Bank's antifraud culture. However, GAO also found that management and staff hold differing views on key aspects of that culture. These differing views include how active the Bank should be in addressing fraud. For example, Bank managers told GAO the Bank's current approach has been appropriate for dealing with fraud. However, about one-third of Bank staff responding to a GAO employee survey said the Bank should be “much more active” or “somewhat more active” in preventing, detecting, and addressing fraud. These and other divergent views indicate an opportunity to better ensure the Bank sets an antifraud tone that permeates the organizational culture, as provided in the Fraud Risk Framework.

GAO found the Bank has taken some steps to assess fraud risk. For example, the Bank's practice has generally been to assess particular fraud risks and lessons learned following specific instances of fraud encountered, according to Bank managers. However, the Bank has not conducted a comprehensive fraud risk assessment, as provided in the framework. The Bank has also been compiling a “register” of risks identified across the organization, including fraud. This register, however, does not include some known methods of fraud, such as submission of fraudulent documentation, thus indicating it is incomplete. Without planning and conducting regular fraud risk assessments as called for in the framework, the Bank is vulnerable to failing to identify fraud risks that can damage its reputation or harm its ability to support U.S. jobs through greater exports. As provided in the framework, managers should determine where fraud can occur and the types of internal and external fraud the program faces, including an assessment of the likelihood and impact of fraud risks inherent to the program.

At the conclusion of GAO's review, Bank managers said they will fully adopt the GAO framework. They said they plan to complete a fraud risk assessment by December 2018, and to determine the Bank's fraud risk profile—that is, document key findings and conclusions from the assessment—by February 2019. Work to adopt other framework components will begin afterward, the managers said. However, they did not provide details of how their efforts will be in accord with leading practices of the framework. As a result, GAO makes framework-specific recommendations in order to enumerate relevant issues and to present clear benchmarks for assessing Bank progress. This complete listing of recommendations is important in light of the Bank's recent embrace of the framework; recent changes in Bank leadership; and expected congressional consideration of the Bank's reauthorization in 2019.

Why GAO Did This Study

According to the Bank, it serves as a financier of last resort for U.S. firms seeking to sell to foreign buyers but that cannot obtain private financing for their deals. Its programs support tens of thousands of American jobs and enable billions of dollars in U.S. export sales annually, the Bank says. The Bank is also backed by the full faith and credit of the United States government, meaning that taxpayers could be responsible for Bank losses.

The Export-Import Bank Reform Reauthorization Act of 2015 included a provision for GAO to review the Bank's antifraud controls within 4 years, and every 4 years thereafter. This report examines the extent to which the Bank has adopted the four components of GAO's Fraud Risk Framework—commit to combating fraud; regularly assess fraud risks; design a corresponding antifraud strategy with relevant controls; and evaluate outcomes and adapt. GAO reviewed Bank documentation; interviewed a range of Bank managers; and surveyed Bank employees about the extent to which the Bank has established an organizational culture and structure conducive to fraud risk management.

What GAO Recommends

GAO makes seven recommendations, centering on conducting a fraud risk assessment, tailored to the Bank's operations, to serve as the basis for the design and evaluation of appropriate antifraud controls. The Bank agreed with GAO's recommendations, saying it will take steps to improve its fraud risk management activities.

For more information, contact Seto J. Bagdoyan at (202) 512-6722 or bagdoyans@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: The Bank agreed with this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The acting Bank president and Board chairman should ensure that the Bank evaluates and implements methods to further promote and sustain an antifraud tone that permeates the Bank's organizational culture, as described in GAO's Fraud Risk Framework. This should include consideration of requiring training on fraud risks relevant to Bank programs, for new employees and all employees on an ongoing basis, with the training to include identifying roles and responsibilities in fraud risk management activities across the Bank. (Recommendation 1)

    Agency Affected: Export-Import Bank of the United States

  2. Status: Open

    Comments: The Bank agreed with this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: As the agency begins efforts to plan and conduct regular fraud risk assessments and to determine a fraud risk profile, the acting Bank president and Board chairman should ensure that the Bank's risk assessments and profile address not only known methods of fraud, including those that are absent from its current risk register, but other inherent fraud risks as well. (Recommendation 2)

    Agency Affected: Export-Import Bank of the United States

  3. Status: Open

    Comments: The Bank agreed with this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: As the agency begins efforts to plan and conduct regular fraud risk assessments and to determine a fraud risk profile, the acting Bank president and Board chairman should ensure that the risk profile includes risk tolerances that are specific and measurable. (Recommendation 3)

    Agency Affected: Export-Import Bank of the United States

  4. Status: Open

    Comments: The Bank agreed with this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The acting Bank president and Board chairman should ensure that the Bank develops and implements an antifraud strategy with specific control activities, based upon the results of fraud risk assessments and a corresponding fraud risk profile, as provided in GAO's Fraud Risk Framework. (Recommendation 4)

    Agency Affected: Export-Import Bank of the United States

  5. Status: Open

    Comments: The Bank agreed with this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The acting Bank president and Board chairman should ensure that the Bank identifies, and then implements, the best options for sharing more fraud-related information--including details of fraud case referrals and outcomes--among Bank staff, to help build fraud awareness, as described in GAO's Fraud Risk Framework. (Recommendation 5)

    Agency Affected: Export-Import Bank of the United States

  6. Status: Open

    Comments: The Bank agreed with this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The acting Bank president and Board chairman should lead efforts to collaborate with the Bank's OIG to identify a feasible, cost-effective means to systematically track outcomes of fraud referrals from the Bank to the OIG, including creating a means to link the OIG's proven cases of fraud to the specific Bank transactions from which the OIG actions arose. If any such means are found to be feasible and cost-effective, the acting Bank president and Board chairman should direct appropriate staff to implement them, with such information to be used for purposes consistent with GAO's Fraud Risk Framework, such as data analytics. (Recommendation 6)

    Agency Affected: Export-Import Bank of the United States

  7. Status: Open

    Comments: The Bank agreed with this recommendation. When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: The acting Bank president and Board chairman should ensure that the Bank monitors and evaluates outcomes of fraud risk management activities, using a risk-based approach and outcome-oriented metrics, and that it subsequently adapts antifraud activities or implements new ones, as determined to be appropriate and consistent with GAO's Fraud Risk Framework. (Recommendation 7)

    Agency Affected: Export-Import Bank of the United States

 

Explore the full database of GAO's Open Recommendations »

Sep 5, 2018

Jul 18, 2018

Jun 26, 2018

Mar 22, 2018

Mar 16, 2018

Mar 15, 2018

Feb 27, 2018

Feb 26, 2018

Looking for more? Browse all our products here