Telecommunications: FCC Should Take Action to Better Manage Persistent Fraud Risks in the Schools and Libraries Program
Fast Facts
The Federal Communications Commission's "E-rate" program funds schools' and libraries' efforts to obtain technology products and services, like broadband. In 2019, the E-rate program committed about $2.4 billion to eligible applicants.
But, the program's design allows participants to "self-certify," with insufficient FCC oversight to identify potential fraud risks. For example, an applicant could receive payments for services they've claimed to have provided, but don't have the documentation to prove it.
Our 3 recommendations could help the agency adhere to GAO's Fraud Risk Framework as it implements plans to address fraud risks in the program.
Highlights
What GAO Found
Since 1998, the Federal Communications Commission's (FCC) E-rate program has been a significant source of technology funding for schools and libraries (applicants) to obtain affordable broadband and telecommunications services. Other program participants include service providers and E-rate consultants that assist applicants and service providers with the application and funding processes. GAO identified several key fraud risks affecting the E-rate program, as shown below, including a reliance on self-certification statements. This inherent overarching key fraud risk presents opportunities for participants to misrepresent dozens of self-certification statements on various FCC forms.
Key Fraud Risks in the E-rate Program
FCC and the Universal Service Administrative Company (USAC) that administers the E-rate program have not yet implemented plans to comprehensively assess fraud risks, as called for in GAO's Fraud Risk Framework. Leading practices include tailoring fraud risk assessments to the program and examining the suitability of existing controls. FCC and USAC have established time frames for comprehensively assessing the E-rate program's fraud risks by the end of 2021. However, past fraud risk management initiatives have been delayed. Ensuring that such an assessment is completed as scheduled could help ensure FCC and USAC are prioritizing key fraud risks that persist in the E-rate program, and provide greater assurance that control activities are efficiently and effectively addressing the most significant fraud risks.
FCC and USAC face challenges in effectively employing data analytics to support future fraud risk management activities. For example, officials said that they are or will be using data analytics for fraud risk management, but have not implemented leading practices for data-analytics activities nor documented their efforts or plans for doing so. GAO's Fraud Risk Framework calls for agencies to design and implement control activities, including data-analytics activities, to prevent and detect fraud. Having FCC and USAC implement leading practices for data analytics and document how data-analytics activities will be used in antifraud strategies could position the agency to better prevent, detect, and respond to fraud in the E-rate program.
Why GAO Did This Study
In 2017, the FCC's Office of Inspector General (OIG) reported that FCC's ability to deter and detect alleged E-rate program fraud has been severely limited since the program's inception due to a lack of certain controls. Also, as recently as February 2020, a number of E-rate program participants pled guilty to defrauding the program by billing for equipment and services that were not provided, and obtaining more than $2.6 million in program funds to which they were not entitled.
GAO was asked to review fraud risk management in the E-rate program. This report addresses: (1) the E-rate program's key fraud risks; (2) the extent to which FCC and USAC are managing fraud risks in accordance with leading practices; and (3) the extent to which FCC and USAC face challenges in effectively employing data analytics to support fraud risk management activities. GAO reviewed cases of fraud, OIG reports, and risk assessments, among other things. GAO assessed FCC's and USAC's procedures against leading practices in the Fraud Risk Framework. GAO interviewed FCC and USAC officials responsible for the E-rate program and fraud risk management.
Recommendations
GAO makes three recommendations, including that FCC and USAC comprehensively assess fraud risks to the E-rate program and follow leading practices when designing and implementing data analytics to prevent and detect fraud. FCC agreed with the recommendations and outlined actions to address them.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Federal Communications Commission | The Chairman of FCC should direct and coordinate with the Chief Executive Officer of USAC to comprehensively assess fraud risks to the E-rate program, including implementing their respective plans for developing periodic fraud risk assessments, examining the suitability of existing fraud controls, and compiling fraud risk profiles following the timelines described in this report. The assessments should be informed by the key fraud risks identified in this report from closed court cases, prior risk assessments, and OIG reports, among other sources. (Recommendation 1) |
Open
FCC agreed with this recommendation. As of February 2023, according to FCC officials, a fraud risk assessment of the E-Rate program is being finalized and FCC anticipates being able to provide a copy of the fraud risk assessment report and additional supporting documentation by September 2023. We will continue to monitor FCC's progress in this area.
|
| Federal Communications Commission | The Chairman of FCC should ensure that FCC and USAC follow the leading practices in GAO's Fraud Risk Framework when designing and implementing data-analytics activities to prevent and detect fraud as part of their respective antifraud strategies for the E-rate program. (Recommendation 2) |
Open – Partially Addressed
FCC agreed with this recommendation. According to FCC officials, as of February 2021, FCC has been working collaboratively with USAC to incorporate the use of data-analytics activities in FCC's fraud risk management plans and also coordinating on USAC's implementation of its framework to use data analytics to combat future fraud risks in the E-Rate program. In April 2022, FCC provided supporting documentation reflecting its and USAC's procedures for periodically using a number of data analytics tools to address our recommendation. As of February 2023, one of these data analytics tools has been approved and operationalized based on our review and assessment of additional documentation provided by FCC and USAC. Operationalizing this data analytics tool can contribute to USAC's and FCC's strategic antifraud efforts for the E-Rate program. According to FCC officials, the remaining tools are currently under review and are expected to be approved by March 2023. We will continue to monitor FCC's progress in implementing the remaining tools.
|
| Federal Communications Commission | The Chairman of FCC should direct the Chief Executive Officer of USAC to clearly define and fully document the data fields in all relevant E-rate program computer systems to help improve FCC's ability to understand and use data to manage fraud risks. (Recommendation 3) |
Closed – Implemented
FCC agreed with this recommendation. From April 2022 through April 2023, FCC provided documentation in support of this recommendation, including three USAC data dictionaries. Based on our review and assessment of this documentation and additional information that FCC provided during this period, USAC clearly and comprehensively defined all key data fields for application, competitive bidding, and invoice data maintained in USAC's E-rate systems. By taking these steps, FCC and USAC are better positioned to more effectively and efficiently understand and analyze key program data for the purpose of managing fraud risks within the E-rate program.
|