Export-Import Bank: Improved External Stakeholder Engagement Could Enhance Fraud Risk Management

What GAO Found

The Export-Import Bank of the United States (EXIM) has generally monitored and evaluated the effectiveness of its fraud prevention activities in accordance with GAO’s leading practices. For example, EXIM surveys internal stakeholders, such as program managers and loan officers, to evaluate its fraud risk assessments.

However, EXIM does not fully engage with external stakeholders to inform its fraud risk management activities, as called for in leading practices. EXIM works with external stakeholders, such as lenders and export credit insurance partners, to process transactions that carry EXIM’s guarantees. These stakeholders have antifraud responsibilities, but EXIM does not involve them in its fraud risk assessment process. EXIM officials explained they do not think it is feasible to include these external stakeholders in the risk assessment process, or in the evaluation of those assessments, as there are many external stakeholders of varying sizes and types. By not engaging with external stakeholders, EXIM is not well positioned to fully understand the landscape of fraud risks and vulnerabilities facing the agency, such as risks posed by tariff evasion and the malicious use of artificial intelligence, therefore putting taxpayers at risk.

Further, EXIM collects information about potential fraud from internal loan officers to inform real-time monitoring efforts across its programs, but EXIM does not collect such information from external stakeholders (see fig. on the types and impacts of potential fraud at EXIM). According to leading practices, program managers should collect information from external stakeholders for real-time monitoring of fraud trends. By not collecting this information, EXIM is missing opportunities to proactively address fraud risks.

Types and Impacts of Potential Fraud at Export-Import Bank of the United States

GAO also reviewed EXIM transaction data from January 1, 2022, to June 30, 2025, to determine if entities that were banned from receiving federal assistance were present in the transaction data. GAO’s analysis did not identify any excluded parties within the EXIM transaction data during that period.

Why GAO Did This Study

EXIM’s mission is to support American jobs by facilitating the export of U.S. goods and services. Taxpayers could be responsible for losses arising from EXIM’s operations, including losses due to fraud.

Congress included a provision in statute for GAO to periodically review EXIM’s antifraud controls. This report assesses the extent to which (1) EXIM has monitored and evaluated its fraud risk management activities and engaged its stakeholders in the monitoring process; and (2) excluded parties can be identified in EXIM’s transaction data from January 1, 2022, to June 30, 2025.

GAO reviewed EXIM’s activities against relevant leading practices for fraud risk management identified by GAO, reviewed EXIM documentation, and interviewed EXIM managers and select external stakeholders responsible for fraud risk management. GAO selected external stakeholders to obtain a range of perspectives and based the selection on a variety of considerations including geographic location, asset size, the length of time associated with EXIM, and the number of active transactions. GAO also reviewed EXIM transaction data from January 1, 2022, to June 30, 2025.