Information Security: Federal Deposit Insurance Corporation Has Made Progress, but Further Actions Are Needed to Protect Financial Data

What GAO Found

Although FDIC had implemented numerous controls in its systems, it had not always implemented access and other controls to protect the confidentiality, integrity, and availability of its financial systems and information. FDIC has implemented controls to detect and change default user accounts and passwords in vendor-supplied software, restricted access to network management servers, developed and tested contingency plans for major systems, and improved mainframe logging controls. However, the corporation had not always (1) required strong passwords on financial systems and databases; (2) reviewed user access to financial information in its document sharing system in accordance with policy; (3) encrypted financial information transmitted over and stored on its network; and (4) protected powerful database accounts and privileges from unauthorized use. In addition, other weaknesses existed in FDIC’s controls that were intended to appropriately segregate incompatible duties, manage system configurations, and implement patches.

An underlying reason for the information security weaknesses is that FDIC had not always implemented key information security program activities. To its credit, FDIC had developed and documented a security program and had completed actions to correct or mitigate 26 of the 33 information security weaknesses that were previously identified by GAO. However, the corporation had not assessed risks, documented security controls, or performed periodic testing on the programs and data used to support the estimates of losses and costs associated with the servicing and disposal of the assets of failed institutions. Additionally, FDIC had not always implemented its policies for restricting user access or for monitoring the progress of security patch installation.

Because FDIC had made progress in correcting or mitigating previously reported weaknesses and had implemented compensating management and reconciliation controls during 2010, GAO concluded that FDIC had resolved the significant deficiency in internal control over financial reporting related to information security that was reported in GAO’s 2009 audit, and that the remaining unresolved issues and the new issues identified did not individually or collectively constitute a material weakness or significant deficiency in 2010. However, if left unaddressed, these issues will continue to increase FDIC’s risk that its sensitive and financial information will be subject to unauthorized disclosure, modification, or destruction.

Why GAO Did This Study

The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of FDIC’s work, effective information security controls are essential to ensure that the corporation’s systems and information are adequately protected from inadvertent misuse, fraudulent use, or improper disclosure.

As part of its audits of the 2010 financial statements of the Deposit Insurance Fund and the Federal Savings & Loan Insurance Corporation Resolution Fund administrated by FDIC, GAO assessed the effectiveness of the corporation’s controls in protecting the confidentiality, integrity, and availability of its financial systems and information. To perform the audit, GAO examined security policies, procedures, reports, and other documents; tested controls over key financial applications; and interviewed key FDIC personnel.

More from:

Hits: 0

News Network

  • Aircraft Noise: Information on a Potential Mandated Transition to Quieter Airplanes
    In U.S GAO News
    Based on Federal Aviation Administration (FAA) data and GAO estimates, most U.S. large commercial jet airplanes are certificated at the minimum required stage 3 noise standards, but nearly all of them are able to meet more stringent noise standards. Sixty-three percent of large commercial airplanes in the United States are certificated as meeting the stage 3 standards; however, 87 percent of them were manufactured with technologies that are able to meet more recent and stringent stage 4 or 5 standards as currently configured, according to FAA's 2017 analysis. By analyzing updated data from airlines and aviation manufacturers, GAO estimated that this proportion is even higher: 96 percent of large commercial airplanes are able to meet stage 4 or 5 standards (see figure). According to FAA officials and aviation stakeholders, the primary reason many large commercial airplanes certificated as stage 3 produce lower than stage 3 noise levels is because engine and airframe technology has outpaced the implementation of noise standards. More recently, some airlines have accelerated retirement of certain airplanes, some of which are certificated as stage 3, due to the decrease in travel amid the COVID-19 pandemic. For the generally smaller regional commercial jets (i.e., generally with less than 90 seats), 86 percent are able to meet stage 4 or stage 5 standards, according to manufacturers' data. With regard to general aviation (which are used for personal or corporate flights), 73 percent of the jet airplanes in that fleet are able to meet the more stringent stage 4 or 5 standards, according to manufacturers' data. GAO Estimate of The Number of Large Airplanes in the U.S. Commercial Fleet That Are Able to Meet Stage 3 or Stage 4 and 5 Noise Standards, January 2020 According to stakeholders GAO interviewed, a phase-out of jet airplanes that are certificated as meeting stage 3 standards would provide limited noise reduction and limited other benefits, and could be costly and present other challenges. A phase-out could require recertificating the vast majority of stage 3 airplanes to comply with stage 4 or 5 standards. This process could be costly for operators and manufacturers but would provide little reduction in noise. Further, airplanes currently unable to meet more stringent standards would require modifications or face retirement. For older airplanes that could not be recertificated to meet stage 4 or 5 standards, some operators could incur costs for replacement airplanes sooner than originally planned. Although stakeholders indicated that a phase-out would not substantially reduce noise, they identified other limited benefits newer airplanes generate, such as reduced greenhouse gas emissions and fuel consumption. Although advances in technology have led to quieter aircraft capable of meeting increasingly stringent noise standards, airport noise remains a concern. FAA regulates aircraft noise by ensuring compliance with relevant noise standards. In 1990, federal law required large jet airplanes to comply with stage 3 noise standards by 1999, leading to a phase-out of the noisiest airplanes (stage 1 and 2 airplanes). Later, federal law required smaller airplanes to comply with stage 3 standards by 2016. The FAA Reauthorization Act of 2018 included a provision for GAO to review a potential phase-out of stage 3 airplanes—the loudest aircraft currently operating in the United States. This report describes (1) the proportion of stage 3 airplanes in the U.S. fleet, and what proportion of these stage 3 airplanes are able to meet more stringent noise standards and (2) selected stakeholders' views on the potential benefits, costs, and challenges of phasing out stage 3 airplanes. GAO reviewed FAA's analysis of December 2017 fleet data, analyzed January 2020 fleet data from select airlines and airframe and engine manufacturers, and interviewed FAA officials. GAO also interviewed a non-generalizable sample of 35 stakeholders, including airlines; airframe and engine manufacturers; airports; and industry associations, selected based on fleet and noise data, stakeholder recommendations, or prior GAO knowledge. For more information, contact Heather Krause at (202) 512-2834 or krauseh@gao.gov.
    [Read More…]
  • Justice Department Concludes Its Investigation of D.C.-Area Private High Schools’ Decision to Stop Offering Advanced Placement Courses
    In Crime News
    The Department of Justice announced today that it has completed its investigation into whether Georgetown Day School, Holton-Arms School, Landon School, Maret School, National Cathedral School, The Potomac School, St. Albans School, and Sidwell Friends School (jointly, “the Schools”) collectively agreed to stop offering Advanced Placement (AP) courses by 2022 in violation of the Sherman Act.  The Schools announced in June 2018 that they would eliminate AP courses from their curricula by 2022. 
    [Read More…]
  • Financial Audit: Office of Financial Stability’s (Troubled Asset Relief Program) FY 2020 and FY 2019 Financial Statements
    In U.S GAO News
    GAO found (1) the Office of Financial Stability's (OFS) financial statements for the Troubled Asset Relief Program (TARP) as of and for the fiscal years ended September 30, 2020, and 2019, are presented fairly, in all material respects, in accordance with U.S. generally accepted accounting principles; (2) OFS maintained, in all material respects, effective internal control over financial reporting for TARP as of September 30, 2020; and (3) no reportable noncompliance for fiscal year 2020 with provisions of applicable laws, regulations, contracts, and grant agreements GAO tested. In commenting on a draft of this report, OFS stated that it is proud to receive an unmodified opinion on its financial statements and its internal control over financial reporting. OFS also stated that it is committed to maintaining the high standards and transparency reflected in these audit results. The Emergency Economic Stabilization Act of 2008 (EESA) that authorized TARP on October 3, 2008, includes a provision for TARP, which is implemented by OFS, to annually prepare and submit to Congress and the public audited fiscal year financial statements that are prepared in accordance with U.S. generally accepted accounting principles. EESA further states that GAO shall audit TARP's financial statements annually. For more information, contact Cheryl E. Clark at (202) 512-3406 or clarkce@gao.gov.
    [Read More…]
  • Joint Statement on Extended “Troika” on Peaceful Settlement in Afghanistan
    In Crime Control and Security News
    Office of the [Read More…]
  • On the 41st Anniversary of the U.S. Embassy Takeover in Tehran
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • French Guiana Travel Advisory
    In Travel
    Do not travel to French [Read More…]
  • Secretary Antony J. Blinken At a Press Availability
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • United States and United Kingdom Sign Civil Air Transport Agreement
    In Crime Control and Security News
    Office of the [Read More…]
  • Judiciary Calls for Passage of Security Legislation
    In U.S Courts
    The Judiciary implores Congress to pass the Daniel Anderl Judicial Security and Privacy Act of 2020 during the current lame duck session. The bipartisan bill if passed, would improve security at judges’ homes and at federal courthouses across the country.
    [Read More…]
  • Presentation of the Sherman Award to the Honorable Judge Douglas H. Ginsburg
    In Crime News
    Welcome to the Conference Center of the historic Robert F. Kennedy Department of Justice Building. It is an honor to present the Sherman award to Judge Douglas H. Ginsburg this afternoon. We’re joined today by Judge Ginsburg’s wife Deecy and many of Judge Ginsburg’s colleagues and admirers. We’re particularly honored by the presence of Justice Gorsuch, a champion of liberty, who in his short time on the Supreme Court has reconfirmed his reputation for brilliance, clarity of thought and expression, and for holding the government to its word, whether in the statutes that it enacts or the treaties that it makes. I also welcome the distinguished guests who are with us virtually.
    [Read More…]
  • Pakistan Independence Day
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Department Of Justice Identifies New York City, Portland And Seattle As Jurisdictions Permitting Violence And Destruction Of Property
    In Crime News
    The U.S. Department of Justice today identified the following three jurisdictions that have permitted violence and destruction of property to persist and have refused to undertake reasonable measures to counteract criminal activities: New York City; Portland, Oregon; and Seattle, Washington. The Department of Justice is continuing to work to identify jurisdictions that meet the criteria set out in the President’s Memorandum and will periodically update the list of selected jurisdictions as required therein.
    [Read More…]
  • Iowa Woman Pleads Guilty to Hate Crime Charges for Attempting to Kill Two Children Because of their Race and National Origin
    In Crime News
    An Iowa woman pleaded guilty yesterday in federal court to hate crime charges for attempting to kill two children because of their race and national origin.
    [Read More…]
  • Designations of Four PRC and Hong Kong Officials Threatening the Peace, Security, and Autonomy of Hong Kong
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Joint Statement on the United States – Iceland Strategic Dialogue
    In Crime Control and Security News
    Office of the [Read More…]
  • Disaster Response: Agencies Should Assess Contracting Workforce Needs and Purchase Card Fraud Risk
    In U.S GAO News
    The efforts of selected agencies to plan for disaster contracting activities and assess contracting workforce needs varied. The U.S. Forest Service initiated efforts to address its disaster response contracting workforce needs while three agencies—the U.S. Army Corps of Engineers (USACE), the U.S. Coast Guard, and Department of the Interior (DOI)—partially addressed these needs. The Environmental Protection Agency indicated it did not have concerns fulfilling its disaster contracting responsibilities. Specifically, GAO found the following: USACE assigned clear roles and responsibilities for disaster response contracting activities, but has not formally assessed its contracting workforce to determine if it can fulfill these roles. The Coast Guard has a process to assess its workforce needs, but it does not account for contracting for disaster response activities. DOI is developing a strategic acquisition plan and additional guidance for its bureaus on how to structure their contracting functions, but currently does not account for disaster contracting responsibilities. Contracting officials at all three of these agencies identified challenges executing their regular responsibilities along with their disaster-related responsibilities during the 2017 and 2018 hurricane and wildfire seasons. For example, Coast Guard contracting officials stated they have fallen increasingly behind since 2017 and that future disaster response missions would not be sustainable with their current workforce. GAO's strategic workforce planning principles call for agencies to determine the critical skills and competencies needed to achieve future programmatic results. Without accounting for disaster response contracting activities in workforce planning, these agencies are missing opportunities to ensure their contracting workforces are equipped to respond to future disasters. The five agencies GAO reviewed from above, as well as the Federal Emergency Management Agency (FEMA), collectively spent more than $20 million for 2017 and 2018 disaster response activities using purchase cards. GAO found that two of these six agencies—Forest Service and EPA—have not completed fraud risk profiles for their purchase card programs that align with leading practices in GAO's Fraud Risk Framework. Additionally, five of the six agencies have not assessed or documented how their fraud risk for purchase card use might differ in a disaster response environment. DOI completed such an assessment during the course of our review. An Office of Management and Budget memorandum requires agencies to complete risk profiles for their purchase card programs that include fraud risk. GAO's Fraud Risk Framework states managers should assess fraud risk regularly and document those assessments in risk profiles. The framework also states that risk profiles may differ in the context of disaster response when managers may have a higher fraud risk tolerance since individuals in these environments have an urgent need for products and services. Without assessing fraud risk for purchase card programs or how risk may change in a disaster response environment, agencies may not design or implement effective internal controls, such as search criteria to identify fraudulent transactions. The 2017 and 2018 hurricanes and California wildfires affected millions of people and caused billions of dollars in damages. Extreme weather events are expected to become more frequent and intense due to climate change. Federal contracts for goods and services play a key role in disaster response and recovery, and government purchase cards can be used by agency staff to buy needed items. GAO was asked to review federal response and recovery efforts related to recent disasters. This report examines the extent to which selected agencies planned for their disaster response contracting activities, assessed their contracting workforce needs, and assessed the fraud risk related to their use of purchase cards for disaster response. GAO selected six agencies based on contract obligations for 2017 and 2018 disasters; analyzed federal procurement and agency data; reviewed agencies' policies on workforce planning, purchase card use, and fraud risk; and analyzed purchase card data. FEMA was not included in the examination of workforce planning due to prior GAO work. GAO is making 12 recommendations, including to three agencies to assess disaster response contracting needs in workforce planning, and to five agencies to assess fraud risk for purchase card use in support of disaster response. For more information, contact Marie A. Mak at (202) 512-4841 or makm@gao.gov.
    [Read More…]
  • Togo Travel Advisory
    In Travel
    Reconsider travel [Read More…]
  • Senior Administration Officials Preview of National Security Advisor Jake Sullivan and Secretary of State Antony J. Blinken’s Trip to Anchorage, Alaska
    In Crime Control and Security News
    Office of the [Read More…]
  • Michigan Based Wire Fraud Conspiracy and Tax Offenses Charged
    In Crime News
    A federal grand jury in Detroit, Michigan, returned an indictment today charging Michigan businessmen John Angelo from Royal Oak, Cory Justin Mann from West Bloomfield, Michael Daneshvar from Bingham Farms, Glenn Franklin from Harrison Township, and Brent Sitto, from Bloomfield Township with one count each of conspiracy to commit wire fraud and further charging John Angelo and bookkeeper Rosina Angelo, also known as Rosina Caruvana, from Mountainside, New Jersey, with one count of conspiracy to defraud the IRS. John Angelo and Rosina Angelo were also each charged with three counts of aiding in the preparation of a false tax return and Cory Mann was charged with two additional counts of aiding in the preparation of a false tax return.
    [Read More…]
  • Cybersecurity: Clarity of Leadership Urgently Needed to Fully Implement the National Strategy
    In U.S GAO News
    Federal entities have a variety of roles and responsibilities for supporting efforts to enhance the cybersecurity of the nation. Among other things, 23 federal entities have roles and responsibilities for developing policies, monitoring critical infrastructure protection efforts, sharing information to enhance cybersecurity across the nation, responding to cyber incidents, investigating cyberattacks, and conducting cybersecurity-related research. To fulfill their roles and responsibilities, federal entities identified activities undertaken in support of the nation's cybersecurity. For example, National Security Council (NSC) staff, on behalf of the President, and the National Institute of Standards and Technology, have developed policies, strategies, standards, and plans to guide cybersecurity efforts. The Department of Homeland Security has helped secure the nation's critical infrastructure through developing security policy and coordinating security initiatives, among other efforts. Other agencies have established initiatives to gather intelligence and share actual or possible cyberattack information. Multiple agencies have mechanisms in place to assist in responding to cyberattacks, and law enforcement components, including the Federal Bureau of Investigation, are responsible for investigating them. The White House's September 2018 National Cyber Strategy and the NSC's accompanying June 2019 Implementation Plan detail the executive branch's approach to managing the nation's cybersecurity. When evaluated together, these documents addressed several of the desirable characteristics of national strategies, but lacked certain key elements for addressing others. National Cyber Strategy and Implementation Plan are Missing Desirable Characteristics of a National Strategy Characteristic Cyber Strategy and Plan Coverage of Issue Purpose, scope, and methodology Addressed Organizational roles, responsibilities, and coordination Addressed Integration and implementation Addressed Problem definition and risk assessment Did not fully address Goals, subordinate objectives, activities, and performance measures Did not fully address Resources, investments, and risk management Did not fully address Source: GAO analysis of 2018 National Cyber Strategy and 2019 Implementation Plan . | GAO-20-629 For example, the Implementation Plan details 191 activities that federal entities are to undertake to execute the priority actions outlined in the National Cyber Strategy. These activities are assigned a level, or tier, based on the coordination efforts required to execute the activity and the extent to which NSC staff is expected to be involved. Thirty-five of these activities are designated as the highest level (tier 1), and are coordinated by a functional entity within the NSC . Ten entities are assigned to lead or co-lead these critical activities while also tasked to lead or co-lead lower tier activities. Leadership Roles for Federal Entities Assigned as Leads or Co-Leads for National Cyber Strategy Implementation Plan Activities Entity Tier 1 Activities Tier 2 Activities Tier 3 Activities National Security Council 15 7 3 Department of Homeland Security 14 19 15 Office of Management and Budget 7 6 5 Department of Commerce 5 9 35 Department of State 2 5 11 Department of Defense 1 6 17 Department of Justice 1 10 5 Department of Transportation 1 0 5 Executive Office of the President 1 0 0 General Services Administration 1 2 1 Source: GAO analysis of 2018 National Cyber Strategy and 2019 Implementation Plan . | GAO-20-629 Although the Implementation Plan defined the entities responsible for leading each of the activities; it did not include goals and timelines for 46 of the activities or identify the resources needed to execute 160 activities. Additionally, discussion of risk in the National Cyber Strategy and Implementation Plan was not based on an analysis of threats and vulnerabilities. Further, the documents did not specify a process for monitoring agency progress in executing Implementation Plan activities. Instead, NSC staff stated that they performed periodic check-ins with responsible entities, but did not provide an explanation or definition of specific level of NSC staff involvement for each of the three tier designations. Without a consistent approach to engaging with responsible entities and a comprehensive understanding of what is needed to implement all 191 activities, the NSC will face challenges in ensuring that the National Cyber Strategy is efficiently executed. GAO and others have reported on the urgency and necessity of clearly defining a central leadership role in order to coordinate the government's efforts to overcome the nation's cyber-related threats and challenges. The White House identified the NSC staff as responsible for coordinating the implementation of the National Cyber Strategy . However, in light of the elimination of the White House Cybersecurity Coordinator position in May 2018, it remains unclear which official ultimately maintains responsibility for not only coordinating execution of the Implementation Plan , but also holding federal agencies accountable once activities are implemented. NSC staff stated responsibility for duties previously attributed to the White House Cyber Coordinator were passed to the senior director of NSC's Cyber directorate; however, the staff did not provide a description of what those responsibilities include. NSC staff also stated that federal entities are ultimately responsible for determining the status of the activities that they lead or support and for communicating implementation status to relevant NSC staff. However, without a clear central leader to coordinate activities, as well as a process for monitoring performance of the Implementation Plan activities, the White House cannot ensure that entities are effectively executing their assigned activities intended to support the nation's cybersecurity strategy and ultimately overcome this urgent challenge. Increasingly sophisticated cyber threats have underscored the need to manage and bolster the cybersecurity of key government systems and the nation's cybersecurity. The risks to these systems are increasing as security threats evolve and become more sophisticated. GAO first designated information security as a government-wide high-risk area in 1997. This was expanded to include protecting cyber critical infrastructure in 2003 and protecting the privacy of personally identifiable information in 2015. In 2018, GAO noted that the need to establish a national cybersecurity strategy with effective oversight was a major challenge facing the federal government. GAO was requested to review efforts to protect the nation's cyber critical infrastructure. The objectives of this report were to (1) describe roles and responsibilities of federal entities tasked with supporting national cybersecurity, and (2) determine the extent to which the executive branch has developed a national strategy and a plan to manage its implementation. To do so, GAO identified 23 federal entities responsible for enhancing the nation's cybersecurity. Specifically, GAO selected 13 federal agencies based on their specialized or support functions regarding critical infrastructure security and resilience, and 10 additional entities based on analysis of its prior reviews of national cybersecurity, relevant executive policy, and national strategy documents. GAO also analyzed the National Cyber Strategy and Implementation Plan to determine if they aligned with the desirable characteristics of a national strategy. GAO is making one matter for congressional consideration, that Congress should consider legislation to designate a leadership position in the White House with the commensurate authority to implement and encourage action in support of the nation's cybersecurity. GAO is also making one recommendation to the National Security Council to work with relevant federal entities to update cybersecurity strategy documents to include goals, performance measures, and resource information, among other things. The National Security Council neither agreed nor disagreed with GAO's recommendation. For more information, contact Nick Marinos at (202) 512-9342 or marinosn@gao.gov.
    [Read More…]
  • Judges Focus on Diversity in Clerkship, Internship Hiring
    In U.S Courts
    Federal judges are working to make highly sought-after law clerkships and judicial internships more accessible to a diverse pool of law students.
    [Read More…]
  • Couple Pleads Guilty to $1.1 Million COVID-Relief Fraud After Falsely Claiming to Be Farmers
    In Crime News
    A Florida couple pleaded guilty for their participation in a scheme to file four fraudulent loan applications seeking more than $1.1 million in forgivable Paycheck Protection Program (PPP) and Economic Injury Disaster Loans (EIDL) loans guaranteed by the Small Business Administration (SBA) under the Coronavirus Aid, Relief, and Economic Security (CARES) Act.
    [Read More…]
  • National Day of the Federated States of Micronesia
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Federal Court Permanently Bars Southern Florida Tax Preparer from Preparing Returns
    In Crime News
    A federal court in the Southern District of Florida has permanently enjoined a West Palm Beach tax return preparer and her business from preparing federal income tax returns for others, the Justice Department announced today. According to the court’s order, it issued the injunction in response to violations of a prior order in the case that had allowed the preparer and her business to prepare returns subject to certain restrictions. In April 2017, the United States filed a complaint against Lena D. Cotton and Professional Accounting LDC, LLC, that alleged the defendants prepared returns with improper education credits, manipulated filing statuses, and improper vehicle deductions, among other issues. In November 2017, the court permanently enjoined both defendants from this and other specific conduct and required defendants to engage a “neutral monitor” to “determin[e] and/or secur[e] compliance” with injunction.
    [Read More…]
  • COVID-19 Loans: SBA Has Begun to Take Steps to Improve Oversight and Fraud Risk Management
    In U.S GAO News
    What GAO Found In April 2020, the Small Business Administration (SBA) quickly implemented the Paycheck Protection Program (PPP) and expedited the processing of Economic Injury Disaster Loans (EIDL) and a new EIDL advance program. These important programs have helped businesses survive during the COVID-19 pandemic. In an effort to move quickly on these programs, SBA initially put limited internal controls in place, leaving both susceptible to program integrity issues, improper payments, and fraud. Because of concerns about program integrity, GAO added PPP and the EIDL program onto its High-Risk List in March 2021. SBA has begun to take steps to address these initial deficiencies: PPP oversight. Because ongoing oversight is crucial, GAO recommended in June 2020 that SBA develop plans to respond to PPP risks to ensure program integrity, achieve program effectiveness, and address potential fraud. Since then, SBA has developed a loan review process and added up-front verifications before it approves new loans. Improper payments for PPP. GAO recommended in November 2020 that SBA expeditiously estimate improper payments for PPP and report estimates and error rates. SBA has now developed a plan for the testing needed to estimate improper payments. Analyzing EIDL data. Based on evidence of widespread potential fraud for EIDL, GAO recommended in January 2021 that SBA conduct portfolio-level analysis to detect potentially ineligible applications. SBA has not announced plans to implement this recommendation. EIDL oversight. GAO recommended in March 2021 that SBA implement a comprehensive oversight plan for EIDL to ensure program integrity. SBA agreed to implement such a plan. Assessment of fraud risks. SBA has not conducted a formal fraud risk assessment for PPP or the EIDL program. GAO made four recommendations in March 2021, including that SBA conduct a formal assessment and develop a strategy to manage fraud risks for each program. SBA said it would work to complete fraud risk assessments for PPP and EIDL and continually monitor fraud risks. Financial statement audit. In December 2020, SBA's independent financial statement auditor issued a disclaimer of opinion on SBA's fiscal year 2020 consolidated financial statements because SBA could not provide adequate documentation to support a significant number of transactions and account balances related to PPP and EIDL. GAO continues to review information SBA recently provided, including data on PPP loan forgiveness and details on the PPP and EIDL loan review processes. In addition, GAO has obtained additional information from a survey of PPP participating lenders, interviews with SBA's PPP contractors, and written responses to questions provided by SBA's EIDL contractor and subcontractors. Why GAO Did This Study SBA has made or guaranteed about 18.7 million loans and grants through PPP and the EIDL program, providing about $968 billion to help small businesses adversely affected by COVID-19. PPP provides potentially forgivable loans to small businesses, and EIDL provides low-interest loans of up to $2 million for operating and other expenses, as well as advances (grants). This testimony discusses the lack of controls in PPP and the EIDL program and SBA's efforts to improve its oversight of these programs. It is based largely on GAO's June 2020–March 2021 reports on the federal response, including by SBA, to the economic downturn caused by COVID-19 (GAO-20-625, GAO-20-701, GAO-21-191, GAO-21-265, GAO -21-387). For those reports, GAO reviewed SBA documentation and SBA Office of Inspector General (OIG) reports; analyzed SBA data; and interviewed officials from SBA, the SBA OIG, and the Department of the Treasury.
    [Read More…]
  • Virginia Return Preparer Indicted for Evading her Own Taxes and Not Filing Her Returns
    In Crime News
    A federal grand jury in Richmond, Virginia, returned an indictment charging a return preparer with tax evasion and failure to file individual income tax returns, announced Principal Deputy Assistant Attorney General Richard E. Zuckerman of the Justice Department’s Tax Division and U.S. Attorney G. Zachary Terwilliger for the Eastern District of Virginia.
    [Read More…]
  • Puerto Rico Legislator and Two Capitol Employees Indicted for Theft and Bribery
    In Crime News
    On Wednesday, a federal grand jury in the District of Puerto Rico returned an eight-count indictment against legislator Nelson Del Valle Colon (Del Valle), a member of the Puerto Rico House of Representatives, as well as two of his employees, Nickolle Santos-Estrada (Santos) and her mother Mildred Estrada-Rojas (Estrada), for their alleged participation in a multi-year theft, bribery, and kickback conspiracy.
    [Read More…]
  • NASA Confirms New SIMPLEx Mission Small Satellite to Blaze Trails Studying Lunar Surface
    In Space
    Producing maps to locate [Read More…]
  • Fair Labor Standards Act: Observations on the Effects of the Home Care Rule
    In U.S GAO News
    In response to the Department of Labor's Home Care Rule—which extended Fair Labor Standards Act (FLSA) minimum wage and overtime protections to more home care workers—some states made changes in their Medicaid programs, according to studies and GAO interviews with stakeholders and selected state officials. Many stakeholders said the rule led some states to limit home care workers' hours in their Medicaid programs to avoid overtime costs. For example, in Oregon, newly hired home care workers provided through Medicaid were generally limited to 40 hours per week, according to state documentation. Some states also budgeted additional funds for overtime pay. In addition, according to a few stakeholder groups, some states changed service delivery in their Medicaid programs, for example, by discontinuing services such as live-in care. In contrast, several stakeholders said some states did not make any major changes to their Medicaid programs' home care services. Provider agencies, workers, and consumers experienced changes after the Home Care Rule took effect. Specifically, some provider agencies restricted workers' hours to limit overtime costs, though this can result in the need to hire more workers, leading to increased costs of recruiting, training, and scheduling, according to several stakeholders. GAO's analysis of national survey data found that home care workers, when compared to occupations with similar education and training requirements, were more likely to work full-time but did not earn significantly higher earnings following the Home Care Rule (see figure). Many stakeholders GAO spoke with described ongoing challenges consumers face in obtaining home care services, such as difficulty finding workers to hire. Estimated Median Weekly Earnings of Employed Workers, 2010 through 2019 Note: The margins of error at the 95 percent confidence level are within plus or minus 7.2 percent of the estimate itself. Employment in home care is projected to grow nearly 40 percent over the next decade to meet demand from an increasing population of older adults and people with disabilities. Home care workers help those who need assistance with activities of daily living such as dressing, eating, or bathing. State Medicaid programs may allow home care for eligible individuals as an alternative to institutional care. The Department of Labor's (DOL) Home Care Rule, which went into effect in 2015, extended FLSA protections to more home care workers. GAO was asked to review the implementation and effects of the Home Care Rule. This report examines what is known about (1) changes states made to their Medicaid programs in response to the Home Care Rule; and (2) the Home Care Rule's effect on home care provider agencies, workers, and consumers. To address these objectives, GAO analyzed 2010 through 2019 national survey data on workers' hours and wages; interviewed stakeholders from 15 organizations that represent the different groups affected, DOL officials, and home care program officials from three states selected based on variation in their Medicaid programs and minimum wage levels; and reviewed studies on state strategies to implement the Home Care Rule. For more information, contact Melissa Emrey-Arras at (617) 788-0534 or emreyarrasm@gao.gov.
    [Read More…]
  • United States Unseals Superseding Indictment Charging Nationwide Money Laundering Network
    In Crime News
    The Justice Department today announced the unsealing of a superseding indictment charging six individuals with participating in a conspiracy to launder millions of dollars of drug proceeds on behalf of foreign cartels.  This superseding indictment is the result of a nearly four-year investigation into the relationship between foreign drug trafficking organizations and Asian money laundering networks in the United States, China, and elsewhere.
    [Read More…]
  • United States Files False Claims Act Complaint Against Drug Maker Teva Pharmaceuticals Alleging Illegal Kickbacks
    In Crime News
    The United States has filed a False Claims Act complaint against Teva Pharmaceuticals USA Inc. and Teva Neuroscience Inc. (Teva), alleging that they illegally paid the Medicare co-pays for their multiple sclerosis (MS) product, Copaxone, through purportedly independent foundations that the companies used as conduits in violation of the Anti-Kickback Statute, the Department of Justice announced today. 
    [Read More…]
  • Justice Department Settles with Transportation and Logistics Company to Resolve Immigration-Related Discrimination Claims
    In Crime News
    The Justice Department announced today that it reached a settlement with IAS Logistics DFW LLC, d/b/a Pinnacle Logistics (Pinnacle Logistics), a transportation and logistics company headquartered in Fort Worth, Texas.  
    [Read More…]
  • Sussex County Woman Charged with Concealing Terrorist Financing to Syrian Al-Nusra Front, a Foreign Terrorist Organization
    In Crime News
    A Sussex County, New Jersey, woman, Maria Bell, a/k/a “Maria Sue Bell,” 53, of Hopatcong, New Jersey, was arrested at her home today and charged with one count of knowingly concealing the provision of material support and resources to a Foreign Terrorist Organization Assistant Attorney General for National Security John C. Demers and U.S. Attorney Craig Carpenito for the District of New Jersey announced.
    [Read More…]
  • Earth Day 2021
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Statement by Attorney General Merrick B. Garland on Earth Day
    In Crime News
    On April 22, 1970, millions of people across America came together and sparked a movement that led to the enactment of many of our nation’s foundational environmental laws, including the Clean Air Act, the Endangered Species Act, the Clean Water Act, and the Safe Drinking Water Act.
    [Read More…]
  • Tuvalu Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Upcoming Elections in Africa
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • While Stargazing on Mars, NASA’s Curiosity Rover Spots Earth and Venus
    In Space
    This new portrait of the [Read More…]
  • Protecting U.S. Investors from Financing Communist Chinese Military Companies
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Department of Justice Files Nationwide Lawsuit Against Walmart Inc. for Controlled Substances Act Violations
    In Crime News
    Complaint Alleges [Read More…]
  • Readout of Acting Attorney General Monty Wilkinson, FBI Director Christopher Wray and Assistant to the President for Homeland Security Dr. Elizabeth Sherwood-Randall from the Funeral of FBI Special Agent Daniel Alfin
    In Crime News
    Acting United States Attorney General Monty Wilkinson, FBI Director Christopher Wray and President Joe Biden’s Homeland Security Advisor Dr. Elizabeth Sherwood-Randall represented the United States Government’s official delegation today at the funeral service for fallen FBI Special Agent Daniel Alfin in Fort Lauderdale, Florida. 
    [Read More…]
  • Secretary Pompeo’s Video Remarks at the Prague 5G Security Conference 2020
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • On the Passing of King Goodwill Zwelithini kaBhekuzulu
    In Crime Control and Security News
    Ned Price, Department [Read More…]
  • Panama investigation leads to local child pornography plea
    In Justice News
    An 18-year-old [Read More…]
  • Former Hamtramck, Michigan Police Officer Pleads Guilty to Federal Civil Rights Charge For Excessive Use of Force
    In Crime News
    Former Hamtramck police office Ryan McInerney, 44, pleaded guilty today in federal court in the Eastern District of Michigan to using excessive force against a civilian arrestee and violating the arrestee’s civil rights. As a result of the assault, the victim, identified in court documents only as D.M., suffered broken facial bones and lacerations requiring stitches, among other injuries.
    [Read More…]
  • Former Tennessee Correctional Officer Sentenced Following Staff Assault of Inmate
    In Crime News
    A former Tennessee correctional officer was sentenced Friday to two years in prison and two years of supervised release for his involvement in a staff assault of an inmate.
    [Read More…]
  • Justice Department Signs Antitrust Memorandum of Understanding with Korean Prosecution Service
    In Crime News
    Yesterday, the Department of Justice signed an antitrust Memorandum of Understanding (MOU) with the Korean Prosecution Service (KPS). The MOU is designed to promote increased cooperation and communication on criminal antitrust enforcement and policy in both countries.
    [Read More…]
  • Reframing Disarmament Discourse
    In Crime Control and Security News
    Dr. Christopher Ashley [Read More…]
  • Former Army Green Beret Pleads Guilty to Russian Espionage Conspiracy
    In Crime News
     A former Army Green Beret pleaded guilty today to conspiring with Russian intelligence operatives to provide them with United States national defense information.
    [Read More…]
  • Secretary Antony J. Blinken Virtual Remarks to Embassy London Staff
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • The United States and the Holy See: Promoting Religious Freedom and Defending Human Dignity
    In Crime Control and Security News
    Office of the [Read More…]
  • Examining Facilitating Factors for Safe, Voluntary, and Sustained Post-Conflict Refugee Returns (RAND Corporation)
    In Human Health, Resources and Services
    Bureau of Population, [Read More…]
  • Republic of the Marshall Islands Constitution Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Sint Maarten Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • On the Occasion of Eid al-Fitr
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • VA Health Care: Community Living Centers Were Commonly Cited for Infection Control Deficiencies Prior to the COVID-19 Pandemic
    In U.S GAO News
    The Department of Veterans Affairs (VA) is responsible for overseeing the quality of nursing home care provided to residents in VA-owned and -operated community living centers (CLC). VA models its oversight process on the methods used by the Centers for Medicare & Medicaid Services, which uses inspections of nursing homes to determine whether the home meets federal quality standards. These standards require, for example, that CLCs establish and maintain an infection prevention and control program. VA uses a contractor to conduct annual inspections of the CLCs, and these contractors cite CLCs with deficiencies if they are not in compliance with quality standards. Infection prevention and control deficiencies cited by the inspectors can include situations where CLC staff did not regularly use proper hand hygiene or failed to correctly use personal protective equipment. Many of these practices can be critical to preventing the spread of infectious diseases, including COVID-19. GAO analysis of VA data shows that infection prevention and control deficiencies were the most common type of deficiency cited in inspected CLCs, with 95 percent (128 of the 135 CLCs inspected) having an infection prevention and control deficiency cited in 1 or more years from fiscal year 2015 through 2019. GAO also found that over the time period of its review, a significant number of inspected CLCs—62 percent—had infection prevention and control deficiencies cited in consecutive fiscal years, which may indicate persistent problems. An additional 19 percent had such deficiencies cited in multiple, nonconsecutive years. Why GAO Did This Study COVID-19 is a new and highly contagious respiratory disease causing severe illness and death, particularly among the elderly. Because of this, the health and safety of the nation’s nursing home residents—including veterans receiving nursing home care in CLCs—has been a particular concern.  GAO was asked to review the quality of care at CLCs. In this report, GAO describes the prevalence of infection prevention and control deficiencies in CLCs prior to the COVID-19 pandemic. Future GAO reports will examine more broadly the quality of care at CLCs and VA’s response to COVID-19 in the nursing home settings for which VA provides or pays for care. For this report, GAO analyzed VA data on deficiencies cited in CLCs from fiscal years 2015 through 2019. Using these data, GAO determined the most common type of deficiency cited among CLCs, the number of CLCs that had infection prevention and control deficiencies cited, and the number of CLCs with repeated infection prevention and control deficiencies over the period from fiscal years 2015 through 2019. GAO also obtained and reviewed inspection reports and corrective action plans to describe examples of the infection prevention and control deficiencies cited at CLCs and the CLCs’ plans to remedy the noncompliance. For more information, contact Sharon M. Silas at (202) 512-7114 or SilasS@gao.gov.
    [Read More…]
  • Executions Scheduled for Two Federal Inmates Convicted of Heinous Murders
    In Crime News
    Attorney General William P. Barr today directed the Federal Bureau of Prisons to schedule the executions of two federal death-row inmates, both of whom were convicted of especially heinous murders at least 13 years ago.
    [Read More…]
  • Lao People’s Democratic Republic National Day
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Secretary Blinken’s Call with Guatemalan Foreign Minister Brolo
    In Crime Control and Security News
    Office of the [Read More…]
  • New Jersey Man Indicted for Promoting Tax Fraud Scheme
    In Crime News
    A Pemberton, New Jersey, man appeared in court yesterday on a federal grand jury indictment charging him with conspiring to defraud the United States, assisting in the filing of false tax returns, obstructing the internal revenue laws, and failing to file a tax return, announced Acting Deputy Assistant Attorney General Stuart M. Goldberg of the Justice Department’s Tax Division. The Sept. 2, 2020 indictment was unsealed following the court appearance.
    [Read More…]