What OIG Found According to GAO’s strategic plan, it will reduce costs of operations, in part, by leveraging cloud-based technologies. Transferring data into the cloud (data ingress) is often free to users; however, some providers charge data egress fees for accessing data or transferring it out of the cloud. Despite the minimal costs GAO has incurred for data egress, opportunities exist for GAO to improve its monitoring and cost estimating processes for cloud services. The OIG found that, due to other priorities, GAO did not establish formal procedures implementing cloud cost management policies such as instituting and reviewing budget threshold alerts and cloud service usage reports. Due to the lack of procedures, GAO may not fully meet its strategic objective related to managing and reducing the cost of its cloud-based technologies in the future. The OIG also found that GAO officials did not include data egress fees in a major system’s cost estimate and did not document the exclusion because they deemed data egress fees minimal. As a result, GAO may not be fully aware of the total costs for its cloud initiatives, which could impact its ability to implement new projects and the operation and maintenance of existing initiatives. Why the OIG Did This Audit The OIG conducted this audit to (1) describe GAO’s efforts to address data egress fees in procuring cloud services and (2) assess the extent to which the estimated costs of GAO’s cloud services programs quantify data egress fees. Recommendations GAO concurred with the OIG’s recommendations to (1) establish cost management procedures for its cloud systems, including addressing data egress fees and the implementation and review of alerts and reports, and (2) develop an oversight mechanism to ensure that all fees, including data egress fees, are quantified in the cost estimate, or the exclusion of any costs is documented.

What GAO Found As of June 2024, the Department of Defense (DOD) had completed preliminary assessments and site inspections for per- and polyfluoroalkyl substances (PFAS) at nearly all 718 installations identified to have a potential PFAS release and had proceeded to the next step of the cleanup process at more than half. No locations have entered the long-term cleanup phases. Department of Defense (DOD) Actions Related to Per- and Polyfluoroalkyl Substances (PFAS) at Current or Former Military Installations, as of June 2024 DOD efforts to investigate its PFAS releases have generally been thorough, and the department reports on the pace and cost of its efforts to Congress. DOD estimates that its future PFAS investigation and cleanup costs will total more than $9.3 billion in fiscal year 2025 and beyond. DOD's estimated future PFAS investigation and cleanup costs have more than tripled since 2022. GAO found that costs will continue to increase as DOD learns more about the extent of its PFAS releases—including the breadth and depth—through remedial investigations and determines what cleanup actions are required. Department of Defense (DOD) Estimated Future Costs for the Investigation and Cleanup of Per- and Polyfluoroalkyl Substances (PFAS)by Fiscal Year DOD has not communicated to Congress the full range of cost variables for future PFAS cleanup, referred to as total fiscal exposure. By including a detailed explanation and examples of changing key cost drivers for PFAS investigation and cleanup in its semi-annual cost report to Congress or other congressional reporting mechanism, Congress will be better equipped to make decisions regarding future funding for PFAS investigation and cleanup activities. Why GAO Did This Study DOD has spent $2.6 billion since 2017 addressing PFAS releases. PFAS are a large group of chemicals developed decades ago that can persist in the environment and cause adverse health effects. DOD's use of certain firefighting agents and other activities, such as metal plating, have led to PFAS releases from DOD installations, potentially exposing service members, their families, and surrounding communities. Investigating and cleaning up PFAS releases is an endeavor that could take DOD decades and billions of dollars to complete. The National Defense Authorization Act for Fiscal Year 2024 includes a provision for GAO to review DOD's efforts to test and remediate PFAS contamination. This report (1) describes the status of DOD's efforts, and (2) assesses DOD's pace, thoroughness, and cost of its efforts, among other things. GAO analyzed DOD's PFAS-related reports to Congress, reviewed DOD and Environmental Protection Agency guidance and regulations, and interviewed officials.

What GAO Found The Safeguarding Tomorrow through Ongoing Risk Mitigation Act (STORM Act), enacted in 2021, authorized the Federal Emergency Management Agency (FEMA) to award capitalization grants for eligible states, territories, tribes, and the District of Columbia to establish revolving loan funds for hazard mitigation assistance. In the fall of 2022, FEMA started the Safeguarding Tomorrow Revolving Loan Fund (RLF) program to provide these capitalization grants—or seed money—to these entities, which then issue loans to localities to implement hazard mitigation projects. The program was appropriated $500 million for a five-year period through fiscal year 2026. In September 2023, FEMA announced the first eight awardees selected to receive a combined $50 million from the RLF grant program. Awardees submit potential projects to FEMA as part of the application process and determine what projects will receive loans based on the hazard mitigation needs of their communities. Fiscal year 2023 awardees selected projects that will mitigate the impacts of hazards such as flooding, severe storms, and high winds. RLF grant recipients provide loans to local governments or a sub-component of a local government for hazard mitigation projects that reduce community risks from natural disasters. The loans are then repaid to the RLF to fund additional hazard mitigation projects. FEMA’s Definition of a Revolving Loan Fund The RLF grant program has the potential to help communities, particularly vulnerable populations, invest more in hazard mitigation projects. For instance, the RLF program can provide access to additional funding to communities with less financial capacity to help meet the non-federal cost share requirement for other FEMA Hazard Mitigation Assistance programs. FEMA has developed some RLF program and policy guidance and technical assistance for program participants. For example, FEMA officials and program participants used the fiscal years 2023 and 2024 Notices of Funding Opportunity as the program's primary source of guidance for those award cycles. While this guidance and technical assistance covers various aspects of the RLF program, awardees noted, and GAO confirmed through GAO's review that the guidance was incomplete, unclear, and inconsistent. For example, three awardees told us FEMA guidance was ambiguous and unclear about what responsibilities awardees have for managing and reporting on aspects of their revolving loan fund. Further, one awardee told GAO that they decided to decline their award in part due to incomplete guidance regarding FEMA's close-out reporting requirements for the program. In addition, when program guidance is incomplete, unclear, or inconsistent it can contribute to the administrative burden of the program. Some awardees told GAO that administering the program required additional staff or expertise. By developing complete, clear, and consistent guidance for the RLF program, FEMA could better communicate program information to FEMA staff and program participants. Doing so would help program participants navigate the challenges that come with administering this type of program. FEMA has identified some tools to collect information on the RLF program; however, FEMA does not have a process for systematically collecting and evaluating the information to assess program effectiveness across all phases of the program. Documenting and implementing a process to regularly assess RLF program effectiveness could help FEMA ensure that the program goals are met both in the short-and long-term. Without better guidance, the program risks not achieving its goal of helping local government carry out hazard mitigation projects that reduce disaster risk for communities. Why GAO Did This Study With natural disasters affecting hundreds of communities each year, investing in hazard mitigation projects to prevent damage from these disasters is increasingly important. The STORM Act includes a provision that GAO review FEMA's implementation of the RLF program. This report includes information on how the revolving loan fund program works, the number of grants FEMA has awarded to-date, the guidance FEMA has developed for the program and whether program participants find it useful, how applicants select projects, and FEMA's efforts to develop program performance measures. To conduct this work, GAO reviewed and analyzed relevant agency documents such as FEMA's Notices of Funding Opportunity for fiscal years 2023 and 2024. GAO also interviewed officials from FEMA and all eight fiscal year 2023 RLF program awardees. For more information, contact Chris Currie at (404) 679-1875 or CurrieC@gao.gov.

What GAO Found The Department of Health and Human Services' (HHS) Temporary Assistance for Needy Families (TANF) block grant funds cash assistance and certain “non-assistance” services. These services include work, education, and training activities; childcare; and child welfare services (see fig.). The seven states GAO reviewed varied in the percentage of TANF funds spent on these different services, reflecting their distinct priorities. State officials told GAO that their states often combined TANF funds with other funds, including other federal grants or state funds, to provide these services. Overview of the Flow of Temporary Assistance for Needy Families (TANF) Non-assistance Funds from the Federal Government to State and Local Service Providers Officials from selected states generally reported collecting various demographic, participation, and outcome data on individuals and families receiving services supported by TANF non-assistance funds. Officials reported that they used various data to make eligibility determinations, monitor program performance, and adjust the delivery of TANF non-assistance services. Service providers report some data on services funded with non-assistance to state agencies, but there are no federal TANF reporting requirements for performance information on services funded with non-assistance funds. To address this, in December 2024, GAO recommended that Congress consider granting HHS additional oversight authority and also recommended that HHS improve existing reporting requirements. For certain instances in which states used TANF non-assistance funds in combination with other federal funding streams, states and service providers were subject to other federal reporting requirements. Officials from selected states reported that they encountered a range of challenges using data on those served with TANF non-assistance funds. These challenges sometimes hindered states' ability to assess whether the services improved participant outcomes. HHS's technical assistance initiatives have supported states' TANF data efforts. However, HHS's initiatives have focused on assistance while non-assistance has accounted for an increasingly large share of TANF spending. Officials from the selected states expressed an interest in learning from one another to improve their efforts to use data on those served with TANF non-assistance funds. By facilitating such information sharing, HHS could help states improve their oversight of non-assistance funds and their efforts to improve participant outcomes. Why GAO Did This Study Annually, TANF provides about $16.5 billion to states to help millions of low-income individuals and families. In fiscal year 2022, states spent more than 44 percent of federal TANF and state funds on non-assistance services. Questions have arisen about how states use and account for TANF funds. GAO was asked to review TANF non-assistance spending. This report examines (1) how selected states have used TANF non-assistance funds, (2) non-assistance data collected and used by selected states, and (3) any data challenges faced by selected states and the extent to which HHS provides support to address these challenges. This report is part of a series of reports on TANF GAO issued in 2024 and 2025 ( GAO-25-107235 and GAO-25-107290 ). GAO analyzed selected states' fiscal year 2022 TANF expenditure data, the most recent available at the time of GAO's analysis. GAO also interviewed HHS officials, those knowledgeable about TANF, and state and local officials in a nongeneralizable selection of seven states (Illinois, Mississippi, New Mexico, New York, Ohio, Texas, and Wyoming). These states were selected to reflect variation in geographic region and the percentage of residents in poverty. GAO reviewed relevant federal laws, regulations, and agency documents.

What GAO Found In 2016, the Department of Veterans Affairs (VA) established the Financial Management Business Transformation program (the program) to replace its aging financial and acquisition systems. In 2021, GAO made two recommendations to VA to help ensure that the program's cost estimate and schedule were consistent with GAO-identified best practices. They have not yet been implemented. VA continues to not fully or substantially meet best practices for developing and managing the cost estimate and schedule. As a result, they are unreliable. Without a reliable cost estimate and schedule, VA management risks not making fully informed and sound decisions. Additionally, the program substantially or fully met five Agile best practices for requirements development and management and partially met the remaining three (see table). Regarding the three partially met practices, (1) if the program does not ensure complete and feasible requirements, it could be working on requirements that are not high priority; (2) without traceability, the program cannot establish that the work is contributing to its goals and providing value; and (3) by not balancing customer needs, the program could be developing functionality that is not immediately necessary. Summary Assessment of VA Program Requirements Development and Management Efforts Against Agile Best Practices Best practice GAO assessment Refine requirements ● Test and validate the system as it is being developed ● Ensure work is contributing to the completion of requirements ◕ Elicit and prioritize requirements ◕ Manage and further refine requirements ◕ Ensure requirements are complete, feasible, and verifiable ◑ Maintain traceability in requirements decomposition ◑ Balance customer and user needs and constraints ◑ Legend: ●=Fully met; ◕=Substantially met; ◑=Partially met; ◔=Minimally met; ○=Not met Source: GAO analysis of Department of Veterans Affairs (VA) Financial Management Business Transformation program documentation. | GAO-25-107256 GAO also found that VA generally incorporated the five key elements of effective independent verification and validation (independent review) for the program. Specifically, the program incorporated nine of the 10 key sub-elements and partially implemented one sub-element on determining which programs are subject to independent review. Although the program generally incorporated the elements of an effective independent review, VA does not have a department-wide IT acquisition policy that requires independent review or incorporates the key elements. As a result, VA risks not consistently implementing independent reviews for other VA IT programs. Regarding addressing identified issues, as of November 2024 the independent review team reported that the program resolved 93 percent of the findings and recommendations that the team identified from 2021 to 2024. This is a significant improvement compared to the 27 percent of recommendations reported implemented as of April 2020. Why GAO Did This Study VA's core financial system is more than 30 years old. Two prior attempts to replace the system, beginning in 1998, failed after years of development and hundreds of millions of dollars in costs. The current program has spent $1.9 billion since 2016 and completed six incremental deployments of a new system. The current target date for program completion is 2031. GAO was asked to review the progress of the program. This report examines the extent to which (1) the program's cost estimate and schedule followed best practices; (2) requirements development and management efforts followed Agile best practices; and (3) the independent program reviews that VA conducted met key elements of effective reviews and addressed identified issues. GAO evaluated program and independent review documentation, compared it with relevant best practices, and interviewed cognizant VA officials.

What GAO Found From June 2020 to May 2023, GAO issued four reports on the Department of Veterans Affairs' (VA) efforts to implement its electronic health record modernization (EHRM) and made a total of 15 recommendations aimed at improving implementation. Among other things, these recommendations addressed poor user satisfaction, the need for better change management, the pace of system trouble ticket resolution, and the importance of addressing independent operational assessment deficiencies. Most recently, in its draft report currently at VA for comment, GAO's preliminary results show that VA is making incremental improvements. This includes implementing over 1,500 system configuration changes and initiating projects to address user challenges. However, much more remains to be done: As of February 2025, VA had not addressed approximately 1,800 complex configuration change requests. The program lacks an updated total life cycle cost estimate that reflects the many EHRM changes and delays. Existing EHRM life cycle cost estimates range from VA's $16.1 billion to an independent estimate of $49.8 billion. Updating the independent life cycle cost estimate is imperative to understanding the full magnitude of VA's investment. Similarly, it is critically important that VA update its integrated schedule to inform decision-making. Planned system deployment at four additional locations results in about 160 medical centers (94 percent of VA's total number of medical centers) without the new system as of mid-2026. The EHRM program did not identify baselines and targets for one of its nine metrics to measure the impact of the new system at the live sites. VA's 2024 user surveys continue to reflect general dissatisfaction with the new system. (See figure.) Department of Veterans Affairs User Feedback on Electronic Health Record Enabling Efficiency An updated cost estimate and integrated schedule are essential management tools to inform VA of the challenges it faces in moving forward. Why GAO Did This Study After three unsuccessful attempts since 2001, VA initiated its fourth effort—the EHRM program—to replace its legacy system. In April 2023, after deploying the new system to five of its medical centers, VA paused deployments due to user concerns. On December 20, 2024, VA announced that it was resuming planned deployments in mid-2026 to four Michigan facilities. . GAO was asked to testify on VA's EHRM program. GAO summarized the results of its previously issued reports on EHRM and followed up on implementation of its prior recommendations. GAO also summarized the preliminary results of a draft report currently at the agency for comment that addresses, among other things, VA cost estimating and integrated scheduling.

What GAO Found The U.S. Army Corps of Engineers (Corps) manages water resources projects— such as dams, locks, and waterways—across the U.S. to strengthen national security, protect and manage aquatic ecosystems, reduce risks from disasters, and support commerce. In fiscal years 2018 through 2023, the Corps allocated approximately $28.5 billion in appropriated construction funds to 278 projects across 47 states, Washington, D.C., the Commonwealth of Puerto Rico, and the U.S. Virgin Islands (see figure). Geographic Distribution of Construction Funding at U.S. Army Corps of Engineers Water Resources Projects, Fiscal Years 2018 through 2023 The geographic distribution of the Corps' construction funding in fiscal years 2018 through 2023 resulted from factors included in appropriations legislation and Corps and Army guidance documents. Congress directed $8.7 billion (30.5 percent of all construction funding) to specific projects and activities in annual appropriations acts. For the remaining $19.8 billion (69.5 percent of funding), Congress included project eligibility criteria and other considerations in appropriations acts that influenced the distribution of funding. The Corps applied these criteria and considerations, along with others identified in Corps and Army guidance, to identify eligible projects and prioritize projects to receive construction funding. After identifying eligible projects, the Corps ranked discrete segments of work at each project to compile a list of proposed allocations. The Corps considered other factors in this process, such as environmental returns and project completion status. Why GAO Did This Study Through its Civil Works program, the Corps plans, designs, constructs, operates, and maintains water resources projects across the U.S. to address flood risk management, navigation, and aquatic ecosystem restoration, among other things. The Water Resources Development Act of 2022 includes a provision for GAO to review the Corps' funding of its water resources projects. This report examines (1) the geographic distribution of annual and supplemental funding for water resources projects carried out by the Corps in fiscal years 2018 through 2023, and (2) the factors that contributed to the geographic distribution of funding. GAO analyzed allocation and geographic data provided by the Corps to determine the location of Corps projects that received construction funding in fiscal years 2018 through 2023. GAO reviewed the annual Energy and Water Development and Related Agencies Appropriations Acts, the accompanying explanatory statements, and the five supplemental appropriations acts that provided construction funding during that period. GAO also reviewed Corps and Army documents, policies, and guidance that described the processes used to identify Corps projects that could receive construction funding from those appropriations acts. GAO interviewed knowledgeable Corps officials about these processes to help determine the factors that contributed to the geographic distribution of construction funding. For more information, contact Jeff Arkin at (202) 512-6806 or arkinj@gao.gov.

What GAO Found The structure and amount of executive compensation packages at three failed banks were similar to those of peer banks GAO reviewed. A median of 86 percent of executive compensation at the failed banks and 83 percent at the peer banks was incentive-based and tied to executive and bank performance. All the packages incorporated risk-mitigating elements that align with practices described in federal compensation guidelines. All the banks used financial measures of performance, such as return on equity and shareholder returns. Most banks also used nonfinancial measures, such as meeting goals for prudent risk management. All the former top executive officers at the three failed banks received stock awards (totaling about $130 million) and made disposals (totaling about $214 million) from January 2021 through March 2023. Executives at two of the failed banks disposed of more than $17 million in the first quarter of 2023, which was similar to their disposals in the first quarter of the previous year. Federal banking regulators use supervisory activities, such as ongoing monitoring and examinations, to review compensation issues and risks at large banks. From 2017 through 2022, regulators examined executive compensation at 15 of the 21 large banks GAO reviewed, including two of the three failed banks. Overall, regulators identified 10 supervisory concerns (matters requiring attention) related to compensation issues across eight institutions during this period. This included one supervisory concern in 2022 at the holding company of one of the failed banks, which was taking corrective action when the bank failed. In 2010, Congress required six agencies to jointly prescribe regulations or guidelines on incentive compensation by April 21, 2011. The agencies formed a working group to draft and propose joint regulations but have yet to finalize them (see figure). Timeline of Key Events Related to Rulemaking on Incentive-Based Compensation Arrangements Leaders within and across the agencies hold differing views on regulatory approaches for incentive-based compensation arrangements. For example, some agency leaders advocate a principles-based approach that outlines general principles and objectives for discouraging inappropriate risk-taking. Others support an approach with more specific and stringent requirements. Reconciling these differences and jointly prescribing regulations or guidelines would help prevent excessive compensation arrangements at financial institutions that encourage inappropriate risks. Why GAO Did This Study Incentive-based compensation can motivate good performance but also encourage risky behavior. Bank failures in early 2023 and executive bonuses one bank paid on the day it failed raised questions about compensation practices at large banks. GAO was asked to review compensation at three failed banks. This report examines (1) executive compensation packages at the failed banks and a peer bank group, (2) executives' stock transactions at the failed banks, (3) regulators' review of executive compensation at selected large banks, and (4) efforts to finalize an incentive compensation rule. GAO analyzed the most recent publicly available annual disclosures for 11 banks (three failed banks and eight peer banks selected for similarity in asset size and business lines); public disclosures on stock transactions by executives at the failed banks (January 2021–March 2023); and examination documentation (2017–2022) on compensation for 21 banks (10 banks with largest asset size, eight peer banks, and three failed banks). GAO also reviewed agencies' proposed rules and public statements on the incentive compensation rulemaking since 2011.

What GAO Found Beneficial owners are individuals who, directly or indirectly, own or control a certain percentage of, or exercise substantial control over, a company or other legal entity. The Financial Crimes Enforcement Network (FinCEN) collects and shares information about beneficial owners to help safeguard the U.S. financial system from illicit use and to support law enforcement investigations, among other purposes. In December 2023, FinCEN adopted a rule that allows authorized users (such as federal agencies engaged in national security, intelligence, or law enforcement activity) to access this information if they establish data-safeguarding procedures for it. GAO found that the rule incorporated all the Corporate Transparency Act's requirements for protecting the security and confidentiality of beneficial ownership information. In spring 2024, FinCEN launched the first phase of its five-phase process to grant access to beneficial ownership information by selecting six federal agencies for a pilot, partly to test its IT system. To be approved for access, FinCEN required each agency to sign a memorandum of understanding specifying safeguards they would implement to protect the data. Agencies also had to submit an initial report describing safeguarding procedures and certify they complied with the rule's protection requirements. As of October 2024, four of the six agencies had submitted the necessary documents (see table). Federal Agencies Approved to Access Beneficial Ownership Information, as of October 29, 2024 Agencies granted access Federal Bureau of Investigation Internal Revenue Service-Criminal Investigations U.S. Postal Inspection Service U.S. Secret Service Agency staff with access 100 System searches conducted Nearly 1,700 Source: Financial Crimes Enforcement Network. | GAO-25-107403 In September 2024, FinCEN began the second phase, enabling about 200 additional federal agencies to request access to beneficial ownership information. Based on feedback from the pilot, FinCEN revised its memorandum of understanding to clarify certain compliance requirements. FinCEN also created a procedure for reviewing and granting agency requests for information. Agencies must still sign a memorandum of understanding, report on their safeguarding procedures, and certify compliance with information protection requirements. FinCEN officials told GAO they have been developing policies and procedures for overseeing users' access and safeguarding practices. This oversight is to include conducting annual audits, monitoring how users search the data, and reviewing reports submitted by authorized users. FinCEN plans to assess the need for additional oversight mechanisms as the access program is fully implemented. GAO will continue to monitor FinCEN's implementation of its oversight policies and procedures. Why GAO Did This Study The Corporate Transparency Act, enacted in 2021, requires certain legal entities to report their beneficial ownership information to FinCEN. This requirement supports U.S. efforts to prevent bad actors from concealing or benefiting from ill-gotten gains through shell companies or other opaque ownership structures. The act required FinCEN to adopt a rule to safeguard this information from unauthorized use. The Corporate Transparency Act also includes a provision for GAO to determine whether FinCEN's safeguards, procedures, and use of beneficial ownership information, as established in its access rule, are consistent with requirements of the act. This report is the first in a series of seven annual reports. This report examines (1) whether FinCEN's access rule included Corporate Transparency Act requirements for protecting the security and confidentiality of beneficial ownership information, (2) the extent to which FinCEN granted agencies access to beneficial ownership information in compliance with the act, and (3) FinCEN's oversight of agencies' access to and use of the information. GAO reviewed the Corporate Transparency Act and FinCEN's beneficial ownership information access rule; analyzed FinCEN's policies, procedures, and other documents related to the access program; and interviewed FinCEN and other agency officials. For more information, contact Michael E. Clements at (202) 512-8678 or clementsm@gao.gov.

What GAO Found The Department of Defense (DOD) submitted about 55 percent of its agency comments, 88 percent of its sensitivity reviews, and 67 percent of its security reviews to GAO after the 30-day deadline. Sensitivity reviews are conducted to identify sensitive information, such as controlled unclassified information. Reviews for classified information, such as information designated as Secret or Top Secret, are generally referred to as security reviews. DOD’s timeliness in providing agency comments and sensitivity/security reviews has decreased significantly from December 2022 to November 2024 (See figure below). However, GAO is working with DOD to improve its timeliness. Figure: Percentage of Department of Defense (DOD) Responses That Took More Than 30 Days during GAO's Four Review Periods GAO provides audited agencies with an opportunity to review and comment on its draft reports before GAO issues the final report. DOD provided GAO comments on 82 reports from May 11, 2024, to November 6, 2024. While GAO generally provides DOD with 30 days for agency comment, on average, DOD took 42 days. Of the 82 reports, DOD submitted comments for 45 after the 30-day deadline and took an additional 29 days, on average, to submit agency comments on those reports. For one report, DOD took 182 days to provide its comments. GAO requests that the department complete sensitivity and security reviews of reports if controlled unclassified or classified sources were used, and to communicate the results of the review in writing. DOD completed 39 reviews—33 sensitivity and 6 security reviews—during the same period. On average, DOD completed sensitivity reviews in 54 days and security reviews in 74 days—exceeding the 30-day deadline. Of the 38 reports for which GAO granted an extension to the deadline for submitting comments, DOD did not meet the extension deadline for 13. DOD also submitted comments late for eight additional reports without requesting extensions. Why GAO Did This Study Delays in DOD submitting agency comments or the sensitivity/security reviews result in GAO issuing products later than mandated or requested by Congress. In some cases, delays may result in GAO taking the unusual step of issuing reports without DOD comments in order to provide Congress with requested information. The James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 included a provision for GAO to report every 6 months over a 2-year period on the extent to which DOD submitted agency comments and sensitivity or security reviews in a timely manner and in accordance with GAO protocols. This report is the fourth in a series of four reports on this topic. It covers the time period May 11, 2024, to November 6, 2024. For more information, contact Alissa Czyz at (202) 512-3058 or czyzaj@gao.gov.

What GAO Found The Department of Veterans Affairs (VA) is responsible for providing benefits to veterans. Within VA, the Veterans Health Administration (VHA) provides health care benefits to eligible veterans with service-connected disabilities living or traveling abroad through its Foreign Medical Program. In fiscal year 2024, VHA data show the program paid $128.3 million in reimbursements to 8,024 veterans or their providers, representing a 263 percent increase in reimbursements since fiscal year 2018. In fiscal year 2024, the program reported processing 37 percent of claims within 45 days; its goal is to process 90 percent within that time. Foreign Medical Program Reimbursements, Fiscal Years 2018 through 2024 The Foreign Medical Program makes reimbursements using paper checks, despite a federal law generally calling for electronic payments. Reliance on paper checks has resulted in challenges, including delayed or lost checks, according to officials. VA has begun a transition to an electronic payment method, but when or how the transition will occur is unclear. Implementing the new method will help ensure the timeliness and security of reimbursements. VHA increased its authorized staffing in August 2023 from 25 to 38 positions for the Foreign Medical Program to help meet its timeliness goal. However, 14 positions remained vacant in 2024 due to various reasons, including a VHA zero-growth hiring policy, according to officials. VHA has taken some steps to help with hiring, such as allowing positions to be remote, but has not otherwise identified and evaluated staffing strategies. Evaluating and implementing such strategies could help the program address its staffing challenges and process claims in a timely manner. VA has not comprehensively assessed fraud risks in the program in line with selected leading practices, despite evidence of potential fraud. This included VA suspending providers in 2024 due to their alleged involvement in a long-term fraud scheme. VHA developed two documents to outline efforts for fraud, waste, and abuse activities within VHA. However, VA has not implemented selected leading practices outlined in GAO's Fraud Risk Framework. These include assigning an entity to lead and regularly assess fraud risks. Implementing such practices will help VA better prevent, detect, and respond to fraud. Why GAO Did This Study Thousands of veterans live in or travel to foreign countries each year. For qualifying medical expenses incurred abroad, veterans, or the providers that deliver services, may submit claims to VHA's Foreign Medical Program for reimbursement. The Consolidated Appropriations Act, 2023, includes a provision for GAO to review the VHA Foreign Medical Program. This report addresses available data on program claims, VHA processes for reimbursing claims, program staffing, and the extent to which fraud risk management activities for the program are consistent with selected leading practices. GAO reviewed data on claims processed for fiscal years 2018 through 2024 and relevant program policies and documentation; assessed the program's processes against criteria, such as human capital management key practices and GAO's Fraud Risk Framework; and interviewed agency officials, veterans who use the program, and five veterans service organizations. GAO conducted interviews with veterans in person and obtained written responses via email.

What GAO Found Key federal agencies are responsible for investigating entities involved in illicit finance activities and referring them for federal prosecution. For example, the Federal Bureau of Investigation investigates transnational criminal organizations and associated money laundering efforts. Similarly, Immigration and Customs Enforcement's Homeland Security Investigations conducts investigations of criminal organizations in relation to cross-border movement of people, goods, and money. These federal law enforcement agencies and others often work together in interagency collaborative groups, such as task forces, that coordinate investigations of transnational organized crime, money laundering, and major drug trafficking networks. The Department of Justice prosecutes defendants accused of committing federal crimes, including those related to illicit finance. Federal agencies are taking actions to implement selected government-wide strategies and efforts to counter illicit finance activities, but progress in implementation is not measured in some instances. In these cases, the strategies and efforts do not all have clearly defined goals, and lead agencies or entities do not regularly collect and assess relevant performance information tied to goals. For example, in the 2024 National Strategy for Combating Terrorist and Other Illicit Financing (Illicit Finance Strategy), the Department of the Treasury lists over 120 benchmarks (or goals) that agencies are generally implementing. However, Treasury does not collect and assess performance information from the implementing agencies to determine their progress against the goals. Similarly, entities leading the Presidential Initiative for Democratic Renewal (Initiative)—a set of policy and foreign assistance efforts to fight corruption, among other things—have not set joint performance goals or assessed whether agencies are achieving the goals. Such goals and assessments of performance information could help collaborating agencies ensure accountability for common outcomes and inform decisions, which would be in line with leading practices for evidence-based policymaking and interagency collaboration. Extent That Selected Federal Strategies and Efforts Related to Countering Illicit Finance Activities Have Goals and Performance Information is Collected Why GAO Did This Study Criminal organizations generate money from illicit activities such as drug and human trafficking and launder the proceeds. Federal agencies investigate illicit activity and have developed several strategies and efforts to combat these crimes. GAO was asked to review efforts to counter illicit finance activities. This report addresses, among other things, (1) selected agencies' roles and responsibilities in investigating and prosecuting illicit finance activities and (2) the progress made with selected strategies and efforts to counter illicit finance activities. To address these objectives, GAO reviewed agency documents and data, including those related to eight selected federal strategies and efforts on countering illicit finance activities. GAO compared four of these strategies and efforts—which represent long-range, multiagency undertakings—to selected key practices for evidence-based policymaking and for interagency collaboration.