Cybersecurity & Tech

Shell Corporations Facilitate Contracting Fraud at the Department of Defense

Rachael Hanna
Tuesday, April 21, 2020, 8:00 AM

Contracting fraud at the Department of Defense poses national security risks. Reforming shell corporation beneficial ownership reporting could help address the problem.

Air Force Staff Sgt. Sean Tkacsik works on a C-17 Globemaster III engine at the Pittsburgh International Airport Air Reserve Station, April 14, 2020 (Source: Joshua Seybert, Air Force/https://www.defense.gov/observe/photo-gallery/igphoto/2002281761/)

Published by The Lawfare Institute
in Cooperation With
Brookings

Last year, the Pentagon discovered that network-linked surveillance cameras installed on dozens of military bases and Navy aircraft carriers had cybersecurity vulnerabilities that could enable hackers to take control of the networked cameras and obtain the data they record. Worse still, the cameras had been manufactured in China. The Department of Justice alleges that the supplier of these cameras, New York-based Aventura Technologies, had violated the domestic production requirements of its contract with the Department of Defense and misrepresented the production origins of the cameras. How did Aventura perpetrate this fraud? By allegedly disguising its illegal importation of Chinese surveillance equipment through the use of shell corporations.

Across the U.S. government, shell corporations with anonymous or murky ownership records are being used to facilitate fraud in federal contracting. Illegitimate contractors hide behind shell corporations to skirt domestic ownership and production requirements to win government contracts, undermining the integrity of federal procurement processes.

Responsible for roughly 65 percent of all U.S. government contracts, the Defense Department faces this issue on the largest scale of all federal agencies. For the Pentagon, fraudulent contractors pose not only financial risks but also national security risks. Unwittingly granting contracts to foreign companies, possibly controlled by or linked to adversarial countries, could give foreign nationals access to sensitive military technology and allows substandard machinery to be incorporated into aircraft and weapons systems.

For more than a decade, various Congresses have introduced reform bills to tackle this issue, but no legislation has been enacted into law. However, since the Panama Papers leak in 2016 revealed how ubiquitously shell corporations are used to disguise fraud, money laundering, and other criminal exploits around the globe, Congress has shown renewed interest in mandating beneficial ownership disclosures. The ILLICIT CASH Act, discussed in greater detail below, is the latest bill to propose ending anonymous shell corporation registration and could assist the Defense Department in rooting out fraudulent contractors.

Blind Spots in Federal Contracting Disclosure Requirements

Under Federal Acquisition Regulation (FAR) § 4.1102, government contractors are required to register with the General Services Administration’s System for Award Management (SAM) database. FAR mandates that bidding contractors include information on their “immediate” and “highest” level of ownership in SAM but does not require disclosure of their beneficial owners—the natural person(s) or legal entities who ultimately own or control the contractor. Additionally, prospective contractors, under FAR § 9.104-1, must demonstrate their financial, organizational and experiential ability to perform the contract satisfactorily. The same provision also mandates that prospective contractors demonstrate that they have sufficient accounting and operational controls and the responsibilities any subcontractors will assume. For repeat contractors, FAR § 9.104-6 requires Defense contracting officers to review contractor performance and integrity information recorded in the Federal Awardee Performance and Integrity Information System. However, for new prospective contractors, no such historical data is available.

Because they are not necessarily required by FAR to disclose their beneficial ownership, contractors utilize shell corporations to inflate contract prices artificially through a variety of strategies. For example, they can subcontract with other companies that they own or control via shell corporations to fraudulently mark up costs or bill for nonexistent work by creating fictitious invoices; they use shell corporations to disguise conflicts of interest, such as shared ownership, that otherwise would have prevented them from winning certain contracts; they create multiple shell corporations to foster the appearance of bidding competition for contracts in order to inflate prices artificially; and they create shell corporations with false certifications that the companies are owned or controlled by veterans, women, minorities, and other groups eligible to receive government contracts through Small Business Administration set-aside programs.

Perhaps most concerningly, shell corporations are also used to facilitate contracting fraud that directly undermines U.S. national security in two primary ways. First, foreign companies set up U.S.-registered shell corporations in order to bid on Defense Department contracts reserved for domestic contractors, and second, U.S.-based companies utilize shell corporations to import counterfeit or compromised goods—including military equipment and surveillance technology—and then sell these goods to the Defense Department.

A November 2019 Government Accountability Office (GAO) study of just 32 Pentagon contracts revealed that the Defense Department had been defrauded of hundreds of millions of dollars as a result of such practices. Given that the department had $364.5 billion worth of contract obligations in FY2018, GAO noted that the scope of contracting fraud is likely more pervasive than the snapshot provided by its study indicates.

Several recent cases have revealed how companies use these strategies. Last year, the Air Force canceled a $420 million contract to make bunker bombs when a competitor alerted the Pentagon that the winning company was actually foreign owned and had ties to a Russian oligarch under U.S. sanctions. In 2012, the Pentagon awarded Allied Components LLC a contract to manufacture wing pins for F-15 fighter jets. Supposedly based in New Jersey, Allied Components was actually a front disguising an India-based company that manufactured the parts in violation of the contract’s domestic production requirement. Not only did the wing pins fail quality control standards, grounding 47 fighter jets, but the partners behind the scheme also illegally exported sensitive aircraft and weapons systems blueprints, which they used to seek contracts from other foreign militaries. As noted above, in November 2019 the entire senior management team of Aventura Technologies was charged with illegally importing surveillance and security equipment made in China, which the company then sold to the Pentagon after falsely claiming that the technology was American made. Aventura had won more than $20 million in federal contracts since 2010 selling Chinese equipment, which the Defense Department deployed on U.S. Navy ships and military bases. The department later discovered that the surveillance technology had numerous cybersecurity vulnerabilities.

Closing the Information Gap on Shell Corporation Beneficial Ownership

There have been several efforts by Congress to reform shell corporation registration in the United States in recent years—but none has succeeded. Prior efforts, including the TITLE Act and the Corporate Transparency Act of 2017, proposed reforms similar to those in the ILLICIT CASH Act, although the TITLE Act tasked states, instead of the federal government, with collecting beneficial owners’ personal information. Despite these failed attempts, the more recently introduced ILLICIT CASH Act, which has bipartisan support in the Senate, remains promising. Three components of the bill, in particular, could provide the Defense Department and other federal agencies with greater information to prevent federal contracting corruption from occurring in the first place.

Broadly, the ILLICIT CASH Act aims to establish beneficial ownership reporting requirements to improve shell corporation transparency and discourage their use for money laundering, fraud and other criminal acts. Specifically, the act would require beneficial owners of shell corporations at the time of registration to disclose to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) their full legal name, date of birth, current residential or business address, and a unique identifying number from one of a collection of documents identifying the beneficial owner (a nonexpired U.S. or foreign-issued passport; a nonexpired U.S. driver’s license; or a nonexpired identification document issued by a state, local government or federally recognized Indian Tribe). Shell corporations already in existence would have two years after the date of the bill’s enactment to disclose this information to FinCEN, and all shell corporations would need to report changes in this information to FinCEN within 90 days of such a change occurring. Enforcement of these disclosure requirements is discussed in greater detail below.

The ILLICIT Cash Act also authorizes FinCEN to use beneficial ownership disclosures to create a national database to monitor compliance; no such database currently exists. Federal agencies would have specific request-based access to that database in order to investigate shell corporations suspected of concealing their beneficial owners. For the Defense Department, access to a national shell corporation beneficial ownership database could help close the contractor information gaps detailed above and thwart companies from securing contracts through deceptive practices, without substantially increasing the workload of contracting officers.

Finally, the ILLICIT CASH Act would allow the Department of Justice to pursue defendants for providing incomplete or inaccurate beneficial ownership information. While the Justice Department has had some success prosecuting contracting fraud and imposing monetary penalties on guilty defendants, the ILLICIT CASH Act would allow the department to investigate and charge nefarious contractors before they defraud the U.S. government. Defendants who intentionally report fraudulent or incomplete beneficial ownership information to FinCEN could face up to four years in jail and $10,000 in fines. Proactively weeding out contractors attempting to use shell corporations to defraud the U.S. government before they have the opportunity to bid for contracts could help ensure that awards are going to compliant companies in the first instance. This allows agencies to avoid having to pursue defendants after they have already secured ill-gotten awards and potentially received information about sensitive military technology or compromised Defense supply chains.

For years, critics of efforts to reform shell corporation beneficial ownership, including the American Bar Association (ABA) and many business associations, have argued that the reporting requirements outlined above would result in burdensome costs on small businesses and raise confidentiality and privacy concerns for attorneys who serve as shell corporation formation agents for their clients. The ABA and a coalition of business associations contend that millions of small businesses and their attorneys would be forced to disclose detailed beneficial ownership information, which, coupled with an expansive definition of beneficial ownership, would be unduly onerous and costly. However, these critics have not provided actual cost estimates for small businesses, nor have they explained why the required beneficial ownership information would be so difficult for legitimate businesses to report. Additionally, these critics have argued that reporting requirements could force attorneys to disclose confidential client information in contravention of attorney-client privilege. Yet, the beneficial ownership information required—name, address and photo ID—is not confidential client information.

Critics have also called attention to the cybersecurity risks of FinCEN maintaining a database with personal identifying information (PII) of all shell corporation beneficial owners. After the Office of Personnel Management data breach saw the PII of millions of federal government employees stolen (likely by China for intelligence purposes), critics of the ILLICIT CASH Act are understandably wary about the data privacy risks of aggregating vast amounts of sensitive personal information in a single location controlled by the federal government. But there are concrete steps FinCEN can take to mitigate these concerns. Should the bill become law, FinCEN will have to commit to undertaking the significant task of implementing cybersecurity and data encryption protocols to protect the integrity of a national beneficial ownership registry.

As the GAO study emphasizes, a review of a small fraction of Defense contracts revealed the agency had been defrauded of hundreds of millions of dollars through deceptive shell corporations. And the scope of this problem could be even more significant. Nefarious foreign companies, possibly connected to adversary governments, have illegally exported sensitive military technology and compromised aircraft and weapons systems by furnishing the Defense Department with faulty parts and surveillance equipment with serious cybersecurity vulnerabilities. A lack of beneficial ownership information on contractors has played a major role in compromising Defense supply chains, but the shell corporation registration reforms proposed by the ILLICIT CASH Act could provide the department with the information it needs to prevent contracting fraud and the national security risks such fraud often entails.


Rachael Hanna is a recent graduate of Harvard Law School.

Subscribe to Lawfare