Needs To Better Prevent, Detect, And Respond To Fraud And Abuse Risks In Aircraft Registration

The U.S. aircraft registry, managed by the FAA, maintains information on approximately 300,000 civil aircraft. The FAA issues aircraft registration to individuals and entities that meet eligibility requirements, such as U.S. citizenship or permanent legal residence. Registry fraud and abuse hinders the ability of law-enforcement and safety officials to use the registry to identify aircraft and their owners who might be involved in illicit or unsafe operations.

GAO was asked to examine registry fraud and abuse. In its report, the GAO assesses FAA’s actions to (1) prevent, (2) detect, and (3) respond to fraud and abuse risks in aircraft registrations. GAO reviewed relevant laws, regulations, and FAA policies; reviewed reports, DOJ press releases, and court cases that illustrated risks associated with the registry; analyzed aircraft registry data from fiscal year 2010 through 2018 to identify registrations with risk indicators; and interviewed FAA registry, legal, law-enforcement liaison, and safety officials, as well as officials from DOJ and DHS.

To register civil aircraft, the FAA generally relies on self-certification of registrants’ eligibility and does not verify key information. According to GAO’s review of the registry process, there are risks associated with the FAA not verifying applicant identity, ownership, and address information. The registry is further vulnerable to fraud and abuse when applicants register aircraft using opaque ownership structures that afford limited transparency into who is the actual beneficial owner (i.e., the person who ultimately owns and controls the aircraft). Such structures can be used to own aircraft associated with money laundering or other illegal activities (see example in figure). The FAA has not conducted a risk assessment that would inform its eligibility review and collection of information to manage risks. Without a risk assessment, the FAA is limited in its ability to prevent fraud and abuse in aircraft registrations, which enable aircraft-related criminal, national security, or safety risks.

The FAA makes some use of registry information to detect risks of fraud and abuse, but the format of the data limits its usefulness. Specifically, most data on individuals and entities with potentially significant responsibilities for aircraft ownership, such as trustors and beneficiaries, are stored in files that cannot be readily analyzed due to system limitations. As the FAA modernizes its information technology systems, it has an opportunity to develop data analytics capabilities to detect indicators of fraud and abuse in the registry. The FAA takes administrative actions, such as registration revocations, to respond to registration violations and coordinates with law-enforcement agencies on investigations and enforcement actions such as aircraft seizures. Since 2017, the FAA has coordinated with the Departments of Justice (DOJ) and Homeland Security (DHS) as part of an Aircraft Registry Task Force to address aircraft registry vulnerabilities. However, this coordination is informal, and other mechanisms for joint enforcement actions, sharing of information, and use of liaison positions are not in place.

GAO is making 15 recommendations to the FAA, including that it collect and verify key information on aircraft owners; undertake a risk assessment of the registry; leverage information technology modernization efforts to develop data analytics approaches for detecting registry fraud and abuse; and formalize coordination mechanisms with law-enforcement agencies. The FAA agreed with all recommendations.

(Source: GAO)

FMI: Full report