Up to 70,000 federal contractors are heading to their local notary to get that special stamp on a letter that’s destined for the General Services Administration to authenticate the vital details of their business, including who is the authorized “entity administrator associated with the DUNS number.”
These are the first details of the impact on vendors emerging from the latest case of fraud to affect GSA’s System for Award Management (SAM).
A GSA spokeswoman confirmed the agency already received 7,500 notarized letters.
“GSA is making internal business process improvements based on our analysis of the first set of letters received,” the spokeswoman said in an email to Federal News Radio. “We are continuously updating the instructions on SAM.gov to make it easier for entities to be in compliance. Additionally, we have posted templates on SAM.gov for entities to use when submitting their notarized letters.”
GSA is requiring notarized letters for several thousand contractors immediately, and then any vendor whose existing registrations on SAM.gov need to be updated after April 27.
This all stems from a third incident in the last five years in which a third party either stole or changed contractor data. GSA alerted vendors on March 22 after it found a third-party changed the financial information of “a limited number” of contractors registered on the governmentwide the SAM.gov portal.
GSA issued initial details of the fraud at that time and then updated the frequently asked questions on April 4.
An internal presentation from April 12, Federal News Radio obtained, sheds even more light on the impact of the SAM.gov fraud incident.
GSA officials said more than 33,000 contractors needed to confirm a change in their bank account information in the past year. Now this is not to say all 33,000 vendors were potential victims of fraud, but it’s not a stretch that many of them were swept up in this incident as we all know how difficult it is to change bank accounts. I’m not sure anyone would voluntarily change banks.
The GSA spokeswoman wouldn’t confirm how many vendors were victim of this latest fraud, citing an active law enforcement investigation.
It seems vendors are struggling with GSA’s notarization process. Of the 7,500 notarized letters received, GSA processed more than 3,300 and rejected almost 56 percent of them (1,910) for one reason or another.
GSA said it added staff to its Federal Service Desk to support the response and continues to evaluate the overall impact of this fraud incident, including call volume and wait times.
The presentation shows GSA plans to take several other steps to further improve the process. GSA said it modified its process for international entities and partially masked sensitive data elements on SAM.gov.
By the end of June, GSA plans to end the requirement for a notarized letter “by implementing a data-driven, risk-based approach” by combining technical and analytic processes “to reduce risk and focus any additional burden only on those entities with the highest risk profile.”
The goal, GSA said, is to “provide confidence” in that approach so it would deter known fraud paths.
Finally, GSA said by April 30 it would present details to improve the governance of SAM.gov to the joint governance board.
Beyond the impact on contractors and GSA, the SAM.gov modernization effort also now will be delayed.
The presentation said “the combined fraud response will have cost/schedule impacts on modernization,” and GSA will know about the extent of the impact by mid-May.
The GSA spokeswoman said the agency remains committed to ensuring that the existing SAM.gov and the future SAM.gov systems are reliable.
“We are continuing to make progress on the modernization and utilization of beta.SAM.gov. Users may provide feedback on the new beta SAM website at beta.SAM.gov,” the spokeswoman said.
The presentation provides a bit more details about the beta.SAM.gov initiative.
By the end of May, GSA expects to decommission the current site that hosts the Catalog of Federal Domestic Assistance (CFDA). The CFDA provides a full listing of all federal programs available to state and local governments, tribal entities and public and private organizations.
Also starting in May, GSA plans to begin “alpha testing” the reports, opportunities, federal hierarchy and wage determinations modules of SAM.gov.
GSA has been trying to improve and consolidate the 10 portals that are a part of SAM.gov for almost a decade. During that time, it has now suffered three incidents — both cyber and fraud — during that time. Maybe GSA should consider adding two-factor authentication, maybe even those new Login.gov capabilities that it added to USAJobs.gov earlier this year, to SAM.gov and limit the number of vendors who have to go through the notarization process.