A System of Failure, A Record of Loss: Analyzing the Integrity Flaws of the EPLS (2006-2008) and the Lawful Erasure of Its Data

Executive Summary

This report argues that the U.S. government’s Excluded Parties List System (EPLS) was fundamentally compromised during the 2006-2008 period. The system, designed to prevent procurement fraud, was crippled by a cascade of failures. These failures involved data integrity, system functionality, and widespread agency non-compliance.

This breakdown allowed contractors to improperly receive millions in federal funds. Many of these parties were debarred for serious offenses, including national security violations.³

Compounding this operational failure, the legal framework governing federal records mandated the lawful destruction of the EPLS data.⁴, ⁵ This compliant erasure of primary-source evidence has created a permanent and irreversible “accountability gap.” It prevents a full forensic understanding of this government malfunction. The situation underscores an urgent need for policy reform in system design and data retention for critical government oversight systems.

Introduction

The U.S. government established the Excluded Parties List System (EPLS) as a critical gatekeeper for federal procurement integrity. The General Services Administration (GSA) maintained the system.¹ Its purpose was to serve as the definitive, government-wide repository of excluded individuals and entities.

In principle, the EPLS was designed to protect taxpayers from fraud, waste, and abuse.², ¹ However, the reality was starkly different. The system’s failure was profound. Millions of taxpayer dollars were improperly awarded to contractors excluded for egregious offenses. These offenses included fraud, theft, and even aiding enemies of the state.³

This report presents a dual analysis of the EPLS during the critical 2006-2008 period. It argues that the system was fundamentally compromised by a cascade of failures. These failures spanned data integrity, system functionality, and agency procedure. The first section provides a detailed anatomy of this systemic breakdown, drawing upon extensive investigations by the Government Accountability Office (GAO).

The analysis then pivots from operational failure to a second, equally critical theme: the archival paradox. This report demonstrates how the legal framework governing federal records mandated the lawful destruction of the system’s data. Specifically, the Federal Records Act and a NARA-approved disposition schedule required the erasure of the very evidence of these failures.⁴, ⁵ This compliant destruction of records creates significant challenges for long-term accountability. It also prevents a full forensic understanding of government malfunction, a lesson with urgent implications for today’s digital government systems.

Section 1: The Anatomy of a Systemic Failure: Documented Flaws in the EPLS (2006-2008)

GAO investigations during fiscal years 2006 and 2007 substantiated allegations that the EPLS was failing its core mission.³, ⁶ The improper awarding of federal funds was not the result of a single vulnerability. It was a systemic breakdown. This failure can be dissected into four key areas: data deficiencies, critical system flaws, agency non-compliance, and fraudulent exploitation of these gaps.

1.1 Data Integrity Deficiencies: The Unreliable Foundation

The foundation of any information system is its data quality. For the EPLS, this foundation was demonstrably unreliable. The system’s data was incomplete, untimely, and inaccurate, routinely violating the core principles of data integrity.⁷

Incomplete Records

A primary deficiency was the prevalence of incomplete records. GAO confirmed that EPLS entries often lacked sufficient information to identify a vendor confidently.⁶, ⁸, ⁹ A critical and persistent omission was the failure to include unique entity identifiers, like a DUNS number. Although GSA had agreed to make this field mandatory, excluding agencies continued to ignore the requirement.⁸, ⁹

Untimely Data Entry

The system’s utility was further degraded by significant data entry delays. The Federal Acquisition Regulation (FAR) required agencies to enter exclusion actions into the EPLS within five days.⁶ This mandate was not consistently followed. These delays created dangerous windows of opportunity for excluded parties to receive new contracts.

In one stark example, GSA suspended a company in September 2006 but failed to enter the exclusion into the EPLS until October 2006. During this month-long lag, the Department of the Interior checked the system and, finding no record, improperly awarded several contracts to the company.⁶, ⁸

Inaccurate Contact Information

Finally, ancillary data necessary for due diligence was often incorrect. The points of contact listed within an EPLS record were intended to help contracting officers verify an exclusion. However, the GAO found these contacts were frequently outdated or incorrect, rendering them useless.⁶, ⁸

1.2 Critical Functional Flaws: An Ineffective Tool

Beyond its poor data quality, the EPLS software was functionally inadequate. The system was an inherently ineffective and poorly integrated tool for accessing information.

Insufficient Search Capability

A chief complaint from GAO investigators was the database’s poor search function.⁶, ⁸, ⁹ This was a critical flaw. Even when an exclusion was correctly entered, agency officials’ searches often failed to locate it.³, ⁹ The system could not handle minor variations in names, meaning only a perfect, exact-match query was likely to succeed. This transformed the legally mandated act of checking the EPLS into a fruitless exercise.

Lack of System Integration

This flaw was magnified by a profound failure of integration with other GSA procurement platforms. GAO discovered that numerous excluded parties remained actively listed on GSA’s Federal Supply Schedule, a primary online marketplace for agency purchasing.⁶, ⁸

To prove this vulnerability, GAO investigators used a government purchase card to buy body armor from a company debarred for falsifying safety tests. No warning was presented during the transaction.³, ⁹

1.3 A Compounding of Errors: Agency Non-Compliance and Procedural Lapses

Human and procedural breakdowns across government severely compounded the technical flaws of the EPLS.

Failure to Check the System

The most basic procedural requirement—that contracting officers must check the EPLS before awarding funds—was frequently ignored.³, ⁶

Willful Disregard for Exclusions

More egregious were cases where agencies knowingly continued business with an excluded party. In the most prominent example, the U.S. Army debarred a German company after its president attempted to ship nuclear bomb components to North Korea. The Army’s own debarment statement called the individual “morally bankrupt.”³, ¹⁰ Despite this, the Army continued its contract and paid the company over $4 million in fiscal year 2006. The GAO determined that several options for contract termination were available but were not seriously considered.⁶, ¹⁰

Lack of Oversight

This pattern of neglect extended to the system’s steward, the GSA. The GAO noted a culture of institutional inertia. In response to damning findings, GSA often “simply restated its current policies” instead of committing to concrete oversight steps.⁸, ⁹ This passive stance contributed to an accountability vacuum.⁶

1.4 Exploiting the Gaps: Deliberate Circumvention by Excluded Parties

The combination of poor data, weak functionality, and lax oversight created a fertile environment for fraud.⁶, ⁸ Unscrupulous contractors actively exploited the system’s weaknesses.

A common tactic was the use of alter egos. Excluded parties would operate under different corporate or individual identities to continue receiving federal funds.⁶ In one case, the owner of an electronics company was debarred for fraud. He then created a “new” company with a different name at the same address, which he used to obtain new defense contracts.⁹ This fraud succeeded precisely because of the system’s poor search capabilities and its reliance on exact name matching.

This cascade of failure demonstrates a complete, end-to-end breakdown of the procurement integrity process. The table below synthesizes these distinct but interconnected failures.

Flaw Category	Specific Flaw	Documented Example from GAO Investigations (Source)
Data Integrity	Incomplete Information	Records frequently lacked mandatory unique identifiers like DUNS numbers, hindering accurate matching of vendors.⁶, ⁸, ⁹
	Untimely Data Entry	GSA suspended a contractor but failed to enter the exclusion into EPLS for over a month, allowing the party to receive new awards.⁶, ⁸
	Inaccurate Data	Points of contact listed for exclusion information were often incorrect or outdated, preventing proper due diligence by officials.⁶, ⁸
Functional Flaw	Insufficient Search Capability	Agency officials conducted searches that failed to reveal existing exclusions due to the system’s inherent limitations.³, ⁶, ⁸
	Lack of System Integration	Debarred and suspended parties remained actively listed on GSA’s Federal Supply Schedule without any warning flags for purchasers.⁶, ⁸
	Failure of System Safeguards	GAO investigators successfully used a government purchase card to buy body armor from a company debarred for falsifying safety tests.³, ⁹
Agency Non-Compliance	Failure to Check EPLS	Contracting officers at multiple agencies awarded new contracts without performing the required EPLS search as mandated by the FAR.³, ⁶
	Disregard for Exclusions	The Army knowingly continued a contract worth over $4 million with a company debarred for attempting to ship nuclear components to North Korea.⁶, ¹⁰
Fraudulent Circumvention	Use of Alter Egos	A debarred individual created a “new” company with a different name but the same address to fraudulently obtain defense contracts.⁹

Section 2: The Legal Lifecycle of Federal Data: Records Retention and Lawful Destruction

The functional failures of the EPLS represent one aspect of its story. The other concerns the legal framework governing the data itself. This framework prioritizes administrative efficiency and dictates the eventual, lawful destruction of most government records. Understanding this framework is essential to explaining how primary evidence of the EPLS’s failures was permanently erased as a matter of standard procedure.

2.1 The Mandate of the Federal Records Act and NARA’s Oversight

The Federal Records Act (FRA) governs the management of all U.S. government records.⁵, ¹¹ The National Archives and Records Administration (NARA) is the primary oversight agency for this mandate.¹², ¹³

NARA works with federal agencies to appraise government records and determine their ultimate fate.¹², ¹³ This appraisal process leads to a critical distinction:

Permanent Records: These records have sufficient historical or other value to warrant permanent preservation by the federal government.¹²
Temporary Records: This category includes the vast majority of government records. NARA determines these records do not have sufficient value to warrant permanent preservation and authorizes their destruction after a specified time.¹²

This framework is driven by the practical necessity of managing the immense volume of records generated by the federal government.

2.2 Systematizing Disposition: Agency-Specific Records Schedules

For records unique to a specific program, like the EPLS, the agency must work with NARA to create an agency-specific records schedule.⁵, ¹³ This formal document identifies the records and provides explicit instructions for their disposition.

Once the Archivist of the United States approves this schedule, it provides the legal authority for the agency to dispose of the records. Destroying federal records is a criminal offense unless it is performed in accordance with a NARA-approved schedule.⁵, ¹¹

2.3 The EPLS Records Disposition Schedule (N1-269-10-001)

GSA worked with NARA to establish a specific legal instrument to govern the EPLS data: records schedule N1-269-10-001.⁴, ¹⁴, ¹⁵ This schedule provides the definitive disposition authority for the system’s records.

The schedule’s instructions are unambiguous. First, it designates the EPLS system records as **”Temporary.”**⁴, ¹⁴, ¹⁵ This reflects a formal judgment that the operational data did not possess enduring value.

Second, the schedule provides precise and mandatory disposition instructions.

Cut off: “Cut off at the end of the fiscal year following termination on debarment or suspension.”

Destroy: “destroy 6 years and 3 months after cutoff.” ⁴, ¹⁴, ¹⁵

This schedule is not a guideline; it is a legal mandate. Once its conditions are met, the destruction of the records is the standard, legally compliant procedure under the Federal Records Act.

Section 3: The Archival Paradox: How Evidence of Failure Was Lawfully Erased

The synthesis of the EPLS’s systemic failures with its data lifecycle framework reveals a profound paradox. The routine, lawful application of federal records management policy directly caused the permanent erasure of the most granular primary evidence of the system’s malfunction.

3.1 Visualizing the Path to Destruction: Applying the Retention Schedule

A practical application of the records schedule illustrates how data from the 2006-2008 era was lawfully destroyed. The following flowchart visualizes this legally mandated process for a company debarred for three years in June 2006:

Debarment period ends.

Date: June 2009

↓

“Cut off at the end of the fiscal year following termination.” ⁴, ¹⁴, ¹⁵

FY of termination is 2009. Following FY is 2010.

↓

The record is officially cut off and enters its retention period.

Date: September 30, 2010

↓

“Destroy 6 years and 3 months after cutoff.” ⁴, ¹⁴, ¹⁵

Retention period begins.

↓

The record is eligible for permanent, lawful destruction.

Date: December 31, 2016

This timeline demonstrates that by the mid-to-late 2010s, federal policy lawfully and permanently destroyed the vast majority of specific, transactional EPLS system records from the 2006-2008 period.

3.2 The Accountability Gap: Implications of Lawful Data Erasure

The consequences of this lawful destruction for long-term government accountability are significant and irreversible. High-level summary documents, like the critical GAO reports, are themselves permanent records.³, ⁶ However, the underlying, granular system data they analyzed is gone. This creates a permanent and unbridgeable “accountability gap.”

The loss of this primary source evidence means future investigators can never fully replicate or expand upon the original findings. For instance, an analyst cannot quantify the total dollar amount lost to fraud, as the transactional award data no longer exists. A historian cannot determine if certain agencies were more frequent offenders, because the relevant data entry logs have been destroyed.

The official history of the EPLS failure is thus locked into the perspective of the GAO’s 2008-2009 investigation. We know that the system failed. But the ability to know precisely how, how often, and to what degree on a transactional level has been permanently lost.

The GSA, by diligently following its NARA-approved records schedule, was acting as a model of compliance with records management statutes. The paradox is that this very act of compliance erased the detailed evidence of the agency’s profound failure in procurement integrity.

Conclusion: Legacy of Failure and the Path to Reform

The EPLS during the 2006-2008 period represents a case study in comprehensive government failure. It was not a system with minor bugs but a fundamentally broken apparatus.

The legacy of this failure is twofold. First, it served as a catalyst for reform. The extensive flaws documented by the GAO created undeniable pressure for change. This pressure culminated in the 2012 migration of the EPLS into the new, more comprehensive System for Award Management (SAM.gov).¹⁶, ¹⁷, ¹⁸, ¹⁹, ²⁰

Second, the EPLS saga leaves a more troubling legacy. The lawful destruction of the system’s records highlights a critical tension between efficient records management and the democratic imperative to preserve evidence of government malfunction. The EPLS case is a stark warning of how routine, legally mandated processes can permanently obscure the full truth of past failures.

Recommendations for Future System Integrity and Accountability

The documented failures of the EPLS provide critical lessons that must inform the design and governance of all future government oversight systems. To prevent a recurrence of these issues and close the accountability gap, immediate action should be taken on the following recommendations:

Mandate System-Enforced Unique Identifiers: Future systems must be built on a foundation of unique, persistent identifiers for every entity. The system architecture must make this identifier a non-negotiable, mandatory field for record creation.⁸, ⁹
Enforce Real-Time Interoperability: Critical systems must never operate in isolation. Exclusion and procurement platforms must be deeply integrated with automated, real-time cross-referencing. An attempt to process a payment to an excluded entity should trigger an immediate, hard-coded system block.⁶, ⁸
Implement Proactive and Automated Data Auditing: Agencies must not rely on external watchdogs to discover data integrity failures. System stewards must implement automated, continuous auditing of their own data to flag records that are incomplete, inaccurate, or untimely.⁸, ⁹
Re-evaluate Records Retention for Critical Oversight Systems: The lawful destruction of the EPLS data demonstrates a flaw in records management policy. NARA and federal agencies must collaborate to create a new records category for “accountability-critical” data. Records from systems designed to prevent fraud should have a significantly extended retention schedule (e.g., 25 years) to allow for long-term historical analysis and public accountability.⁴, ¹⁴, ¹⁵

Works Cited

General Services Administration. “Suspension & Debarment FAQ.” Accessed October 14, 2025. https://www.gsa.gov/policy-regulations/policy/acquisition-policy/office-of-acquisition-policy/gsa-acq-policy-integrity-workforce/suspension-debarment-and-agency-protests/suspension-debarment-faq.
Acquisition.gov. “FAR Subpart 9.4 – Debarment, Suspension, and Ineligibility.” Accessed October 14, 2025. https://www.acquisition.gov/far/subpart-9.4.
U.S. Government Accountability Office. “Excluded Parties List System: Suspended and Debarred Businesses and Individuals Improperly Receive Federal Funds (GAO-09-174).” February 2009. https://www.gao.gov/assets/gao-09-174.pdf.
National Archives and Records Administration. “Request for Records Disposition Authority: Excluded Parties List System (EPLS) (Schedule N1-269-10-001).” Approved. https://www.archives.gov/files/records-mgmt/rcs/schedules/independent-agencies/rg-0269/n1-269-10-001_sf115.pdf.
U.S. Congress. “The Federal Records Act: A Legal Overview (IF11119).” Updated August 12, 2022. https://www.congress.gov/crs-product/IF11119.
U.S. Government Accountability Office. “Key causes of improper awards and other payments related to the Excluded Parties List System (EPLS) during fiscal years 2006 and 2007.” February 2, 2009. https://www.gao.gov/assets/a121607.html.
International Society for Pharmaceutical Engineering (ISPE). “Data Integrity.” Accessed October 14, 2025. https://ispe.org/topics/data-integrity.
U.S. Government Accountability Office. “Excluded Parties List System: Suspended and Debarred Businesses and Individuals Improperly Receive Federal Funds (Testimony before Congress).” February 26, 2009. https://www.gsa.gov/about-us/newsroom/congressional-testimony/transparency-and-fairness-in-acquisition-02262009.
U.S. Government Accountability Office. “Excluded Parties List System: Suspended and Debarred Businesses and Individuals Improperly Receive Federal Funds (Highlights of GAO-09-174).” February 2009. https://www.gao.gov/assets/a286497.html.
Justia. “GAO-09-174, Excluded Parties List System.” February 2, 2009. https://gao.justia.com/general-services-administration/2009/2/excluded-parties-list-system-gao-09-174/.
Acquisition.gov. “Transportation Acquisition Regulation; Federal Records Management.” Accessed October 14, 2025. https://www.acquisition.gov/node/54177/printable/print.
U.S. Government Publishing Office. “36 CFR Chapter XII, Subchapter B – Records Management.” 2011. https://www.govinfo.gov/content/pkg/CFR-2011-title36-vol3/pdf/CFR-2011-title36-vol3-chapXII-subchapB.pdf.
U.S. Department of Education. “Federal Records Act.” Accessed October 14, 2025. https://www.ed.gov/about/ed-overview/required-notices/federal-records-act.
National Archives and Records Administration. “Records Schedule N1-269-10-001 (Inactive Status).” Accessed October 14, 2025. https://www.archives.gov/files/records-mgmt/rcs/schedules/independent-agencies/rg-0269/n1-269-10-001_sf115.pdf.
National Archives and Records Administration. “Records retention and disposition schedule for the Excluded Parties List System (EPLS).” Accessed October 14, 2025. https://www.archives.gov/files/records-mgmt/rcs/schedules/independent-agencies/rg-0269/n1-269-10-001_sf115.pdf.
Riddle Compliance. “What is EPLS? Complete Guide to the Excluded Parties List System.” Accessed October 14, 2025. https://riddlecompliance.com/what-is-epls-complete-guide-to-the-excluded-parties-list-system/.
ProviderTrust. “HHS-OIG, GSA-SAM.gov, and State Medicaid Exclusion Lists: What are the Differences?” Accessed October 14, 2025. https://www.providertrust.com/blog/oig-sam-state-medicaid-exclusion-lists-differences/.
Compliance.com. “SAM Replaces EPLS, Make Sure You Are Compliant.” Accessed October 14, 2025. https://www.compliance.com/resources/sam-replaces-epls-make-sure-you-are-compliant/.
Compliance.com. “EPLS Migrates to SAM with Little Fanfare.” Accessed October 14, 2025. https://www.compliance.com/resources/epls-migrates-to-sam-with-little-fanfare/.
U.S. Government. “System for Award Management (SAM.gov).” Accessed October 14, 2025. https://sam.gov/.