[DOCID: f:sr437.110] From the Senate Reports Online via GPO Access [wais.access.gpo.gov] 110th Congress 2d Session SENATE Report 110-437 _______________________________________________________________________ Calendar No. 933 GOVERNMENT CREDIT CARD ABUSE PREVENTION ACT OF 2008 __________ R E P O R T of the COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE to accompany S. 789 TO PREVENT ABUSE OF GOVERNMENT CREDIT CARDS <GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT> August 1, 2008.--Ordered to be printed COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS JOSEPH I. LIEBERMAN, Connecticut, Chairman CARL LEVIN, Michigan SUSAN M. COLLINS, Maine DANIEL K. AKAKA, Hawaii TED STEVENS, Alaska THOMAS R. CARPER, Delaware GEORGE V. VOINOVICH, Ohio MARK L. PRYOR, Arkansas NORM COLEMAN, Minnesota MARY L. LANDRIEU, Louisiana TOM COBURN, Oklahoma BARACK OBAMA, Illinois PETE V. DOMENICI, New Mexico CLAIRE McCASKILL, Missouri JOHN WARNER, Virginia JON TESTER, Montana JOHN E. SUNUNU, New Hampshire Michael L. Alexander, Staff Director Kevin J. Landy, Chief Counsel Nora K. Adkins, GAO Detailee Brandon L. Milhorn, Minority Staff Director and Chief Counsel Richard A. Beutel, Minority Senior Counsel Eric B. Cho, Minority GSA Detailee Trina Driessnack Tyrer, Chief Clerk C O N T E N T S ---------- Page I. Purpose and Summary..............................................1 II. Background and Need for the Legislation..........................1 III. Legislative History..............................................3 IV. Section-by-Section Analysis......................................3 V. Evaluation of Regulatory Impact..................................5 VI. Congressional Budget Office Cost Estimate........................5 VII. Changes in Existing Law Made by the Bill, as Reported............6 Calendar No. 933 110th Congress Report SENATE 2d Session 110-437 ====================================================================== GOVERNMENT CREDIT CARD ABUSE PREVENTION ACT OF 2008 _______ August 1, 2008.--Ordered to be printed _______ Mr. Lieberman, from the Committee on Homeland Security and Governmental Affairs, submitted the following R E P O R T [To accompany S. 789] The Committee on Homeland Security and Governmental Affairs, to which was referred the bill (S. 789) to prevent abuse of Government credit cards, having considered the same, reports favorably thereon with an amendment and recommends that the bill do pass. I. Purpose and Summary S. 789 requires specific internal controls at the agency level to ensure that purchase and travel cards are used only for approved spending and that agencies take appropriate personnel actions for misuse of cards. The bill also makes permanent language that has appeared in appropriations bills for the last several years clarifying and requiring agencies to conduct creditworthiness checks of individuals before they are issued travel cards. As reported, the bill also clarifies that the Office of Management and Budget will be responsible for issuing the new guidelines for purchase cards and travel cards, and requires agencies and their Inspectors General to report to OMB on card abuses and the personnel actions taken by agencies in response to such abuses. II. Background and Need for the Legislation Since 1998, federal departments and agencies have utilized government charge cards through the General Service Administration's (GSA) SmartPay program. Through this program, agencies can issue to employees two different types of cards: purchase cards and travel cards. Government purchase cards are used for the acquisition of commercial goods and services and are paid directly by the agency, while government travel cards are used to pay for individual government travel expenses and issued directly to government employees, who are responsible for the charges. Government charge cards were introduced as a low cost method to streamline government acquisition and travel processes. However, this new tool was implemented without sufficient internal controls to prevent waste, fraud, and abuse. A series of Government Accountability Office (GAO) reports over the last decade have identified inadequate and inconsistent controls across numerous federal agencies with respect to both government purchase and travel cards.\1\ This has led to millions of dollars in taxpayers' money wasted on purchases ranging from those that are outright fraudulent, to ones that were of questionable need or that were unnecessarily expensive. While travel card vendors are not paid directly with taxpayers' money like purchase cards, failure by employees to repay travel card charges results in the loss of millions of dollars in rebates to the Federal Government. --------------------------------------------------------------------------- \1\GAO, Purchase Cards: Increased Management Oversight and Control Could Save Hundreds of Millions of Dollars. GAO-04-717T, Washington, D.C.: April 28, 2004; GAO, Purchase Cards: Steps Taken to Improve DOD Program Management, but Actions Needed to Address Misuse. GAO-03-156, Washington D.C.: December 2, 2003; GAO, Purchase Cards: Control Weaknesses Leave Army Vulnerable to Fraud, Waste, and Abuse. GAO-02- 844T, Washington, D.C.: July 17, 2002; and GAO, Purchase Cards: Control Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse. GAO-02- 32, Washington, D.C.: November 30, 2001. --------------------------------------------------------------------------- Most recently, GAO issued a report in March 2008 entitled Governmentwide Purchase Cards: Actions Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper, and Abusive Purchases.\2\ This report found, despite previous GAO reports on this issue and new regulations, that many of the same internal controls were still lacking in various government agencies with respect to government purchase cards, perpetuating a series of oversight deficiencies leading to waste, fraud, and abuse. --------------------------------------------------------------------------- \2\GAO, Governmentwide Purchase Cards: Actions Needed to Strengthen Internal Controls to Reduce Fraudulent, Improper, and Abusive Purchase. GAO-08-333, Washington D.C.: March 14, 2008. --------------------------------------------------------------------------- The Government Credit Card Abuse Prevention Act is founded upon recommendations by GAO regarding what controls are necessary to prevent the kinds of waste, fraud, and abuse that have been uncovered by GAO and agency inspectors general. It mandates a consistent set of core internal controls that should be utilized by every federal agency to prevent and detect improper use of government charge cards. For example, it mandates the use of innovative technologies to prevent or identify fraudulent purchases. This could include controlling merchant codes to prevent a card from being used with specific vendors who do not provide goods and services that are appropriate for purchase. It could also include utilizing statistical machine learning and pattern recognition technologies that review the risk of various transactions. This technology is currently being used in commercial credit cards to flag purchases that do not fit normal purchasing patterns for cardholders. The Government Credit Card Abuse Prevention Act also provides that each agency inspector general will periodically conduct risk assessments of agency purchase card and travel card programs and perform periodic audits to identify potential fraudulent, improper, and abusive use of government charge cards. GAO and agency inspectors general have successfully used techniques like data mining to reveal instances of improper use of government charge cards. Having this information on an ongoing basis will help in strengthening and maintaining a rigorous system of internal controls to prevent future instances of waste, fraud, and abuse with government charge cards. In addition, GAO's investigations often found inconsistent or nonexistent consequences for federal employees who misused or abused government charge cards. The Government Credit Card Abuse Prevention Act requires that penalties be in place so that employees who abuse government charge cards face consistent and appropriate consequences, including dismissal and even criminal investigation in the most serious cases, thus creating a deterrent effect that will prevent future misuse. In implementing the requirements of the Government Credit Card Abuse Prevention Act, the Committee urges federal agencies to review and utilize best practices for conducting purchase card and travel card programs. In this respect, the GAO's Audit Guide for Auditing and Investigating the Internal Control of Government Purchase Card Programs is a useful summary of the best practices for establishing and monitoring internal controls for government purchase card programs.\3\ --------------------------------------------------------------------------- \3\GAO, Audit Guide: Auditing and Investigating the Internal Control of Government Purchase Card Programs. GAO-03-678G, Washington D.C.: May 1, 2003. --------------------------------------------------------------------------- III. Legislative History On March 7, 2007, S. 789 was introduced by Senator Chuck Grassley and referred to the Senate Committee on Homeland Security and Governmental Affairs. The bill's original co- sponsors were Senators Lieberman, Collins, and Coleman; subsequent co-sponsors included Senators McCaskill, Levin, Carper, and Kerry. On April 10, 2008, S. 789 was reported favorably by the Committee by voice vote as amended by the Lieberman-Collins substitute. The substitute amendment clarifies that the Office of Management and Budget will be responsible for issuing the new guidelines for purchase cards and travel cards. It also requires agencies and their Inspectors General to report to OMB on card abuses and the personnel actions taken by agencies in response to such abuses. Finally, the substitute makes technical and conforming amendments throughout the bill. Members present for the vote on the bill as amended were Senators Lieberman, Levin, Akaka, Carper, Landrieu, McCaskill, Tester, Collins, Voinovich, and Sununu. IV. Section-by-Section Analysis Section 1. Short title Section 1 designates the name of the act as the ``Government Credit Card Abuse Prevention Act of 2008.'' Section 2. Management of purchase cards Subsection (a) requires the head of each executive agency that issues and uses purchase cards and convenience checks to establish and maintain safeguards and internal controls to ensure effective management, such as, keeping a record in each executive agency of each holder of a purchase card issued by the agency for official use, assigning each cardholder an approving official, requiring reconciliation of the charges by the purchase cardholder and approving official and supporting documentation, ensuring payments are made promptly for valid purchases, retaining records of each purchase card transaction in accordance with government policies on disposition of records, and invalidating purchase cards for employees who cease to be employed by the agency or transfer to another unit. Subsection (b) provides that no later than 180 days after the date of the enactment of this Act, the Director of the Office of Management and Budget shall prescribe guidance governing the implementation of the safeguards and internal controls required by subsection (a) by executive agencies. Subsection (c) requires the that the guidance required by subsection (b) provide for appropriate adverse personnel actions or other punishment in cases in which employees of an executive agency violate such safeguards and internal controls or are negligent or engage in misuse, abuse, or fraud with respect to a purchase card, including: from employees who are suspected of fraud, referral to the Inspector General of the agency for investigation, and, upon determination by the Inspector General that a crime may have occurred, referral of the case to the United States Attorney with jurisdiction over the matter, and for employees who are found guilty of fraud or found by the Inspector General of the agency to have egregiously abused a purchase card knowingly and willingly, dismissal of the employee. This subsection also requires that the guidance required by subsection (b) mandate that each head of an executive agency, and each Inspector General of an executive agency, on a semi-annual basis, submit to the Director of the Office of Management and Budget a report on violations or other actions, such as misuses or abuse, by employees of such executive agency. Subsection (d) requires the Inspector General of each executive agency to periodically conduct risk assessments of the agency purchase card programs and analyze identified weaknesses; perform periodic audits of purchase card transactions designed to identify potentially fraudulent, improper, and abusive uses, patterns of improper transactions, and categories of purchases that should be made by means other than purchase cards; report to the head of the executive agency on the results of the audits; and, report to the Director of the Office of Management and Budget and the Comptroller General on the implementation of recommendations made to address findings during audits of purchase cardholders. Subsection (e) provides the definition of an executive agency as having the meaning given such term in section 4(1) of the Office of Federal Procurement Policy Act (41 U.S.C. 403(a)), expect as provided under subsection (f). Subsection (f) provides the relationship to the Department of Defense purchase card regulations and reports conforming amendments to section 2784 of title 10, United States Code. Subsections (a) through (d) do not apply to the Department of Defense. Section 3. Management of travel cards Section 3 amends the Travel and Transportation Reform Act of 1988 Section 2 (Public Law 105-264; 5 U.S.C. 5701 note) by adding new subsections that requires the head of each executive agency to establish safeguards and internal controls over travel cards; requires the director of the Office of Management and Budget to prescribe guidance governing the implementation of the safeguards and internal controls; requires the head of each executive agency and each Inspector General of an executive agency on a semi-annual basis to submit to the director of the Office of Management and Budget a report on violations or other actions; requires the Inspector General of each executive agency to assess the travel card program and report findings to the head of the executive agency, the director of the Office of Management and Budget and the Comptroller General; and provides definitions relevant to the program. Section 4. Management of centrally billed accounts Section 4 requires the head of an executive agency that has employees who use a centrally billed account to establish and maintain safeguards and internal controls. This section also requires the director of the Office of Management of Budget to prescribe guidance implementing the requirements above not later than 180 days after the date of enactment of this Act. V. Evaluation of Regulatory Impact Pursuant to the requirements of paragraph 11(b) of rule XXVI of the Standing Rules of the Senate, the Committee has considered the regulatory impact of this bill. The Congressional Budget Office states that the bill contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandate Reform Act and would not effect state, local, and tribal governments. The enactment of this legislation will not have significant regulatory impact. VI. Congressional Budget Office Cost Estimate April 18, 2008. Hon. Joseph I. Lieberman, Chairman, Committee on Homeland Security and Governmental Affairs, U.S. Senate, Washington, DC. Dear Mr. Chairman: As you requested, the Congressional Budget Office has prepared the enclosed cost estimate for S. 789, the Government Credit Card Abuse Prevention Act of 2008. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contact is Matthew Pickford. Sincerely, Peter R. Orszag. Enclosure. S. 789--Government Credit Card Abuse Prevention Act of 2008 S. 789 would require executive branch agencies to establish credit card controls and safeguards, including periodic risk assessment analysis and audits by inspectors general (IGs). Under the legislation, the Office of Management and Budget (OMB) would be required to issue guidelines for the use of credit cards. In addition, executive branch agencies, IGs, and OMB would be required to produce a variety of reports to the Congress that assess compliance with the new guidelines. Finally, S. 789 would allow for the dismissal of employees found guilty of abusing government credit cards. CBO estimates that implementing S. 789 would cost $85 million over the 2009-2013 period for agencies to conduct additional employee training and agency oversight, develop guidelines, and prepare additional reports, subject to the availability of appropriated funds. The bill could also affect direct spending by agencies not funded through annual appropriations, such as the Tennessee Valley Authority and the Bonneville Power Administration. CBO estimates, however, that any increase in spending by those agencies would not be significant. Implementing S. 789 could improve agencies' control of credit card usage, thus discouraging the fraudulent use of government cards and reducing wasteful and fraudulent purchases. The Government Accountability Office (GAO) recently reported that almost $17 billion is spent using government charge cards each year. GAO found that almost 50 percent of the government credit card transactions it reviewed failed to meet basic internal control standards, including ensuring that goods and services were properly authorized and actually received. To the extent that wasteful or fraudulent uses are discovered by implementing the procedures specified in S. 789, federal spending could decline, assuming that amounts provided in appropriation acts would be correspondingly reduced. However, the extent of improper usage of credit cards is undocumented, and CBO has no basis for estimating the potential savings from improved controls. Most of the provisions of S. 789 would expand the current practices of the federal government regarding the use of credit cards. The General Services Administration is the contract administrator for federal credit cards, while OMB provides overall direction for governmentwide procurement policies, regulations, and procedures. IGs are responsible for preventing and detecting fraud and abuse in government programs and operations. In addition, agencies must actively manage their individual credit card programs by establishing policies and procedures, conducting oversight, and pursuing any unauthorized use of credit cards. Based on information from some agencies about the ongoing costs to administer federal credit cards, CBO estimates that implementing the bill would increase costs by $25 million in 2009, primarily for additional employee training, increased agency oversight, and new reporting requirements, and $15 million annually in subsequent years, mostly for additional oversight responsibilities and reporting requirements. S. 789 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act and would not affect the budgets of state, local, or tribal governments. The CBO staff contact for this estimate is Matthew Pickford. This estimate was approved by Theresa Gullo, Deputy Assistant Director for Budget Analysis. VII. Changes to Existing Law Made by the Bill, as Reported In compliance with paragraph 12 of rule XXVI of the Standing Rules of the Senate, changes in existing law made by S. 789 as reported are shown as follows (existing law proposed to be omitted is enclosed in brackets, new matter is printed in italic, and existing law in which no change is proposed is shown in roman): TITLE 10--ARMED FORCES Subtitle A--General Military Law PART IV--SERVICE, SUPPLY, AND PROCUREMENT CHAPTER 165--ACCOUNTABILITY AND RESPONSIBILITY * * * * * * * SEC. 2784. MANAGEMENT OF PURCHASE CARDS (a) * * * (b) Required Safeguards and Internal Controls.--Regulations under subsection (a) shall include safeguards and internal controls to ensure the following: (1) * * * (11) That each purchase cardholder is assigned an approving official other than the cardholder with the authority to approve or disapprove expenditures. (12) That the Department of Defense utilizes technologies to prevent or identify fraudulent purchases. (13) That the Department of Defense takes appropriate steps to invalidate the purchase card of each employee who-- (A) ceases to be employed by the Department of Defense immediately upon termination of the employment of the employee; or (B) transfers to another unit of the Department of Defense immediately upon the transfer of the employee unless the units are covered by the same purchase card authority. (14) That the Department of Defense takes appropriate steps to recover the cost of any improper or fraudulent purchase made by an employee, including, as necessary, through salary offsets. (15) That the Inspector General of the Department of Defense conducts periodic risk assessments of purchase card programs and associated internal controls and analyzes identified weaknesses and the frequency of improper activity and uses such risk assessments to develop appropriate corrective actions. (c) * * * (d) Semi-Annual Report.--The Secretary of Defense shall submit to the Director of the Office of Management and Budget on a semi-annual basis a report on misuse, abuse, or fraud with respect to purchase cards by employees of the Department of Defense. At a minimum, the report shall include the following: (1) A description of each incident covered by the report. (2) A description of any adverse personnel action, punishment, or other action taken against the employee in connection with each such incident. (3) A description of actions taken by the Department of Defense to address findings arising out of risk assessments and audits conducted pursuant to this section. ---------- TRAVEL AND TRANSPORTATION REFORM ACT OF 1998 (Public Law 105-264; 5 U.S.C. 5701, note) * * * * * * * (a) * * * * * * * * * * (h) Management of Travel Charge Cards.-- (1) Required safeguards and internal controls. The head of each executive agency that has employees that use travel charge cards shall establish and maintain safeguards and internal controls over travel charge cards to ensure the following: (A) There is a record in each executive agency of each holder of a travel charge card issued by the agency for official use, annotated with the limitations on amounts that are applicable to the use of each such card by that travel charge cardholder. (B) Rebates and refunds based on prompt payment on travel charge card accounts are monitored for accuracy and, unless otherwise provided by law, properly recorded as a receipt of the agency that employs the cardholder. (C) Periodic reviews are performed to determine whether each travel charge cardholder has a need for the travel charge card. (D) Appropriate training is provided to each travel charge cardholder and each official with responsibility for overseeing the use of travel charge cards issued by an executive agency. (E) Each executive agency has specific policies regarding the number of travel charge cards issued by various organizations and categories of organizations, the credit limits authorized for various categories of cardholders, and categories of employees eligible to be issued travel charge cards, and that those policies are designed to minimize the financial risk to the Federal Government of theissuance of the travel charge cards and to ensure the integrity of the travel charge cardholders. (F) Each executive agency negotiates with the holder of the applicable travel card contract to evaluate the creditworthiness of an individual before issuing the individual a travel charge card, and that no individual be issued a travel charge card if the individual is found not creditworthy as a result of the evaluation (except that this paragraph shall not preclude issuance of a restricted use travel charge card or pre-paid card when the individual lacks a credit history or has a credit score below the minimum credit score established by the Office of Management and Budget). The Director of the Office of Management and Budget shall establish a minimum credit score for determining the creditworthiness of an individual based on rigorous statistical analysis of the population of cardholders and historical behaviors. Notwithstanding any other provision of law, such evaluation shall include an assessment of an individual's consumer report from a consumer reporting agency as those terms are defined in section 603 of the Fair Credit Reporting Act. (G) Each executive agency utilizes technologies to prevent or identify fraudulent purchases. (H) Each executive agency ensures that the travel charge card of each employee who ceases to be employed by the agency is invalidated immediately upon termination of the employment of the employee. (I) Each executive agency utilizes, where appropriate, direct payment to the holder of the travel card contract. (2) Guidance on management of travel charge cards.-- The Director of the Office of Management and Budget shall prescribe guidance governing the implementation of the safeguards and internal controls in paragraph (1) by executive agencies. (3) Penalties for violations.-- (A) In general.--The regulations prescribed under paragraph (2) shall provide for appropriate adverse personnel actions or other punishment to be imposed in cases in which employees of an executive agency violate such regulations or are negligent or engage in misuse, abuse, or fraud with respect to a travel charge card, including removal in appropriate cases. (B) Reports on violations.--The regulations prescribed under paragraph (2) shall require each head of an executive agency, and each Inspector General of an executive agency, on a semi-annual basis, to submit to the Director of the Office of Management and Budget a report on violations or other actions covered by paragraph (1) by employees of such executive agency. At a minimum, the report shall set forth the following: (i) A description of each violation or other action covered by the report. (ii) A description of any adverse personnel action, punishment, or other action taken against the employee for such violation or other action. (4) Assessments.--The Inspector General of each executive agency shall-- (A) periodically conduct risk assessments of the agency travel card program and associated internal controls and analyze identified weaknesses and the frequency of improper activity in order to develop a plan for using such risk assessments to determine the scope, frequency, and number of periodic audits of travel cardholders; (B) perform periodic audits of travel card purchases designed to identify potentially fraudulent, improper, and abusive uses of travel cards; (C) report to the head of the executive agency concerned on the results of such audits; and (D) report to the Director of the Office of Management and Budget and the Comptroller General on the implementation of recommendations made to the head of the executive agency to address findings during audits of travel cardholders. (5) Definitions.--In this subsection: (A) The term `executive agency' means an agency as that term is defined in section 5701 of title 5, United States Code, except that it is in the executive branch. (B) The term `travel charge card' means the Federal contractor-issued travel charge card that is individually billed to each cardholder. <all>