[DOCID: f:sr437.110]
From the Senate Reports Online via GPO Access
[wais.access.gpo.gov]
110th Congress
2d Session SENATE Report
110-437
_______________________________________________________________________
Calendar No. 933
GOVERNMENT CREDIT CARD ABUSE PREVENTION ACT OF 2008
__________
R E P O R T
of the
COMMITTEE ON
HOMELAND SECURITY AND
GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
to accompany
S. 789
TO PREVENT ABUSE OF GOVERNMENT CREDIT CARDS
<GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT>
August 1, 2008.--Ordered to be printed
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
JOSEPH I. LIEBERMAN, Connecticut, Chairman
CARL LEVIN, Michigan SUSAN M. COLLINS, Maine
DANIEL K. AKAKA, Hawaii TED STEVENS, Alaska
THOMAS R. CARPER, Delaware GEORGE V. VOINOVICH, Ohio
MARK L. PRYOR, Arkansas NORM COLEMAN, Minnesota
MARY L. LANDRIEU, Louisiana TOM COBURN, Oklahoma
BARACK OBAMA, Illinois PETE V. DOMENICI, New Mexico
CLAIRE McCASKILL, Missouri JOHN WARNER, Virginia
JON TESTER, Montana JOHN E. SUNUNU, New Hampshire
Michael L. Alexander, Staff Director
Kevin J. Landy, Chief Counsel
Nora K. Adkins, GAO Detailee
Brandon L. Milhorn, Minority Staff Director and Chief Counsel
Richard A. Beutel, Minority Senior Counsel
Eric B. Cho, Minority GSA Detailee
Trina Driessnack Tyrer, Chief Clerk
C O N T E N T S
----------
Page
I. Purpose and Summary..............................................1
II. Background and Need for the Legislation..........................1
III. Legislative History..............................................3
IV. Section-by-Section Analysis......................................3
V. Evaluation of Regulatory Impact..................................5
VI. Congressional Budget Office Cost Estimate........................5
VII. Changes in Existing Law Made by the Bill, as Reported............6
Calendar No. 933
110th Congress Report
SENATE
2d Session 110-437
======================================================================
GOVERNMENT CREDIT CARD ABUSE PREVENTION ACT OF 2008
_______
August 1, 2008.--Ordered to be printed
_______
Mr. Lieberman, from the Committee on Homeland Security and Governmental
Affairs, submitted the following
R E P O R T
[To accompany S. 789]
The Committee on Homeland Security and Governmental
Affairs, to which was referred the bill (S. 789) to prevent
abuse of Government credit cards, having considered the same,
reports favorably thereon with an amendment and recommends that
the bill do pass.
I. Purpose and Summary
S. 789 requires specific internal controls at the agency
level to ensure that purchase and travel cards are used only
for approved spending and that agencies take appropriate
personnel actions for misuse of cards. The bill also makes
permanent language that has appeared in appropriations bills
for the last several years clarifying and requiring agencies to
conduct creditworthiness checks of individuals before they are
issued travel cards.
As reported, the bill also clarifies that the Office of
Management and Budget will be responsible for issuing the new
guidelines for purchase cards and travel cards, and requires
agencies and their Inspectors General to report to OMB on card
abuses and the personnel actions taken by agencies in response
to such abuses.
II. Background and Need for the Legislation
Since 1998, federal departments and agencies have utilized
government charge cards through the General Service
Administration's (GSA) SmartPay program. Through this program,
agencies can issue to employees two different types of cards:
purchase cards and travel cards. Government purchase cards are
used for the acquisition of commercial goods and services and
are paid directly by the agency, while government travel cards
are used to pay for individual government travel expenses and
issued directly to government employees, who are responsible
for the charges.
Government charge cards were introduced as a low cost
method to streamline government acquisition and travel
processes. However, this new tool was implemented without
sufficient internal controls to prevent waste, fraud, and
abuse. A series of Government Accountability Office (GAO)
reports over the last decade have identified inadequate and
inconsistent controls across numerous federal agencies with
respect to both government purchase and travel cards.\1\ This
has led to millions of dollars in taxpayers' money wasted on
purchases ranging from those that are outright fraudulent, to
ones that were of questionable need or that were unnecessarily
expensive. While travel card vendors are not paid directly with
taxpayers' money like purchase cards, failure by employees to
repay travel card charges results in the loss of millions of
dollars in rebates to the Federal Government.
---------------------------------------------------------------------------
\1\GAO, Purchase Cards: Increased Management Oversight and Control
Could Save Hundreds of Millions of Dollars. GAO-04-717T, Washington,
D.C.: April 28, 2004; GAO, Purchase Cards: Steps Taken to Improve DOD
Program Management, but Actions Needed to Address Misuse. GAO-03-156,
Washington D.C.: December 2, 2003; GAO, Purchase Cards: Control
Weaknesses Leave Army Vulnerable to Fraud, Waste, and Abuse. GAO-02-
844T, Washington, D.C.: July 17, 2002; and GAO, Purchase Cards: Control
Weaknesses Leave Two Navy Units Vulnerable to Fraud and Abuse. GAO-02-
32, Washington, D.C.: November 30, 2001.
---------------------------------------------------------------------------
Most recently, GAO issued a report in March 2008 entitled
Governmentwide Purchase Cards: Actions Needed to Strengthen
Internal Controls to Reduce Fraudulent, Improper, and Abusive
Purchases.\2\ This report found, despite previous GAO reports
on this issue and new regulations, that many of the same
internal controls were still lacking in various government
agencies with respect to government purchase cards,
perpetuating a series of oversight deficiencies leading to
waste, fraud, and abuse.
---------------------------------------------------------------------------
\2\GAO, Governmentwide Purchase Cards: Actions Needed to Strengthen
Internal Controls to Reduce Fraudulent, Improper, and Abusive Purchase.
GAO-08-333, Washington D.C.: March 14, 2008.
---------------------------------------------------------------------------
The Government Credit Card Abuse Prevention Act is founded
upon recommendations by GAO regarding what controls are
necessary to prevent the kinds of waste, fraud, and abuse that
have been uncovered by GAO and agency inspectors general. It
mandates a consistent set of core internal controls that should
be utilized by every federal agency to prevent and detect
improper use of government charge cards. For example, it
mandates the use of innovative technologies to prevent or
identify fraudulent purchases. This could include controlling
merchant codes to prevent a card from being used with specific
vendors who do not provide goods and services that are
appropriate for purchase. It could also include utilizing
statistical machine learning and pattern recognition
technologies that review the risk of various transactions. This
technology is currently being used in commercial credit cards
to flag purchases that do not fit normal purchasing patterns
for cardholders.
The Government Credit Card Abuse Prevention Act also
provides that each agency inspector general will periodically
conduct risk assessments of agency purchase card and travel
card programs and perform periodic audits to identify potential
fraudulent, improper, and abusive use of government charge
cards. GAO and agency inspectors general have successfully used
techniques like data mining to reveal instances of improper use
of government charge cards. Having this information on an
ongoing basis will help in strengthening and maintaining a
rigorous system of internal controls to prevent future
instances of waste, fraud, and abuse with government charge
cards.
In addition, GAO's investigations often found inconsistent
or nonexistent consequences for federal employees who misused
or abused government charge cards. The Government Credit Card
Abuse Prevention Act requires that penalties be in place so
that employees who abuse government charge cards face
consistent and appropriate consequences, including dismissal
and even criminal investigation in the most serious cases, thus
creating a deterrent effect that will prevent future misuse.
In implementing the requirements of the Government Credit
Card Abuse Prevention Act, the Committee urges federal agencies
to review and utilize best practices for conducting purchase
card and travel card programs. In this respect, the GAO's Audit
Guide for Auditing and Investigating the Internal Control of
Government Purchase Card Programs is a useful summary of the
best practices for establishing and monitoring internal
controls for government purchase card programs.\3\
---------------------------------------------------------------------------
\3\GAO, Audit Guide: Auditing and Investigating the Internal
Control of Government Purchase Card Programs. GAO-03-678G, Washington
D.C.: May 1, 2003.
---------------------------------------------------------------------------
III. Legislative History
On March 7, 2007, S. 789 was introduced by Senator Chuck
Grassley and referred to the Senate Committee on Homeland
Security and Governmental Affairs. The bill's original co-
sponsors were Senators Lieberman, Collins, and Coleman;
subsequent co-sponsors included Senators McCaskill, Levin,
Carper, and Kerry. On April 10, 2008, S. 789 was reported
favorably by the Committee by voice vote as amended by the
Lieberman-Collins substitute.
The substitute amendment clarifies that the Office of
Management and Budget will be responsible for issuing the new
guidelines for purchase cards and travel cards. It also
requires agencies and their Inspectors General to report to OMB
on card abuses and the personnel actions taken by agencies in
response to such abuses. Finally, the substitute makes
technical and conforming amendments throughout the bill.
Members present for the vote on the bill as amended were
Senators Lieberman, Levin, Akaka, Carper, Landrieu, McCaskill,
Tester, Collins, Voinovich, and Sununu.
IV. Section-by-Section Analysis
Section 1. Short title
Section 1 designates the name of the act as the
``Government Credit Card Abuse Prevention Act of 2008.''
Section 2. Management of purchase cards
Subsection (a) requires the head of each executive agency
that issues and uses purchase cards and convenience checks to
establish and maintain safeguards and internal controls to
ensure effective management, such as, keeping a record in each
executive agency of each holder of a purchase card issued by
the agency for official use, assigning each cardholder an
approving official, requiring reconciliation of the charges by
the purchase cardholder and approving official and supporting
documentation, ensuring payments are made promptly for valid
purchases, retaining records of each purchase card transaction
in accordance with government policies on disposition of
records, and invalidating purchase cards for employees who
cease to be employed by the agency or transfer to another unit.
Subsection (b) provides that no later than 180 days after
the date of the enactment of this Act, the Director of the
Office of Management and Budget shall prescribe guidance
governing the implementation of the safeguards and internal
controls required by subsection (a) by executive agencies.
Subsection (c) requires the that the guidance required by
subsection (b) provide for appropriate adverse personnel
actions or other punishment in cases in which employees of an
executive agency violate such safeguards and internal controls
or are negligent or engage in misuse, abuse, or fraud with
respect to a purchase card, including: from employees who are
suspected of fraud, referral to the Inspector General of the
agency for investigation, and, upon determination by the
Inspector General that a crime may have occurred, referral of
the case to the United States Attorney with jurisdiction over
the matter, and for employees who are found guilty of fraud or
found by the Inspector General of the agency to have
egregiously abused a purchase card knowingly and willingly,
dismissal of the employee. This subsection also requires that
the guidance required by subsection (b) mandate that each head
of an executive agency, and each Inspector General of an
executive agency, on a semi-annual basis, submit to the
Director of the Office of Management and Budget a report on
violations or other actions, such as misuses or abuse, by
employees of such executive agency.
Subsection (d) requires the Inspector General of each
executive agency to periodically conduct risk assessments of
the agency purchase card programs and analyze identified
weaknesses; perform periodic audits of purchase card
transactions designed to identify potentially fraudulent,
improper, and abusive uses, patterns of improper transactions,
and categories of purchases that should be made by means other
than purchase cards; report to the head of the executive agency
on the results of the audits; and, report to the Director of
the Office of Management and Budget and the Comptroller General
on the implementation of recommendations made to address
findings during audits of purchase cardholders.
Subsection (e) provides the definition of an executive
agency as having the meaning given such term in section 4(1) of
the Office of Federal Procurement Policy Act (41 U.S.C.
403(a)), expect as provided under subsection (f).
Subsection (f) provides the relationship to the Department
of Defense purchase card regulations and reports conforming
amendments to section 2784 of title 10, United States Code.
Subsections (a) through (d) do not apply to the Department of
Defense.
Section 3. Management of travel cards
Section 3 amends the Travel and Transportation Reform Act
of 1988 Section 2 (Public Law 105-264; 5 U.S.C. 5701 note) by
adding new subsections that requires the head of each executive
agency to establish safeguards and internal controls over
travel cards; requires the director of the Office of Management
and Budget to prescribe guidance governing the implementation
of the safeguards and internal controls; requires the head of
each executive agency and each Inspector General of an
executive agency on a semi-annual basis to submit to the
director of the Office of Management and Budget a report on
violations or other actions; requires the Inspector General of
each executive agency to assess the travel card program and
report findings to the head of the executive agency, the
director of the Office of Management and Budget and the
Comptroller General; and provides definitions relevant to the
program.
Section 4. Management of centrally billed accounts
Section 4 requires the head of an executive agency that has
employees who use a centrally billed account to establish and
maintain safeguards and internal controls. This section also
requires the director of the Office of Management of Budget to
prescribe guidance implementing the requirements above not
later than 180 days after the date of enactment of this Act.
V. Evaluation of Regulatory Impact
Pursuant to the requirements of paragraph 11(b) of rule
XXVI of the Standing Rules of the Senate, the Committee has
considered the regulatory impact of this bill. The
Congressional Budget Office states that the bill contains no
intergovernmental or private-sector mandates as defined in the
Unfunded Mandate Reform Act and would not effect state, local,
and tribal governments. The enactment of this legislation will
not have significant regulatory impact.
VI. Congressional Budget Office Cost Estimate
April 18, 2008.
Hon. Joseph I. Lieberman,
Chairman, Committee on Homeland Security and Governmental Affairs, U.S.
Senate, Washington, DC.
Dear Mr. Chairman: As you requested, the Congressional
Budget Office has prepared the enclosed cost estimate for S.
789, the Government Credit Card Abuse Prevention Act of 2008.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contact is Matthew
Pickford.
Sincerely,
Peter R. Orszag.
Enclosure.
S. 789--Government Credit Card Abuse Prevention Act of 2008
S. 789 would require executive branch agencies to establish
credit card controls and safeguards, including periodic risk
assessment analysis and audits by inspectors general (IGs).
Under the legislation, the Office of Management and Budget
(OMB) would be required to issue guidelines for the use of
credit cards. In addition, executive branch agencies, IGs, and
OMB would be required to produce a variety of reports to the
Congress that assess compliance with the new guidelines.
Finally, S. 789 would allow for the dismissal of employees
found guilty of abusing government credit cards.
CBO estimates that implementing S. 789 would cost $85
million over the 2009-2013 period for agencies to conduct
additional employee training and agency oversight, develop
guidelines, and prepare additional reports, subject to the
availability of appropriated funds. The bill could also affect
direct spending by agencies not funded through annual
appropriations, such as the Tennessee Valley Authority and the
Bonneville Power Administration. CBO estimates, however, that
any increase in spending by those agencies would not be
significant.
Implementing S. 789 could improve agencies' control of
credit card usage, thus discouraging the fraudulent use of
government cards and reducing wasteful and fraudulent
purchases. The Government Accountability Office (GAO) recently
reported that almost $17 billion is spent using government
charge cards each year. GAO found that almost 50 percent of the
government credit card transactions it reviewed failed to meet
basic internal control standards, including ensuring that goods
and services were properly authorized and actually received. To
the extent that wasteful or fraudulent uses are discovered by
implementing the procedures specified in S. 789, federal
spending could decline, assuming that amounts provided in
appropriation acts would be correspondingly reduced. However,
the extent of improper usage of credit cards is undocumented,
and CBO has no basis for estimating the potential savings from
improved controls.
Most of the provisions of S. 789 would expand the current
practices of the federal government regarding the use of credit
cards. The General Services Administration is the contract
administrator for federal credit cards, while OMB provides
overall direction for governmentwide procurement policies,
regulations, and procedures. IGs are responsible for preventing
and detecting fraud and abuse in government programs and
operations. In addition, agencies must actively manage their
individual credit card programs by establishing policies and
procedures, conducting oversight, and pursuing any unauthorized
use of credit cards. Based on information from some agencies
about the ongoing costs to administer federal credit cards, CBO
estimates that implementing the bill would increase costs by
$25 million in 2009, primarily for additional employee
training, increased agency oversight, and new reporting
requirements, and $15 million annually in subsequent years,
mostly for additional oversight responsibilities and reporting
requirements.
S. 789 contains no intergovernmental or private-sector
mandates as defined in the Unfunded Mandates Reform Act and
would not affect the budgets of state, local, or tribal
governments.
The CBO staff contact for this estimate is Matthew
Pickford. This estimate was approved by Theresa Gullo, Deputy
Assistant Director for Budget Analysis.
VII. Changes to Existing Law Made by the Bill, as Reported
In compliance with paragraph 12 of rule XXVI of the
Standing Rules of the Senate, changes in existing law made by
S. 789 as reported are shown as follows (existing law proposed
to be omitted is enclosed in brackets, new matter is printed in
italic, and existing law in which no change is proposed is
shown in roman):
TITLE 10--ARMED FORCES
Subtitle A--General Military Law
PART IV--SERVICE, SUPPLY, AND PROCUREMENT
CHAPTER 165--ACCOUNTABILITY AND RESPONSIBILITY
* * * * * * *
SEC. 2784. MANAGEMENT OF PURCHASE CARDS
(a) * * *
(b) Required Safeguards and Internal Controls.--Regulations
under subsection (a) shall include safeguards and internal
controls to ensure the following:
(1) * * *
(11) That each purchase cardholder is assigned an
approving official other than the cardholder with the
authority to approve or disapprove expenditures.
(12) That the Department of Defense utilizes
technologies to prevent or identify fraudulent
purchases.
(13) That the Department of Defense takes appropriate
steps to invalidate the purchase card of each employee
who--
(A) ceases to be employed by the Department
of Defense immediately upon termination of the
employment of the employee; or
(B) transfers to another unit of the
Department of Defense immediately upon the
transfer of the employee unless the units are
covered by the same purchase card authority.
(14) That the Department of Defense takes appropriate
steps to recover the cost of any improper or fraudulent
purchase made by an employee, including, as necessary,
through salary offsets.
(15) That the Inspector General of the Department of
Defense conducts periodic risk assessments of purchase
card programs and associated internal controls and
analyzes identified weaknesses and the frequency of
improper activity and uses such risk assessments to
develop appropriate corrective actions.
(c) * * *
(d) Semi-Annual Report.--The Secretary of Defense shall
submit to the Director of the Office of Management and Budget
on a semi-annual basis a report on misuse, abuse, or fraud with
respect to purchase cards by employees of the Department of
Defense. At a minimum, the report shall include the following:
(1) A description of each incident covered by the
report.
(2) A description of any adverse personnel action,
punishment, or other action taken against the employee
in connection with each such incident.
(3) A description of actions taken by the Department
of Defense to address findings arising out of risk
assessments and audits conducted pursuant to this
section.
----------
TRAVEL AND TRANSPORTATION REFORM ACT OF 1998
(Public Law 105-264; 5 U.S.C. 5701, note)
* * * * * * *
(a) * * *
* * * * * * *
(h) Management of Travel Charge Cards.--
(1) Required safeguards and internal controls. The
head of each executive agency that has employees that
use travel charge cards shall establish and maintain
safeguards and internal controls over travel charge
cards to ensure the following:
(A) There is a record in each executive
agency of each holder of a travel charge card
issued by the agency for official use,
annotated with the limitations on amounts that
are applicable to the use of each such card by
that travel charge cardholder.
(B) Rebates and refunds based on prompt
payment on travel charge card accounts are
monitored for accuracy and, unless otherwise
provided by law, properly recorded as a receipt
of the agency that employs the cardholder.
(C) Periodic reviews are performed to
determine whether each travel charge cardholder
has a need for the travel charge card.
(D) Appropriate training is provided to each
travel charge cardholder and each official with
responsibility for overseeing the use of travel
charge cards issued by an executive agency.
(E) Each executive agency has specific
policies regarding the number of travel charge
cards issued by various organizations and
categories of organizations, the credit limits
authorized for various categories of
cardholders, and categories of employees
eligible to be issued travel charge cards, and
that those policies are designed to minimize
the financial risk to the Federal Government of
theissuance of the travel charge cards and to
ensure the integrity of the travel charge cardholders.
(F) Each executive agency negotiates with the
holder of the applicable travel card contract
to evaluate the creditworthiness of an
individual before issuing the individual a
travel charge card, and that no individual be
issued a travel charge card if the individual
is found not creditworthy as a result of the
evaluation (except that this paragraph shall
not preclude issuance of a restricted use
travel charge card or pre-paid card when the
individual lacks a credit history or has a
credit score below the minimum credit score
established by the Office of Management and
Budget). The Director of the Office of
Management and Budget shall establish a minimum
credit score for determining the
creditworthiness of an individual based on
rigorous statistical analysis of the population
of cardholders and historical behaviors.
Notwithstanding any other provision of law,
such evaluation shall include an assessment of
an individual's consumer report from a consumer
reporting agency as those terms are defined in
section 603 of the Fair Credit Reporting Act.
(G) Each executive agency utilizes
technologies to prevent or identify fraudulent
purchases.
(H) Each executive agency ensures that the
travel charge card of each employee who ceases
to be employed by the agency is invalidated
immediately upon termination of the employment
of the employee.
(I) Each executive agency utilizes, where
appropriate, direct payment to the holder of
the travel card contract.
(2) Guidance on management of travel charge cards.--
The Director of the Office of Management and Budget
shall prescribe guidance governing the implementation
of the safeguards and internal controls in paragraph
(1) by executive agencies.
(3) Penalties for violations.--
(A) In general.--The regulations prescribed
under paragraph (2) shall provide for
appropriate adverse personnel actions or other
punishment to be imposed in cases in which
employees of an executive agency violate such
regulations or are negligent or engage in
misuse, abuse, or fraud with respect to a
travel charge card, including removal in
appropriate cases.
(B) Reports on violations.--The regulations
prescribed under paragraph (2) shall require
each head of an executive agency, and each
Inspector General of an executive agency, on a
semi-annual basis, to submit to the Director of
the Office of Management and Budget a report on
violations or other actions covered by
paragraph (1) by employees of such executive
agency. At a minimum, the report shall set
forth the following:
(i) A description of each violation
or other action covered by the report.
(ii) A description of any adverse
personnel action, punishment, or other
action taken against the employee for
such violation or other action.
(4) Assessments.--The Inspector General of each
executive agency shall--
(A) periodically conduct risk assessments of
the agency travel card program and associated
internal controls and analyze identified
weaknesses and the frequency of improper
activity in order to develop a plan for using
such risk assessments to determine the scope,
frequency, and number of periodic audits of
travel cardholders;
(B) perform periodic audits of travel card
purchases designed to identify potentially
fraudulent, improper, and abusive uses of
travel cards;
(C) report to the head of the executive
agency concerned on the results of such audits;
and
(D) report to the Director of the Office of
Management and Budget and the Comptroller
General on the implementation of
recommendations made to the head of the
executive agency to address findings during
audits of travel cardholders.
(5) Definitions.--In this subsection:
(A) The term `executive agency' means an
agency as that term is defined in section 5701
of title 5, United States Code, except that it
is in the executive branch.
(B) The term `travel charge card' means the
Federal contractor-issued travel charge card
that is individually billed to each cardholder.
<all>
�