Proposed Designation of Databases to the Do Not Pay Working System

AGENCY:

Office of Management and Budget.

ACTION:

Notice of proposed designation.

SUMMARY:

The Payment Integrity Information Act of 2019 (PIIA) authorizes the Office of Management and Budget (OMB) to designate additional databases for inclusion in the Department of the Treasury (Treasury) Do Not Pay Working System under the Do Not Pay Initiative. PIIA requires OMB to provide public notice and an opportunity for comment prior to designating additional databases. In fulfillment of this requirement, OMB is publishing this Notice of Proposed Designation to provide the public an opportunity to comment on the proposed designation of: Treasury's Account Verification Services (AVS); and Treasury's Death Notification Entries (DNE). This notice has a 30-day comment period.

DATES:

Comments must be in writing and must be received by on or before September 30, 2024. At the conclusion of the 30-day comment period, if OMB decides to finalize the designation, OMB will publish a notice in the Federal Register to officially designate the databases.

ADDRESSES:

Comments on this proposal must be submitted electronically before the comment closing date to www.regulations.gov. In submitting comments, please search for recent submissions by OMB to find docket OMB-2024-0006, and follow the instructions for submitting comments. Public comments are valuable, and they will inform OMB Do Not Pay Initiative data designation; however, OMB will not respond to individual submissions.

Privacy Act Statement: OMB is issuing this notice pursuant to PIIA. Submission of comments in response to this Notice of Proposed Designation is voluntary. Comments may be used to inform sound decision making on topics related to this Notice of Proposed Designation. Please note that submissions received in response to this notice may be posted on www.regulations.gov or otherwise released in their entirety, including any personal information, business confidential information, or other sensitive information provided by the commenter. Do not include in your submissions any copyrighted material; information of a confidential nature, such as personal or proprietary information; or any information you would not like to be made publicly available. Comments are maintained under the OMB Public Input System of Records, OMB/INPUT/01; the system of records notice accessible at 88 FR 20913 ( https://www.federalregister.gov/documents/2023/04/07/2023-07452/privacy-act-of-1974-system-of-records ) includes a list of routine uses associated with the collection of this information.

SUPPLEMENTARY INFORMATION:

PIIA codified the Do Not Pay Initiative in Title 31 of the U.S. Code. Prior to enactment of PIIA, the Do Not Pay Initiative was already established by law and underway across the Federal Government. The Do Not Pay Initiative includes multiple resources designed to help Federal agencies in the Executive Branch (hereafter “Federal agencies”), the judicial and legislative branches of the Federal Government, and Federally Funded State Administered (FFSA) programs review payment and award eligibility for purposes of identifying and preventing improper payments. As part of the Do Not Pay Initiative, OMB designated Treasury to host the Do Not Pay Working System, which is a centralized portal through which users can search multiple databases at one time to obtain information about potential payees and awardees. PIIA authorizes OMB to designate additional databases for inclusion in the Do Not Pay Initiative if the database substantially assists in preventing improper payments.

Do Not Pay Working System Privacy, Security, and Legal Implications

Treasury reports that all Do Not Pay Working System users and administrators are required to sign rules of behavior stipulating their responsibilities to minimize risks associated with the use of specific data. Treasury also reports that it has dedicated resources to establish a privacy program based on applicable requirements, the Fair Information Practice Principles (FIPPs), and industry best practices. Treasury reports that its privacy program supports various internal controls in collaboration with Treasury leadership and legal counsel, as well that projects are reviewed by Treasury through a data usage governance process. Treasury has responsibility for compliance with privacy restrictions and manages risks associated with the use of specific data to reduce improper payments for Do Not Pay Working System users.

Treasury risk mitigation measures for the Do Not Pay Working System include maintaining a current and compliant Security Accreditation and Authorization (SA&A) package, in accordance with Federal Information Security Management Act (FISMA) requirements. Additionally, to reduce the likelihood of unauthorized access, login to the Do Not Pay Working System requires Personal Identity Verification (PIV) credentials, Login.gov account management, or ID.ME.

Overview of Designating AVS and DNE

OMB has reviewed the recommendation of Treasury to designate the following two databases for inclusion in the Do Not Pay Working System:

1. AVS: Fiscal Service, under its statutory authorities, provides AVS through a qualified financial institution serving as a designated financial agent. AVS is used widely in both the private and public sectors for bank account validation and identity validation. AVS is most often used prior to initiating a payment to prevent payment fraud and other administrative returns. Bank account verification is a process that confirms the status and ownership of a bank account and is commonly used for electronic payments to help avoid errors, reduce fraud, and protect the accuracy of electronic transactions. Identity verification is used to verify the identity of potential payee or awardee individuals and businesses.

2. DNE: Fiscal Service's DNE data is a subset of its payment/post-payment data provided by federally funded programs disbursing through Fiscal Service. It contains information regarding payees who have been identified as deceased by paying agencies. DNEs are sent to financial institutions to flag a decedent's account to prevent the acceptance of any further post-death Federal benefit payments.

OMB proposes to designate these databases for inclusion in the Do Not Pay Working System because these databases will substantially assist in preventing improper payments. In making this determination, OMB considered the following: (1) statutory or other limitations on the use and sharing of specific data; (2) privacy restrictions and risks associated with specific data; (3) likelihood that the data will strengthen program integrity across programs and agencies; (4) benefits of streamlining access to the data through the central Do Not Pay Initiative; (5) costs associated with expanding or centralizing access, including modifications needed to system interfaces or other capabilities in order to make data accessible; and (6) other policy and stakeholder considerations, as appropriate.

Considerations for Designating AVS and DNE

Fiscal Service has prepared justifications for each of the six factors, as summarized below. These justifications have been reviewed by OMB.

1. Statutory or other limitations on the use and sharing of specific data:

a. There are no statutory or other limitations that would prevent the Do Not Pay Working System from using AVS or DNE data.

2. Privacy restrictions and risks associated with specific data:

a. In evaluating potential privacy risks and compliance measures associated with the designation of these databases, Fiscal Service conducted separate privacy risk assessments for both AVS and DNE. The privacy risk assessments for AVS and DNE aimed to: ensure conformance with applicable legal, regulatory, and policy requirements for privacy; determine the risks and effects; and evaluate protections and alternative processes to mitigate potential privacy risks.

i. AVS: Fiscal Service provides AVS through a qualified financial institution serving as a designated financial agent. The relationship between Fiscal Service and the applicable financial agent is formalized through a Financial Agency Agreement (FAA). Fiscal Service's AVS utilizes a commercial database source of real-time bank data from a network of member banks. The database will be validating identity and bank account information and verifying that the bank account owner matches the intended payee. This information can be used to assist in detecting and preventing government payment fraud. Fiscal Service has determined that AVS does not by itself meet the definition of a system of records under the Privacy Act of 1974 (Privacy Act), as amended, which is codified at 5 U.S.C. 552a(a)(5). However, Do Not Pay Working System users will compare information contained within their respective systems of records (as applicable) against information in the AVS commercial database source. Additionally, and as noted above, before a customer receives access to the Do Not Pay Working System, it is required that the customer sign the Do Not Pay Working System Rules and Behaviors Agreement.

b. DNE: DNEs pertain to deceased persons. The beneficiary/recipient in the DNE is identified as deceased by the originator of the DNE, and, therefore, the DNE data maintained by Fiscal Service would not be covered by the Privacy Act. However, Fiscal Service still employs privacy protections for this information. To ensure that all information (including DNEs) within the overarching Payments, Claims, and Enhanced Reconciliation (PACER) information system security boundary meets minimum security and privacy controls, both living and deceased individuals are afforded the same robust privacy safeguards inherited from the boundary level.

3. Likelihood that the data will strengthen program integrity across programs and agencies:

a. AVS: Access to AVS will strengthen program integrity across programs and agencies by identifying missing, incorrect, and fraudulent account information. In addition to identifying improper payments, implementation of AVS in the front-end of the payment cycle will help agencies prevent improper payments from being sent to the wrong account and individual. AVS will also assist the Federal government in preventing certification of improper payments before disbursement, rather than pursuing a collection after the payment is made.

b. DNE: DNEs would strengthen program integrity across programs and agencies as an additional high-quality source of death information. DNEs are assertions by Federal agencies that a beneficiary or other payee has died. Matches to records contained in the DNE database are expected to be higher confidence than larger datasets as each individual death entry has been verified by the initiating agency according to their due diligence procedure(s).

4. Benefits of streamlining access to the data through the central Do Not Pay Initiative:

a. AVS: It will be beneficial to streamline access to AVS through the Do Not Pay Working System. AVS is provided to Treasury by a financial agent whose services without a central offering would require individual acquisition efforts from non-Treasury agencies. Also, as the operator of the Do Not Pay Working System, Fiscal Service will have the opportunity to offer AVS to FFSA programs. AVS data can be used in coordination with other Do Not Pay and Fiscal Service data products to verify a range of eligibility criteria.

b. DNE: It would be beneficial to streamline access to DNE through the Do Not Pay Working System. DNE records are currently owned by Fiscal Service but are not yet being used across agencies and payments. By designating DNE and expanding its use through the Do Not Pay Working System, more agencies will gain access to a high-quality database.

5. Costs associated with expanding or centralizing access, including modifications needed to system interfaces or other capabilities in order to make data accessible:

a. AVS: Fiscal Service has projected that the cost of AVS would be roughly $11.8 million over the course of five fiscal years. Any costs associated with modifications to system interfaces can be absorbed into the scope of regular development schedules.

b. DNE: Do Not Pay Working System access to DNE data can be expanded at no additional development cost.

6. Other policy and stakeholder considerations:

a. AVS: AVS has been leveraged by Fiscal Service's Office of Payment Integrity (OPI) for analytics projects related to account verification. OPI estimates a return on investment (ROI) between $48 and $431 per dollar spent on AVS searches.

b. DNE: There are no other policy and stakeholder considerations for DNE.

[FR Doc. 2024-18689 Filed 8-28-24; 8:45 am]

BILLING CODE 3110-01-P