Skip to main content

You are here

Advertisement

PBGC IG Report Highlights Application of Technology, Anti-Fraud Effort

Government Affairs

The Office of the Inspector General of the Pension Benefit Guaranty Corporation (PBGC) has issued its semiannual report to Congress. The report covers a wide range of PBGC activities, and places special emphasis on applications of technology and efforts against fraud.

Robert A. Westbrooks, Inspector General for the PBGC, cited those efforts in his remarks at the start of the PBGC’s Semiannual Report to Congress For the Period October 1, 2019 to March 31, 2020. He cited two reports that the office had issued concerning the PBGC during the current fiscal year. “The first report analyzed the Corporation’s cybersecurity performance and IT audit remediation efforts over time. The second report alerted management to fraud vulnerabilities we identified in an ongoing fraud investigation,” wrote Westbrooks. For good measure, he added, “We also concluded a significant criminal investigation involving a former PBGC contractor employee who stole pensioners’ personal information to commit identify theft,” which he termed an “egregious breach of public trust.”  

Improving Processes

The IG reports to Congress that the PBGC “continues to develop and execute corrective actions to remediate previously identified control deficiencies.” It notes that PBGC management continues to implement corrective actions to enhance the valuation tool it uses to calculate its single largest liability and implement IT solutions to mitigate system weaknesses.

The report also says that in fiscal year 2018, the independent assessment of the PBGC’s cybersecurity performance was better than average compared to other small agencies and to Chief Financial Officers Act (CFO Act) agencies. “This is an improvement in PBGC’s performance relative to other agencies,” the report said.

Work to Do

The report outlines actions that the PBGC should take. For instance, the report says that controls over actuarial estimates, and access controls and configuration management, were significant deficiencies in PBGC activities. The IG also says, “Current year testing noted improvements in the effectiveness of the vulnerability management program but identified weaknesses in the areas of patch management, configuration management, and unsupported software.” 

In its audit of the PBGC’s FY 2019 compliance with the Federal Information Security Modernization Act, the IG says that the PBGC’s security program, as in FY 2018, fell below the specified threshold of effectiveness, and achieved an overall “consistently implemented” maturity level. However, it also says that security training and information security continuous monitoring improved.

Deceased Participants Program

The report says that efforts continued under the fraud detection/computer matching initiative to identify deceased participants in the single-employer and multiemployer programs. The IG notes that during the period Oct. 1, 2019-March 31, 2020, it identified 18 deceased participant cases, which were referred to management for termination of benefits and recoupment. “To date,” says the IG, “we have identified 196 instances of improper payment or fraud relating to deceased participants in the single-employer and multiemployer programs and referred those cases to PBGC for coordination to terminate benefit payments and seek recoupment.”