fdic contract awards 2021
As discussed above, however, the FDICs IGCE did not include the scope and methodology, analyses (both quantitative and qualitative), conclusions, and rationale for the Agencys final procurement decision as suggested by best practices. FDIC will consider and further study potential methodologies for assessing contractor overreliance, including how other agencies make such determinations. Management should also ensure that the statement of work recognizes the procurement of Critical Functions. For example, as noted above, the following agencies noted heightened contracting monitoring, such as: o Develop a Management Oversight Strategy. Upon completion of the corrective actions and before closing the recommendations, we will review the FDICs actions to ensure that the revised acquisition process includes guidance for identifying planned procurements of Critical Functions and implementing heightened contract monitoring for Critical Functions. Due to the dollar value of these procurements, the FDIC submitted and briefed a Board Case to the FDIC Board of Directors to receive authority to award the contracts. the official website and that any information you provide is Any subsequent task orders would be for tech developments issued as standalone projects, worth $112.5 million in total. GAO also found that DHS personnel did not identify specific oversight activities they conducted to mitigate the risk of contractors performing functions in a way that could become inherently governmental. Without such reviews, an agency may become over-reliant on a service provider if it does not have the capacity (number of Federal employees) and capability (Federal employees with appropriate training, experience, and expertise) to understand the agencys requirements, formulate alternatives, manage the work product, monitor the contractors used to support the Federal workforce, and adequately mitigate the potential impact on mission performance if contractors were to default on their obligations. The Federal Deposit Insurance Corporation (FDIC) is an independent agency BASE - September 1, 2021 - August 31, 2023 OPTIONs - September 1, 2023 - August 31, 2026 Scope The FDIC is a non-appropriated entity of the Federal Government. The FDIC has also recently implemented new acquisition initiatives to further improve vendor management, contract oversight, and to reduce the number of non-competitive awards. The FDIC, instead, uses a best value method especially for acquisitions requiring innovative solutions or a high level of technical expertise that allows for the evaluation of technical factors in addition to price and past performance. The FDICs Legal Division provides legal advice and counsel to Contracting Officers to ensure that acquisitions and other contract actions are conducted in accordance with governing laws and FDIC policy. ; OMB: The source identified this item; GAO: The source identified this item; Industry Standard: The source identified this item; Select Federal Agencies: The source identified this item; GAO Recommendations. When procuring Critical Functions, agencies considered strategic human capital planning analyzing agency staff resources, internal capability and capacity, and cost. FDIC puts $487.5 million IT services contract up for bid However, the OIG concluded that the FDIC did not have policies and procedures for identifying critical functions in its contracts and did not implement heightened monitoring activities for the Blue Canopy contracts consistent with the requirements of OMB Policy Letter 11-01. : 1; Corrective Action: Taken or Planned - The FDIC will consider each of the OIGs recommendations and further study the need for additional risk based controls for essential procurements. Moreover, the FDIC determined, in advance of the 2019 contract modifications to increase the contract ceiling on both Blue Canopy contracts, that a new competitive, multi-vendor acquisition strategy should be put in place for the services. Requiring activities should also work with the acquisition office to address the handling of ongoing contracts and the budget and finance offices to secure the necessary funding to support the needed in-house capacity. State Department, FDIC Working on New User Technologies Using Novel DMI Wins a Five-Year HRSA Single-Award Contract with Projected Value of All Awards Contracts Contract IDVs Grants Loans Direct Payments Other Financial Assistance Award Obligations $0 As noted previously, in October 2019, the FDIC changed its procurement strategy for these Critical Functions from two contracts to two BOAs and included multiple service providers on the BOAs. Based on our review of GAO and industry standards,25 procured services involving contractors result in a greater level of inherent risk than an agency directly performing these services. The FDIC did not identify or implement periodic reviews specific to the risks associated with procured services for Critical Functions. According to the FDICs Financial Institution Letter titled Third-Party Risk Guidance for Managing Third-Party Risk (FIL-44-2008) (June 2008), the key to the effective use of a third party in any capacity is for management to appropriately assess, measure, monitor, and control the risks associated with a contractual relationship. banking industry research, including quarterly banking Footnote: 2 GAO reported that [b]est business practices refer to the processes, practices, and systems identified in public and private organizations that performed exceptionally well and are widely recognized as improving an organizations performance and efficiency in specific areas.. In particular, the policy letter states that agencies should determine the type and level of management attention necessary to ensure that functions that should be reserved for Federal performance are not materially limited by or effectively transferred to contractors and that functions suitable for contractor performance are properly managed. Nor did the reports identify any other procured services as Critical Functions of the FDIC. For more than 5 years (from the quarters ended March 2015 to June 2019), DOA submitted a summary status report (an award profile) for only one of the two contracts with Blue Canopy. Keep up with FDIC announcements, read speeches and Federal Deposit Insurance Corporation (FDIC) - USAspending Blue Canopy performed a range of cybersecurity and privacy support services for the FDIC. There is no uniform set of best practices that public and private organizations have agreed upon in the subject area of the OIGs report. The Federal Deposit Insurance Corporation (FDIC) is an Report to the Board planned and procured Critical Functions on an individual and aggregate basis. GAO also found that DHS personnel did not identify specific oversight activities they conducted to mitigate the risk of contractors performing functions in a way that could become inherently governmental. These planning discussions should consider the resources and the expertise required to perform the functions and manage the procurement. The FDIC implemented its established procurement process, but that process did not include an analysis of the underlying services in order to identify the risks and to determine the need for heightened oversight procedures and controls for the procured Critical Functions. The FDIC also completed annual performance reports on Blue Canopy. When DOAs ASB receives an acquisition request from a Program Office, it assigns the request to a Contracting Officer.8 The Deputy Director of the ASB appoints Contracting Officers with the authority to enter into, administer, and terminate contracts on behalf of the FDIC. Finally, the FDIC needed to assure itself that it was comfortable with the risks posed by Blue Canopy and the procured Critical Functions especially if Blue Canopy had not demonstrated that it was adequately prepared for business continuity, resumption, or crisis readiness. Consistent with that approach, the FDIC will continue to adopt those portions of the OMB Policy Letter that support its unique operations, while the Policy Letter overall continues to be inapplicable by operation of law. Recommendation 11: Implement corrective actions when the FDIC determines it is over-reliant on a contractor for a procured Critical Function. Phase 1: Procurement Planning - Program Office and DOA Acquisition Services Branch report to the FDIC Board the planned acquisition of a Critical Function, and provide a procurement risk assessment and management oversight strategy (including planned contract structure and cost effectiveness analysis). The APM also requires program offices to use competition in acquisitions to the maximum extent possible. Footnote: 38 An Award Profile Report is a report that summarizes FDIC contracting activity on a quarterly basis. Management Decision: Partially Concur Corrective Actions: The FDIC currently develops a management oversight strategy to oversee all contractors based on the risk and complexity of the contract. No. Footnote: 34 FDIC Financial Institution Letter titled, Third-Party Risk Guidance for Managing Third-Party Risk (FIL-44-2008) (June 2008). However, in order to mitigate the potential risk of a service providers financial failure, breach of information security protocols, or failure to ensure service continuity, an agency needs to continuously monitor the service providers financial condition and operations. DMI Wins $256M FDIC Task Order | WashingtonExec supervises financial institutions for safety, soundness, and consumer In particular, the FDIC should have a process for ensuring that specific expectations and obligations of both parties are outlined in a written contract prior to entering into the arrangement. b Recommendations will be closed when the OIG confirms that corrective actions have been completed and are responsive. The awards, now in their third year are organised by international engineering federation FIDIC (the International Federation of Consulting Engineers). In particular, the FDIC prepared a Contract Management Plan37 for Blue Canopy to document the joint administrative approach agreed upon by the Contracting Officer and Oversight Manager. These elements are essential components of the heightened review and oversight process for procurements of Critical Functions. The FDIC relied on Blue Canopy to develop, operate, and service the Security Operations Center as well as information and network security. The OIG made 13 recommendations aimed at having the FDIC incorporate provisions of OMB Policy Letter 11 01 into the FDICs policies and procedures, identify critical functions during the procurement process, and implement heightened contract monitoring for critical functions. While OMB Policy Letter 11-01 is inapplicable to the FDIC as a matter of law, the FDICs risk-based acquisition procedures address virtually all of the control factors listed in the Policy Letter and many of these controls were in place for the Blue Canopy contracts. GSA, NASA, USDA, DOE, OCC, and CFPB have policy and procedures, or follow OMB guidance, related to Critical Functions. Challenge, Quarterly Banking Profile for Fourth Quarter 2022, Quarterly Banking Profile for Third Quarter 2022, FDIC Releases 2021 National Survey of Unbanked and Underbanked Households, Financial This arrangement lacked independence and represents a failure on the FDICs part to maintain control of its operations.36 In addition, the absence of heightened contract monitoring processes, such as a procurement risk assessment and periodic reviews of controls and processes for Critical Functions allowed this internal control weakness to remain undetected. Under the 10-year SITE III contract vehicle, contractors will vie for task orders to support DIA's evolving enterprise IT needs. In addition, a prior OIG report, Security Configuration Management of the Windows Server Operating System (AUD-19-004) (January 2019) concluded that Blue Canopy lacked independence. Industry Standard. 514 0 obj <>stream o Develop a Management Oversight Strategy. Best Practices: 2. The FDICs procedures do not separately designate certain contracts as related to critical functions., FDIC Consideration of the OMB Policy Letter and Certain OIG-Identified Practices, The FDIC takes seriously its responsibility to maintain control of its operations and to ensure that it has sufficient and knowledgeable federal staff to oversee contractors, particularly those performing services essential to the FDICs mission. Many of the procurement controls contemplated in the OMB Policy Letter exist within the FDICs current acquisition policies and guidance, without the specific designation of critical functions. Under the FDICs Acquisition Policy Manual (APM), certain functions are so essential to the performance of government responsibilities that they may not be outsourced, namely the performance of inherently governmental functions.3 When contracted services fall short of inherently governmental functions but are closely aligned with them, the FDIC is responsible for building in enhanced controls and management oversight in the design and administration of relevant support contracts. It is key for management to develop a thorough understanding of what the proposed relationship will accomplish for the institution, and why the use of a third party is in its best interests. The company filed for bankruptcy with approximately $2.23 billion in total debt and approximately $1.76 billion in total assets as of September 2008. DRRs contract with Blue Canopy was beyond the scope of this review. Determine contract structure. o The FDICs Implementation of Enterprise Risk Management (EVAL-20-005) July 8, 2020. The site is secure. Since the FDIC did not perform periodic reviews, it did not (1) assess for contractor over-reliance within individual controls and processes or on an aggregate basis; and (2) identify and implement corrective actions needed during the contract management process related to indicators of potential operational/process failures. judgments made by governmental officials21 for all contracts covering Critical Functions. cards. h250R0P050V01R& The FDIC, however, provided no details as to how it plans to do so. Past event Registration date: 1 November, 2021 - 08:30 to 9 December, 2021 - 10:30 The FIDIC Contract Users' Awards aim to recognise excellence in the use of FIDIC contract forms for project delivery and to showcase examples of good practice through collaboration from across the world. The OMB policy letter also states that [w]here a critical function is not inherently governmental, the agency may appropriately consider filling positions dedicated to the function with both Federal employees and contractors. Enterprise Risk Management Risk Inventory. As discussed in this report on Critical Functions, the procedures are not adequate to ensure that periodic reviews are performed to assess the contractor for over-reliance and to identify and implement corrective actions. FDIC acquisitions are accomplished in accordance with the Results of oversight activities for material third-party arrangements should be periodically reported to the financial institutions board of directors or designated committee.. 66y% In addition, the FDIC did not perform a procurement risk assessment and develop a management oversight strategy for procured Critical Functions (identifying heightened controls and processes, and appropriate internal capacity and capability of internal resources) that would have informed the analysis of cost and assured the Agency it could control its own mission and operations. The FDIC relies on contractors to support a range of activities from janitorial to Information Technology support services. To resolve these 12 recommendations, we would expect that the FDIC provide a clear indication of the specific actions within the next 6 months, and we will determine whether the recommendations may be converted to being resolved at that time, or whether they will remain as unresolved. For the 12 unresolved recommendations, the FDIC plans to consider and further study the issues and does not intend to implement corrective actions for another year (between March 31 and June 30, 2022). No. Although NCUA and CFPB did not have an explicit written policy, they noted the actions/procedures they would take to address an instance of contractor over-reliance. Figure 2 illustrates the best practices for identifying planned and procured Critical Functions during the FDICs acquisition process. For example, if not managed and supervised prudently, the agency may: Footnote: 1 According to FDIC Directive 1500.6, Continuity of Operations (COOP) Program (November 2019), Essential Functions are a subset of government functions that are determined to be critical activities. Figure 4 illustrates the best practices for implementing a management oversight strategy as part of the FDICs acquisition process. In making that determination, the officials shall consider the importance that a function holds for the agency and its mission and operations. Routine reports may include performance reports, audits, financial reports, security reports, and business resumption testing reports. As a result, we consider the remaining 12 recommendations to be unresolved at this time. Since then, the FDIC re-organized and placed oversight responsibility within the CIOO OCISO. Procured Critical Functions Not on FDIC Risk Inventory. The MSSP BOA includes provisions which carry monetary penalties should the vendor default against an SLA and incentives to extend the period of performance by demonstrating sustained excellent performance in meeting all SLAs. instruments including, for low dollar non-complex purchases, purchase Contract Reporting. Appropriate legal counsel should also review significant contracts prior to finalization. Ongoing monitoring. Each quarter, the FDIC provides a contract-specific report to the Board of Directors for complex contracts over $5 million and for all contracts over $20 million. In addition, the GSA and OCC report on procurement actions through the Federal Procurement Data System-Next Generation (FPDS-NG),* which includes those designated as Critical Functions. 206 0 obj <>stream Fdic: Pr-70-2021 08/09/2021 OMB Policy Letter 11-01 provides guidance on managing the performance of Inherently Governmental and Critical Functions. FDIC Actions Taken to Address Prior OIG Concerns Regarding Blue Canopy Contracts. Footnote: 36 Security Configuration Management of the Windows Server Operating System (AUD-19-004) (January 2019). While not discussed in detail in the report, we note that the policies and procedures the FDIC followed with respect to the Blue Canopy contracts provided a sound basis for vendor oversight and performance management. By separating the support services, the FDIC could have reduced reliance on one contractor for both sets of services. New FIDIC Green Book short form of contract explained The recommendation was to contract for the services due to the available experience of the private sector and its ability to scale resources more quickly than the FDIC.
Pete Gosher Colorado Springs,
Hoboken Rent Increase Laws,
Geoportal Maps Concordia,
Haunted Hotels In Cancun Mexico,
Talladega High School Football Coach,
Articles F
