OIG Issues Report on SBA’s Implementation of PIV Card Issuance System.
On October 6, 2008, the OIG issued an audit report on SBA’s implementation of a system for issuing Personal Identity Verification (PIV) cards in accordance with Homeland Security Presidential Directive 12 (HSPD-12). To comply with HSPD-12, SBA developed the Identity Management System (IDMS).
Our review determined that SBA had not fully satisfied any of three Office of Management and Budget (OMB) requirements that were to be implemented by October 2007, and would not meet a fourth set for October 2008. Moreover, SBA did not follow systems development protocol or conduct acceptance testing when introducing major software and hardware changes. Consequently, IDMS experienced server freezes, data integrity issues, user processing bottlenecks, and problems capturing and verifying fingerprints, among other issues. SBA also did not follow its own capital investment policy, outlined in its Systems Development Manual, to ensure that IDMS was managed within budget and schedule and complied with OMB requirements for project funding. According to the Agency’s Capital Planning Investment Control procedures, when major IT investments cost more than $200,000 in a single year or more than $500,000 over 3 years, Earned Value Management (EVM) techniques must be used to manage the project.
Based on the significant risk of maintaining personal identity information on a system that has not undergone the required security reviews, together with other findings, we recommended that SBA: (1) immediately cease IDMS operations until the system is deemed capable of protecting the privacy data it contains; (2) implement the provisions of NIST 800-79-1 and FIPS 201-1 by securing a Certification and Accreditation (C&A) of the Agency as a PIV Card
Issuing Organization, an accreditation of all HSPD-12 products and services provided by third parties, and a security C&A of IDMS; (3) conduct acceptance tests to ensure that IDMS meets functional requirements, including reading and authenticating the digital certificates on PIV cards; (4) use EVM techniques to manage project performance; and (5) report to OMB, as required, a baseline plan for accomplishing the project’s objectives.
Business Loan Programs
Grocery Store Owner Pleads Guilty.
On October 1, 2008, the former owner of a Virginia grocery store pled guilty to one count of wire fraud. The charges related to a $690,000 SBA-guaranteed business loan that was secured by her home. The investigation disclosed that the former store owner downloaded bank letterhead from the internet and created a fraudulent release of lien. As a Virginia notary, she notarized the fraudulent release of lien and then posed as a bank official to record it at the Fairfax County Land Record Office. She then refinanced her home and received a cash payout of approximately $158,000. During a routine asset check, bank officials discovered the fraudulent release of lien and reported their findings to SBA’s National Guaranty Purchase Center and the OIG. She defaulted on the loan, which resulted in a loss to SBA of $317,710.
Disaster Loan Program
Florida Business Owner Indicted.
On October 2, 2008, the president of a Florida consulting firm was indicted on one count of false statements. She allegedly made a false statement for the purpose of obtaining a $95,000 SBA disaster loan to be used as working capital to alleviate economic injury incurred by her business as a result of Hurricane Wilma. The investigation disclosed that, rather than injecting the loan funds into the business, she spent a substantial portion at two gaming establishments in the South Florida area.
Company President Sentenced.
On October 14, 2008, the former president of a Nicaraguan mining company, with offices in Miami, Florida, was sentenced to 3 months in prison and 5 years supervised release after pleading guilty to one count of accessory after the fact. The charges relate to his assisting a co-conspirator, the former president and owner of an auto supply company, in negotiating a fraudulently received two-party check. After the September 11, 2001, terrorist attacks in New York City, the co-conspirator applied for and received a $646,900 SBA disaster loan for his company to pay outstanding debts. The co-conspirator received a two-party check for $86,200, payable jointly to his company and the mining company. At the co-conspirator’s request, the mining company’s owner deposited the check into his company’s account, kept $12,000 that the mining company was actually owed, and wire transferred the balance to the co-conspirator. The OIG is conducting this investigation jointly with the U.S. Postal Inspection Service.
Louisiana Woman Pleads Guilty. On October 15, 2008, a Louisiana woman entered a guilty plea to a criminal information charging her with one count of false statements. She applied for both home and business SBA disaster loans to repair damage caused by Hurricane Katrina to her residence and rental properties, but was only qualified for one of the loans. She chose to receive the home loan, which charged a lower interest rate, and certified to SBA that she would apply all proceeds of the loan to repair her residential property and had retained a general contractor to perform the repairs for $130,000. The investigation disclosed, however, that she used part of the loan proceeds to repair her rental properties, and only retained a contractor for $16,500 in repairs to her residence. The SBA OIG is conducting this investigation jointly with the Housing and Urban Development-OIG
Government Contracting and Business Development
Seizure Warrants Executed.
On October 22, 2008, three seizure warrants were executed on bank accounts belonging to two contracting companies. A total of $2,508,260.24 was seized. The seizures were based on probable cause that the first company engaged in a scheme to obtain HUBZone set-aside contracts with the Department of Defense. The company allegedly obtained its HUBZone status through the use of a sham principal office. The second company benefited from the scheme by working as a subcontractor on the contracts awarded to the first company. The OIG is conducting this investigation jointly with the Defense Criminal Investigative Service and the U.S. Army Criminal Investigations Command.
Maryland Businessman Sentenced.
On October 30, 2008, a Maryland businessman was sentenced to 30 days in jail, 6 months home confinement, 18 months supervised release, a $20,000 fine, and a $100 special assessment fee. The businessman, a non-disadvantaged individual involved with three Maryland SBA 8(a)-certified demolition and asbestos abatement companies, previously pled guilty to one count of conspiracy to defraud SBA. The 8(a) program requires that a disadvantaged individual have control and ownership of the 8(a) company in order for the company to participate in the program. The businessman conspired with others to violate this requirement by not disclosing that non-disadvantaged individuals provided critical bonding, insurance, financial support, and control over the companies. Between 2002 and 2004, without SBA’s knowledge and approval, the businessman and his co-conspirators received approximately $900,000 more in bonuses and salaries than the president of one of the 8(a) firms. The OIG is conducting this investigation jointly with the Environment Protection Agency-Criminal Investigative Division (CID), the Naval Criminal Investigative Service, the Internal Revenue Service-CID, and the Federal Bureau of Investigation.
This monthly update is produced by the SBA OIG, Peter L. McClintock, Acting Inspector General.
The OIG has established an e-mail address (firstname.lastname@example.org) that we encourage the public to use to communicate with our office. We welcome your comments concerning this update or other OIG publications. To obtain copies of these documents please contact:
409 Third Street SW., 7th Floor
Washington, DC 20416
Telephone number (202) 205-6586
FAX number (202) 205-7382
Most OIG reports may be obtained online at:
If you suspected that there has been waste, fraud, or
abuse in any SBA program, please call:
TOLL-FREE at (800) 767-0385