Proposed Designation of Databases to the Do Not Pay Working System

Issuing agencies

Abstract

The Payment Integrity Information Act of 2019 (PIIA) authorizes the Office of Management and Budget (OMB) to designate additional databases for inclusion in the Department of the Treasury (Treasury) Do Not Pay Working System under the Do Not Pay Initiative. PIIA requires OMB to provide public notice and an opportunity for comment prior to designating additional databases. In fulfillment of this requirement, OMB is publishing this Notice of Proposed Designation to provide the public an opportunity to comment on the proposed designation of: Treasury's Account Verification Services (AVS); and Treasury's Death Notification Entries (DNE). This notice has a 30-day comment period.

Full Text

<html>
<head>
<title>Federal Register, Volume 89 Issue 168 (Thursday, August 29, 2024)</title>
</head>
<body><pre>
[Federal Register Volume 89, Number 168 (Thursday, August 29, 2024)]
[Notices]
[Pages 70208-70210]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2024-18689]


=======================================================================
-----------------------------------------------------------------------

OFFICE OF MANAGEMENT AND BUDGET


Proposed Designation of Databases to the Do Not Pay Working 
System

AGENCY: Office of Management and Budget.

ACTION: Notice of proposed designation.

-----------------------------------------------------------------------

SUMMARY: The Payment Integrity Information Act of 2019 (PIIA) 
authorizes the Office of Management and Budget (OMB) to designate 
additional databases for inclusion in the Department of the Treasury 
(Treasury) Do Not Pay Working System under the Do Not Pay Initiative. 
PIIA requires OMB to provide public notice and an opportunity for 
comment prior to designating additional databases. In fulfillment of 
this requirement, OMB is publishing this Notice of Proposed Designation 
to provide the public an opportunity to comment on the proposed 
designation of: Treasury's Account Verification Services (AVS); and 
Treasury's Death Notification Entries (DNE). This notice has a 30-day 
comment period.

DATES: Comments must be in writing and must be received by on or before 
September 30, 2024. At the conclusion of the 30-day comment period, if 
OMB decides to finalize the designation, OMB will publish a notice in 
the Federal Register to officially designate the databases.

ADDRESSES: Comments on this proposal must be submitted electronically 
before the comment closing date to <a href="http://www.regulations.gov">www.regulations.gov</a>. In submitting 
comments, please search for recent submissions by OMB to find docket 
OMB-2024-0006, and follow the instructions for submitting comments. 
Public comments are valuable, and they will inform OMB Do Not Pay 
Initiative data designation; however, OMB will not respond to 
individual submissions.
    Privacy Act Statement: OMB is issuing this notice pursuant to PIIA. 
Submission of comments in response to this Notice of Proposed 
Designation is voluntary. Comments may be used to inform sound decision 
making on topics related to this Notice of Proposed Designation. Please 
note that submissions received in response to this notice may be posted 
on <a href="http://www.regulations.gov">www.regulations.gov</a> or otherwise released in their entirety, 
including any personal information, business confidential information, 
or other sensitive information provided by the commenter. Do not 
include in your submissions any copyrighted material; information of a 
confidential nature, such as personal or proprietary information; or 
any information you would not like to be made publicly available. 
Comments are maintained under the OMB Public Input System of Records, 
OMB/INPUT/01; the system of records notice accessible at 88 FR 20913 
(<a href="https://www.federalregister.gov/documents/2023/04/07/2023-07452/privacy-act-of-1974-system-of-records">https://www.federalregister.gov/documents/2023/04/07/2023-07452/privacy-act-of-1974-system-of-records</a>) includes a list of routine uses 
associated with the collection of this information.

FOR FURTHER INFORMATION CONTACT: Rebecca Rowe, Policy Analyst, Office 
of Federal Financial Management, OMB (telephone: 202-395-3993; email: 
<a href="/cdn-cgi/l/email-protection#7c2c1d0511191208351208191b0e1508053c13111e5219130c521b130a"><span class="__cf_email__" data-cfemail="0b5b6a72666e657f42657f6e6c79627f724b646669256e647b256c647d">[email&#160;protected]</span></a>).

SUPPLEMENTARY INFORMATION: PIIA codified the Do Not Pay Initiative in 
Title 31 of the U.S. Code. Prior to enactment of PIIA, the Do Not Pay 
Initiative was already established by law and underway across the 
Federal Government.\1\ The Do Not Pay Initiative includes multiple 
resources designed to help Federal agencies in the Executive Branch 
(hereafter ``Federal agencies''), the judicial and legislative branches 
of the Federal Government, and Federally Funded State Administered 
(FFSA) programs review payment and award eligibility for purposes of 
identifying and preventing improper payments. As part of the Do Not Pay 
Initiative, OMB designated Treasury to host the Do Not Pay Working 
System, which is a centralized portal through which users can search 
multiple databases at one time to obtain information about potential 
payees and awardees. PIIA \2\ authorizes OMB to designate additional 
databases for inclusion in the Do Not

[[Page 70209]]

Pay Initiative \3\ if the database substantially assists in preventing 
improper payments.
---------------------------------------------------------------------------

    \1\ The Improper Payments Elimination and Recovery Improvement 
Act of 2012, Public Law 112-248, first established the Do Not Pay 
Initiative.
    \2\ Codified at 31 U.S.C. 3351-58.
    \3\ 31 U.S.C. 3354(b)(1)(B). OMB designated the Department of 
the Treasury to host the Do Not Pay Working System. The Do Not Pay 
Working System is part of the broader Do Not Pay Initiative.
---------------------------------------------------------------------------

Do Not Pay Working System Privacy, Security, and Legal Implications

    Treasury reports that all Do Not Pay Working System users and 
administrators are required to sign rules of behavior stipulating their 
responsibilities to minimize risks associated with the use of specific 
data. Treasury also reports that it has dedicated resources to 
establish a privacy program based on applicable requirements, the Fair 
Information Practice Principles (FIPPs), and industry best practices. 
Treasury reports that its privacy program supports various internal 
controls in collaboration with Treasury leadership and legal counsel, 
as well that projects are reviewed by Treasury through a data usage 
governance process. Treasury has responsibility for compliance with 
privacy restrictions and manages risks associated with the use of 
specific data to reduce improper payments for Do Not Pay Working System 
users.
    Treasury risk mitigation measures for the Do Not Pay Working System 
include maintaining a current and compliant Security Accreditation and 
Authorization (SA&A) package, in accordance with Federal Information 
Security Management Act (FISMA) requirements. Additionally, to reduce 
the likelihood of unauthorized access, login to the Do Not Pay Working 
System requires Personal Identity Verification (PIV) credentials, 
<a href="http://Login.gov">Login.gov</a> account management, or ID.ME.

Overview of Designating AVS and DNE

    OMB has reviewed the recommendation of Treasury to designate the 
following two databases for inclusion in the Do Not Pay Working System:
    1. AVS: Fiscal Service, under its statutory authorities, provides 
AVS through a qualified financial institution serving as a designated 
financial agent. AVS is used widely in both the private and public 
sectors for bank account validation and identity validation. AVS is 
most often used prior to initiating a payment to prevent payment fraud 
and other administrative returns. Bank account verification is a 
process that confirms the status and ownership of a bank account and is 
commonly used for electronic payments to help avoid errors, reduce 
fraud, and protect the accuracy of electronic transactions. Identity 
verification is used to verify the identity of potential payee or 
awardee individuals and businesses.
    2. DNE: Fiscal Service's DNE data is a subset of its payment/post-
payment data provided by federally funded programs disbursing through 
Fiscal Service. It contains information regarding payees who have been 
identified as deceased by paying agencies. DNEs are sent to financial 
institutions to flag a decedent's account to prevent the acceptance of 
any further post-death Federal benefit payments.
    OMB proposes to designate these databases for inclusion in the Do 
Not Pay Working System because these databases will substantially 
assist in preventing improper payments. In making this determination, 
OMB considered the following: (1) statutory or other limitations on the 
use and sharing of specific data; (2) privacy restrictions and risks 
associated with specific data; (3) likelihood that the data will 
strengthen program integrity across programs and agencies; (4) benefits 
of streamlining access to the data through the central Do Not Pay 
Initiative; (5) costs associated with expanding or centralizing access, 
including modifications needed to system interfaces or other 
capabilities in order to make data accessible; and (6) other policy and 
stakeholder considerations, as appropriate.

Considerations for Designating AVS and DNE

    Fiscal Service has prepared justifications for each of the six 
factors, as summarized below. These justifications have been reviewed 
by OMB.
    1. Statutory or other limitations on the use and sharing of 
specific data:
    a. There are no statutory or other limitations that would prevent 
the Do Not Pay Working System from using AVS or DNE data.
    2. Privacy restrictions and risks associated with specific data:
    a. In evaluating potential privacy risks and compliance measures 
associated with the designation of these databases, Fiscal Service 
conducted separate privacy risk assessments for both AVS and DNE. The 
privacy risk assessments for AVS and DNE aimed to: ensure conformance 
with applicable legal, regulatory, and policy requirements for privacy; 
determine the risks and effects; and evaluate protections and 
alternative processes to mitigate potential privacy risks.
    i. AVS: Fiscal Service provides AVS through a qualified financial 
institution serving as a designated financial agent. The relationship 
between Fiscal Service and the applicable financial agent is formalized 
through a Financial Agency Agreement (FAA). Fiscal Service's AVS 
utilizes a commercial database source of real-time bank data from a 
network of member banks. The database will be validating identity and 
bank account information and verifying that the bank account owner 
matches the intended payee. This information can be used to assist in 
detecting and preventing government payment fraud. Fiscal Service has 
determined that AVS does not by itself meet the definition of a system 
of records under the Privacy Act of 1974 (Privacy Act),\4\ as amended, 
which is codified at 5 U.S.C. 552a(a)(5).\5\ However, Do Not Pay 
Working System users will compare information contained within their 
respective systems of records (as applicable) against information in 
the AVS commercial database source. Additionally, and as noted above, 
before a customer receives access to the Do Not Pay Working System, it 
is required that the customer sign the Do Not Pay Working System Rules 
and Behaviors Agreement.
---------------------------------------------------------------------------

    \4\ Public Law 93-579.
    \5\ The AVS is not under the control of the Fiscal Service, but 
rather is provided by its designated financial agent.
---------------------------------------------------------------------------

    b. DNE: DNEs pertain to deceased persons. The beneficiary/recipient 
in the DNE is identified as deceased by the originator of the DNE, and, 
therefore, the DNE data maintained by Fiscal Service would not be 
covered by the Privacy Act. However, Fiscal Service still employs 
privacy protections for this information. To ensure that all 
information (including DNEs) within the overarching Payments, Claims, 
and Enhanced Reconciliation (PACER) information system security 
boundary meets minimum security and privacy controls, both living and 
deceased individuals are afforded the same robust privacy safeguards 
inherited from the boundary level.
    3. Likelihood that the data will strengthen program integrity 
across programs and agencies:
    a. AVS: Access to AVS will strengthen program integrity across 
programs and agencies by identifying missing, incorrect, and fraudulent 
account information. In addition to identifying improper payments, 
implementation of AVS in the front-end of the payment cycle will help 
agencies prevent improper payments from being sent to the wrong account 
and individual. AVS will also assist the Federal government in 
preventing certification of improper payments before disbursement, 
rather

[[Page 70210]]

than pursuing a collection after the payment is made.
    b. DNE: DNEs would strengthen program integrity across programs and 
agencies as an additional high-quality source of death information. 
DNEs are assertions by Federal agencies that a beneficiary or other 
payee has died. Matches to records contained in the DNE database are 
expected to be higher confidence than larger datasets as each 
individual death entry has been verified by the initiating agency 
according to their due diligence procedure(s).
    4. Benefits of streamlining access to the data through the central 
Do Not Pay Initiative:
    a. AVS: It will be beneficial to streamline access to AVS through 
the Do Not Pay Working System. AVS is provided to Treasury by a 
financial agent whose services without a central offering would require 
individual acquisition efforts from non-Treasury agencies. Also, as the 
operator of the Do Not Pay Working System, Fiscal Service will have the 
opportunity to offer AVS to FFSA programs. AVS data can be used in 
coordination with other Do Not Pay and Fiscal Service data products to 
verify a range of eligibility criteria.
    b. DNE: It would be beneficial to streamline access to DNE through 
the Do Not Pay Working System. DNE records are currently owned by 
Fiscal Service but are not yet being used across agencies and payments. 
By designating DNE and expanding its use through the Do Not Pay Working 
System, more agencies will gain access to a high-quality database.
    5. Costs associated with expanding or centralizing access, 
including modifications needed to system interfaces or other 
capabilities in order to make data accessible:
    a. AVS: Fiscal Service has projected that the cost of AVS would be 
roughly $11.8 million over the course of five fiscal years. Any costs 
associated with modifications to system interfaces can be absorbed into 
the scope of regular development schedules.
    b. DNE: Do Not Pay Working System access to DNE data can be 
expanded at no additional development cost.
    6. Other policy and stakeholder considerations:
    a. AVS: AVS has been leveraged by Fiscal Service's Office of 
Payment Integrity (OPI) for analytics projects related to account 
verification. OPI estimates a return on investment (ROI) between $48 
and $431 per dollar spent on AVS searches.
    b. DNE: There are no other policy and stakeholder considerations 
for DNE.

Shalanda Young,
Director, Office of Management & Budget.
[FR Doc. 2024-18689 Filed 8-28-24; 8:45 am]
BILLING CODE 3110-01-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>