Preventing Misuse and Abuse in Your Program - Citibank · DoD GTC Travel. 4. This course is ... Preventing Misuse and Abuse in Your Card Program. ... 34. Preventing Misuse and Abuse

Preventing Misuse and Abuse in Your Program

Steve BabineVice President, Citi

2011 GSA SmartPay® Training Conference

A Winning Hand: Solutions, Savings and Sustainability with GSA SmartPayThe 13th Annual GSA SmartPay Training Conference, Las Vegas

3

To ensure the best possible learning experience for participants, please adhere to the following house rules:

• Turn cell phones and pagers to vibrate• Hold questions until end of session• Ensure your participant badge is scanned to receive CLP credits− For each course− Must leave room and reenter

• Take advantage of opportunities to provide feedback − Please select the Citi Q&A icon on any Citi PC at the conference− Answers to be emailed within 60 days after the conference

House Rules

Preventing Misuse and Abuse in Your Card Program

DoD GTC Travel

4

This course is designed to assist you in achieving the following objectives:

• Understanding the difference between Fraud and Misuse

• Improving your ability to identify potential misuse by your program personnel

Goals and Objectives


DoD GTC Travel

5

Fraud and Misuse – Definitions– Understanding the Difference

Program Oversight– Policies, Procedures and Controls – Risk Management– Detective Controls

Tools and Resources – Data Mining– Management Reports

Best Practices

Agenda


DoD GTC Travel

1. Fraud and Misuse


6

7


Definitions

Misuse: Cardholder uses his/her own card for transactions not permitted per policy

Fraud: A person or entity other than the cardholder makes transactions using the cardholder’s account

Important Notes: − Card providers do NOT classify misuse as fraud,

therefore, cases of misuse cannot be disputed− The cardholder is liable for all transactions classified as

misuse− Misuse by employees impacts the performance of your

program and rebate earnings potential

Fraud and Misuse DoD GTC Travel

2. Program Oversight


8

9


Overview

Internal policies and procedures– Update, communicate, post– Program parameters

Who should receive a card? Card cancellation procedures – inactive

accounts, exiting employees

Training– Office of Management and Budget (OMB) requires

training for cardholders, A/OPCs and AOs/ Certifying Officials

– Retain training certificates in employee file

Agency Management Plan– Must be submitted annually to OMB

Program Oversight DoD GTC Travel

10


Overview

Travel and Transportation Reform Act of 1998

DoD Financial Management Regulation, Vol. 9 Chapter 3

OMB A-123, Appendix B

DTMO: http://www.defensetravel.dod.mil/

Service-specific policies:– Army – http://www.asafm.army.mil– Department of Navy – https://navsup.navy.mil/ccpmd– USMC – http://www.marines.mil/units/hgmc/pandr/gtcc– Air Force – https://www.my.af.mil.afknprod/afgtc


http://www.defensetravel.dod.mil/�

http://www.asafm.army.mil/�

https://navsup.navy.mil/ccpmd�

http://www.marines.mil/units/hgmc/pandr/gtcc�

https://www.my.af.mil.afknprod/afgtc�

11


Establishing and Maintaining Controls

Establish POLICIES to prevent misuse by explicitly outlining:– Time frames for canceling inactive cards

and cards for exiting/retiring employees– Who should receive a card– Entitlements: Who should have

authority to make changes to accounts– Controls on cards – credit limit, single

purchase limit, velocity limits, merchant category code groups, restricted card limits, etc.

– Expense Reporting System – tie in travel policy

– Cash Advance limits/controls


12



Establish PROCEDURES to prevent misuse by explicitly outlining:– How to cancel cards for exiting employees– How to determine if unauthorized users

have access to cards– How to obtain, change and close an

account– Policy training for users– Reconciliation process– Audit process and frequency– Authorization controls


13


Risk Management Controls

Spending Controls– Credit and Cash– Merchant Category Codes– Transaction limits– Use of reporting tools to monitor card

usage


14


APC Credit Limit Entitlements – Department of Defense (Uniformed)


Standard Default

APC (HL4 – 7)Approval Maximum

APC (HL3)Approval Maximum

CPM (HL2)Approval Maximum

DTMO (H1)Approval Maximum

Credit $7,500 $10,000 $15,000 $25,000 No MaximumTravel $7,500 $10,000 $15,000 $25,000 No MaximumCash $665 $5,015 $10,015 $25,000 No MaximumRetail $250 $500 $1,000 $2,000 No Maximum

Restricted Default





Credit $4,000 $7,500 $10,000 $25,000 No MaximumTravel $4,000 $7,500 $10,000 $25,000 No MaximumCash $365 $2,015 $4,015 $25,000 No MaximumRetail $100 $200 $500 $2,000 No Maximum

15


APC Credit Limit Entitlements – Independent Agencies* CPMs are listed under HL3, therefore have CPM approval


Standard Default





Credit $7,500 $10,000 $15,000 $25,000 No MaximumTravel $7,500 $10,000 $15,000 $25,000 No MaximumCash $665 $5,015 $10,015 $25,000 No MaximumRetail $250 $500 $15,000 $25,000 No Maximum

Restricted Default





Credit $4,000 $7,500 $10,000 $25,000 No MaximumTravel $4,000 $7,500 $10,000 $25,000 No MaximumCash $365 $2,015 $4,015 $25,000 No MaximumRetail $100 $200 $500 $2,000 No Maximum

16



Account Controls– Manage delinquency– Implement proper training for

cardholders (new cardholder and refresher training)

– Maintain training certificates in a database or personnel records


17



Audit Controls– Review charge card statements and

account activity reports to identify questionable or suspicious transactions

– Review ATM transactions– Contact employees about questionable or

suspicious transactions– Initiate administrative and/or disciplinary

action


18


Detective Controls

Cues to misuse and abuse can be determined by asking “Who,” “What,” “Where,” “When,” “Why” and “How Much”

Location of transaction

Time

Vendor

Transaction Type

Transaction Size

Reconciliation


19




OMB Circular A-123 Management Plan

“Yes… submit not later than January 31 of each calendar year.”

“minimize the potential for fraud, misuse, and delinquency.”

2.1 Are agencies required to develop and maintain a charge card management plan?

2.2 Why is maintaining a plan important?

20



OMB Circular A-123 Management Plan (continued)

“Management controls, policies, and practices for ensuring appropriate charge card usage and oversight of payment delinquencies, fraud, misuse, or abuse;”

“Explanation of how available reports and data are used for monitoring delinquency, misuse, performance metrics, spend analysis, and other relevant transactions and program management issues;”

3. Tools and Resources


21

22


Tools and Resources: CitiManager DoD GTC Travel

23


CCMS Controls on Modify Account Screen

Tools and Resources: CCMS DoD GTC Travel

24


CCMS Controls on Modify Account Screen


25


Comments Free Text Field


26


Comments Free Text Field (continued)


27


Comments – Viewing Comments from “View Account” Tab


28


Data Mining

Defined:

Data mining is the practice of searching through large amounts of computerized data to find useful patterns or trends

– Britannica.com

Data mining can be done through the creation and analysis of management reports

Card associations also offer data mining support and solutions

Tools and Resources DoD GTC Travel

29


Data Mining – Examples of Activities Targeted

Cash advances made with no other charges

Recurring purchases from relatively unknown sources/vendors

No associated travel authorization to match charges

Unusual vendor

Out-of-policy transactions

Tools and Resources

1. Need to study data and perform continuous monitoring

2. Remember, everything is not always as it seems

DoD GTC Travel

30


Tools and Resources: CCRS DoD GTC Travel

31


Account Activity Text File – CD100T


32


Tools and Resources: CCRS


DoD GTC Travel

33



Examples of Merchant Names, MCC, Merchant City and Merchant State


34


All Transaction Report Example


35


Screen print of CCRS Reports including Account Listing with activate start and end dates and Airline Credit Report - CD1125


36


Screen print of Report Results including details on Airlines (Merchant name) and transaction amounts including Credits and Debits


37


Screen print of CCRS Reports highlighting ATM Cash Report and Blocked MCC


38



39


Screen print including an example of the ATM Cash Report


40



41


Example of Non-travel Activity Report Results


Account Name Current Balance Trans Date MCC Merchant Name Merchant City Merchant State Total Amount

ESLICH, STACY 586.55 7/13/2010 5541 CHEVRON 00207046 COVE FORT UT 5.13

ESLICH, STACY 586.55 7/13/2010 5814 SUBWAY 00397000 BEAVER UT 9.27

ESLICH, STACY 586.55 7/13/2010 5812 GOLD STRIKE BUFFET JEAN NV 6.48

BABINE, STEVE 4,072.22 7/21/2010 5812 BROTHERS BARBECUE

CORNWALL NY 20.95

DOE, JOHN 0.00 7/4/2010 5812 FAMOUS DAVE’S #2038

WOODBRIDGE VA 59.84

DOE, JOHN 0.00 7/5/2010 5411 QUANTICO MCCDC COMM

QUANTICO VA 86.91

SMITH, MARY 720.11 7/20/2010 5812 CHILI’S GRI22300002238

STERLING HEIGHTS

MI 20

LANDIS, MELISSA 2,625.14 7/6/2010 5542 EXXONMOBIL 96777743

REYNOLDSBURG OH 15.99

LANDIS, MELISSA 2,625.14 7/6/2010 5542 MARTIN’S FUEL #107 MARTINSBURG WV 26.99

LANDIS, MELISSA 2,625.14 7/6/2010 5542 TEXAS STEAKHOUSE 8094

MARTINSBURG WV 12

COMPTON, BILL 674.67 7/2/2010 5542 SAFEWAY FUEL 10017580

PERRY HALL MD 13

COMPTON, BILL 674.67 7/3/2010 5542 WAWA 581 00005819 ABINGDON MD 8

COMPTON, BILL 674.67 7/6/2010 5812 MARTIN’S FUEL #107 BALTIMORE MD 25.54

42


Screen print of CCRS Reports highlighting Declined Authorizations Report


43


Example of Declined Authorization Report result


44


Screen print of CitibankCustom Reporting System – Dynamic Report Builder


4. Best Practices


45

46


Good internal controls are critical

Separation of duties

Dwindling resources could impact internal controls

CitiManager (CM) access – are entitlements current?

Best Practices DoD GTC Travel

47


Internal process to receive cards/distribute to cardholders– Discuss policies, employee responsibilities, etc.– Require proof of training before card will be distributed– Educate cardholders that the card is for authorized use only

Utilize card restrictions (MCC, Transaction Limits, etc.)– Monitor requests for limit increases – permanent vs. temporary

Report canceled cards for terminated employees immediately

Eliminate or restrict cash access

Set realistic credit limits

Use reporting tools to monitor card usage

Utilize your Citi resources – Client Account Managers, CM, Training, Quarterly Reviews


48


Includes copy of Attachment 5 – Best Practices in Managing Government Charge Card Programs


49


This session was designed to assist you in achieving the following goals:

• Understanding the difference between Fraud and Misuse

• Improving your ability to identify potential misuse by your cardholders

Summary DoD GTC Travel

50

Thank you for attending!

Visit the Citibank Welcome Center– Level 3 Foyer – West– National Industries for the Blind will have

handouts– Conference Slide Show – come see yourself

shine!

Visit the Citibank One-on-One Lab – Lido Room 3101 A/B

Visit the Citibank Mini Sessions – Lido Room 3001 A/B

Citi Q&A Link – Tell us your thoughts

Reminders DoD GTC Travel


®

Schedules Available at the Welcome Center DoD GTC Travel


51

52®

Interactive Training Events – DoD


Citi offers on-site training at no cost for agencies meeting the required minimum participant level of 20 or more as set forth in the GSA SmartPay2 Master Contract.

Regional Citi Training Locations– Norfolk, VA– Washington, DC– Visit www.defensetravel.dod.mil/passport to view and register for these sessions

Upcoming Training– Visit www.defensetravel.dod.mil/passport to view and register for these sessions

On-site at your base or installation– 20-participant minimum– Visit www.citimanager.com/dodhome and under Resources to download the On-site

Training Request Form

Distance Learning – Video Conferences

Please e-mail us at [email protected] and a Citi training coordinator will work with you directly for on-site or Distance Learning sessions.

DoD GTC Travel


DoD GTC Travel

53

Steve Babine

Terms and Disclosures

Tuesday, July 28, 2009

IRS Circular 230 Disclosure: Citigroup Inc. and its affiliates do not provide tax or legal advice. Any discussion of tax matters in these materials (i) is not intended or written to be used, and cannot be used or relied upon, by you for the purpose of avoiding any tax penalties and (ii) may have been written in connection with the "promotion or marketing" of any transaction contemplated hereby ("Transaction"). Accordingly, you should seek advice based on your particular circumstances from an independent tax advisor.

Any terms set forth herein are intended for discussion purposes only and are subject to the final terms as set forth in separate definitive written agreements. This presentation is not a commitment to lend, syndicate a financing, underwrite or purchase securities, or commit capital nor does it obligate us to enter into such a commitment. Nor are we acting in any other capacity as a fiduciary to you. By accepting this presentation, subject to applicable law or regulation, you agree to keep confidential the existence of and proposed terms for any Transaction.

Prior to entering into any Transaction, you should determine, without reliance upon us or our affiliates, the economic risks and merits (and independently determine that you are able to assume these risks) as well as the legal, tax and accounting characterizations and consequences of any such Transaction. In this regard, by accepting this presentation, you acknowledge that (a) we are not in the business of providing (and you are not relying on us for) legal, tax or accounting advice, (b) there may be legal, tax or accounting risks associated with any Transaction, (c) you should receive (and rely on) separate and qualified legal, tax and accounting advice and (d) you should apprise senior management in your organization as to such legal, tax and accounting advice (and any risks associated with any Transaction) and our disclaimer as to these matters. By acceptance of these materials, you and we hereby agree that from the commencement of discussions with respect to any Transaction, and notwithstanding any other provision in this presentation, we hereby confirm that no participant in any Transaction shall be limited from disclosing the US tax treatment or US tax structure of such Transaction.

We are required to obtain, verify and record certain information that identifies each entity that enters into a formal business relationship with us. We will ask for your complete name, street address, and taxpayer ID number. We may also request corporate formation documents, or other forms of identification, to verify information provided.

Any prices or levels contained herein are preliminary and indicative only and do not represent bids or offers. These indications are provided solely for your information and consideration, are subject to change at any time without notice and are not intended as a solicitation with respect to the purchase or sale of any instrument. The information contained in this presentation may include results of analyses from a quantitative model that represent potential future events that may or may not be realized, and is not a complete analysis of every material fact representing any product. Any estimates included herein constitute our judgment as of the date hereof represent potential future events that may or may not be realized, and are not a complete analysis of every material fact representing any product. Any estimates included herein constitute our judgment as of the date hereof and are subject to change without any notice. We and/or our affiliates may make a market in these instruments for our customers and for our own account. Accordingly, we may have a position in any such instrument at any time.

Although this material may contain publicly available information about Citi corporate bond research, fixed income strategy or economic and market analysis, Citi policy (i) prohibits employees from offering, directly or indirectly, a favorable or negative research opinion or offering to change an opinion as consideration or inducement for the receipt of business or for compensation and (ii) prohibits analysts from being compensated for specific recommendations or views contained in research reports. So as to reduce the potential for conflicts of interest, as well as to reduce any appearance of conflicts of interest, Citi has enacted policies and procedures designed to limit communications between its investment banking and research personnel to specifically prescribed circumstances.

© 2011 Citibank, N.A. All rights reserved. Citi, Citi Arc Design, CitiDirect, CitiManager, Citibank Custom Reporting System, and Citibank Electronic Reporting System, are trademarks and service marks of Citigroup Inc. or its affiliates and are used and registered throughout the world.

In January 2007, Citi released a Climate Change Position Statement, the first US financial institution to do so. As a sustainability leader in the financial sector, Citi has taken concrete steps to address this important issue of climate change by: (a) targeting $50 billion over 10 years to address global climate change: includes significant increases in investment and financing of alternative energy, clean technology, and other carbon-emission-reduction activities; (b) committing to reduce GHG emissions of all Citi owned and leased properties around the world by 10% by 2011; (c) purchasing more than 52,000 MWh of green (carbon neutral) power for our operations in 2006; (d) creating Sustainable Development Investments (SDI) that makes private equity investments in renewable energy and clean technologies; (e) providing lending and investing services to clients for renewable energy development and projects; (f) producing equity research related to climate issues that helps to inform investors on risks and opportunities associated with the issue; and (g) engaging with a broad range of stakeholders on the issue of climate change to help advance understanding and solutions. Citi works with its clients in greenhouse-gas-intensive industries to evaluate emerging risks from climate change and, where appropriate, to mitigate those risks.

54

© 2010 Citibank, N.A. All rights reserved. Citi, Citi and Arc Design and CitiDirect are trademarks and service marks of Citigroup Inc., used and registered throughout the world.

®

Documents

Preventing Misuse and Abuse in Your Program - Citibank · DoD GTC Travel. 4. This course is ... Preventing Misuse and Abuse in Your Card Program. ... 34. Preventing Misuse and Abuse