U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Whistleblower Rights and Protections for FDIC Contractors

View Summary Announcement

Report Information

Publish Date
Report sub-type
Review
Report Number
REV-22-001
Video
Whistleblower Rights and Protections for FDIC Contractors

Unimplemented Recommendations

Implement updates to the Legal Division Deskbooks to incorporate the Whistleblower Rights Notification Clause.

Implement updates to the Legal Division LSSA to incorporate the Whistleblower Rights Notification Clause.

Implement internal guidance for Legal Division contracting to ensure that whistleblower requirements are implemented consistently across Legal Division contracts.

Develop and implement procedures for the FDIC to ensure contractors carry out their obligations under the Whistleblower Rights Notification Clause, including methods for verification that (1) all contractor and subcontractor employees of the FDIC are notified of their whistleblower rights and protections, and (2) clauses are appropriately included in subcontracts.

Develop and implement a training program for contractors and subcontractors to ensure that they are properly informed of their whistleblower rights and protections.

Text Alternative

This is the accessible text file for FDIC OIG report number REV-22-001 entitled 'Whistleblower Rights and Protections for FDIC Contractors'.

This text file was formatted by the FDIC OIG to be accessible to users with visual impairments. We have maintained the structural and data integrity of the original printed product in this text file to the extent possible. Accessibility features, such as descriptions of tables, footnotes, and the text of the Corporation’s comments, are provided but may not exactly duplicate the presentation or format of the printed version.

The portable document format (PDF) file also posted on our Web site is an exact electronic replica of the printed version.

[FDIC OIG logo]

Whistleblower Rights and Protections for FDIC Contractors

January 2022

REV-22-001

Review

Audits, Evaluations, and Cyber

Integrity Independence Accuracy Objectivity Accountability

Executive Summary

Whistleblower Rights and Protections for FDIC Contractors

Whistleblowers play an important role in safeguarding the Federal Government against waste, fraud, and abuse. Contractor, subcontractor, and grantee employees who carry out activities under Federal contracts and grants may have insight into potential fraud, waste, abuse, and mismanagement. Their willingness to report wrongdoing can contribute to improvements in Government programs and operations, including in the acquisition of services and goods provided by contractors.

According to a report issued by the Council of the Inspectors General on Integrity and Efficiency (CIGIE) in 2019, “individuals who step forward to report on waste and misconduct provide valuable and critical assistance to the Offices of Inspectors General (OIG) in our oversight mission.” Whistleblowers have helped initiate and advance many OIG investigations, audits, and reviews, which have improved Government operations, protected United States taxpayers from unnecessary expenditures, and protected its financial systems.

On January 2, 2013, the National Defense Authorization Act (NDAA) for Fiscal Year 2013 introduced a pilot program to expand whistleblower protections to employees of Government contractors and subcontractors, which was codified at 41 U.S.C. § 4712. In 2015, the Federal Acquisition Regulations added a provision regarding contractor employee whistleblower rights. The pilot program was made permanent in statute in 2016 (Pub. L. No.114-261, 130 Stat. 1362 (2016)).

Between January 2019 and November 2021, the Federal Deposit Insurance Corporation (FDIC) awarded over $4 billion in contracts. During this period, the FDIC expended nearly $1 billion on contractor resources and services and over $285 million on equipment purchases. These resources and services were provided by approximately 3,000 contractor and subcontractor employees. The objective of this review was to determine whether the FDIC aligned its procedures and processes with laws, regulations, and policies designed to ensure notice to contractors and subcontractors about their whistleblower rights and protections.

Results

We found that the FDIC procedures and processes were not aligned with laws, regulations, and policies designed to ensure notice to contractor and subcontractor employees about their whistleblower rights and protections. Specifically, the FDIC Division of Administration (DOA) Acquisition Services Branch (ASB), voluntarily adopted some of the whistleblower provisions and requirements for insertion into its contracts. However, the FDIC DOA Whistleblower Rights Notification Clause, intended to address whistleblower rights and protections, was not included in three of the nine ASB contracts that we reviewed (33 percent). Further, the FDIC’s Legal Division, under its separately delegated contracting authority, did not operate consistently with FDIC DOA and had not adopted any whistleblower rights notification provisions for contractors or included any whistleblower clauses in its contracts.

We also determined that the FDIC had not established any requirements, either through procedures or processes, for FDIC officials -- such as Contracting Officers, Oversight Managers, and Oversight Attorneys -- to determine whether contractors have carried out their obligations under the FDIC’s Whistleblower Rights Notification Clause. The FDIC’s Whistleblower Rights Notification Clause requires contractors to: (1) inform their employees in writing of employee whistleblower rights and protections; and (2) insert the substance of the Clause in all subcontracts over $100,000.

In addition, the FDIC updated its Confidentiality Agreement forms in 2015 to include a reference to whistleblower protections. However, the FDIC did not obtain Confidentiality Agreements from all of its contractors and contract personnel as required and did not use the current Confidentiality Agreement form.

Legal Division guidance generally requires that all contact with non-legal FDIC personnel go through the Legal Division and specifies that contractors forward any information that indicates possible criminal behavior to the Oversight Attorney. This language, however, is unclear and ambiguous, as a contractor or subcontractor whistleblower may interpret the guidance as exclusive, requiring that they report criminal behavior or allegations of fraud, waste, abuse, or mismanagement through the FDIC’s Legal Division. Such guidance would be inconsistent with FDIC Directive 12000.01, Cooperation with the Office of Inspector General, the Inspector General (IG) Act of 1978, as amended, and 41 U.S.C. § 4712.

Recommendations

The report contains 10 recommendations for the FDIC to conduct a review of existing contracts, update and implement guidance and procedures, and develop training to ensure that contractors and subcontractors are properly informed of their whistleblower rights and protections. We also recommended that the FDIC obtain the outstanding Confidentiality Agreements that are missing and ensure that updated guidance provides clear direction on whom whistleblowers should report to. The FDIC concurred with nine recommendations and partially concurred with one recommendation. The FDIC plans to complete corrective actions by May 30, 2022.

[end of Executive Summary]

Contents

BACKGROUND

REVIEW RESULTS

FDIC Contracts Did Not Always Include Whistleblower Clause

DOA ASB Contracts Missing Whistleblower Clause

Legal Division Contracts Missing Whistleblower Clause

The FDIC Lacks Assurance that Contractors and Subcontractors Are Informed of Whistleblower Rights and Protections

The FDIC Did Not Verify That Contractors and Subcontractors Notified Employees of their Whistleblower Rights and Protections

No Whistleblower Training Exists for FDIC Contractors and Subcontractors

Confidentiality Agreements Not Executed or Maintained

Legal Division Deskbooks Are Unclear and May Be Inconsistent with FDIC Directive and Federal Law

FDIC COMMENTS AND OIG EVALUATION

Appendices

1. Objective, Scope, and Methodology

2. Acronyms and Abbreviations

3. FDIC Comments

4. Summary of the FDIC’s Corrective Action

Figure

1. PGI Clause 7.1.3-3 Whistleblower Rights Notification Clause

Tables

1. Whistleblower Rights Notification Clause in DOA Contracts

2. Confidentiality Agreements (CA) for DOA Contracts

[end of contents]

[FDIC letterhead, Federal Deposit Insurance Corporation, Office of Inspector General Audits, Evaluations, and Cyber]

January 4, 2022

Subject: Whistleblower Rights and Protections for FDIC Contractors | REV-22-001

Whistleblowing occurs when a Federal employee or applicant for employment, Federal contractor, or Federal subcontractor discloses information that the individual reasonably believes evidences a violation of law, rule, or regulation, gross mismanagement, a gross waste of funds, an abuse of authority, or a substantial and specific danger to public health or safety.1 A whistleblower can report such protected disclosures or wrongdoing to a Member of Congress, a Congressional committee, the Government Accountability Office (GAO), an Inspector General, a Federal or contractor contract oversight official, a court or grand jury, or an authorized member of the Department of Justice (DOJ) or other law enforcement agency.2 Retaliating against any whistleblower that has brought forward a protected disclosure is prohibited.

Footnote: 1 - 5 U.S.C. § 2302(a)(2)(D), 5 U.S.C. app. § 7(a), 41 U.S.C. § 4712(a).

Footnote: 2 - 2 Pub. L. No.112-239, § 828, (codified as amended at 41 U.S.C. § 4712).

According to a Council of the Inspectors General on Integrity and Efficiency (CIGIE) report issued in 2019, “individuals who step forward to report waste and misconduct provide valuable and critical assistance to Offices of Inspectors General (OIG) in their oversight mission.”3 Contractor, subcontractor, and grantee employees who carry out activities under Federal contracts and grants may have insight into potential fraud, waste, abuse, and mismanagement. For example, in May 2021, a Government contractor for the Department of Defense (DoD) agreed to pay $50 million to resolve allegations that it fraudulently induced the Government to enter into a contract modification at inflated prices.4 This case originated from a former employee of the contractor, a whistleblower, who alerted the Government to the scheme. This contract employee had insight and a unique perspective on the contractor’s operations that the Federal agency and Federal employees may not have had.

Footnote: 3 - CIGIE Whistleblowing Works: How Inspectors General Respond to and Protect Whistleblowers, July 2019.

Footnote: 4 - Department of Justice, Office of Public Affairs, NaviStar Defense Agrees to Pay $50 Million to Resolve False Claims Act Allegations Involving Submission of Fraudulent Sales Histories, May 27, 2021.

Between January 2019 and November 2021, the Federal Deposit Insurance Corporation (FDIC) awarded over $4 billion in contracts. During this period, the FDIC expended nearly $1 billion on contractor resources and services and over $285 million on equipment purchases.5 These resources and services were provided by approximately 3,000 contractor and subcontractor employees who represent potential whistleblowers. Their willingness to report wrongdoing can contribute to improvements in Government programs and operations, including in the acquisition of goods and services provided by contractors.

Footnote: 5 - These amounts do not include the full scope of FDIC expenditures, such as buildings and leased space.

The objective of our review was to determine whether the FDIC aligned its procedures and processes with laws, regulations, and policies designed to ensure notice to contractors and subcontractors about their whistleblower rights and protections.6 Appendix 1 contains more information regarding the objective, scope, and methodology.

Footnote: 6 - We performed this review in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Federal Offices of Inspector General (Silver Book). These quality standards, as contained in the Pandemic Response Accountability Committee Agile Products Toolkit (https://www.pandemicoversight.gov/media/file/agile-products-toolkit0pdf), include independence, analysis, evidence review, indexing and referencing, legal review, and supervision.

BACKGROUND

On January 2, 2013, the National Defense Authorization Act (NDAA) for Fiscal Year 2013 introduced a pilot program to expand whistleblower protections7 to employees of Government contractors and subcontractors. (41 U.S.C. § 4712).8 In 2015, the Federal Acquisition Regulations was amended to add a provision on contractor employee whistleblower rights.9

Footnote: 7 - The term “protections” here and throughout the report, includes remedies under the whistleblower program.

Footnote: 8 - Pub. L. No.112-239, § 828, (codified as amended at 41 U.S.C. § 4712).

Footnote:9 - The DoD, the General Services Administration, and the National Aeronautics and Space Administration jointly issue the FAR. The provision added to the FAR to address the requirements at 41 U.S.C. § 4712 was Clause 52.203-17 Contractor Employee Whistleblower Rights and Requirement to Inform Employees of Whistleblower Rights (FAR Clause 52.203-17).

This Clause:

(1) States that the contract and employees working on the contract are subject to whistleblower rights and remedies;

(2) Requires the contractor to inform its employees in writing in the predominant language of the workforce of their whistleblower rights and protections under 41 U.S.C. § 4712; and

(3) Requires the contractor to insert the substance of the clause in all subcontracts over the simplified acquisition threshold.10

Footnote: 10 - The simplified acquisition threshold is a dollar amount in federal acquisition represented by the anticipated award amount of a contract, under which contracting officers are directed to use simplified procedures to solicit and award the resulting contracts. The simplified acquisition threshold is currently $250,000.

On December 14, 2016, legislation was enacted in order to make the pilot program permanent.11

Footnote: 11 - Pub. L. No. 114-261. Congress enacted legislation and expanded protections to subgrantees and now applies the law to personal services contracts, which were not covered under the pilot program. According to 31 U.S.C. § 9101(2)(B), the FDIC is considered to be a “mixed-ownership Government corporation,” and may not be required to follow this provision or the FAR.

The FDIC’s Division of Administration (DOA) Acquisition Services Branch (ASB) has developed its Acquisition Policy Manual (APM) and accompanying Procedures, Guidance and Information (PGI) in order to provide controls over the acquisition of goods and services by the FDIC.12 The DOA ASB also issues Procurement Administrative Bulletins (PAB) to provide guidance and information on PGI changes and corresponding contract clause/provision changes.

Footnote: 12 - The Federal Deposit Insurance Act (FDI Act) –12 U.S.C. § 1819 et seq., empowers the FDIC to enter into contracts for goods or services with private sector firms. The FDIC Board of Directors has delegated the authority to establish policies and procedures for the contracting program to the DOA Director. The delegations appoint the DOA Director as the FDIC Chief Contracting Officer, with authority to develop contracting policy; solicit proposals; and enter into, modify, and terminate contracts on behalf of FDIC in any of its capacities. The DOA Director, in turn, delegates this authority to the ASB Deputy Director.

The FDIC’s Legal Division has separate delegated authority to enter into, modify, and terminate contracts for legal services on behalf of the FDIC.13 Therefore, the Legal Division is excluded from requirements within the APM and the PGI. The Legal Division enters into contracts or Legal Services Agreements (LSA) with external law firms or attorneys, referred to as Outside Counsel. The Outside Counsel Deskbook, developed and maintained by the Legal Division, describes the policies and procedures that Outside Counsel must follow, from the execution of an LSA, through performance under the agreement, and concluding with post-representation responsibilities.14

Footnote: 13 - The FDIC Board of Directors delegated to the FDIC General Counsel “legal referral” authority and payment approval authority associated with contracts for legal services. Legal referrals include referral letters, task order agreements, task orders, joint referrals, and all other agreements used by General Counsel to acquire legal services on behalf of the FDIC or any receivership or conservatorship.

Footnote: 14 - The Outside Counsel Deskbook is incorporated by reference into each LSA.

The Legal Division also enters into contracts for legal support services (LSS) with entities other than law firms or attorneys. These agreements are referred to as Legal Support Services Agreements (LSSA). The FDIC’s Legal Division maintains the Legal Support Services Deskbook (LSS Deskbook), which describes the policies and procedures; standard terms for contracts; and standard forms for in-house attorneys, experts, and LSS providers. According to the LSSA, LSS providers must adhere to the provisions in the LSS Deskbook.15

Footnote: 15 - The LSS Deskbook is incorporated by reference into each LSSA.

REVIEW RESULTS

We found that the FDIC procedures and processes were not aligned with laws, regulations, and policies designed to ensure notice to contractor and subcontractor employees about their whistleblower rights and protections.

FDIC Contracts Did Not Always Include Whistleblower Clause

Federal law (41 U.S.C. § 4712) prohibits a Federal contractor from discharging, demoting, or otherwise discriminating against a contract worker as a reprisal for disclosing information that the worker reasonably believes is evidence of gross waste; gross mismanagement; abuse of authority; or a violation of law, rule, or regulation related to a contract. The Federal Acquisition Regulation (FAR) Subpart 3.903, Whistleblower Protections for Contractor Employees, Policy, prohibits Government contractors from retaliating against a contract worker for making a protected disclosure. The FAR also requires Contracting Officers to insert Clause 52.203-17, Contractor Employee Whistleblower Rights and Requirements to Inform Employees of Whistleblower Rights in all solicitations and contracts that exceed the simplified acquisition threshold. This Clause:

(1) States that the contract and employees working on the contract are subject to whistleblower rights and remedies;

(2) Requires the contractor to inform its employees in writing in the predominant language of the workforce of their whistleblower rights and protections under 41 U.S.C. § 4712; and

(3) Requires the contractor to insert the substance of the clause in all subcontracts over the simplified acquisition threshold.

DOA ASB Contracts Missing Whistleblower Clause

In August 2018, the FDIC’s DOA voluntarily adopted part of 41 U.S.C. § 4712 through policy reference. Specifically, the DOA ASB incorporated the FAR Clause 52.203-17 language into its PGI (with minor adjustment) and required Contracting Officers to include the Whistleblower Rights Notification Clause in all awards16 exceeding $100,000.

Footnote: 16 - According to the PGI, awards include: Contracts, Blanket Purchase Agreements (BPA), Basic Ordering Agreements (BOA), and all Receivership Basic Ordering Agreements (RBOA). A BPA is an agreement establishing FDIC rights to place orders for specific goods or services. A BOA is a written instrument of understanding negotiated between the FDIC and a contractor for future delivery of as yet unspecified quantities of goods or services. An RBOA is used to expedite the acquisition of goods and/or services in support of failing or failed financial institutions and their subsidiaries.

[Figure]

Figure 1: PGI Clause 7.1.3-3 Whistleblower Rights Notification Clause

Title of Figure: Clause 7.1.3-3 Contractor Employee Whistleblower Rights and Requirement to Inform Employees of Whistleblower Rights (Aug 2018)

(a) This contract and employees working on this contract will be subject to the whistleblower rights and remedies in the pilot program on Contractor employee whistleblower protections established at 41 U.S.C. § 4712 by section 828 of the National Defense Authorization Act for Fiscal Year 2013 (Pub. L. 112-239).

(b) The Contractor shall inform its employees in writing, in the predominant language of the workforce, of employee whistleblower rights and protections under 41 U.S.C. § 4712.

(c) The Contractor shall insert the substance of this clause, including this paragraph (c), in all subcontracts over $100,000.

Source: DOA ASB Procedures, Guidance, and Information (PGI), April 2021.17

[End of Figure 1]

Footnote: 17 - The PGI is regularly updated. We used the April 2021 version of the PGI for our review.

On August 30, 2018, DOA ASB also issued PAB 2018-04 to communicate the updated requirement. The PAB specifically states that the Clause must be included by reference immediately in all new awards that exceed $100,000. The PAB also states that, for all current awards that exceed $100,000 (except task orders), the Clause must be added by modification at the time of the next option period.

Based on our sample of contracts, we found that the DOA ASB did not always comply with the whistleblower rights notification requirements it established. Specifically, the DOA ASB did not incorporate the Whistleblower Rights Notification Clause in three of the nine contracts we tested (33 percent), as shown in Table 1 below.

[Table]

Table 1: Whistleblower Rights Notification Clause in DOA Contracts

Table Header: Contract No.*,Contract Award Date, Whistleblower Rights Notification Clause Not Included

Row 1: Table sub-header: Contracts Awarded Before the August 2018 Requirement with Option Exercised

Row 2: CORHQ-16-C-0151; 03/16/2016;

Row 3: CORHQ-17-S-0063; 02/01/2017; Whistleblower Rights Notification Clause not included.

Row 4: CORHQ-17-C-0377; 08/28/2017; Whistleblower Rights Notification Clause not included.

Row 5: CORHQ-18-C-0334; 07/19/2018; Whistleblower Rights Notification Clause not included.

Row 6: Table subheader: Contracts Awarded After the August 2018 Requirement

Row 7: CORHQ-18-C-0475; 10/01/2018

Row 8: CORHQ-18-C-0624; 12/31/2018

Row 9: RECVR-19-G-0133-0008; 08/08/2019

Row 10: CORHQ-18-G-0720-0004; 03/20/2020

Row 11: CORHQ-21-A-0081; 02/01/2021

Source: OIG testing for nine DOA contracts.

*We selected a 10th contract for testing, but the contract was terminated for convenience before any work was completed. Therefore, we did not test it.

[end of table]

The FDIC DOA ASB incorporated the Whistleblower Rights Notification Clause into only one of the four contracts awarded prior to August 2018 with option years exercised after August 2018. The DOA ASB incorporated the Whistleblower Rights Notification Clause into the contracts awarded after it had implemented the policy in August 2018.18 Due to attrition and turnover in FDIC Contracting Offices and the lack of documented records, the FDIC was not able to explain why this gap occurred.

Footnote: 18 - The DOA ASB incorporated the Whistleblower Rights Notification clause either in full text or by reference and according to ASB officials, both are equally legally enforceable.

The PAB, issued in August 2018, required that Contracting Officers modify existing contracts that exceed $100,000 upon the exercise of any option period to include the Whistleblower Rights Notification Clause. However, ASB did not incorporate these instructions into the PGI, which may have caused inconsistency and confusion among Contracting Officers.19 Based on the results of our review, FDIC Contracting Officers modified two of the three option year contracts to include the Whistleblower Rights Notification Clause.20

Footnote: 19 - The PGI accompanies the FDIC’s APM and contains procedures for implementing the APM. The DOA ASB issues PABs to provide guidance and information on interim PGI changes and corresponding clause/provision changes for procurements.

Footnote: 20 - The remaining contract was closed out in June 2021.

We also found that the FDIC’s Whistleblower Rights Notification Clause still makes reference to the “pilot program.” However, on December 14, 2016, legislation was enacted which made the pilot program permanent.21

Footnote: 21- FDIC officials stated that they copied the clause from the FAR, which also still includes a reference to the “pilot program.”

Absent consistent integration of the Whistleblower Rights Notification Clause into DOA ASB contracts, the FDIC cannot ensure that contractors and subcontractors are informed of their whistleblower rights and protections.

Legal Division Contracts Missing Whistleblower Clause

The FDIC’s Legal Division operated inconsistently with FDIC guidance from DOA ASB, as it decided not to voluntarily adopt any of the notification requirements regarding whistleblower rights as established in 41 U.S.C. § 4712 for contractors and subcontractors. According to Legal Division officials, the Legal Division reviewed 41 U.S.C. § 4712 in August 2018 and stated that it did not apply to the FDIC, under its longstanding legal position that the FDIC is not an “executive agency”. As a result, the Legal Division did not incorporate any whistleblower clauses into its contracts. Absent the formal adoption of a Whistleblower Rights Notification Clause for Legal Division contracts, the FDIC cannot ensure that Legal Division contractors and subcontractors are informed of their whistleblower rights and protections.

During the course of our review, the FDIC Legal Division reconsidered its previous position and used the same language that DOA ASB had drafted for its Whistleblower Rights Notification Clause. The FDIC Legal Division then began drafting updates to its Outside Counsel Deskbook and Legal Support Services Deskbook (collectively Deskbooks) to incorporate this requirement. These Deskbooks describe the policies and procedures that Outside Counsel and Legal Service providers must strictly follow and adhere to when conducting work on behalf of the FDIC. Legal Division officials stated that they also plan to update their lists of related statutes referenced within these Deskbooks to include 41 U.S.C. § 4712. Legal Division officials represented that they intend to release the updated Deskbooks to Outside Counsel and LSS providers by April 2022.22 During the course of our review, Legal Division officials also began updating the LSSA template to include the full text of the Whistleblower Rights Notification Clause. The Legal Division does not plan to make any changes to its one-page Legal Services Agreement, but will instead rely on the reference to the Outside Counsel Deskbook, which will include the full text of the Whistleblower Rights Notification Clause. Upon release of these updated Deskbooks and the LSSA template, the Legal Division will have increased assurance that contractors and subcontractors are informed of their whistleblower rights and protections.

Footnote: 22 - According to a Legal Division official, the Legal Services and Special Contracts (LSSC) Group drafts the updates and sends them to various stakeholders for review and comment. The LSSC Group submits the revised Deskbooks through Legal Division leadership for approval before publication.

FDIC Legal Division officials also acknowledged that their contracting processes were not aligned with DOA ASB. Legal Division officials stated that they began compiling internal guidance for Legal Division employees to follow when executing Legal Division contracts similar to the DOA ASB PGI, and they plan to have a draft completed by June 2022. Without clear contract guidance, it may be difficult for the Legal Division to ensure that whistleblower requirements are implemented consistently across Legal Division contracts.

Recommendations

We recommend that the Deputy to the Chairman, Chief Operating Officer, and Chief of Staff:

1. Conduct a review of open contracts awarded prior to 2018 with option periods remaining, to verify that the required Whistleblower Rights Notification Clause has been incorporated.

2. Update the PGI to (a) include guidance for modifying contracts awarded prior to 2018 with option periods remaining, and (b) remove the reference within the Whistleblower Rights Notification Clause to the “pilot program.”

We recommend that the General Counsel:

3. Implement updates to the Legal Division Deskbooks to incorporate the Whistleblower Rights Notification Clause.

4. Implement updates to the Legal Division LSSA to incorporate the Whistleblower Rights Notification Clause.

5. Implement internal guidance for Legal Division contracting to ensure that whistleblower requirements are implemented consistently across Legal Division contracts.

The FDIC Lacks Assurance that Contractors and Subcontractors Are Informed of Whistleblower Rights and Protections

Federal law (41 U.S.C. § 4712) requires the head of each executive agency to ensure that its contractors inform their workers in writing of the rights and remedies under the statute. To ensure that Federal employees are notified of their whistleblower rights and protections, the FDIC requires that employees complete the “Notification and Federal Employee Antidiscrimination and Retaliation Act (No FEAR Act) Training” every 2 years. The FDIC also requires supervisors to complete a training program entitled “Responding to Employee Allegations of Whistleblower Protection Violations.”

The FDIC Did Not Verify That Contractors and Subcontractors Notified Employees of their Whistleblower Rights and Protections

According to email correspondence discussing the FDIC’s adoption of 41 U.S.C. § 4712 dated June 5, 2018, FDIC officials considered including in FDIC contracts a requirement that the employer is responsible for: (1) “notifying their employees of [their] rights and certifying back to the agency that they have done so” and (2) ensuring that any subcontractor also notifies their employees.

However, these considerations were omitted from the final DOA ASB policy, and the FDIC had not established procedures to assess whether contractors had carried out their obligations under the Whistleblower Rights Notification Clause and informed contract employees and subcontract employees of their rights and protections. Further, as previously discussed, the FDIC’s Legal Division did not adopt the notification requirements regarding whistleblower rights as established in 41 U.S.C. § 4712 for contractors and subcontractors. As a result, the FDIC’s Legal Division also did not develop any procedures to verify that contractors and subcontractors notified their employees of their whistleblower rights and protections or added clauses to subcontracts. These statutes help to ensure that contractor and subcontractor employees are informed of their legal protections against retaliation for disclosing acts of wrongdoing.

Absent processes designed to ensure contractors and subcontractors are notified about their whistleblower rights and protections, the FDIC lacks adequate assurance that contractors and subcontractors are informed. Further, if contractors and subcontractors are unaware of their whistleblower rights and protections, they may also be unaware of where to report a violation of any law, rule, or regulation; mismanagement; a gross waste of funds; an abuse of authority; or a substantial and specific danger to public health or safety. As a result, these contractors and subcontractors may not report disclosures of wrongdoing to the OIG or other oversight officials due to a lack of awareness or fear of reprisal.

No Whistleblower Training Exists for FDIC Contractors and Subcontractors

We also determined that the FDIC had not developed any training program for contractor and subcontractor employees that included a whistleblower-related component. In contrast, the FDIC had established mandatory training for all employees on whistleblower protections and for all supervisors on responding to employee allegations of whistleblower protection violations.

Providing training to all contractors and subcontractors could help the FDIC ensure that its contractors and subcontractors and their employees are informed of their whistleblower rights and protections in a consistent and uniform manner. Given turnover in contract and subcontract employees, training could also help mitigate the risk that new employees of contractors and subcontractors are not informed. This training could include where to report violations of any law, rule, or regulation; mismanagement; a gross waste of funds; an abuse of authority; or a substantial and specific danger to public health or safety. Such training could also facilitate the FDIC in meeting the intent of designed legislation while removing the administrative burden for verification from individual Contracting Officers.

Recommendations

We recommend that the Deputy to the Chairman, Chief Operating Officer, and Chief of Staff, in coordination with the General Counsel:

6. Develop and implement procedures for the FDIC to ensure contractors carry out their obligations under the Whistleblower Rights Notification Clause, including methods for verification that (1) all contractor and subcontractor employees of the FDIC are notified of their whistleblower rights and protections, and (2) clauses are appropriately included in subcontracts.

7. Develop and implement a training program for contractors and subcontractors to ensure that they are properly informed of their whistleblower rights and protections.

Confidentiality Agreements Not Executed or Maintained

The FDIC’s APM and PGI state that an authorized representative of the contractor, its subcontractors and consultants, and all personnel who will have access to FDIC facilities, networks and/or information systems, or sensitive information must execute Confidentiality Agreements. The APM also directs contracting personnel to maintain Confidentiality Agreements in the FDIC’s official contract file, the Contract Electronic File (CEFile).

In 2015, the FDIC had updated its Confidentiality Agreements to include a reference to whistleblower protections. Specifically, each individual who signs a Confidentiality Agreement acknowledges their understanding that the provisions in the agreement are consistent with and do not supersede, conflict with, or otherwise alter the employee’s obligations, rights, or liabilities created by existing statute or Executive Order relating to:

(1) Classified information;

(2) Communications to Congress;

(3) Reporting to an Inspector General a violation of any law, rule, or regulation; mismanagement; a gross waste of funds; an abuse of authority; or a substantial and specific danger to public health or safety; or

(4) Any other whistleblower protection.

We found, however, that the FDIC did not obtain Confidentiality Agreements for contractors and contract employees with access to FDIC facilities, systems, or sensitive information, as required. Based on our testing of a judgmental sample of nine contracts, seven of the nine contracts had at least one deficiency related to Confidentiality Agreements, as shown in Table 2 below.

[table]

Table 2: Confidentiality Agreements (CA) for DOA Contracts

Table Header: Contract No.*; Outdated CA (Form 3700/46 and 3700/46A);

Missing Contractor CA (Form 3700/46); Missing Contractor Personnel CA (Form 3700/46A); SUMMARY: Contract with CA Deficiency

Row 1: CORHQ-16-C-0151; Outdated CA (Form 3700/46 and 3700/46A); Missing Contractor Personnel CA (Form 3700/46A); SUMMARY: Contract with CA Deficiency

Row 2: CORHQ-17-S-0063; Missing Contractor CA (Form 3700/46); Missing Contractor Personnel CA (Form 3700/46A); SUMMARY: Contract with CA Deficiency

Row 3: CORHQ-17-C-0377; Missing Contractor Personnel CA (Form 3700/46A); SUMMARY: Contract with CA Deficiency

Row 4: CORHQ-18-C-0334; Missing Contractor CA (Form 3700/46); Missing Contractor Personnel CA (Form 3700/46A); SUMMARY: Contract with CA Deficiency

Row 5: CORHQ-18-C-0475; Missing Contractor CA (Form 3700/46); Missing Contractor Personnel CA (Form 3700/46A); SUMMARY: Contract with CA Deficiency

Row 6: CORHQ-18-C-0624; Missing Contractor CA (Form 3700/46); SUMMARY: Contract with CA Deficiency

Row 7: RECVR-19-G-0133-0008

Row 8: CORHQ-18-G-0720-0004; Missing Contractor CA (Form 3700/46); Missing Contractor Personnel CA (Form 3700/46A); SUMMARY: Contract with CA Deficiency

Row 9: CORHQ-21-A-0081

Source: OIG Confidentiality Agreement testing for 9 DOA contracts.

* We selected a 10th contract for testing, but the contract was terminated for convenience before any work was completed. Therefore, we could not test it.

[end of table]

For the nine contracts we reviewed, we found the following deficiencies:

• DOA used an outdated version of the Confidentiality Agreement, which did not include a reference to whistleblower protections for one contract.

• DOA did not execute and maintain Confidentiality Agreements for five contractors.

• DOA did not execute and maintain Confidentiality Agreements for all contractor personnel for six contracts.

One contract included in our sample (Contract No. CORHQ-18-C-0334) had an award amount of over $5 million and was designated by the FDIC as a “high risk” contract. This contract was for information technology services to support a high-performance research computing environment for use by FDIC divisions to conduct analytics on large data sets of failed bank data. The contractor and its personnel had access to highly sensitive FDIC information. It was not until we brought it to ASB’s attention on August, 24, 2021, that it obtained Confidentiality Agreements for key personnel. However, as of October 29, 2021, DOA ASB has not yet obtained Confidentiality Agreements for the contractor and non-key personnel for this contract.

During our review, DOA ASB obtained the required Confidentiality Agreements for contractors, key personnel, and non-key personnel for all other open contracts that we tested.23

Footnote: 23 - Two of the contracts included in our sample closed in June 2021. Therefore, ASB could not obtain required confidentiality agreements.

The lack of signed Confidentiality Agreements is a systemic weakness within the FDIC environment and is not isolated to the contracts we reviewed. Since 2006, we have reported several instances in which the FDIC did not consistently execute or maintain Confidentiality Agreements for its contractor and subcontractor personnel that handle sensitive information and provide critical services.

• In October 2021, we reported our concerns regarding the lack of signed Confidentiality Agreements and their importance for securing FDIC sensitive information.24

Footnote: 24 - OIG Report, The FDIC’s Information Security Program–2021 (FDIC OIG AUD-22-001) (October 2021). The OIG engaged the firm of Cotton & Company LLP to perform our annual audit under the Federal Information Security Modernization Act of 2014 (FISMA).

• In March 2021, we reported that the FDIC could not verify whether the EMCOR Government Services, Inc. (EMCOR) contractor and subcontractor personnel had completed Confidentiality Agreements, yet reported that 86 percent of EMCOR contractor and subcontractor personnel served in positions that the FDIC designated as either Moderate or High Risk.25

Footnote: 25 - OIG Report, Security of Critical Building Services at FDIC-owned Facilities (FDIC OIG AUD-21-003) (March 2021).

• In September 2017, we reported that the FDIC could not locate signed Confidentiality Agreements in the CEFile for 75 percent of separated contractor personnel (36 of 48 individuals).26 We made a series of recommendations to improve the FDIC’s controls for mitigating the risk of unauthorized access to, and inappropriate removal and disclosure of, sensitive information by separating personnel.

Footnote: 26 - OIG Report, Controls Over Separating Personnel’s Access to Sensitive Information (FDIC OIG EVAL-17-007) (September 2017).

• In October 2012, we reported that the FDIC did not consistently execute and maintain Confidentiality Agreements for contractor and subcontractor personnel with access to sensitive failed bank data.27 We recommended that the FDIC review all contractor and subcontractor employees assigned to the contract and execute Confidentiality Agreements. We also recommended that the FDIC enhance controls designed to ensure that Confidentiality Agreements are executed and maintained.

Footnote: 27 - OIG Report, Invoices Submitted by Lockheed Martin Services, Inc. under the FDIC’s Data Management Services Contract (FDIC OIG AUD-13-002) (October 2012).

• In September 2008, we reported that the FDIC did not maintain Confidentiality Agreements for 30 percent of the contractor personnel reviewed (14 of 46 individuals).28 These contractor personnel provided support for bank resolution and receivership activities. We recommended that the FDIC develop a control mechanism to ensure that Contracting Officers obtain signed Confidentiality Agreements from contractor personnel.

Footnote: 28 - OIG Report, Protection of Resolution and Receivership Data Managed or Maintained by an FDIC Contractor (FDIC OIG AUD-08-015) (September 2008).

• In January 2006, we reported that the FDIC did not maintain signed Confidentiality Agreements for 92 percent of the contracts reviewed (12 of 13 contracts).29 These contracts involved access to human resources information, such as employee benefits, and finance information. We recommended that the FDIC require contractors to sign Confidentiality Agreements.

Footnote: 29 - OIG Report, FDIC Safeguards Over Personal Employee Information (FDIC OIG EVAL-06-005) (January 2006).

Without required Confidentiality Agreements, the FDIC has reduced assurance that contractor personnel will understand their responsibilities for protecting the confidentiality, integrity, and availability of sensitive information. Further, the FDIC may face difficulty pursuing appropriate remedies against contractor or subcontractor personnel for unauthorized disclosure of sensitive FDIC information. Beyond the security concerns relating to the protection of sensitive FDIC information, Confidentiality Agreements can serve as a mitigating control in providing the FDIC with some assurance that contractors and subcontractors are informed of their whistleblower rights and protections. However, because Confidentiality Agreements were not always obtained, the FDIC lacks such assurance that contractors and subcontractors were informed of their whistleblower rights and protections.

As of October 13, 2021, a recommendation from our report on the Security of Critical Building Services at FDIC-owned Facilities to ensure that Oversight Managers obtain signed Confidentiality Agreements for all FDIC contracts remains unimplemented. The FDIC estimates it will complete corrective actions for this recommendation by December 31, 2021.

Recommendation

We recommend that the Deputy to the Chairman, Chief Operating Officer, and Chief of Staff:

8. Obtain the required Confidentiality Agreements for Contract No. CORHQ-18-C-0334.

Legal Division Deskbooks Are Unclear and May Be Inconsistent with FDIC Directive and Federal Law

The Legal Division Deskbooks state that contractor personnel are expected to direct all communications with FDIC personnel through their Oversight Attorney and require that all contact with FDIC personnel go through Legal Division.30 The Deskbooks also specify that contractors must forward any information that indicates possible criminal behavior to the Oversight Attorney. This language, however, is unclear and ambiguous, as a contractor or subcontractor whistleblower may interpret the guidance as exclusive – that is, a contractor or subcontractor may only report criminal behavior or allegations of fraud, waste, abuse, or mismanagement through the FDIC’s Legal Division.

Footnote: 30 - The Deskbooks state that contractors are expected to direct all communications to the Oversight Attorney, except when directly “responding to the FDIC's Office of Inspector General.” The Deskbooks suggest that these responses to OIG requests would fall within the context of an audit or review conducted by the OIG.

Such guidance in the Legal Division Deskbooks would be inconsistent with FDIC Directive 12000.01, Cooperation with the Office of Inspector General (FDIC Directive 12000.01) and the Inspector General (IG) Act of 1978, as amended.31 Specifically, FDIC Directive 12000.01 requires that contractor personnel directly and promptly report “actual or suspected fraud, waste, abuse, misconduct or mismanagement” to the OIG and states that the OIG may protect the identity of contractor personnel.32 The IG Act also allows anyone to make a confidential report directly to the OIG through its website hotline.

Footnote: 31 - Inspector General Act of 1978, section 8M(b)(2), as amended.

Footnote: 32 - FDIC Directive 12000.01, Cooperation with the Office of Inspector General, Responsibilities Section D.1.a and A.3, June 2021.

The current provisions within the Deskbooks may also be inconsistent with the reporting avenues provided for in 41 U.S.C. § 4712 and the FDIC contract clauses pursuant to 41 U.S.C. § 4712. For example, 41 U.S.C. § 4712 provides that contractor employee whistleblowers can make disclosures of wrongdoing to a Member of Congress, a Congressional committee, the GAO, an IG, a Federal or contractor contract oversight official, a court or grand jury, or an authorized member of the DOJ or other law enforcement agency.

Recommendation

We recommend that the General Counsel:

9. Clarify the language in the Legal Division Deskbooks that contractors and subcontractor personnel may report any allegations of a violation of law, rule, or regulation; or waste, fraud, abuse, or mismanagement to the Office of Inspector General or other oversight bodies.

10. Ensure that any updated guidance to the Legal Division Deskbooks complies with FDIC Directives and Federal statutes.

FDIC COMMENTS AND OIG EVALUATION

On December 21, 2021, the FDIC Deputy to the Chairman, Chief Operating Officer, and Chief of Staff and the General Counsel, provided a written response to a draft of the report, which is included in its entirety in Appendix 3. The FDIC concurred with 9 of 10 report recommendations, provided support to close one of the recommendations (Recommendation 8), and plans to complete corrective action for the remaining recommendations by May 30, 2022. Therefore, we consider these nine recommendations to be resolved.

The FDIC partially concurred with one recommendation (Recommendation 2). The FDIC proposed an alternative approach to address the recommendation that does not require updating the PGI. As the FDIC’s alternative approach satisfies the intent of the recommendation, we consider this recommendation to be resolved. The FDIC plans to complete corrective action for this recommendation by April 30, 2022. The recommendations will remain open until we confirm that corrective actions have been completed and are responsive. A summary of the FDIC’s corrective actions is in Appendix 4.

Appendix 1

Objective, Scope, and Methodology

Objective

The objective of our review was to determine whether the FDIC aligned its procedures and processes with laws, regulations, and policies designed to ensure notice to contractors and subcontractors about their whistleblower rights and protections.

We performed our work remotely as a result of the Coronavirus Disease 2019 (COVID-19) pandemic from June 2021 through November 2021. This review was performed in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Federal Offices of Inspector General (Silver Book). These quality standards, as contained in the Pandemic Response Accountability Committee Agile Products Toolkit (https://www.pandemicoversight.gov/media/file/agile-products-toolkit0pdf), include independence, analysis, evidence review, indexing and referencing, legal review, and supervision.

Scope and Methodology

Our scope included a review of DOA ASB and Legal Division efforts to incorporate whistleblower requirements for contractors into its contract practices. We obtained the amount that the FDIC spent on contract personnel within DOA and the Legal Division for the period September 1, 2018 through July 31, 2021.

To address our objective, we conducted the following procedures:

• Interviewed FDIC officials responsible for related whistleblower policy and procedures for contractors, including:

o DOA’s Acquisition Services Branch Policy and System Section personnel, and

o Legal Services and Special Contracts Group.

• Identified and reviewed applicable laws and regulations, including:

o 41 U.S.C. § 4712, and

o FAR Clause 52.203-17.

• Reviewed FDIC policies and guidance related to DOA and Legal contracting requirements and whistleblower rights and protections for contractors, including:

o FDIC’s Acquisition Policy Manual, Section 5.104(b) (2008);

o FDIC’s Procedures, Guidance, and Information Section 5.104(b), (2021); o FDIC’s Procedures, Guidance, and Information Clause 7.1.3-3 (August 2018), (2021);

o ASB Procurement Administrative Bulletin (PAB 2018-04), (2018);

o ASB Procurement Administrative Bulletin (PAB 2015-03), (2015);

o FDIC Confidentiality Agreements (FDIC Forms 3700/46 and 3700/46A), (2015);

o Legal Division, Outside Counsel Deskbook; and

o Legal Division, Legal Support Services Deskbook, (2020).

• Considered the following Department of Justice Office of the Inspector General and the Government Accountability Office reports:

o Department of Justice Office of the Inspector General, Management Advisory Memorandum, Notification of Concerns Regarding the Department of Justice’s Compliance with Laws, Regulations, and Policies Regarding Whistleblower Rights and Protections for Contract Workers Supporting Department of Justice Programs (21-038) (February 10, 2021); and

o Government Accountability Office, Contractor Whistleblower Protections Program: Improvements Needed to Ensure Effective Implementation (GAO-17-227) (March 2017).

• Reviewed the following OIG reports:

o OIG Report, FDIC Safeguards Over Personal Employee Information (FDIC OIG EVAL-06-005) (January 2006);

o OIG Report, Protection of Resolution and Receivership Data Managed or Maintained by an FDIC Contractor (FDIC OIG AUD-08-015) (September 2008);

o OIG Report, Invoices Submitted by Lockheed Martin Services, Inc. under the FDIC’s Data Management Services Contract (FDIC OIG AUD-13-002) (October 2012);

o OIG Report, Controls Over Separating Personnel’s Access to Sensitive Information (FDIC OIG EVAL-17-007) (September 2017);

o OIG Report, Security of Critical Building Services at FDIC-owned Facilities (FDIC OIG AUD-21-003) (March 2021); and

o OIG Report, The FDIC’s Information Security Program–2021 (FDIC OIG AUD-22-001) (October 2021).

• Coordinated with OIG Counsel to ensure understanding of applicability of laws and regulations to the FDIC.

• Selected a judgmental sample of nine ASB contracts to determine whether they included the required Whistleblower Rights Notification Clause and whether the FDIC obtained Confidentiality Agreements.

• Selected a judgmental sample of five Legal Division contracts to determine whether the Legal Division included the required Whistleblower Rights Notification Clause and obtained Confidentiality Agreements.

• Reviewed the FDIC Risk Inventory to identify Agency risks related to the objective.

Appendix 2

Acronyms and Abbreviations APM - Acquisition Policy Manual

ASB - Acquisition Services Branch

BOA - Basic Ordering Agreement

BPA - Blanket Purchase Agreement

CA - Confidentiality Agreement

CEFile - Contract Electronic File

CIGIE - Council of the Inspectors General on Integrity and Efficiency

DOA - Division of Administration

DOD - Department of Defense

DOJ - Department of Justice

EMCOR - EMCOR Government Services, Inc.

FAR - Federal Acquisition Regulation

FDIC - Federal Deposit Insurance Corporation

GAO - Government Accountability Office

IG - Inspector General

LSA - Legal Services Agreement

LSSA - Legal Support Services Agreement

LSSC - Legal Services and Special Contracts

NDAA - National Defense Authorization Act

No FEAR Act - Notification and Federal Employee Antidiscrimination and Retaliation Act

OIG - Office of Inspector General

PAB - Procurement Administrative Bulletin

PGI - Procedures, Guidance and Information

RBOA - Receivership Basic Ordering Agreement

U.S.C. - United States Code

Appendix 3

FDIC Comments

[FDIC Letterhead]

MEMO

TO: Terry L. Gibson Assistant Inspector General for Audits, Evaluations, and Cyber

FROM: Brandon Milhorn Deputy to the Chairman, Chief Operating Officer, and Chief of Staff

Nicholas J. Podsiadly General Counsel

DATE: December 21, 2021

RE: Management Response to the OIG Draft Audit Report, Whistleblower Rights and Protections for FDIC Contractors (No. 2021-015)

The FDIC appreciates the opportunity to respond to the Office of Inspector General’s (OIG) draft report titled, Whistleblower Rights and Protections for FDIC Contractors, issued on November 24, 2021. In annual messages to FDIC employees and contractors, FDIC Chairman Jelena McWilliams has expressed her support for these important rights and protections, as they empower individuals to provide information that helps the agency maintain a culture of transparency and accountability and improve our programs and operations. The FDIC regularly provides training to all employees and has placed informational posters throughout our facilities to inform employees and on-site contractors about their whistleblower rights and protections. In addition, there are other resources available, including Circular 2400.2, Whistleblower Protection Rights, and the Division of Administration (DOA) website.

Management Response to the Recommendations

The FDIC continuously strives to improve its whistleblower protection program. Our planned corrective actions will assist in effectively implementing the statutory requirement to protect contractor employees from reprisal for disclosing information that they reasonably believe evidences a violation of law, rule, or regulation; gross mismanagement; gross waste of funds; abuse of authority; or substantial and specific danger to public health or safety.

Recommendation 1: We recommend that the Deputy to the Chairman, Chief Operating Officer, and Chief of Staff conduct a review of open contracts awarded prior to 2018 with option periods remaining, to verify that the required Whistleblower Rights Notification Clause has been incorporated.

•Management Decision: Concur

•Planned Action: The Acquisition Services Branch (ASB) of DOA will modify applicable awards with the Whistleblower Rights Notification Clause by January 31, 2022.

• Estimated Completion Date: January 31, 2022

Recommendation 2: We recommend that the Deputy to the Chairman, Chief Operating Officer, and Chief of Staff update the PGI to (a) include guidance for modifying contracts awarded prior to 2018 with option periods remaining, and (b) remove the reference within the Whistleblower Rights Notification Clause to the “pilot program.”

•Management Decision: The FDIC partially concurs with part (a) of the recommendation. The FDIC agrees contracts awarded prior to 2018 with option periods remaining should be modified, but requests that the process for doing so not include updating the PGI. The PGI is intended to be forward-looking guidance that applies to all contracts issued after the date of a PAB. As a result, the recommendation to ensure the FDIC modifies a small subset of date-specific awards (e.g., “contracts awarded prior to 2018”) is more efficiently satisfied by reminding Contracting Officers about the requirements of those contracts as discussed in our alternative approach discussed below.

The FDIC concurs with part (b) of the recommendation.

•Planned Action: For (a), ASB will identify the applicable PABs in an area of the internal FDIC Buying Goods and Services webpage. ASB will provide guidance to Contracting Officers instructing them to review this consolidated collection of PABs and incorporate any appropriate contract clause language before issuing task orders, exercising options, or extending performance.

For (b), when the clause is updated, the reference to “pilot” will be removed.

• Estimated Completion Date: For (a), by January 31, 2022. For (b), April 30, 2022, when the clause is updated as discussed in our response to Recommendation 6 below.

Recommendation 3: We recommend that the General Counsel implement updates to the Legal Division Deskbooks to incorporate the Whistleblower Rights Notification Clause.

•Management Decision: Concur

•Planned Action: The Legal Division will obtain management approval of draft updates to the Deskbooks that incorporate language consistent with the Whistleblower Rights Notification Clause used by ASB.

•Estimated Completion Date: May 30, 2022, approximately 30 days after ASB completes changes to ASB’s Whistleblower Rights Notification Clause discussed below in our response to Recommendation 6.

Recommendation 4: We recommend that the General Counsel implement updates to the Legal Division LSSA to incorporate the Whistleblower Rights Notification Clause.

•Management Decision: Concur

•Planned Action: The Legal Division will revise existing Whistleblower Protections Clause, Sections 11.1-11.3, of Standard Legal Support Services Agreement (LSSA) Template, to be consistent with the revised ASB Whistleblower Rights Notification Clause.

•Estimated Completion Date: May 30, 2022, approximately 30 days after ASB completes changes to the Whistleblower Rights Notification Clause.

Recommendation 5: We recommend that the General Counsel implement internal guidance for Legal Division contracting to ensure that whistleblower requirements are implemented consistently across Legal Division contracts.

•Management Decision: Concur

•Planned Action: The Legal Division will obtain management approval of the Legal Contracting Manual/Job Aid currently under development, to include language consistent with the Whistleblower Rights Notification Clause used by DOA ASB.

•Estimated Completion Date: May 30, 2022, approximately 30 days after ASB completes changes to the Whistleblower Rights Notification Clause.

Recommendation 6: We recommend that the Deputy to the Chairman, Chief Operating Officer, and Chief of Staff, in coordination with the General Counsel, develop and implement procedures for the FDIC to ensure contractors carry out their obligations under the Whistleblower Rights Notification Clause, including methods for verification that (1) all contractor and subcontractor employees are notified of their whistleblower rights and protections, and (2) clauses are appropriately included in subcontracts.

•Management Decision: Concur

•Planned Action: ASB will modify standard clause 7.1.3-3 of the PGI to require FDIC contractors and subcontractors to certify that their employees have been notified of their whistleblower rights and protections and that the Whistleblower Rights Notification Clause is appropriately included in subcontracts.

•Estimated Completion Date: April 30, 2022

Recommendation 7: We recommend that the Deputy to the Chairman, Chief Operating Officer, and Chief of Staff, in coordination with the General Counsel, develop and implement a training program for contractors and subcontractors to ensure that they are properly informed of their whistleblower rights and protections.

•Management Decision: Concur. Under FDIC Directive 2400.2, the OIG designates a Whistleblower Protection Coordinator responsible for educating employees about whistleblower rights and protections. To that end, the OIG maintains the website on Whistleblower Protection for the FDIC (https://www.fdicoig.gov/whistleblower-protection), with educational material and resources on whistleblower rights and protections.

Given the OIG’s lead role and expertise in whistleblower protection, the FDIC requests that the OIG work with the Legal Division and ASB to develop and implement the recommended training. This approach would be consistent with actions recently taken by the Department of Justice (DOJ) in response to the DOJ’s Office of Inspector General, Management Advisory Memorandum 21-038 (Feb. 2021). DOJ established a contract clause that refers to training material created by the DOJ’s Office of Inspector General rather than the DOJ itself and the material includes an OIG brochure to be provided to contractor and subcontractor employees (https://oig.justice.gov/sites/default/files/2020-04/NDAA-brochure.pdf).

•Planned Action: The Legal Division and ASB will work with the Office of Inspector General to develop and implement training for contractors and subcontractors to ensure that they are properly informed of their whistleblower rights and protections.

•Estimated Completion Date: April 30, 2022

Recommendation 8: We recommend that the Deputy to the Chairman, Chief Operating Officer, and Chief of Staff obtain the required Confidentiality Agreements for Contract No. CORHQ-18-C-0334.

•Management Decision: Concur

•Planned Action: The Contracting Officer has obtained the required Confidentiality Agreements for Contract No. CORHQ-18-C-0334 and filed them in the electronic contract file.

•Completion Date: December 9, 2021

Recommendation 9: We recommend that the General Counsel clarify the language in the Legal Division Deskbooks that contractors and subcontractor personnel may report any allegations of a violation of law, rule, or regulation, or waste, fraud, abuse, or mismanagement to the Office of Inspector General or other oversight bodies.

•Management Decision: Concur

•Planned Action: Obtain management approval of draft updates to Deskbooks that incorporate language consistent with FDIC Directive 12000.01, Cooperation with the Office of Inspector General.

•Estimated Completion Date: April 30, 2022

Recommendation 10: We recommend that the General Counsel ensure that any updated guidance to the Legal Division Deskbooks complies with FDIC Directives and federal statutes.

•Management Decision: Concur

•Planned Action: The Legal Division will continue its regular quarterly review of Deskbooks for compliance with Directives and statutes.

•Estimated Completion Date: Ongoing. The Legal Division will complete its most current review by December 31, 2021.

Appendix 4

Summary of the FDIC's Corrective Actions

[table]

This table presents management’s response to the recommendations in the report and the status of the recommendations as of the date of report issuance.

Row 1; Rec. No. 1; Corrective Action-Taken or Planned: The Acquisition Services Branch (ASB) of DOA will modify applicable awards with the Whistleblower Rights Notification Clause; Expected Completion Date: January 31, 2022; Monetary Benefits: $0; Resolved:a yes or no: Yes; Open or closedb: Open

Row 2: Rec. No. 2; Corrective Action-Taken or Planned: ASB will identify the applicable PABs in an area of the internal FDIC Buying Goods and Services webpage. ASB will provide guidance to Contracting Officers instructing them to review this consolidated collection of PABs and incorporate any appropriate contract clause language before issuing task orders, exercising options, or extending performance. When the clause is updated, the reference to “pilot” will be removed; Expected Completion Date:April 30, 2022; Monetary Benefits: $0; Resolved:a Yes or No: Yes; Open or closedb: Open.

Row 3: Rec. No. 3; Corrective Action-Taken or Planned: The Legal Division will obtain management approval of draft updates to the Deskbooks that incorporate language consistent with the Whistleblower Rights Notification Clause used by ASB; Expected Completion Date: May 30, 2022; Monetary Benefits: $0; Resolved:a Yes or No: Yes; Open or Closedb: Open

Row 4: Rec. No. 4; Corrective Action: Taken or Planned: The Legal Division will revise existing Whistleblower Protections Clause, Sections 11.1-11.3, of the Standard Legal Support Services Agreement (LSSA) Template, to be consistent with the revised ASB Whistleblower Rights Notification Clause; Expected Completion Date: May 30, 2022; Monetary Benefits: $0; Resolved:a Yes or No: Yes; Open or Closedb: Open

Row 5: Rec. No. 5; Corrective Action: The Legal Division will obtain management approval of the Legal Contracting Manual/Job Aid currently under development, to include language consistent with the Whistleblower Rights Notification Clause used by DOA ASB; Expected Completion Date: May 30, 2022; Monetary Benefits: $0; Resolved:a Yes or No: Yes; Open or Closedb: Open

Row 6: Rec. No. 6; Corrective Action: ASB will modify standard clause 7.1.3-3 of the PGI to require FDIC contractors and subcontractors to certify that their employees have been notified of their whistleblower rights and protections and that the Whistleblower Rights Notification Clause is appropriately included in subcontracts; Expected Completion Date: April 30, 2022; Monetary Benefits: $0; Resolved:a Yes or No: Yes; Open or Closedb: Open

Row 7: Rec. No. 7; Corrective Action: The Legal Division and ASB will work with the Office of Inspector General to develop and implement training for contractors and subcontractors to ensure that they are properly informed of their whistleblower rights and protections; Expected Completion Date: April 30, 2022; Monetary Benefits: $0; Resolved:a Yes or No: Yes; Open or Closedb: Open

Row 8: Rec. No. 8; Corrective Action: The Contracting Officer has obtained the required Confidentiality Agreements for Contract No. CORHQ-18-C-0334 and filed them in the electronic contract file; Expected Completion Date: December 9, 2021; Monetary Benefits: $0; Resolved:a Yes or No: Yes; Open or closedb: Closed

Row 9: Rec. No. 9; Corrective Action: The Legal Division will obtain management approval of draft updates to Deskbooks that incorporate language consistent with FDIC Directive 12000.01, Cooperation with the Office of Inspector General; Expected Completion Date: April 30, 2022; Monetary Benefits: $0; Resolved:a Yes or No: Yes; Open or Closedb: Open

Row 10: Rec. No. 10; Corrective Action: The Legal Division will continue its regular quarterly review of Deskbooks for compliance with Directives and Statutes; Expected Completion Date: December 31, 2021; Monetary Benefits: $0; Resolved:a Yes or No: Yes; Open or Closedb: Open

a Recommendations are resolved when —

1. Management concurs with the recommendation, and the planned, ongoing, and completed corrective action is consistent with the recommendation.

2. Management does not concur with the recommendation, but alternative action meets the intent of the recommendation.

3. Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as management provides an amount.

b Recommendations will be closed when the OIG confirms that corrective actions have been completed and are responsive.

[end of table]

[end of report] [FDIC OIG Logo] Federal Deposit Insurance Corporation Office of Inspector General

3501 Fairfax Drive Room VS-E-9068 Arlington, VA 22226

(703) 562-2035

The OIG’s mission is to prevent, deter, and detect waste, fraud, abuse, and misconduct in FDIC programs and operations; and to promote economy, efficiency, and effectiveness at the agency.

To report allegations of waste, fraud, abuse, or misconduct regarding FDIC programs, employees, contractors, or contracts, please contact us via our Hotline or call 1-800-964-FDIC.

FDIC OIG Website; www.fdicoig.gov

Twitter; @FDIC_OIG

Oversight.gov, www.oversight.gov