U.S. Pension Agency Cited For Lax Controls
The federal corporation charged with rescuing Americans' pensions from financially faltering companies is receiving poor reviews of its own that are alarming the agency's internal watchdog and key members of Congress.
Over the past two years, the Pension Benefit Guaranty Corp. has lost Social Security numbers stored on an unsecured thumb drive, given erroneous information to lawmakers and even flunked its own financial management audit, a Center for Public Integrity review has found.
"PBGC did not have effective internal control over financial reporting (including safeguarding assets) and compliance with laws and regulations and its operations," Rebecca Anne Batts, the PBGC inspector general, wrote in a recent letter. Auditors hired by Batts' office found that the corporation suffered from a "material weakness," the accounting equivalent of an F grade.
The center's review of hundreds of pages of memos, audits and internal reports shows the PBGC has been unable to make several guarantees about its own work -- in some cases misleading Congress and its inspector general into believing long-simmering problems were resolved.
"Providing false information to OIG or Congress can be a criminal violation," Sen. Charles Grassley of Iowa, the senior Republican on the Senate Finance Committee, warned in a letter March 31 that was provided to the center. Grassley chided the corporation for its "apparent dishonesty" in claiming it fixed long-simmering problems when it did not.
Created in 1974, PBGC is essentially the government's insurance program for retirees. It protects the pensions of approximately 44 million workers and retirees in more than 29,000 private defined benefit pension plans that promise a fixed monthly payment to retirees for life. When a covered company's pension plan defaults, PBGC swoops in and protects workers' retirements.
The corporation receives no tax dollars, funded instead by insurance premiums paid by pension plan operators, investments and assets it recovers from companies whose pension plans needed to be rescued.
A Litany Of Problems
Getting its story straight with Congress is just one of PBGC's problems.
The corporation has been criticized for letting its contractors hire employees with inadequate experience or education, and it has been cited repeatedly since 1997 for failing to create a unified financial management system to better safeguard its funds. It lacks the ability, for instance, to independently confirm the investment revenue figures reported by a contractor hired to engage in securities lending on its behalf, according to audit reports and interviews.
"I am acutely aware that every dollar spent on a contractor who doesn't provide the promised level of service or who doesn't provide contract workers with the minimum qualifications needed to do the job is a dollar that is not available to pay the pension benefits of the workers that PBGC was created to protect," Batts said in an interview.
In addition, former PBGC Chief Executive Charles Millard was the subject of a yearlong criminal investigation that ended in March with no criminal charges but a conclusion that his conduct raised "serious ethical concerns," documents show.
Such systemic problems are of acute concern to lawmakers like Grassley and Democratic Sen. Herb Kohl of Wisconsin, the chairman of the Senate Aging Committee, particularly because the corporation's own long-term financial outlook has worsened over the past few years.
Kohl, who is pressing for legislation to strengthen the PBGC's oversight, said the corporation's "long-running problems ... should serve as a wake-up call to Congress."
"Nearly 1 in 6 Americans relies on the PBGC to guarantee the pensions they've worked a lifetime for. The agency is far too important to let it operate without adequate oversight," he said.
Working On Fixes
In an interview, PBGC Acting Director Vincent Snowbarger said the corporation is taking steps to fix the problems that led to the adverse audit finding and the communication gaps that led his agency to provide erroneous information to Congress and its inspector general.
"Some of it is human error. Some of it is sheer sloppiness. And some of it is when an executive takes information from down below and doesn't check its accuracy. All of it needs to and will be fixed," Snowbarger said.
While fixing communication problems should theoretically occur quickly, officials cautioned that addressing some of the systemic problems -- like finishing a long-overdue unified financial management system or fortifying the agency's information technology security -- will take time, making it likely that PBGC will carry the stain of a material weakness finding on its audits for as many as three to five more years.
PBGC officials said in the meantime the corporation is still able to perform its primary mission of making good on a growing number of pension obligations from companies that have collapsed.
"We're not this rogue agency out there, about to fall off a cliff. ... We have had no adverse results from this," General Counsel Judith Starr said in an interview.
Starr went on to say, however, that senior executives agree the problems have "been going on long enough. We've been trying to fix this and we need to be much more comprehensive in our approach."
When the recession struck, the corporation's long-term financial outlook worsened in large part because the number of faltering U.S. companies with pensions that might need to be rescued ballooned.
PBGC reported in November that its deficit -- the gap between its current assets and its future obligations -- grew from $11.2 billion in fiscal 2008 to $21.9 billion in fiscal 2009, reversing several years of progress.
Meanwhile, the corporation reported its potential obligations to cover future pension losses from financially troubled companies more than tripled from $47 billion at the end of fiscal 2008 to about $168 billion at the end of last year.
Among the companies whose pensions PBGC has recently been forced to assume are the electronics retailer Circuit City, the IndyMac Bank and the Lehman Brothers investment firm.
To ensure its own health, PBGC undergoes two audits each year. One determines if its books accurately reflect its financial state and the second reviews whether it has adequate internal controls over its finances to ensure it complies with laws and regulations and spends its money wisely.
PBGC passed the first audit at the end of 2009 with an unqualified or clean finding, the 17th straight year it has done so. But Batts and the outside auditor on Nov. 12, 2009, flunked the corporation on its internal controls, citing three serious deficiencies that they said amounted to a material weakness.
Batts' auditors specifically cited the corporation's failure to safeguard its sensitive data, alleging it falsely claimed it had fixed problems.
George Mason University professor Anthony Sanders, a financial accountability expert who has testified before Congress, said the PBGC's inability to pass its own internal controls audit raises the question, "How can we rely on this corporation to successfully audit these failing pensions? It tells us they may not be up to the task."
A bigger concern, Sanders said, is that politicians are failing to address the likelihood that PBGC eventually won't be able to meet its obligations. "We have to first be rethinking our whole approach to pension benefits because clearly that model is broken and cannot be sustained," he said.
Snowbarger, the acting director, said PBGC faces no short-term cash flow problems, in part because the corporation has assumed cash and other assets from a large number of failed companies whose pension plans have been taken over. But those assets will run out over time, and lawmakers will be forced to decide whether the government assumes those liabilities.
The inspector general's office has warned PBGC for years before November's audit about weaknesses in its procurement processes, its internal controls over its accounting practices, and information technology security.
In fact, the IG disclosed in an April 26 letter to Congress that 201 proposed solutions to problems identified as far back as the late 1990s still have not been implemented.
For instance, IG reports dating several years back warned PBGC that it lacked a comprehensive and secure information technology platform.
A Security Breach
So it came as no surprise to insiders when a flash drive with sensitive pension data was lost.
A Transportation Security Administration employee was heading home from work in 2008 when he spotted a computer thumb drive lying in the parking lot of a Cleveland commuter train station. The worker popped the thumb drive into a computer and discovered it had 1,300 Social Security numbers, account details from PBGC-protected pensions and actuarial data from other private pension plans, according to Batts' office.
"Not exactly the sort of stuff you want lying on the ground of a public train station," Batts said.
Batts said she ultimately concluded that a supervisor and employee for a PBGC contractor had downloaded unauthorized pension account data. The information was stored on a flash drive with no encryption or password protection, leaving it exposed when it fell out in the train station lot.
After the episode, Batts pressed PBGC anew to finally address its information security weaknesses.
The corporation reported back a few months later that it had implemented 45 of the 65 recommended security enhancements.
The action plan sounded great -- until Batts' team went to check. She found the fixes did not exist, according to documents and interviews.
"PBGC fabricated this follow-up action," Grassley concluded in a March 31 letter to the corporation.
Batts ultimately concluded that PBGC failed to implement any of the 65 "common security controls" it had promised.
Recent changes in the corporation's information technology leadership have resulted in some progress in creating a more efficient, more secure technology system, according to both Snowbarger and Batts. PBGC's former chief information officer left the corporation in November.
Fixes That Weren't
But the pattern of claiming fixes that didn't occur has persisted. After Batts' office raised concerns about two actuarial contracts that ballooned to $15 million in costs, corporation officials promised they had made changes to ensure that the corporation could verify it got the services it paid for. The corporation even stated in writing that the corrective actions were "approved," "in place" and "effective," according to Grassley's letter.
Not true, Batts found, when she went back to check. In fact, 17 fixes for procurement problems stemming from four separate audits were inaccurately reported to be implemented.
In an April 14 letter to Grassley, Snowbarger acknowledged a "number of shortcomings" and communication breakdowns but insisted that "any implication that PBGC employees have been fraudulent or dishonest in their dealings with Congress or the OIG is unwarranted." Instead, Snowbarger said, the misinformation sent to Congress "involved failures of communication and/or good faith errors."
John Solomon is a journalist-in-residence at the Center for Public Integrity. A fuller version of this story can be found on the Center's website.
Copyright 2022 NPR. To see more, visit https://www.npr.org.