SUPPORTING STATEMENT FOR
PAPERWORK REDUCTION ACT SUBMISSION

Risk Analysis and Management: OMB Number 1405- XXXX

A. JUSTIFICATION

1. The information collection is necessary to assist the Department in formalizing its “due diligence” efforts to ensure that State funds do not inadvertently benefit terrorists or their supporters. While the procedures in place both at the Department and among our contractors and grantees diligently seek this end, they are not able to access all the relevant information available to the U.S. Government on terrorist organizations and their supporters. Internal planning for a vetting effort across the Department resulted in plans to conduct a pilot program, testing a risk based model that was authorized in January of 2011. Congress authorized the use of funds for such a pilot in the FY 2010 Department of State, Foreign Operations, and Related Programs Appropriations Act, carried forward in FY 2011 under the Continuing Resolution and directed that it be conducted jointly with USAID. The FY 2012 Appropriations Act directed it commence no later than September 30, 2012.

2. Information collected by RAM will be checked by State employees or contractors against public and U.S. government databases to ensure that “key employees” of firms bidding for State contracts and grants do not have ties to terrorist organizations nor are supporters of such organizations.

3. The information collected may be submitted electronically via a “secure portal” –as well as by email or fax -- from the organization being vetted to the Department’s Risk Analysis and Management office for processing. The Department is following the procedure being implemented by USAID for submission in order to both reduce the burden on the organizations complying and to improve the security of the PII being collected. During the pilot period, and in response to comments received from the public, we will allow paper submissions of the form, but intend to move to all electronic submissions if and when the program is retained beyond the pilot year.

4. The Department has reviewed its contracting and grant making procedures and determined that the information proposed for collection is not collected from the organizations being vetted in any other channel. While State and USAID will collect the same type of information from respondents (i.e. PII from the key individuals of contractors and grantees of each agency) the differences in State’s mission from that of USAID should ensure that there is little overlap among the people on whom we will respectively collect this information. Even in the event that the same company bids on a contract or solicits a grant from both agencies, it is unlikely that the contract team would overlap.

5. The collection does not substantially impact small business or other small entities.

6. Failure to collect the proposed information may result in the inadvertent provision of State funds to terrorist organizations or their supporters. Organizations will need to report the information herein proposed for collection more than once per year only if the “key individuals” identified by the organization in their initial submission change during the course of the contract work they perform for the Department.

7. The information collection is conducted in a manner consistent with the guidelines in 5 CFR 1320.5(d)(2).

8. The subject notice, published on October 20, 2011 in Vol. 76 No. 203 of the Federal Register (76 Fed. Reg. 65,317), sought comments on the Department’s plans to obtain OMB approval for the above named collection request. The notice elicited ten sets of comments from fourteen distinct organizations. The Department has read and considered the comments received and offers the following response:

Comment: The program described in our notice is unnecessary. Nearly every organization commenting upon the notice maintained that setting up an office within the Department of State to vet contractors and grantees for links to terrorists or their supporters duplicated the efforts already taken by NGOs and contractors working for the Department to screen their personnel for precisely this purpose. All point out that they routinely check the OFAC list of terrorist organizations and Specially Designated Nationals, utilize specialized local knowledge to screen personnel for loyalty and dedication to the organization’s goals, and perform certifications of these efforts. Many organizations maintain that there is no evidence of any diversion of US government funds to terrorist organizations or individuals from State Department contracts or grants, making the RAM program unnecessary.

Response: The State Department routinely employs standard business “due diligence” processes to ensure that organizations bidding on our work abroad are both qualified to perform the work they seek and are clean of any ties to terrorist organizations and/or corrupt practices. Contracting and Grant Officers examine business sources, US government records, and other publicly available information to ensure proper use of appropriated funds in the contracting and grant making process. However, in order to consult classified US government databases that contain detailed information on terrorist groups and their supporters, such officers need additional information from organizations seeking contracts or grants. As much as the international community attempts to make such information available to organizations requiring it, much that is known to the US government is available only in classified holdings. Accordingly, while organizations may be diligent in their efforts to screen their personnel, they do not have access to all relevant information available to the United States government. Thus, the State Department effort does not duplicate what is done by the private sector. A persistent criticism of US government agencies charged with ensuring security since 9/11 has been that of a failure to “connect the dots” of disparate information, which if known together, might avert terrorist attacks or frustrate terrorist support networks. The RAM program is an effort to assess the potential for benefit from the widest possible consultation of all available resources, including that of the US government. The sustained and successful effort that USAID has made in its program on the West Bank and Gaza to vet organizations and individuals for ties to terrorists suggests that broader use of vetting programs may be appropriate. The State Department will begin with a one-year pilot to assess the merits of a broader program and which should provide us with solid data to demonstrate whether or not further vetting is appropriate.

Comment: A majority of the organizations responding to our notice commented that they could not assess the burden of complying with our information collection requirement were it to be enacted, since the process was insufficiently detailed to allow them to make the assessment. They pointed out that the “risk based model” we intend to use did not allow them to calculate the likelihood of any given project being vetted and that ambiguity over what constituted “key personnel” made it impossible for them to predict how many of their employees would be subject to the information collection requirement. One organization erroneously believed that all of their employees in a particular country would need to be screened, imposing an unacceptable burden upon their operations.

Response: The informational collection burden will vary depending upon the number of grants and contracts the organization applies for, the size of the organization, and the number of key individuals involved in implementation of State Department funding. The notice makes clear that the information will be collected for directors, officers and key employees. The number of key employees may vary from project to project, depending upon the scope of the project for which funding is sought. While it is true that the exact manner by which State will assign a risk factor in its model has not been fully defined, the use of such a model is a good faith attempt to limit the scope of our collections using factors that, taken together, allow us to focus on programs that present the greatest risk of terrorist diversion. We believe that organizations performing foreign assistance and development work abroad can make a reasonable estimate of the burden of compliance from the information furnished thus far.

Comment: Many organizations noted that State and USAID will use different forms to collect PII despite the Congressional mandate to operate a “joint” program, maintaining that we are thereby disregarding the instruction of Congress and increasing the burden on the organizations needing to comply.

Response: The Department of State and USAID are agencies with differing programs and differing operational models. USAID’s development work abroad is basically organized and supervised from abroad, with the USAID Mission conducting far more of the business of contracting and grant making than is typical of State, which uses a centralized Washington based model. Some of the detailed information needed to locate and monitor contracts and grants diverge, and it is impractical to attempt to unify these business models for the purpose of the vetting program. The Department of State, Foreign Operations, and Related Programs Appropriations Act, 2012 directs both agencies to use funds to support the development and implementation of a Partner Vetting System (PVS) pilot program but does not specifically mandate that all requirements shall be identical as between the two agencies. State and USAID are coordinating efforts whenever possible, but we cannot, nor were we directed, to operate an identical program. The different forms overlap substantially but differ where it is necessary to accommodate the differing business models of the two organizations. Since we anticipate that the data will be collected electronically via a secure portal that routes the information to USAID or State automatically, the burden of having to respond to both agencies –were that to be necessary – should be minimal (equivalent to replicating already existing data on two forms with the click of a mouse) and the privacy concerns ameliorated by the segregated channel. We believe the added burden of the two separate forms represents a modest increase in burden on complying organizations and is essential to allow the pilot to work properly. Regarding the claim that our efforts are inadequately coordinated with those of USAID we will state that the pilot program is one that is explicitly modeled on that of USAID in conception and procedure. We have consulted with our sister agency at every step of the way, have a formal coordination mechanism in place that is utilized at least on a weekly basis and informal consultations that take place several times a week. We talk with and meet with USAID’s Afghanistan team via our our Kabul based coordinator and are regularly consulted by USAID’s Washington based vetting managers and security experts. We are truly a model of inter-agency coordination in this effort.

Comment: A number of organizations noted the inclusion of Afghanistan specific data in the proposed form and suggested that this was a) beyond the scope of the program authorized by Congress, and b) a clear indication that we had pre-judged the outcome of the pilot in the direction of permanence. They also suggested that the Department’s goal of “validating the risk based model” shows that we will prove the need for an expanded program.

Response: The currently applicable appropriations act does not restrict the implementation of vetting programs by the State Department and USAID. The State Department and USAID plan to focus efforts on a jointly run pilot program. This does not, however, preclude the Department of State and USAID from exercising due diligence to insure the integrity of the contracting and grant making process outside of the pilot program. Afghanistan, by the very nature of the war zone environment and heavy reliance on in-country contracting in keeping with the Counter Insurgency strategy being followed there, requires heightened diligence. Neither State nor USAID is implementing PVS in a comprehensive fashion worldwide. Furthermore, inclusion of Afghanistan in the forms does not prejudge the outcome of the pilot program. We were concerned that including Afghanistan among the five pilot countries would skew the data results for the pilot; that is why we each decided to perform any vetting in Afghanistan separately, without mixing its data with that of the pilot. The goal of seeking to “validate the risk based model” simply means that we seek to discover whether or not our assignment of risk to any given project corresponds to the results of the vetting process; it is a methodological issue and does not in any way prejudge the results of the pilot.

Comment: Every organization commenting upon the proposed collection voiced concern that their compliance with a US government mandate to furnish personal information about their “key individuals” for use in checking classified databases would create the impression abroad that they were collecting intelligence for the U.S. government. Most believed that this impression would increase the danger under which they operated overseas, and most also felt that it undermined the trust they had earned abroad and which was essential to their operations.

Response: Some of the concern expressed results from the misconception that the PII collected in this program will be entered into and retained by classified US government databases and used to create a sort of “blacklist” of organizations and/or individuals who will be barred from seeking US government contracts and grants. In fact, the PII collected will be used for screening the key personnel of a particular contract or grant and will not prejudice an organization’s eligibility to bid on other projects. The only information about any individual being vetted that would be retained by other agencies beyond USAID would be if those individuals were already identified in the data holdings of the other agency. The Statement of Records Notice (SORN) recently published in the Federal Register (REF: System of Records: State-78; published 6 December 2011, Volume 76, Issue 234) about the RAM program’s database should allay some of the concern expressed about the foregoing issues.

More serious is the concern that cooperating with this collection might endanger the personnel of the organizations complying with the request due to the perception of linkage with US intelligence gathering. We cannot, of course, control the perceptions of other parties about US government activities and must acknowledge the possibility of such a view; however, those organizations relying on US government funding for their operations already face such suspicions among hostile parties and certainly among terrorist organizations who would likely be the sources of any threat against their personnel. The information being requested is that which most organizations maintain on their key employees and its provision need not be a high profile activity. USAID’s experience operating in the West Bank and Gaza suggests that these concerns can be managed without damage to our foreign assistance or to the cooperation that implementing partners count upon for success and security. At the end of the day, the US government has a responsibility to take those actions that will effectively safeguard taxpayer funds from misuse and deprive terrorist organizations and their supporters of money needed for their operations. The Department will consider this concern as one among many when evaluating the results of the pilot program.

Comment: Some organizations believe that their cooperation with the US in providing personal information for vetting by the US government will cause foreign organizations they count upon for their operations abroad to decline to work with or for them.

Response: Our experience has been that organizations advancing humanitarian and foreign assistance operations adapt to requirements that are rationally founded. Due diligence for terrorism connections has increased substantially in the wake of 9/11 without jeopardizing operations, and we believe that the demands of this program will not preclude our implementing partners’ ability to find subcontractors and/or employees abroad. This factor will also be evaluated as part of the pilot program.

Comment: Two organizations challenged the description of compliance with the collection requirements of the program as “voluntary”, noting that while no one is required to apply for a US government contract or grant, those who do so will find themselves compelled to comply with this collection requirement.

Response: The collection is correctly characterized as voluntary. Consistent with guidance under the Privacy Act, the Department only characterizes a collection as mandatory when the provision of the information is specifically mandated by law and when the failure to provide the information may result in a specific penalty.

Comment: One organization requested procedural amendments to the program, asking that we provide any party denied a contract or grant due to the results of the vetting with an explanation and a chance to contest the results.

Response: The Department plans on incorporating such procedures into the program to the extent that it is possible consistent with the handling and protection of classified information. Organizations will be given a reason for denial of contract or grant due to vetting, with the maximum amount of detail allowed by the nature and source of the information that led to the decision, and they will be allowed to challenge the decision. Vetting results will either be “pass” if no derogatory information is attached to a name or “fail” if derogatory information is both material and sufficiently serious to require removal of the firm from competitive range bidders.  A pass will simply be recorded and communicated to the contracting officer who may then proceed to make an award without further reference to the vetting unit (and the contracting officer may communicate the pass to the vender if they choose to do so); a fail will be communicated to the prime contractor by the contracting officer, along with what information we may pass, consistent with the protection of classified information and the rules on disclosure of the owner of the information, on the reason for the failure.

9. There is no offer of monetary or material value for this information.

10. The Department’s System of Records Notice (SORN) published in the Federal Register (Federal Register Volume 76, Number 234 of Tuesday December 6, 2011; Notices, pgs. 76215-76217) described the manner in which PII furnished by respondents would be handled in full compliance with the Privacy Act.

11. No such questions are posed in this collection.

12. We estimate 1250 respondents providing 6250 individual responses costing 7813 hours total per annum. The estimate was derived from a survey of the number of contract and grant actions of the five pilot posts combined for FY2010 (the latest year for which we had figures when making the estimate), subtracting a percentage to allow for low risk activities that would not need to be vetted and estimating 3 to 5 firms qualifying at the “competitive range” where the vetting would be required. We then physically performed the collection task using information available to us on our own staff and recorded the time it took. We estimate this burden to be 1.25 hours per response. The collection is essentially a clerical task involving low level employees whose wage rates we estimate at somewhere between $10 and $15 dollars per hour yielding a range of cost of $78,130.00 to $117, 195.00 for all respondents combined.

13. Respondents are being asked to provide information on “key employees” that they should already have available and which would require no other action than its provision via email or electronic portal delivery. No additional cost should be involved.

14. The collection is in support of a pilot, one of whose purposes is to assess precisely the need for retention and/or expansion of the program more broadly. The cost for processing the data collected reflects the salaries of $113,000.00 per annum each for 2 full-time GS-13 employees ($226,000.00 per annum). The GS-13 level reflects the minimum grade at which employees experienced in researching intelligence files with the proper clearance levels can be found. The Department has chosen to replicate, modify and deploy the USAID information collecting system named PVS. The modification of the system to support the Department’s pilot program is $805,000. This brings the total burden to the US government for performing vetting on the estimated 6250 respondents to $1,031,000.00, of which $226,000.00 are recurring costs.

15. This is a new collection.

16. There will not be statistical information published from this information collection.

17. The Department will display the expiration date for OMB approval on the information collection.

18. The Department is not requesting any exceptions to the certification statement requirements.

B. COLLECTION OF INFORMATION EMPLOYING STATISTICAL METHODS

This collection does not employ statistical methods.