340 likes | 366 Vues
This conference will cover the vulnerabilities of passport operations and recommended practices for passport handling, application and adjudication, issuance and delivery processes, as well as organizational and personnel issues. Topics include advantages of automated systems, funding, centralization vs. dispersed issuance, lessons from 9/11, G-8 efforts, and relevant experiences of 8 countries.
E N D
Passport Issuance Systems Regional Conference on Migration Vancouver Tuesday, 8 March 2005
Based on Informative Annex to Document 9303 What it does and does not cover The vulnerabilities of passport operations The need for issuance standards Recommended practices Passport handling process Passport application and adjudication process Passport issuance and delivery process Organizational and personnel issues What We Will Cover - I
Advantages of automated systems & MRTDs Need for senior management support Funding the costs Centralization vs. dispersed issuance Passports issued at posts abroad Summary of internal controls principles What We Will Cover - II
9/11 lessons – Impede the travel of terrorists G-8 effort: capacity building Relevant experience Critique and participation by 8 countries Not the final word: other ideas welcome What Led to Writing The Annex?
Talking here about preventing staff from engaging in internal fraud/malfeasance By following guidelines, it prevents one person from issuing a fraud unaided, and increases the possibility that attempts at fraud will be caught External fraud is the subject of a separate paper. What it Does and Does Not Do
Wide varieties of internal controls presented: pick and choose Protects staff who follow rules Makes it possible to identify internal malfeasance Makes it hard for managers to increase production by shortcutting internal controls Supports executive requests for resources Can be used by any organization producing security documents Intended Uses of The Annex
Passport is inherently valuable document Documents an identity and citizenship Allows entry to country of issue Essential tool for legal entry into other countries Passport document has become harder to alter or counterfeit Vulnerabilities of Passport Operations - I
This drives the criminal element to attack the issuing process Internally by “buying” an employee or placing criminal on staff to steal blank passports or assist in fraudulent issuance Externally, by deception, using falsified or genuine documents Vulnerabilities of Passport Operations - II
It is a given that your passport issuance system will be attacked Successful attack threatens internal security & has potential for costly costly criminal activity International reputation of your passport & its utility to citizens as a travel document Protection of passport application revenues Need for Passport Issuance Security Standards
Design, printing and shipping of blank passports Involvement of the passport issuing authority in design and selection of materials Production of, and accounting for blanks Security of passport blank production facilities Recommended Practices: Passport Handling Process - I
Passport Book Control Limiting access Tracking inventory control numbers Spoiled, defective and excess blank passports End-of-day reconciliation Recommended Practices: Passport Handling Process - II
Vulnerabilities of documents used as the basis for issuance Documents to establish identity and citizenship Importance of training on document characteristics On-line access to data bases to confirm documents Anti-Fraud specialist officers on staff Recommended Practices: Passport Application & Adjudication Process -I
Establishing clear procedural standards Random assignment of applications to staff Retain documents throughout process Handling of friends & family applications Thorough notations on applications Verifying questionable documents Complicated cases to senior staff Recommended Practices: Passport Application & Adjudication Process-II
Periodic and random audit and checking systems Routine local audits: periodic and random Management by sampling work in process Headquarters reviews with recommendations for improvement Recommended Practices: Passport Application & Adjudication Process-III
Verifying the identity of passport applicants The key to passport integrity First-time applicants – personal appearance as a minimum Documentary evidence Identifying witnesses Recommended Practices: Passport Application & Adjudication Process -IV
Replacement of lost/stolen passports Invalidate lost/stolen passports Get them into a data base & share with border Replacing should not be automatic Limiting replacements Recommended Practices: Passport Application & Adjudication Process-V
Biometric enrollment “Freezing” the identity Verifying the quality of biometric capture Verifying the biometric Recommended Practices: Passport Application & Adjudication Process-VI
Passport printers and other production equipment used in the issuance process The need for unique features capability Physical security of equipment Passwords and access codes for operation Tracking who approved and performed steps Recommended Practices: Passport Issuance & Delivery Process - I
Physical security of the passport issuing plant Government controlled buildings/space Presence of security personnel, alarms, TV, surveillance Special requirements for vault & book personalization Customers and security Protection of applications in process Recommended Practices: Passport Issuance & Delivery Process
Hiring of and standards of conduct for all staff Background checks – initial & continuing Telling new employees what is expected of them Authorities of direct hire staff vs. contractors Internal controls in employee position descriptions Recommended Practices: Organizational & Personnel Issues - I
Need for a legal framework Passport issuing authority & responsibility Requirements of those applying: Who is entitled? Fee setting Privacy of applicant information Defining types of criminal activity and specifying penalties Laws and regulations Recommended Practices: Organizational & Personnel Issues -II
Building an internal controls network A senior person at HQ and in each field unit should be assigned to oversee internal controls An internal controls standards handbook An ongoing search for vulnerabilities (systemic and operational) Recommended Practices: Organizational & Personnel Issues-III
Investigation and punishment of internal fraud Sources of allegations Investigative authorities Punishment – significant and public Lessons learned exercises Recommended Practices: Organizational & Personnel Issues - IV
Employee morale Money is not the only motivator Deterrence measures: (1) Crime does not pay You will be caught; we will prosecute; it isn’t worth the risk. (2) Encouraging loyalty: Adequate pay & benefits; enlightened management; making the employee feel part of a team Training Employee recognition systems Recommended Practices: Organizational & Personnel Issues-V
Name clearance systems Having an internal name check data base – sources of information Electronic vs. manual Matches and trials Recommended Practices: Organizational & Personnel Issues-VI
Speed Comprehensiveness - setting parameters Limiting access Recording access Allows for trackability & link analysis Promotes training Provides resources Advantages of Automated Systems
Treating internal controls as an important part of the process Approving the needed resources that are within your authority Being an effective advocate with more senior executives Management at all levels must be subject to the rules established Senior Management Support
Hard to quantify, but there are savings Efficiency promoted Government funding appropriate Prevention of criminal activity Reliable document for border control Respected document benefits to citizen travelers Ultimately, promotes respect for issuing country If no government funding, add to cost of passport Funding the Costs of Issuance Systems
Centralized issuance (production) provides the best controls & least expense But it may be inconvenient for citizens Some decentralisation is usually needed (distinction between production and registration is important) Minimum government security standards for all facilities Adjudication, issuance and internal controls must be uniform Changes, when made, should be system-wide (easier with centralised systems) Balancing Centralised vs. Dispersed Issuance
Adjudication standards uniform On-line access to clearance information Appropriate internal controls Headquarters review Emergency issuance and regional/centralised issuance Passports Issued at Foreign Service Posts
1. Senior management support is critical 2. Use automated systems whenever possible 3. Every facility including overseas posts must operate on the same standards 4. An angry employee is as great a threat as a venal employee 5. Account for blank passports from printing to personalization Summary of 15 Important Internal Controls Principles - I
6. Assure random assignment of applications to staff 7. Assure that no employee can take an application through the entire adjudication and issuance system 8. Build in regular and random checks and audits 9. Encourage staff to report approaches to malfease and suspicious activity by other employees 10. Use direct-hire government employees as authorizing officers and fraud prevention specialists Summary of 15 Important Internal Controls Principles - II
11. Establish clear procedural standards and make sure that employees know what they are 12. Use background checks when hiring and throughout employees’ careers 13. Be able to track who on staff worked on each application at every stage 14. Protect equipment from unauthorized use 15. Search constantly for unrecognized vulnerabilities Summary of 15 Important Internal Controls Principles -III
John Hotchner Director,Office of Passport Policy and Legal Advisory Services Passport Services Bureau of Consular Affairs U.S. Department of State Email: hotchnerjm@state.gov Tel: +1-202-663-2427 Fax: +1-202-663-2654 Thanks to: