U.S. flag

An official website of the United States government

Auditing Payments

Internal Controls

Internal Controls Overview

Section 9040— Federal Entity and Treasury Responsibilities in Managing an SVC Program

9040.10— Federal Entity Responsibilities

Each federal entity must manage its own participation in a Treasury SVC program in accordance with the requirements of applicable federal law, this chapter, the agreement between Fiscal Service and the federal entity (see section 9030), SVC policies, and other governing documents, for example, SOPs. For any given SVC program, a federal entity may elect to distribute SVCs and PINs directly to its cardholders or, alternatively, may ask Treasury to direct Treasury’s financial or fiscal agent to distribute the SVCs and PINs directly to cardholders, as approved by the federal entity. In managing an SVC program in accordance with the agreement, SVC governing documents, and federal entity-specific procedures, the federal entity:

  • Ensures appropriate anti-money laundering controls and procedures are in place in order to document the flows of monies onto or off of the card (at federal entity locations),
  • Assists Treasury with efforts to collect unpaid balances owed to the funds pool by merchants, SVC holders, and other SVC program participants (other than losses as a result of theft, fraud, or unauthorized use of an SVC). Collection efforts include, but are not limited to, contacting the cardholder, processing wage offsets, and other collection activities,
  • Ensures the proper maintenance of SVC program hardware and equipment, including POS terminals, laptops, kiosks, CADs, SVCs, and other items associated with the SVC program that are delivered to federal entity locations,
  • Provides SVC cardholders with all disclosures, agreements, instructions, and other communications required by federal laws, regulations, policies, and procedures (see subsection 9040.50), and makes necessary adjustments as these requirements change,
  • Complies with Treasury’s and the federal entity’s security and internal control procedures, including but not limited to procedures with respect to lost or stolen SVCs (see subsection 9040.30),
  • Manages the federal entity-specific software and hardware certification process,
  • Funds the SVCs (see subsection 9040.40),
  • Fully supports any updates to SVC hardware, software, and related equipment,
  • Provides communication protocols for kiosks and other SVC devices,
  • Protects the confidentiality of any Privacy Act, confidential, or nonpublic information provided to the federal entity in connection with an SVC program, when the data is within the federal entity’s custody or control,
  • Properly accounts for and reports the funds allocated to SVCs (see Section 9050),
  • Ensures the timely and accurate transmittal of transaction processing files from SVC devices (e.g., laptops, POS terminals, CADs, and kiosks) to Treasury-designated financial or fiscal agents, as applicable,
  • Pays fees associated with the federal entity’s implementation of the SVC program (see Section 9060),
  • Aggressively investigates and prosecutes (or assists in investigations and prosecutions of) end-user theft, fraud, unauthorized use, or other improper use of the SVC service that occurs in federal entity areas of operation and assists in obtaining restitution for the party suffering the loss,
  • Compensates the SVC funds pool for losses that result from theft, fraud, unauthorized use, or other improper use of SVC equipment or resources for which the federal entity is responsible, unless the funds pool has been reimbursed from other sources or Treasury determines that such compensation is unnecessary or does not serve the SVC program’s best interests,
  • Maintains responsibility for all federal entity and accountable officer SVC functions performed by the federal entity’s contractors (if any). These duties may include, but are not limited to, back-office functions (e.g., obtaining an ATO, generating federal entity documentation for interagency meetings, etc.) and customer-facing functions (e.g., disbursing/finance office functions, etc.) that the federal entity allows a contractor to perform,
  • Manages the SVC equipment, inventory and distribution of SVCs to authorized SVC cardholders, except as these duties may be performed by a Treasury-designated financial or fiscal agent at Treasury’s direction,
  • Uses the required SVC equipment as designated by Treasury or its financial or fiscal agent,
  • Complies with SVC enrollment processes, including the timely, accurate transmittal of required enrollment information and documentation to Treasury-designated financial or fiscal agents, as applicable,
  • Trains federal entity employees on proper implementation and management of the federal entity’s participation in a Treasury SVC program, and
  • Maintains full accountability of any SVC equipment in their inventory. Treasury, in consultation with the federal entity and as described in the agreement or other governing documents (for example, SOPs), assigns other responsibilities to the federal entity as necessary or desirable for a particular SVC program.

9040.20— Treasury Responsibilities

Treasury, either directly or through its designated financial or fiscal agent, assists an federal entity with the implementation and operation of the SVC program(s) for the federal entity. In accordance with the agreement and SVC governing documents, Treasury:

  • Provides software and hardware upgrades and enhancements through the Treasury-established change management process,
  • Files a Suspicious Activity Report (SAR) with appropriate regulators and notifies law enforcement when there is evidence that the card is being used for an unauthorized purpose, such as money laundering or as a vehicle to commit a financial crime,
  • Assists federal entity in certifying the SVC software as required by the federal entity-specific hardware and software certification program,
  • Manages the proper distribution of, and accounting for, SVC program funds pools, including residual funds on expired SVCs (see subsection 9040.60),
  • Provides financial and other reports on the SVC cards, transactions, and settlement activity,
  • Provides SVC hardware and card stock to the federal entity,
  • Protects the confidentiality of any Privacy Act, confidential, or nonpublic information in connection with an SVC program, when the data is within the custody or control of Treasury or Treasury’s financial or fiscal agent,
  • Provides customer service to the federal entity with respect to the use of SVCs, SVC software, and its systems,
  • Provides customer service to all SVC cardholders,
  • Trains federal entity personnel on the operation of the SVC program and systems,
  • Provides the federal entity with the disclosures and other SVC program information that the federal entity must provide to the SVC holders,
  • Designates official and up-to-date points of contact for operations at Treasury and its designated financial or fiscal agents,
  • Designates and compensates a financial or fiscal agent to operate the SVC program and manage the SVC funds pool(s),
  • Provides a mechanism to transfer funds associated with the SVC program,
  • Provides marketing services,
  • Assists with the deployment of the SVC program at locations determined by the federal entity in consultation with Treasury,
  • Provides hardware delivery tracking reports, which contain information about SVC program hardware shipped to and from federal entity locations,
  • Provides timely expense reports and invoices for fees and costs incurred by the federal entity,
  • Assists with the efforts of the federal entity and law enforcement officials to investigate and prosecute cases of waste, fraud, or abuse within the SVC program, and to collect restitution for the funds pool when such restitution is available,
  • Provides SVC software and documentation to the federal entity, as necessary to implement and manage the SVC program, and
  • Establishes a formal process to implement and manage software and other technical changes to the SVC program,

9040.30—Security and Internal Controls

The federal entity must establish and implement policies governing security and internal controls with respect to its SVC program in conformance with Government-wide and Treasury policies and procedures. The federal entity must establish and implement controls to protect against:

  • Loss, theft, and fraudulent or unauthorized use of SVC equipment, card stock inventories, preprinted forms, and other items used to access SVC systems, when such items are within the custody and control of the federal entity,
  • Loss, theft, and fraudulent or unauthorized disclosure of PINs, when PINs are within the custody and control of the federal entity,
  • Loss, theft, and fraudulent or unauthorized use of SVCs and SVC hardware in the custody and control of the federal entity or its contractor's illegal use of the card as a money-laundering vehicle,
  • Fraudulent or unauthorized use of on-line or off-line SVC software under its control, and
  • Other losses caused by theft or fraudulent or unauthorized activities in the federal entity’s implementation of the SVC program.

The federal entity’s procedures must include a process for promptly reporting, and for educating SVC holders on how to promptly report, to Treasury or Treasury’s financial or fiscal agent any loss, theft, or fraudulent or unauthorized use of SVC cards, PINs, passwords, or other security breach or malfunction involving the SVC program.

The federal entity must implement an internal audit process to review and recommend internal controls and safeguards with respect to its SVC program in conformance with Government-wide and the minimum Treasury policies and procedures. Periodically, Treasury and the federal entity review and update the criteria upon which the audit reviews are based.

9040.40—Funding SVCs

Each federal entity is responsible for fully funding the SVC funds pool for the total value of SVCs issued or loaded by the federal entity or Treasury’s financial or fiscal agents, in accordance with the agreement between the federal entities or other governing documents (for example, SOPs) for the federal entity’s implementation of the SVC program(s). For value loaded into the SVC program by SVC cardholders at kiosks, the federal entity and Treasury work collaboratively to ensure full collection from the SVC holder (see Section 9030 for information on the MOU).

9040.50—Disclosure

The federal entity must provide SVC cardholders with all necessary disclosures as required by law, including but not limited to, disclosures required by Regulation E (12 CFR 1005), if applicable, and as provided to the federal entity by Treasury. Among other things, the disclosures address the SVC cardholders’ responsibilities for protecting the SVC and mitigating damages from loss, theft, and fraudulent or unauthorized use of the SVC. The federal entity must obtain the necessary authorizations from the SVC cardholder, must provide any necessary disclosures, and must facilitate the collection of monies owed to the SVC funds pool by the SVC cardholder at any time after activation of the SVC. The federal entity should consult with the federal entity’s legal counsel to determine any federal entity-specific disclosure requirements associated with a particular SVC program. Treasury and its financial or fiscal agent must review any SVC program disclosures or other forms prepared by a federal entity before being disseminated.

9040.60—Residual Funds (Escheat)

Unclaimed balances on an SVC at expiration are identified as residual funds and, if possible, are returned to the cardholder systematically by Treasury’s designated financial or fiscal agent. If systematic return is not possible, the federal entity and Treasury initiate good faith efforts to locate and return residual funds greater than $10 to the authorized SVC cardholder. Should systematic or good faith return not be possible, residual funds greater than one year old are transferred to the Treasury trust fund receipt account “Unclaimed Moneys of Individuals Whose Whereabouts are Unknown” (see 31 U.S.C. § 1322) to be claimed with supporting documentation by contacting Treasury (see Contacts below). Refer to TFM Volume I, Part 6, Chapter 3000, for additional guidance on residual funds.

Contact Us

Detailed Contacts

Direct inquiries concerning this chapter and stored value card programs to:

Attn: Nadir Isfahani 
Bureau of the Fiscal Service 
Department of the Treasury

3201 Pennsy Drive, Building E 
Landover, MD 20785


202-874-5215 

 

For additional information on SVCs, visit the following websites:

Bureau of the Fiscal Service 
Stored Value Card 
EZpay 
EagleCash 
NavyMarineCash

 

For additional guidance for SVC programs used by the U.S. military:

See Department of Defense’s Financial Management Regulation (DoD FMR).