Background Investigations Conducted by the United States Marshals Service
E&I Report No. I-2005-002
Office of the Inspector General
The USMS policies and procedures for conducting background investigations are out of date, incomplete, and, in some cases, unwritten. Adjudications and security approvals were not consistently thorough because they were based on files that were incomplete and may not have included all potentially derogatory information. In addition, the USMS used multiple databases that lack accurate and complete information needed to manage the background investigation program. Consequently, the USMS cannot track the time required to complete background investigations. The practice of granting security approvals without complete information increases the risk that the USMS may hire untrustworthy individuals for national security and public trust positions.
We found that the USMS generally complied with federal regulations requiring an investigation or waiver prior to placement in a national security or public trust position. However, the USMS does not have current, complete written operational policies and procedures for conducting its background investigation program. For example, we found that the USMS does not have a policy defining what information must be included in an investigation file before it can be adjudicated or specific procedures for adjudicators on completing investigation files that are missing information. The most recent policy guidance that the USMS could provide was a draft 2001 Policy Directive on Personnel Security that was intended to replace the 1995 USMS Security Policy and Procedures manual. However, neither the draft 2001 guidance nor the cleared 1995 guidance adequately addresses many aspects of the USMS background investigation process. USMS management told us that the 2001 draft policy was intended to replace cleared 1995 guidance, but that it had never been completed and officially adopted. A USMS official stated that policy formation takes a long time and that the draft policy is kept on the intranet as a “work in progress” and updated as issues develop.
USMS managers indicated that they follow policy guidance on background investigations that is provided by OPM and the Department through SEPS. With the exception of the 1995 and 2001 documents, we found no evidence that the USMS had prepared written guidance for its staff on how to implement OPM and SEPS policies to meet USMS personnel security requirements. In addition, USMS managers told us that they had implemented some changes without updating written policy, such as the transfer of authority from SEPS to USMS for completing all national security background investigations at the Top Secret and lower levels. Therefore, the existing written guidance becomes less useful each year.
We believe it is unacceptable for an organization of 4,000 employees and 12,000 contractors, with field offices nationwide, to rely on unwritten guidance for ensuring personnel security. Adding to our concern is the fact that the USMS background investigation program is decentralized, with two internal organizations and SEPS sharing management responsibility for conducting background investigations of different groups of USMS employees and contractors.
The impact of the lack of written policy and procedures on the USMS’s background investigation process is illustrated by weaknesses in the adjudication process. This process begins when the USMS adjudicator receives an OPM or USMS background investigation file. The file contains documents that the OPM or USMS investigator has collected or created for use in the adjudication. If the USMS adjudicators find that documents are missing, they search for the missing information and, in some cases, may obtain it through telephone calls. However, the adjudicators work without written guidance on what documents must be in a file for it to be considered complete enough for review, and there is no official checklist on which to record a file’s contents. Adjudicators also have no written guidance on how to document information that they obtain over the telephone when seeking information missing from a file. Therefore, each adjudicator uses discretion in determining the documents to be reviewed. Moreover, supervisors have no written guidance that defines the criteria and procedures for granting or denying security approvals or that explains what documentation is required for their decisions.
The USMS uses multiple databases that lack accurate and complete information to manage the background investigation process. The USMS relies on databases that are structurally inadequate and have an unacceptably high level of inaccurate or missing data. As a result of the poor quality, the USMS cannot use the databases effectively to monitor and assess its background investigation process, and because of these deficiencies we could use them only in a very limited way for our review. Databases are important tools for accumulating information, such as the entered-on-duty date and the timing of reinvestigations, on each USMS employee and contractor to facilitate monitoring activities. Databases can also assist management in tracking the names and job positions of personnel with security clearances. In addition, if the USMS had adequate databases, it could utilize them for evaluating its background investigations program. A description of the weaknesses in the databases used by the Human Resources Division and Judicial Security Division follows.8
Human Resources Division Databases for USMS Employees and Non-CSO Contractors
We examined the two databases created by the Human Resources Division to track background investigations of USMS employees and non-CSO contractors. In each of the two databases, current personnel records were incomplete, key event dates were inaccurate, and the overall structure did not allow significant regulatory and Department timeliness requirements to be tracked. For example:
Human Resources Division officials told us that until we requested the random sample of files, they had not been aware that contractors who were adjudicated in field offices had been erroneously included in the Human Resources Division database. They also explained that the quality of data on contractors is poor because field offices do not inform them of contractor personnel changes. Without a current and complete list of all current personnel over which the Human Resources Division has jurisdiction, the USMS cannot ensure that all its personnel have appropriate security approvals.
In addition to these defects in structure and accuracy in the two Human Resources Division databases, we found that they were not designed for more advanced program management and data analysis functions. For example, the databases did not identify instances in which the USMS received investigation files from OPM that were missing information. The databases also did not record the amount of time adjudicators spent processing each case.9
Judicial Security Division Database for Contract Court Security Officers
In contrast, the Judicial Security Division’s database for tracking the status of CSOs’ background investigations, medical suitability issues, and credit checks was current and complete. However, the system is not integrated with Operations Support and Human Resources Division personnel databases. Therefore, although the Operations Support and Human Resources Divisions have overall responsibility for personnel security, they do not have access to automated information on CSO background investigations.
The USMS generally complied with its policy requiring that field investigations be completed – or waivers issued – before employees and contractors entered on duty. USMS adjudicators generally met regulatory timeliness requirements for adjudicating the investigations it received. While the USMS did not ensure that the files were complete, its adjudicators addressed any potentially derogatory issues that were discovered during the field investigation. USMS field managers sometimes rejected adjudicators’ recommendations that candidates not be given security approval without explaining their actions in writing. In addition, a few of the reinvestigations that the USMS must conduct every five years on a large portion of its personnel were overdue. The background investigations of USMS employees managed by SEPS generally complied with regulations and Department policy, and the investigations and adjudications, while thorough, were consistently slow.
The USMS generally complied with its policy requiring that it complete field investigations before allowing employees or contractors to enter on duty.10 Under certain circumstances, the USMS issued a waiver that allowed an employee or contractor to begin work before the investigation was complete.
In our review, the USMS complied with its policy to complete the field investigation or issue a waiver for all but three of the employees and contractors whose files we examined. Files for 18 of the 66 employees and 20 of the 25 non-CSO contractors in our sample contained the information we needed to determine what steps the USMS had completed before the employees entered on duty. We found that the USMS had completed the required steps before 15 of the employees and 18 of the contractors entered on duty.11 Two employees and one contractor had entered on duty without a waiver after an OPM field investigation was completed but before the adjudicator’s recommendation was approved, a practice allowed by USMS guidance. All employees and contractors with national security clearances had completed background investigations before they entered on duty; none in our sample was hired with a waiver or an unadjudicated OPM field investigation. Table 4 summarizes our findings.
Table 4: Phase of Background Investigation Process Under Which
A USMS official explained that in the early 1990s, USMS field offices conducted field investigations and granted waivers. Beginning in 2000, OPM gradually started doing more of the field investigations for deputy marshals and the USMS granted fewer waivers. Currently, the USMS rarely grants a waiver for a new deputy marshal because hiring a deputy marshal on a waiver is considered too great a risk. The USMS waiver requirements include checks of prior employment, references, internal affairs records, and FBI fingerprint and name checks. A full OPM field investigation provides, in addition, a 7-year credit check, a check of residence and education, an in-person interview with the applicant, a review of prior federal background investigations and federal databases, a check of court records, and additional law enforcement checks. An OPM field investigation may also include in-person or telephone interviews with former employers, neighbors, and references.
Because there were too few recently hired deputy marshals in our sample to evaluate whether the USMS was following this policy of not allowing deputy marshals to enter on duty with just a waiver, we checked data in the USMS employee database.12 For the 366 most recently hired deputy marshals for whom information was available, we determined that in 352 cases, or 96 percent, OPM provided the USMS with a field investigation report before the deputy marshals entered on duty.13 Consequently, we concluded that the USMS appears to be following its policy.
USMS adjudicators generally meet regulatory timeliness requirements for adjudicating the investigations. There are no federal regulations requiring that field investigations be completed within a specified number of days. Insight into completion times can be gained from the categories OPM used until 2003 to charge agencies different rates for investigations completed within different time frames: 35, 75, or 120 days.14 The average OPM field investigation completion time for the employees in our sample was 96 days and for contractors in our sample, 104 days. When we asked OPM about the timeliness of its field investigations, OPM responded that even priority field investigations now average 175 days, as OPM has had difficulty responding to the sharp increase in demand for field investigations governmentwide.
Once a field investigation is completed, Executive Order 10450 requires that adjudications be completed within 90 days.15 We found that USMS adjudicators generally met this requirement, with an average completion time of 75 days for employees in our sample and 86 days for contractors.
USMS adjudicators addressed potentially derogatory issues, but the USMS did not ensure that the investigation files were complete. We examined two aspects of the thoroughness of the USMS’s background investigation process: whether the files were complete and whether the adjudicators addressed any potentially derogatory issues that could have a negative effect on an applicant’s suitability for a national security or public trust position. During our review, we found files that were missing required documentation. Some of those files contained statements that OPM had not and would not attempt to obtain the missing information. We conducted a separate analysis of the background investigation files of employees who had been cited at a later time for misconduct and found that their files were more likely to have been incomplete than those of the employees in our general sample. We also found that although the USMS was not consistently thorough in completing background investigation files, the USMS adjudicators were thorough in addressing potentially derogatory issues that surfaced during the background investigation process.
Completeness of files. We examined the files of 66 employees and 23 non-CSO contractors to see whether they contained either the documentation required by OPM regulations and Department guidance or references to that documentation indicating that the regulations and guidance had been followed.16 We checked the files for the following information:
We found that of the 89 employee and contractor files that we reviewed, 17 files did not include basic required documentation such as fingerprint checks, references from prior employers, and internal affairs checks from prior law enforcement positions. Human Resources Division officials told us that when they receive incomplete investigation files from OPM, the adjudicators attempt to obtain the missing documentation necessary for conducting an adjudication because they believe that would be faster than returning the incomplete files to OPM. Even with the adjudicators’ efforts, 9 (14 percent) of the 66 employee background investigation files in our sample lacked required documentation. Four of the nine files contained statements from OPM saying that it had not obtained and would not attempt to obtain required information, including fingerprint checks and interviews with references. For non-CSO contractors, we found that OPM closed 8 (35 percent) of the 23 cases without obtaining required information. In four of those eight cases, OPM noted that responses to inquiries sent to references or requests for employment records had been "undeliverable"; in the other four cases, the information was missing without an explanation.
We also checked a separate sample of background investigation files for employees who incurred sustained misconduct charges to ascertain if there was a correlation between incomplete background investigations and misconduct. To create this sample, we selected 28 employees listed in the OIG Investigations Division’s records as having committed misconduct, in most cases involving violence or threats, and obtained their background files. Of these files, 21 (75 percent) were missing at least one document. We took special note of the 19 deputy marshals among the 28 employees in this sample. Nine (47 percent) of these deputy marshals’ background investigation files contained no evidence that the investigator or the adjudicator performed the required checks of the internal affairs records at the applicants’ most recent law enforcement employers. Overall, the background investigation files of employees with misconduct charges were missing more documentation than those of USMS employees in our general sample. An incomplete file increases the possibility that the adjudicator will not be aware of all potentially derogatory issues in making a security approval recommendation.
Several USMS and SEPS officials raised concerns with us about the completeness of OPM field investigations. Their perception was that the completeness of field investigations was deteriorating because OPM did not provide adequate training and quality assurance monitoring for the new staff its contractors were hiring to cope with the increased demand for background investigations. When asked why they did not address completeness issues with OPM, the USMS and SEPS officials stated that they are part of relatively small entities and do not have leverage to influence OPM standards. When we asked the OPM Customer Service Group Chief about any problems with the completeness of investigations, he stated that OPM was not aware that the USMS had an issue with completeness and that problems should be brought to OPM’s attention. He stated further that the rising demand for background investigations has created problems for OPM’s contractors in recruiting and training staff. He said that OPM does conduct quality assurance reviews and that OPM expects that the experienced Department of Defense adjudicators being transferred to OPM in 2005 will also improve background investigations.
To further review the completeness issue, we compared the background investigation files of deputy marshals in the misconduct sample with those of the deputy marshals in our general sample of employees. We found that internal affairs checks were missing in 3 (12 percent) of the 26 files of the deputy marshals in the general employee sample compared with 9 (47 percent) of the 19 files for deputy marshals with sustained misconduct charges. We found that the Lautenberg statement was missing in 10 (38 percent) of the 26 files of the deputy marshals in the general employee sample compared with 12 (63 percent) of the 19 files for deputy marshals with sustained misconduct charges. Our data suggest that when the background investigation file is incomplete, the risk is greater that a security approval will be issued to an employee who subsequently engages in misconduct.
Derogatory issues addressed. The second aspect of thoroughness we examined was whether the USMS adjudicators applied OPM guidelines on evaluating potentially derogatory issues. These guidelines require adjudicators to analyze the type of position the applicant is to hold, the nature and seriousness of the derogatory issue, the length of time since it occurred, the circumstances that contributed to or mitigated the issue, and the assistance sought by the applicant in resolving the issue.18 In our sample review, we found that for all 84 files with completed USMS adjudications, the adjudicators followed OPM guidelines when addressing the potentially derogatory issues that had been documented.19 For example:
USMS field managers sometimes requested that the Human Resources Division set aside adjudicators’ recommendations that candidates not be given security approval and did not provide written justifications. In reviewing the 28 background investigation files of employees who had sustained misconduct charges, we found that the adjudicators had recommended that 3 of the employees not be granted security approval. In each of these cases, a Human Resources Division supervisor added a memorandum to the file presenting an argument that the derogatory information was not sufficiently serious to justify denying the individual a security approval. In all three cases, after security approval was granted the employees committed misconduct that resulted in discipline or removal.
When we asked about these cases, a senior Human Resources Division official said that he had received verbal pressure in at least one of these three cases from a high-level field manager and, in response, had written a memorandum arguing that security approval be granted despite the adjudicator’s negative recommendation. He stated that it was not uncommon to receive input, usually by phone, from people outside his office who seek to influence decisions by the Human Resources Division on particular employees or applicants. This influence often comes from a U.S. Marshal in a district office who knows the applicant or employee personally. Unlike the files of those later cited for misconduct, the files in our general sample of 89 employees and contractors contained no Human Resources Division adjudicator recommendations against security approval. Of these 89 cases, none had sustained allegations involving violence or threats, criminal behavior, or other serious misconduct.20 In one case, the adjudicator had made a recommendation for a temporary downgrade, which was still under consideration at the time of our review.
A few of the reinvestigations that the USMS is required to conduct every five years on a large portion of its personnel were overdue. USMS policy requires that it initiate reinvestigations every five years of employees and contractors in national security positions and of employees holding high- and moderate-risk public trust positions. This means that virtually all of its 4,000 employees and an undetermined number of contractors with national security duties must be reinvestigated every five years. In our sample of 66 files, we found only 2 instances in which reinvestigations were overdue.
In our general sample of employees, 54 of the 66 employees had worked for more than five years, and therefore required reinvestigation at least once. Of the 54, 47 (87 percent) had been reinvestigated within the required time, 5 (9 percent) had investigations that were more than five years old and had reinvestigations in progress at the time of our review, and 2 (4 percent) were overdue and had no reinvestigations in progress. In one of these two instances, the employee was in a national security position and the reinvestigation was two years overdue. In the other instance, the employee was in a moderate-risk public trust position and the reinvestigation was one year overdue. A USMS official stated that 18 reinvestigations currently were overdue, not just the 2 in our sample. He said that most of the cases were employees without national security clearances who were reluctant to submit the required documentation and often had to be asked repeatedly to do so, even to the extent of getting their supervisors to put pressure on them to complete this task.
Of the 25 contractors in our sample, 6 had worked more than five years. Five of the contractors were in public trust positions, not national security positions, and the USMS was not required to reinvestigate them regardless of how long they had held their positions. One was in a national security position and had a current background investigation at the time he resigned.
We specifically looked at two areas where delays in initiating reinvestigations might have serious consequences: instances involving employee misconduct and instances in which security clearances lapse. In the first area, we found that a higher percentage of employees with sustained misconduct charges were overdue for reinvestigation than employees in our general sample. In our sample of 26 employees with sustained misconduct charges, 5 (19 percent) had been overdue for reinvestigation at the time the misconduct occurred. In six cases (23 percent), employees with two or more sustained allegations of misconduct during the previous five years were overdue for reinvestigation, indicating that although the USMS had reason to believe employees had problems, it had not pursued reinvestigations on a timely basis. In five of these six cases, issues related to later misconduct had already been identified at the time of the last investigation, and in the remaining case an allegation directly related to the misconduct had already been investigated but not substantiated. This pattern may indicate that the USMS is not tracking and placing priority on the reinvestigation of employees with identified behavioral problems.
In examining the second area of consequences resulting from delayed reinvestigations, we asked USMS managers what they do when a security clearance expires and the reinvestigation has not been completed. They told us that they take the necessary steps to initiate reinvestigations, but will not suspend a clearance unless the holder of the clearance failed to submit an application for reinvestigation. Of the 54 employees subject to reinvestigation, 32 had received a national security clearance. Four (13 percent) of these 32 employees were working with expired security clearances – their reinvestigations were incomplete or not yet begun. When asked whether these four employees were in positions that required access to national security information, the Chief of Human Resources Services stated that they were not. The file of one employee with a current reinvestigation showed that access to a secure database had been terminated when the previous clearance expired.
The background investigations of USMS employees managed by SEPS complied with regulations, and the field investigations and adjudications, while slow, were consistently thorough. SEPS managed the background investigation process for 127 USMS employees, including political appointees, attorneys, and other designated positions. SEPS relied on the FBI rather than OPM to conduct the field investigations. SEPS officials informed us that it is their policy to allow these applicants to enter on duty with a waiver and to complete the background investigation process after they begin work. We noted that of the 14 random sample employees for whom the SEPS investigation was their first at the USMS, all had a completed FBI investigation as well as a waiver before they entered on duty, which exceeds requirements. The FBI field investigations in our sample averaged 115 days to complete. The SEPS adjudications exceeded the 90-day timeliness requirement, averaging 180 days to complete.
The FBI investigations were consistently thorough. Of the 26 files we reviewed, less than 10 percent were missing credit check authorizations or evidence that routine law enforcement database checks had been conducted. The remaining documentation was complete, and FBI investigators consistently followed up on potentially derogatory issues raised through document checks and interviews with associates.
SEPS adjudications also consistently addressed potentially derogatory information identified during investigations. In the 26 sample case files we reviewed, 16 (62 percent) contained potentially derogatory issues, most often related to financial problems or lawsuits filed against U.S. Marshals when they served in a prior official law enforcement capacity. The adjudicator addressed the financial issues or lawsuits and determined that the issues were resolved, settlements were reached, or the applicant was not personally responsible for the issues raised in the lawsuit. We found no political appointees or attorneys in the misconduct cases we reviewed.
In accordance with its policy, the USMS initiated the background investigation process before CSOs entered on duty and prohibited CSOs from starting work before at least an interim approval was issued. We found, however, that the Judicial Security Division issued interim approvals to CSOs based on incomplete information. Documentation, including criminal history-related information, was missing from some of the background investigation files for CSOs whose hiring had been approved. For approximately half of the CSOs we reviewed, the Judicial Security Division did not obtain credit checks. In addition, the Judicial Security Division did not verify medical suitability in cases where it requested additional medical information. Although CSOs served in law enforcement positions and carried firearms, the Judicial Security Division decided as a policy matter not to reinvestigate them routinely.
The USMS complied with its policy requiring it to initiate the background investigation process before CSOs entered on duty. The USMS policy governing the hiring of CSOs differs from the policy that applies to USMS employees and non-CSO contractors. The CSO policy requires that the Judicial Security Division initiate the background investigation process before a CSO enters on duty. If the process cannot be completed before the CSO is needed on the job, the Judicial Security Division must assess a subset of the documentation required for a background investigation to determine whether an interim approval can be issued to allow the CSO to begin work while the background investigation proceeds.
For the 33 CSOs in our sample, the Judicial Security Division initiated 32 investigations before the CSOs entered on duty and completed the background investigation process for 26 of them. The files for the six remaining CSOs contained interim approvals. One file – that of a CSO hired in 1985 – showed that the background investigation process was not initiated and that no interim approval had been issued at the time of his hiring, although that background investigation was subsequently completed within the year.
The Judicial Security Division issued interim approvals to CSOs based on incomplete information. USMS policy requires that the following information be included in a CSO’s background investigation file before the Judicial Security Division considers issuing an interim approval:
We found that the Judicial Security Division issued some interim approvals without obtaining all of the required information. Of the six interim approvals that Judicial Security Division granted to CSOs in our sample, all were missing a recommendation from the previous supervisor, and four were missing at least one of the other required documents listed above.
Field investigations were slower than required by Judicial Security Division policy, but adjudications were consistently timely. USMS Directive 10.38 states that a CSO background investigation must be conducted within 21 days after the request is received at the district office. In our sample, deputy marshals averaged 63 days to complete the investigation. We found the adjudications conducted by the Judicial Security Division averaged 68 days. When we asked about the slow investigations, Judicial Security Division management acknowledged that the time required to complete investigations varies by district due to size and resource differences. In addition, investigations of applicants with long careers, and particularly those with military service, require more time.
Required documentation was missing from CSO background investigation files. In reviewing 33 CSO files, we considered a file thorough if it contained the documentation required by the USMS listed in Table 5 and the documentation itself was complete. We also considered a file thorough if a document was missing but written evidence in the file showed it had existed (for instance, a note to the file documenting the date that an FBI fingerprint or name check was completed).
Table 5: Required Documents for CSO Field Investigations
We regarded documents related to criminal history and misconduct most important because the CSOs serve in law enforcement positions. Our sample review indicated that required documents related to criminal history such as FBI fingerprint checks, Lautenberg statements, and internal affairs checks – were missing from about a quarter to about a third of the 33 files:
We also found instances in which required documentation was present but incomplete. For example, the personal qualification statement (USM 234) was present and filled out in 94 percent of the files, but eight of the statements (26 percent) had no date, and three (10 percent) had forms on which the date, signature, or both had been taped over or “whited out.” A Judicial Security Division official confirmed that the form should be dated at the time it is submitted and said Judicial Security Division managers were unaware of the omissions. Neither we nor the Judicial Security Division could identify any advantage that the Judicial Security Division, the contracting organization, or the applicant gained from these omissions and changes. Undated documents, however, are not valid, and deleting a signature is of particular concern if the form authorized inquiries into personal information (for example, medical and credit checks) or affirmed that the information provided was true. We concluded that some files in our sample did not provide legal authorization for personnel inquiries or affirmations that the applicants had provided truthful information for the background investigation.
Furthermore, the Judicial Security Division did not consistently follow its policy for conducting credit checks and verifying medical suitability. For approximately half of the CSOs in our sample, the Judicial Security Division did not obtain credit checks as required by USMS Directive 10.39(9). Of the 33 files we reviewed, only 16 (48 percent) files contained evidence that a credit check had been conducted. Those credit checks had been performed at the district level, not at the headquarters level. A Judicial Security Division manager said that the USMS relies on the financial information applicants provide on the USM-234 form and follows up with credit checks if applicants disclose significant financial problems, such as bankruptcy.
We also determined that Judicial Security Division management does not consistently follow up on issues raised by the medical suitability reviews used to assess whether applicants are physically capable of fulfilling CSO responsibilities. In our sample of 33 files, 18 (55 percent) referred to medical issues that required additional information to meet Judicial Security Division standards. Each contained a memorandum to the prime contractor requesting additional medical information, but only 9 of the 18 files contained a memorandum from Judicial Security Division management certifying that the CSO was medically suitable for a CSO position. Although Judicial Security Division officials reported that they reject CSO applicants most often for medical reasons, we could find no evidence that they followed up on the medical issues in half of our sample files for which the Judicial Security Division requested additional medical information.
Although CSOs serve in law enforcement positions and carry firearms, the Judicial Security Division does not routinely reinvestigate them. Neither regulations nor Department policy requires routine reinvestigation of contractors in public trust positions. However, CSOs carry firearms, protect judges, and have unescorted access to court facilities. The Judicial Security Division currently reinvestigates CSOs only if it becomes aware of misconduct issues that required disciplinary action. The Judicial Security Division’s data showed that 2,208 (51 percent) of its current 4,323 CSOs had been employed for five or more years. See Table 6 for details on the length of CSOs’ service. We believe that CSOs should be reinvestigated routinely every five years to ensure that USMS can identify issues that could lead to misconduct.
Table 6: CSOs' Length of Service