The Department of Homeland Security (DHS) Office of Inspector General (OIG) recently published an audit that reviewed the U.S. Coast Guard’s (USCG’s) oversight of the TWIC program (the Audit). Among other things, and relevant to the future application of the Transportation Worker Identification Credential (TWIC) Reader Rule at affected facilities, the Audit found that:
- DHS Failed to Complete the Required TWIC Assessment – Because DHS did not complete an assessment of the security value of the TWIC program as required by law, the USCG does not have a full understanding of the extent to which the TWIC program addresses security risks in the maritime environment.
- The USCG Did Not Provide a Clear Definition of “CDC Facility” – The USCG did not clearly define the facilities that have Certain Dangerous Cargo (CDC) in bulk, and would thus be subject to TWIC reader requirements, when developing the TWIC Reader Final Rule.
- The USCG Should Revise the TWIC Reader Rule Risk Analysis – When developing the TWIC Reader Final Rule, the USCG’s risk analysis methodology did not establish a minimum threshold of CDC quantities or consider other contributing factors that would pose a significant risk at a facility – which may include the geographic location of CDC within a facility’s MTSA footprint and population densities surrounding a facility.
- The USCG Lacks TWIC Program Oversight – The USCG does not perform security inspections uniformly across MTSA-regulated facilities and needs to improve its oversight of the TWIC program.
The Audit recommended that:
- DHS Complete the Required TWIC Assessment – The OIG recommended that DHS complete the required TWIC program assessment to evaluate the security value of the TWIC program.
- DHS concurred with the recommendation and provided an estimated completion date of April 30, 2019. DHS acknowledged that the Transportation Worker Identification Credential Accountability Act of 2018 prohibits it from implementing or revising the TWIC Reader Final Rule, except to extend its effective date, until 60 days after DHS submits this assessment to Congress.
- The USCG Provide a Clear Definition of “CDC Facility” – The OIG recommended that the USCG clearly define the applicable facilities that have CDC in bulk and which must implement use of electronic TWIC readers as an access control measure.
- The USCG concurred with the recommendation and provided an estimated completion date of March 30, 2020. The USCG stated that the required TWIC program assessment, as well as Transportation Security Administration and congressional feedback concerning the results, could affect the its definition of applicable CDC facilities.
- The USCG Use Electronic TWIC Readers at Facility Inspections – The OIG recommended that the USCG improve use of electronic TWIC card readers during inspections at regulated facilities by procuring new TWIC card readers.
- The USCG concurred with the recommendation and provided an estimated completion date of March 31, 2019. The USCG is in the process of acquiring new TWIC readers to enable field inspectors to conduct electronic TWIC inspections at MTSA-regulated facilities in 2019.
- The USCG Revise the TWIC Verification and Enforcement Guide – The OIG recommended that the USCG revise and strengthen its TWIC Verification and Enforcement Guide.
- The USCG concurred with the recommendation, and the OIG established an estimated completion date of September 30, 2021. The USCG acknowledged that revising and strengthening the TWIC Verification and Enforcement Guide will require a formal rulemaking and must incorporate stakeholders’ input after completion of the required TWIC assessment.