Expands the main menu

Breadcrumb

Audit Reports

  • Image
Aug
26
2021
Report Number:
21-067-R21
Report Type:
Audit Reports
Category: Finance, Technology

U.S. Postal Inspection Service Oversight of Its Use of Cryptocurrency

Objective

Our objective was to evaluate the effectiveness of U.S. Postal Inspection Service policies and procedures for managing cryptocurrency in its law enforcement activities.

Cryptocurrency is a decentralized form of digital currency that uses a blockchain, or public ledger, to record transactions. The anonymity of cryptocurrency transactions and the significant fluctuations in the value of cryptocurrency create opportunities for abuse or theft when used during law enforcement activities. We evaluated the Postal Inspection Service’s use and seizure of cryptocurrency in cases closed in fiscal years (FY) 2019 and 2020. The Postal Inspection Service established the Cryptocurrency Fund Program (the Program) in 2017 to establish standards and policies to account for cryptocurrency transactions and reduce operational risk.

The (the Application) is the system used to account for cryptocurrency requested through the Program for use during an investigation, such as when an inspector purchases illegal narcotics through an online marketplace. In FYs 2019 and 2020, the Postal Inspection Service closed nine cases that used cryptocurrency managed under the Program. During this time, the Postal Inspection Service closed four additional cases in which postal inspectors seized cryptocurrency as evidence

Findings

Overall, we found that the Postal Inspection Service is sufficiently managing seized cryptocurrency by recording seized assets and collecting proceeds of sale. However, opportunities exist to improve its management of cryptocurrency used for investigative purposes.

Postal inspectors are not required to go through the Program to request cryptocurrency for investigative use. This occurs because the Program only supports of cryptocurrency. When an inspector does not use one of the of cryptocurrency managed under the Program, the funds are requested through the traditional investigative funds process. In these instances, it is the discretion of the team leader to inform the Cryptocurrency Fund Program manager (the Program manager) that some other type of cryptocurrency is being used for investigative purposes. However, this notification is not always done, and the Program manager does not have oversight of these cases. This limits the Program’s ability to effectively reduce the operational risk associated with cryptocurrency use.

We also found there are inaccuracies in the data in the Application’s Transaction Review Report. The purpose of the report is to show cryptocurrency transactions associated with a particular case. Because of the way the report obtains information from the Application, the report contains duplicate transactions and transactions unrelated to the case being queried. As a result of these data integrity issues, the Transaction Review Report cannot be used to accurately track and manage cryptocurrency transactions or to assist in validating the final balance of funds for each case.

Further, the Postal Inspection Service does not have a comprehensive cryptocurrency training program for postal inspectors. Internal guidance states that postal inspectors must be approved to conduct undercover operations and training must be completed prior to requesting cryptocurrency funds. However, the guidance does not specify what training courses should be taken or how frequently refresher training is required.

Because of the lack of standardized training, we found that two of the nine cases in our scope were only opened to support on-the-job cryptocurrency training. Postal inspectors used undercover identities and completed purchases during this training but did not comply with existing guidance. For example, postal inspectors transferred cryptocurrency between one another, which is prohibited by the guidance. Without a comprehensive training program, the Postal Inspection Service is at increased risk while using cryptocurrency to support investigations.

Finally, the Postal Inspection Service guidance does not include documented procedures related to certain aspects of the headquarters’ management of cryptocurrency. Specifically, there are no procedures in the guidance that detail the process for purchasing cryptocurrency for the national wallet which stores the Program’s cryptocurrency, the amount of cryptocurrency that should be maintained in the national wallet, how to reconcile transactions, or how to conduct an annual review of the account.

Documentation of internal controls provides a means to retain organizational knowledge, to ensure operational needs are met, and to minimize risk. By developing such procedures, the Postal Inspection Service will help ensure the program’s objectives will be met.

Recommendation

We recommended management:

  • Ensure that the Cryptocurrency Fund Program has the information needed to provide oversight of the investigative use of cryptocurrency.
  • Modify the to ensure duplicates and unrelated transactions are not included in the Transaction Review Report and that the report provides sufficient information to differentiate between transactions.
  • Develop a comprehensive cryptocurrency training program.
  • Develop written procedures for the management and oversight of the national wallet and its associated exchange account

Report Recommendations

# Recommendation Status Value Initial Management Response USPS Proposed Resolution OIG Response Final Resolution
1

Ensure that the Cryptocurrency Fund Program has the information needed to provide oversight of the investigative use of cryptocurrency.

Closed $0 Agree
2

Some or all of the recommendation is not publicly available due to concerns with information protected under the Freedom of Information Act.

Closed $0 Agree
3

Develop a comprehensive cryptocurrency training program.

Closed $0 Agree
4

Develop written procedures for the management and oversight of the national wallet and its associated exchange account.

Closed $0 Agree