Log In

Reset Password

Report finds ‘multiple violations’ of law and codes over Covid contract

Heather Thomas, the Auditor General (File photograph)

An examination by the Auditor-General found “multiple violations” of law and a code of practice when a government contract for travel authorisation was awarded and delivered during the Covid-19 pandemic.

Heather Thomas released a report that said the Government was “innovative and nimble” during the crisis.

David Burt, the Premier and Minister of Finance, said last night that his initial review of the document revealed “a number of factual errors and incorrect inferences”.

The Auditor-General’s findings noted: “There are long-existing legislations, tools, policies and procedures in place to ensure transparency and accountability of public officers. However, many of these tools and guiding principles were simply ignored.

“Multiple violations of the law and the Code of Practice for Project Management and Procurement in the awarding, development, implementation and operation of the Electronic Travel Authorisation Portal and the processing and collection of revenues generated by the use of this facility.

“No competitive bids were pursued, and other established guidelines were breached or simply ignored, resulting in private-sector service providers in Bermuda being able to commence the provision of service with only verbal agreements, rather than properly executed contracts in place.

“Even when contracts were eventually executed, they were not executed in accordance with the Code of Practice for Project Management and Procurement, the Public Treasury (Administration and Payments) Acts 1969, or Financial Instructions.”

Ms Thomas’s report, Government of Bermuda’s Response to Covid-19: Travel Authorisation, said: “The pandemic required urgent action by governments while balancing accountability and transparency relative to the activities undertaken.

“This report focuses on the Government of Bermuda action taken between March 2020 and November 2022 as it pertains to the implementation of its Covid-19 measures relating to travel to Bermuda by air, cruise or yacht and recognise[s] the outstanding response of many public servants and those of the Ministry of Health and others contracted to support the Government’s initiatives.

“They showed personal sacrifice, courage and resilience. They also demonstrated the Government could be innovative and nimble.”

The report listed a total of three government contracts with resPartner Ltd, which Ms Thomas said was “co-owned by a consultant to the Government on fintech-related matters” — Denis Pitcher, not named in her report — who made known his conflict of interest in a letter to the Cabinet Office.

They included agreements for the scheduling of tests and a lab portal; a travel authorisation portal; and a pandemic solution that combined these elements along with a Covid-19 vaccination portal.

The report noted that an electronic travel authorisation form was introduced in July 2020 for arrivals to Bermuda, with a fee of $75 and later reduced to $40.

It said procedures for securing goods or services for the Government were set out in the Code of Practice for Project Management and Procurement.

The report explained that the Department of Information and Digital Technologies did not have the expertise or resources to develop an application for travel authorisation in-house so the Government looked to hire an external provider.

It said: “The Code of Practice provides provision for waivers and emergency procedures for the acquisition of goods and services … these waivers and procedures were not sought with respect to the acquisition and/or implementation of the Government’s Travel Authorisation Portal.”

The report added that “it was eventually determined by the decision makers that the most efficient and quickest way to design and implement the Government’s Travel Authorisation Portal would be to use the same external vendor who had been contracted to build the scheduling, testing and lab portal to support the original Covid-19 drive-through testing”.

It said that the need to integrate services meant "it was determined that a single vendor would be best positioned“ to deliver a ”central data repository of travellers’ health and symptom reporting, Covid-19 testing and lab result reporting”.

The report noted that the Ministry of Health applied for a retroactive emergency single-source waiver but the Acting Director of the Office of Project Management and Procurement “responded that she did not have authority to approve the single-source waiver” because the relevant section of the code “had not been adhered to or complied with”.

It said: “In spite of the position taken by the Acting Director of OPMP, the contract for the provision of the Government’s Electronic Travel Authorisation Portal was retroactively approved by Cabinet, on November 10, 2020.”

Subsequent review, negotiation and renewal of the contract later took place, it added.

Premier aimed to clarify involvement in resPartner introduction

David Burt told parliamentary colleagues that he was “falsely accused” of having an interest in resPartner, the Auditor-General’s report said.

The examination found that he recommended a different option for similar services, which was not chosen by the Ministry of Health.

Heather Thomas, the Auditor-General, said in her report: “On May 24, 2022, the Premier and current Minister of Finance advised Cabinet that he has been falsely accused in public narrative of having an interest in the local vendor resPartner Limited and of having engineered the original contract award between the Government and the vendor.

“The Premier had sought to clarify that ‘he had in fact only effected an introduction of the Ministry of Health team to the company's principal in the midst of the pandemic, recognising the urgent need for the IT service and the principal's skill set in this regard’.

“The Premier further explained that this introduction came with a recommendation for an alternative solution, which was subsequently not selected by the Ministry of Heath team.

“The Premier stressed that the relationship with the vendor was predominantly residing with the Ministry of Health.

“The alternative solution the Premier was referring to was a separate contract that he had signed involving another distinct vendor.“

The report said that requirements set out in the Code of Practice for Project Management and Procurement were not followed in relation to two of the contracts – for the laboratory and travel authorisation portals, both approved by Cabinet retroactively.

A screenshot from a Government of Bermuda instructional video, dated October 2021, for completing a Travel Authorisation form.

The report said: “A review of the Government’s financial records indicated that total invoice payments made to the vendor from inception to October 2022 for the design, implementation and operation of the Travel Authorisation Portal amounted to over $6 million.

“Revenue generated and collected for the use of the Travel Authorisation by travellers to Bermuda from inception to October 2022, amounted to approximately $21 million, contributing a significant amount of revenue source to the Government’s Consolidated Fund account.

“While this appears to be a significant revenue stream for the Government, it should be noted that the contract term was due to expire on March 31, 2023.”

Government ʽnot yet addressed’ secure storage of personal information

The Auditor-General highlighted the issue of data privacy in her latest report.

In it, Heather Thomas wrote: “It is worth mentioning that the Travel Authorisation Portal retains travellers’ personal and health information for an extended period as the Government has not yet addressed the steps that will be taken to safely store and safeguard this information that currently resides with the vendor.

“All residents of and travellers to Bermuda have the right to informational privacy, including the expectation that personal and health information as part of the requirements to travel to Bermuda, will be safeguarded and safely stored with access limited on an as-needed basis only to persons with legitimate reasons, or who have been given legitimate and controlled access to this information.

“In Bermuda, the protection of personal information is enshrined in the Personal Information Protection Act 2016.”

Details about a service agreement with another vendor, BPMS Ltd, were also included in the report.

Ms Thomas said in a statement later: “Covid-19 presented an unprecedented challenge for most governments; there are opportunities to capture these lessons and insights that can feed into stronger crisis preparedness programmes and policies for Bermuda’s citizens and residents.”

Mr Burt said last night: “The Auditor-General plays an important role in our system of Government.

“It is important that reports published by the Auditor-General are factual and can be relied upon by the legislature and the public.

“Unfortunately, my initial review of this report shows a number of factual errors and incorrect inferences which could have easily been clarified if the Office of the Auditor-General would have reached out for clarification in advance of publication.

“Notwithstanding that, now that this report has been published, I will address matters in relation to this report in the House of Assembly through the established channels to ensure that the dignity and integrity of the important Office of the Auditor-General is respected.

“This report discusses actions taken by the Government while addressing a once-in-a-century pandemic taken to protect the health of residents while trying to find ways to address the severe economic and financial challenges.

“It is recognised, accepted and has been stated by Cabinet that in some cases, given the urgent need to address critical matters on an often expedited basis, not all of the standard steps were followed.

“These matters were subject to review and appropriate corrective action taken.”

• To read the report in full, click on the PDF under “Related Media”.