With that, the "COR" for this isn't allowed to delegate her purchasing authority. I understand that may indeed be illegal, but I have a few questions.
1. Am I required to have every cardholder that would ever use this BPA, AF Form 4009 in my BPA file?
2. Is a BPA the appropiate vehicle for a requirement that could potentially lead to security risks?
I feel like there is a different solution for how this requirement is being met, but I cannot think of it and I rather seek advice here before going to my team lead and flight chief.
The Professor is going to contact you in order to get more specifics and therefore provide a more detailed and applicable response. However, for the general populous: The COR delegation and BPA ordering officer delegation are completely different. The authority to delegate a COR comes from FAR/DFARS 1.602-2(d)/201.602-2 whereas the authority to delegate BPA ordering officer authority comes from FAR 1.603-3(b) .
Open full Question Details
A COR directing personnel to use their Commercial Government Purchase Card to get additional keys is violating their authority (see FAR 1.602-2(d)(5). In addition, the contractor is also not following the terms and conditions of the BPA and therefore not in conformance. Technically, each call would be an unauthorized commitment. We say “technically” because this is a BPA and not a contract, the unit is using their CGPC, etc.
We are going to assume this is a FAR Part 13 BPA and not a BPA against a FSS. See FAR 13.303 for help in answering your question “Is a BPA the appropriate vehicle?” It’s an easy read and should help. After this, we recommend a meeting with your COR and Installation Security Personnel as a great place to start in determining if a BPA is the best purchasing approach.
Regarding your AF Form 4009 question; the answer unfortunately is “it depends”. It depends on factors that were not provided with the question. However, see AFI 64-117 for the formal guidance, although your local organization may have its own unique operating procedures.