In 2016, the Federal Reserve Board’s internal watchdog said the organization does not have an adequate safeguards approach
The report, released Monday, highlights corrective action recommendations made to the board that have not yet been fully implemented. It also identified 18 open recommendations
The OIG report notes that resolving many of the issues identified could take significant time. Therefore, only information about recommendations that are at least six months old is made public.
The agencies are in the process of addressing all but one outstanding issue: a 2023 recommendation for the CFPB to develop a testing regime for its information security contingency plans. The CFPB has acknowledged the deficiency and plans to address it, the report said.
Representatives for the Fed and the CFPB declined to comment on the OIG’s findings. A spokesperson for the CFPB confirmed that the agency is working to implement all outstanding recommendations.
The 2016 recommendation to the Fed on internal security threats is the oldest outstanding issue. It was one of nine fixes required in an audit of the Fed’s information security program in November of that year. The report directed the Fed’s Chief Operating Officer to review security protocols and determine what measures might be appropriate for information that is sensitive but classified.
The board has indicated that it will take steps to implement the recommendation.
The report notes that separate recommendations are still outstanding from similar information security audits conducted in 2017, 2018, 2019, 2020, 2022 and 2023. Similarly, all eleven outstanding recommendations before the CFPB also related to information and data security.
Four open recommendations to the Fed stem from a 2023 audit of the Federal Open Market Committee’s trade and investment rules. These include calls for more uniform disclosure policies across the Federal Reserve System, processes for better authentication of financial disclosures, and a system for determining and enforcing consequences for individuals who violate the policy.
FOMC trading and investing has been an interesting topic
Last year, during a
“This is not strict supervision. In fact, it is not even competent supervision,” Warren said. “To everyone in the audience, it looks like you gave your boss a free pass, and that’s just not enough here.”
Oversight was another area with several outstanding recommendations. These touch on the Fed’s approach to third-party risk management and cybersecurity issues at the institutions it oversees, as well as its governance process around reviewing and approving supervisory proposals.
Two recent audits, the 2023 reviews of the material losses associated with the failure of Silicon Valley Bank and the oversight of Silvergate Bank – which chose to