CFPB Report: 2016-FMIC-C-001 January 19, 2016
Our objective was to assess the efficiency and effectiveness of the Consumer Financial Protection Bureau's (CFPB) process for identifying victims eligible to receive compensation from the Consumer Financial Civil Penalty Fund (CPF). In the context of this audit, efficiency refers to the resources used in the victim identification process and effectiveness refers to correctly identifying eligible victims. Our scope included the three cases in which identified eligible victims received fund distributions as of December 31, 2014.
As we began our audit, other organizations were also reviewing the CFPB's CPF. As such, we designed our project to minimize any duplication of efforts. Thus, our objective focused on the CFPB's process for identifying victims eligible to receive compensation from the CPF.
The CFPB regulates the offering and provision of consumer financial products or services under federal consumer financial law and can bring enforcement actions against those who violate the law. The CFPB or a court may require a defendant who has violated the law to remedy the harm caused to consumers (i.e., victims) by paying its victims for the harm it caused and, if applicable, by also paying a civil penalty.
The Dodd-Frank Wall Street Reform and Consumer Protection Act required the CFPB to establish the CPF and to deposit civil penalties that it collects into this fund. These civil penalty funds can be used for payments to any eligible victims who do not receive full compensation for their harm from defendants who harmed them.
Overall, our audit found that the CFPB's CPF victim identification process is generally effective and efficient. For example, we found that the Office of the Chief Financial Officer (OCFO) has established internal controls to facilitate the victim identification process and has implemented the procedures and guidelines set forth in the May 2013 Civil Penalty Fund Rule, which implements the applicable section of the Dodd-Frank Wall Street Reform and Consumer Protection Act.
During our audit of the CPF, we noted an opportunity to enhance the victim identification process. Specifically, we found that the OCFO has not documented the roles and responsibilities of the Office of Technology and Innovation (T&I) in the victim identification process. The victim identification process is data dependent and in some instances requires the involvement of T&I to produce preliminary lists of eligible victims.
We attribute the absence of documented roles and responsibilities for T&I to the recent establishment of the CPF program. The three cases we reviewed were the first cases that the CFPB had processed; the CFPB made its first allocations from the CPF in 2013, and payments to eligible victims were distributed in 2013 and 2014. Clearly documenting the roles and responsibilities of all parties involved in the victim identification process can help ensure that the information used to produce preliminary lists of victims is properly maintained and that the parties involved in the process can be accountable.
We suggest that the Chief Financial Officer, in coordination with T&I, update the OCFO's procedures to document the roles and responsibilities of T&I in the victim identification process. In his response to our draft report, the Chief Financial Officer concurs with our observation.
