Message From the Inspector General
In thinking about the work we have done over the last six months, I take pride that we have been pursuing the right initiatives and providing the right leadership on important issues, such as information security. In addition to critical, statutory work, such as audits of financial statements and information security, we have taken unique approaches on risks specific to the Board of Governors of the Federal Reserve System (Board) and the Consumer Financial Protection Bureau (CFPB). As we move forward, we will continue to adapt our approach to provide value and insight that promotes agency improvement.
We have collaborated with our information technology audit colleagues in the Inspector General community to develop a maturity model to assist Inspectors General in determining the effectiveness of information security controls as part of reviews required by the Federal Information Security Modernization Act. This group created an innovative maturity model for information security continuous monitoring—a priority area for the Administration—that provides information on the effectiveness of information security controls as well as a common framework to measure and benchmark information security progress across the government. Building on its success, we will continue to work with our information technology audit colleagues in the Inspector General community to expand the maturity model to other information security areas.
In addition to information security, our audits and evaluations have looked at supervision, financial management, and internal controls, while our investigations have adapted to cases particular to the banking regulatory environment. For example, one evaluation identified additional opportunities for the Board to further strengthen its supervisory stress testing model validation and governance practices. We also audited the CFPB's space-planning activities and found that the CFPB could benefit from implementing a process to manage information about its evolving space needs. And we reviewed the CFPB's Civil Penalty Fund victim identification process.
As mentioned above, we have tailored our investigations to fit the unique regulatory environments of the Board and the CFPB. In addition to important investigations surrounding employee misconduct or the leak or conversion of financial intelligence, our investigations focus on direct fraud against the programs and operations of the Board and the CFPB. Supervision and regulation are critical programs of both agencies. Misrepresentations, lies, obstruction, and false data provided to examiners, directors, and others detrimentally affect the Board's and the CFPB's ability to carry out their programmatic responsibilities. We have strengthened our efforts with agency staff and law enforcement partners to collaborate on early fraud referrals to detect and deter criminal activity designed to conceal misconduct from regulators and obstruct the oversight process.
We continued our outreach and engagement with the Board and the CFPB, which is one of our strategic plan goals. We opened our New York field office and developed the framework for a more formal outreach program that will be initiated in 2016.
Looking forward, we will continue to develop new ways to zero in on important work that will help the programs and operations of the Board and the CFPB. As we continue to explore these areas, I would like to thank our staff for their hard work, dedication, and commitment to our mission, and I would like to thank the Board and the CFPB for their continued cooperation and support.
Sincerely,
/signed/
Mark Bialek
Inspector General
April 29, 2016
Highlights
The Office of Inspector General (OIG) continued to promote the integrity, economy, efficiency, and effectiveness of the programs and operations of the Board of Governors of the Federal Reserve System (Board) and the Consumer Financial Protection Bureau (CFPB). The following are highlights of our work during this semiannual reporting period.
Audits, Evaluations, and Inspections
Supervisory Stress Testing Model Validation. Overall, we found that the Board has demonstrated its commitment to continuous improvement by identifying enhancements to supervisory stress testing model validation and governance as a result of internal reviews. We also identified additional opportunities to further strengthen the Board's model validation and governance practices, such as enhancing the controls around changes to models that occur late in the supervisory stress testing cycle.
The CFPB's Space Planning. We identified controls that the CFPB's Office of the Administrative Officer is using to plan for CFPB headquarters office space; however, we found that the CFPB could benefit from implementing a process to manage information about its regional space needs and associated costs.
NBRS Financial's Failure. Our review of the Federal Reserve Bank of Richmond's (FRB Richmond) supervision of NBRS Financial, a failed state member bank, did not reveal any opportunities for the Reserve Bank to have taken stronger supervisory action sooner. The review did result in one finding related to the potential fraud and insider abuse risks presented by dominant management officials.
The Board's Information Security Program. Overall, we found that the Board's Chief Information Officer has developed, documented, and implemented an information security program that is generally consistent with the requirements established by the Federal Information Security Modernization Act of 2014 (FISMA). We identified opportunities for improvement in the areas of information security continuous monitoring (ISCM), configuration management, and identity and access management. We also completed a system security control review of the Board's Statistics and Reserves System (STAR) and identified improvements needed in security controls and the Board's information security program.
The CFPB's Information Security Program. The CFPB continues to mature its information security program and ensure that the program is consistent with FISMA; however, we identified improvements that are needed in the areas of ISCM, configuration management, incident response and reporting, security training, policy management, and remote access. Our report includes two recommendations to strengthen the CFPB's information security and remote access management.
Financial Statement Audits of the Board and the Federal Financial Institutions Examination Council (FFIEC). We issued the financial statement audits for the Board and the FFIEC, both of which received "clean," unmodified opinions. The Board also received a "clean," unqualified opinion on internal control over financial reporting. We contracted with KPMG LLP, an independent public accounting firm, to conduct the audits, and we oversaw its work.
Investigations
Former Federal Reserve Bank of New York Examiner and Former Investment Bank Associate Plead Guilty to Theft of Confidential Information From the Federal Reserve Bank of New York (FRB New York). A former Goldman Sachs associate and a former FRB New York bank examiner were sentenced after pleading guilty in November 2015 to theft of confidential information from FRB New York.
Former Federal Reserve Bank Examiner Found Guilty of Making False Statements. A former Federal Reserve bank examiner was indicted and found guilty of failing to disclose to the Federal Reserve Bank of San Francisco (FRB San Francisco) on his annual conflicts of interest disclosure form that he was the director of a corporation looking to buy a bank in San Francisco. He was also found guilty of making false statements to influence the Federal Deposit Insurance Corporation (FDIC).
Former President and Chief Executive Officer (CEO) of Farmers Exchange Bank Charged With Theft by a Bank Employee, Obstructing Examination of Financial Institutions, and Bank Fraud. A former President and CEO of Farmers Exchange Bank was charged with one count each of theft, embezzlement, or misapplication by a bank employee; obstructing examination of a financial institution; and bank fraud. The investigation determined that the defendant used at least $500,000 of bank funds to make equipment and automobile purchases for personal reasons. The defendant recorded the expenses in general ledgers at the bank as entries (e.g., supplies) to make it seem that they were legitimate expenses.
Former Stearns Bank Official Sentenced to 30 Months and Ordered to Pay $13 Million in Restitution for Making False Bank Entries. A former bank official of Stearns Bank National Association of St. Cloud, Minnesota, and officer for Stearns Financial Services, a bank holding company regulated by the Board, was sentenced to 30 months in prison, three years of supervised release, and $13 million in restitution. The defendant created false entries that caused Stearns Bank to buy nonexistent receivables from two student loan companies. Through these entries, Stearns Bank provided significant funds to the companies. Stearns Bank ultimately sold the portfolio of accounts receivable to another bank, which consequently suffered losses of approximately $13 million.
Wilmington Trust Corporation (WTC) Added as Defendant in a Superseding Indictment. WTC, a state member bank supervised by the Board, was added as a defendant to the indictment already pending against four former WTC senior executives. The 19-count superseding indictment charges the defendants with making false statements to the Board and the U.S. Securities and Exchange Commission (SEC) in securities filings. WTC, through the actions of the charged senior executives, concealed the truth about the health of its loan portfolio from the SEC, the investing public, and WTC's regulators.
Former Owner of Mortgage Relief Assistance Business Sentenced to 70 Months and Over $236,000 in Restitution for Mail Fraud and Aggravated Identity Theft. The former owner of several illegitimate mortgage relief assistance businesses was sentenced to serve 70 months in prison and three years' probation, and to pay over $236,000 in restitution, for one count of mail fraud and two counts of aggravated identity theft. This sentence stems from a scheme to defraud homeowners facing foreclosure. The defendant defrauded distressed homeowners by falsely claiming that she was an attorney or with a law firm, promising she could lower their mortgage payments, and offering money-back guarantees. In addition, the defendant committed bankruptcy fraud to conceal her scheme and committed perjury by stating in a civil action by the CFPB that she had stopped offering mortgage assistance relief.
Individual Pleads Guilty for Part in Home Loan Modification Services Scheme. A defendant pleaded guilty to conspiracy to market and sell loan modification services under false and fraudulent pretenses. The investigation showed that the defendant and others made false and misleading statements to potential customers in order to convince them to pay for loan modification services. These statements misrepresented businesses as law firms, guaranteed successful loan modifications, and stated that information was submitted to a formal board of attorneys for review and approval. Instead, customers were contacted by employees who were not lawyers and had little or no legal experience.
