- About Us
- Information Technology
- Contact Us
Report Fraud, Waste, or Abuse
Board Report: 2013-AE-B-012 August 27, 2013
An official in the Congressional Liaison Office (CLO) at the Board of Governors of the Federal Reserve System (Board) e-mailed the Federal Open Market Committee (FOMC) meeting minutes to an e-mail distribution list (CLO contact list) on April 9, 2013, one day earlier than the scheduled release date. As a result, the Board issued the FOMC minutes at 9:00 a.m. on April 10, 2013, rather than the scheduled 2:00 p.m. release time. The Board's Chairman contacted the Office of Inspector General to request our review of the early release. Accordingly, we determined that our audit objectives were to evaluate the Board's processes for distributing the approved FOMC minutes to Board staff prior to their public release and the Board's management controls to prevent the early distribution of those minutes.
During the three-week period following an FOMC meeting, the meeting minutes are drafted, edited, and approved prior to public release. The FOMC minutes are finalized approximately 24 hours prior to publication and loaded into the Board's publication system. FOMC Secretariat staff notify Office of Board Members staff that the FOMC minutes are ready for publication. Subsequently, Office of Board Members staff prepare the minutes to be released to the public. The Program for Security of FOMC Information describes who is responsible for ensuring that FOMC information, including the FOMC minutes, is safeguarded and how it should be handled.
While CLO and Public Affairs Office (Public Affairs) staff are required to properly safeguard FOMC information in accordance with the Program for Security of FOMC Information, the Office of Board Members has not established formal written management controls to ensure that the Division Director's directives regarding the CLO contact list and publication of the FOMC minutes are implemented. We noted that the CLO did not have written policies and procedures related to the CLO contact list. In addition, neither the CLO nor Public Affairs had written policies and procedures regarding the business processes that require access to the FOMC minutes.
Public Affairs and CLO staff also did not handle the FOMC minutes in accordance with the Program for Security of FOMC Information. Before being given access to confidential FOMC information, including the FOMC minutes, Board staff members agree to abide by the Program for Security of FOMC Information, which incorporates the Board's Information Classification and Handling Standard. Although the Board provides required annual training that covers the Board's Information Classification and Handling Standard, training on FOMC-specific information-handling requirements is not provided.
The Program for Security of FOMC Information requires that access to FOMC information be limited to those with a strict need to know. However, the access control list for the publication system included two Board staff members who may not have needed access to the system, and Division of Monetary Affairs staff did not limit access to the FOMC minutes to a subset of users on the publication system access control list with a need to know.
We made four recommendations designed to strengthen the Board's controls over the handling of the FOMC minutes.
In response to our draft report, management concurred with our recommendations and has initiated steps to implement them. Management also stated that it has taken actions to improve compliance with the Program for Security of FOMC Information.