August 16,2013
Mr. Mark Bialek
Inspector General
Office of the Inspector General
Federal Reserve Board
Washington, D.C. 20551
Dear Inspector General:
Thank you for providing the Federal Reserve Board an opportunity to comment on your draft Audit Report regarding the handling of Federal Open Market Committee (FOMC) meeting minutes. We appreciate your review of the processes the Board has in place regarding the handling of FOMC meeting minutes, your recognition ofthe improvements the Board has already made to those processes and your suggestions for additional improvements to those processes.
The report offers four suggestions, all of which the Board intends to take steps to implement. As the report acknowledges, Board staff from the Congressional Liaison Office (CLO), Public Affairs Office, Legal Division, Division of Monetary Affairs, and FOMC Secretariat met on April 12 to develop a set of common procedures for all distributions of FOMC minutes and other Board information to the CLO contact list. Effective that day, changes were made that limited the CLO contact list to government recipients, provided that items distributed to the CLO contact list include only a public link to an item on the Board's website with a brief description ofthe item and information about other resources on the Board's website, and required verification that information distributed to the CLO contact list be publicly available on the Board's website prior to distribution to the CLO contact list.
We are in the process of implementing the report's two recommendations that these procedures be committedto writing and include policies for determining how these distribution functions will be performed. In the case ofthe Public Affairs Office, a new procedures document has already been written that details specific steps that must be taken by Public Affairs staff to properly release the minutes to the press and public, outlines safeguards to prevent inadvertent release to unauthorized individuals, and specifies which staff members are responsible for carrying out the releaseprocess. The CLO has revised its administrative procedures manual to include the steps outlined above that govern the use of lists such as the CLO contact list.
The report also recommends that the Director of the Division of Monetary Affairs develop and implement a comprehensive training program on the Program for Security of FOMC Information that covers handling requirements for FOMC minutes. We agree that there are benefits to developing and implementing a training program that focuses on the Program for Security of FOMC Information in addition to our current practice of using a training program that integrates all Board information security policies. The Board last year engaged an outside firm to perform a review of FOMC information security practices at the Board and identify areas that would benefit particularly from additional training. At the end of that study, the Board began developing an on-line training program that will specifically focus on the Program for Security ofFOMC Information, and will include, among a range of topics, proper handling of FOMC minutes. The training program is expected to be completed and ready for use before the end of this year.
The final recommendation offered by the report relates to strengthening controls that govern access to the electronic publication system for FOMC materials. As the report acknowledges, the Program for Security of FOMC Information provides that access to FOMC documents, such as the minutes, be limited to staff that have a "need-to-know" the information. We are in the process of formalizing in writing our existing policies for establishing a "need-toknow" reason for accessing the publication system and the minutes; we reviewed and updated the control list that governs access to the publication system and will continue to conduct regular reviews; and we have put in place further access limits for specific documents within the publication system.
We believe that the steps the Board has already taken, coupled with the improvements being developed, will strengthen the Board's information security, and in particular, improve compliance with the Program for Security of FOMC Information. Weappreciate your attention to this matter.
Sincerely,
/signed/
Michelle Smith
Assistant to the Board
/signed/
William English
Director, Division of Monetary Affairs
