- About Us
- Information Technology
- Contact Us
Report Fraud, Waste, or Abuse
Major Management Challenges for the Board
An effective governance system provides leadership, direction, and accountability in fulfilling an organization's mission and provides stewardship of public resources while establishing clear lines of responsibility for results. The Board of Governors of the Federal Reserve System (Board) has a complex governance system that creates challenges for the Governors in carrying out their roles and responsibilities and for the Board in using an enterprisewide approach to managing certain administrative functions.
The Board's governance system creates challenges for the Governors in performing certain of their functions. In our 2017 report The Board's Organizational Governance System Can Be Strengthened, we identified aspects of the Board's governance system that may impede the ability of Governors and their respective standing committees to carry out their roles and responsibilities. Specifically, we noted that the Board can clarify the roles, purposes, and procedures of its standing committees; strengthen its new Governor orientation; and improve communication among Governors and between Governors and other Board officials.
Governors noted that standing committee purposes, procedures, and roles and responsibilities could be clarified and that there is uncertainty about Governors' roles in overseeing divisions. Most standing committees do not use charters to codify the committee objectives or the roles of each member. Additionally, the Board does not have a process to formally review standing committees to ensure that they continue to best help the Board carry out its work.
Governor orientation does not introduce new Governors to their full set of responsibilities, such as explaining how their standing committees function, or explaining Governor responsibilities for policy areas that the new Governor will not directly oversee. A more detailed orientation could help reduce the learning curve for new Governors.
Further, Board guidance does not set clear expectations for communication with Governors, even though Governors and Board officials have noted the importance of clear communication expectations. Challenges with communication among Governors and between Governors and Division Directors can result in the Governors being unaware of certain Board activities and Board officials missing opportunities to leverage Governors' knowledge and experience. Communication with and among Governors is further complicated by the Government in the Sunshine Act, which requires that certain meetings of an agency be open to the public.
The Board's decentralized structure and consensus-driven culture have created challenges in implementing enterprisewide initiatives in the information technology (IT), human capital, and risk management and internal control functions.
Although the Division of Information Technology provides agencywide IT services and manages the Board's information security program, some divisions also have their own IT sections. We recognize that divisions may benefit from integrating IT services within their line of business; however, having division-embedded IT units can result in duplicative processes, operational inconsistencies, and higher costs. In addition, the Board's decentralized IT structure contributes to challenges in implementing an effective information security continuous monitoring and risk management program. We reported in our 2017 Audit of the Board's Information Security Program that the decentralization of IT services contributes to the Board having an incomplete view of the risks affecting its security posture and impedes its ability to implement an effective information security program.
Governance over the human capital function also creates challenges. The Director of the Management Division is delegated the authority to formulate, approve, or implement policies for enterprisewide personnel management. However, the Chief Human Capital Officer, an officer in the Management Division who is two levels below the Division Director, is responsible for overseeing the Board's operations and resources related to personnel management. The Chief Human Capital Officer has had challenges in overseeing implementation of enterprisewide human capital initiatives, such as succession planning.
Further, the Board does not have a designated Chief Risk Officer or equivalent function focused on formulating and implementing risk management policies. Instead, these responsibilities fall within the Division of Financial Management, which is also tasked with providing financial services and overseeing strategic planning. The division began attempting to implement enterprisewide risk-management processes as early as 2004 without success. In addition, we recommended in our 2013 report The Board Can Benefit from Implementing an Agency-Wide Process for Maintaining and Monitoring Administrative Internal Control that the Board establish an agencywide process for maintaining and monitoring administrative internal control. This recommendation remains open.
In its Strategic Plan 2016–19, the Board identifies initiatives to improve its governance system, including (1) establishing governance that more effectively prioritizes resources within the constraints of the budget, (2) defining a governance plan for the Board's use of technology, and (3) implementing a data governance framework. In its Annual Performance Report 2017, the Board notes several projects related to these initiatives, such as (1) enhancing the budget development and forecasting processes to further the functional costing approach, (2) executing against a framework that defines key criteria that will be used in IT decisions across the organization, and (3) implementing the initial components of a data stewardship program in support of the enterprise data inventory.
As financial institutions have continued to adopt internet-based systems to conduct business, cyberthreats to the financial sector have increased dramatically in both number and sophistication. As a result, cybersecurity remains an area of significant focus for financial institutions and federal financial regulators because these threats can create significant operational risk, disrupt critical services, and ultimately affect financial stability. Accordingly, financial institutions and regulators must prepare for potential significant cyberattacks.
The Board's supervisory program for financial institutions includes efforts to ensure that supervised financial institutions manage and mitigate the risks and vulnerabilities of cyberattacks. The Board faces challenges in ensuring that supervisory approaches keep pace with evolving cyberthreats as well as the concerns of the financial services sector.
The Board also faces challenges in continually tailoring its supervisory approach for the various institutions it supervises. For example, the Board must enhance its oversight of firms that provide technology services to supervised entities. It can do so by implementing an improved governance structure and providing additional guidance to examination teams on the supervisory expectations for such firms. In addition, the Board must improve recruitment, retention, and succession planning for cybersecurity resources to ensure that the Board has an agile, diverse, and highly qualified cybersecurity workforce. The Board must also enhance its communication of critical IT and cybersecurity-related risks to relevant Board and Federal Reserve System supervision personnel.
The Board's Cybersecurity Program Group is a multiyear initiative to further develop the Federal Reserve System's cybersecurity oversight program. The Cybersecurity Program Group continues to enhance supervisory program components, such as training and resource coordination, risk analysis, incident management, and other work streams, to guide future IT examinations.
Information security continues to be a key risk in the federal government, as demonstrated by recent incidents involving breaches of sensitive data and the sharp increase in information security incidents reported by federal agencies over the last several years. The Federal Information Security Modernization Act of 2014 (FISMA) requires the Board to develop, document, and implement an information security program to protect its information systems and data. Although the Board has implemented an information security program that is consistent with FISMA, it faces challenges in ensuring that the program is effective in the areas of risk management, configuration management, and information security continuous monitoring. A consistent theme affecting the Board's ability to implement an effective information security program is the decentralization of IT services, which results in an incomplete view of security risks affecting the agency.
As noted in our 2017 Audit of the Board's Information Security Program, the Board has not yet implemented key components of an enterprise risk-management program. These components include an optimal governance structure and an organizationally defined risk-management strategy, risk appetite, risk tolerance, and risk profile. The Board's Office of the Chief Financial Officer is working to develop an enterprise risk-management framework, which will include inputs from several ongoing work streams, such as those related to developing and implementing an insider threat program and updating the Board's suitability policy. Once the enterprise risk-management framework has been developed, the Board's Chief Information Officer will have to ensure that the agency's information security program, policies, and processes are updated as needed. Developing an agencywide risk-management strategy and optimal governance structure will enable the Board to better evaluate the combined effects of risks as an interrelated portfolio and to effectively prioritize resource allocation to meet the Board's mission.
The Board also faces challenges in implementing a centralized approach to configuration management. As noted in our 2017 Audit of the Board's Information Security Program, the Board does not have a comprehensive enterprise architecture and associated review processes that are enforced across the agency. An enterprise architecture would provide the Board with a blueprint for modernizing its IT infrastructure as well as serve as a guide to establishing and maintaining the integrity of the Board's systems. Specifically, in accordance with best practices, the Division of Information Technology has developed an architecture for the technologies it manages. However, the architecture does not reflect technologies managed outside of the Division of Information Technology. In addition, the division has established an Architecture Review Board to ensure that technologies introduced to the Board's environment are in line with the agency's security standards and do not threaten the integrity of infrastructure components. However, not all divisions consult with the Architecture Review Board before implementing technologies that they have purchased.
With respect to information security continuous monitoring, the Board faces challenges in implementing agencywide processes for managing vulnerabilities and software inventories. For example, as noted in our 2017 Audit of the Board's Information Security Program, the Board's security incident and event management tool does not include information from all components of its network.
Consistent with the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, the Board is in the process of aligning its information security program and related policies and procedures to the National Institute of Standards and Technology Cybersecurity Framework. This alignment will enable the Board to continue improving its information security program, including strengthening risk management, configuration management, and information security continuous monitoring to ensure that FISMA requirements are met.
The Board's success in achieving its mission is contingent on attracting, developing, and retaining a qualified, diverse, and agile workforce. Continually evolving workforce expectations and a highly competitive hiring environment for individuals with the specialized skills that the Board needs present challenges for the Board. In addition, current and long-term budget pressures and a projected increase in the number of Board employees in mission-supporting positions becoming eligible for retirement may contribute to gaps in leadership and institutional knowledge. Lastly, identifying a diverse workforce with the necessary technical, managerial, and leadership skills to effectively carry out the Board's mission remains a challenge, as minorities and women continue to be underrepresented in internal and external candidate pools. The Board must continue to improve its human capital management in order to mitigate these challenges and meet future workforce needs.
One of the Board's key human capital initiatives is workforce planning. Workforce planning can help the Board strengthen its human capital management by aligning its human capital program with its current and emerging mission and programmatic goals and developing long-term workforce strategies for acquiring, developing, and retaining staff to achieve programmatic goals. Since 2017, when we reported that the Board was taking a more strategic approach to workforce planning, the Board has continued to develop its workforce planning capability and conduct pilot programs in one division and in one section of another division. We are currently conducting two evaluations in this area: one to review the Board's workforce planning efforts and one to assess the challenges to implementing workforce planning.
The Board identified its workforce as a priority in its Strategic Plan 2016–19. In 2016, the Board published its Diversity and Inclusion Strategic Plan 2016–19 as a companion to its strategic plan. Taken together, these plans can assist in the Board's workforce planning efforts to successfully recruit, hire, train, promote, and retain a more diverse workforce as well as to foster a culture that encourages collaboration, flexibility, transparency, and fairness.
The Board's diversity and inclusion successes, as reported in the Board's March 2018 Report to Congress on the Office of Minority and Women Inclusion, include (1) diversity in the official staff pipeline and major job family hires, (2) strong leadership commitment to diversity and inclusion, and (3) external outreach and recruitment activities targeting minority and women economists. Despite its progress, the Board reported continuing diversity and inclusion challenges, including increasing Hispanic representation and increasing minority representation among official staff. An additional challenge for the Board is the availability of minority and women economists in the candidate pool. The overall challenge remains for the Board to implement enterprisewide human capital improvements, including workforce planning and diversity and inclusion initiatives, strategically and effectively.
Promoting the safety, soundness, and stability of financial institutions and financial market infrastructures is a core activity for accomplishing the Board's mission. The Board's challenges in this area include (1) remaining adaptable to internal and external developments that affect its regulatory and supervisory direction, (2) leveraging and enhancing the existing technology infrastructure that supports supervisory activities, (3) fostering a culture that encourages employees to share their views on supervision matters, and (4) maintaining effective relationships with other regulators.
The Board must remain adaptable to internal and external developments that affect its regulatory and supervisory direction. The Vice Chairman for Supervision has outlined a regulatory and supervisory agenda for the Board that seeks to improve the effectiveness of the postcrisis regulatory framework through increased efficiency, transparency, and simplicity. As part of that effort, the Vice Chairman for Supervision supports an approach to financial institution supervision that is tailored to the risk profile and complexity of a supervised institution. In addition, the Economic Growth, Regulatory Relief, and Consumer Protection Act became law in May 2018. This law amends some Dodd-Frank Wall Street Reform and Consumer Protection Act provisions by, among other things, raising the total assets threshold determination for a systemically important financial institution from $50 billion to $250 billion and exempting community banks from the Volcker Rule. Additional adjustments to the supervisory framework or further changes to the financial institution supervision approach will require a high degree of adaptability.
Information management continues to increase in importance and complexity, and the Board has acknowledged the need to be prepared to augment its IT infrastructure to support more-complex data needs. Further, the Board must continue to leverage and enhance its IT tools to effectively and efficiently conduct its supervision activities.
Given the complexity associated with assessing risks at many large financial institutions with nuanced business activities, the free flow of information between supervision employees and their leaders has proven to be crucial to the effectiveness of the Board's supervisory efforts. The Board should continue to foster a culture that encourages employees to share their views, including opposing views, so that decisionmakers reach informed conclusions and decisions about supervised entities.
To effectively execute its duties as the consolidated supervisor for bank, financial, and savings and loan holding companies, the Board must continue to cultivate and maintain strong cooperative relationships with the primary supervisors of holding company subsidiaries. Continued efforts to coordinate with other federal supervisory agencies are crucial to the Board's effective execution of its supervisory responsibilities because this coordination can (1) reduce potential duplication of efforts or eliminate gaps in supervisory coverage and (2) help monitor, identify, and respond to emerging systemic risks.
The Board continues to improve the usability of technological tools in support of its supervisory activities. In addition, the Board is implementing a high-priority initiative to encourage constructive dialog and rigorous debate among financial institution supervisory employees at all levels to improve decisionmaking across the Federal Reserve System. In furtherance of its supervisory efforts, the Board continues to coordinate with its counterparts to align strategic objectives and minimize duplicative efforts.
Ensuring that the Board has the physical infrastructure it needs to carry out its mission in a cost-effective manner presents significant risks and challenges, including those associated with contractor oversight, cost management, and disruptions to employees. The Board's challenges in these areas relate to a portfolio of activities, including renovations in several owned buildings: (1) the William McChesney Martin, Jr., Building; (2) the New York Avenue facility; (3) the Marriner S. Eccles Building; and (4) the recently acquired 1951 Constitution Avenue NW building, which is adjacent to the Eccles Building. In addition, space planning during and after the renovations may also pose a challenge to the Board.
The Martin Building project is one of the Board's largest contracting efforts. The design work for the project, which resumed in 2013 after significant delays, scope changes, and cost increases, was completed in 2017. The Board awarded a renovation and expansion contract to a general construction contractor and expects the renovation to be completed in 2020. In addition, a floor in the New York Avenue facility, which was last updated in the 1990s, is being redesigned with updated office layouts and new fixtures. This project is scheduled for completion in the last quarter of 2019. Further, the Board continues to explore the possibility of renovating the Eccles Building. A basis of design effort for the Eccles Building was completed in 2018 and has provided valuable information to help inform a renovation decision. Finally, the Board will also begin a basis of design effort for the 1951 Constitution Avenue NW building. With each of these projects, the Board should apply lessons learned from the Martin Building renovation, such as how to improve contractor oversight and cost management. Further, because the infrastructure projects in the Board's portfolio are interrelated, any delays could have cascading effects on completion dates and costs.
In response to challenges associated with these infrastructure projects, the Board hired dedicated project managers and monitors project schedules and milestones for capital projects in bimonthly reports to the Chief Operating Officer and quarterly reports to the Investment Review Board. Further, to ensure that the renovation of the Martin Building remains on schedule, the Board has regular meetings with its contractors to discuss project progress, resolve outstanding issues, monitor the schedule, and review other pertinent matters. The Board plans to incorporate these practices on all future capital improvement projects.
In 2007, the Board began to supplement its owned space with leased space, and in 2012, the Board acquired additional leased space both to accommodate overall staff growth and to house staff displaced due to the Martin Building renovation and other infrastructure projects. As of September 2018, the Board maintained multiple leases in two facilities, which the Board previously noted is costly and impedes employee engagement when compared to a consolidated campus. The Board expects that adding the 1951 Constitution Avenue NW building to its campus will allow for easier collaboration and communication and reduce operating costs, because it will eliminate or greatly reduce the need to lease space in several buildings.