September 30, 2014
The CFPB continues to establish and implement its internal management operations as it seeks to provide effective oversight of the consumer financial marketplace. Establishing appropriate internal controls--including policies and procedures that clearly define roles and responsibilities--and effectiveness measures should continue to be an area of focus for the CFPB as the organization grows and the consumer financial products and services that the agency regulates evolve. In addition, the CFPB has acquired staff members from several federal agencies as well as from the private sector, resulting in different sets of practices and expectations across the organization. Key program areas that the agency should focus on include the Civil Penalty Fund and the Consumer Complaint Database.
As mentioned earlier, the CFPB must continue its effort to establish and implement appropriate operational controls related to its supervision program and develop an effective human capital infrastructure. Further, our work related to the Government Performance and Results Act of 1993, as amended (GPRA), determined that the CFPB needs to establish more outcome-based measures. CFPB officials noted during this audit that while the agency was focused on establishing operations, the measures it had in place addressed the CFPB's initial operational activities and some GPRA requirements were unmet. Identifying outcome-based measures that can be quantified using a balanced set of organizational performance indicators and that can be effectively monitored will be a challenge going forward, requiring additional time and outreach efforts to CFPB stakeholders.
In addition, our audits and evaluations of procurement, travel, supervision, and enforcement found areas in which the CFPB needed to clarify roles and responsibilities. We also noted that the CFPB needed to timely develop and deploy sound policies and procedures in these key areas, as well as for conferences.
The CFPB has established a team within the Chief Financial Officer's organization to review, monitor, and improve internal control. The CFPB has made progress in establishing new agency operations and will continue to define division-level performance goals and measures. By implementing GPRA, the CFPB is ensuring that its operations align with its strategic plan. In addition, many of our audits and evaluations have noted progress in assigning roles and responsibilities, as well as in establishing policies and procedures.
The Dodd-Frank Act requires the CFPB to deposit any civil penalty it obtains in any judicial or administrative action under federal consumer financial law into the Civil Penalty Fund (CPF). The CFPB is to use the funds collected to compensate consumers who were harmed by activities for which civil penalties have been imposed. Under the CPF rule, to the extent that victims have already been compensated, cannot be located, or payment is otherwise not practicable, the CFPB may use the funds for consumer education and financial literacy programs. As of June 30, 2014, the CFPB had collected and deposited approximately $144 million of civil penalties into the CPF and distributed approximately $1 million to victims. The CFPB identified vendors and awarded a multiyear contract to distribute funds to victims. The agency has also identified and approved two consumer education and financial literacy program proposals totaling $28 million to be funded through the CPF. As the fund continues to grow, the CFPB may face challenges in distributing funds to victims in a timely manner.
The CFPB has issued a final CPF rule and implemented internal controls by developing internal procedures. The CFPB has also contracted with third-party administrators to identify, locate, and notify victims and has begun distributing payments from the CPF to victims. The CFPB established a policy that describes procedures for identifying and developing consumer education and financial literacy programs under the CPF and defines the roles of the Consumer Education and Financial Literacy Officer and the Division of Consumer Education and Engagement Associate Director in selecting those programs.
In June 2012, the CFPB became the first federal regulator to publicly share individual-level consumer financial complaint data. While the Consumer Complaint Database initially contained only credit card complaints, the CFPB has extended the database to other consumer financial products and services covered by the CFPB. As the types of products and services expand, the agency will be challenged to manage complaints, improve data quality, and maintain the effectiveness of the complaint process. Further, the CFPB will face additional challenges in ensuring that personally identifiable information is properly protected given the agency's recent decision to publish narratives in its public complaint database.
The CFPB has taken steps to improve the reliability and timeliness of data in the Consumer Complaint Database, as well as to protect sensitive personal information. The agency's Office of Consumer Response developed written procedures for reviewing and editing complaint data and for the daily refresh process of the public complaint database. In addition, the CFPB has enhanced the efficiency and timeliness of the daily refresh process by fully automating the steps to update the data. In its proposed policy statement dated July 14, 2014, regarding the agency's intent to disclose narratives in the public complaint database, the CFPB stated that a robust scrubbing standard and methodology would be applied to remove personal information and reduce the risk of re-identification.