Highlights
The Office of Inspector General (OIG) continued to promote the integrity, economy, efficiency, and effectiveness of the programs and operations of the Board of Governors of the Federal Reserve System (Board) and the Consumer Financial Protection Bureau (CFPB). The following are highlights of our work during this semiannual reporting period.
Audits, Evaluations, and Inspections
- We issued 9 reports concerning the Board and 6 concerning the CFPB.
- We have 23 ongoing projects.
Below are some of the highlights.
The Board’s Recordkeeping, Cost Estimation, and Cost Management Processes for the Martin Building Construction and Renovation Project. The Martin Building construction and renovation project is projected to cost $280.4 million, and it has been identified as a strategic theme in the Board’s strategic framework. We assessed how the cost estimates for the project were determined and how these costs will be managed. We found that the project team did not adequately maintain documentation supporting its conceptual construction cost estimate for the Martin Building project and that support was not available for several line items. We also found that the conceptual construction cost estimate contained errors and inconsistencies. In addition, the Board has not yet established a contractual stated cost limitation with the architecture and engineering firm and has not required the firm to submit cost-saving items to aid in cost management. The Board has taken several steps since 2011 to improve management of the Martin Building project. We made six recommendations to improve the Board’s cost estimation process and cost management and recordkeeping practices.
The Efficiency and Effectiveness of the CFPB’s Supervisory Activities. We conducted this evaluation to assess the operational efficiency and effectiveness of the CFPB’s supervision program. The CFPB’s supervision activities include (1) prioritizing and scheduling examinations, (2) planning and executing examinations, and (3) reporting findings in the form of reports of examination or supervisory letters. Since it began operations in July 2011, the CFPB has made significant progress toward developing and implementing a comprehensive, nationwide supervision program for depository and nondepository institutions. While we recognize the considerable efforts associated with the initial development and implementation of the program, we believe that the CFPB can improve the efficiency and effectiveness of its supervisory activities. Specifically, the CFPB needs to (1) improve its reporting timeliness and reduce the number of examination reports that have not been issued, (2) adhere to its unequivocal standards concerning the use of standard compliance rating definitions in its examination reports, and (3) update its policies and procedures to reflect current practices.
CFPB management indicated that it had taken various measures to address certain findings in our report. We made 12 recommendations designed to assist the CFPB in strengthening its supervision program.
The CFPB’s Approach to Integrating Enforcement Attorneys Into Examinations. Our evaluation objectives were to assess (1) the potential risks associated with the CFPB’s approach to integrating enforcement attorneys into examinations and (2) the effectiveness of any safeguards that the CFPB adopted to mitigate the potential risks associated with this examination approach. We found that the CFPB should determine the appropriate level of enforcement attorney integration into examinations by reassessing the potential risks associated with the practice against the potential benefits and document the results of the assessment. The CFPB’s policy describing the integrated approach did not sufficiently detail how it should be implemented. As a result, CFPB staff’s execution of the policy, as well as their messaging to supervised institutions concerning the role of enforcement attorneys, varied considerably. According to CFPB senior officials, the agency has reconsidered its approach regarding integrating enforcement attorneys into examinations. New policies and procedures reflecting the revised approach became effective in November 2013. We made seven recommendations in our report.
The Board’s and the CFPB’s Information Security Programs. To meet our annual Federal Information Security Management Act of 2002 (FISMA) reporting responsibilities, we reviewed the information security programs and practices of the Board and the CFPB. FISMA requires federal agencies to develop, document, and implement an agency-wide information security program. FISMA also requires each Inspector General (IG) to conduct an annual independent evaluation of the agency’s information security program and practices.
Overall, we found that the Board’s Chief Information Officer is maintaining a FISMA-compliant approach to the Board’s information security program that is generally consistent with requirements established by the National Institute of Standards and Technology (NIST) and the Office of Management and Budget; however, we identified opportunities for improvement in the areas of incident response and reporting, security training, and contractor systems. During the past year, the Board’s Information Security Officer has continued to make progress in implementing an enterprise information technology (IT) risk management framework and a continuous monitoring program; however, additional steps are needed to fully implement programs that are consistent with FISMA requirements. We made two recommendations to assist the Board in strengthening its information security program.
For the CFPB, we found that while the agency has taken several steps to develop, document, and implement an information security program that is consistent with FISMA requirements, there are opportunities for improvement in several information security areas. We made four recommendations designed to assist the CFPB in strengthening its information security program in the areas of continuous monitoring, configuration management, security training, and incident response and reporting.
The Relocation of the Board’s Data Center. We determined that the Board is following a structured approach to planning the relocation of its data center, and Board staff are actively engaged in the planning and decisionmaking for the project. The Board should take additional action, however, to keep the project progressing to meet requirements and remain on schedule. First, the Board has not reevaluated the overall funding for relocating the data center since initially approving the consultant’s cost projection of $201.5 million in June 2012 as the overall budget for the project. This figure was an initial estimate of project costs rather than a detailed budget for the project. Since the initial estimate, design changes have occurred. Second, the construction phase of the data center relocation project has an aggressive schedule with several identified risk areas; any delays in the data center project may impact the Martin Building renovation schedule. We made two recommendations in our report.
Investigations
- We opened 12 cases and closed 1.
- We referred 8 matters to the U.S. Department of Justice.
- We had 9 indictments and were responsible for nearly $339 million in criminal fines, restitution, and forfeiture.
Our most significant cases are highlighted below.
Sentencing of Former Chief Executive Officer of the Bank of the Commonwealth. On November 6, 2013, the former Chief Executive Officer and Chairman of the Board for the Bank of the Commonwealth, Norfolk, Virginia, was sentenced to 23 years in prison, followed by 5 years of supervised release, for conspiracy to commit bank fraud, false entry in a bank record, unlawful participation in loans, false statements to a financial institution, misapplication of bank funds, and bank fraud. The court further ordered the defendant to pay $333.6 million in restitution to the Federal Deposit Insurance Corporation (FDIC), which has sustained at least $333 million in losses. The defendant was found guilty on May 24, 2013, after a 10-week jury trial. The defendant’s crimes contributed to the failure of the Bank of the Commonwealth on September 23, 2011. Bank of the Commonwealth is a state member bank regulated by the Board.
Guilty Pleas for Seven Former Bank Officers of First National Bank of Savannah. Seven former officers of First National Bank of Savannah pleaded guilty before a United States District Court Chief Judge, Southern District of Georgia, for their role in a massive loan-fraud scheme against First National Bank of Savannah and other federally insured banks. The defendants pleaded guilty to various charges in a 47-count indictment returned by a federal grand jury in Savannah in January 2013. According to evidence presented during the guilty plea hearings, as First National Bank of Savannah’s financial condition began to deteriorate, the defendants concealed from the bank, the bank’s board of directors, and federal regulators millions of dollars in nonperforming loans. First National Bank of Savannah failed and was taken over by the FDIC on June 25, 2010. The FDIC estimates that the bank’s failure will cost the Deposit Insurance Fund (DIF) over $90 million. First National Bank of Savannah is a subsidiary of First National Corporation, a bank holding company regulated by the Board.