Semiannual Report to Congress

Message From the Inspector General

Since our previous semiannual report to Congress, new leaders have joined both of the agencies we oversee. Kathy Kraninger became Director of the Bureau of Consumer Financial Protection (Bureau), and Michelle Bowman took office as a member of the Board of Governors of the Federal Reserve System (Board). We’ve met with Director Kraninger and Governor Bowman, and we look forward to continuing to work with leadership at the Board and the Bureau as we provide independent oversight to improve their programs and operations and to prevent and detect fraud, waste, and abuse.

During the past 6 months, we issued eight reports related to the Board’s programs. These reports address information security, information technology governance, the shipment of currency, academic assistance, audits of financial statements, and workforce planning. We issued four reports on the Bureau’s operations, which examine information security, purchase card controls, the monitoring of corrective actions at supervised institutions, and the scheduling of examination activities.

Our Office of Investigations pursued allegations of fraud against Board and Bureau supervision programs as well as allegations of wrongdoing concerning our agencies’ internal operations. We processed 262 new hotline complaints and closed 13 investigations, and our work resulted in 10 persons referred for criminal prosecution and more than $1.3 billion in criminal fines, restitution, and special assessments. Of note were the sentencings of four former Wilmington Trust executives to imprisonment for fraud, false entries, and false statements as well as Société Générale S.A.’s agreement to pay more than $1.3 billion in monetary penalties for its willful violation of U.S. economic sanctions.

Although our work focuses on the programs and operations of the Board and the Bureau, our findings often have applicability beyond our specific agencies. To help share this knowledge with other organizations, we issued our second OIG Insights paper in February. In this paper, we summarize five strategies organizations can use to strengthen their organizational governance system, including adapting governance processes and structures to fit their organizational needs and ensuring transparency to stakeholders.

We actively engage with and seek input from a variety of stakeholders. Over the past 6 months, we met with key members of our oversight committees, hosted conferences to foster cooperation among our law enforcement partners, and engaged with staff throughout the Board and the Bureau so that we are able to provide timely and insightful oversight of Board and Bureau programs and operations.

I am proud that the Office of Inspector General continues to be a force for positive change. We welcomed Fred W. Gibson, Jr., as Deputy Inspector General in November, and I look forward to his outstanding contributions. I am also profoundly grateful for the professionalism and expertise of every member of the Office of Inspector General staff, whose dedication, commitment, and high-quality work make it possible for us to fulfill our mission.

Sincerely,
/signed/
Mark Bialek
Inspector General
April 30, 2019

Highlights

We continued to promote the integrity, economy, efficiency, and effectiveness of the programs and operations of the Board of Governors of the Federal Reserve System (Board) and the Bureau of Consumer Financial Protection (Bureau). The following are highlights of our work during this semiannual reporting period.

The Board’s Information Security Program
The Board’s information security program is operating at a level-4 (managed and measurable) maturity, which indicates an overall effective level of security. The Board has opportunities to mature its information security program in Federal Information Security Modernization Act of 2014 (FISMA) domains across all five security functions outlined in the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity—identify, protect, detect, respond, and recover—to ensure that its program remains effective.

The Bureau’s Information Security Program
The Bureau’s information security program is operating at a level-3 (consistently implemented) maturity, with the agency performing several activities indicative of a higher maturity level. The Bureau has opportunities to mature its information security program in FISMA domains across all five Cybersecurity Framework security functions—identify, protect, detect, respond, and recover—to ensure that its program is effective.

The Board’s Governance of Information Technology
Certain aspects of the Board’s organizational structure and authorities could inhibit the Board’s achievement of its strategic objectives regarding technology as well as its achievement of an effective FISMA maturity rating. Although the Board has information technology (IT) governance mechanisms in place, we found opportunities for improvement in the areas of security, budgeting, procurement, and capital planning.

The Bureau’s Follow-Up Process for Matters Requiring Attention
During the examination process, Bureau employees may identify corrective actions that a supervised institution needs to implement to address certain violations, deficiencies, or weaknesses. These corrective actions include Matters Requiring Attention (MRAs). The Bureau can improve its follow-up process for MRAs.

Strengthening Organizational Governance
Organizational governance involves processes and structures for decisionmaking, accountability, controls, and behaviors designed to accomplish an organization’s objectives. A strong governance system can enable an organization to achieve its objectives more efficiently and effectively. This OIG Insights paper summarizes insights from our 2017 evaluation of the Board’s organizational governance more broadly, highlighting practices and considerations that other organizations can use to strengthen their governance system.

The Board’s Workforce Planning
Board division leaders have varying perspectives on the need for an enterprisewide workforce planning process, and their buy-in to participate in such a process may be impeded by factors including communication, undefined roles and responsibilities, a lack of clear support from top Board leaders, and existing division-specific approaches to workforce planning.

The Bureau’s Risk Assessment Framework for Examinations
We identified opportunities for the Bureau to improve its risk assessment framework for prioritizing and scheduling examinations, which includes the identification, analysis, and prioritization of specific institution product lines for examination.

Former Wilmington Trust Executives Sentenced in Federal District Court
Four former executives of Wilmington Trust Bank were sentenced to incarceration ranging from 36 to 72 months, a total of $700,000 in fines, and prohibition from banking. The executives were found guilty of conspiracy to defraud the United States, securities fraud, making false statements in documents required to be filed with the U.S. Securities and Exchange Commission (SEC), making false entries in banking records, and making false statements to the SEC and to the Board.

Criminal Charges Against Société Générale S.A.
On November 19, 2018, the U.S. Attorney’s Office for the Southern District of New York announced criminal charges against Société Générale S.A. (SG) consisting of a one-count felony information charging SG with conspiring to violate the Trading with the Enemy Act and the Cuban Asset Control Regulations for SG’s role in processing billions of dollars of U.S. dollar transactions using the U.S. financial system, in connection with credit facilities involving Cuba. Under a deferred prosecution agreement, SG agreed to pay $1.34 billion in penalties—the second-largest penalty ever imposed on a financial institution for violations of U.S. economic sanctions.

Former Acting President of CFG Community Bank Sentenced to Federal Prison for Bank Fraud and Tax Evasion
A former acting President of CFG Community Bank, a state member bank, was sentenced to 3 years in federal prison for bank fraud and tax evasion. The defendant was also ordered to pay $892,541.75 in restitution to CFG and $365,228.80 in restitution to the Internal Revenue Service and to forfeit $503,378.87.