Semiannual Report to Congress

Message From the Inspector General

We recently issued our Strategic Plan 2024–2027, which provides an overview of our organizational goals and objectives for the next 4 years. Much has changed since our previous strategic plan: The COVID-19 pandemic transformed the global economy and the landscape of work, and ongoing technological advancements appear likely to further alter the ways we work and live. Meanwhile, the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau continue to receive heightened interest from stakeholders given their critical roles in the nation's economy and our current business environment.

In our updated strategic plan, we remain steadfast to our vision: To be the trusted oversight organization of the Board and the CFPB. We also continue to honor our values of collaboration and teamwork; diversity, equity, inclusion, and accessibility (DEIA); excellence; integrity; objectivity and independence; and respect. To support our ongoing DEIA initiatives, we have also issued our first Diversity, Equity, Inclusion, and Accessibility Strategic Plan, Fiscal Years 2024–2027, which identifies specific actions that will help us ensure we are creating a diverse, inclusive, equitable, and accessible work environment.

Our strategic plan notes the continued need to be at the forefront of technological evolution in areas including artificial intelligence and big data. Information technology (IT) advancements also make it easier than ever to collaborate across distance and time zones, and in recent years, we have seen an increased level of interaction between the Board and the Federal Reserve Banks. Such collaboration has benefits but also raises potential security risks and questions about oversight.

In this reporting period, we tested security controls for several IT platforms and programs, including a videoconferencing platform that Board staff used to collaborate with outside parties during the COVID-19 pandemic and in its subsequent hybrid work environment; for a videoconferencing platform the CFPB uses to enable real-time collaboration among employees and virtual teams; for the CFPB's use of Microsoft Office 365; and for the Board's Projection Collection System, which is used to securely store economic projections from Federal Open Market Committee (FOMC) participants. Overall, in all four reports, we found that the security controls we tested were effective, and in several reports, we made suggestions for strengthening controls further.

Ethics and conflicts of interest remain other areas of heightened interest. In January, we released reports on our investigations into the 2020 trading activities of certain senior Board and Reserve Bank officials. During this reporting period, we also closed certain recommendations from an evaluation we completed in 2023 that assessed the design and effectiveness of the personal investment and trading policy that the FOMC adopted after the trading incidents. Specifically, in response to the recommendations from our evaluation, the Board's Ethics Office amended the Investment and Trading Policy for FOMC Officials to expand the employees subject to the investment and trading restrictions and to include new restrictions for employees with access to confidential Class I FOMC information. Separately, we conducted an evaluation to assess the extent to which the CFPB promotes a focus on independence and has policies, procedures, and controls to mitigate the risk of conflicts of interest among Division of Supervision, Enforcement and Fair Lending employees and found that the CFPB can enhance certain practices to mitigate the risk of conflicts of interest for these employees.

In our material loss review of Heartland Tri-State Bank, which had about $139 million in assets before it failed in summer 2023, we found that the bank failed because of alleged fraud by its chief executive officer, who initiated wire transfers totaling about $47.1 million of the bank's funds as part of an apparent cryptocurrency scheme. We recommended that the Board raise awareness among state member banks of cryptocurrency scams and train examiners on such scams and relevant preventive and detective controls at banks.

In other work this reporting period, we assessed the Board intelligence programs' control environment for its core business processes and found that these programs do not maintain certain foundational governance documents and lack measurable performance objectives. We intend to monitor the Board's progress in implementing our recommendations and will assess the need to conduct further evaluations. Stemming from our review of the Board intelligence programs, we issued a memorandum report in which we found that while the Board has a detailed policy for safeguarding various levels of sensitive information, the policy does not address controlled unclassified information; we made recommendations to ensure the proper handling of such information. We also assessed the CFPB's eligibility verification processes for the four health benefits programs available to employees and made recommendations to strengthen the CFPB's enrollment procedures and improve certain eligibility verification controls for the agency's vision and dental programs. Finally, we found that the CFPB can enhance certain aspects of its enforcement investigations process, and we recommended actions for the agency to track timing expectations for key steps in the enforcement process to help mitigate delays and reinforce documentation requirements for investigations.

Our investigators continue to send a strong message that wrongdoers will be brought to justice. In one recent case, Argus Information & Advisory Services agreed to pay $37 million to settle allegations it improperly accessed, used, and retained anonymized credit card data it received through contracts with federal regulators, including the Board, the CFPB, the Federal Reserve Bank of Philadelphia, and the Office of the Comptroller of the Currency. In another recent case, the chief executive officer of a California residential reentry home was sentenced to 17 years for a $34 million Paycheck Protection Program fraud scheme and other crimes. And in a recent bank fraud case, Massachusetts loan brokers and a bank loan officer were sentenced to prison for conspiracy to commit a multimillion-dollar bank fraud.

Overall, in the past 6 months, our Office of Investigations closed 41 investigations and resolved 189 hotline complaints. Our work resulted in 11 referrals for criminal prosecution; 28 arrests; 7 indictments; 11 criminal informations; 35 convictions; and $248 million in criminal fines, restitution, forfeiture, and civil judgments.

As we look to the future, we remain attentive to several areas of interest. For instance, we are closely monitoring the ongoing legal challenge to the constitutionality of the CFPB's funding mechanism. In addition, we are actively researching generative artificial intelligence to better understand how it might affect our work and that of the Board and the CFPB. Other issues, however, are likely to emerge without warning. Ultimately, we know that we must remain agile and flexible as our priorities adjust and new concerns develop.

Our work would not be possible without the tremendous skill and dedication of the Office of Inspector General staff, who continue to meet evolving challenges with determination, flexibility, and creativity. I am truly grateful for their steadfast commitment to our mission, vision, and values, and I am deeply proud of the work they have accomplished.

Sincerely,
/signed/
Mark Bialek
Inspector General
April 30, 2024
 

Highlights

We continued to promote the integrity, economy, efficiency, and effectiveness of the programs and operations of the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau. The following are highlights, in chronological order, of our work during this semiannual reporting period.

Credit Quality of Main Street Lending Program Loans
The Main Street Lending Program (MSLP) special purpose vehicle team established and followed processes for quarterly credit scoring, including monitoring payment performance, and workout loan management.

The Board's Videoconferencing Platform
The selected security controls for the Board's videoconferencing platform were effective overall; however, the Board can improve account management, audit log review, and security assessment and authorization controls.

The Board's Intelligence Programs
The Executive Intelligence Oversight Group did not establish foundational governance documents, measurable performance objectives, or policies and procedures documenting the roles and responsibilities for two of its three core functions.

Heartland Tri-State Bank
Heartland Tri-State Bank failed because of alleged fraud by its chief executive officer (CEO), who initiated wire transfers totaling about $47.1 million of the bank's funds as part of an apparent cryptocurrency scheme. The bank's failure cost the Deposit Insurance Fund (DIF) an estimated $54 million.

The Board's Projection Collection System
The Board's Projection Collection System is used to securely store economic projections from Federal Open Market Committee (FOMC) participants before the projections are released to the public. Overall, the security controls we tested for the Projection Collection System were effective; however, the Board can strengthen configuration management controls.

CFPB Practices to Mitigate Conflicts of Interest
The CFPB can mitigate the risk of conflicts of interest for examiners by clarifying rotation requirements for certain key examiners and by implementing an assignment tracking mechanism to monitor rotations and ensure policy compliance.

The CFPB's Videoconferencing Platform
The selected security controls tested for the videoconferencing platform were operating effectively; however, management can consider improving the monitoring of the videoconferencing platform's chat communications.

Investigation Into Board Trading Activity
We investigated allegations that Board Chair Jerome Powell and former Vice Chair Richard Clarida violated laws, rules, regulations, or policies related to trading activities. While their trading activities complied with rules in effect at the time, these rules did not sufficiently support public confidence in the impartiality and integrity of the policymakers and senior staff carrying out the public mission of the FOMC's work.

Investigation Into Federal Reserve Bank Trading Activity
We investigated allegations that Robert Kaplan, former president of the Federal Reserve Bank of Dallas (FRB Dallas), and Eric Rosengren, former president of the Federal Reserve Bank of Boston (FRB Boston), violated laws, rules, regulations, or policies related to trading activities. We did not find that Mr. Kaplan's trading activities violated laws, rules, regulations, or policies related to trading activities as investigated by our office. We did find, however, that omissions on his 2020 financial disclosure report created appearance issues under the FOMC blackout rule and FRB Dallas's code of conduct. We also had findings related to omissions and discrepancies on Mr. Rosengren's 2020 financial disclosure form, and we believe that his trading activities in real estate investment trusts in 2020 created an appearance of a conflict of interest.

Argus to Pay $37 Million Settlement for Misusing Data
Argus Information & Advisory Services agreed to pay the United States $37 million to settle allegations it improperly accessed, used, and retained anonymized credit card data it received through contracts with federal regulators, including the Board, the CFPB, the Federal Reserve Bank of Philadelphia, and the Office of the Comptroller of the Currency.

California CEO Sentenced for $34 Million Paycheck Protection Program Fraud and Other Crimes
Attila Colar, former CEO of All Hands on Deck, was sentenced to 17 years in prison and ordered to pay nearly $1.2 million in restitution after being convicted of 44 counts related to a $34 million Paycheck Protection Program (PPP) fraud scheme and other crimes.

Massachusetts Loan Brokers and Bank Loan Officer Sentenced for Multimillion-Dollar Bank Fraud
Ted Capodilupo and Joseph Masci, operators of a loan brokerage business, and Brian Ferris, a loan officer at a Massachusetts bank, were sentenced to a year in prison and combined $4 million in restitution for conspiracy to commit bank fraud. They developed a scheme to defraud a bank and the U.S. Small Business Administration (SBA) by submitting fraudulent loan applications for ineligible borrowers and pocketing the associated fees.