Semiannual Report to Congress

Message From the Inspector General

Over the past 6 months, information security continued to be a critically important concern, not just for the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau but also for the federal government and the American people. As part of the Council of the Inspectors General on Integrity and Efficiency's Technology Committee, we led a team of six participating offices of inspector general to report on information security program trends across the government. In our report, issued in May, we found that federal agencies have strengthened the maturity of their information security programs on average in recent years, but that more actions are needed in key areas—supply chain risk management, cybersecurity risk management, and configuration management—to ensure that agencies' information security programs can deal with cybersecurity threats effectively.

Much of our oversight work this reporting period relates to information technology (IT) and information security. We performed security control testing of the Board's web-based embargo application, which allows authorized members of the media to access documents that are not yet posted to the Board's public website. Overall, the security controls we tested were effective, but the Board can strengthen access and configuration management controls. In separate assessments, we analyzed the Board's and the CFPB's purchase card programs and found, for each agency, that the risk of illegal, improper, or erroneous use of purchase cards is low. Finally, we conducted a forensic evaluation of the CFPB's procurement process as it relates to labor hours billed to the agency and found that the process is operating effectively overall. However, because of missing timesheets, potentially incorrect labor rates, unsupported labor hours, and undocumented overtime rates in the labor-rate schedule, $2.3 million of the $56.4 million of labor hours we evaluated could not be reconciled with supporting documentation.

Remaining agile and attuned to technological developments and emerging risks continues to be a priority in our oversight of the Board and the CFPB. We are expanding our IT audits and data analytics teams, and we continue to actively research artificial intelligence, machine learning, and other emerging technologies to better understand how they might affect our work and that of the Board and the CFPB.

We continue to evaluate the applicability of such emerging technologies to our mission. We are also focused on expanding the data literacy of our workforce—empowering staff to effectively interpret, analyze, and communicate data insights. We use a risk-based approach in evaluating emerging technologies and promoting data literacy. This approach is grounded in an understanding of the need to manage and protect OIG data while mitigating security, privacy, and compliance risks.

Ensuring a diverse, equitable, and inclusive workforce is another top priority for our office and for the agencies we oversee. We examined the Board's hiring efforts over several years and found that while the Board follows certain leading practices to cultivate workforce diversity, its applicant pool becomes less diverse in the latter stages of the hiring cycle. We recommend that the Board issue comprehensive guidance and policies that promote additional leading practices throughout the agency, such as anonymizing résumés and requiring training for hiring managers. We are also beginning an evaluation of the hiring practices of the Board's four economics divisions, which have a separate recruiting and hiring process for economists and research assistants, and their effect on workforce diversity.

Ethics and potential conflicts of interest continued to be an area of heightened interest. We recently completed our investigation into the 2017–2021 trading activities of a senior Federal Reserve Bank official and found that the official violated Federal Open Market Committee (FOMC) rules and Reserve Bank policies governing blackout periods, financial disclosures, prohibited holdings, and preclearance requirements. We did not find any evidence that trades were based on confidential FOMC information, and the official did not have financial conflicts of interests; however, the official created an "appearance of acting on confidential FOMC information" under the FOMC blackout rule and an "appearance of a conflict of interest" that could cause a reasonable person to question the official's impartiality under the Reserve Bank's code of conduct.

We issued three pandemic-related reports in this reporting period. The Paycheck Protection Program Liquidity Facility (PPPLF) advanced about $200 billion to lenders to keep credit flowing to small businesses during the pandemic. We found that the Federal Reserve Bank of Minneapolis, which administers the PPPLF, followed its risk management processes and can enhance monitoring and collection processes. We also audited the CFPB's consumer response operations, which saw an increase in consumer complaints during the pandemic. We found that the CFPB effectively monitors consumer complaints but can enhance certain processes. Finally, we contracted with an independent firm to test selected security controls for the CFPB's Consumer Resource Center Mosaic system, a cloud-based system used for the agency's consumer complaint program; no areas for improvement were identified.

Our Office of Investigations continues to investigate numerous cases of fraud related to the pandemic's emergency lending programs, ensuring that those who defrauded such programs are brought to justice. In May, for instance, a former deputy sheriff in the Broward County Sheriff's Office was sentenced to federal prison for participating in a COVID-19 relief fraud scheme; in August, a Broward County Deputy Sheriff and SWAT team member was sentenced to prison for her role in the scheme; and in September, a Nevada man was convicted of defrauding three banks of more than $11.2 million in pandemic relief funds.

Bank fraud and bank failures also remain areas of attention. While small bank failures may not threaten the resilience of the nation's banking system, such failures nonetheless cause profound and long-lasting effects on the communities these banks serve. In August, for example, the former president of Ericson State Bank was sentenced to 18 months in prison after committing fraud that led to the failure of the Nebraska bank. In another case, the former chief executive officer of Heartland Tri-State Bank in Kansas was sentenced to 293 months (over 24 years) in prison for embezzling millions of dollars as part of an online cryptocurrency pig butchering scheme, causing the bank to fail. We are closely attuned to growing concerns about pig butchering schemes, in which scammers gain the trust of victims and lure them into investing more and more money into seemingly sound investments, often involving cryptocurrency. We will continue to monitor for such schemes and will provide audit and investigative resources when necessary.

Overall, our Office of Investigations closed 23 investigations and resolved 329 hotline complaints. Our work resulted in 8 referrals for criminal prosecution; 21 arrests; 6 indictments; 16 criminal informations; 21 convictions; and over $200 million in civil judgments, forfeiture, criminal fines, restitution, and special assessments.

I am deeply grateful for the OIG staff and continue to be impressed by their exceptional skill; relentless dedication; and steadfast commitment to our mission, vision, and values. Our work would not be possible without their talent, expertise, and determination, and I look forward to continuing to work together to improve the programs and operations of the Board and the CFPB and to prevent and detect fraud, waste, and abuse.

Sincerely,
/signed/
Mark Bialek
Inspector General
October 31, 2024
 

Highlights

We continued to promote the integrity, economy, efficiency, and effectiveness of the programs and operations of the Board of Governors of the Federal Reserve System and the Consumer Financial Protection Bureau. The following are highlights, in chronological order, of our work during this semiannual reporting period.

The Board's Embargo Application
The Board can strengthen access and configuration management controls for its embargo application, which allows authorized members of the media to access documents that are not yet posted to the Board's public website.

The CFPB's Examiner Commissioning Program
The CFPB can make its commissioning program more consistent in terms of opportunities, mentoring, and other support for examiners; provide examiners specific, actionable feedback; and formalize an approach for diversifying assessment panels.

Federal Information Security Program Trends Across the Federal Government
Only 60 percent of federal government agencies have an effective information security program. More actions are needed to ensure agencies' information security programs can deal with cybersecurity threats effectively.

The CFPB's Surplus Civil Penalty Funds Allocation and Contractor Payments to Victims
The CFPB's process for allocating Civil Penalty Fund (CPF) monies prioritizes victim compensation over consumer education and financial literacy programs, and the CFPB provided effective oversight of contractors, ensuring that eligible victims received accurate payments.

The CFPB's Contractor Overbilling
Of the $56.4 million of labor hour costs we evaluated, $2.3 million could not be reconciled with supporting documentation.

Paycheck Protection Program Liquidity Facility Administration
The Federal Reserve Bank of Minneapolis (FRB Minneapolis), which administers the Paycheck Protection Program Liquidity Facility (PPPLF), followed its risk management process for at-risk, unresolved, and potentially fraudulent collateral used to back PPPLF loans, but measures to address nonpayment were not fully developed.

Diversity, Equity, and Inclusion in the Board's Hiring Process
The Board's applicant pool became less diverse in the latter stages of the hiring cycle, but the agency can mitigate this challenge by issuing guidance and policies to promote leading hiring practices.

Investigation Into Federal Reserve Bank of Atlanta President's Trading Activity
We investigated the 2017–2021 trading, investment, and disclosure activities of Federal Reserve Bank of Atlanta (FRB Atlanta) President Raphael Bostic. Dr. Bostic violated Federal Open Market Committee (FOMC) rules and Federal Reserve Bank policies governing blackout periods, financial disclosures, prohibited holdings, and preclearance requirements. Dr. Bostic also created an "appearance of acting on confidential FOMC information" under the FOMC blackout rule and an "appearance of a conflict of interest" that could cause a reasonable person to question his impartiality under FRB Atlanta's code of conduct.

Former Chief Executive Officer of Failed Kansas Bank Sentenced to Prison for Embezzling $47 Million
Shan Hanes was sentenced to over 24 years in prison for embezzling $47.1 million from Heartland Tri-State Bank as its chief executive officer (CEO). Hanes embezzled the money to enrich himself in a pig butchering cryptocurrency scheme in which would-be investors were conned into depositing money into fake accounts controlled by scammers. The embezzlement caused Heartland, a state member bank serving rural Kansas, to fail, with the Federal Deposit Insurance Corporation (FDIC) absorbing the $47.1 million loss.

Former Bank Vice President and Branch Manager Convicted for Paycheck Protection Program Fraud in New York
Anuli Okeke, former vice president and manager of a New York branch of Popular Bank, was convicted by jury of conspiracy to commit bank and wire fraud, wire fraud, bank fraud, and money laundering conspiracy. Okeke led a scheme to fraudulently obtain millions of dollars from the Economic Injury Disaster Loan (EIDL) program and the Paycheck Protection Program (PPP) during the height of the COVID-19 pandemic. She faces up to 30 years in prison. Seven other coconspirators previously pleaded guilty to wire and bank fraud conspiracy in connection with the defendant's scheme.