Maintaining effective information security programs — and overseeing cybersecurity at supervised institutions, in the case of the Fed — remain top management challenges for the Consumer Financial Protection Bureau and the Federal Reserve Board, according to reports released today by the agencies’ inspector general.
The CFPB should focus on overseeing the security of systems operated by contractors and ensuring that personally identifiable information in its possession is protected, the report said. The report cited a Government Accountability Office audit in 2014 that found that “ the CFPB has collected consumer financial data on credit card accounts, mortgage loans, and other products” but “that the CFPB lacks written procedures and comprehensive documentation for a number of processes, including data intake and information security risk assessments.”
Both agencies were also urged to address workforce development and retention issues, strengthen their controls over management operations and maintain physical infrastructure properly.