OIG releases CFPB and Fed list of open recommendations

Federal Issues Bank Regulatory Privacy, Cyber Risk & Data Security CFPB Federal Reserve

On April 22, the OIG, which oversees the CFPB and the Fed, released two audit and evaluation reports that noted previously identified recommendations to improve or correct issues that remain open as of March 31, including some recommendations that have been open for more than six months. With respect to the CFPB, the OIG identified 18 recommendations that remain open; with respect to the Fed, the OIG identified 65 open recommendations. The open recommendations made to the CFPB stem from OIG reports on strengthening its offboarding process in 2018, auditing the Bureau’s information security program in 2018, 2022, and 2023, and technical testing results for the Bureau’s legal enclave in 2020. The open recommendations to the Fed stem from OIG reports relating to, among others (i) information security; (ii) cybersecurity; (iii) security control of the Fed’s public website; (iv) the Fed’s Financial Market Utility Supervision Program; and (v) enterprise risk management. Notably, a small subset of the recommendations that remain open are nonpublic.