OIG updated work plan adds focus to information security, compensation, and distribution of civil penalty funds

more+
less-

The most notable items added by the Office of Inspector General (OIG) to its work plan, updated as of July 7, 2014, are audits of the CFPB’s information security program, pay and compensation program, and distribution of civil penalty funds.

Information Security

Pursuant to the Federal Information Security Management Act of 2002 (“FISMA”), each agency Inspector General must annually evaluate the agency’s information security program. OIG will implement the statutory requirements by auditing

  • the Bureau’s compliance with FISMA and related information security policies, procedures, standards, and guidelines; and
  • the effectiveness of security controls and techniques for a subset of the Bureau’s information systems.

Pay and Compensation

The same 2010 Dodd-Frank legislation (“Dodd-Frank”) that created the CFPB requires it to provide employee compensation and benefits that are, at a minimum, comparable to those of the Board of Governors of the Federal Reserve System. As part of OIG’s audit of the Bureau’s pay and compensation program for compliance, OIG will evaluate the controls around setting employee pay.

Distribution of Civil Penalty Funds

Civil money penalties assessed by the prudential bank regulators are payable to the U.S. Treasury. By contrast, civil penalties obtained by the CFPB in either administrative or judicial actions must be paid into a Civil Penalty Fund (the “Fund”) established by Dodd-Frank. The purpose of the Fund is primarily to compensate consumers harmed by activities for which the civil penalties were imposed. A secondary purpose, to the extent that victims cannot be located or payment to them is impracticable, is to finance consumer education and financial literacy programs.

Although an audit of this fund was previously reported as being completed and no longer a “work in progress,” it appears there is more work to be done. OIG will audit the internal controls related to the Fund and will assess

  • the effectiveness of internal controls surrounding the distribution of money to victims, payment of administrative costs, and financing of consumer education and financial literacy programs;
  • compliance with applicable policies and procedures.

 

Topics:  Audits, CFPB, Civil Penalty Fund, Cybersecurity, Dodd-Frank, Federal Reserve, OIG, Popular

Published In: Consumer Protection Updates, Finance & Banking Updates, Labor & Employment Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »