Oversight

IG: Federal Reserve should standardize its continuous monitoring

Federal Reserve building Washington DC. Shutterstock image. Photo credit Joseph Sohm 

The Federal Reserve headquarters in Washington, D.C.

Supervisory groups at Federal Reserve Banks are not consistent in their continuous monitoring practices, and can have trouble finding data on information systems due to unstandardized approaches to data uploading, according to a recent inspector general report.

The Federal Reserve System Board of Governors is in charge of issuing guidances for the supervision of its regional reserve banks. To measure the efficacy of its continuous monitoring, and to follow up on its 2014 recommendation for the board to improve its supervision, IG assessed the practices at four Federal Reserve Banks.

The purpose of continuous monitoring for the Federal Reserve is to help identify knowledge gaps and to keep supervisors up to date on potential strategic or operational changes at a financial institution, the report states.

According to the report, examiners in charge of supervising large financial institutions spend over half of their time conducting continuous monitoring. However, auditors found employees’ continuous monitoring and documentation practices to be inconsistent.

“Given the considerable time dedicated to continuous monitoring, maximizing its effectiveness should enhance the overall effectiveness of the supervisory program,” the report states.

Specifically, auditors found that while the board has issued guidance “on some aspects” of continuous monitoring, such as the establishment of meetings and management reports, the guidance does not standardize practices across the enterprise.

Auditors noted that each of the four banks they visited had its own guidance for continuous monitoring, and that expectations for continuous monitoring outcomes also vary by branch. Even among supervisory teams at the same reserve bank, continuous monitoring procedures differ, the IG reported.

Auditors noted that certain best practices are followed at Federal Reserve Banks, but added that they have not been “broadly implemented.”

In addition to the lack of standardized guidance, auditors found other limitations to effective continuous monitoring practices.

Examiners said the sheer volume of information that is provided by financial institutions prevents them from reviewing all of it before uploading it to bank systems. The IG also reported that examiners were “reluctant” to reduce the scope of continuous monitoring activities out of fear of “being unaware of important events at a firm.”

Additionally, auditors found that individual supervisory groups sometimes have multiple SharePoint sites, and that examiners can have difficulty finding and retrieving data on information systems because of teams’ inconsistent approaches to uploading the data.

The report recommended the Reserve’s Director of Supervision and Regulation to develop system-wide guidance and training on how to conduct continuous monitoring that requires data rationalization, and to clarify how employees should store and retrieve continuous monitoring documentation.

Michael S. Gibson, the Reserve's director of supervision and regulation, concurred with both recommendations, and stated that his organization has begun to take corrective action.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group