IG: Federal Reserve should standardize its continuous monitoring

Supervisory groups at Federal Reserve Banks are not consistent in their continuous monitoring practices, and can have trouble finding data on information systems due to unstandardized approaches to data uploading, according to a recent inspector general report.

The Federal Reserve System Board of Governors is in charge of issuing guidances for the supervision of its regional reserve banks. To measure the efficacy of its continuous monitoring, and to follow up on its 2014 recommendation for the board to improve its supervision, IG assessed the practices at four Federal Reserve Banks.

The purpose of continuous monitoring for the Federal Reserve is to help identify knowledge gaps and to keep supervisors up to date on potential strategic or operational changes at a financial institution, the report states.

According to the report, examiners in charge of supervising large financial institutions spend over half of their time conducting continuous monitoring. However, auditors found employees’ continuous monitoring and documentation practices to be inconsistent.

“Given the considerable time dedicated to continuous monitoring, maximizing its effectiveness should enhance the overall effectiveness of the supervisory program,” the report states.

Specifically, auditors found that while the board has issued guidance “on some aspects” of continuous monitoring, such as the establishment of meetings and management reports, the guidance does not standardize practices across the enterprise.

Auditors noted that each of the four banks they visited had its own guidance for continuous monitoring, and that expectations for continuous monitoring outcomes also vary by branch. Even among supervisory teams at the same reserve bank, continuous monitoring procedures differ, the IG reported.

Auditors noted that certain best practices are followed at Federal Reserve Banks, but added that they have not been “broadly implemented.”

In addition to the lack of standardized guidance, auditors found other limitations to effective continuous monitoring practices.

Examiners said the sheer volume of information that is provided by financial institutions prevents them from reviewing all of it before uploading it to bank systems. The IG also reported that examiners were “reluctant” to reduce the scope of continuous monitoring activities out of fear of “being unaware of important events at a firm.”

Additionally, auditors found that individual supervisory groups sometimes have multiple SharePoint sites, and that examiners can have difficulty finding and retrieving data on information systems because of teams’ inconsistent approaches to uploading the data.

The report recommended the Reserve’s Director of Supervision and Regulation to develop system-wide guidance and training on how to conduct continuous monitoring that requires data rationalization, and to clarify how employees should store and retrieve continuous monitoring documentation.

Michael S. Gibson, the Reserve's director of supervision and regulation, concurred with both recommendations, and stated that his organization has begun to take corrective action.