Newsroom
July 29, 2015
IG finds deficiencies in CFPB consumer complaint database
The Federal Reserve and CFPB Office of Inspector General has identified seven control deficiencies related to CFPB's consumer complaint database, underscoring privacy and risk concerns NAFCU raised earlier this year.
While the OIG said that CFPB has taken steps to secure its complaint database in accordance with the Federal Information Security Modernization Act and the bureau's own information security policies and procedures, the OIG review found deficiencies related to configuration management, access control, and audit logging and review.
"Specifically, we identified improvements that are needed in the timely installation of database-level patches, the enforcement of password expiration and user access requirements, and the logging and review of security events," the OIG's report said.
In a comment letter to the bureau in May, NAFCU Director of Regulatory Affairs Alicia Nealon said the CFPB's existing complaint database "poses serious concerns that personal information may be inadvertently released jeopardizing an individual's secure financial information. Also, the CFPB employs no mechanism to validate a consumer's comments, which creates harmful reputational risks to credit unions and other financial institutions."
The OIG said that CFPB's chief information officer had agreed with its recommendations and outlined actions that have or will be taken to address its concerns.
While the OIG said that CFPB has taken steps to secure its complaint database in accordance with the Federal Information Security Modernization Act and the bureau's own information security policies and procedures, the OIG review found deficiencies related to configuration management, access control, and audit logging and review.
"Specifically, we identified improvements that are needed in the timely installation of database-level patches, the enforcement of password expiration and user access requirements, and the logging and review of security events," the OIG's report said.
In a comment letter to the bureau in May, NAFCU Director of Regulatory Affairs Alicia Nealon said the CFPB's existing complaint database "poses serious concerns that personal information may be inadvertently released jeopardizing an individual's secure financial information. Also, the CFPB employs no mechanism to validate a consumer's comments, which creates harmful reputational risks to credit unions and other financial institutions."
The OIG said that CFPB's chief information officer had agreed with its recommendations and outlined actions that have or will be taken to address its concerns.
Share This
Related Resources
Add to Calendar 2024-04-23 14:00:00 2024-04-23 14:00:00 Monitoring the Latest Litigation Risks Credit unions’ operations pose litigation risks, with more of these cases being filed as class action lawsuits. In this Monitoring the Latest Litigation Risks for Credit Unions webinar, you’ll review some of the specific kinds of lawsuits impacting credit unions and what potential claims could be on the horizon. You’ll also examine some options for mitigating risks. Key Takeaways Review the current lawsuit trends. Understand the potential claims risks Explore options for mitigating risks. Register Now $295 Members | $395 Nonmembers(Additional $50 for USB)One registration gives your entire team access to the live webinar and on-demand recording until April 23, 2025Go to the Online Training Center to access the webinar after purchase » Who Should Attend NCCOs NCRMs Compliance and risk titles Education Credits NCRMs will recieve 1.0 CEUs for participating in this webinar NCCOs will recieve 1.0 CEUs for participating in this webinar Web NAFCU digital@nafcu.org America/New_York public
Monitoring the Latest Litigation Risks
Credits: NCCO, NCRM
Webinar
Resiliency In Your Incident Response Plan
Cybersecurity
preferred partner
DefenseStorm
Blog Post
The Bottom Line on Insurance Tracking and Collateral Protection
Strategy
preferred partner
Allied Solutions
Blog Post
Add to Calendar 2024-04-15 09:00:00 2024-04-15 09:00:00 Mergers and Acquisitions: Unifying Two Different Executive Total Compensation and Benefits Programs Listen On: Key Takeaways: [03:50] With the merger of a smaller credit union into a larger one you are really only dealing with integrating staff into the larger credit union. [05:53] When working with a merger of equals we start with a deep dive into the executive compensation and benefits of each organization. [09:09] If your current executive benefits provider doesn’t conduct regular plan evaluations, consider having a plan audit anyway. [13:46] Don’t overpay for these things if you don’t have to. When you have more options available that means the cost is more appropriate. [17:11] It is in a unified organization’s best interest to do tier timelines where we look at your top executives who are critical to the unified organization’s success today and then slowly add in the next levels. Web NAFCU digital@nafcu.org America/New_York public
Mergers and Acquisitions: Unifying Two Different Executive Total Compensation and Benefits Programs
preferred partner
Gallagher
Podcast
Get daily updates.
Subscribe to NAFCU today.