The CFPB Can Improve Its Safeguards for Protecting Confidential Supervisory Information

Date Issued

Monday, May 5, 2025

Submitting OIG

Federal Reserve Board & CFPB OIG

Agencies Reviewed/Investigated

Consumer Financial Protection Bureau

Report Number

2025-SR-C-005

Report Type

Inspection / Evaluation

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

External Link

Open Recommendations

This report has 4 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
3	No	$0	$0
Develop and require training for CFPB staff involved in the examination process for the policy and guidance resulting from recommendations 1 and 2.
5	No	$0	$0
Update the guidance for managing breaches of confidential supervisory information to include expectations for a. assessing and documenting the level of harm associated with a breach. b. counseling, training, or taking other measures to hold CFPB staff responsible for breaches accountable, as appropriate, and documenting such actions. c. analyzing the causes of breaches to identify trends and implement appropriate control adjustments, as necessary.
6	No	$0	$0
Develop required training on the updated guidance after it is implemented.
7	No	$0	$0
Update the CFPB’s confidential information breach response directive to a. provide guidance for assessing the risk to institutions affected by breaches of confidential supervisory information and notifying those institutions. b. define the roles and responsibilities for those involved in the process.