Evaluation of the Federal Reserve System’s Loan Purchase and Administration for Its Main Street Lending Program (MSLP)
In response to the COVID-19 pandemic, the Federal Reserve System established the MSLP—composed of five different lending facilities—to facilitate lending to small and medium-sized for-profit and nonprofit organizations. Through the MSLP, the Federal Reserve Bank of Boston (FRB Boston) purchased 1,830 loans amounting to approximately $17.5 billion from lenders; the majority of these loans were purchased during the last 2 months of the program. Following the purchase of the loans, FRB Boston is now responsible for administering the loans, including assessing overall credit risk and identifying substandard loans. FRB Boston leveraged third-party vendors to support both loan purchases and loan administration. We plan to assess the MSLP’s processes for loan purchases and loan administration, including the design, implementation, and operating effectiveness of internal controls.
Evaluation of the Federal Reserve System’s Vendor Selection and Management Processes Related to the Federal Reserve Bank of New York’s Emergency Lending Programs
As part of its emergency lending program, FRB New York operated six emergency lending facilities, five of which were supported by multiple vendor contracts. FRB New York awarded some of its emergency lending program–related contracts noncompetitively because of the exigent circumstances, and other contracts pose potential conflict-of-interest risks to the System. FRB New York’s reliance on vendors highlights the importance of its monitoring of vendor performance. We plan to assess the Board’s and FRB New York’s processes related to vendor selection and management for FRB New York’s emergency lending programs.
Results of Analytical Testing of the Board's Publicly Reported Data for the Secondary Market Corporate Credit Facility
The Department of Energy's Unclassified Cybersecurity Program - 2021
This review is a culmination of the OIG's work on FISMA as well as additional cybersecurity and technology work performed by the OIG throughout the year. The review this fiscal year includes additional work to address questions raised by members of Congress related to information technology and cybersecurity during the Department of Energy's maximum telework posture.
The Department of Energy's Implementation of the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) Related to Contractor Paid Leave.
The review will determine: (a) how the Department is administering, recording, and reporting contractor paid leave reimbursements, (b) who is responsible for selecting the labor categories/positions that qualify and under what circumstances, and (c) the amount of contractor paid leave reimbursements under the CARES Act for the period examined.
Evaluation of Third-Party Cybersecurity Risk Management Processes for Vendors Supporting the Main Street Lending Program (MSLP) and the Secondary Market Corporate Credit Facility (SMCCF)
In response to the economic effects of the COVID-19 pandemic, the Board created new lending programs and facilities to provide loans to employers, certain businesses, and communities across the country to support the U.S. economy. To support the implementation of specific programs and facilities, the Federal Reserve Banks have contracted with third- party vendors for various services, such as administrative, custodial, legal, design, and investment management services. These vendors provide data generated from the operations and management of the facilities to the Reserve Banks, who then provide the data to the Board. We are evaluating the effectiveness of (1) the risk management processes designed to ensure that effective information security and data integrity controls are implemented by third parties supporting the administration of the MSLP and the SMCCF and (2) select security controls managed.
Audit of the Board's Data Aggregation, Validation, and Reporting Processes for its CARES Act Lending Programs
Section 4026 of the CARES Act and section 13(3) of the Federal Reserve Act require the Board to report certain information regarding its emergency lending programs. The Board has stated its commitment to transparency and accountability by announcing that it will report, on a monthly basis, information on the lending programs using CARES Act funding, including the names and details of the participants in each program; the amounts borrowed and the interest rate charged; and the overall costs, revenues, and fees for each program. We are assessing the Board’s processes for collecting, aggregating, and reporting lending information related to its CARES Act lending programs, including the data validation processes it uses to ensure that the information is current, accurate, and complete.
Monitoring of the Federal Reserve’s Lending Facilities
In response to the economic effects of the coronavirus pandemic, the Federal Reserve recently announced that it would create new lending facilities to provide loans to employers, certain businesses, and communities across the country to support the U.S. economy. Specifically, the following programs have been created or are in development: the Main Street Lending Program, the Paycheck Protection Program Liquidity Facility, the Municipal Liquidity Facility, the Primary Market Corporate Credit Facility, and the Secondary Market Corporate Credit Facility. We are initiating an active monitoring effort of these programs to gain an understanding of operational, governance, reputational, and financial matters associated with them. Through this monitoring effort, we will refine our focus on the programs and identify areas for future audits or evaluations. Some of the topics we are considering include the design, operation, governance, and oversight of the lending programs; data collection and reporting associated with the programs; and the effect of the programs on the Board’s supervision and regulation activities.