Evaluation of the Federal Reserve System’s Loan Purchase and Administration for Its Main Street Lending Program (MSLP)
In response to the COVID-19 pandemic, the Federal Reserve System established the MSLP—composed of five different lending facilities—to facilitate lending to small and medium-sized for-profit and nonprofit organizations. Through the MSLP, the Federal Reserve Bank of Boston (FRB Boston) purchased 1,830 loans amounting to approximately $17.5 billion from lenders; the majority of these loans were purchased during the last 2 months of the program. Following the purchase of the loans, FRB Boston is now responsible for administering the loans, including assessing overall credit risk and identifying substandard loans. FRB Boston leveraged third-party vendors to support both loan purchases and loan administration. We plan to assess the MSLP’s processes for loan purchases and loan administration, including the design, implementation, and operating effectiveness of internal controls.
Evaluation of the Federal Reserve System’s Vendor Selection and Management Processes Related to the Federal Reserve Bank of New York’s Emergency Lending Programs
As part of its emergency lending program, FRB New York operated six emergency lending facilities, five of which were supported by multiple vendor contracts. FRB New York awarded some of its emergency lending program–related contracts noncompetitively because of the exigent circumstances, and other contracts pose potential conflict-of-interest risks to the System. FRB New York’s reliance on vendors highlights the importance of its monitoring of vendor performance. We plan to assess the Board’s and FRB New York’s processes related to vendor selection and management for FRB New York’s emergency lending programs.
Evaluation of Third-Party Cybersecurity Risk Management Processes for Vendors Supporting the Main Street Lending Program (MSLP) and the Secondary Market Corporate Credit Facility (SMCCF)
In response to the economic effects of the COVID-19 pandemic, the Board created new lending programs and facilities to provide loans to employers, certain businesses, and communities across the country to support the U.S. economy. To support the implementation of specific programs and facilities, the Federal Reserve Banks have contracted with third- party vendors for various services, such as administrative, custodial, legal, design, and investment management services. These vendors provide data generated from the operations and management of the facilities to the Reserve Banks, who then provide the data to the Board. We are evaluating the effectiveness of (1) the risk management processes designed to ensure that effective information security and data integrity controls are implemented by third parties supporting the administration of the MSLP and the SMCCF and (2) select security controls managed.
Monitoring of the Federal Reserve’s Lending Facilities
In response to the economic effects of the coronavirus pandemic, the Federal Reserve recently announced that it would create new lending facilities to provide loans to employers, certain businesses, and communities across the country to support the U.S. economy. Specifically, the following programs have been created or are in development: the Main Street Lending Program, the Paycheck Protection Program Liquidity Facility, the Municipal Liquidity Facility, the Primary Market Corporate Credit Facility, and the Secondary Market Corporate Credit Facility. We are initiating an active monitoring effort of these programs to gain an understanding of operational, governance, reputational, and financial matters associated with them. Through this monitoring effort, we will refine our focus on the programs and identify areas for future audits or evaluations. Some of the topics we are considering include the design, operation, governance, and oversight of the lending programs; data collection and reporting associated with the programs; and the effect of the programs on the Board’s supervision and regulation activities.
Research for Future Audits and Evaluations Regarding Effects of Coronavirus Pandemic (SARS-CoV-2 Virus and COVID-19 Disease) on EPA Programs and Operations
The OIG plans to initiate a project to research and identify topics for potential audits and evaluations related to the EPA's response to the COVID-19 pandemic.
Evaluation of EPA's Information Systems' Compliance with Federal System Security Plans Requirements (revised objectives)
One objective of this audit is to evaluate elements within the System Security Plans to determine whether they provide details to allow the EPA to make decisions to secure its network during the COVID-19 pandemic.