The CFPB Inspector General recently issued a report concluding that the Bureau’s consumer complaint database, Mosaic, is largely effective, but that its identity and access management functions could be stronger. The Inspector General’s report relates the findings of an audit conducted pursuant to the Federal Information Security Modernization Act of 2014, which requires that the Inspector General evaluate the Bureau’s information security practices annually.
Mosaic is the Bureau’s way of complying with the Dodd-Frank requirement that the agency maintain a centralized system to collect, monitor, and respond to consumer complaints. The Bureau is already making efforts to improve Mosaic’s security control system per the Inspector General’s recommendation, but those details are unavailable to the public due to the sensitive nature of information security investigations.
Read a summary of the Inspector General’s report here.