CFPB inspector general: Consumer complaint database needs better identity management

The Consumer Financial Protection Bureau. (Ted Eytan / Flickr)

Share

Written by

The Consumer Financial Protection Bureau should strengthen the identity and access management controls in place around its public-facing consumer complaint database, the agency’s inspector general says.

In a security review of the system, called Mosaic, the IG found that the security procedure is, for the most part, effective. “However,” the IG writes in a summary of the report, “we found that the Bureau can strengthen controls in the area of identity and access management to ensure that the security control environment for Mosaic remains effective.” Identity management, simply, is a way to ensure that system users are who they say they are.

The report makes one recommendation in this area, the summary states, but citing the “sensitivity” of information security investigations, the IG did not make the full report public.

Mosaic is CFPB’s answer to a provision in the Dodd-Frank Wall Street Reform and Consumer Protection Act that required the new agency “establish a database to facilitate the centralized collection and monitoring of and response to complaints regarding consumer financial products and services.”

Collection of complaints began in 2011, and the public-facing index launched to agency leadership fanfare in 2013.

“By sharing these complaints with the public, we are creating greater transparency in consumer financial products and services,” then-Director Richard Cordray said in a statement at the time. “The database is good for consumers and it is also good for honest businesses. We believe the marketplace of ideas can do great things with this data.” The database currently contains over 1 million complaints.

However, at an event in April, current Director Mick Mulvaney suggested he might like to end public access to the database.

“I don’t see anything in [the Dodd-Frank Act] that I have to run a Yelp for financial services sponsored by the federal government,” Mulvaney said, speaking to a large gathering of bankers at the American Bankers Association. His comments, according to MarketWatch reporting, drew chuckles and then “huge applause” from the crowd.

CFPB currently has a request for information on “the Bureau’s consumer complaint and consumer inquiry handling processes” open on the Federal Register. Over 100 public comments have been filed so far, many of which urge the agency to keep the database accessible.

-In this Story-

Consumer Financial Protection Bureau, Cybersecurity, identity and access management, Inspector General, Mick Mulvaney
TwitterFacebookLinkedInRedditGoogle Gmail