The Federal Deposit Insurance Corporation has been rapped over the knuckles by the US Government Accounting Office (GAO) for failing to adequately secure its information systems. The Financial Crimes Enforcement Agency, meanwhile, has been taken to task for gaps in the rules on the criminal mis-use of stored value cards.
In its report, the GAO says the FDIC did not sufficiently implement access and other controls intended to protect the confidentiality, integrity, and availability of its financial systems and information. In addition, the FDIC failed to develop policies, procedures, and controls "to ensure the appropriate segregation of incompatible duties, adequately manage the configuration of its financial information systems, and update contingency plans."
The GAO cautions: "Until these weaknesses and program deficiencies are corrected, the corporation will not have sufficient assurance that its financial information and assets are adequately safeguarded from inadvertent or deliberate misuse, fraudulent use, improper disclosure, or destruction."
The GAO recommends that the the agency's CIO works to develop and document policies and procedures for assigning access to systems and databases where application controls could be compromised, and implement a continuous monitoring programme to root out vulnerabilities.
Separately, the GAO has taken the Financial Crimes Enforcement Agency (Fincen) to task for failing to draw up rules and regulations governing the transportation of stored value cards across US borders.
For example, travellers must report transporting more than $10,000 in cash when leaving the country, but there are no restrictions on the movement of pre-paid cards. Similarly, certain anti-money laundering regulations, such as reports on suspicious activities, do not apply to the entire stored value industry.
Fincen is drawing up proposals, notes the GAO, but it has not yet developed a management plan that includes, among other things, target dates for completing the regulations.
"Developing such a plan could help Fincen better manage its rulemaking effort," says the GAO. "When it issues the regulations, law enforcement agencies and Fincen may be challenged in ensuring compliance by travelers and industry. For example, Fincen will be responsible for numerous tasks including issuing guidance for compliance examiners, revising the way in which it tracks suspicious activities related to stored value, and addressing gaps in anti-money laundering regulations for off-shore entities that issue and sell stored value."