Audit finds CFPB’s information security is not effective

Nov. 05, 2025

The Consumer Financial Protection Bureau’s Office of the Inspector General released an audit that found the bureau’s information security program is no longer effective.

Details: The OIG’s report said the maturity level of the CFPB's information security program has decreased since last year, noting the bureau’s:

Authorizations to operate for many systems have not been maintained.
Risk acceptance memorandums lack documented analysis of cybersecurity risks.
Software is outdated.

Interested in discussing this and other topics? Network with and learn from your peers with the app designed for community bankers. Join the conversation with ICBA Community.

NewsWatch Today Contacts

Thomas Warren

Vice President, Communications

Nicole Swann

Vice President, Communications

Audit finds CFPB’s information security is not effective

NewsWatch Today Contacts

Related News

ICBA’s unique call for 1033 community bank exemption makes headlines

Court halts 1033 rule compliance deadline

ICBA urges CFPB to expand 1033 exemption for community banks

ICBA discusses 1033 rulemaking in meeting with CFPB