Reports & Testimonies

  • GAO’s recommendations database contains report recommendations that still need to be addressed.

    GAO’s recommendations help congressional and agency leaders prepare for appropriations and oversight activities, as well as help improve government operations. Recommendations remain open until they are designated as Closed-implemented or Closed-not implemented. You can explore open recommendations by searching or browsing.

    GAO's priority recommendations are those that we believe warrant priority attention. We sent letters to the heads of key departments and agencies, urging them to continue focusing on these issues. These recommendations are labeled as such. You can find priority recommendations by searching or browsing our open recommendations below, or through our mobile app.

  • Browse Open Recommendations

    Explore priority recommendations by subject terms or browse by federal agency

    Search Open Recommendations

    Search for a specific priority recommendation by word or phrase



  • Governing on the go?

    Our Priorities for Policy Makers app makes it easier for leaders to search our recommendations on the go.

    See the November 10th Press Release


  • Have a Question about a Recommendation?

    • For questions about a specific recommendation, contact the person or office listed with the recommendation.
    • For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.
  • « Back to Results List Sort by   

    Results:

    Subject Term: "Credit unions"

    4 publications with a total of 16 open recommendations
    Director: Alicia Puente Cackley
    Phone: (202) 512-8678

    3 open recommendations
    Recommendation: To help state credit union supervisors and privately insured credit unions better interpret Regulation I and inform consumers when an institution is not federally insured, CFPB should issue guidance to clarify whether drive-through windows require disclosures.

    Agency: Consumer Financial Protection Bureau
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help state credit union supervisors and privately insured credit unions better interpret Regulation I and inform consumers when an institution is not federally insured, CFPB should issue guidance to describe what constitutes clear and conspicuous disclosure, including minimum signage dimensions and font size for disclosures.

    Agency: Consumer Financial Protection Bureau
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Recommendation: To help state credit union supervisors and privately insured credit unions better interpret Regulation I and inform consumers when an institution is not federally insured, CFPB should issue guidance to explain and provide examples of which communications are advertising.

    Agency: Consumer Financial Protection Bureau
    Status: Open

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
    Director: Melissa Emrey-Arras
    Phone: (617) 788-0534

    5 open recommendations
    Recommendation: To help ensure quality information is conveyed to servicemembers about how the Servicemembers Civil Relief Act (SCRA) interest rate cap applies to student loans, the Secretary of Defense should direct the secretaries of each service branch, and work with other secretaries as appropriate, to ensure that all information about the SCRA interest rate cap for student loans is accurate when provided to servicemembers and to those who work with servicemembers to help them obtain SCRA benefits, including information contained in outreach materials.

    Agency: Department of Defense
    Status: Open

    Comments: The Department of Defense (DOD) disagreed with this recommendation believing it to be unnecessary because it is already providing accurate information. Specifically, DOD noted that the information provided in several documents GAO reviewed is accurately based on statute whereas Education's updated requirement to automatically apply the cap is based on policy that could change in the future. Moreover, the automated process applies only to federal and commercial FFEL student loans in contrast to other types of debt. DOD said that providing information based on statute rather than policy would cause less confusion and was a better approach than what we recommend. However, our report noted that Education formalized the automated process through federal regulations, effective July 2016, which legally require servicers to use this process for all federal and commercial FFEL loans. In addition, DOD said it was unable to verify whether DOD's Military OneSource website inaccurately states that the SCRA rate cap does not apply to commercial FFEL loans. However, our searches of the website still turned up this inaccuracy. DOD said it would look into a means of verifying website information but that in the meantime, it is satisfied that its training provides correct information. Given that Military OneSource is a key source of information for servicemembers and that some documents DOD provided state that the SCRA rate cap does not apply to student loans, we continue to believe that servicemembers are not always receiving accurate and up-to-date information.
    Recommendation: To ensure that all eligible servicemembers with student loans receive the SCRA interest rate cap, the Attorney General should direct the Department of Justice to consider modifying its proposed changes to SCRA to require use of the automatic eligibility check for private student loans.

    Agency: Department of Justice: Office of the Attorney General
    Status: Open

    Comments: The Department of Justice (DOJ) stated that its current package of proposed legislative changes provides benefits to servicemembers with all kinds of loans, including private student loans. Rather than requiring servicemembers to submit written notice and a copy of military orders, they need only give oral or written notice of eligibility for the cap to their creditors. Creditors would then have to search the Department of Defense's records to verify the servicemembers' military service and apply the SCRA interest rate cap, when applicable. DOJ believes that these changes would significantly benefit all servicemembers with loans while providing a uniform standard for all types of creditors. The department added that it will consider its proposed changes to SCRA in future legislative proposals and plans to obtain feedback from stakeholders on how to improve SCRA's protections for servicemembers. However, as stated in our report, servicemembers with private student loans would still need to be aware of the rate cap in order to give notice, whether written or oral. Therefore, we encourage DOJ to consider updating its current proposal to require use of the automatic eligibility check by all student loan lenders and servicers. Not only would this ensure that servicemembers with private student loans receive a benefit for which they are eligible, but also that the interest rate cap is applied consistently across all types of student loans. The agency said that it would consider these changes to the SCRA in future legislative proposals and plans to obtain feedback from stakeholders on how the agency can propose to improve the SCRA's protections for servicemembers. However, as stated in our report, servicemembers with private student loans would still need to be aware of the rate cap in order to give notice, whether written or oral. Therefore, we encourage DOJ to consider updating its current proposal to require use of the automatic eligibility check by all student loan lenders and servicers. Not only would this ensure that servicemembers with private student loans receive a benefit for which they are eligible, but also that the interest rate cap is applied consistently across all types of student loans.
    Recommendation: To enhance customer service, the Secretary of Education should direct the Office of Federal Student Aid to identify ways to modify the data collected in its unified borrower complaint system to allow the agency to more precisely identify and analyze complaints specifically about the SCRA interest rate cap.

    Agency: Department of Education
    Status: Open

    Comments: The Department of Education said it is committed to accurately tracking the types of complaints it receives and will create a complainant subcategory for SCRA under the "Military and Veterans Benefit" category. In addition, it will continue to run periodic key word searches to identify other complaints that may have been miscategorized by the complainant, related to the requirements of the SCRA, and ensure that they are considered appropriately. GAO will consider closing this recommendation when the department has provided evidence that it has completed these efforts.
    Recommendation: To better ensure that servicemembers with private student loans benefit from the SCRA interest rate cap, the Director of the Consumer Financial Protection Bureau and the Attorney General of the Department of Justice should coordinate with each other, and with the four federal financial regulators, as appropriate, to determine the best way to ensure routine oversight of SCRA compliance for all nonbank private student loan lenders and servicers. If CFPB and DOJ determine that additional statutory authority is needed to facilitate such oversight, CFPB and DOJ should develop a legislative proposal for Congress.

    Agency: Consumer Financial Protection Bureau
    Status: Open

    Comments: The Consumer Financial Protection Bureau (CFPB) stated that it is committed to working with the Department of Justice (DOJ) and federal financial regulators, when possible, to facilitate oversight of SCRA compliance and that it will support all relevant federal agencies in using their respective authorities to identify and address SCRA violations as efficiently and effectively as possible. While CFPB coordinates with DOJ and other federal regulators in general, there is still no single agency authorized to enforce SCRA compliance among nonbank private student loan lenders and servicers, and no entity is conducting onsite supervisory reviews of these lenders and servicers. In addition, while CFPB may refer complaints from servicemembers about the SCRA rate cap for private student loans to DOJ and other financial regulators, we believe this does not constitute routine, proactive oversight and also presumes servicemembers are aware of the SCRA rate cap. GAO will consider closing this recommendation when the bureau has provided evidence of actions it has taken to facilitate routine oversight of SCRA compliance for all nonbank private student loan lenders and servicers.
    Recommendation: To better ensure that servicemembers with private student loans benefit from the SCRA interest rate cap, the Director of the Consumer Financial Protection Bureau and the Attorney General of the Department of Justice should coordinate with each other, and with the four federal financial regulators, as appropriate, to determine the best way to ensure routine oversight of SCRA compliance for all nonbank private student loan lenders and servicers. If CFPB and DOJ determine that additional statutory authority is needed to facilitate such oversight, CFPB and DOJ should develop a legislative proposal for Congress.

    Agency: Department of Justice: Office of the Attorney General
    Status: Open

    Comments: The Department of Justice (DOJ) believes that it is in full compliance with this recommendation and that the four federal financial regulators do not have statutory authority to examine nonbank private student loan lenders and servicers unaffiliated with a depository institution. DOJ stated that it already coordinates extensively with the Consumer Financial Protection Bureau (CFPB) and the financial regulators concerning SCRA compliance through such mechanisms as referrals from CFPB for any SCRA-related violations and access to its consumer complaint database, and regular meetings with CFPB, and that it will continue to be built upon these efforts. While these mechanisms are commendable, GAO believes they do not constitute exercising routine oversight of nonbank private student loan lenders and servicers who are not affiliated with a depository institution. We believe that additional interagency coordination, including working with CFPB to seek additional statutory authority, as needed, is necessary to ensure routine SCRA compliance.
    Director: Lawrance Evans
    Phone: (202) 512-8678

    5 open recommendations
    Recommendation: To ensure that NCUA has adequate authority to determine the safety and soundness of credit unions, Congress should consider modifying the Federal Credit Union Act to grant NCUA authority to examine technology service providers of credit unions.

    Agency: Congress
    Status: Open

    Comments: In July 2015, we suggested that Congress modify the Federal Credit Union Act to grant NCUA authority to examine technology service providers of credit unions. As of October 2016, Congress had not granted NCUA such authority.
    Recommendation: To improve their ability to assess the adequacy of the information security practices at medium and small institutions, the heads of Federal Deposit Insurance Corporation, the Federal Reserve, Office of the Comptroller of the Currency, and NCUA should routinely categorize IT examination findings and analyze this information to identify trends that can guide areas of review across institutions.

    Agency: Department of the Treasury: Office of the Comptroller of the Currency
    Status: Open

    Comments: In July 2015, we recommended that the Office of the Comptroller of the Currency (OCC) and other federal financial institution regulators conduct trend analysis of their IT examination findings to improve their ability to assess the adequacy of information security practices at medium and small institutions. In September 2015, OCC stated that it is taking two actions to respond to our recommendation. First, the agency is integrating the Cybersecurity Assessment Tool (Tool), developed by OCC and other federal financial institution regulators, into OCC's ongoing IT examinations of national banks and federal savings associations. Officials believe that the Tool will provide OCC with a repeatable and measurable process for assessing both the level of risk and the maturity of risk management processes within and across OCC-supervised institutions. Also, officials believe that data gathered in this process will allow OCC to monitor industry trends and identify new or emerging weaknesses where additional guidance or supervisory actions may be needed. Furthermore, the Tool will help OCC allocate examiner resources and better target examiner training. OCC began integrating the Tool in selected examinations in December 2015. Second, OCC stated that it enhanced its guidance and procedures for examiners to identify and aggregate supervisory concerns into matters requiring attention (MRAs), which are the mechanism OCC uses to communicate supervisory concerns to bank management and directors. OCC believes that the enhancements will facilitate systemic categorization of supervisory concerns that strengthen recording, monitoring, and analyzing of volumes and trends across bank portfolios. Also, the enhanced guidance discusses the relationship between MRAs, interagency ratings, OCC's risk assessment system, and enforcement actions. OCC believes that these process enhancements combined with the integration of the Tool, will improve its ability to assess information security practices at medium and small institutions. We will continue to monitor OCC's progress in implementing the Tool and the resulting trend analyses that the Tool is intended to facilitate.
    Recommendation: To improve their ability to assess the adequacy of the information security practices at medium and small institutions, the heads of Federal Deposit Insurance Corporation, the Federal Reserve, Office of the Comptroller of the Currency, and NCUA should routinely categorize IT examination findings and analyze this information to identify trends that can guide areas of review across institutions.

    Agency: Federal Deposit Insurance Corporation
    Status: Open

    Comments: In July 2015, we recommended that the Federal Deposit Insurance Corporation (FDIC) and other federal financial institution regulators conduct trend analysis of their IT examination findings to improve their ability to assess the adequacy of information security practices at medium and small institutions. As of October 2016, FDIC had not provided an update on its efforts to address this recommendation.
    Recommendation: To improve their ability to assess the adequacy of the information security practices at medium and small institutions, the heads of Federal Deposit Insurance Corporation, the Federal Reserve, Office of the Comptroller of the Currency, and NCUA should routinely categorize IT examination findings and analyze this information to identify trends that can guide areas of review across institutions.

    Agency: Federal Reserve System
    Status: Open

    Comments: In July 2015, we recommended that the Board of Governors of the Federal Reserve System (Board) and other federal financial institution regulators conduct trend analysis of their IT examination findings to improve their ability to assess the adequacy of information security practices at medium and small institutions. As of October 2016, the Board had not provided an update on its efforts to address this recommendation.
    Recommendation: To improve their ability to assess the adequacy of the information security practices at medium and small institutions, the heads of Federal Deposit Insurance Corporation, the Federal Reserve, Office of the Comptroller of the Currency, and NCUA should routinely categorize IT examination findings and analyze this information to identify trends that can guide areas of review across institutions.

    Agency: National Credit Union Administration
    Status: Open

    Comments: In July 2015, we recommended that the National Credit Union Administration (NCUA) and other federal financial institution regulators conduct trend analysis of their IT examination findings to improve their ability to assess the adequacy of information security practices at medium and small institutions. In July 2016, NCUA told us that it and the other federal financial institution regulators issued the Cybersecurity Assessment Tool (Tool) in June 2015 to provide a comprehensive method for institutions to benchmark their cybersecurity programs. Officials believe that the Tool will allow examiners to consistently and methodically look at credit union risks and trends, as well as collect detailed information on the risks and mitigating controls employed by credit unions. When the Tool is fully implemented, officials expect to be able to aggregate risk indicators and program gaps across the credit union industry to improve resource deployment and enhance cybersecurity supervisory oversight. NCUA plans to begin pilot testing the Tool in late 2016 with program integration targeted for July 2017. We will continue to monitor NCUA's progress with this program and revisit our recommendation in July 2017.
    Director: St James, Lorelei
    Phone: (202) 512-2834

    3 open recommendations
    Recommendation: To ensure efficient management of the circulating coin inventory, the Board of Governors should direct Cash Product Office (CPO) to develop a process to assess the factors that have influenced increasing coin operations costs and differences in costs across Reserve Banks and a process to use this information to identify practices that could lead to cost-savings.

    Agency: Federal Reserve System: Board of Governors
    Status: Open

    Comments: As of August 2017, GAO is reviewing the recommendation update information the Federal Reserve. The Federal Reserve has indicated that they have developed and approved a methodology to determine the differences in coin costs among different Reserve Banks and thhave begun to identify cost differences among Reserve Banks and also begun to decrease overall coin costs.
    Recommendation: To ensure efficient management of the circulating coin inventory, the Board of Governors should direct CPO to establish, document, and annually report to the Board performance goals and metrics for managing the circulating coin inventory, (e.g., Reserve Bank coin management costs) and measure performance towards those goals and metrics.

    Agency: Federal Reserve System: Board of Governors
    Status: Open

    Comments: As of August 2017, GAO is reviewing information provided by the Federal Reserve. The Federal Reserve has indicated that the Cash Advisory Group has endorsed CPO's coin metric methodology. In addition, the CPO is working with the Board of Governors to understand variances in unit costs and working to reduce those costs.
    Recommendation: To ensure efficient management of the circulating coin inventory, the Board of Governors should direct CPO to establish and implement a process to assess the accuracy of forecasts for new coin orders and revise the forecasts as needed.

    Agency: Federal Reserve System: Board of Governors
    Status: Open

    Comments: As of August 2017, GAO is reviewing information provided by the Federal Reserve. The Federal Reserve has indicated that they have begun work to implement a more formal assessment program for forecasting new coin orders. In addition, the Cash Product Office has begun work to refine the accuracy of these forecasts.