Recommendations Database

Jump To:

As of February 1, 2023, there are 4825 open recommendations that still need to be addressed. 464 of these are priority recommendations, those that we believe warrant priority attention. Learn more about our priority designation on our Recommendations page.

Search for open recommendations by agency, topic, subject, or keyword/phrase below, or view all open recommendations by agency.

Skip to main search results
Clear All Filters
1 - 17 of 17 Recommendations, including 0 Priority Recommendations

Home Mortgage Disclosure Act: Reporting Exemptions Had a Minimal Impact on Data Availability, but Additional Information Would Enhance Oversight

Show
1 Open Recommendations
Agency Recommendation Status
Consumer Financial Protection Bureau The Director of CFPB should provide the federal financial regulators with additional information in its analysis to help them oversee lenders' eligibility for partial exemptions and related HMDA reporting. (Recommendation 1)
Open

As of November 2021, CFPB had taken some steps to implement the recommendation and noted it shared, and will continue to share, two types of information with the other HMDA agencies to help them determine partial exemption compliance. Further, CFPB stated it is continuing to explore options for incorporating Community Reinvestment Act identifier information to support CFPB's and other agencies' analysis of HMDA partial exemption compliance.

Fair Lending: CFPB Needs to Assess the Impact of Recent Changes to Its Fair Lending Activities

Show
2 Open Recommendations
Agency Recommendation Status
Consumer Financial Protection Bureau The Director of CFPB should collect and analyze information on the outcomes of its 2018–2019 fair lending reorganization and use that assessment to address any challenges or unintended consequences resulting from the change. (Recommendation 1)
Open

CFPB agreed with this recommendation and has stated its commitment to assessing the effects of the 2019 reorganization. In December 2021, CFPB said it was assessing the impacts of the reorganization and would address challenges or unintended consequences that resulted from that change. This recommendation remains open pending further progress from CFPB toward completing this assessment.

Consumer Financial Protection Bureau The Director of CFPB should develop and implement performance goals and measures specific to its efforts to supervise and enforce fair lending laws. (Recommendation 2)
Open

CFPB agreed with this recommendation and has stated its commitment to establishing publicly reported performance goals and measures specific to its fair lending enforcement and supervision work. CFPB's Annual Performance Plan for FY22, issued in February 2022, noted that going forward CFPB plans to report on a measure related to the number of fair lending supervision events and a measure related to the percentage of fair lending enforcement cases that were successfully resolved. This report included tables with historical data for these measures for fiscal years 2016-2017 while noting that

Consumer Privacy: Better Disclosures Needed on Information Sharing by Banks and Credit Unions

Show
1 Open Recommendations
Agency Recommendation Status
Consumer Financial Protection Bureau The Director of CFPB, in consultation with the other federal financial regulators, should update the model privacy form and, in doing so, consider whether it is feasible to include more comprehensive information about third parties with whom financial institutions share consumer personal information. (Recommendation 1)
Open

CFPB said it is committed to ensuring that financial institutions' disclosures to consumers accomplish their consumer protection and transparency goals and that it will consider GAO's recommendation but has not yet taken any action on it. In May 2021, CFPB noted that any changes to the model privacy form would likely require a joint rulemaking with other agencies including FTC, SEC, and CFTC and such a rulemaking is not currently on its rulemaking agenda. In October 2022, CFPB initiated a rulemaking on personal financial data rights. While not directly related to the model privacy form, this

Consumer Reporting Agencies: CFPB Should Define Its Supervisory Expectations

Show
2 Open Recommendations
Agency Recommendation Status
Consumer Financial Protection Bureau The Director of CFPB should communicate to CRAs its expectations regarding reasonable procedures for assuring maximum possible accuracy of consumer report information. (Recommendation 1)
Open

In an August 2021 update, CFPB stated that the agency communicates supervisory expectations to CRAs through exams and investigations. Additionally, CFPB reemphasized that it has taken actions to convey expectations to CRAs, including holding a joint workshop with FTC in December 2019 on consumer reporting accuracy and publishing Supervisory Highlights citing FCRA violations and the basis for such violations. As we stated in our report, corrective actions through examinations are limited to the specific entities being examined and clearer communication of supervisory expectations and the ways

Consumer Financial Protection Bureau The Director of CFPB should communicate to CRAs its expectations regarding reasonable investigations of consumer disputes. (Recommendation 2)
Open

In an August 2021 update, CFPB stated that the agency communicates supervisory expectations to CRAs through exams and investigations. Additionally, CFPB reemphasized that it has taken actions to convey expectations to CRAs, including holding a joint workshop with FTC in December 2019 on consumer reporting accuracy and publishing Supervisory Highlights citing FCRA violations and the basis for such violations. As we stated in our report, corrective actions through examinations are limited to the specific entities being examined and clearer communication of supervisory expectations and the ways

Private Student Loans: Clarification from CFPB Could Help Ensure More Consistent Opportunities and Treatment for Borrowers

Show
2 Open Recommendations
Agency Recommendation Status
Consumer Financial Protection Bureau The Director of CFPB should provide written clarification to nonbank private student loan lenders on their authorities under the Fair Credit Reporting Act to offer private student loan rehabilitation programs that include removing information from credit reports. (Recommendation 1)
Open

As of July 2021, CFBP does not plan to act on this recommendation because the law does not require nonbank private student loan lenders to seek CFPB's approval of student loan rehabilitation programs. CFPB stated that if a financial institution chooses to offer a private student loan rehabilitation program it would be protected under the Fair Credit Reporting Act. We maintain that clarification from CFPB that nonbank lenders have the authority to offer these programs could--depending on CFPB's interpretation--result in additional lenders offering rehabilitation programs that would allow more

Consumer Financial Protection Bureau The Director of CFPB, after consulting with the prudential regulators and relevant industry groups, should provide written clarification on what information in a consumer's credit report constitutes a private student loan reported "default" that may be removed after successful completion of a private student loan rehabilitation program. (Recommendation 2)
Open

As of July 2021, CFPB stated that action on this recommendation is premature pending ongoing work by an industry association on what information may be removed from a credit report after successful completion of a private student loan rehabilitation program. We will continue to follow up with CFPB on its monitoring of this effort and consultation with relevant regulators.

Consumer Data Protection: Actions Needed to Strengthen Oversight of Consumer Reporting Agencies

Show
2 Open Recommendations
Agency Recommendation Status
Consumer Financial Protection Bureau The Director of CFPB should identify additional sources of information, such as through registering CRAs or leveraging state information, that would help ensure the agency is tracking all CRAs that meet the larger participant threshold. (Recommendation 1)
Open

In July 2020, CFPB staff noted that they have reviewed state CRA registration information available to them, are working to obtain additional state registration information, and are exploring additional ways to leverage the information. GAO will continue to monitor CFPB's progress in leveraging additional sources of information that would help identify larger participant CRAs. As of July 2021, CFPB had not made additional progress on implementing this recommendation.

Consumer Financial Protection Bureau The Director of CFPB should assess whether its process for prioritizing CRA examinations sufficiently incorporates the data security risks CRAs pose to consumers, and take any needed steps identified by the assessment to more sufficiently incorporate these risks. (Recommendation 2)
Open

In July 2020, CFPB staff noted that they were assessing whether, and if so, how and when, to incorporate data security risks into their supervisory prioritization. As part of that evaluation, CFPB is assessing whether those processes should incorporate data security risks CRAs pose to consumers in light of the agency's statutory authorities, supervisory responsibilities, and resources. GAO will continue monitoring CFPB's assessment of prioritization of CRA data security risks. As of July 2021, CFPB had not made additional progress on implementing this recommendation.

Dodd-Frank Regulations: Consumer Financial Protection Bureau Needs a Systematic Process to Prioritize Consumer Risks

Show
1 Open Recommendations
Agency Recommendation Status
Consumer Financial Protection Bureau The Director of CFPB should implement a systematic process for prioritizing risks to consumers and considering how to use the bureau's available policy tools—such as rulemaking, supervision, enforcement, and consumer education—to address these risks. Such a process could incorporate principles from the prior One Bureau process, such as an assessment of the extent of potential harm to consumers in financial markets, to prioritize the most significant risks. (Recommendation 1)
Open

In spring 2020, CFPB concluded a policy prioritization exercise led by its Office of Strategy and the results were presented to the CFPB Director at the time. The exercise leveraged the structure and expertise of CFPB's Cross-Bureau Working Groups in assessing risks to consumers and considering how the risks were to be addressed through the Bureau's policy tools. While CFPB has not repeated or planned a similar prioritization exercise since spring 2020, it has continued to leverage the expertise of the Cross-Bureau Working Groups and established Leadership Policy Meetings, which assemble

Financial Technology: Agencies Should Provide Clarification on Lenders' Use of Alternative Data [Reissued with revisions on Mar. 12, 2019.]

Show
1 Open Recommendations
Agency Recommendation Status
Consumer Financial Protection Bureau The Director of the Bureau of Consumer Financial Protection should, in coordination with the federal banking regulators and with input from relevant stakeholders, communicate in writing to fintech lenders on the appropriate use of alternative data in the underwriting process, including issues to consider when selecting types of alternative data to use. (Recommendation 1)
Open

In December 2019, the Board of Governors of the Federal Reserve System, the Consumer Financial Protection Bureau, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency (the agencies) issued an interagency statement on the use of alternative data in credit underwriting. The statement broadly highlights some potential benefits and risks of using alternative data and encourages firms to responsibly use alternative data. However, the statement does not provide firms or banks with specific direction on the appropriate

Financial Technology: Additional Steps by Regulators Could Better Protect Consumers and Aid Regulatory Oversight

Show
1 Open Recommendations
Agency Recommendation Status
Consumer Financial Protection Bureau The Director of the Consumer Financial Protection Bureau should engage in collaborative discussions with other relevant financial regulators in a group that includes all relevant stakeholders and has defined agency roles and outcomes to address issues related to consumers' use of account aggregation services. (Recommendation 5)
Open – Partially Addressed

In a May 2018 letter, the Acting Director of the Bureau stated that the Bureau has previously issued principles that include reasonable and practical means for consumers to dispute and resolve instances of unauthorized payments conducted in connection with or as a result of authorized or unauthorized data sharing access. The letter notes that the Bureau is committed to monitoring developments in data aggregation markets and will continue to assess how the Bureau's consumer protection principles may be best realized, including engaging in discussions with other relevant federal and state

Community Banks and Credit Unions: Regulators Could Take Additional Steps to Address Compliance Burdens

Show
1 Open Recommendations
Agency Recommendation Status
Consumer Financial Protection Bureau The Director of CFPB should issue public information on its plans for reviewing regulations applicable to banks and credit unions, including information describing the scope of regulations the timing and frequency of the reviews, and the extent to which the reviews will be coordinated with the federal depository institution regulators as part of their periodic EGRPRA reviews. (Recommendation 2)
Open

CFPB staff noted in a letter in April 2018 that CFPB had issued requests for information (RFI) on the regulations their agency had adopted and inherited from other agencies. These requests seek public comment on the need to amend these regulations. They noted that they included in their spring and fall 2017 Semiannual Regulatory Agenda descriptions of two initiatives intended to review their regulations to identify opportunities to modernize and streamline provisions. In addition, they noted they had created an internal task force to coordinate and bolster continuing efforts to identify and

Private Deposit Insurance: Credit Unions Largely Complied with Disclosure Rules, but Rules Should Be Clarified

Show
3 Open Recommendations
Agency Recommendation Status
Consumer Financial Protection Bureau To help state credit union supervisors and privately insured credit unions better interpret Regulation I and inform consumers when an institution is not federally insured, CFPB should issue guidance to clarify whether drive-through windows require disclosures.
Open

CFPB agreed with this recommendation. CFPB said it had explored options for addressing the recommendation and determined it would require notice-and-comment rulemaking. As of July 2022, CFPB said that it had not added this item to its rulemaking program because the issues identified did not appear to present significant risk of consumer harm and CFPB had seen no indication of consumer or industry concerns related to this issue.

Consumer Financial Protection Bureau To help state credit union supervisors and privately insured credit unions better interpret Regulation I and inform consumers when an institution is not federally insured, CFPB should issue guidance to describe what constitutes clear and conspicuous disclosure, including minimum signage dimensions and font size for disclosures.
Open

CFPB agreed with this recommendation. CFPB said it had explored options for addressing the recommendation and determined it would require notice-and-comment rulemaking. As of July 2022, CFPB said that it had not added this item to its rulemaking program because the issues identified did not appear to present significant risk of consumer harm and CFPB had seen no indication of consumer or industry concerns related to this issue.

Consumer Financial Protection Bureau To help state credit union supervisors and privately insured credit unions better interpret Regulation I and inform consumers when an institution is not federally insured, CFPB should issue guidance to explain and provide examples of which communications are advertising.
Open

CFPB agreed with this recommendation. CFPB said it had explored options for addressing the recommendation and determined it would require notice-and-comment rulemaking. As of July 2022, CFPB said that it had not added this item to its rulemaking program because the issues identified did not appear to present significant risk of consumer harm and CFPB had seen no indication of consumer or industry concerns related to this issue.

Have a Question about a Recommendation?

For questions about a specific recommendation, contact the person or office listed with the recommendation. For general information about recommendations, contact GAO's Audit Policy and Quality Assurance office at (202) 512-6100 or apqa@gao.gov.