Effectiveness of Supervisory Corrective Actions
September 2005
Report No. 05-039
AUDIT REPORT
Background and
Purpose of Audit
The Federal Deposit Insurance Corporation (FDIC) uses a number of tools to address supervisory concerns related to the safety and soundness of financial institutions and their compliance with laws and regulations. These tools range from informal advice and written agreements to formal actions that are legally enforceable. Supervisory corrective actions are tailored to each situation and address the specific problems at an institution.
The objective of the audit was to determine whether supervisory corrective actions taken against FDIC-supervised institutions achieved the intended purposes before being terminated. The audit focused on the FDIC’s use of Cease and Desist orders and Memorandums of Understanding – two of the more commonly used supervisory corrective actions.
|
Results of Audit
The FDIC’s Division of Supervision and Consumer Protection (DSC) has established policies and procedures that provide detailed guidance pertaining to initiating, monitoring, and terminating formal and informal actions. Specifically, sufficient controls are in place and operating effectively to ensure that supervisory corrective actions achieve their intended purposes before being terminated. From our review of 15 supervisory corrective actions terminated in 2004, we concluded that the institutions were in substantial compliance with the provisions of the actions and that the conditions at the institutions had improved sufficiently so that the actions were no longer needed. We also found that DSC regional office files generally contained adequate justifications for terminating the actions.
In conducting tests related to our audit objective, we found that DSC could improve the timeliness and completeness of data in the Formal and Informal Action Tracking system (FIAT). Specifically, FIAT information for 14 of the 15 actions we reviewed often was not entered into the system in a timely or complete manner. In addition, the system did not include formal enforcement actions that state regulators independently issued to FDIC-supervised institutions. As a result, DSC cannot fully rely on the FIAT data and management reports for monitoring supervisory corrective actions.
Recommendation and Management Response
The report contains three recommendations intended to improve the timeliness and completeness of data in FIAT. FDIC management agreed with the recommendations and is taking corrective actions.
Supervisory Corrective Actions Terminated During 2004
|
DSC Regional and Area Offices
|
Cease & Desist Orders
|
Memorandums of Understanding
|
Total Terminated Actions
|
|
Atlanta
|
2
|
15
|
17
|
|
Boston
|
0
|
7
|
7
|
|
Chicago
|
21
|
32
|
53
|
|
Dallas
|
3
|
15
|
18
|
|
Kansas City
|
5
|
36
|
41
|
|
Memphis
|
3
|
27
|
30
|
|
New York
|
5
|
2
|
7
|
|
San Francisco
|
7
|
11
|
18
|
|
Total
|
46
|
145
|
191
|
| Source: Office of Inspector General’s review of FIAT data. |
[ D ] |
|
TABLE OF CONTENTS
| BACKGROUND |
|
| RESULTS OF AUDIT |
|
| FINDINGS AND RECOMMENDATIONS |
|
| FINDING A: PROCESS TO TERMINATE SUPERVISORY CORRECTIVE ACTIONS |
| FINDING B: FIAT DATA IN ViSION |
| Data Stewardship Program |
| Data Requirements Addressed in the FIAP Manual |
| Review of FIAT Data in ViSION |
|
| RECOMMENDATIONS |
| CORPORATION COMMENTS AND OIG EVALUATION |
| APPENDIX I: OBJECTIVE, SCOPE, AND METHODOLOGY |
| APPENDIX II: INFORMAL AND FORMAL SUPERVISORY CORRECTIVE ACTIONS COMMONLY INITIATED BY THE FDIC |
| APPENDIX III: CORPORATION COMMENTS |
| APPENDIX IV: MANAGEMENT RESPONSE TO RECOMMENDATION |
|
|
| TABLES |
| Table 1: C&Ds and MOUs Issued |
| Table 2: Supervisory Corrective Actions Reviewed |
| Table 3: FIAT Data in ViSION |
| Table 4: Supervisory Corrective Actions Terminated During 2004 |
|
|
| DATE: |
September 28, 2005
|
| MEMORANDUM TO: |
Christopher J. Spoth, Acting Director |
| Division of Supervision and Consumer Protection
|
| FROM: |
Russell A. Rau [Electronically produced version; original signed by Russell A. Rau] |
| Assistant Inspector General for Audits
|
| SUBJECT: |
Effectiveness of Supervisory Corrective Actions
(Report No. 05-039) |
This report presents the results of our audit of the effectiveness of supervisory corrective actions implemented by the Federal Deposit Insurance Corporation’s (FDIC) Division of Supervision and Consumer Protection (DSC). The objective of the audit was to determine whether supervisory corrective actions taken against FDIC-supervised institutions achieved the intended purposes before being terminated. The audit focused on the FDIC’s use of Cease and Desist orders (C&Ds) and Memorandums of Understanding (MOUs) – two of the more commonly used supervisory corrective actions. Appendix I of this report discusses our objective, scope, and methodology in detail.
BACKGROUND
A cornerstone of a healthy deposit insurance system is the process used by regulators to identify
and, to the extent possible, remedy unsafe and unsound banking practices and noncompliance with laws
and regulations. The FDIC’s supervisory process attempts to identify problems and seek solutions early
enough to enable remedial action that will prevent serious deterioration in a bank’s condition and
reduce risk to the FDIC insurance funds. When problems are detected, examiners must determine the
severity along with the timing and form of needed corrective actions. The FDIC uses a number of tools
to address supervisory concerns related to the safety and soundness of financial institutions and their
compliance with laws and regulations. These tools range from informal advice and written agreements to
formal actions that are legally enforceable. The contents of supervisory corrective actions are tailored
to each situation and address the specific problems at a particular institution. Appendix II provides a
description of informal and formal supervisory corrective actions commonly initiated by the FDIC.
Informal and formal supervisory corrective actions address unsafe and unsound practices and conditions
and violations of law that could result in the risk of loss to an insured financial institution. DSC’s
Risk Management Manual of Examination Policies notes that either an informal or formal action will
be taken on banks with composite safety and soundness ratings of 3, 4, or 5 unless specific circumstances
argue strongly to the contrary. Additionally, the DSC’s Formal and Informal Actions Procedures Manual
(FIAP Manual) details steps examiners should take when contemplating corrective actions against banks. After
a supervisory action is implemented, DSC regional officials monitor the institution’s compliance with the
action, usually through progress reports submitted by the institution. When DSC has determined that an
institution is in compliance or substantial compliance with the provisions of the action and/or the institution’s
condition has improved sufficiently, the FDIC may terminate the action, or when the provisions of a supervisory
corrective action have been partially met, a new formal or informal action may be issued.
Table 1 identifies the number of formal C&Ds and informal MOUs that the FDIC issued in 2003 and 2004 to
address safety and soundness, compliance, and other matters at FDIC-supervised institutions.
Table 1: C&Ds and MOUs Issued
|
Year
|
Number of FDIC- Supervised Institutions at year-end
|
Number of C&Ds
|
Number of MOUs
|
Total
|
|
2003
|
5,340
|
38
|
183
|
221
|
|
2004
|
5,272
|
38
|
186
|
224
|
|
Total
|
|
76
|
369
|
445
|
| Source: Information obtained from the FDIC’s Virtual Supervisory Information on the Net system (ViSION). |
[ D ] |
DSC monitors supervisory corrective actions issued against FDIC-supervised banks through the Formal and Informal Action Tracking (FIAT) module within ViSION. FIAT includes information related to the tasks of case managers, review examiners, and other staff involved in processing and monitoring supervisory actions. Furthermore, FIAT generates various reports that the FDIC’s headquarters, regional, and field offices use in tracking the progress of supervisory actions.
RESULTS OF AUDIT
DSC has established policies and procedures that provide detailed guidance on initiating, monitoring, and terminating formal and informal actions. Specifically, controls are in place and operating effectively to ensure that supervisory corrective actions achieve their intended purposes before being terminated. From our review of 15 supervisory corrective actions terminated in 2004, we concluded that the institutions were in substantial compliance with the provisions of the actions and that the conditions at the institutions had improved sufficiently so that the actions were no longer needed. We also found that DSC regional office files generally contained adequate justifications for terminating the actions (see Finding A).
In conducting tests related to our audit objective, we found that DSC could improve the timeliness and completeness of data in FIAT. Specifically, FIAT data for 14 of the 15 actions we reviewed was often not input in a timely manner, and certain data fields were incomplete. In addition, the system did not include formal enforcement actions that state regulators had independently issued to FDIC-supervised institutions. As a result, DSC cannot fully rely on the timeliness or completeness of FIAT data and management reports that are used to manage and monitor DSC’s corrective action process (see Finding B).
FINDINGS AND RECOMMENDATIONS
FINDING A: PROCESS TO TERMINATE SUPERVISORY CORRECTIVE ACTIONS
DSC properly monitored and subsequently terminated supervisory corrective actions in accordance with established procedures. We reviewed 224 provisions for the 15 supervisory corrective actions in our sample and found that DSC had monitored the progress of the institutions to ensure compliance with the provisions. Specifically, for the 15 actions reviewed, DSC had received and reviewed progress reports from the institutions. In addition, DSC files contained evidence of ongoing communications with the institutions and DSC’s monitoring of institution compliance with the provisions of the actions. We also determined that the institutions had substantially complied with the provisions before all 15 actions were terminated.
FDIC’s FIAP Manual states that the FDIC may terminate C&Ds or MOUs when any of the following conditions exist:
- The institution is in significant or material compliance with the provisions of the action.
- The institution’s condition has improved sufficiently so that the action is no longer needed.
- The institution has partially met the provisions of the action, and a new action has been issued to address outstanding provisions or new areas of concern.
- The institution merged or is closed.
- Deterioration or lack of compliance leads to issuance of a new or revised action.
In addition to the institutions’ achieving substantial compliance with all 15 corrective actions, 14 of the 15 actions were terminated, in part, because the examination composite ratings at the institutions had improved. Details are shown in Table 2 on the next page. Also, 6 of the 15 terminated actions were replaced with a less severe action – either a bank board resolution or an MOU.
Table 2: Supervisory Corrective Actions Reviewed
|
Institution
|
Type of Action
|
Type of Examinationa
|
Number of Provisions
|
Examination Rating at Time Action Was Initiated
|
Examination Rating at Time Action Was Rescinded
|
|
1
|
C&D
|
S&S
|
16
|
344422/4
|
232312/2
|
|
2
|
MOU
|
S&S
|
9
|
223423/3
|
122312/2
|
3
|
MOU
|
Compliance
|
5
|
3
|
2
|
4
|
MOU
|
S&S
|
16
|
333322/3
|
232222/2
|
5
|
C&D
|
S&S
|
19
|
554533/5
|
333322/3
|
6
|
MOU
|
Compliance
|
7
|
4
|
2
|
7
|
MOU
|
S&S
|
12
|
233322/3
|
232222/2
|
8
|
MOU
|
S&S
|
27
|
234212/3
|
123212/2
|
9
|
MOU
|
S&S
|
27
|
233323/3
|
233322/3
|
10
|
C&D
|
S&S
|
24
|
455444/4
|
223323/3
|
11
|
MOU
|
Compliance
|
6
|
3
|
2
|
12
|
MOU
|
IT
|
11
|
2323/3
|
2323/2
|
13
|
MOU
|
IT
|
8
|
4423/3
|
2223/2
|
14
|
C&D
|
S&S
|
17
|
555544/5
|
443523/4b
|
15
|
C&D
|
S&S
|
20
|
444544/4
|
333333/3
|
|
Total
|
|
|
224
|
|
|
Source: Information obtained from the FDIC’s Virtual Supervisory Information on the Net system (ViSION).
a Safety and Soundness (S&S), Compliance, or Information Technology (IT) examinations.
b The institution merged with another institution in March 2004. |
[ D ] |
We also noted that actions had been terminated only after approvals by appropriate senior DSC regional officials. Based on our review of supervisory corrective actions issued to these 15 institutions, we concluded that the process for terminating supervisory corrective actions is operating as intended; therefore, we are not making any recommendations in this area.
FINDING B: FIAT DATA IN ViSION
While evaluating the effectiveness of DSC’s supervisory corrective actions, we found that DSC had not adequately implemented controls to efficiently and effectively manage FIAT data related to those actions. Specifically, DSC had not ensured that FIAT data in ViSION[ 1 ] was updated in a timely and complete manner. DSC had not entered 4 of the 15 corrective actions we reviewed into FIAT until 4 or more months after their effective dates, and the records were incomplete for 14 of the 15 actions. In addition, DSC did not use FIAT to track formal enforcement actions that were independently issued by state regulators to FDIC-supervised institutions. As a result, the FDIC cannot fully rely on FIAT data and management reports for monitoring all supervisory corrective actions.
Data Stewardship Program
At the corporate level, the FDIC has recognized that its success is dependent on accurate, reliable, and consistent data. To that end, in September 2001, the FDIC revised its Data Stewardship Program (Circular 1301.3) to establish controls related to business accountability and responsibility for managing and sharing corporate data. The objectives of the revised program included:
- managing data as a valuable corporate asset;
- ensuring the usefulness, accuracy, timeliness, and accessibility of corporate data; and
- facilitating effective, efficient management of large and growing volumes of data.
Under the Data Stewardship Program, division and office directors are responsible for designating subject matter experts (SMEs) to address data issues that have corporate-wide implications and to monitor performance to ensure that data stewardship responsibilities are properly addressed. The role of the SMEs includes preserving the accuracy of data entered into an application system or data base. SMEs are also responsible for preparing written directions and instructions related to FIAT features.
Data Requirements Addressed in the FIAP Manual
The FIAP Manual states that when a formal or informal action is contemplated or initiated, a record of the action must be created in FIAT. Case managers and regional management in DSC’s regional offices are responsible for ensuring that FIAT data in ViSION is accurate, current, and complete. Case managers are required to create FIAT records in the early stages of processing actions and are responsible for ensuring that tracking records, such as when progress reports on the actions are due, received, and reviewed, are created and updated in FIAT in a timely manner. Initiating FIAT records in the early stages of processing provides FIAT users with a complete summary of formal and informal actions in progress.
Review of FIAT Data in ViSION
Our review of FIAT data in ViSION for the 15 sampled supervisory corrective actions indicated that DSC case managers had not consistently entered actions in FIAT prior to their effective dates and had not entered all required information. Table 3 summarizes the FIAT data for the 15 C&Ds or MOUs we reviewed that had been terminated during 2004.
Table 3: FIAT Data in ViSION
|
Institutiona
|
Number of Days from Effective Date of Action to Date Action Was Input into FIATb
|
Corrective Action Provisions Not Input into FIAT
|
Progress Reports Not Input into FIAT
|
Other Data Not Input into FIAT
|
|
1
|
(111)
|
|
|
X
|
|
2
|
220
|
X
|
X
|
X
|
|
3
|
(37)
|
|
|
X
|
|
4
|
(50)
|
X
|
X
|
|
|
5
|
9
|
|
X
|
X
|
|
6
|
(18)
|
|
|
|
|
7
|
255
|
|
X
|
X
|
|
8
|
18
|
|
X
|
X
|
|
9
|
125
|
X
|
X
|
X
|
|
10
|
(83)
|
X
|
|
X
|
|
11
|
4
|
X
|
|
X
|
|
12
|
35
|
|
|
X
|
|
13
|
131
|
|
X
|
X
|
|
14
|
(71)
|
|
|
X
|
|
15
|
(86)
|
|
|
X
|
| Source: FIAT data from ViSION. | [ D ] |
a We will provide the names of the institutions to DSC under separate cover.
b Numbers shown in parentheses are negative and indicate that DSC had entered the data in the Formal and Informal Action Tracking (FIAT) system prior to the effective date of the action as recommended in DSC policies. | | |
DSC case managers had entered 7 of the 15 supervisory corrective actions into FIAT before the actions became effective. Also, the corrective action provisions were documented in the system for 10 of the 15 actions. However, 4 of the 15 supervisory corrective actions were not entered into FIAT until 125-255 days after the effective dates of the actions. In addition, DSC did not document the progress reports in FIAT for seven of the actions. Finally, for 13 of the 15 actions reviewed, FIAT did not contain other required data, including the dates the institution complied with each provision of the corrective action and the dates DSC received and reviewed the progress reports.
DSC’s Internal Review and Control Section identified similar problems during its 2003 and 2004 visits to the FDIC’s Atlanta and Dallas Regional Offices.[ 2 ] In response, the Dallas Regional Director issued an instructional memorandum on April 1, 2005 regarding the use of FIAT. The memorandum reiterated the case managers’ responsibilities for ensuring that FIAT records in ViSION are created and updated in a timely manner. Based on the problems we identified in FIAT records during our audit, DSC needs to emphasize the responsibilities at all the regional offices.
In addition, while reviewing the supervisory corrective actions for the Atlanta region, we identified one institution with a 4 rating that was operating under a safety and soundness C&D that had been issued by a state banking agency. The FDIC concurred with the C&D, but did not jointly sign the C&D with the state. FIAT contained no record that the institution was operating under a formal state enforcement action. Although DSC guidance requires that a FIAT record be created for informal state actions, the FIAP Manual does not address whether a FIAT record should be created for a formal state action that the FDIC has not joined. DSC officials stated that because of the lack of guidance, some case managers were confused about when to create such records. According to DSC officials, the FIAP Manual is being revised to address this issue and will clarify data entry requirements for state regulatory actions.
DSC uses FIAT reports to manage and monitor DSC’s enforcement actions to ensure that timely and appropriate actions are taken to address unsafe or unsound practices and conditions or legal violations. Further, other FDIC divisions and offices use FIAT data to meet the needs of Freedom of Information Act requests, legal research, and general studies. Finally, FDIC management uses FIAT data in determining staffing needs and in evaluating management and staff performance. As a result of weaknesses in controls over FIAT data in ViSION, the FDIC cannot fully rely on the information for monitoring all supervisory corrective actions in process or as a source for reliable management reports.
RECOMMENDATION
We recommend that the Director, DSC:
Require case managers to enter all supervisory actions, including those issued by state banking agencies, into ViSION on or before an action’s effective date.
Reinforce DSC’s implementation of the Data Stewardship Program and other applicable guidance related to ensuring the accuracy and reliability of FIAT data in ViSION.
Include instructions in the revised FIAP Manual for creating a FIAT record for formal state actions that the FDIC has not joined.
CORPORATION COMMENTS AND OIG EVALUATION
On September 19, 2005, the Acting Director, DSC, provided a written response to the draft report. The response is presented, in its entirety, as Appendix III of this report. DSC agreed with the recommendations and responded that supervisory corrective actions will be entered into FIAT when received by the Regional Director or designee. Also, DSC met with the FDIC’s Legal Division in September 2005 to address the timeliness and accuracy of FIAT records. Further, through its regional office review process, DSC will conduct internal testing and evaluations pertaining to accurate and timely reporting in FIAT. Finally, DSC agreed to revise the FIAP Manual to address all three recommendations. DSC’s planned actions are responsive to our recommendations. Accordingly, the recommendations are resolved but will remain undispositioned and open until we have determined the agreed-to corrective actions have been completed and are effective.
OBJECTIVE, SCOPE, AND METHODOLOGY |
APPENDIX I |
The objective of the audit was to determine whether supervisory corrective actions achieve intended purposes before being terminated. The audit focused primarily on the FDIC’s use of MOUs and C&Ds, two of the more commonly used supervisory corrective actions. The audit field work was conducted from February through August 2005 in accordance with generally accepted government auditing standards.
To accomplish our objective, we:
- reviewed DSC’s FIAP Manual, Risk Management Manual of Examination Policies, and Case Manager Procedures Manual, and applicable Regional Director Memorandums;
- reviewed 2001-2004 Reports of Examination and Summary Analysis of Examination Report comments prepared by the FDIC and state banking agencies for the 15 banks in our sample;
- reviewed and analyzed progress reports submitted by banks from February 2002 to September 2004 that addressed provisions in supervisory actions;
- reviewed FIAT data in ViSION;
- reviewed and analyzed correspondence and other files maintained at the Atlanta Regional Office and Memphis Area Office; and
- interviewed DSC officials in Atlanta, Memphis, and Washington, D.C.
We also determined the total number of MOUs and C&Ds that DSC had terminated during 2004, which are shown in Table 4.
Table 4: Supervisory Corrective Actions Terminated During 2004
|
DSC Regional and Area Offices
|
C&Ds
|
MOUs
|
Total Terminated Actions
|
|
Atlanta
|
2
|
15
|
17
|
|
Boston
|
0
|
7
|
7
|
|
Chicago
|
21
|
32
|
53
|
|
Dallas
|
3
|
15
|
18
|
|
Kansas City
|
5
|
36
|
41
|
|
Memphis
|
3
|
27
|
30
|
|
New York
|
5
|
2
|
7
|
|
San Francisco
|
7
|
11
|
