This memorandum is in response to the recommendation in the Draft Audit Report dated August 11, 2006.

OIG Audit Recommendation:

That the Director, DRR, work with DOA, and other cognizant FDIC divisions and offices, in developing a DRR Records Management Program that includes guidelines for the inventory, maintenance, use, and control of hardcopy records containing personally identifiable information from failed institutions.

Response: DRR agrees with the recommendation.

DRR recognizes that. while we have established controls and procedures for the protection of sensitive information contained in failed financial institution records, we can always make improvements in our records management procedures. In fact, we are currently evaluating an electronic labeling and tracking system for potential use to track documents taken into DRR's possession as a result of future financial institution closings. Therefore, we concur with the recommendation contained in the audit results. DRR is forming a working group, which in consultation with DOA and others will develop records management guidance specific to our needs. The guidance skill address inventorying, maintaining, using, accounting for, and controlling hardcopy records that contain personally identifiable information. We will issue this guidance by the end of the second quarter 2007.