1. Corporate Governance in Insured Depository Institutions

Corporate governance is generally defined as the fulfillment of the broad stewardship responsibilities entrusted to the Board of Directors, officers, and external and internal auditors of a corporation. A number of well-publicized announcements of business and accountability failings, including those of financial institutions, have raised questions about the credibility of management oversight and accounting practices in the United States. In certain cases, board members and senior management engaged in high-risk activities without proper risk management processes, did not maintain adequate loan policies and procedures, and circumvented or disregarded various laws and banking regulations. In an increasingly consolidated financial industry, effective corporate governance is needed to ensure adequate stress testing and risk management processes covering the entire organization. Adequate corporate governance protects the depositor, institution, nation's financial system, and FDIC in its role as deposit insurer. A lapse in corporate governance can lead to a rapid decline in public confidence, with potentially disastrous results to the institution.

The Sarbanes-Oxley Act of 2002 has focused increased attention on management assessments of internal controls over financial reporting and the external auditor attestations of these assessments. Strong stewardship along with reliable financial reports from insured depository institutions are critical to FDIC mission achievement. Supervision and insurance aspects of the Corporation's mission can be complicated and potentially compromised by poor quality financial reports and audits. In the worst case, illegal and otherwise improper activity by management of insured institutions or their boards of directors can be concealed, resulting in potential significant losses to the FDIC insurance funds.

The FDIC has initiated various measures designed to mitigate risks posed by these concerns, such as reviewing the bank's board activities and ethics policies and practices and reviewing auditor independence requirements. In fact, many of the Sarbanes-Oxley Act requirements parallel those already applicable to the FDIC. The FDIC also reviews publicly traded companies' compliance with Securities and Exchange Commission regulations and the policies of the Federal Financial Institutions Examination Council to help ensure accurate and reliable financial reporting through an effective external auditing program and on-site FDIC examination. Other corporate governance initiatives include issuing Financial Institution Letters, allowing bank directors to participate in regular meetings between examiners and bank officers, maintaining a "Directors' Corner" on the FDIC Web site, and expanding the Corporation's "Directors' College" program, as well as expanding examiner guidance on the risks posed by dominant officials. The FDIC has made significant strides; however, achieving sound corporate governance without undue regulatory burden remains a management challenge.

The assessment of management is one of the most important aspects of a bank examination. Failure to appropriately evaluate management risks increases the opportunity for fraud or mismanagement to go undetected and uncorrected and could ultimately cause an institution to fail. Independent boards of directors, effective security programs, and strong commitments to sound internal control, and compliance with laws and regulations, all complement the FDIC's supervision and monitoring of insured depository institutions.

Our investigative work is one way of addressing corporate governance issues. In a number of cases, financial institution fraud is a principal contributing factor to an institution's failure. Unfortunately, the principals of some of these institutions-that is, those most expected to ensure safe and sound corporate governance-are at times the parties perpetrating the fraud. Our Office of Investigations plays a critical role in addressing such activity. (See the Investigations section of this report for specific examples of bank fraud cases involving corporate governance weaknesses.)

2. Management and Analysis of Risks to the Insurance Funds

A primary goal of the FDIC under its insurance program is to ensure that its deposit insurance funds do not require augmentation by the U.S. Treasury. Achieving this goal is a challenge that requires effective communication and coordination with the other federal banking agencies. The FDIC engages in an ongoing process of proactively identifying risks to the deposit insurance funds and adjusting the risk-based deposit insurance premiums charged to the institutions.

Recent trends and events continue to pose risks to the funds. The consolidations that have occurred and may continue to occur among banks, securities firms, insurance companies, and other financial services providers resulting from the Gramm-Leach-Bliley Act involve increasingly diversified activities and associated inherent risks. The bank mergers have created "large banks," which are generally defined as institutions with assets of over $25 billion. For many of these institutions, the FDIC is the insurer but is not the primary federal regulator.

In addition, the FDIC is the primary federal regulator for a number of industrial loan companies (ILCs), which are insured depository institutions owned by organizations that are subject to varying degrees of federal regulation. ILC charters allow mixing of banking and commerce, which is otherwise prohibited for most other depository institutions owned by commercial firms. The FDIC has instituted controls in its processes for deposit insurance applications, safety and soundness examinations, and offsite monitoring for supervising ILCs and their parent companies, particularly in cases where consolidated supervision is not provided by another federal regulator.

The failure of a large bank, along with the potential closing of closely affiliated smaller institutions, could result in losses to the deposit insurance funds that require significant increases in premium assessments from all insured institutions. To address the risks associated with large banks for which the FDIC is the insurer but is not the primary federal regulator, the FDIC initiated, in 2002, the Dedicated Examiner Program for the largest banks in the United States. One senior examiner from the FDIC is dedicated to each institution and participates in targeted reviews or attends management meetings. Additionally, case managers closely monitor such institutions through the Large Insured Depository Institutions Program's quarterly analysis and executive summaries and consistently remain in communication with their counterparts at the other regulatory agencies, frequently attending pre-examination meetings, post-examination meetings, and exit board meetings.

Large banks may pose greater risks to the insurance funds as a result of the Basel II capital accord, which aims to align capital reserves more closely with the risks faced by banks and thrifts operating internationally. The Basel II standard is mandatory for large internationally active banks that have either total commercial bank assets of $250 billion or more or foreign exposure of $10 billion or more. Basel II will have far-reaching effects on the management and supervision of the largest, most complex banking organizations in the world. The United States has an important role in Basel II implementation because it supervises more bank assets than the other accord participants. Issues that must be addressed before the United States implements the Basel II accord are: (1) assuring appropriate minimum capital standards for banks regardless of the results of proposed capital models, (2) establishing a consistent supervisory process for ensuring that banks' internal risk estimates are sound and conservative, and (3) vetting any potential anti-competitive effects with all interested parties.

There is also ongoing consideration to merging the Bank Insurance Fund (BIF) and Savings Association Insurance Fund (SAIF). The merged fund would not only be stronger and better diversified but would also eliminate the concern about a deposit insurance premium disparity between the BIF and the SAIF. Assessments in the merged fund would be based on the risk that institutions pose to that fund. The Corporation has worked hard to bring about deposit insurance reform, and during the reporting period the FDIC Chairman again testified on deposit insurance reform before the House Financial Services Committee, Subcommittee on Financial Institutions and Consumer Credit.

As the banking industry has become more sophisticated, the FDIC has developed cutting edge risk-management techniques to identify, measure, and manage risk to the insurance funds. In 2003 the FDIC created its Risk Analysis Center to better coordinate risk monitoring and action plans among the various business units in the FDIC. The Risk Analysis Center represents a best practice that brings together economists, examiners, financial analysts, and others involved in assessing risk to the banking industry and the deposit insurance funds.

Tracking and Evaluating MERIT Guidelines

In an audit conducted during the reporting period, we assessed the adequacy of processes, reports, and other data that DSC uses in monitoring MERIT examination coverage of financial institutions. We determined that DSC collects and evaluates readily available information related to the efficiency, quality, and integrity of all examinations, including those conducted under the MERIT guidelines. This information shows that application of the MERIT guidelines for well-rated and well-capitalized institutions has increased examination efficiency primarily as the result of fewer loans being reviewed compared to prior risk-focused examinations. Further, DSC has risk management processes and monitoring systems in place for monitoring its overall examination program and the risks to individual institutions and the industry as a whole.

However, we reported that DSC could benefit from a monitoring process that specifically evaluates, in terms of risk, the outcome of the reduced loan penetration at MERIT examinations, either at the institution level or, more broadly, at the regional or national level. Such ongoing analysis would assist DSC in determining whether recommended loan penetration ranges under MERIT are commensurate with the risk associated with various types of loan portfolios in low-risk institutions. We made a recommendation to that effect. We also found that examiners are required to justify loan penetration levels above, but not below, MERIT-recommended ranges. We recommended a clarification of this policy to promote the balance DSC is seeking to achieve in providing risk-based coverage under MERIT and to ensure that reduced loan penetration is adequately supported.

In response to our draft report, DSC provided additional information on its existing and planned monitoring processes that satisfy the first recommendation. DSC concurred with the second recommendation regarding justification of reduced loan penetration ratios.

3. Security Management

The FDIC relies heavily upon automated information systems to collect, process, and store vast amounts of banking information. Much of this information is used by financial regulators, academia, and the public to assess market and institution conditions, develop regulatory policy, and conduct research and analysis on important banking issues. Ensuring the confidentiality, integrity, and availability of this information in an environment of increasingly sophisticated security threats requires a strong, enterprise-wide information security program. It also requires compliance with applicable statutes and policies aimed at promoting information security throughout the federal government. One such statute is Title III of the E-Government Act of 2002, commonly referred to as the Federal Information Security Management Act of 2002 (FISMA).

As a result of focused efforts over the past several years, the FDIC has made significant progress in improving its information security controls and practices and addressing current and emerging information security requirements mandated by FISMA. However, the FDIC recognized that continued improvements in its information security program and practices were needed. In its 2004 annual report, the FDIC identified information security as a high vulnerability issue within the Corporation. The FDIC also identified improvements in its information security program as a major corporate priority in its 2004 Annual Performance Plan. Actions taken as a result have strengthened the program and contributed to the removal of information systems security as a reportable condition in the Government Accountability Office's (GAO) financial statement audit of the insurance funds.

Although progress in strengthening the FDIC's information security program and practices has been notable, additional control improvements and associated implementation activities are necessary. This is challenging because as a result of the Division of Information Technology's (DIT) transformation initiatives, a large number of staff will be leaving, and DIT will be seeking to become more aligned, focused, and efficient. Continued management attention is needed to ensure that the FDIC's information security risk management program and practices are consistent with National Institute of Standards and Technology standards and guidance and current best practices in the industry. The FDIC also needs to ensure the effectiveness of its oversight of contractors with access to sensitive data, ensure the security of its network resources, and ensure that its enterprise security architecture is fully defined and integrated with corporate business and information technology operations. Security-related threats include those focusing on disrupting the economic security of our nation. The FDIC and insured depository institutions need to ensure sound disaster recovery and business continuity planning is present to safeguard depositors, investors, and others that depend on the financial services.

Security Controls Over the FDIC's E-mail Infrastructure

E-mail is an integral aspect of the FDIC's business operations. During the reporting period we issued the results of an audit conducted on our behalf by International Business Machines (IBM) Business Consulting Services related to e-mail security. We concluded that the FDIC had implemented many of the security controls recommended by government-wide standards. However, the FDIC needed to take additional steps to ensure adequate confidentiality, integrity, and availability of data stored and transmitted in e-mail. Our report included a total of eight recommendations to strengthen technical security controls, improve the vulnerability scanning process, and ensure retention of electronic records when employees leave the Corporation. The Corporation's response adequately addressed our concerns.

Security of the ViSION Application

The Virtual Supervisory Information on the Net application (ViSION) is a major application that provides access to financial, examination, and supervisory information on financial institutions. The information contained in the application is highly confidential and not available to the public.

We audited the adequacy of the progress that the FDIC has made in implementing the agreed-to corrective actions from our prior report entitled, FDIC's Virtual Supervisory Information on the Net Application, issued on July 30, 2004. In that report we had concluded that key management and operational controls provided only limited assurance of adequate security and made six recommendations to address our concerns. In our follow-up report, we concluded that the Corporation had made substantial progress in implementing corrective actions on our earlier recommendations. Five of the six recommendations were closed and the remaining corrective action was to be completed by March 31, 2005.

The OIG has begun its 2005 work pursuant to the FISMA. As in past evaluations, we will evaluate the effectiveness of the FDIC's security program and practices, including its compliance with FISMA and related policies, procedures, standards, and guidelines. We will assess progress made relative to the baseline established in our 2004 report as well. We expect to report our results in our next semiannual report.

4. Money Laundering and Terrorist Financing

The nation continues to face the global threat of terrorism. In response to this threat, the Congress enacted the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Public Law 107-56 (USA PATRIOT Act), which expands the Treasury Department's authority initially established under the Bank Secrecy Act of 1970 (BSA) to regulate the activities of U.S. financial institutions, particularly their relations with individuals and entities with foreign ties.

Specifically, the USA PATRIOT Act expands the BSA beyond its original purpose of deterring and detecting money laundering to also address terrorist financing activities. In today's global banking environment, where funds are transferred instantly and communication systems make services available internationally, a lapse at even a small financial institution outside of a major metropolitan area can have significant implications across the nation. The reality today is that all institutions are at risk of being used to facilitate criminal activities, including terrorist financing.

Through its examiners, the FDIC seeks to ensure that institutions have a strong BSA program to address money laundering and terrorist financing concerns. While many FDIC-supervised institutions are diligent in their efforts to establish, execute, and administer effective BSA compliance programs, there have been instances where controls and efforts were lacking. When such instances are identified in the course of examinations, the FDIC may request bank management to address the deficiencies in a written response to the FDIC, outlining the corrective action proposed and establishing a timeframe for implementation, or the FDIC may pursue an enforcement action. The FDIC needs to strengthen its follow-up process for BSA violations. The FDIC is taking action to expand its pool of BSA specialists, ensure adequate coverage of BSA compliance in state examinations, and update its BSA examination in conjunction with other federal regulators.

In addition, in September 2004, the Financial Crimes Enforcement Network (FinCEN), an arm of the U.S. Treasury Department, signed an information-sharing Memorandum of Understanding with the Federal Banking Agencies (FBAs), including the FDIC. The Memorandum of Understanding requires an increased level of BSA reporting and accountability between the FBAs and FinCEN. Specifically, the FBAs will notify FinCEN of significant violations of BSA laws and regulations by institutions, enforcement actions taken, and resolution of enforcement actions. Similarly, FinCEN, based on its analyses of BSA violations, will notify FBAs of common BSA compliance deficiencies, patterns, and best practices; and assist FBAs in identifying BSA compliance deficiencies within banking organizations.

The continuing challenge facing the FDIC is to ensure that banks maintain effective BSA programs that will ultimately create an environment where attempts to use the American financial system for money laundering or terrorist financing will be identified and thwarted. The FDIC anti-money laundering supervision program is a matter for continued monitoring in the Corporation's 2004 annual report.

OIG Audits the FDIC's Supervision of an Institution's Compliance with BSA

During the reporting period, we issued a report on the FDIC's supervision of a specific institution's compliance with BSA. The audit included a review of selected institutions whose assets and insured deposits had been sold by the FDIC to the institution that was the principal focus of our audit.

We conducted this audit in response to a letter from the Chairman of the Senate Committee on Banking, Housing, and Urban Affairs, requesting our independent assessment of the circumstances related to the institution's BSA violations. We provided copies of the report to the Committee Chairman and Ranking Member concurrent with release of the report to the Corporation. The audit report contains extensive examination-related and other sensitive information and will be made publicly available only in summary fashion.

We reported that responsibilities to ensure compliance with the BSA were not adequately fulfilled by either institution management or the FDIC. Corporate governance at the financial institution and two former institutions was not sufficient to ensure that they met BSA requirements. The FDIC's examinations identified significant BSA violations and deficiencies, but the examinations generally lacked sufficient follow-up on corrective measures promised but not implemented by institution management. Consequently, weak BSA compliance programs persisted for extended periods. In addition, the FDIC should have more thoroughly considered the impact of BSA compliance violation and deficiency histories in connection with the Corporation's decision to qualify the potential acquirers of a failed institution.

Our report made the following recommendations to FDIC management:

• Propose a requirement to the Treasury and the other federal banking regulators that institution management periodically certify the implementation and oversight of an institution's BSA compliance program.
  
  
• Emphasize institution compliance with BSA requirements through continued outreach to the financial services industry on the requirements of the BSA, the USA PATRIOT Act, and the implementing regulations.
  
  
• Require transaction testing in all BSA compliance examinations by expanding core procedures to include transaction testing.
  
  
• Require examiners to perform at least the core and expanded BSA examination procedures at FDIC-supervised institutions if any one of a defined set of BSA assessment factors is present.
  
  
• Ensure that the adequacy of the BSA compliance program is a key component in the assignment of the management rating for safety and soundness examinations.
  
  
• Assess, in conjunction with the other federal banking regulators, the merits of a numeric rating system for BSA compliance.
  
  
• Issue BSA supervisory and enforcement action guidance that outlines how the BSA assessment factors will be considered in determining appropriate action to be taken as part of the BSA examination process.
  
  
• Develop an internal control process to verify that all BSA violations are promptly included in the systems used to report this information to the Treasury.
  
  
• Establish an inter-divisional task force to revise FDIC policies and procedures to define the process to be used during franchise marketing to ensure that BSA compliance issues are appropriately considered.
  
  
• Clarify policies and procedures regarding information that should be specifically considered in approving purchase and assumption transactions.
  
  
• Establish procedures to eliminate institutions with inadequate BSA compliance programs from consideration for eligibility to bid on franchises or failed bank assets.

The FDIC concurred with our findings and is making significant improvements in its supervision of institution BSA compliance programs in response to our recommendations and its own initiatives.

5. Protection of Consumers' Interests

In addition to its mission of maintaining public confidence in the nation's financial system, the FDIC also serves as an advocate for consumers through its oversight of a variety of statutory and regulatory requirements aimed at protecting consumers from unfair and unscrupulous banking practices. The FDIC is legislatively mandated to enforce various statutes and regulations regarding consumer protection and civil rights with respect to state-chartered, non-member banks and to encourage community investment initiatives by these institutions.

The FDIC accomplishes its mission of protecting consumers under various laws and regulations by conducting compliance examinations and Community Reinvestment Act (CRA) evaluations. The FDIC takes enforcement actions to address compliance violations, encourages public involvement in the community reinvestment process, assists financial institutions with fair lending and consumer compliance through education and guidance, and provides assistance to various parties within and outside of the FDIC. The Corporation has also developed a program to examine institution compliance with privacy laws.

The FDIC also has a Community Affairs program that provides technical assistance to help banks meet their responsibilities under the CRA. The Corporation will need to remain diligent in its efforts to work with the other federal banking regulators to develop uniform policy changes for CRA. A challenge facing the FDIC and other regulators is the protection of consumer interests while minimizing regulatory burden.

Another area of current emphasis is financial literacy, aimed specifically at low- and moderate-income people who may not have had banking relationships. The Corporation's "Money Smart" initiative is a key outreach effort. The FDIC also continues to maintain a Consumer Affairs program by investigating consumer complaints against FDIC-supervised institutions, answering consumer inquiries regarding consumer protection laws and banking practices, and providing data to assist the examination function. Further, the Corporation's deposit insurance program promotes public understanding of the federal deposit insurance system and seeks to ensure that depositors and bankers have ready access to information about the rules for FDIC insurance coverage.

Protecting consumers from unscrupulous banking practices also continues to be a challenge. For example, "predatory lenders" knowingly lend more money than a borrower can afford to repay; charge high interest rates to borrowers based on their race or national origin and not on their credit history; charge fees for unnecessary or nonexistent products and services; pressure borrowers to accept higher-risk loans such as balloon loans, interest only payments, and steep pre-payment penalties; and "strip" homeowners' equity by convincing them to refinance again and again when there is no benefit to the borrower. These practices ultimately put borrowers at risk of losing their homes and other investments.

A number of new consumer protection regulations have been introduced over the past several years. The emergence and continued expansion of electronic banking presents a challenge for ensuring that consumers are protected. The number of reported instances of identity theft has ballooned in recent years. The Corporation will need to remain vigilant in conducting comprehensive, risk-based compliance examinations that ensure the protection of consumer interests, analyzing and responding appropriately to consumer complaints, and educating individuals on money management topics, including identity protection and how to avoid becoming victims of "phishing" scams.^{[ 1 ]}

Our Office of Investigations' Electronic Crimes Unit has been involved in investigating e-mail "phishing" identity theft schemes that have used the FDIC's name in an attempt to obtain personal data from unsuspecting consumers who receive the e mails. Our investigations have also uncovered multiple schemes to defraud depositors by offering them misleading rates of return on deposits. These abuses are often effected through the misuse of the FDIC's name, logo, abbreviation, or other indicators suggesting that the products are fully insured deposits. Such misrepresentations induce the targets of schemes to invest on the strength of FDIC insurance while misleading them as to the true nature of the investments being offered.

Our experience with such cases prompted us on March 4, 2003, to submit to the House Financial Services Committee Chairman, Michael Oxley, a legislative proposal to prevent misuse of the Corporation's guarantee of insurance. This proposal was incorporated in H.R. 1375: Financial Services Regulatory Relief Act of 2003. On March 24, 2004, H.R. 1375 was passed by the House of Representatives and referred to the U.S. Senate. Section 615 of H.R. 1375, as we suggested, would provide the FDIC with enforcement tools to limit misrepresentations regarding FDIC deposit insurance coverage. We appreciate past Congressional support of this measure and encourage continued consideration of such a proposal.

The OIG has undertaken an audit of predatory lending, which is now in process. Our objective is to determine whether DSC has established and implemented an adequate program for identifying, assessing, and addressing the risks posed to institutions and consumers from predatory lending practices. We will issue our results in our next semiannual report.

6. Corporate Governance in the FDIC

Corporate governance within the FDIC is the responsibility of the Board of Directors, officers, and operating managers in fulfilling the Corporation's broad mission functions. It also provides the structure for setting goals and objectives, the means to attaining those goals and objectives, and ways of monitoring performance. Management of the FDIC's corporate resources is essential for efficiently achieving the FDIC's program goals and objectives.

Also, the Administration has outlined management initiatives for departments and major agencies in the President's Management Agenda (PMA). These initiatives are (1) strategic management of human capital, (2) competitive sourcing, (3) improved financial management, (4) expanded electronic government, and (5) budget and performance integration. Although the FDIC is not subject to the PMA, it has given priority attention to continuing efforts to improve operational efficiency and effectiveness, consistent with the PMA. The initiatives taken and opportunities for improvement are discussed below along with other issues that pose significant elements of risk to attaining the FDIC's program goals and objectives.

Management of Human Capital

The FDIC, like other organizations, continues to be affected by changing technology, market conditions, initiatives designed to improve its business processes, an aging workforce, and the unknown. Such events impact needed staffing levels and required skills going forward. Since 2002, the FDIC has been working to create a flexible permanent workforce that is poised to respond to sudden changes in the financial sector. FDIC executives announced workforce planning initiatives providing for human resources flexibilities, the establishment of a Corporate Employee Program, a Buyout Program, and reductions-in-force. Designing, implementing, and maintaining effective human capital strategies-including developing a coherent human capital blueprint that comprehensively describes the FDIC's human capital framework and establishes a process for agency leaders to systematically monitor the alignment and success of human resources-related initiatives-are critical priorities and must continue to be the focus of centralized, sustained corporate attention. The FDIC's training and development function, known as the FDIC Corporate University, will be a key ingredient in the successful implementation of the FDIC's Corporate Employee Program and other corporate efforts to address skill and competency requirements. Workforce management is a matter for continued monitoring in the Corporation's 2004 annual report.

During the reporting period, we reviewed such efforts related to DSC because it accounts for more than one half of all FDIC employees and because it is a primary business line responsible for ensuring the safety and soundness of insured financial institutions and for protecting consumers' rights.

We assessed DSC's efforts to: (1) determine critical skills and competencies needed to achieve current and future corporate goals and objectives, (2) identify gaps in skills and competencies that need to be addressed, and (3) develop strategies to address current gaps in skills and competencies and future workforce needs. We used Office of Personnel Management (OPM) and GAO guidance to evaluate DSC's workforce planning efforts.

We determined that DSC is engaging in workforce planning activities consistent with OPM and GAO guidance. Nevertheless, more work is needed to finalize and communicate DSC's workforce planning efforts to DSC employees and others. Considering the efforts that DSC had underway, and expanding on those, we made five recommendations related to the following: incorporating the Corporate Employee Program into the staffing strategy and communicating that strategy, validating the model DSC is developing and determining how it will be used, evaluating the benefits of a skills assessment to identify competency gaps, determining whether DSC's existing training system can be used as a corporate repository, and defining how existing mechanisms interrelate and how the success of each will be monitored and measured. DSC generally concurred with our five report recommendations to enhance its on-going efforts.

While workforce planning is a fundamental component of DSC's overall management process, DSC will need to ensure that its workforce planning strategy and initiatives fit into the FDIC's overall corporate workforce plan. In this regard, the FDIC's Division of Administration (DOA) plans to issue guidance that FDIC divisions and offices can use to facilitate workforce planning efforts.

Competitive Sourcing

The FDIC recently awarded long-term contracts to consolidate outsourced information technology activities. While these contracts permitted the FDIC to solicit among well-qualified sources under task orders, the FDIC's ability to compete was generally limited to a small number of firms. Attaining the desired services at competitive prices presented a significant challenge for the FDIC.

We issued the results of a preaward audit that we conducted related to the information technology contracts. We found no significant exceptions in doing our work.

Improved Financial Management

The FDIC plans to field a new financial management system during 2005 that will consolidate the operations of multiple systems. Named the New Financial Environment (NFE), this initiative will modernize the FDIC's financial reporting capabilities. Implementing NFE and interfacing other systems with NFE has and will continue to require significant efforts and poses major challenges.

We conducted an audit of management controls over the re-baselined NFE project and issued the results of that effort during the reporting period. We reported that the FDIC has established and implemented adequate management controls for the re-baselined project.

However, project planning for NFE system implementation did not adequately cover post-installation activities as recommended by federal guidance. Specifically, the transition and data conversion plans and design documents do not provide policies and procedures or assignments of responsibility and accountability to ensure that post-installation tasks such as verifying data integrity, handling final disposition of the legacy system data, and monitoring of the first reporting cycle are adequately performed. The lack of planning for these activities limits the FDIC's preparedness for resolving problems and abnormalities that could affect reliability and availability of the operational NFE system.

We recommended that the FDIC develop a plan or modify existing plans for NFE system implementation to address post-installation tasks and related controls, including policies, procedures, and assignments of responsibility and accountability. FDIC management agreed with the recommendation and will expand NFE project planning to further address post-installation tasks and related controls.

We had two other audits of NFE ongoing during the reporting period. In one, we examined NFE testing. We issued a draft report on that assignment and will issue final results in our upcoming semiannual report. As for the second audit, we were seeking to review NFE system and data conversion activities. Our audit objective was to determine whether systems and data conversion plans and activities are adequate to minimize the risk of errors and omissions during NFE implementation. However, we terminated that assignment because we were not able to collect sufficient, competent, and relevant evidence in a timely manner as required by generally accepted government auditing standards to provide a reasonable basis for audit conclusions related to our objective. We advised management of some of the concerns we identified and will issue a report on work performed up to the time of termination. We will also provide audit coverage of NFE implementation after the system is deployed.

E-Government

The FDIC's E-government strategy is a component of the enterprise architecture which focuses on service delivery for the external customers of the FDIC. The FDIC issued Version One of its E-government Strategy in November 2002 and is in the process of establishing a task force to update the strategy. The FDIC has initiated a number of projects that will enable the FDIC to improve internal operations, communications, and service to members of the public, businesses, and other government offices. The projects include: Call Report Modernization, Virtual Supervisory Information on the Net, Asset Servicing Technology Enhancement Project, NFE, Corporate Human Resources Information System, and FDIConnect. The risks of not implementing E-government principles are that the FDIC will not efficiently communicate and serve its internal and external customers.

The OIG is currently auditing the Corporation's E-government strategy and will issue the results of that work in the next semiannual reporting period. This work is examining whether the FDIC adequately implemented E-government principles in its operations and information exchanges with FDIC-insured financial institutions and complied with applicable portions of the Government Paperwork Elimination Act.

Risk Management and Assessment of Corporate Performance

Within the business community, there is a heightened awareness of the need for a robust risk management program. Because of past corporate governance breakdowns at some major corporations, organizations are seeking a "portfolio" view of risks and the launch of proactive measures against threats that could disrupt the achievement of strategic goals and objectives. To address these needs, a best practice has developed--enterprise risk management (ERM). ERM is a process designed to: identify potential events that may affect the entity, manage identified risks, and provide reasonable assurance regarding how identified risks will affect the achievement of entity objectives. In April 2004, the FDIC's Chief Financial Officer changed the name of the Office of Internal Control Management to the Office of Enterprise Risk Management (OERM) and the OERM has begun developing an ERM program for the FDIC. The migration from internal control to enterprise risk management perspectives and activities presents challenges and opportunities for the FDIC.

In the spirit of the Government Performance and Results Act of 1993 (GPRA), the FDIC prepares a strategic plan that outlines its mission, vision, and strategic goals and objectives within the context of its three major business lines; an annual performance plan that translates the vision and goals of the strategic plan into measurable annual goals, targets, and indicators; and an annual performance report that compares actual results against planned goals. In addition, the FDIC Chairman develops a supplemental set of "stretch" annual corporate performance objectives based on three strategic areas of focus that cut across the Corporation's three business lines: Sound Policy, Stability, and Stewardship. The Division of Finance monitors the Corporation's success in meeting both sets of performance objectives and develops quarterly reports on the FDIC's progress. Executive and managerial pay are linked to performance on both the Chairman's objectives and those in the annual performance plan.

The Corporation is continually focused on establishing and meeting annual performance goals that are outcome-oriented, linking performance goals and budgetary resources, implementing processes to verify and validate reported performance data, and addressing cross-cutting issues and programs that affect other federal financial institution regulatory agencies.

OIG efforts addressing risk management and corporate performance assessment during the reporting period included the following.

Security of Critical Infrastructure

To effectively protect critical infrastructure, the FDIC's challenge in this area is to implement measures to mitigate risks, plan for and manage emergencies through effective contingency and continuity planning, coordinate protective measures with other agencies, determine resource and organization requirements, and engage in education and awareness activities. The FDIC will need to continue to work with the Department of Homeland Security and the Finance and Banking Information Infrastructure Committee, created by Executive Order 23231 and chaired by the Department of the Treasury, on efforts to improve security of the critical infrastructure of the nation's financial system. To address this risk, the FDIC is sponsoring outreach conferences for the Financial and Banking Information Infrastructure Committee and Financial Services Sector Coordinating Council through 2005, which will address protecting the financial sector.

On December 17, 2003, the President signed Homeland Security Presidential Directive (HSPD) - 7, Critical Infrastructure Identification, Prioritization and Protection. HSPD - 7 established a national policy for federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist acts. On June 17, 2004, OMB issued Memorandum M-04-15, Development of the HSPD-7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources. The memorandum provides guidance regarding the format and content of critical infrastructure protection plans that federal agencies are required to submit to the OMB. Although the FDIC has determined that it does not maintain critical infrastructure or key resources as intended by HSPD - 7, the FDIC is required to report to OMB on its ability to ensure the continuity of its business operations in the event of a physical or cyber attack. The FDIC provided its Critical Infrastructure Protection plan to OMB in August 2004. However, the FDIC will need to ensure that the Plan is kept current and up-to-date, particularly in light of transformation activities in DIT.

With respect to information technology contingency planning, the FDIC has continued capability to recover its mainframe and server platforms necessary to restore operations in the event of a disaster. However, testing for data restoration needs to be done continually. The FDIC's Business Continuity Plan (BCP) addresses critical business functions in key divisions and offices, and the Corporation has completed an updated business impact analysis and revised the plan accordingly. Continued testing and updates of the plan must be part of a sound BCP process. The OIG will be conducting work to monitor business continuity efforts going forward.

Management of Major Projects

Project management involves defining, planning, scheduling, and controlling the tasks that must be completed to reach a goal and allocating resources to perform those tasks. The FDIC has engaged in several multi-million dollar projects, such as the NFE project discussed earlier, Central Data Repository, and Virginia Square Phase II Construction. Without effective project management, the FDIC runs the risk that corporate requirements and user needs may not be met in a timely, cost-effective manner. Particularly in light of downsizing, the FDIC needs to be vigilant in overseeing major projects and related costs. Project management is a matter for continued monitoring in the Corporation's 2004 annual report.

In September 2002, the FDIC established the Capital Investment Review Committee (CIRC) as the control framework for determining whether a proposed investment is appropriate for the FDIC Board of Directors' consideration, overseeing approved investments throughout their life cycle, and providing quarterly capital investment reports to the Board. The CIRC generally monitors projects valued at more than $3 million. The FDIC also developed the Chief Information Officer's Council to recommend and oversee technology strategies, priorities, and progress. The work of the Council encompasses the entire portfolio of technology projects, including those below the threshold addressed by the CIRC.

Beginning with the 2003 budget, the FDIC began budgeting and tracking capital investment expenses as a separate component of the budget to enhance management's ability to focus on such projects. Project funds established within the investment budget are to be available for the life of the project rather than for the fiscal year. Final responsibility for approving the initial creation or modification of a project's capital investment budget rests with the FDIC's Board of Directors. In addition, DIT has recently adopted the Rational Unified Process system development life cycle model and has established a Project Management Office. Both of these initiatives should result in additional oversight and control mechanisms for corporate projects.

The FDIC's System Development Life Cycle (SDLC) methodology and the related control framework can benefit from implementing identified best practices. The FDIC has selected a risk-based SDLC methodology and developed a statement of work to implement the new methodology. Also, issuing detailed information technology enterprise architecture guidance can help implement higher-level policy and general guidance. As these initiatives are addressed, the FDIC should promptly implement the necessary control framework. Doing so would; provide the Corporation with greater assurance that major projects meet cost, schedule, and quality goals; the development process continually improves; all system development projects are consistent with the FDIC enterprise architecture; and effective security controls exist in all completed systems.

Cost Containment and Procurement Integrity

As steward for the BIF, SAIF, and the Federal Savings and Loan Insurance Corporation Resolution Fund, the FDIC strives to identify and implement measures to contain and reduce costs, either through more careful spending or by assessing and making changes in business processes to increase efficiency. A key challenge to containing costs relates to the contracting area. To assist the Corporation in accomplishing its mission, contractors provide services in such areas as information technology, legal matters, loan servicing, and asset management. To contain costs, the FDIC must ensure that its acquisition framework-its policies, procedures, and internal controls-is marked by sound planning; consistent use of competition; fairness; well-structured contracts designed to result in cost-effective, quality performance from contractors; and vigilant oversight management to ensure the receipt of goods and services at fair and reasonable prices.

DIT and DOA were working on Statements of Work for the regional offices and Virginia Square to compete contract award for local calling service. In addition, DIT had begun discussions with the General Services Administration regarding contracting options and telecommunication programs available to the FDIC. DIT personnel indicated that the FDIC could reduce monthly local telecommunications costs by about 10 to 25 percent through long-term service agreements, increased competition, and alternative programs offered by the General Services Administration.

Based on an annual budget of $1.3 million for local calling plans, we determined that the FDIC could save about $130,000 to $325,000 per year by implementing a strategy. The FDIC may also realize process efficiencies by consolidating local telecommunications billings. The report identified funds put to better use of $390,000 to reflect recurring savings over a 3-year period (i.e., $130,000 x 3). FDIC management agreed to conduct an evaluation but felt that projecting this amount was premature and could neither agree nor disagree with the OIG estimate at the time we issued the report.

The Corporation planned corrective action that is responsive to our recommendation. We consider the $1,967,863 as questioned costs.

We reported that DOA had not developed a formal strategic approach for its procurements and, as a result, may not be taking full advantage of opportunities to reduce costs and maximize procurement efficiencies. Based on a savings rate comparable to that of the Department of Veterans Affairs, we estimated that the FDIC could save about $8.8 million (funds put to better use) over the next 3 years by developing a strategic approach, including performing spend analysis, for the procurement of such goods and services. In addition, DOA had not sufficiently established goals and performance measures for the procurement process. Therefore, DOA could not adequately evaluate the overall efficiency of its procurements or the impact of its procurement initiatives.

We made two recommendations to address these issues and the Corporation generally agreed with them.

Overall, we concluded that the controls over the FDIC's use of consultants could be improved. Our report contains two recommendations for actions to strengthen the administration of specific contracts, and one recommendation to generally strengthen the controls over the FDIC's use of consultants. We again highlighted a lack of contract file documentation as a matter for further management attention. The Corporation was responsive to our recommendations.

Other work related to this challenge during the reporting period included three post-award contract billing audits and one pre-award contract audit. The billing reviews identified $354,153 in questioned costs and $361,430 in funds put to better use. Management is currently addressing the findings in those audits.

7. Resolution and Receivership Activities

One of the FDIC's responsibilities is planning and efficiently handling the resolution of failing FDIC-insured institutions and providing prompt, responsive, and efficient administration of failed financial institutions. These activities help maintain confidence and stability in our financial system.

The Division of Resolutions and Receiverships (DRR) has outlined primary goals for three functional areas (listed below) that are relevant to the three major phases of its work: Pre-Closing, Closing, and Post-Closing of failed institutions. Each is accompanied by significant challenges.

In addition to the challenges inherent in the three major phases of DRR work, DRR also faces challenges from a significant downsizing of its current staffing levels. Notwithstanding corporate restructuring, adequate resources are needed for DRR to perform its mission. Further, DRR is pursuing an information system enhancement project, the Asset Servicing Technology Enhancement Project (ASTEP), which is intended to create an integrated solution to meet the FDIC's current and future asset servicing responsibilities based on industry standards, best practices, and adaptable technology. Successfully implementing ASTEP is an important aspect of DRR mission achievement.

OIG Work Addressing Resolution and Receivership Issues

Three of our audit reports this reporting period addressed resolution and receivership activities, as discussed below.

We conducted an audit to determine whether DRR is adequately and efficiently managing and processing internally serviced loans. We found that DRR has an adequate management control process to ensure that funds from internally serviced loans and related transactions are properly reported and credited to the FDIC. However, in the interest of ensuring more efficient and effective loan servicing, we recommended that the Director, DRR, require a prompt supervisory review for internally serviced receivership loans assigned to account officers who are detailed or otherwise unable to manage their loan portfolios. FDIC management generally agreed with the recommendation and has taken or planned actions to address it.

We reported that DRR has established and implemented adequate controls over the receivership dividend payment process. However, we also found that from January 1, 2003 through December 31, 2004, the FDIC issued 18,339 paper checks to receivership dividend recipients. In our view, the FDIC could achieve savings associated with efficiency gains by moving to an electronic payment method.

We therefore recommended that DRR assess the feasibility of making electronic payments to recipients of receivership dividends and take steps to request recipient bank routing information for future electronic receivership dividend payments. FDIC management agreed with the recommendations and has planned actions to address them.

We conducted an audit to determine whether DRR's decisions for writing off assets from failed financial insured depository institutions were properly justified and adequately supported. Our audit scope included 435 write-off cases, valued at $292 million. We reviewed a sample of 24 write-off cases valued at about $95 million.

We reported that the FDIC has established a sound internal control process and procedures for writing off receivership assets in conformity with DRR delegations of authority. For the 24 write-off cases we sampled, the decisions to write off receivership assets from failed depository institutions were justified and adequately supported. We also found, however, eight write-off cases totaling $31 million in debt for which DRR had not issued Forms 1099-C in compliance with FDIC and Internal Revenue Service policies and directives. As a result, the government may have been deprived of significant tax revenue.

We recommended that DRR improve procedures related to reporting discharges of debt, issue Forms 1099-C for the write-off cases identified in the report, and review all write-off cases for 2003 and 2004 to ascertain whether reporting of additional discharges of debt is warranted. DRR concurred with two of our recommendations and partially concurred with the third recommendation. Regarding the partial concurrence, DRR agreed to issue Forms 1099-C for the seven write-off cases that involved loans to foreign debtors and loans discharged in corporate bankruptcies. DRR initially did not agree to issue the forms for the remaining case because the taxable event occurred before bank failure, and DRR stated that it is not its policy to issue a Form 1099-C in this circumstance. It was later determined that DRR should issue the forms.

Investigations: Making an Impact

Investigative Statistics October 1, 2004 – March 31, 2005 Judicial Actions: Number Indictments/Informations 13 Convictions 8 OIG Investigations Resulted In: Amount Fines of $32,500 Restitution of $4,674,998 Other Monetary Recoveries of $19,420,848 Total $24,128,346 Cases Referred to the Department of Justice (U.S. Attorney) 13 Referrals to FDIC Management 3 OIG Cases Conducted Jointly with Other Agencies 65 The Office of Investigations (OI) is responsible for carrying out the investigative mission of the OIG. Agents in Washington, D.C.; Atlanta; Dallas; and Chicago conduct investigations of alleged criminal or otherwise prohibited activities that may harm or threaten to harm the operations or integrity of the FDIC and its programs. OI also operates an Electronic Crimes Unit (ECU) and laboratory in Washington D.C. The ECU is responsible for conducting computer-related investigations impacting the FDIC, including employee cases involving computer abuse, and providing computer forensic support to OI investigations nationwide. OI also manages the OIG Hotline for employees, contractors, and others to report allegations of fraud, waste, abuse, and mismanagement via a toll-free number or e mail. Currently, the majority of OI's caseload is comprised of investigations involving major financial institution fraud. OI's work in this area targets schemes that result in significant losses or vulnerabilities for the institution(s), and/or involves institution officers or insiders, multiple subjects and institutions, obstruction of bank examinations; and/or misrepresentation of FDIC-insurance or affiliation. It also includes investigations of fraud resulting in significant monetary losses and institution failures. (See highlighted write-up) [ D ] In addition to pursuing financial institution-related cases, the OIG commits resources to investigations that target fraud by FDIC debtors seeking to conceal their assets from the FDIC. These cases made up 20 percent of our caseload as of March 31, 2005. These cases are of great significance to the FDIC, which was owed more than $1.7 billion in criminal restitution as of September 30, 2004. In most instances, the individuals subject to these restitution orders do not have the means to pay. The focus of OIG investigations in this area is on those individuals who do have the means to pay, but hide their assets and/or lie about their ability to pay. OI works closely with the Division of Resolutions and Receiverships (DRR) and the Legal Division in aggressively pursuing investigations of these individuals. Although currently only about 4 percent of our caseload, the OIG must always be prepared to commit resources to investigations of criminal or serious misconduct on the part of FDIC employees. These are among the most sensitive of OIG cases and are critical to ensure the integrity of and public confidence in FDIC operations. Attention during the reporting period focused on several employee cases related to inappropriate use of computers. Joint Efforts The OIG works closely with U.S. Attorneys' Offices throughout the country in attempting to bring to justice individuals who have defrauded the FDIC. The prosecutorial skills and outstanding direction provided by Assistant U. S. Attorneys with whom we work are critical to our success. The results we are reporting for the last 6 months reflect the efforts of U.S. Attorneys' Offices in the Southern District of Florida, District of Connecticut, District of Minnesota, Central District of Illinois, Northern District of Illinois, Southern District of Illinois, Southern District of Iowa, Eastern District of Texas, Southern District of New York, District of New Hampshire, and the Northern District of Texas. In addition to local U.S. Attorneys' Offices, the OIG worked with Trial Attorneys from the Fraud Section of the U.S. Department of Justice and from the State of Missouri. Support and cooperation among other law enforcement agencies is also a key ingredient for success in the investigative community. We frequently "partner" with the Federal Bureau of Investigation (FBI), the Internal Revenue Service Criminal Investigation Division, and other law enforcement agencies in conducting investigations of joint interest. Also vital to our success is our partnership with FDIC program offices. We coordinate closely with the FDIC's Division of Supervision and Consumer Protection (DSC) in investigating fraud at financial institutions, and with DRR and the Legal Division in investigations involving failed institutions and fraud by FDIC debtors. Our ECU coordinates closely with the Division of Information Technology (DIT) in carrying out its mission. The successes highlighted for the period would not have been possible without the collaboration of these offices. In addition to carrying out its direct investigative responsibilities, the OIG is committed to providing training and sharing information with FDIC components and other regulators based on "lessons learned" regarding red flags and fraud schemes identified through our investigations. OI agents provide training and frequently give presentations to FDIC staff during regional and field meetings. OI is also called upon by the Federal Financial Institutions Examination Council, state banking regulatory agencies, and law enforcement agencies to present case studies. Results Over the last 6 months OI opened 24 new cases and closed 20 cases, leaving 115 cases underway at the end of the period. Our work during the period led to indictments or criminal charges against 13 individuals and convictions of 8 defendants. Criminal charges remained pending against 31 individuals as of the end of the reporting period. Fines, restitutions, and recoveries resulting from our cases totaled almost $24,128,346. The following are highlights of some of the results from our investigative activity over the last 6 months: Fraud Arising at or Affecting Financial Institutions Former Community Bank Executives, Excavating Company Owner Convicted of Defrauding Community Bank " Corporate executives are subject to the same laws as others, and this crime was simply another way of 'robbing a bank' and will be met with severe consequences of federal prison. Today's victory sends the message that we will invest the time, money and resources it takes to pursue complex white collar fraud. " U.S. Attorney Alice H. Martin, commenting on Community Bank verdict After a 6-week jury trial in the Northern District of Alabama, Birmingham, the former chairman and chief executive officer (CEO) of Community Bank, Blountsville, Alabama, was found guilty on 15 counts of conspiracy, bank fraud, causing false entries in bank records, and filing false income tax returns. He was found not guilty of six counts relating to a false loan application. The government had sought a civil forfeiture of $3.45 million from the former chairman and CEO by placing a lien on his 17,000-square-foot house, known as Heritage Valley Farms. The government released this lien prior to trial in order for Community Bank to obtain a clear title and foreclose on the property. Community Bank's former vice president of construction and maintenance was also found guilty on 13 counts of conspiracy, bank fraud, and causing false entries in bank records. Additionally, the owner of J&M Materials, a contractor to Community Bank, was found guilty of seven counts of conspiracy, bank fraud, and causing false entries in bank records. By way of explanation of the three individuals' roles in the fraud, the former Community Bank vice president of construction acted as the general contractor and was responsible for receiving and approving construction invoices on Community Bank projects. The owner of J&M Materials provided construction services on commercial and residential construction projects, including Community Bank, and the former chairman and CEO's personal projects. The indictment alleged that the defendants conspired and used $2.15 million in bank funds for construction work on the former CEO's personal projects, including the construction of his residence, Heritage Valley Farms. The indictment further alleged that the former CEO obtained more than $5 million in bank loans to build the house but used more than $1.34 million of those funds for other purposes. The investigation of suspected fraud involving Community Bank was conducted by agents from the FDIC OIG, FBI, and Internal Revenue Service Criminal Investigation Division. Prosecution of the case is being handled by trial attorneys from the Department of Justice, Washington, D.C. FDIC to Receive $4.2 Million in Restitution as a Result of Federal and State Efforts Investigating the Failure of Sinclair National Bank At the end of the reporting period, the former CEO of Stevens Financial Group (SFG) was sentenced in U.S. District Court for the Western District of Missouri to 5 years in prison and ordered to pay $4.2 million in restitution to the FDIC. The federal judge also sentenced one of the former bank owners who was also a board member (the defendant) of Sinclair National Bank (SNB), Gravette, Arkansas. The defendant, who resides in Germany, was sentenced to 2 years' probation, fined $5,000, and was ordered to surrender her passport. After a 2-week trial in August 2004, a federal jury returned guilty verdicts against the former CEO and the defendant. The former CEO was a business partner of the defendant and her ex-husband. The two were earlier indicted based on evidence developed during our investigation into the fraud scheme that led to SNB's failure after only 18 months of ownership by the defendant and her ex-husband. The defendant's ex-husband was also indicted but died in December 2003 while awaiting trial. The FDIC was named receiver, and SNB's failure caused a loss of approximately $4.5 million to the Bank Insurance Fund. Through his company, SFG, the former CEO sold over $15 million worth of sub prime loans to SNB. He was found guilty of conspiring with the defendant's ex husband to defraud SNB in the purchase of these sub-prime loans. "I can tell you it was a good feeling seeing the former CEO's hands placed in cuffs. I think it's important to show that white-collar criminals are not above the law."Corporate executives are subject to the same laws as others, and this crime was simply another way of 'robbing a bank' and will be met with severe consequences of federal prison. Today's victory sends the message that we will invest the time, money and resources it takes to pursue complex white collar fraud." Assistant Attorney General Ron Carrier, commenting on sentencing of SFG's former CEO The defendant was found guilty of conspiracy to submit a false statement and making a material false statement to the Office of the Comptroller of the Currency (OCC). In December 1999, the defendant and her ex-husband made an application to the OCC for the purchase of Northwest National Bank. The two failed to list substantial assets and liabilities on their application to the OCC. The OCC relied on the fraudulent misrepresentations and approved the application. The former in-house counsel for SNB and SFG also played a part in deceiving OCC examiners. In November 2004, the former in-house counsel was sentenced both in state and federal court to 5 years' probation and was ordered to surrender his law license. He had previously pleaded guilty to criminal information(s) that charged him with creating and backdating documents and making false statements in order to deceive OCC examiners. He backdated documents that raised issues of "potential self-dealing" by SNB's former chairman, who owned SFG before selling it in October 1999. Former CEO Also Sentenced in State Court Also during the reporting period, after a sentencing hearing in the Greene County Missouri State Court, the former CEO of SFG was sentenced to prison for 2 years on each of the five counts for which he was convicted on September 24, 2004. After a 2 week trial, he was convicted on five felony counts of making false and misleading statements to the Missouri Division of Securities. He was found not guilty on six counts of Missouri securities fraud. By fraudulently submitting documents to the State of Missouri Secretary of State's Office, the former CEO artificially inflated the true net worth of the company. In order to accumulate cash, the former CEO and defendant's ex-husband sold "time certificates" that raised approximately $100 million from investors in Missouri. The sales of the securities were structured to avoid federal securities regulations as enforced by the Securities and Exchange Commission (SEC). Consequently, the securities were sold only within the State of Missouri and some of the funds raised from this scheme furnished the money used by one of the former owners to purchase SNB. The loans that secured these securities were also used in the fraudulent activity involving SNB. Also in the state investigation, in a negotiated plea agreement, a certified public accountant for the former SFG and SNB, pleaded guilty to one count of false statements and one count of perjury in the Greene County Circuit Court, Springfield, Missouri. He admitted that he and others created false and misleading documents to inflate over $10 million of the net worth of SFG. Over 3,000 investors lost over $60 million when SFG's true financial condition was exposed in 2001. The federal case was prosecuted by the Fraud Section of the U.S. Department of Justice, Washington, D.C. The state case was prosecuted by the Missouri Attorney General's Office. The case was investigated by the FDIC OIG, FBI, Treasury Office of Inspector General, and the Missouri Secretary of State's Office. President and Director of Hamilton Bancorp Admits Guilt in Hamilton Bank Investigation On February 9, 2005, the president (who was also a director) of Hamilton Bancorp and Hamilton Bank pleaded guilty to two counts of securities fraud before a U.S. District Court Judge in the Southern District of Miami. The defendant faces a maximum statutory term of imprisonment of 10 years on each of these counts. He also faces a maximum fine of $1 million, as well as restitution. This plea followed the president's June 2004 indictment. Also named in the 42-count indictment in June 2004 were the following: the former chairman of the board and CEO; and the former senior vice president and chief financial officer. The indictment charged the defendants with conspiracy, wire fraud, securities fraud, false filings with the SEC, false statements to accountants, obstruction of an examination of a financial institution, and making false statements to the OCC. The former chairman of the board and CEO was also charged with insider trading. To explain the nature of the fraud, the indictment alleged that, in 1998 and 1999, the defendants fraudulently inflated the reported results of operations and financial condition of Hamilton Bancorp and defrauded the investing public and the bank and securities regulators, so that the accused would unjustly enrich and benefit themselves through higher salaries, bonuses, and stock options, and would facilitate an upcoming registered securities offering to the investing public. The former chairman of the board and CEO made nearly $2 million in bonuses. The former president and director and the former senior   vice president and chief financial officer each made more than $100,000 in bonuses while the fraud was concealed. The indictment further alleged that the defendants participated in a fraudulent scheme whereby they falsely inflated the results of operations and financial condition of Hamilton Bancorp in the SEC filings; obstructed OCC's examination of Hamilton Bank; and lied to the investing public, the bank and securities regulators, and their accountants regarding the true financial health of Hamilton Bancorp and Hamilton Bank. The indictment charged that, in 1998 and 1999, the three defendants engaged in swap transactions (or "adjusted price trades") to hide Hamilton Bank's losses, including $22 million-plus losses in 1998, and falsely accounted for the transactions to make it appear that no losses had been incurred. While the defendants falsely reported the nature of the swap transactions to the investing public and the regulators, the indictment revealed recorded conversations in which the defendants openly discussed the transactions as swaps. In addition, the indictment charged that while the fraud was concealed, the former chairman of the board and CEO engaged in illegal insider trading in Hamilton Bancorp's stock through the use of trust accounts. During 1998, Hamilton Bancorp had a market capitalization of more than $300 million. Also during the reporting period, a new indictment was filed adding a fourth defendant to the conspiracy count, an investment banker in London. This defendant is the former managing director of Deutsche Morgan Grenfell and was an advisor to the Hamilton Bancorp Board of Directors. He was charged for his role in allowing the use of Deutsche Morgan Grenfell as a conduit in several Russian loan transactions in an effort to disguise the true nature of certain transactions. He has pleaded not guilty. Hamilton Bank was South Florida's highest profile trade finance bank before it ran into trouble with its regulator, the OCC, over the questionable loan swaps that allowed the bank to hide $22 million in losses in 1998. The OCC closed the bank in January 2002 and the FDIC took on liquidation responsibilities as receiver. This case is being investigated by the FDIC OIG and the Department of Treasury OIG. The case is being prosecuted by the U.S. Attorney's Office for the Southern District of Florida. Trial is scheduled for June 27, 2005. Former Chairman of the Connecticut Bank of Commerce Sentenced On January 24, 2005, the former chairman of the board of directors, Connecticut Bank of Commerce (CBC) was sentenced in the U.S. District Court, New Haven, Connecticut, to 51 months' incarceration and 36 months' supervised release. No criminal restitution was ordered by the court because the parties agreed that the former chairman's payment of $8.5 million to the FDIC as part of his settlement of the agency's administrative charges satisfied all losses directly related to his criminal conduct. On October 4, 2004, the former chairman pleaded guilty to a one-count criminal information charging him with misapplication of bank funds. According to the information, the former chairman caused the president of CBC to prepare and present for approval to the CBC board of directors a proposed $1.3 million unsecured loan to a firm known as Triumph Financial, LLC (Triumph). The CBC board of directors, including the former chairman, voted to approve the loan. The information charged that the former chairman knew Triumph did not have the liquidity to repay the loan and that the loan did not meet prudent underwriting standards. This case was investigated by the FDIC OIG, the FBI, and the Internal Revenue Service Criminal Investigation Division. The case was prosecuted by the U.S. Attorney's Office for the District of Connecticut. Former Executive Vice President Pleads Guilty to Conspiracy to Commit Bank Fraud On January 14, 2005, a former executive vice president and chief loan officer for Minnwest Bank South, Tracy, Minnesota, pleaded guilty to conspiracy to commit bank fraud in the U.S. District Court of Minnesota. In addition to his role as a bank officer, the defendant owned and operated a cattle-feeding venture. In 1997, he began experiencing financial problems with the cattle business and was unable to obtain financing at other banks. The defendant used his position at the bank to help his financially troubled business by making nominee loans to three bank customers. The borrowers never received the loan funds, and they did not make payments on the loans. The loan proceeds went directly to the defendant, and he used the money for his cattle business, thus preventing its failure. The defendant also created the false appearance that these nominee loans were being repaid, when in fact the purported payments were made by funds from new nominee loans. This loan kiting scheme gave the defendant use of more than $590,000 in loan proceeds that he would not otherwise have had access to. The defendant falsified loan notes and related bank records to conceal this scheme. This case is being worked jointly by the FDIC OIG and FBI. Prosecution is being handled by the U.S. Attorney's Office for the District of Minnesota. Former Bank Employee Sentenced for Bank Fraud On March 9, 2005, a former employee of Soy Capital, Decatur, Illinois, was sentenced in the U.S. District Court for the Central District of Illinois, to 10 months' home confinement and 5 years' supervised release. She was also ordered to pay $71,460 in restitution to Soy Capital Bank and $1,000 to Citizens Community Bank. The sentence was the result of the defendant's guilty plea to one count of embezzlement. The investigation leading to her guilty plea found that the employee had embezzled almost $71,000 in funds. On more than 100 occasions over a 1½ year period, she obtained funds from bank tellers by fa lsely representing that the cash was needed to pay customers who did not receive the proper amount of cash from Soy ATM machines. The investigation of this matter further determined that the employee also defrauded Citizens Community Bank, where she obtained a branch manager position after being terminated from employment at Soy Capital Bank. As a service to its customers, Citizens Community Bank accepted certain telephone and utility payments at the bank, and customers were assured that such payments would be immediately credited to the customers' accounts. The telephone and utility payments were set up through American Payment Systems. The defendant removed $1,000 in funds paid by customers who intended to pay telephone and utilities bills, hid her activity by altering the bank's teller machine ticket for American Payment Systems payments, wrote over the figures on the teller tape, or sometimes tore the tape thereby removing certain transactions. This case was investigated by the FDIC OIG and the FBI. Prosecution was handled by the U.S. Attorney's Office for the Central District of Illinois. Former State of Minnesota Representative Indicted on Fraud Charges On October 19, 2004, a federal grand jury for the District of Minnesota returned a seven-count indictment against a former State of Minnesota Representative. The grand jury charged the defendant with four counts of mail fraud, one count of conspiracy, and two counts of money laundering in connection with his activity with the former Town & Country Bank of Almelund (T&C Bank), Minnesota. During the defendant's tenure in the Minnesota House of Representatives, he served as the chairman of the House Regulated Industries Committee, which oversaw legislation regarding utility companies. According to the indictment, the defendant used his position to enact legislation permitting utility companies to use energy conservation funds for research and development projects. Once the legislation was enacted, the defendant used his position to coerce the utility companies to pay $650,000 in grants to Northern Pole, a Minnesota corporation created to recycle old utility poles. The defendant had a significant equity stake in Northern Pole. The defendant had a personal and business relationship with the former president of T&C Bank. The defendant met the former president as a borrower from T&C Bank and developed a personal relationship when the former president worked on the defendant's various election campaigns for public office. T&C Bank failed in July 2000, at which time the FDIC was appointed receiver. The failure of T&C Bank resulted in an estimated loss of $3.4 million to the FDIC Bank Insurance Fund. As alleged in the indictment, the defendant and the former president of T&C Bank devised a scheme whereby the defendant would invest in Northern Pole, a troubled creditor of T&C Bank. The scheme involved borrowing money from T&C Bank in the name of the defendant's other businesses, diverting those funds to Northern Pole and other troubled creditors of the bank, and using State of Minnesota grant money to pay back the defendant's debt service on the loans. According to the indictment, in 1997 and 1998, the defendant borrowed a total of $670,000 from T&C Bank and loaned the funds to Northern Pole. In addition to being Northern Pole's primary creditor, the defendant and the former president agreed that the defendant would have an equity stake in the future revenues of Northern Pole. To conceal both his creditor and equity status in Northern Pole, the defendant arranged for the loans to be made in the name of his other businesses and purposely was not named as owner, officer, or employee of Northern Pole. Subsequently, the defendant used his position to amend the laws of Minnesota and persuaded the utility companies to issue grant money to Northern Pole. From late 1999 to early 2002, Northern Pole obtained $650,000 in grants from Minnesota utility companies. Upon receiving the various grants, Northern Pole used approximately $273,559 to pay debt service on the defendant's loans at T&C Bank. The former president of T&C Bank pleaded guilty in September 2003 to charges of bank fraud, money laundering, false bank entries, and conspiracy for his role in the fraud that led to T&C Bank's failure. The former president has been cooperating in the investigation and is yet to be sentenced. This case is the result of an investigation by the FDIC OIG, the FBI, and the Internal Revenue Service Criminal Investigation Division. The U.S. Attorney's Office for the District of Minnesota is prosecuting the case. Former Officer of Consumer Alliance, Inc. Arrested on Fraud Charges On December 12, 2004, a Canadian citizen and former officer of Consumer Alliance, Inc., was indicted by a federal grand jury in the Southern District of Illinois on charges of mail fraud, wire fraud, conspiracy, and using a fictitious address in furtherance of a mail fraud. The subject was one of four individuals named in a criminal complaint filed earlier last year for allegedly participating in a telemarketing fraud scheme that defrauded thousands of U.S. consumers out of several million dollars by selling phony credit card protection. The credit card transaction activities of Consumer Alliance contributed to the December 2000 failure of the National State Bank, Metropolis, Illinois, causing losses to National State Bank of approximately $1.6 million. A warrant for the subject's arrest was issued at the time the criminal complaint was filed. On November 24, 2004, the subject was arrested at the port of entry in Buffalo, New York, by U.S. Customs and Border Protection inspectors. The three other wanted Consumer Alliance principals remain at-large. This case is being jointly investigated by the FDIC OIG and the U.S. Postal Inspection Service. Prosecution is being handled by the U.S. Attorney's Office for the Southern District of Illinois. Three Defendants Indicted in $10 Million Fraud at Universal Federal Savings Bank A federal grand jury in the Northern District of Illinois returned a six count indictment charging Universal Federal Savings Bank's (Universal) former chief operations officer (COO); her brother, a certified public accountant and principal in a now-defunct business; and a Universal customer and client of the defunct business. The indictment charged the three defendants with conspiracy, aiding and abetting, misapplication of bank funds, making false entries in bank records, wire fraud, and bank fraud. The indictment relates to the activities surrounding the failure of Universal, Chicago, Illinois, on June 27, 2002. The indictment alleged that from December 2001 through June 2002, the former COO and bank customer conspired to misapply millions of dollars of Universal's funds. Throughout the 6-month period, the bank customer allegedly engaged in a check-kite using the defunct business account at Universal and Universal's correspondent account at another bank. During that time, the bank customer made approximately 138 deposits of insufficient fund (NSF) checks into Universal's correspondent account. The NSF checks were drawn on the defunct business account and totaled more than $200 million. The former COO and bank customer also allegedly conspired to make false entries in the books and records of Universal to deceive the bank's chairman. The certified public accountant played a role in the conspiracy by falsifying copies of checks. In addition, the bank customer allegedly used the fraudulently inflated balances in an account at Universal to write checks to third parties and pay for wire transfers to online gambling businesses and casinos. In all, he diverted approximately $9 million in funds credited to the defunct business account for gambling.   As part of the scheme, the bank customer allegedly provided benefits to the former COO to induce her to continue their arrangement. Among other things, in March 2002, the bank customer purchased a new BMW for the former COO with an NSF check. In April 2002, the bank customer and the former COO entered into an agreement by which the bank customer would provide unidentified consulting services for one of the bank customer's companies. The agreement called for the former COO to be paid $80,000 per year and receive a $25,000 annual bonus. The bank fraud count against the former COO alleged that she fraudulently deprived Universal of her honest services by failing to disclose her activities related to the fraud and the benefits she had received.The indictment also alleged that the bank customer engaged in a Ponzi scheme by telling several business associates and their representatives that he was involved in the medical equipment business, and that, if they loaned him money, he would invest their money in his business and repay them substantial amounts of interest in a very short period of time. The bank customer allegedly used the inflated balances in the defunct business account to repay the investments. Some of the investors again loaned the bank customer money, which he never repaid, resulting in a loss of more than $500,000 to approximately five investors. The indictment also seeks forfeiture of at least $10 million from the former COO and bank customer. Also during this reporting period, two separate Settlement and Release Agreements were signed by the FDIC and individuals connected to the FDIC OIG investigation of Universal's failure. The investigation revealed that $350,000 of funds obtained by the bank customer from Universal was given to a businessman as an investment in a start-up business. The businessman returned $186,301 to the FDIC, minus expenses, as part of a negotiated settlement. The bank customer also paid the FDIC $112,800 for money he diverted from Universal to pay housing expenses.