Federal Deposit Insurance Corporation
Office of Inspector General
Federal Deposit Insurance Corporation - Office of Inspector General

The FDIC's Controls Over Receivership Asset Securitizations

This is the accessible text file for FDIC OIG report number EVAL-16-005 entitled 'The FDIC’s Controls Over Receivership Asset Securitizations'.

This text file was formatted by the FDIC OIG to be accessible to users with visual impairments.

We have maintained the structural and data integrity of the original printed product in this text file to the extent possible. Accessibility features, such as descriptions of tables, footnotes, and the text of the Corporation’s comments, are provided but may not exactly duplicate the presentation or format of the printed version.

The portable document format (PDF) file also posted on our Web site is an exact electronic replica of the printed version.

Federal Deposit Insurance Corporation

Office of Inspector General

Office of Audits and Evaluations

Report No. EVAL-16-005

June 2016

Executive Summary

Why We Did The Audit

[FDIC OIG letter head, FDIC logo, Federal Deposit Insurance Corporation, Office of Inspector General, Office of Audits and Evaluations 3501 Fairfax Drive, Arlington, VA 22226]

DATE: June 30, 2016

MEMORANDUM TO: Bret D. Edwards, Director, Division of Resolutions and Receiverships

FROM: E. Marshall Gentry, Assistant Inspector General for Evaluations /signed/

SUBJECT: Final Evaluation Report Entitled, The FDIC’s Controls Over Receivership Asset Securitizations (Report No. EVAL-16-005)

This report presents the results of the OIG’s evaluation of select key controls over the Federal Deposit Insurance Corporation’s (FDIC) receivership asset securitizations following their origination, to ensure those controls are performing as intended. We contracted with the independent professional services firm BDO USA, LLP (BDO) to perform this evaluation. Overall, BDO did not discover any significant deficiencies in DRR processes and controls associated with monitoring receivership asset securitizations and SSGNs following their originations. However, BDO concluded that opportunities exist for DRR to better document processes performed in procedures and job aids, and to address key personnel dependencies within the Capital Markets Group and closing/post-closing support contractor (CSC).

We made six recommendations to better document processes within DRR policies, procedures, and/or job aids, enhance certain controls, and to address key personnel dependencies. This report incorporates our evaluation of your response to a draft of this report in which you concurred with the recommendations. The FDIC’s planned actions were responsive and are sufficient to resolve all of the recommendations.

Consistent with the agreed-upon approach to the Corrective Action Closure (CAC) process, the OIG plans to limit its review of CAC documentation to those recommendations that we determine to be particularly significant. Such determinations will be made when Corporate Management Control (CMC) advises us that corrective action for a recommendation has been completed. Recommendations deemed to be significant will remain open in the OIG’s System for Tracking and Reporting (STAR) until we determine that corrective actions are responsive. All other recommendations will be closed in STAR upon notification by CMC that corrective action is complete but remain subject to follow-up at a later date.

If you would like to discuss this report, please call me at (703) 562-6378 or A. Michael Stevens, Evaluations Manager, at (703) 562-6381. We appreciate the courtesies extended to our and BDO’s staff throughout this assignment.

Attachment cc: Pamela J. Farwig, DRR Craig R. Jarvill, DOF James H. Angel, Jr., DOF Steven K. Trout, DRR Jacqueline R. Westmoreland, DRR

Executive Summary

Why We Did The Evaluation

The Federal Deposit Insurance Corporation (FDIC), as receiver for failed financial institutions (Receiver), uses securitizations and structured sales of guarantee notes (SSGNs) to dispose of certain performing and non-performing residential mortgage loans, commercial loans, construction loans, and mortgage-backed securities (MBS) held by receiverships. Monthly loan payments of principal and interest are collected from the underlying loans and MBS, and these payments are distributed to the note holders, which includes FDIC receiverships. As of March 31, 2016, there were seven whole loan securitizations and five SSGNs with a total collateral value of $3.2 billion. The FDIC, in its corporate capacity, guarantees the timely payment of principal and interest due on most of the senior notes in exchange for a fee (Guarantee Fee). As of December 31, 2015, the FDIC collected Guarantee Fees totaling approximately $265 million, of which $142 million was from SSGNs and securitization guarantee fees and $123 million was from limited liability company guarantee fees, and recorded a receivable for additional guarantee fees of approximately $26 million.

We contracted with BDO USA, LLP (BDO) to evaluate select key controls over the FDIC's receivership asset securitizations, following their origination, to ensure those controls are performing as intended. Specifically, BDO focused on the Division of Resolutions and Receiverships (DRR) processes and controls associated with monitoring receivership asset securitizations and the information DRR provides to the Division of Finance (DOF) for receivership asset securitization accounting.

Background

With securitizations, the FDIC, as Receiver, initially sponsors (creates) trusts to which it transfers pooled assets from multiple receiverships. The trusts exist as discrete entities. The trusts issue senior and subordinated debt instruments (notes) and owner trust or residual certificates collateralized by the underlying loans or MBS. The senior debt instruments are sold to private investors and the receiverships retain the owner trust or residual certificates. Subordinated debt instruments are not included in every transaction and are either sold to private investors or retained by the receiverships depending on market demand.

DRR’s Capital Markets Group is responsible for managing and monitoring the receivership asset securitizations and SSGNs. The DRR Capital Markets Group has engaged Closing and Post-Closing Support Contractors (CSC). The CSC supports the DRR Capital Markets Group in most areas of operation including the monthly distribution process and the semiannual asset loss reserve (ALR) process.

Once securitizations and SSGNs are originated, DRR monitoring consists of monthly reviews of servicer distributions, fees, and performance reports; monthly conference calls with servicers; quarterly onsite meetings with servicers; quarterly evaluation of events that could trigger consolidation of the securitization or SSGN; semiannual evaluation of the sufficiency of the ALR, which is recorded on FDIC financial statements; and an annual review of servicer attestations and independent audit reports.

Evaluation Results

BDO did not discover any significant deficiencies in DRR processes and controls associated with monitoring receivership asset securitizations and SSGNs following their originations. BDO’s testing found that, for the most part, DRR has controls in place to sufficiently mitigate risk associated with the receivership asset securitization program. DRR has established an organizational structure, delegated authority, and assigned responsibility for carrying out program objectives. DRR has also developed procedures and job aids for monitoring securitizations and SSGNs and channels for communicating program information within and between divisions. In particular, the semiannual valuation of the ALR involves a multistep review and approval process that involves multiple personnel within and external to DRR.

However, BDO concluded that opportunities exist for DRR to better document processes performed in procedures and job aids relating to monthly and quarterly servicer oversight efforts, the quarterly trigger consolidation process, the semiannual ALR process, and annual servicer certification reviews; and for tracking issues and questions from monthly servicer calls, verifying inputs for servicer fee calculations, and preserving the integrity of electronic ALR files. In addition, BDO observed key personnel dependencies within the Capital Markets Group and CSC. These personnel dependencies could present segregation of duties and knowledge management risks should these individuals leave the Corporation or CSC.

As part of this evaluation, BDO identified that monthly third party service provider fees being charged to the FDIC based on the executed indenture document exceeded the rate defined in the closing offering memorandum. This appeared to be an isolated incident and not a control weakness warranting a recommendation. DRR is working to recover the overpayment from the custodian. We plan to report $55,000 as questioned costs in the OIG’s next Semiannual Report to the Congress. The amount ultimately disallowed by the FDIC could change based on final management decisions.

Recommendations and Corporation Comments

The report contains six recommendations addressed to the Director, DRR, to enhance existing policies, procedures, and/or job aids, enhance certain controls, and to address key personnel dependencies. On June 21, 2016, the Director, DRR, provided a written response to the draft of this report. The Director, DRR, concurred with BDO’s recommendations. The FDIC’s planned actions are sufficient to resolve all of the recommendations. DRR plans to complete corrective actions by December 31, 2016.

[End of Executive Summary]

Contents

Part I

Report by BDO USA, LLP

Evaluation of the FDIC’s Controls over Receivership Asset Securitizations

Part II

Corporation Comments and OIG Evaluation

Corporation Comments

Summary of the Corporation’s Corrective Actions

[End of Contents]

Part I

Report by BDO USA, LLP

Evaluation Report

Evaluation of the FDIC’s Controls over Receivership Asset Securitizations

June 30, 2016

BDO logo

Tel: 703-893-0600

Fax: 703-893-2766

www.bdoconsulting.com

BDO CONSULTING

8401 Greensboro Drive, Suite 800

McLean, VA 22102

June 30, 2016

E. Marshall Gentry, Assistant Inspector General for Evaluations

Federal Deposit Insurance Corporation

3501 Fairfax Drive Arlington, VA 22226

Re: Transmittal of Results of the Evaluation of the FDIC’s Controls over Receivership Asset Securitizations

Dear Mr. Gentry:

This letter submits our final report representing the Evaluation of the FDIC’s Controls over Receivership Asset Securitizations, in accordance with Contract Number CORHQ-09-G-0386, dated September 2, 2015. The objective was for BDO USA, LLP (“BDO”) to perform an evaluation of select key controls over the FDIC's receivership asset securitizations, following their origination, to ensure those controls are performing as intended. Specifically, BDO was to focus on the Division of Resolutions and Receiverships’ (“DRR”) processes and controls associated with monitoring receivership asset securitizations and the information DRR provides to the Division of Finance (“DOF”) for receivership asset securitization accounting. As part of our work, we (1) interviewed key personnel at FDIC within both DRR and DOF, (2) reviewed control documentation in the form of policies and procedures, and (3) selected a sample of controls and tested documentation of the controls to ensure they were being performed, in order to meet our evaluation objective. The results of our evaluation are included in the Evaluation Results on page I-10 of the report.

We conducted our evaluation in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Inspection and Evaluation, January 2012. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our evaluation objective.

This evaluation did not constitute an audit of financial statements in accordance with the Generally Accepted Government Auditing Standards (“GAGAS”). BDO was not engaged to and did not render an opinion on the FDIC’s internal controls over financial reporting or over financial management systems. BDO cautions that projecting the results of our evaluation to future periods is subject to the risks that controls may become inadequate because of changes in conditions or because compliance with controls may deteriorate. The information included in this report was obtained during our fieldwork, which occurred during the period December 2015 through March 2016. We have no obligations to update our report or to revise the information contained therein to reflect events and transactions occurring subsequent to March 31, 2016.

Please contact Thomas Cooper at 703-752-2786 if you have any questions or comments regarding this report.

Very truly yours,

BDO USA, LLP

[BDO Consulting is a division of BDO USA, LLP, a Delaware limited liability partnership and the U.S. member of BDO International Limited. BDO International Limited is a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms.]

CONTENTS

BACKGROUND

EVALUATION RESULTS

DRR Has Established Controls for Monitoring Securitizations, but Opportunities Exist to Better Document Processes and Enhance Controls

Monthly Distribution Process

Monthly Servicer Oversight

Quarterly Trigger Consolidation Process

Semiannual Asset Loss Reserve Process

Annual Servicer Certification Review Process

Recommendations

Key Personnel Dependencies Could Present Segregation of Duties and Knowledge Management Risks I-18

Recommendation

APPENDICES

APPENDIX I – OBJECTIVE, SCOPE, AND METHODOLOGY

APPENDIX II – ACRONYMS AND ABBREVIATIONS

[End of Contents]

BACKGROUND

The Federal Deposit Insurance Corporation Office of Inspector General (“OIG”) conducted an evaluation of the key controls over the Federal Deposit Insurance Corporation’s (“FDIC” or “Corporation”) receivership asset securitizations, following their origination, to ensure the controls are performing as intended. The OIG contracted with BDO USA, LLP (“BDO”) to conduct the evaluation.

Receivership asset securitizations include individual loan assets from multiple receiverships that are pooled together and transferred to a trust (“securitizations”), as well as mortgage-backed securities (“MBS”) from multiple receiverships that are pooled together and transferred to a trust (“structured sale of guarantee notes” or “SSGNs”). The FDIC, as receiver for failed financial institutions (“Receiver”), uses securitizations and SSGNs to dispose of certain performing and non-performing residential mortgage loans, commercial loans, construction loans, and mortgage-backed securities held by receiverships. Loans are pooled by type (residential vs. commercial), as well as by performance (performing vs. non-performing). SSGNs are pooled based on the underlying collateral (residential vs. commercial mortgage-backed securities).

In these transactions, the FDIC, as Receiver, initially sponsors (creates) the trusts, and the trusts exist as discrete entities. Securitization documents and agreements that establish the trusts and govern their activities include the Preliminary Offering Memorandum, Final Offering Memorandum, Pooling and Servicing Agreement (“PSA”), Servicing Agreement, Custodial Agreement, Delegated Authority Matrix, and FDIC Guarantee. Key parties to the securitization process include the following:

• Trustee: holds the collateral in trust for the investors and may be required to make advances for delinquent mortgage payments, if the servicer fails to do so.

• Master Servicer/Oversight Advisor: for single family residential transactions, monitors and oversees the servicer’s obligations to service and administer each mortgage loan in accordance with the terms of both the Servicing Agreement and the PSA; for commercial real estate (“CRE”) securitizations, services and administers each mortgage loan in accordance with the PSA; remits and reports on all mortgage loans to the trustee.

• Servicer: services the loans in accordance with the servicing-related transaction documents and remits funds to the trustee or securities administrator, as applicable.

The respective trusts then issue senior and, in some cases, subordinated debt instruments (notes) and owner trust or residual certificates collateralized by the underlying loans or MBS. The senior debt instruments are sold to private investors and the receiverships retain the owner trust or residual certificates. Subordinated debt instruments are not included in every transaction and are either sold to private investors or retained by the receiverships depending on market demand.

Monthly loan payments of principal and interest are collected from the underlying loans and MBS, and these payments are distributed to the note holders based on the precedence defined within the respective securitization documents and agreements. Typically, the fees and expenses of the servicers and trusts have priority and the remaining collections are first allocated to pay the senior note holders. Once the senior note obligations have been satisfied, subordinated note holders and owner trust or residual certificate holders receive the remaining cash flows.

In exchange for a fee (“Guarantee Fee”), the FDIC, in its corporate capacity, guarantees the timely payment of principal and interest due on most of the senior notes, of which the latest maturity is 2050. If the FDIC is required to perform under its guarantees, it acquires an interest in the cash flows of the trust equal to the amount of the guarantee payments made plus accrued interest. Guarantee Fees range from 0.35% to 0.60% per annum of the outstanding principal for securitizations, depending on the underlying collateral, and 1.00% for SSGNs, and are received monthly. The FDIC's corporate guarantee is supported by the following:

• Over-collateralization of the trust's pool of assets, which is evidenced by a residual interest in the trust pool (such as residual certificates) held by the receiverships;

• Monthly excess spread generated by the underlying collateral, which is the monthly interest collected on the underlying collateral remaining after paying the trust's monthly expenses (including interest due on the senior debt); and

• Proceeds collected monthly in connection with the annual Guarantee Fee.

Along with monthly remittances of Guarantee Fees collected by the Deposit Insurance Fund (“DIF”), the FDIC as Receiver may also receive principal and interest payments of any subordinated debt, owner trust, or residual certificates held. Any distributions received are allocated to the receiverships based on the percentage of collateral that was contributed at the origination of the trust.

As of December 31, 2015, the FDIC collected Guarantee Fees totaling approximately $265 million1 and recorded a receivable for additional guarantee fees of approximately $26 million.2 All Guarantee Fees are recorded as deferred revenue, included in the accounts payable and other liabilities line item of the DIF balance sheet, and recognized as revenue primarily on a straight-line basis over the term of the notes. The DIF records no other structured transaction-related assets or liabilities on its balance sheet.

Footnote 1: The $265 million represents total guarantee fees for all structured transactions through December 31, 2015, which includes limited liability companies. Below please find a breakdown of the guarantee fees.

Total SSGN Guarantee Fees: $123,900,281.80

Total Securitization Guarantee Fees: $17,965,299.50

Total SSGN and Securitization Guarantee Fees: $141,865,581.30

Total Limited Liability Company Guarantee Fees: $122,674,716.72

Total Guarantee Fees: $264,540,298.02

[End of footnote]

Footnote 2: 2015 FDIC Annual Report, page 103. [End of footnote]

As of March 31, 2016, there were seven (7) whole loan securitizations with collateral value of $1.06 billion. Of the securitizations, four (4) securitizations are collateralized by performing residential loans and two (2) securitizations are collateralized by performing commercial loans. In addition, non-performing residential loans collateralize one (1) securitization. Details of the securities are listed in the table below.

Row 1; Securitization: FDIC 2010-R1; Collateral as of Closing: $471,219,285; Collateral as of March 2016: $183,649,854; Collateral Type: Performing Residential;

Row 2; Securitization: FDIC 2011-C1; Collateral as of Closing: $394,339,323; Collateral as of March 2016: $34,287,170; Collateral Type: Performing Commercial;

Row 3; Securitization: FDIC 2011-R1; Collateral as of Closing: $431,210,274; Collateral as of March 2016: $187,906,452; Collateral Type: Performing Residential;

Row 4; Securitization: FDIC 2012-C1; Collateral as of Closing: $449,266,943; Collateral as of March 2016: $47,239,536; Collateral Type: Performing Commercial;

Row 5; Securitization: FDIC 2013-R1; Collateral as of Closing: $275,286,352; Collateral as of March 2016: $181,697,683; Collateral Type: Performing Residential;

Row 6; Securitization: FDIC 2013-R2; Collateral as of Closing: $403,554,545; Collateral as of March 2016: $260,049,142; Collateral Type: Performing Residential;

Row 7; Securitization: FDIC 2013-N1; Collateral as of Closing: $272,612,788; Collateral as of March 2016: $162,019,042; Collateral Type: Performing Residential; Sub-Performing; Non-Performing; REO;

Row 8; Securitization: FDIC 2011-N1*; Collateral as of Closing: $298,000,000; Collateral as of March 2016: N/A; Collateral Type: Performing Residential; Sub-Performing; Non-Performing; REO;

* Terminated in October 2013 and the remaining collateral was rolled into FDIC 2013-N1 . [End of Table]

As of March 31, 2016, there were five (5) SSGNs whose collateral value was $2.12 billion. The SSGNs consist of four (4) backed by residential mortgage backed securities and one (1) collateralized by commercial mortgage backed securities. Details of the SSGNs are listed in the table below.

Row 1; SSGN: SSGN 2010-S1; Collateral as of Closing: $3,603,763,463; Collateral as of March 2016: $1,065,401,965; Collateral Type: Residential;

Row 2; SSGN: SSGN 2010-S2; Collateral as of Closing: $1,693,111,003; Collateral as of March 2016: $655,376,678; Collateral Type: Residential;

Row 3 SSGN: SSGN 2010-S3 Collateral as of Closing: $175,650,969 Collateral as of March 2016: $53,971,522 Collateral Type: Residential

Row 4; SSGN: SSGN 2010-S4; Collateral as of Closing: $161,555,717; Collateral as of March 2016: $74,303,825; Collateral Type: Residential;

Row 5; SSGN: SSGN 2010-C1; Collateral as of Closing: $718,562,448; Collateral as of March 2016: $273,630,217; Collateral Type: Commercial;

[End of Table]

The Division of Resolutions and Receiverships (“DRR”) Capital Markets Group is responsible for managing and monitoring the receivership asset securitizations and SSGNs. The DRR Capital Markets Group has engaged Closing and Post-Closing Support Contractors (“CSC”). The CSC supports the DRR Capital Markets Group in most areas of operation including the monthly distribution process and the semiannual asset loss reserve (“ALR”) process. All work prepared by CSC is reviewed by the DRR Capital Markets Group.

EVALUATION RESULTS

During our evaluation we did not discover any deficiencies that were significant to the DRR processes and controls associated with monitoring receivership asset securitizations and SSGNs following their originations. Our testing found that, for the most part, DRR has controls in place to sufficiently mitigate risk associated with the receivership asset securitization program. However, we concluded that opportunities exist for DRR to better document processes within its policies, procedures, and/or job aids, incrementally enhance certain controls, and address key personnel dependencies. Doing so would help to further mitigate program risks, institutionalize monitoring processes, and ensure program consistency and continuity should key DRR or contractor staff change.

Once securitizations and SSGNs are originated, DRR monitoring consists of monthly reviews of servicer distributions, fees, and performance reports; monthly conference calls with servicers; quarterly onsite meetings with servicers; quarterly evaluation of events that could trigger consolidation of the securitization or SSGN; semiannual evaluation of the sufficiency of the ALR, which is recorded on FDIC financial statements; and an annual review of servicer attestations and independent audit reports. DRR has established an organizational structure, delegated authority, and assigned responsibility for carrying out program objectives. DRR has also developed procedures and job aids for monitoring securitizations and SSGNs and channels for communicating program information within and between divisions. In particular, the semiannual valuation of the ALR involves a multistep review and approval process that involves multiple personnel within and external to DRR.

Notwithstanding, our evaluation provides six (6) recommendations related to:

• Documenting controls and processes performed in procedures and job aids relating to monthly and quarterly servicer oversight efforts, the quarterly trigger consolidation process, the semiannual ALR process, and annual servicer certification reviews; and

• Enhancing controls for tracking issues and questions from monthly servicer calls, verifying inputs for servicer fee calculations, and preserving the integrity of electronic ALR files.

Finally, we observed key personnel dependencies within the Capital Markets Group and CSC. These personnel dependencies could present segregation of duties and knowledge management risks should these individuals leave the Corporation or CSC. Our recommendations to better document processes and enhance controls will help to address some of these risks. However, we also recommend that DRR (1) evaluate whether certain duties and responsibilities performed by these individuals should be divided and assigned to others and (2) pursue strategies for preserving program knowledge.

FINDING 1: DRR Has Established Controls for Monitoring Securitizations, but Opportunities Exist to Better Document Processes and Enhance Controls

According to the GAO Standards for Internal Control in the Federal Government,3 an organization’s control environment is the foundation for its internal control system. The control environment provides the discipline and structure which affect the overall quality of the internal controls. Management then establishes control activities through policies, procedures, techniques, and mechanisms that enforce management’s directives to achieve program objectives and address related risks. Policies and procedures assign responsibility and set expectations for control activity design, implementation, and effectiveness. Management should also evaluate and review the results of ongoing monitoring to identify risks and changes in the internal control system that have either occurred, or are needed, and consider whether the current controls, and associated policies and procedures, address the identified issues.

Footnote 3: The September 2014 edition (GAO-14-704G) is applicable to this evaluation. These standards became effective beginning with fiscal year 2016. [End of footnote]

DRR has documented a number of processes and controls for monitoring securitizations and SSGNs within the Securitization Policies and Procedures, revised January 30, 2015 (“Securitization Procedures”). These procedures are prepared by DRR Capital Markets and document the monthly distribution process, aspects of the monthly servicer oversight process, and the annual certification process.4 There are also separate documents maintained and updated annually by DRR to capture the ALR process called the Securitizations Year-End 2015 Valuation Process Memorandum and SSGN Year-End 2015 Valuation Process Memorandum.

Footnote 4: There are aspects of the monthly servicer oversight process and quarterly trigger process that are not captured within the Securitization Procedures. [End of footnote]

Once securitizations and SSGNs are originated, DRR monitoring consists of monthly review of servicer distributions, fees, and performance reports; monthly conference calls with servicers; quarterly onsite meetings with servicers; quarterly evaluation of events that could trigger consolidation of the securitization or SSGN; semiannual evaluation of the sufficiency of the ALR, which is recorded on FDIC financial statements; and annual review of servicer attestations and independent audit reports. Overall, we found that DRR monitoring controls are adequate. Still, we identified opportunities to enhance certain controls and to better document controls and processes that DRR is performing in procedures and/or job aids. Doing so would help to further mitigate program risks, institutionalize monitoring processes, and ensure program consistency and continuity should key DRR or contractor staff change.

Monthly Distribution Process

On a monthly basis, DRR Capital Markets group obtains cash distribution statements from the trusts for each securitization and SSGN transaction. The Capital Markets group then prepares monthly posting instructions to (1) record interest or principal paid on the securitization certificates retained by the FDIC, (2) record asset write-downs, and (3) allocate securitization transaction cash receipts to the appropriate receivership accounts. These posting instructions are provided to DRR Business Operations Support’s (“BOS”) structured transaction team for review and allocation to the appropriate receiverships. In addition, supporting documentation for the Guarantee Fees is reviewed by the DRR Capital Markets Group monthly for accuracy and provided to the Division of Finance (“DOF”) to validate the amount within the guarantee wires received.

We evaluated monthly distribution transactions for two (2) monthly periods for each securitization and SSGN and found that all transactions were reviewed by management and supported by documentation. We concluded that DRR had established a structured and controlled process for reviewing distributions, including a well-designed checklist for securitization transactions that captures the necessary process steps and includes review sign-offs. We, however, found that DRR could better document the checklist and the monthly distribution review process within the Securitization Procedures.

As a part of our fieldwork, we selected two (2) sample periods for each of the thirteen (13) securitizations and SSGNs and performed recalculations of monthly third party service provider fees being charged to the FDIC to ensure that the calculations were performed in accordance with the closing documents. In all but one instance, we found that servicer fees were calculated correctly. In one occasion, however, we observed that the rate the custodian was charging the FDIC did not match the rate in the closing offering memorandum. DRR reviewed and determined that this questioned cost5 is attributable to the fact that the rate definition in the closing offering memorandum differed from the rate in the executed indenture document. This questioned cost resulted in the FDIC being overcharged an estimated $55,000. DRR is currently working with the necessary parties to have the executed indenture document modified to include the correct rate and should complete those activities associated with obtaining a refund of the overpayment from the custodian.

Footnote 5: A “questioned cost” is a cost that is questioned by the OIG because of (a) an alleged violation of a provision of law, regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds; (b) a finding that, at the time of the audit, such cost is not supported by adequate documentation; or (c) a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable. See section 5 of the Inspector General Act, as amended (5 U.S.C. appendix), regarding semiannual reports. [End of footnote]

Monthly Servicer Oversight We observed that DRR Capital Markets Group personnel perform a number of monitoring activities that function as strong controls for the monthly servicer oversight process. These controls include:

• Monthly servicer oversight calls and quarterly servicer onsite visits;6

• Review of monthly metric reports, as provided by the master servicer/oversight advisor;7 which highlight deal performance in areas such as delinquencies, troubled loans, and loss mitigation efforts; and

• Preparation of internal DRR monthly overview reports, which summarize data regarding collateral, delinquency, cash flow performance, and historical assumption trends that need to be addressed.

Footnote 6: Monthly calls and quarterly visits are not performed for the SSGNs as there are multiple servicers and related parties for each of the securitizations making up the SSGNs.

Footnote 7: The master servicer/oversight advisor is responsible for servicer remittance collection, servicing fee verification, servicing transition oversight, forensic loan review, and repurchase obligation enforcement, pursuant to a defined standard of care. [End of footnote]

DRR could ensure the aforementioned processes are consistently followed by documenting these processes and controls in the Securitization Procedures and/or applicable job aids.

We also observed that DRR implemented a new control in 2015 in the form of a “take-away log,” which functions as an outstanding issues/questions tracking log. This new control is an improvement to the monitoring process; however, DRR could further strengthen this control by assigning responsibility for maintaining the “take-away log” and capturing additional information within the log such as risk ratings of issues/questions and an aging schedule of issues/questions.

Quarterly Trigger Consolidation Process

Each quarter, DOF assesses whether any triggering events have occurred which would require consolidation of securitization and SSGN transactions in the FDIC DIF financial statements, in accordance with Accounting Standards Codification Topic 810 – Consolidation. This is referred to as the quarterly trigger consolidation process. DOF performs the assessment based on a checklist completed by the DRR Capital Markets Manager. The DRR Capital Markets Manager is one of the senior leaders of the Capital Markets Group and is properly approving this process. However, to further enhance the controls to ensure complete and accurate information is provided to DOF, a preparer role should be included in the process prior to the Capital Markets Manager’s review and approval. A preparer role would provide value through an additional assessment, as well as address key personnel dependencies that could present segregation of duties and knowledge management risk. In addition, the quarterly trigger consolidation process, as performed, is not documented in the Securitization Procedures.

Semiannual Asset Loss Reserve Process

The value of the loans used to collateralize the securitizations and SSGNs is subject to fluctuations as a result of performance of underlying assets, changes in general economic conditions, local and regional real estate market conditions, and the capital markets. These fluctuations can affect the FDIC’s guarantee exposure. The DRR Capital Markets group performs a valuation of the collateral, on a semiannual basis, to determine the ALR, which is the risk of loss for each security. As part of this review, the FDIC also assesses the Corporate Guarantee Loss Reserve, which represents the FDIC’s risk of making payments on the guaranteed tranches of the securities to the investors. To date, no asset losses or corporate guarantee losses have been realized. One SSGN security has been identified as being at risk for making a corporate guarantee payment prior to termination in 2020.

We noted that DRR has documented the controls and ALR process within the Securitizations Year-End 2015 Valuation Process Memorandum and SSGN Year-End 2015 Valuation Process Memorandum, but has not included the ALR process in the Securitization Procedures. In addition, we observed that DRR performs ongoing monitoring of the design and operating effectiveness of the ALR process. DRR also updates the ALR policies and procedures on an annual basis through a formal review process, which is presented to the Closed Bank Financial Risk Committee (“CBFRC”).8 Our evaluation, however, includes recommendations related to (1) Assumption Pre-Approval, (2) ALR Version Control, and (3) Semiannual Termination Assessment, as discussed in further detail below.

Footnote 8: In 2010, the FDIC chartered the CBFRC to provide guidance and monitoring of policies and procedures related to assumptions and controls over the least cost test methodology, which includes estimating the total cost of resolving failed banks, estimating costs specific to loss-sharing agreements, and valuing failed bank assets. [End of footnote]

Assumption Pre-Approval

As part of the quarterly ALR process, CSC holds a meeting with DRR Capital Markets Management to review and approve ALR assumption inputs prior to running the cash flow models and preparing the ALR files and related documentation. The assumption inputs, and resulting cash flow models, drive the ALR process. CSC currently documents evidence of the meeting to discuss and approve assumption inputs within most of its ALR files. This process, however, is not currently identified as a required procedure or control. The assumption inputs meeting is a fundamental control in the ALR process and should be addressed in DRR procedures and/or job aids.

ALR Version Control

DRR maintains documentation supporting the ALR in both hardcopy and electronic form. DRR has established certain controls over the ALR process including segregating key responsibilities and duties for authorizing, recording, and reviewing transactions so that no one individual controls all key aspects of the process. The level of documentation associated with the semiannual revaluation of the ALR was good. For example, members of the CSC team cross-reference inputs and assumptions within the ALR file to hard copy supporting documentation to provide an audit trail.

However, DRR, DOF, and GAO use electronic copies of ALR calculations and we did not observe commensurate controls over the electronic ALR documents. In one (1) of the thirteen (13) samples, we observed that the electronic and hardcopy ALR documents differed. While the discrepancy was not material and may have been an isolated instance, DRR could preserve the integrity of the electronic files by electronically protecting files from being edited and by adding version markings or controls to the ALR files.

Semiannual Termination Assessment

DRR also performs certain procedures as part of the semiannual ALR process to determine whether certain transactions have occurred that trigger special or optional termination provisions (referred to as, calls), as provided for in the applicable PSA, which can result in the early termination of the security. This process is documented through the (1) Securitization Termination Oversight Procedures (“STOP”) Guide for Residential Loans and the (2) STOP Guide for Commercial/Multifamily Loans. The STOP Guides are designed to function as a reference guide to summarize the activities necessary to successfully execute FDIC's contractual obligations and to properly represent the FDIC's business interests when securitization terminations occur. It is the policy of the FDIC to analyze available information related to the securitized transactions in an effort to estimate when the transactions should be called to maximize the FDIC’s business interests. While the two STOP guides are detailed and well documented, they have not been updated since 1997 and should be reviewed and updated as necessary to ensure that they reflect the current process.

Annual Servicer Certification Review Process

Servicers and other parties are required to provide an annual attestation that they are conforming to the terms of the PSA, as well as the Regulation AB Item 11229 reporting requirement. In addition, the servicer must submit an annual attestation report from an independent auditor assessing their compliance with servicing standards. The Capital Markets Manager reviews these certifications annually as part of the annual servicer certification review process. Although there is reference within DRR’s Securitization Procedures and the FDIC Securitization and Structured Sale Guaranteed Notes SSGN 2015 Process Memorandum (“Securitization/SSGN Process Memorandum”)10 regarding the annual servicer certification review process, we believe that DRR policies and/or job aids could better describe the process and/or steps performed in reviewing the certifications, including how DRR addresses issues identified by the servicers’ independent auditors.

Footnote 9: Regulation AB Item 1122 (12 Code of Federal Regulations § 229.1122, issued by the Securities and Exchange Commission) addresses assessments of compliance with servicing criteria and the filing of attestation reports by registered public accounting firms on such assessments. [End of footnote]

Footnote 10: The Securitization/SSGN Process Memorandum is owned and updated by DRR Internal Review (“IR”), based on inputs received from both DRR and DOF, and includes DOF processes associated with the accounting and financial reporting aspects of the securitization and SSGN process.

Recommendations

We recommend the DRR Director:

1. Enhance existing policies, procedures, and/or job aids to document DRR securitization and SSGN monitoring processes related to:

• The monthly distribution review process and DRR checklist for reviewing securitization transactions;

• DRR monthly servicer oversight calls and quarterly servicer visits, review of servicer monthly metric reports, and preparation of monthly overview reports;

• The quarterly trigger consolidation process;

• The ALR process, including the semiannual meeting with DRR Capital Markets and CSC to review and approve ALR assumption inputs;

• Potentially outdated Securitization Termination Oversight Procedures; and • The process and steps performed in reviewing annual servicer certifications and addressing issues identified in servicers’ independent audit reports.

2. Enhance controls around the monthly servicer oversight call “take-away log,” including assigning responsibility for maintaining the log and capturing additional information within the log such as risk ratings of issues/questions and an aging schedule of issues/questions.

3. Complete those activities associated with obtaining a refund for the estimated $55,000 overpayment from the custodian.

4. Enhance controls around the quarterly trigger consolidation process to achieve a second level of review by including a preparer role to ensure complete and accurate information is provided to DOF.

5. Enhance controls to preserve the integrity of electronic ALR files to include electronically protecting the files from alteration and/or adding version markings to the files.

FINDING 2: Key Personnel Dependencies Could Present Segregation of Duties and Knowledge Management Risks

We considered and evaluated DRR’s organizational structure for monitoring securitizations and SSGNs. We observed a significant level of involvement in the monitoring process from the DRR Capital Markets Manager and the CSC Project Manager (a contract employee). Both are responsible for a number of duties and responsibilities that are integral to the success of the securitization program. For example, the annual servicer certification review process and quarterly trigger consolidation process review are performed solely by the DRR Capital Markets Manager. In addition, the ALR process is largely managed and controlled by the CSC Project Manager, due to his knowledge of the securitizations and tenure as a DRR contractor. In our view, these situations create key personnel dependencies that could present segregation of duties and knowledge management risk should these individuals leave their positions or should the support contract vendor change.

Our recommendations to better document processes and enhance controls will help to address some of these key personnel dependency risks. However, we also recommend that DRR evaluate whether duties and responsibilities should be further divided and pursue strategies for preserving program knowledge should these officials leave the Corporation or contractor.

Recommendation

To address risks associated with key personnel dependencies, we recommend the DRR Director:

6. Evaluate whether securitization and SSGN monitoring duties and responsibilities should be divided and assigned to additional DRR employees and/or pursue strategies for preserving securitization program knowledge.

APPENDIX I

OBJECTIVE, SCOPE, AND METHODOLOGY

We conducted an evaluation of the processes and controls to ensure that the receivership asset securitizations and SSGNs are performing as intended. The FDIC’s processes and controls mitigate program risks including, among other things, financial loss, failure to optimize financial recovery, or both. The focus of the evaluation was on the Division of Resolutions and Receiverships (“DRR”) processes and controls associated with monitoring receivership asset securitizations and the information DRR provides to the Division of Finance (“DOF”) for receivership asset securitization accounting.11

Footnote 11: An evaluation of the assumptions or recalculations of accounting entries or reserve estimates was not conducted. [End of footnote]

OBJECTIVE

The objective of the evaluation was to perform an evaluation of select key controls over the FDIC's receivership asset securitizations, following their origination, to ensure those controls are performing as intended. Specifically, following the receivership and securitization origination, the key processes and controls can be categorized into three segments: (1) monthly distribution reporting; (2) servicer oversight; and (3) monitoring of securitizations.

This was an evaluation conducted in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Inspection and Evaluation, January 2012, as might be amended or updated. In addition, the evaluation addressed the GAO’s Standards for Internal Control in the Federal Government, September 2014, which have been applied by the FDIC and include specific requirements applicable to DRR internal controls, including the monitoring that should take place in the course of normal operations. Other criteria used during the evaluation included the Securitization/SSGN Process Memorandum, which provides a discussion and analysis of the selected key controls and processes, as per DRR and DOF.

SCOPE

The scope of this evaluation included all receivership asset securitizations and SSGNs the FDIC has issued from 2010 through June 30, 2015. This consisted of eight (8) loan securitizations and five (5) SSGNs of which seven (7) loan securitizations and all five (5) SSGNs were still active. Each of these securitizations and SSGNs had daily, monthly, quarterly, and semiannual processes that captured the activities of the instruments. The scope of the evaluation included the identification and evaluation of procedures, processes, and controls over the FDIC’s receivership asset securitizations following their origination to ensure those controls are performing as intended. Specifically, the scope included the monthly distribution process and monthly servicer oversight; quarterly trigger consolidation process; semiannual asset loss reserve process; and annual servicer certification review process.

METHODOLOGY

We evaluated the design and implementation of the control environment to determine its effectiveness. In coordination with the OIG, we selected samples of the key controls from the processes associated with general oversight and management of the FDIC’s receivership asset securitizations and guarantees, and tested them for compliance with the applicable criteria.

We conducted field work from December 2015 through March 2016, which included evaluation of the relevant policies, procedures, and key controls, and testing of the sample documentation selected for compliance with the specified criteria. We performed our work and held interviews at the FDIC’s offices in Arlington, Virginia. During this time, we also interviewed relevant personnel within DRR Capital Markets, CSC, DRR BOS, DRR IR, DOF, and the Government Accountability Office (“GAO”). We concluded our fieldwork in March 2016, and initial feedback was shared with FDIC personnel.

During the planning phase of the evaluation, we conducted interviews with DRR and DOF personnel, and reviewed policies and procedures to identify select, key controls. For the key controls selected for testing, we performed an analysis of the effectiveness and compliance with internal policies to ensure compliance with the applicable criteria. Procedures included the following:

• Assess the effectiveness of key controls

o Obtain and review relevant criteria: procedures, documentation, and information discussing monthly, quarterly, semiannual, and annual processes;

o Document the significance of the controls in each of the processes;

o Identify key risks in each of the processes to determine the effectiveness of identified controls through testing of the relevant monthly, quarterly, and semiannual processes;

o Select a sample based on the timing of the applicable control (monthly, quarterly, semiannual, and annual) and perform testing to verify effectiveness of the identified controls; and

o Document observations and recommendations for future improvements and/or clarifications to internal policies.

• Assess compliance with internal policies o Identify monthly, quarterly, semiannual, and annual internal policies for the applicable processes;

o Document the significance of the policies in each of the processes;

o Perform compliance testing through selection of a sample based on the timing of the applicable policy (monthly, quarterly, semiannual, and annual) and perform testing to verify compliance with the internal policies;

o Document compliance with monthly, quarterly, semiannual, and annual policies; and

o Document observations and recommendations for future improvements and/or clarification to internal policies.

The above procedures were developed to provide a basis from which to determine whether the select, key controls established by DRR effectively mitigate risks associated with the receivership assets securitizations and SSGNs.

The evaluation program was prepared to address the evaluation objectives and document the procedures performed. Controls around each securitization and SSGN were tested for key monthly, quarterly, semiannual, and annual processes. In addition, we also reviewed program level semiannual and annual processes. Non-statistical sampling12 was performed due to the small population size and in accordance with AICPA Executive Summary of Audit Sampling Considerations of Circular A-133 for Compliance Audits, based on the frequency of the control. For each security, two (2) periods were sampled for monthly and quarterly processes and one (1) period for semiannual and annual processes.

Footnote 12: 12 Non-statistical sampling is subject to professional judgment, which includes engagement risk assessment considerations. The results of a non-statistical sample are not projectable. [End of footnote]

APPENDIX II

ACRONYMS AND ABBREVIATIONS

AICPA, American Institute of Certified Public Accountants

BDO, BDO USA, LLP

BOS, Business Operations Support

CBFRC, Closed Bank Financial Risk Committee

CRE, Commercial Real Estate

CSC, Closing & Post-Closing Support Contractor

DIF, Deposit Insurance Fund

DOF, Division of Finance

DRR, Division of Resolutions and Receiverships

FDIC, Federal Deposit Insurance Corporation

GAO, United States Government Accountability Office

IR, Internal Review

MBS, Mortgage-Backed Securities

OIG, Office of Inspector General

PSA, Pooling and Servicing Agreement

SSGN, Structured Sale of Guarantee Notes

STOP, Securitization Termination Oversight Procedures

U.S.C., United States Code

[End of Part l]

Part II

Corporation Comments and OIG Evaluation

On June 21, 2016, the Director, DRR, provided a written response to the draft of this report. The response is presented in its entirety on the next page. In the response, the Director, DRR, concurred with BDO’s six recommendations, advising that DRR will better document existing processes and enhance existing controls, as well as evaluate whether certain duties and responsibilities should be divided and assigned to additional DRR employees and/or pursue strategies for preserving securitization program knowledge. With respect to recommendation 3, DRR is pursuing a refund of the estimated $55,000 overpayment of custodian fees, identified in this report as questioned costs.

DRR expects to complete its corrective actions between July 29, 2016 and December 31, 2016. The FDIC’s planned actions are sufficient to resolve all of the recommendations. A summary of management’s response to the recommendations appears on page II-5.

Corporation Comments

[FDIC Letter head, FDIC logo, Federal Deposit Insurance Corporation, Division of Resolutions and Receiverships, 3701 N. Fairfax Drive, Arlington, VA 22203]

TO: E. Marshall Gentry, Assistant Inspector General for Evaluations, Office of Inspector General

FROM: Bret D. Edwards, Director, Division of Resolutions and Receiverships /Signed/

SUBJECT: Management Response to Draft Audit Report Entitled, The FDIC’s Controls Over Receivership Asset Securitizations (Assignment No. 2015-025)

The Division of Resolutions and Receiverships (DRR) has reviewed the Office of Inspector General’s (OIG) draft audit report entitled The FDIC’s Controls Over Receivership Asset Securitizations (Assignment No. 2015-025) dated May 31, 2016. We appreciate the evaluation performed by the OIG, and the recognition that the program has sufficient controls and processes to mitigate risks associated with asset securitizations. Notwithstanding, we have reviewed and concur with the prescribed recommendations and acknowledge these incremental enhancements will further support our oversight program.

DRR addresses each of the six OIG recommendations below with an action plan and expected completion date.

Recommendation #1: Enhance existing policies, procedures, and/or job aids to document DRR securitization and SSGN monitoring processes related to:

• The monthly distribution review process and DRR checklist for reviewing securitization transactions,

• DRR monthly servicer oversight calls and quarterly servicer visits, review of servicer monthly metric reports, and preparation of monthly overview reports;

• The quarterly trigger consolidation process;

• The ALR process, including the semiannual meeting with DRR Capital Markets and CSC to review and approve ALR assumption inputs;

• Potentially outdated Securitization Termination Oversight Procedures; and

• The process and steps performed in reviewing annual servicer certifications and addressing issues identified in servicers ' independent audit reports.

DRR Response: DRR concurs with this recommendation.

Corrective Action: DRR will review and enhance the existing policies, procedures, and/or job aids to reflect the established controls in place to monitor the DRR securitization and SSGN transactions, in conjunction with actions planned for recommendation 6. New job aids will be created (as necessary) to address any currently undocumented processes.

Completion Date: December 31, 2016

Recommendation #2: Enhance controls around the monthly servicer oversight call "take-away log," including assigning responsibility for maintaining the log and capturing additional information within the log such as risk ratings of issues/questions and an aging schedule of issues/questions.

DRR Response: DRR concurs with this recommendation.

Corrective Action: DRR will enhance the existing “take-away” log as proposed above.

Completion Date: July 29, 2016

Recommendation #3: Complete those activities associated with obtaining a refund for the estimated $55,000 overpayment to the custodian.

DRR Response: DRR concurs with this recommendation.

Corrective Action: DRR is pursuing a refund of the overpaid custodial fees. Assuming cooperation from the custodian who received the overpayment and/or the law firm responsible for the scrivener’s error, we anticipate repayment by the proposed completion date. If legal action becomes necessary, the completion date will need to be extended. DRR is also pursuing amendment of the requisite transaction documents to reflect the intended custodial fee.

Completion Date: August 31, 2016

Recommendation #4: Enhance controls around the quarterly trigger consolidation process to achieve a second level of review by including a preparer role to ensure complete and accurate information is provided to DOF.

DRR Response: DRR concurs with this recommendation.

Corrective Action: DRR will bifurcate the responsibilities associated with the preparation of the quarterly trigger consolidation report to ensure that document preparation and approval are performed by two separate individuals.

Completion Date: July 29, 2016

Recommendation #5: Enhance controls to preserve the integrity of electronic ALR files to include electronically protecting the files from alteration and/or adding version markings to the files.

DRR Response: DRR concurs with this recommendation.

Corrective Action: DRR will store the final/approved electronic ALR files on SharePoint where the download and edit rights will be restricted to only the ALR preparer, approver, and site administrators.

Completion Date: August 31, 2016

Recommendation #6: Evaluate whether securitization and SSGN monitoring duties and responsibilities should be divided and assigned to additional DRR employees and/or pursue strategies for preserving securitization program knowledge.

DRR Response: DRR concurs with this recommendation.

Corrective Action: In conjunction with actions planned for recommendation 1, DRR will evaluate securitization and SSGN monitoring duties and responsibilities to determine whether steps can be taken to further mitigate key personnel dependency risk and/or pursue strategies for preserving securitization program knowledge. DRR will implement recommended steps and/or strategies accordingly.

Completion Date: December 31, 2016

[End of Corporate Comments]

Summary of the Corporation’s Corrective Actions

This table presents management’s response to the recommendations in the report and the status of the recommendations as of the date of report issuance.

Row 1; Rec. No.: 1; Corrective Action; Taken or Planned: Enhance existing policies, procedures, and/or job aids to document DRR securitization and SSGN monitoring processes.; Expected Completion Date: December 31, 2016; Monetary Benefits: $0; esolved:a Yes or No: Yes; Open or Closedb: Open;

Row 2; Rec. No.: 2; Corrective Action; Taken or Planned: Enhance controls around the monthly servicer oversight call "take-away log."; Expected Completion Date: July 29, 2016; Monetary Benefits: $0; esolved:a Yes or No: Yes; Open or Closedb: Open;

Row 3; Rec. No.: 3; Corrective Action; Taken or Planned: Complete those activities associated with obtaining a refund for the estimated $55,000 overpayment to the custodian.; Expected Completion Date: August 31, 2016; Monetary Benefits: $55,000; esolved:a Yes or No: Yes; Open or Closedb: Open;

Row 4; Rec. No.: 4; Corrective Action; Taken or Planned: Enhance controls around the quarterly trigger consolidation process to achieve a second level of review.; Expected Completion Date: July 29, 2016; Monetary Benefits: $0; esolved:a Yes or No: Yes; Open or Closedb: Open;

Row 5; Rec. No.: 5; Corrective Action; Taken or Planned: Enhance controls to preserve the integrity of electronic ALR files.; Expected Completion Date: August 31, 2016; Monetary Benefits: $0; esolved:a Yes or No: Yes; Open or Closedb: Open;

Row 6; Rec. No.: 6; Corrective Action; Taken or Planned: Evaluate whether securitization and SSGN monitoring duties and responsibilities should be divided and assigned to additional DRR employees and/or pursue strategies for preserving securitization program knowledge.; Expected Completion Date: December 31, 2016; Monetary Benefits: $0; esolved:a Yes or No: Yes; Open or Closedb: Open;

a Resolved – (1) Management concurs with the recommendation, and the planned, ongoing, and completed corrective action is consistent with the recommendation.

(2) Management does not concur with the recommendation, but alternative action meets the intent of the recommendation.

(3) Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as management provides an amount.

b Recommendations will be closed when (a) Corporate Management Control notifies the OIG that corrective actions are complete or (b) in the case of recommendations that the OIG determines to be particularly significant, when the OIG confirms that corrective actions have been completed and are responsive.

[End of Table]

[End of Report]

Print Print
Close