Federal Deposit Insurance Corporation
Office of Inspector General
Federal Deposit Insurance Corporation - Office of Inspector General

Oversight Hearing of the FDIC: Perspective of the Office of Inspector General before the Subcommittee on Oversight and Investigations; House Committee on Financial Services

Testimony

Before the Subcommittee on Oversight and Investigations

Committee on Financial Services U.S. House of Representatives For Release on Delivery Expected at 10 a.m. Thursday, March 4, 2004 Oversight Hearing of the FDIC: Perspective of the Office of Inspector General

Statement of Gaston L. Gianni, Jr. Inspector General

Madam Chairwoman and Members of the Subcommittee, I am pleased to testify before you today as you conduct this oversight hearing on the Federal Deposit Insurance Corporation (FDIC).

The FDIC has a long and successful tradition of maintaining public confidence and stability in the nation’s financial system. The Corporation reports that financial institutions have recently had record earnings. The rate of bank failures has remained at a relatively low level over the past 10 years, and the Corporation has substantially reduced its estimates of future losses from failures. Assets held in receiverships are at comparatively low levels, and significant progress has been made at closing out older receiverships. The insurance funds are now comfortably above the designated reserve ratio that could otherwise trigger increases in premiums assessed on insured depository institutions. These are important indicators of a healthy banking system, and the Corporation can take pride in its positive contributions to each of these areas.

Likewise, I am proud of the accomplishments of the Office of Inspector General (OIG) in seeking to ensure the Corporation’s successful accomplishment of its mission. The FDIC OIG was established in 1989, pursuant to the Inspector General (IG) Act Amendments of 1988. The Congress amended the IG Act in 1993 to designate the IG position at the FDIC as a Presidential appointment. Since April 1996 I have served as the first FDIC IG appointed by the President. Thus, my perspective spans many key developments in the FDIC’s recent history, and today I offer my thoughts on current challenges at the Corporation and the results of some of our FDIC mission-related work. At the outset I would like to acknowledge a very significant recent event: the Congressional confirmation of Thomas J. Curry as the Corporation’s fifth member of the Board of Directors in December 2003. With this appointment, the Board is now operating at full-strength for the first time since September 1998—a very positive aspect of its internal governance structure.

Role of the OIG and Relationship With the Corporation

The role of an IG in any agency is unique. To illustrate—at the FDIC, although we are an integral part of the Corporation, unlike any other FDIC division or office, our legislative underpinning requires us to operate as an independent and objective unit at the same time. Within that framework, we have two essential roles: through a comprehensive program of audits, evaluations, and investigations, we (1) independently analyze and report on significant management and performance challenges facing the Corporation and (2) foster integrity, accountability, and excellence in FDIC programs and operations. Both the Chairman and Vice Chairman of the FDIC provide a supportive “tone at the top” that enables us to carry out our statutory responsibilities. In doing so, we coordinate extensively not only with the Corporation, but with other federal Offices of Inspector General, the U.S. General Accounting Office, the Office of Management and Budget (OMB), and for investigations, with the Department of Justice, Federal Bureau of Investigation (FBI), Secret Service, Internal Revenue Service (IRS), and other law enforcement agencies. We report our results both to the Chairman of the Corporation and to the congressional committees with related oversight responsibilities.

We have an excellent working relationship with the Corporation and are committed to continuing that relationship into the future. This relationship has been established over the years through such efforts as issuance of audit reports with recommendations in response to which the Corporation takes corrective action; monthly meetings with the FDIC’s Audit Committee, where we present the results of our work to seniormost management; cooperative investigative efforts and “lessons learned” sharing among OIG special agents and FDIC division and office staffs regarding their investigations; OIG advisory involvement with major corporate initiatives such as the redesign of the bank examination process, the new interagency Central Data Repository for bank call reporting and other regulatory reports, the new solution to better manage bank and thrift asset servicing functions, and the Chief Information Officer’s Council; OIG review and comment on proposed corporate policy and strategic planning documents and initiatives; and frequent and honest communication between OIG management and corporate senior management in the FDIC’s headquarters and field offices.

Fiscal Year 2003 OIG Program Accomplishments

The OIG continues to add significant value to the FDIC. Net savings to the Corporation, comparing actual and potential monetary benefits from OIG work to OIG expenses, have averaged about $294 million annually over the last 5 years. The OIG also provides substantial non-monetary value to the FDIC with advice and recommendations related to management practices and the results of our law enforcement operations. In fiscal year 2003, overall results of OIG audits, investigations, and evaluations included: • $96.8 million in actual and potential monetary benefits (investigations/audits/evaluations) • 193 non-monetary recommendations to FDIC management (audits/evaluations) • 35 referrals to the Department of Justice • 43 indictments/informations • 22 convictions • 5 employee/disciplinary actions

The more specific major OIG accomplishments for fiscal year 2003 include the following: • Opened 40 investigative cases and closed 43. The investigations during the year led to indictments or criminal charges against 43 individuals and 35 referrals to the Department of Justice, 22 convictions, 5 employee disciplinary actions, and 1 contractor action. This resulted in fines, court-ordered restitution, and recoveries of approximately $94 million.

• Referred 24 substantive Hotline allegations for review or investigation and closed 13 cases of which 2 were substantiated.

• Issued 40 audit reports on the results of OIG audit work. These final products identified $431,473 in questioned costs and approximately $2.1 million in funds that could be put to better use. The audit reports contained 169 non-monetary recommendations to FDIC management to improve internal controls and operational effectiveness in diverse aspects of the Corporation’s operations, including automated systems, contracting, bank supervision, financial management, and asset disposition. The reports also covered legislatively mandated reviews of failed financial institutions that resulted in material losses to the insurance fund and an independent evaluation of the FDIC’s information security program for 2003.

• Issued 7 evaluation reports. These final products identified $127,396 in funds that could be put to better use. The scope of work covered a wide range of issues, which included studies of the FDIC’s progress in implementing the Gramm-Leach-Bliley Act; the FDIC’s corporate readiness plan; life-cycle management of information technology assets; and business continuity planning at FDIC-supervised institutions. The evaluation reports contained 24 recommendations for improvements that were accepted by the Corporation. Subjects of evaluations originated from FDIC management requests and congressional inquiries and within the OIG.

Management and Performance Challenges

Today I would like to present the overall framework under which we carry out the IG mission at the FDIC—that is, the OIG-identified management and performance challenges. I will also discuss more specifically the results of some of our efforts to address those challenges. My remarks are intended to underscore our overarching goal of assisting the Corporation in accomplishing its mission; explain the extent and focus of OIG coverage; and attest to the Corporation’s responsiveness to our audit, investigative, and other work.

In the spirit of the Reports Consolidation Act of 2000, we annually identify the top management and performance challenges facing the FDIC. We have worked with the FDIC to prepare our annual assessment. These challenges are included in the FDIC’s annual consolidated performance and accountability report. Our update of the challenges as of December 19, 2003, was included in the FDIC’s performance and accountability report dated February 13, 2004. The challenges capture the risks and opportunities we see before the Corporation in the coming year or more. In addition, these challenges serve as a guide for our work. Notwithstanding the current strength of the banking industry, the Corporation must continue to be vigilant because challenges are ever-present and can threaten the Corporation’s success. The OIG identified the following ten:

Adequacy of Corporate Governance in Insured Depository Institutions Protection of Consumer Interests Management and Analysis of Risks to the Insurance Funds Effectiveness of Resolution and Receivership Activities Management of Human Capital Management and Security of Information Technology Resources Security of Critical Infrastructure Management of Major Projects Cost Containment and Procurement Integrity Assessment of Corporate Performance

The first four challenges address the more global issues confronting the Corporation. I will focus on our work in these areas followed by more summary coverage of the other six items listed which relate more to corporate management and operational challenges. Examples of our work in all of these areas include audit, evaluation, investigation, and other efforts.

Adequacy of Corporate Governance in Insured Depository Institutions

Corporate governance is broadly defined as the fulfillment of the broad stewardship responsibilities entrusted to the Board of Directors, Officers, and internal and external auditors of a corporation. Pubic outcry over recent failures of, and scandals at, major U.S. corporations attributed at least in part to lax corporate governance led to the passage of the Sarbanes-Oxley Act of 2002. I was pleased to testify before then Chairman Sarbanes and the Senate Committee on Banking, Housing and Urban Affairs on February 7, 2002, concerning one such failure, Superior Bank, Hinsdale, Illinois. The FDIC was appointed as receiver of this failed institution on July 27, 2001, at which time the Corporation recorded an estimated loss to the Savings Association Insurance Fund of $426 million. We found that the: • Board of Directors and Officers did not require adequate risk management and diversification, failed to ensure adherence to laws and regulations, disregarded bank examiner recommendations, and used flawed accounting practices to overstate the value of assets.

• External auditors did not detect material misstatements in the financial statements resulting from improper accounting.

As a result, dividends and other fund transfers to shareholders totaling over $200 million were made based on overstated income, substantially increasing the loss recorded by the FDIC at the time of failure.

We have repeatedly found that inadequate corporate governance at an institution is at the heart of the most costly bank failures. As mandated by the Federal Deposit Insurance Act, we perform reviews to ascertain among other things why a bank’s problems result in material loss to the insurance funds. (A material loss is generally defined as one exceeding the greater of $25 million or 2 percent of the institution’s total assets at the time the FDIC is appointed receiver.) In two material loss reviews completed last year involving the Connecticut Bank of Commerce, Stamford, Connecticut, and Southern Pacific Bank, Torrance, California, we concluded that ineffective corporate governance was the primary cause of failures that led to an estimated loss of almost $200 million to the insurance funds.

Our work on eight other material loss reviews we have conducted since 1993 also identified inadequate corporate governance as the primary cause of each failure. We found that institutions pursued high-risk business strategies, implemented lax lending policies, understated loan loss allowances, ignored auditor and bank examiner findings, and disregarded or circumvented various laws and banking regulations. Generally, independent public accountants continued to issue clean opinions even after bank examiners detected potentially material misstatements in financial statements.

The FDIC’s mission to help ensure the safety and soundness of the Nation’s financial system is partly dependent on the reliability of the assertions and financial reporting by institutions. Problems with corporate governance can compromise the integrity of information provided to the FDIC and result in significant losses to the insurance funds.

For its part, the Corporation reports that in response to questions about the applicability of the Sarbanes-Oxley Act to insured depository institutions that are not public companies, it issued comprehensive guidance in March 2003, describing significant provisions of the Act and related rules of implementation adopted by the Securities and Exchange Commission. The guidance explained how adopting sound corporate governance practices outlined in the Act may benefit banking organizations, including those that are not public companies, and how several of the Act’s requirements mirror existing banking agency policy guidance related to corporate governance. We have an active program of coverage related to corporate governance within the banking industry that will include a review of the implementation of the Sarbanes-Oxley Act and related banking regulations this year.

I turn now to some of our investigative work. In a number of cases, financial institution fraud is a principal contributing factor to an institution’s failure. Unfortunately, the principals of some of these institutions—that is, those most expected to ensure safe and sound corporate governance— are at times the parties perpetrating the fraud. Our Office of Investigations plays a critical role in investigating such activity. A recent OIG investigative case illustrates the extent to which fraud wrecks havoc on an institution.

Oakwood Deposit Bank Company: The FDIC closed Oakwood Deposit Bank on February 1, 2002, after the discovery of information indicating irregularities in the amount of deposits reported in the records of the bank. The FDIC OIG, IRS, and FBI began an investigation shortly thereafter. On September 5, 2003, the former president and chief executive officer of Oakwood was sentenced for his role in a bank embezzlement and money laundering scheme that caused the failure of the 99-year old bank. According to his plea agreement, the former president began embezzling funds from the bank in 1993. He admitted that he altered bank records and created paperwork to conceal the embezzlement, which resulted in losses to the bank of approximately $48.7 million and led to the bank's insolvency. The former president was sentenced to 14 years’ imprisonment to be followed by 5 years of supervised release and was ordered to pay $48.7 million in restitution.

As part of his guilty plea, the former president forfeited any and all of his interest in property controlled by Stardancer Casinos Inc. and its subsidiaries as he was an investor and part owner of Stardancer. He forfeited bank accounts relating to Stardancer and two other companies; real estate and investments in Florida, Ohio, Texas, and South Carolina; his interest in any of the Stardancer vessels and equipment; $520,450 in currency seized by the government; and other properties he owned but that were not identified in the investigation as the proceeds of criminal activities. As a part of this ongoing investigation, search and seizure warrants were executed on multiple Stardancer properties, bank accounts, vessels, and offices. Much of the property was later sold at a Treasury Department auction for a total of approximately $2.2 million.

The FDIC’s Legal Division and Division of Resolutions and Receiverships have provided invaluable assistance throughout the investigation.

In the interest of effective communication and information-sharing, our office engages in frequent dialog with the Corporation regarding these types of ongoing investigations of fraud at failed and open institutions. We meet with corporate officials in headquarters and field offices to review the cases highlighted in these reports, discuss trends and findings, and offer ways in which our work can facilitate enforcement actions that the FDIC may be pursuing. We also coordinate closely with the Corporation when working with U.S. Attorneys’ Offices on plea agreements with defendants who have defrauded financial institutions. In such cases, we attempt to have language included in the plea agreement to have the defendant stipulate to a prohibition from future participation in the banking industry. We also share with the Corporation “lessons learned” from such cases of financial institution fraud.

Protection of Consumer Interests

The availability of deposit insurance to protect consumer interests is a very visible way in which the FDIC maintains public confidence in the financial system. Additionally, as a regulator, the FDIC oversees a variety of statutory and regulatory requirements aimed at protecting consumers from unfair and unscrupulous banking practices. The FDIC, together with other primary Federal regulators, has responsibility to help ensure bank compliance with statutory and regulatory requirements related to consumer protection, civil rights, and community reinvestment. Our recent coverage in this area includes the following:

Gramm-Leach-Bliley Act (GLBA) Compliance: Title V of the GLBA established major privacy provisions under two important subtitles, A and B. One provides a mechanism to protect the confidentiality of a consumer’s nonpublic personal information. The other prohibits “pretext calling,” which is a deceptive practice used to obtain information on the financial assets of consumers. The FDIC had made progress in implementing GLBA Title V provisions related to safeguarding customer information and privacy notice requirements and modest progress in implementing provisions related to fraudulent access to financial information, and in particular identity theft and pretext calling. We recommended modifications to related examination procedures to ensure full implementation of GLBA Title V privacy provisions and issuance of standardized guidance for reporting institution compliance with standards for safeguarding customer information. The Corporation issued guidance addressing our findings in a Regional Directors Memorandum.

Fair Lending: The Fair Lending Act is generally intended to eliminate discrimination in bank lending practices. The FDIC performs compliance examinations to help ensure that the institutions it supervises comply with this Act and other statutory requirements. We found that interagency fair lending procedures used in these examinations did not provide adequate guidance for conducting reviews of FDIC-supervised institutions, particularly on issues related to conducting reviews of small banks, banks that are not otherwise required to collect certain personal information, or commercial loan products. Also, due to the lack of available monitoring and demographic data, examiners were often unable to determine the potential for discrimination for many of the prohibited bases covered by the Fair Housing Act and the Equal Credit Opportunity Act. The Corporation issued supplemental guidance, conducted workshops, and initiated a referral and consultation program for its examiners to address the issues identified in our report.

Another area where the OIG is involved with Consumer Protection relates to our investigative cases regarding misrepresentations of FDIC insurance or affiliation to unsuspecting consumers. Recently our Electronic Crimes Team has been involved in investigating emerging e-mail “phishing” identity theft schemes that have used the FDIC’s name in an attempt to obtain personal data from unsuspecting consumers who receive the emails. Our investigations have also uncovered multiple schemes to defraud depositors by offering them misleading rates of returns on deposits. These abuses are effected through the misuse of the FDIC’s name, logo, abbreviation, or other indicators suggesting that the products are fully insured deposits. Such misrepresentations induce the targets of schemes to invest on the strength of FDIC insurance while misleading them as to the true nature of the investments being offered. These depositors, who are often elderly and dependent on insured savings, have lost millions of dollars in such schemes. In one case, $9.1 million worth of certificates of deposit were misrepresented to about 90 investors, most of whom were elderly. Abuses of this nature not only harm innocent victims but may also erode public confidence in federal deposit insurance.

Our experience with such cases prompted us on March 4, 2003, to submit to Chairman Oxley a legislative proposal to prevent misuse of the Corporation’s guarantee of insurance. This proposal was incorporated in H.R. 1375: Financial Services Regulatory Relief Act of 2003, approved by the House Financial Services Committee by voice vote on May 20, 2003. Section 615 of H.R. 1375, as we suggested, would provide the FDIC with enforcement tools to limit misrepresentations regarding FDIC deposit insurance coverage. We appreciate the Committee’s support of this proposal.

Management and Analysis of Risks to the Insurance Funds

The FDIC seeks to ensure that failed financial institutions are and continue to be resolved within the amounts available in the insurance funds and without recourse to the U.S. Treasury for additional funds. Achieving this goal is a significant challenge because the insurance funds generally average just over 1.25 percent of insured deposits and the FDIC supervises only a portion of the insured institutions. In fact, the preponderance of insured assets are in institutions supervised by other Federal regulators. Therefore, the FDIC has established strategic relationships with the other regulators surrounding their shared responsibility of helping to ensure the safety and soundness of the Nation’s financial system. Economic factors also can pose a considerable risk to the insurance funds. The FDIC actively monitors such factors as interest rate margins and earnings in the financial sector in an effort to anticipate and respond to emerging risks.

One of the key tools used by the FDIC is its safety and soundness examination process which, when combined with off-site monitoring and extensive industry risk analysis, generally provides an early warning and corrective action process for emerging risks to the funds. The FDIC examiners operate in a rapidly changing risk environment due to such factors as technology, the routine introduction of new and more complex banking products, and the threat of terrorist activity. Therefore, we focus considerable audit resources on the various examination processes used by the FDIC to achieve its mission. Our recent coverage in this area includes the following audits:

Prompt Corrective Action (PCA): Capital is an important part of reducing or eliminating losses to the insurance funds in the event of a failing or failed financial institution. The Federal Deposit Insurance Act and implementing regulations require progressive action to be taken in the event institution capital declines below a “well-capitalized” level up to and including closing the institution in the event it is critically undercapitalized without a sound plan for recovery. We concluded that because of PCA provisions, insurance fund losses were prevented in cases where the sufficiency of remaining capital facilitated the sale of the institution, and losses were reduced when institutions were closed before they became insolvent.

We identified a number of factors that delay the use of PCA and impact the effectiveness of its capital-related provisions. We also observed that the FDIC seldom used the non-capital provisions of PCA. These provisions would permit regulators to take progressive action based on factors other than capital. Our analyses of these provisions indicated that they do not provide objective or measurable criteria for implementation and, in some instances, placed restrictions on their use. We concluded that legislative and regulatory changes were required if the Congress desires to add uniform bank performance ratings or some other objective criteria as the trigger for implementing the non-capital provisions or allow earlier implementation of corrective action. We included several options to improve the effectiveness of PCA in our semiannual report to the Congress.

USA PATRIOT Act Implementation: The USA PATRIOT Act broadens the authority and required regulations to combat money laundering that were already established under the Bank Secrecy Act of 1970, as amended. The Bank Secrecy Act was intended to deter banks and other financial service providers from being used as intermediaries for, or to hide the transfer or deposit of money derived from, criminal activity. Among other provisions, the USA PATRIOT Act expanded the: due diligence requirements related to customer identification; the anti-money laundering umbrella to include industries not previously subject to these provisions such as sellers and redeemers of money orders; and criminal sanctions for money laundering.

We determined that the FDIC’s existing Bank Secrecy Act examination procedures covered the USA PATRIOT Act requirements to some degree, and the FDIC had advised the institutions it supervises of the new requirements in cases in which the Department of the Treasury had issued final rules. However, the FDIC had not issued guidance to its examiners for those provisions requiring new or revised examination procedures. This delay in issuing examination guidance was of particular concern where Treasury had issued final rules addressing money laundering deterrents and verification of customer identification. The FDIC took swift action to issue interim examiner guidance as a result of our audit.

Effectiveness of Resolution and Receivership Activities

One of the FDIC’s primary corporate responsibilities includes planning and efficiently handling the resolutions of failing FDIC-insured institutions and providing prompt, responsive, and efficient administration of failing and failed financial institutions. In this regard, protecting the depositors of insured banks and savings associations is a unique responsibility for the FDIC. Notably, since the FDIC’s inception over 70 years ago, no depositor has ever experienced a loss of insured deposits at an FDIC-insured institution due to a failure.

During 2003, the FDIC resolved three financial institution failures. These failed institutions had a total of $1.1 billion in assets and $908.6 million in deposits. Within 1 business day after each failure, the FDIC had issued payout checks to insured depositors, or worked with open institutions to ensure that depositors had access to their insured funds. In addition, the FDIC continues to manage over $800 million in total assets in liquidation from these and past institution failures.

Given the importance of this aspect of the FDIC mission, we performed recent reviews covering several significant areas. Of particular note, we evaluated the FDIC Corporate Readiness Plan for responding to a series of institution failures. We found that the FDIC readiness planning was sufficient to handle a wide range of institution failures without significantly disrupting the accomplishment of other key aspects of the corporate mission. This means that insured depositors will likely receive prompt access to their deposits in the event of one or a series of smaller bank failures. The FDIC is also working on plans to resolve the failure of a megabank that we plan to evaluate in the near future. The OIG’s other work in the resolution and receivership area includes the following:

Insurance Determinations: We found that the FDIC was making accurate insurance determinations for over 99 percent of the dollars reviewed. In the interest of process improvement and possible cost savings, we recommended a process be established to test the accuracy of insurance determinations and evaluate the test results in relationship to established benchmarks. The Corporation will be addressing our recommendation as part of its ongoing deposit insurance claims reengineering process.

Receivership Management: The FDIC uses a Service Costing System to ensure that FDICestablished receiverships are properly billed for their fair share of indirect expenses. In the 10-month period ended October 31, 2003, the FDIC billed 120 receiverships over $33 million. We found that during 2003, the FDIC process for billing receiverships had improved. However, we identified opportunities to enhance the FDIC’s ability to document that established rates were fair and reasonable. The Corporation will be improving analyses, enhancing reports and cost data, and conducting training to provide greater assurance that receiverships are properly billed.

Asset Valuations: We found that for the two FDIC-insured depository institutions that we reviewed, asset valuations for traditional assets sold were reasonably accurate. Valuations for non-traditional, or unique, assets varied substantially from the actual net sales proceeds. We recommended measures to improve the Corporation’s valuation of non-traditional assets. In response to our audit, the Corporation modified its performance reporting and has established a strategic goal for reviewing best practices and developing procedures for valuing unique assets.

The FDIC initiated a number of projects in 2003 to better manage and leverage its resources to meet potential challenges in the resolution of future financial institution failures. These projects include the Corporate Readiness Plan discussed above, the Asset Servicing Technology Enhancement Project, a lessons learned from bank failures symposium, and a Web site to provide instant access to the most current information available to institutions via the Internet.

As referenced earlier, the OIG’s Office of Investigations coordinates closely with the FDIC’s Division of Resolutions and Receiverships and with the Legal Division regarding ongoing investigations involving fraud at failed institutions, fraud by FDIC debtors, and fraud in the sale or management of FDIC assets. In particular, investigators coordinate closely with the Corporation to address issues arising in connection with the prosecution of individuals who have illegally concealed assets in an attempt to avoid payment of criminal restitution to the FDIC. As of September 30, 2003, the FDIC was owed approximately $1.7 billion in criminal restitution. In most cases, the convicts subject to restitution orders do not have the means to pay. We focus our investigations on those individuals who do have the means to pay but hide their assets from and/or lie about their ability to pay. We are having success in this area, as evidenced by the recent charging of the former Chief Executive Officer of Sunbelt Savings in a 21-count indictment, which included seven counts of concealing assets from the FDIC. This individual engaged in a scheme to defraud the FDIC of its payments under a $7.5 million restitution order and an $8.5 million civil judgment. If convicted, he faces a maximum sentence of 125 years’ imprisonment and a $5.5 million fine and restitution.

We meet quarterly with corporate representatives to discuss developments in these cases of mutual interest. We are currently working with the Corporation on a project to establish a common methodology for preservation of records, including electronic records, at bank closings. Through our Electronic Crimes Team, we share data we have imaged at bank closings and provide advice on technology that could be useful to the FDIC at bank closings.

Corporate Management and Operational Challenges

I now will speak to more internal management and operational challenges facing the Corporation.

In August 2001, President Bush launched the “President’s Management Agenda” (PMA) targeted to address the most apparent deficiencies in government where the opportunity to improve performance was the greatest. The President called for a government that is active but limited, that focuses on priorities and does them well. The FDIC, to its credit, has given priority attention to improving operational efficiency and effectiveness, consistent with the principles set forth in the PMA. That being said, the Corporation faces several continuing challenges, most notably in the areas of human capital, management and security of information technology resources, and stewardship of resources. The Corporation also needs to continue to focus on performance measures to track progress on all of its corporate goals and objectives.

Human capital issues pose significant elements of risk that interweave all the management and performance challenges facing the FDIC. The FDIC has been in a downsizing mode for the past 10 years as the workload from the banking and thrift crises has been accomplished. As a result, FDIC executives and managers must be diligent and continually assess the goals and objectives, workload, and staffing of their organizations and take appropriate steps to ensure that the workforce has the right experience and skills to fulfill its mission. The Corporation has created the Corporate University to address skill levels and preserve institutional knowledge in its five main lines of business. The Corporation is also in the process of revamping its compensation program to place greater emphasis on performance-based incentives.

We recently completed an evaluation in which we concluded that the Corporation’s human capital framework addresses the underlying human capital concepts that the Office of Personnel Management, Office of Management and Budget, and the U.S. General Accounting Office consider vital to successful human capital management. We did, however, recommend and the FDIC agreed to strengthen its human capital program by institutionalizing the Human Resources Committee, an element of its human capital framework, and developing a human capital blueprint. Taking these actions will sustain the FDIC’s long-term commitment and focus on strategic human capital management and will maintain transparency in the development, implementation, and monitoring of human capital initiatives. We have a series of reviews planned to address the various components of the Corporation’s human capital program, with the next being strategic workforce planning.

Management and security of information technology resources remains one of the Corporation’s most expensive and daunting challenges. Information technology (IT) continues to play an increasingly greater role in every aspect of the FDIC mission. Our work required under the Federal Information Security Management Act of 2002 has shown that the Corporation has worked hard to implement many sound information system controls to help ensure adequate security. However, daunting challenges remain due to the ever-increasing threat posed by hackers and other illegal activity. We have urged the FDIC to stay the course in developing an enterprise-wide IT architecture that maps the current and “to be” states of business processes and the supporting information systems and data architecture. Additionally, we have emphasized completing system certification and accreditation processes to test the security of deployed IT assets. We have completed and ongoing assignments covering the IT capital planning and investment control process to assist the Corporation in this area. Finally, we are pleased that the Corporation has appointed a permanent Chief Information Officer to guide its IT efforts, particularly from a strategic standpoint, but many key IT security positions remain to be filled, and the Corporation is in the midst of an internal assessment aimed at improving the skill mix of its IT personnel and business processes.

Stewardship of resources has been a focus of the FDIC’s current Chairman. As steward for the insurance funds, the Chairman has embarked on a campaign to identify and implement measures to contain and reduce costs, either through more careful spending or assessing and making changes to business processes to increase efficiency. We are initiating a number of audits in the near future to assist the Chairman in his efforts.

A key challenge to containing costs relates to the contracting area. The Corporation has taken a number of steps to strengthen controls and oversight of contracts. However, our work in this area continues to show further improvement is needed to reduce risks, such as consideration of contractor security in acquisition planning and oversight of contractor security practices. We also have a contract audit program that looks at the reasonableness and support for billings on significant Corporation contracts and, as needed, evaluates contract award processes. Over the past 2 years, we have issued 15 reports with potential monetary benefits of $4.2 million, and we have recommended various means for protecting the Corporation’s interests in the contracting arena.

An emerging risk that we have identified is project management. The FDIC is engaged in several complex multi-million dollar software development projects as well as the construction of Phase II of its Virginia Square facility. We have done several reviews of these projects, and each pointed to the need for improved defining, planning, scheduling, and controlling of resources and tasks to reach goals and milestones. The Corporation has included a project management initiative in its 2004 performance goals and established a program management office to address the risks and challenges that these kinds of projects pose.

Assessment of corporate performance is a key challenge because good intentions and good beginnings are not the measure of success. What matters in the end is completion: performance and results. To that end, the Government Performance and Results Act (Results Act) of 1993 was enacted to improve the efficiency, effectiveness, and accountability of federal programs by establishing a system for setting goals, measuring performance, and reporting on accomplishments. The current administration has raised the bar further in this area. Specifically, OMB is using an Executive Branch Management Scorecard to track how well departments and agencies are executing the management initiatives, and where they stand at a given point in time against the overall standards for success. OMB has also introduced the Program Assessment Rating Tool (PART) to evaluate program performance, determine the causes for strong or weak performance, and take action to remedy deficiencies and achieve better results.

The Corporation has made significant progress in implementing the Results Act, with which it is required to comply. Over the years, it has developed more outcome-oriented performance measures, better linked performance goals and budgetary resources, and improved processes for verifying and validating reported performance. While the FDIC is not included on the Management Scorecard nor required to submit a PART to the OMB, some of the Corporation’s divisions have begun using a “scorecard” approach to monitoring and evaluating performance, and we encourage broader use of these tools.

My office has played an active role in evaluating the Corporation’s efforts in this area. We have conducted reviews of the processes used for verifying and validating data and made recommendations that the Corporation adopted. We have also evaluated the Corporation’s budget and planning process and intend to do so again because significant changes have been made to bring down the cost of formulating and executing the budget and more effectively link it to performance goals. Finally, as part of the Corporation’s overall planning process, we provide input and our perspective annually on the FDIC’s strategic goals and objectives. In doing so, we have pointed to the need to better align the strategic and annual planning process under the Results Act with the separate process used to develop detailed annual corporate performance objectives and initiatives designed to accomplish the Chairman’s priorities.

Conclusion

Madam Chairwoman, in closing, I would like to reiterate several points I made earlier. Members of my office are committed to continuing to carry out the IG mission at the FDIC and privileged to be public servants with the responsibility for doing so. The OIG has an excellent working relationship with the Corporation. I hope my remarks have served to shed light on the types of issues we have been raising and resolving with the Corporation over the last several years, and I appreciate this Subcommittee’s support of our efforts. I invite you to visit our Web site: www.fdicig.gov for further information about the OIG and for the full text of reports discussed in my testimony today. I would be pleased at this time to answer any questions that you or the other Subcommittee Members may have.

Print Print
Close