The FDIC's Assessment of Corrective
DATE: July 24, 2002
TO: Michael J. Zamorski, Director, Division of Supervision and Consumer Protection
FROM: Russell A. Rau [Electronic version; original signed by Stephen M. Beard for Russell A. Rau], Assistant Inspector General for Audits
SUBJECT: The FDIC's Assessment of Corrective Action Work Performed by Third-Party Contractors (Audit Report Number 02-016)
This report presents the results of an Office of Inspector General audit of the Federal Deposit Insurance Corporation's (FDIC) assessment of corrective action work performed by third-party contractors for financial institutions supervised by the FDIC. The objective of the audit was to determine whether work performed by the third-party contractors for FDIC-supervised institutions met the requirements of corrective actions instituted by the FDIC's Division of Supervision (DOS). (Note: Third-party contractors are those hired by the bank in response to formal or informal actions required by the FDIC to address safety and soundness concerns in insured depository institutions. At December 31, 2000, the FDIC supervised 5,093 of the 8,315 commercial banks and 523 of the 1,590 savings banks. As the result of a reorganization that became effective June 30, 2002, this office was merged with the Division of Compliance and Consumer Affairs to become the Division of Supervision and Consumer Protection (DSC).)
Corrective actions are agreements (informal) or legally enforceable orders (formal) that the FDIC may institute against a financial institution or individual respondent to obtain correction of noted safety and soundness or compliance deficiencies. The FDIC may pursue formal corrective action under either Section 38 (prompt corrective action) or Section 8 of the FDI Act. The FDIC may also enter into a memorandum of understanding as a means of seeking informal corrective administrative action from institutions considered to be of supervisory concern, but which have not deteriorated to the point where they warrant formal administrative action. The audit concentrated on corrective actions where third-party contractors were used to address the requirements of individual provisions of the corrective actions. A detailed discussion of the objective, scope, and methodology of our audit is included in Appendix I.
In general, we found that the FDIC accepted work performed by third parties as meeting the requirements of the corrective actions instituted by the Corporation, and third-party work was completed within established timeframes. Also, DOS reviewed the corrective actions to ensure their completeness in addressing the underlying safety and soundness concerns. Accordingly, we are not making recommendations in this report.
The FDIC generally institutes corrective actions to address weaknesses and problems found in insured depository institutions during the examination process. (Note: An on-site examination allows the regulator to determine the condition of an institution and supplies the regulator with an understanding of the nature, relative seriousness, and ultimate cause of any problems identified, and thus provides a factual foundation on which to base corrective measures, recommendations, and instructions. The FDIC performs on-site examinations of state-chartered banks that are not members of the Federal Reserve System; national banks are supervised by the Office of the Comptroller of the Currency; state and federally chartered savings associations are supervised by the Office of Thrift Supervision; and banks with state charters that belong to the Federal Reserve System are supervised by the Board of Governors of the Federal Reserve System. ) When an institution with safety and soundness weaknesses is identified, the FDIC initiates a corrective action process requiring the institution to address its weaknesses. Under provisions of the Federal Deposit Insurance Act (FDI Act), the FDIC has been granted broad enforcement powers to correct practices, conditions, or violations of law that threaten a bank's safety and soundness. Depending on the extent and severity of the identified problems, the FDIC may initiate informal and/or formal corrective action. For institutions with significant weaknesses or those operating in a deteriorated financial condition, the FDIC may oversee the re-capitalization, merger, closure, or other resolution of the institution.
Corrective actions can prescribe that a third-party professional be engaged to provide assistance in the corrective process. For example, a corrective action may require that a bank make arrangements for an external audit of its financial statements to be performed by an independent public accountant. Another corrective action might prescribe that a specialist be retained to perform a loan portfolio analysis to assess the accuracy and methodology of the bank's internal loan grading system and its implementation and effectiveness in recognizing and identifying problem loans.
The FDIC generally uses informal actions to correct less severe problems that do not present an immediate threat to an institution's viability and when it is believed that corrective action will be taken without formal actions. Informal corrective actions are not legally enforceable. These include board resolutions issued by the bankís board of directors and memorandums of understanding (MOUs) issued jointly by a bankís board and a bank regulator. According to the FDICís Formal and Informal Action Tracking system (FIAT), 811 informal actions were issued in 1999 and 2000, including 340 memorandums of understanding.
The FDIC generally uses formal actions to address unsafe and unsound banking practices, to correct violations of law, and to remove individuals who present an immediate threat to an institution's safety and soundness. Formal actions also can be pursued in the event an informal action proves to be ineffective in securing necessary corrective action. Formal actions are notices and orders issued against insured depository institutions and individuals. Formal corrective actions issued under Section 8 of the FDI Act are legally enforceable. These include, for example, Section 8(b) orders to cease and desist (C&D) an unsafe or unsound practice or violation of law and Section 8(c) temporary C&D orders. According to FIAT, 225 formal actions were issued in 1999 and 2000, including 68 C&D orders. Formal actions also include prompt corrective action directives related to undercapitalized banks, as provided in Section 38 of the FDI Act and orders to correct safety and soundness deficiencies as provided under Section 39 of the Act.
RESULTS OF AUDIT
The FDIC accepted work performed by third-party contractors for FDIC-supervised institutions as generally meeting the requirements of the FDICís corrective actions. In addition, corrective actions were generally completed on time.
Our sample of 33 corrective actions, including 13 MOUs and 20 C&D orders, contained 48 provisions with work performed by third parties:
Work Performed by Third-Parties Met FDIC Requirements
In 45 of the 48 provisions reviewed, the FDIC accepted third-party products or services as meeting its requirements. For two of the remaining provisions, the FDIC accepted actions taken instead of those prescribed. The final provision reviewed was not addressed before the bankís next examination, when its composite rating improved and the FDIC terminated the corrective action order to facilitate sale of the bank.
One of the in-lieu-of actions accepted by the FDIC in fulfillment of a corrective action provision was related to a management plan. In that instance, the bankís board elected to implement all recommendations from its contractor rather than prepare a written report addressing the contractor's recommendations. The other in-lieu-of action accepted by the FDIC was related to an external audit. The FDIC required the bank to hire an outside auditor to perform a full-scope audit of the bank. Instead, the bankís board contracted for an "agreed-upon procedures review," which is not as comprehensive. The FDIC accepted the review in fulfillment of the provision, and the bankís composite rating improved at its next exam.
The provision that was not fulfilled was also related to a management plan. In that instance, the plan had not been completed before the bankís next examination when its composite rating improved and the C&D order was terminated to facilitate the sale of the bank, thus eliminating any further response regarding the provision.
Provisions Were Completed on Time
The corrective action provisions reviewed were completed timely. Specifically, 41 of 48 provisions we reviewed specified a timeframe for completion. Corrective actions addressing 38 of those 41 provisions were completed timely. The three provisions that were not completed timely were all related to one management plan that was not completed. However, as explained previously, there was no adverse effect in that instance, as the bankís rating improved and its C&D order was terminated.
DOS Reviewed the Corrective Actions
DOS regional office personnel reviewed the corrective actions included in our sample. In all cases except one, there was evidence of review by DOS personnel, such as correspondence from DOS, margin notes, underlining, and highlighting. However, in making our request for documents, we did not request that regions provide the entire file. We only requested copies of products produced by third-party contractors and any correspondence between the banks and the FDIC. Thus, we could not conclude on the evidence of review for one action.
In a separate audit survey, we reviewed DOSís efforts to monitor and ensure compliance with corrective actions, including those performed by third-party contractors. In a memorandum to the DOS Director, dated March 20, 2002, we reported that the DOS monitoring systems and procedures were working as intended and that case managers were following applicable DOS policies. A copy of this memorandum is provided as Appendix II of our report.
CORPORATION COMMENTS AND OIG EVALUATION
Our report does not include recommendations for corrective actions. However, we provided our draft report to the Director of DOS. On July 8, 2002, the DOS Director provided a written response to the draft report. Managementís response, concurring with our conclusions, is presented in Appendix III to this report.
OBJECTIVE, SCOPE, AND METHODOLOGY
The objective of the audit was to determine whether work performed by third-party contractors for FDIC-supervised institutions met the requirements of corrective actions instituted by the FDICís Division of Supervision (DOS). The audit concentrated on corrective actions where third-party contractors were used to fulfill the requirements of individual provisions of the corrective actions.
The audit included formal and informal corrective actions issued between January 1, 1999 and December 31, 2000 that were still outstanding on December 31, 2000.
To accomplish our objective, we:
For each of the 48 provisions, we reviewed FDIC files, including:
We limited our assessment of DOSís system of internal controls to gaining an understanding of the divisionís corrective action procedures when a third-party contractor is suggested or required by the FDIC to assist an institution in fulfilling the requirements of an informal or formal corrective action intended to address weaknesses. We did not test internal controls because in a separate audit survey, Survey of the Division of Supervisionís Monitoring of Corrective Actions (Assignment Number 2001-205), we reviewed the efforts of the DOS to monitor and ensure compliance with corrective actions. Additionally, we did not review Government Performance and Results Act reporting, test for fraud or illegal acts, or test for compliance with laws and regulations because these items were not part of our audit objective. Finally, although we used available information from FDICís computerized systems, we did not test the accuracy of data generated by those systems because our focus was on the work performed by the third-party contractors and the use of data was limited to determining the sample of corrective actions that we reviewed. This audit was suspended from August 2001 through February 2002 during our work on issues related to the failure of Superior Bank, FSB, Hinsdale, Illinois. We conducted our audit from May 2001 through June 2002. The audit was conducted in accordance with generally accepted government auditing standards.
OIG MARCH 2002 MEMORANDUM REGARDING THE DIVISION OF SUPERVISIONíS MONITORING OF CORRECTIVE ACTIONS
DATE: March 20, 2002
MEMORANDUM TO: Michael J. Zamorski, Director, Division of Supervision
FROM: Russell A. Rau [Electronically produced version; original signed by Russell Rau], Assistant Inspector General for Audits
SUBJECT: Survey of the Division of SupervisionĎs Monitoring of Corrective Actions (Assignment Number 2001-205)
The Office of Inspector General is terminating a survey of the Division of Supervisionís (DOS) monitoring of corrective actions by FDIC-supervised financial institutions (assignment number 2001-205). Our survey reviewed (1) DOSís efforts to monitor and ensure compliance with corrective actions and (2) the corrective action process.
Based on the information gathered during the survey, we concluded that no further audit work is warranted at this time. In our 1994 audit of this area (Note: Audit of the Division of Supervisionís Corrective Action Monitoring Process, October 17, 1994.), we found inconsistencies in tracking corrective actions, untimely reporting by banks on the status of their corrective actions, and inconsistent on-site follow-up examinations. These concerns have been addressed by a number of DOS actions. Following the 1994 audit, DOS developed the Formal and Informal Actions Procedures (FIAP) manual to provide consistency among the various regions for handling corrective actions. The FIAP manual contains the policies and procedures to be followed in initiating, monitoring and terminating corrective actions.
DOS also uses the Formal and Informal Actions Tracking (FIAT) system to track corrective actions. The automated FIAT system allows for more effective monitoring of provisions and target completion dates for various corrective actions.
We found that the DOS systems and procedures are working as intended and that case managers are following DOS policies. We reached this conclusion based on the following audit work:
Thank you for the cooperation and assistance provided us during the survey. We would especially like to acknowledge the efforts of Ronald M. Williams, Senior Examination Specialist with the Dallas Regional Office, in assisting us in this survey. If you have any questions, please contact me at (202) 416-2543 or Vernon Davis, Director, at (202) 416-2508.
cc: Simona L. Frank
July 8, 2002
TO: Stephen M. Beard, Deputy Assistant Inspector General for Audits
FROM: Michael J. Zamorski [Electronically produced version; original signed by John M. Lane for Michael J. Zamorski], Director, Division of Supervision
SUBJECT: Draft Report on the Audit of the FDICís Assessment of Corrective Action Work Performed by Third-Party Contractors
Thank you for the opportunity to review and comment on the subject draft report. The objective of the audit was to determine whether work performed by third-party contractors for FDIC-supervised institutions met the requirements of corrective actions instituted by the Division of Supervision (Division).
Although the report does not include any findings or recommendations, I concur with its general conclusions that where required by formal and informal enforcement actions, third-party contractors perform their work in an acceptable manner, meeting the requirements of the provision of the action. The Divisionís staff appropriately monitors enforcement actions to ensure that work performed by third-party contractors is in accord with stated timeframes and reviews necessary documentation to ensure that the work is performed to our satisfaction.
|Last Updated 08/21/2002|