DATE: September 17, 2003
MEMORANDUM TO: Mitchell L. Glassman, Director, Division of Resolutions and Receiverships
FROM: Russell A. Rau [Electronically produced version; original signed by Russell Rau], Assistant Inspector General for Audits
SUBJECT: Insurance Determination Claims Process
This report presents the results of the Office of Inspector General’s (OIG) audit of the insurance determination claims process. Deposit insurance is a fundamental part of the Federal Deposit Insurance Corporation’s (FDIC) commitment to maintain stability and public confidence in the U.S. financial system. The FDIC’s Division of Resolutions and Receiverships (DRR) Receivership Operations Branch is responsible for ensuring that bank customers have timely access to their insured deposits at failed insured depository institutions either by facilitating the transfer of their insured deposits to an assuming institution or by paying insured depositors directly. (Note: The Federal Deposit Insurance Act, 12 U.S.C. 1821(f), states in part that the payment shall be made by the FDIC as soon as possible either by case or by making available to each depositor a transferred deposit in a new depository institution in an amount equal to the insured deposit of such depositor. While the law does not set forth a precise timetable or deadline for the payment of deposit insurance, the FDIC has traditionally made payments to insured depositors within 3 days of an institution’s failure.) More specifically, DRR’s Dallas Field Operation Branch (DFOB or Claims Department) has the primary mission of coordinating the payment of deposit insurance claims.
The objective of this audit was to determine whether DRR is accurately making deposit insurance determinations. The claims process spans the three phases of the resolution process: pre-closing, closing, and post-closing. (Note: The resolution process involves valuing a failed insured depository institution, marketing it, soliciting bids for the sale of the institution, determining which bid is least costly to the relevant insurance fund, and working with the acquiring institution(s) through the closing process (or paying off insured deposits if there is no acquirer).) The main objective of the claims activity in the pre-closing phase is to provide an estimate of the insured and uninsured deposits that is a component in developing the least costly resolution strategy. (Note: The FDIC is required under 12 U.S.C. 1823(c) to implement the resolution alternative that is determined to be least costly to the relevant deposit insurance fund of all possible resolution alternatives, including liquidation of the failed institution.) Once the insured depository institution is closed, the focus of the claims process is to identify the insured depositors, certify their claims, and provide access to those insured funds as quickly and as efficiently as possible without paying amounts that are uninsured. Historically, the FDIC has executed the deposit insurance determination function over the closing weekend. Our audit focused on actual insurance determinations that resulted from the closing and post-closing processes. Appendix I describes our objectives, scope, and methodology in more detail.
Overview of Insurance Coverage
The FDIC protects depositors’ funds in the event of the financial failure of a bank or savings institution. (Note: The FDIC maintains, manages, and controls risks to the deposit insurance funds, i.e., Bank Insurance Fund (BIF) and the Savings Association Insurance Fund (SAIF). When a financial institution fails, the FDIC pays off insured deposits or, more frequently, it arranges for the transfer of insured accounts from the failed institution to a healthy institution.) The basic insured amount for a depositor is $100,000. In applying the $100,000 limit, the FDIC must adhere to the rules set forth in the Federal Deposit Insurance Act (FDIA). (Note: The FDIC has issued a uniform set of deposit insurance regulations applicable to both banks and savings associations. Those regulations are codified at 12 C.F.R. Part 330.) However, the FDIA provides that in applying the $100,000 insurance limit, the FDIC “shall aggregate the amounts of all deposits in the insured depository institution which are maintained by a depositor in the same capacity and same right for the benefit of the depositor.” In other words, funds held in different ownership categories are insured separately from each other. (Note: The FDIC recognizes 13 ownership categories.) Therefore, one person can hold more than $100,000 in insured funds if the funds are held in different ownership capacities. Table 1 provides an overview of the common ownership categories and applicable deposit insurance coverage.
Table 1: Overview of Common Deposit Insurance Ownership Categories
Source: FDIC Deposit Insurance Publications.
Each of the ownership categories has specific requirements that must be met in order to receive separate insurance under the category. However, if an account fails to meet the specific requirements of a particular insurance category, the funds may be considered, for deposit insurance purposes, to belong to another category – usually the single ownership category. In that case, the funds are added together with any other funds that the depositor has in the single ownership category and are insured to $100,000. According to information published by the FDIC, the most common categories of deposit ownership are single, joint, and testamentary accounts. Additional information about the FDIC’s insurance determination process is in Appendix II.
Claims Process Redesign Project
Since mid-2000, DRR officials and representatives from other divisions (including the Division of Information and Resources Management (DIRM), the Division of Finance (DOF), and the Division of Insurance and Research (DIR)) have been working to identify and implement changes to the current claims process to promote the efficient handling of depositor insurance determinations for any size institution that may fail. To that end, DRR has implemented both work flow changes and enhancements to the Receivership Liability System (RLS). (Note: The RLS is the system of record for insurance determinations.) DRR recognizes that as insured depository institutions continue to grow, changes must be made to ensure that timely insured deposit determinations can be made for an insured depository institution with millions of deposit accounts. According to DRR data, the largest depository institution that has been subject to insurance determination had about 150,000 accounts.
In addition to these internal efforts, DRR contracted with IBM Business Consulting Services (IBM) to perform an independent assessment of the FDIC insurance claims process and to develop potential options for increasing the capacity of the claims functions and make recommendations regarding the optimal solution. IBM’s assessment of the claims process progressed in stages:
Table 2 highlights the issues that were identified by IBM.
Table 2: Claims Process Issues Identified by IBM Business Consulting Services
Source: IBM Business Consulting Services FDIC Claims Process Analysis: Discovery Phase Report, dated June 2002.
To address these issues, IBM did not recommend functional improvements beyond those identified by DRR staff. However, IBM proposed using commercially available software to implement identified improvements in a more integrated way. In other words, IBM recommended that DRR redesign its process to incorporate a greater use of technology and to use commercially available software, rather than make enhancements to the internally designed, custom-built RLS. DRR is working with IBM to prepare a business case for the claims process redesign that it plans to present to the FDIC’s Capital Investment Review Committee in October 2003. (Note: The Capital Investment Review Committee was established in 2002 and is dedicated to reviewing and overseeing all major Information Technology (IT) and non-IT capital investments.)
RESULTS OF AUDIT
Overall, DRR is accurately making insurance determinations. Specifically, DFOB made accurate insurance determinations for approximately 96 percent (234 of 243) of the accounts and/or groups of accounts tested and for 99 percent of the dollars in our sample. Table 3 provides a summary of the overall test results and illustrates that the exceptions identified were small relative to the total value of the accounts reviewed.
Table 3: Summary of Audit Test Results
Notes on Table 3: We did not identify any cases in which FDIC did not fully insure a depositor. Presumably, those types of errors would be minimal because depositors would naturally question the FDIC if they believed they were entitled to additional deposit insurance coverage. In several cases, we were unable to definitively quantify the amount of error because supplemental information from the depositor or the failed insured depository institution’s records was needed and was not available to make a final insurance determination. These amounts represent the aggregate range of potential excess insurance coverage.
Source: OIG analysis of audit results.
In making these insurance determinations, DRR accurately (1) reconciled the deposit data loaded from the failed insured depository institutions records to RLS, (2) grouped deposit accounts by owner, (3) placed accounts or groups of accounts in appropriate ownership categories, and (4) compared aggregate balances to the applicable insurance limits. Additionally, when appropriate, DRR obtained supplemental information from the depositor to make a final insurance determination. Accordingly, the FDIC provided depositors access to their insured deposits in accordance with the FDIC’s deposit insurance rules and regulations. (See Finding A: Accurate Insurance Determinations.)
We identified a total of nine cases for which the insurance determinations made by DRR were inaccurate or potentially inaccurate. In evaluating the nature of the exceptions, we determined that all but one of the exceptions were attributable to human error, most of which occurred during the manual phase of the grouping process. As part of its process redesign, DRR is evaluating how to better leverage technology to decrease the risk of human error. Nonetheless, under the existing process, the FDIC provided excess or potential excess deposit insurance coverage as a result of the exceptions identified.
In consultation with DIR, we made some statistical inferences based on our results. As explained in Appendix I, we selected a statistically valid sample of accounts for each of the insured depository institutions that failed in 2002. DIR derived two-sided (upper and lower) 95 percent confidence limits for the total number of exceptions for each institution’s universe, based on the number of exceptions identified in our samples. We recognize that all the exceptions identified will not result in actual errors. Nonetheless, the sample projections support the notion that in a labor-intensive process there is a greater risk of errors occurring at larger institutions because of the workload. We could not evaluate the significance of the exceptions identified or projected because DRR has not established process metrics for accuracy to which we could compare our results. (See Finding B: Process Control for Insurance Determinations.)
FINDING A: ACCURATE INSURANCE DETERMINATIONS
Accurate insurance determinations depend on obtaining complete deposit data from the failed insured depository institution and appropriately analyzing that data in the context of the FDIC’s deposit insurance rules and regulations. DFOB generally reconciled the initial data loaded into the RLS from the failed financial institutions’ records for each of the 11 failures in 2002. In addition, DRR accurately made insurance determinations for 96 percent (234 of 243) of the accounts and/or groups of accounts tested and for 99 percent of the dollars in our sample. These results provide assurance that the insurance determination process is working as intended and that the DRR insured deposits in accordance with applicable rules and regulations.
Initial Reconciliation of Depositor Data
Deposit data from the failed insured depository institution must be loaded into RLS before insurance determinations can be made. DRR has established procedures to ensure that initial data loaded to the RLS reconciles to the receivership’s Proforma closing balances. (Note: Proforma is one of the many functions in the FDIC’s closing process. The primary focus of the Proforma team is to produce a balance sheet that reflects a reasonably accurate financial statement of the failed insured depository institution through the date of closing. The FDIC’s Division of Finance is responsible for this function.) In accordance with those procedures, DRR completed data certifications for each of the 11 failures in 2002.
More specifically, the closing balances were in agreement for three institutions and differed only nominally for seven institutions. For the remaining institution, a $230,114 difference existed between the RLS and Proforma closing balances. Although this difference was not material in relation to the institution’s total deposits of $1.23 billion, DFOB officials agreed that balances should have been reconciled more precisely. Procedures in Reconciliation of Liability Accounts at Closing – Amended, Claims Procedure No. 01-008-A, dated May 21, 2001, require the claims specialist to complete the reconciliation of RLS to the Proforma closing balances within 30 days of closing or to submit a request in writing to a claims supervisor documenting the reason the extension was needed.
In this one case, the claims agent never finished the reconciliation. Additional work on the closing reconciliation was inadvertently neglected because the claims specialist who assumed responsibility for this receivership was not aware that the accounts were out of balance. The reconciliation was transferred from one claims specialist to another when the claims work was transitioned from the closing site to the office in Dallas, Texas. In response to our audit, DRR and DOF officials completed the reconciliation of these balances and are working to revise existing procedures to help ensure that reconciliations are completed promptly in the future. Therefore, we are not making any recommendations to address this issue.
The test results provided assurance that DFOB consistently applied FDIC insurance rules and regulations. Table 4 provides a summary of the test results for the items sampled in each of the institutions.
Table 4: Analysis of Audit Test Results by Institution
Note for Table 4: Although 11 institutions failed in 2002, we sampled from 10 of the 11 institutions for the reasons discussed in Appendix I.
Source: OIG analysis of sampled items.
In general, these test results indicated that DFOB appropriately:
In summary, DFOB successfully executed the fundamental tasks necessary to make an insurance determination by doing the following:
Accordingly, the FDIC appropriately transferred or paid insured depositors and issued receivership certificates to uninsured depositors. This achievement is significant considering that many of these critical activities were successfully executed within a span of 2-3 days (i.e., closing weekend).
FINDING B: PROCESS CONTROL FOR INSURANCE DETERMINATIONS
Although DRR’s insurance determinations were generally accurate, we identified nine cases for which the determinations were either inaccurate or potentially inaccurate. All but one of the nine exceptions resulted from human error, which is a risk that exists in a process that relies heavily on manual and paper-based processes. Consequently, the FDIC provided excess or potentially excess deposit insurance coverage, even though the amounts were nominal. Table 5 summarizes the insurance determination exceptions identified for each of the 10 institutions tested.
Table 5: Analysis of Audit Exceptions
Source: OIG analysis of tested items.
As discussed earlier, we consulted with DIR to help us evaluate our results. Specifically, DIR derived two-sided (upper and lower) 95-percent confidence limits for the total number of exceptions for each institution’s universe, based on the number of exceptions identified in our samples. Table 6 presents DIR’s sample projections for each of the institutions included in our universe. Hamilton Bank, NA and Next Bank, NA were the two largest insured depository institutions in our universe as measured by the value of assets. For these two institutions, the upper 95-percent confidence limits for the total number of exceptions were 83 (Hamilton) and 16 (Next Bank). Considering that most of the exceptions resulted from human error, the sample projections support the notion that in a labor-intensive process there is a greater risk of errors occurring at larger institutions because of the workload. We could not evaluate whether the number of exceptions we identified or projected was significant in comparison to DRR’s expectations because DRR has not established process metrics for accuracy. Additionally, DRR has not established a process for sampling insurance determinations to assess the determination process against established performance metrics.
Table 6: Sample Projections Based on Number of Exceptions (Note: Regarding the “Population” heading in Table 6, DIR estimated population size based on the number of account groups found in the sample that were eligible for audit. Ineligible groups included groups with brokered accounts and groups for which the insurance determination had not yet been made at the time of the audit.)
Source: DIR analysis of OIG sample results.
Nature of Exceptions
As previously discussed, the exceptions were a relatively small portion of the total items tested. However, we cannot objectively evaluate the significance of the number or value of these exceptions because DRR does not have process metrics related to accuracy. IBM’s report, FDIC Claims Process Analysis: Discovery Phase Report, issued in June 2002, states that “the definition of successfully providing deposit insurance coverage for all insured depositors is limited to one dimension, the length of time required to provide depositors access to their funds. Other dimensions, such as accuracy or efficiency are not addressed.” Based on the importance of the claims function to the FDIC’s mission, DRR should routinely track and evaluate the accuracy of insurance determinations.
Our analysis of the nine exceptions did not identify any systemic weakness in the insurance determination process other than the known consequence of a manually intensive process – human error. In seven cases, DRR provided, or possibly provided, excess insurance coverage because of errors primarily related to the manual phase of the grouping process. The manual phase of the grouping process creates the potential for human error because of the nature of the tasks. As one would expect, more exceptions occurred and were projected to occur in the larger insured depository institutions.
More specifically, after the manual review process is completed, various teams of claims specialists review the proposed changes (edits), manually entered the edits into RLS, and reviewed the resulting grouping reports to verify that the edits were accurately made. These tasks can be laborious, especially in the larger institutions. In addition, this process typically takes place from Saturday morning to Sunday afternoon. Consequently, claims specialists are subject to working long hours to accomplish the task. In addition, final insurance determinations are subject to a series of supervisory reviews. Although there was evidence in each case that established processes were followed, exceptions resulted from human errors. However, the fact that we identified only seven exceptions related to the grouping process provides assurance that management controls established by DRR are generally effective. The following describes the exceptions in more detail.
Description of Exceptions
Exceptions related to the Grouping Process
In addition to the grouping errors, DFOB made one mathematical error in calculating the uninsured share of the depositor’s accounts and inadvertently issued the receivership certificate (RC) to the wrong individual. With respect to the mathematical error, DFOB agreed that it provided excess insurance coverage of $1,717. DFOB has voided the RC issued to the wrong individual and reissued one to the uninsured depositor.
DRR officials agreed with our analysis of all of the exceptions. However, after considering the time since the failure dates and the amounts of the errors or potential errors, officials decided not to take further action in these cases. Specifically, officials decided not to burden the depositor with requests for additional information that is needed to make a final determination or pursue the collection of excess insurance that has been provided. DFOB is also developing desktop guidance for handling deposit insurance overpayments to help ensure that the process for handling these cases is standardized.
CONCLUSION AND RECOMMENDATION
Overall, DFOB is accurately making insurance determinations. Nevertheless, our findings show that human error will occur under the existing process despite established controls and DFOB efforts to make timely and accurate insurance determinations. This was particularly evident for larger institutions where resources invariably became stressed. Indeed, all but one of the exceptions we identified resulted from human error and, in eight cases, these errors resulted in actual or potential excess deposit insurance coverage. DRR recognizes that the existing process could be improved and has been working to reengineer the process.
Specifically, DRR has been exploring ways to reduce the reliance on labor and paper-based processes which should thereby mitigate the risk and cost of human errors. DRR agreed with our analysis of the individual exceptions and has taken appropriate action to address each case. Therefore, we are not making any recommendations specifically related to these exceptions. Additionally, DFOB has begun developing desktop guidance for handling deposit insurance overpayments to help ensure that overpayments are handled consistently in the future. DFOB is revising procedures for reconciling the initial deposit data loaded into RLS to ensure that these reconciliations are completed as required. Because DRR is taking appropriate actions to address these issues we are not making any formal recommendations in this regard.
The fact that DRR does not have established process metrics for accuracy remains a concern. IBM recommended that DRR establish more precise, definitive performance measurements, particularly for accuracy. We also believe that it is important for DRR to establish process metrics. Such metrics would have allowed DRR to objectively evaluate whether the exceptions were significant and provided DRR with a baseline for estimating the cost of human errors in the current process. Although DRR has not yet made significant progress on this issue, DRR will establish process metrics as part of the proposed process redesign.
We recommend that the Director, DRR:
Establish a process to routinely test the accuracy of insurance determinations and evaluate the test results in relationship to DRR-established benchmarks as part of the claims process redesign.
CORPORATION COMMENTS AND OIG EVALUATION
On September 12, 2003, the Director, DRR provided a written response to the draft report. The response is presented in Appendix III of this report. DRR concurred with our recommendation and plans to tentatively complete corrective actions by December 31, 2005. The following summarizes DRR's response.
Establish a process to routinely test the accuracy of insurance determinations and evaluate the test results in relationship to DRR-established benchmarks as part of the claims process redesign.
DRR concurred with the recommendation. DRR indicated that, in light of the claims reengineering process that is under way and the fact that it will involve a considerable amount of new technology and changes to the process itself, DRR will comply with the audit recommendation within that reengineering effort. Therefore, DRR will determine an acceptable margin of error for the claims process and a method for periodically reviewing claims for adherence to that standard as part of the reengineering process, which is tentatively scheduled to be completed by year end 2005.
Management’s planned action is responsive to the recommendation. The recommendation is resolved but will remain undispositioned and open until we have determined that the agreed-to corrective action has been completed and is effective.
A summary showing management’s response to our recommendation is presented in Appendix IV.
APPENDIX I: OBJECTIVE, SCOPE, AND METHODOLOGY
The objective of this audit was to determine whether the FDIC’s DRR is accurately making deposit insurance determinations. That is, did DRR appropriately group depositors’ accounts by ownership category and accurately determine insured amounts in accordance with the FDIC’s rules and regulations. Our audit scope included testing actual insurance determinations for a sample of accounts for 10 of the 11 insured depository institutions that failed in calendar year 2002. As discussed later in this report, prior OIG audit work included evaluating the internal controls that ensure integrity, security, and reliability of data that is maintained in the RLS. Except for reviewing data reconciliation reports to ensure that depositor data was accurately captured from failed insured depository institutions, the scope of this audit did not include specific testing of RLS general and application controls. We performed our work from November 2002 to July 2003 in accordance with generally accepted government auditing standards.
To accomplish our objective, we gained a general understanding of applicable laws and regulations and relevant DRR policies and procedures. We then selected a sample of insurance determinations and tested the accuracy of actual insurance determination.
More specifically, to understand applicable laws and regulations, we did the following:
We performed the following to understand DRR’s insurance determination process (the process) and the process redesign efforts under way:
To test the accuracy of actual insurance determinations, we reviewed the 11 data certifications for the 2002 failures to confirm that the RLS balances had been reconciled to the Proforma closing balances. We also selected a sample of accounts from 10 of 11 2002 failures. Because of the large number of claims in our overall universe (over 61,000), we consulted with statisticians from DIR to devise an objective sampling methodology. We also consulted with another DIR team that is doing research on the insurance determination process as part of the FDIC’s overall process redesign project. (Note: Specifically, as part of the FDIC’s overall efforts to prepare for a large bank failure, DIR was asked to experiment with the grouping of potentially uninsured accounts by evaluating methods for targeting accounts for review as a means of saving time at a large bank closing. DIR has published a series of reports and papers on this subject.) As part of its research, this team had developed a prototype software model that can be used to make deposit insurance estimates. DIR’s insurance estimates are based on the same depositor data from the failed institution that is input into the RLS, but DIR’s system and the RLS use different programming logic to group accounts. As explained in Appendix II of our report, the grouping process is a critical step in the insurance determination process, but we could not easily replicate it for auditing purposes. We decided that using DIR’s system gave us a way to establish a reasonable universe for sampling purposes.
To establish our sampling universe, DIR generated reports (data sheets) that identified accounts or groups of accounts for which DIR’s estimated insurance determinations differed from DRR’s insurance determinations. DIR compared its insurance estimate based on RLS’s initial grouping data. Using this data as a point of comparison allowed us to test the manual grouping process decisions and the editing process that occurs during the closing weekend. We recognized that DIR’s estimates did not reflect or incorporate information about depositors’ accounts that DRR routinely obtains during the post-closing phase of the insurance determination process. Nevertheless, comparing DIR’s estimates to DRR insurance determinations helped ensure that our sample universe included accounts that are considered more complex for deposit insurance purposes (i.e., requiring supplemental information from the depositor).
We selected a stratified sample of accounts for each of the 11 failures in 2002. We derived the sample size for each institution so that, if the universe exception rate for an institution was 20 percent, the sample error rate would be within plus-or-minus 10 percentage points of that rate with a 95-percent confidence level. The resulting sample size for each institution is presented in Table 7. The scope of our review did not include reviewing insurance determinations for brokered accounts because that insurance determination process differs. The data DIR provided us included brokered accounts; therefore, we removed readily identifiable brokered accounts or groups from the universe before making our sample selections. However, after selecting our sample, we discovered that we selected some ineligible groups including brokered accounts and cases for which the insurance determinations were not finalized. We had not anticipated a large number of these adjustments and previously decided not to select sample replacements. Therefore, our final results are based on the sample sizes presented in the last column of Table 7. We determined that the adjusted samples were manageable and would allow us to determine whether DRR’s insurance determinations were accurate for each of the failures except one, New Century Bank. DIR identified only two cases for which its insurance estimate differed from DRR for New Century Bank, and these turned out to be brokered accounts. Therefore, we did not review any insurance determinations for that failure.
Table 7: Audit Universe and Sample (Note: For the heading called “Total Number of Groups” in Table 7, DIR identified a difference between its estimated insurance determinations and the final insurance determinations made by DRR.)
Source: OIG analysis of DIR data sheets.
To evaluate the insurance determinations for each selected account or groups of accounts, we performed the following actions:
Government Performance Results Act (Note: The Government Performance and Results Act of 1993 (P.L. No. 103-62, codified as title 5, 31, and 39, U.S.C.) requires agencies to develop strategic plans, align programs and activities with concrete missions and goals, and manage and measure results. An agency is to prepare annual performance plans that establish connections with strategic goals and day-to-day activities and report on the extent to which the agency is meeting its annual performance goals.)
To determine whether DRR had any performance measures that we should consider in this audit, we reviewed the FDIC’s 2001-2006 Strategic Plan, FDIC 2002 Annual Performance Plan, DRR 2002 Strategic Plan, and DRR 2003 Strategic Plan. We identified one corporate annual performance goal for the Insurance Program identified in the FDIC 2002 Annual Performance Plan that directly relates to FDIC’s handling of depositors of failed institutions. Table 8 depicts the relationship of this annual performance goal to FDIC’s strategic goal and objective.
Table 8: FDIC Strategic Goals and Objectives for Insurance
Source: FDIC’s 2002 Annual Performance Plan.
DRR’s performance in 2002 was consistent with its historic record -- depositors had timely access to their funds. However, as reported by DRR’s external consultant working on the process redesign project, the measures and metrics associated with the FDIC’s strategic goals and objectives are not sufficiently detailed to facilitate the improvement of the deposit insurance claims function. (Note: Federal Deposit Insurance Corporation Claims Processing Analysis: Discovery Phase Report, dated June 17, 2002.)
The DRR 2002 Strategic Plan also established a division objective to help DRR prepare to deal with all financial institution closings and emerging issues. To accomplish this objective, DRR plans to continue its contingency planning for a large bank failure. Specific emphasis will be placed on streamlining the deposit insurance determination process. The project will also include the preparation of a feasibility study on the changing regulations/requirements on data kept by the banking industry on deposit accounts. (Note: Currently, banks provide data tapes in a standard format on an ad hoc basis to regulators when it is anticipated a failure may occur. Possible statutory and regulatory changes affect mandating certain data requirements that would facilitate the insurance determination process.) The 2003 Strategic Plan includes this same objective.
Reliance on Computer-Generated Data
We relied on computer-generated data from DIR’s prototype system and DRR’s RLS. To assess the reliability of data within the RLS, we verified that DRR had reconciled initial deposit data downloads to the RLS from the failed financial institutions records. We relied on the data DIR provided from its system simply to help us establish a universe from which we could select our sample. For each selected sample item, we independently verified the data DIR provided by comparing it to data in the RLS. For example, the DIR data sheets included account balances, group numbers, and the RC amount. For each sampled item, we accessed the RLS and reviewed the detailed claim information recorded in RLS’s Liability Maintenance Section to verify account balances, the final group numbers (including group zero), any applicable RC numbers, and the amount of the RC recorded in the RLS Liability Register. We also traced RC certificates recorded in the Liability Register to the RLS Payment Record.
DRR has established management controls to ensure insurance determinations are accurate. Specifically, we determined that DRR has established policies and procedures designed to ensure that:
We concluded that DRR had established a positive control environment based on an analysis of policies and procedures, observation, and the results of the DRR Internal Review Branch report, CFOA [Chief Financial Officer’s Act] Review of Claims, dated September 30, 2002, which deemed the control points tested to be strong. (Note: The scope of the internal review included testing for two failed institutions. Three control techniques were reviewed for a judgmental sample of groups in each institution.)
Summary of Prior Audit Coverage
The OIG has completed two reviews aimed at evaluating the internal controls that ensure the integrity, security, and reliability of data that is maintained in RLS. The first report, Audit Report No. 00-051, RLS Staffing and Training, was issued December 28, 2000, and the second report, Audit Report No. 01-017, RLS Security and Data Validation, was issued June 18, 2001. We did not perform detailed follow-up work on these reviews as part of this audit, but did identify general progress since these reports were issued.
In the first report, the OIG found that DRR and DIRM – the two divisions with the greatest claims processing and RLS responsibilities – had adequately planned for reduced claims and RLS-related staffing levels that will result from corporate downsizing. With regard to training, the report stated that RLS training could be enhanced. Specifically, the report suggested adding more complex processing scenarios in the RLS training program and scheduling periodic refresher courses. Since that report was issued, RLS training is now provided as new RLS versions are released, and DFOB Procedure 01-005, RLS Refresher Training, establishes procedures for ensuring claims specialists receive periodic RLS refresher courses and are made aware of system changes. In addition, DRR expects to revise its basic claims training in 2003.
In the second report, the OIG found that better security reviews and additional security-related procedures would enhance RLS security. (Note: This audit evaluated RLS security controls and related to RLS version 4. RLS Version 8 was released on December 16, 2002. Additionally, chances for inaccurate or incomplete data downloads could be further reduced by improving reconciliation procedures, verifying record count totals transmitted from bank closings to the national database, strengthening the data certification process, and improving the storage of archived RLS audit tables. Since that report was issued, DFOB has established procedures for RLS Security Controls and Data Quality, outlined security function in the RLS Operations and Users Manuals, and established standard desk top guidelines relative to the initial reconciliation of the deposit download into the RLS.
Pertinent Laws and Regulations
The statutory provisions governing deposit insurance can be found in the following sections of the Federal Deposit Insurance Act.
12 U.S.C. 1811 and 1821(a). Defines the mission of the FDIC – to insure deposits in banks and saving associations – and provides that each depositor is insured to a maximum of $100,000.
The FDIC has issued a uniform set of deposit insurance regulations applicable to both banks and saving associations. Those regulations are codified in 12 C.F.R. Part 330. The purpose of these regulations, as defined in 12 C.F.R. Part 330.2, is to clarify the rules and define the terms necessary to afford deposit insurance coverage and to provide rules for recognition of deposit ownership in various circumstances.
APPENDIX II: OVERVIEW OF THE INSURANCE DETERMINATION PROCESS (Claims Process)
Before a deposit insurance determination can be made, the following fundamental tasks must be completed:
Difficulties surrounding these tasks involve grouping or linking accounts of a particular depositor that are not identically named in the deposit records and discerning the different rights and capacities that trigger separate insurance coverage. In making insurance determinations, the FDIC presumes that funds are owned as shown on the “deposit account records” of the insured depository institution. The “deposit account records” are account ledgers, signature cards, certificates of deposit, passbooks, and certain computer records.
The RLS was designed to provide a central repository of claims data and assists in performing pre-closing estimates of uninsured depositors, bank closures, and subsequent claims processing and tracking. The RLS is also the tool used by DRR to group accounts. The grouping process for the RLS is defined as the procedure that automates the grouping of accounts based on ownership type indicator (assigned by the RLS based on a default list of ownership-type indicators) and the name(s), address, and tax identification number for each account. Because the data obtained from failed institutions is not standardized, the RLS must first build name keys from which it can sort data. The RLS uses a list of keywords to filter or prepare account ownership information before name keys are built. The primary purpose of developing name keys is to “group” accounts with common ownership together for insurance determination.
After the name keys are built, the RLS sorts the key fields by common names/addresses/or tax identification numbers. When “matches” are found and the total amount in the accounts within the group (i.e., insurable category – single ownership, joint, testamentary, etc.) exceeds the insurance limit (i.e., $100,000 for each insurable category), a unique number is assigned to the group and the group is put in the Grouping Report. Groups for which the total deposits in the accounts do not exceed the insurance limits are placed in “Group 0,” meaning these accounts are fully insured.
During the closing weekend, claims specialists use the Grouping Report to analyze the group membership for appropriateness. This review process is necessary because bank coding conventions, frequently occurring terms, and common keys may cause unrelated depositor accounts to be grouped together. For example, the RLS may group unrelated depositor accounts for individuals based on a common address (apartment building/boarding house). As claims specialists review the initial grouping report, they can make this distinction and mark these accounts to be “ungrouped” in RLS.
To facilitate the grouping process and reinforce core training, DFOB developed Basic Assumptions for Editing the Grouping Report, which provides general guidance for claim specialists. Specifically, it describes (1) the method to appropriately group deposit accounts, which include multiple ownership categories, and (2) the general editing conventions that claims specialists should use in making any necessary adjustment to the Grouping Report. Using standard editing conventions helps to ensure that no matter who does the editing, everyone can understand what has been done.
Claims specialists may also review available bank documentation (i.e., Certificates of Deposit or signature cards) to validate account styling information. For example, reviewing a signature card may reveal additional information that was truncated in the automated record. The goal is to generate a Final Excess Register that reflects accounts that are clearly uninsured (excess) or that could include excess funds. Thus, the depositor receives access to the insured deposits, but FDIC maintains control of the other portion of the deposits until the final insurance determination can be made. Generally, claims specialists need supplemental information from the depositor to make an accurate insurance determination for these accounts.
The DRR creates a file for every group of accounts included on the Final Excess Register (uninsured and potentially uninsured depositors) at the end of the closing weekend. For each file, claims specialists subsequently contact the depositors before making a final insurance determination, document discussions with depositors, obtain copies of signature cards or other bank records, and document the final insurance determination that is entered in the RLS. The final insurance determination is subject to review including concurrence of a Section Chief. DRR issues RCs to uninsured depositors for the amount of uninsured deposits. The RC entitles depositors to share proportionately in any funds recovered through the disposal of the assets of the failed institution. The following is a diagram of the basic insurance determination process.
Figure in Appendix II: Overview of Claims Process
[This figure appears in the non-508-compliant version of the report.]
Text Description of Figure in Appendix II: An overview of the insurance determination claims process is depicted by the following steps. Historically, the FDIC has executed the deposit insurance determination function over the closing weekend, beginning on Friday and continuing through post-closing beginning late the following Monday.
Source: OIG Analysis of DRR Process Maps.
APPENDIX III: CORPORATION COMMENTS
September 8, 2003
TO: Russell A. Rau, Assistant Inspector General, Office of Inspector General (OIG)
FROM: Mitchell L. Glassman [Electronically produced version; original signed by Mitchell L. Glassman], Director, Division of Resolutions and Receiverships (DRR)
SUBJECT: DRR Response to OIG Draft Report Entitled: Insurance Determination Claims Process (Assignment Number 2003-013)
The OIG makes one recommendation in the draft report:
Establish a process to routinely test the accuracy of insurance determinations and evaluate the test results in relationship to DRR-established benchmarks as part of the claims process redesign.
DRR agrees with the recommendation. In light of the claims reengineering process that is currently underway and the fact that it will involve a considerable amount of new technology, as well as changes to the process itself, DRR will comply with the audit recommendation within that reengineering effort. Therefore, DRR will determine an acceptable margin of error for the claims process and a method for periodically reviewing claims for adherence to that standard as part of the reengineering process, which is currently tentatively scheduled to be completed by year end 2005.
cc: Gail Patelunas
APPENDIX IV: MANAGEMENT RESPONSES TO RECOMMENDATIONS
The following presents the management responses that have been made on recommendations in our report and the status of recommendations as of the date of report issuance. The information is based on management's written response to our report.
Please note the following definitions that relate to the management responses to the recommendations:
Resolved: (1) Management concurs with the recommendation and the planned corrective action is consistent with the recommendation. (2) Management does not concur with the recommendation but planned alternative action is acceptable to the OIG. (3) Management agrees to the OIG monetary benefits or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as management provides an amount.
Dispositioned: The agreed-upon corrective action must be implemented, determined to be effective, and the actual amounts of monetary benefits achieved through implementation identified. The OIG is responsible for determining whether the documentation provided by management is adequate to disposition the recommendation. Once the OIG dispositions the recommendation, it can then be closed.
Recommendation Number 1
|Last Updated 10/10/2003|