DSC's Process for Tracking and Evaluating the Impact of the MERIT Guidelines

March 2005
Report No. 05-015

AUDIT REPORT

FDIC OIG, Office of Audits

Background and Purpose of Audit


The FDIC's Division of Supervision and Consumer Protection (DSC) is responsible for examining and supervising approximately 5,300 state non-member banks. For examinations commencing after March 31, 2002, DSC implemented the MERIT guidelines to assist examiners in the risk-focusing process for well-rated, well-capitalized banks with assets totaling $250 million or less, while maintaining the integrity of the examination process. Subsequently, DSC increased the total asset threshold to $1 billion for examinations commencing after January 31, 2004.

The MERIT procedures reemphasized existing risk-focused examination procedures and the use of examiner judgment to properly assess a financial institution's risk profile. The MERIT guidelines established loan penetration ratios to help standardize the percentage of loans reviewed during MERIT examinations.

The overall objective of this audit was to determine whether DSC adequately tracks and evaluates achievement of its goals for the MERIT guidelines. Specifically, we assessed the adequacy of processes, reports, and other data that DSC uses in monitoring MERIT examination coverage of financial institutions.

FDIC, Federal Deposit Insurance Corporation


Results of Audit


DSC collects and evaluates readily available information related to the efficiency, quality and integrity of all examinations, including those conducted under the MERIT guidelines. This information shows that application of the MERIT guidelines for well-rated and well-capitalized institutions has increased examination efficiency primarily as the result of fewer loans being reviewed compared to prior risk-focused examinations. Further, DSC has risk management processes and monitoring systems in place for monitoring its overall examination program and the risks to individual institutions and the industry as a whole. However, DSC could benefit from a monitoring process that specifically evaluates, in terms of risk, the outcome of the reduced loan penetration at MERIT examinations, either at the institution level or, more broadly, at the regional or national level. Such ongoing analysis would assist DSC in determining whether recommended loan penetration ranges under MERIT are commensurate with the risk associated with various types of loan portfolios in low-risk institutions. Finally, we found that examiners are required to justify loan penetration levels above, but not below, MERIT-recommended ranges. A clarification of this policy would promote the balance DSC is seeking to achieve in providing risk-based coverage under MERIT and would ensure that reduced loan penetration is adequately supported.

Recommendations and Management Response

We recommended that DSC implement a monitoring process for tracking and evaluating the impact of reduced loan coverage at MERIT-eligible institutions and that examiners justify loan penetration levels below MERIT-recommended ranges. DSC management disagreed with the recommendation related to a monitoring process; however, DSC provided information on its internal monitoring processes for all examinations, including MERIT examinations. DSC responded that the MERIT guidelines are entirely consistent with the risk-focused examination approach and that there are a number of other processes that provide assurances with regard to the quality and integrity of examination results, including examinations conducted using the MERIT guidelines. DSC concurred with the remaining recommendation regarding justification of reduced loan penetration ratios. Additionally, DSC indicated that it plans to closely review and assess loan penetrations in an expanded internal review program for its field offices, which addresses the intent of our recommendation. We consider management's planned actions responsive to the recommendations.





TABLE OF CONTENTS

BACKGROUND
      Risk-focused Examination Process
      DSC's Process Redesign Efforts
            Process Redesign I Streamlines Examination, Supervision, and Application Process
            Process Redesign II Establishes MERIT Guidelines
            Enterprise Risk Management
RESULTS OF AUDIT
MONITORING THE EFFICIENCY AND RISK OF MERIT EXAMINATIONS
      Monitoring Component of the ERM Model
      Reduction in Average Examination Hours
            Corporate Performance Objectives
            MERIT Guidelines
            Effects of Reduced Loan Coverage
      Approaches for Monitoring the Impact of the MERIT Guidelines
      Conclusion
RECOMMENDATIONS
CORPORATION COMMENTS AND OIG EVALUATION
APPENDIX I: OBJECTIVE, SCOPE, AND METHODOLOGY
APPENDIX II: MERIT GUIDELINES
APPENDIX III: CORPORATION COMMENTS
APPENDIX IV: MANAGEMENT RESPONSE TO THE RECOMMENDATIONS
TABLES:
Table 1: MERIT Examinations Compared to Prior FDIC Examinations
Table 2: Non-MERIT Examinations of 1- and 2- Rated Banks Compared to Prior FDIC Examinations
Table 3: Loan Penetration Ratios: MERIT Examinations Compared to Prior FDIC Examinations Conducted Before the Implementation of the MERIT Guidelines
Table 4: Loan Penetration Ratio Ranges of Recent MERIT Examinations Compared to Ranges for Prior MERIT Examinations
FIGURE:
Enterprise Risk Management Model


FDIC OIG letterhead
DATE: March 31, 2005

MEMORANDUM TO: Michael J. Zamorski, Director
Division of Supervision and Consumer Protection

FROM:Russell A. Rau [Electronically produced version; original signed by Russell A. Rau], Assistant Inspector General for Audits

SUBJECT: DSC's Process for Tracking and Evaluating the Impact of the MERIT Guidelines (Report No. 05-015)

This report presents the results of our audit of the Federal Deposit Insurance Corporation (FDIC) Division of Supervision and Consumer Protection's (DSC) process for monitoring the effectiveness of the Maximum Efficiency, Risk-focused, Institution Targeted (MERIT) guidelines for safety and soundness examinations. The MERIT guidelines are part of DSC's broader risk management and examination program for all FDIC-supervised institutions, and are applicable to well-rated and well-capitalized institutions with total assets of $1 billion or less. The overall objective of this audit was to determine whether DSC adequately tracks and evaluates achievement of its goals for the MERIT guidelines. Specifically, we assessed the adequacy of processes, reports, and other data that DSC uses in monitoring MERIT examination coverage of financial institutions. Appendix I of this report discusses our audit objective, scope, and methodology in detail. We are currently conducting a separate audit to determine whether DSC's process for determining an institution's eligibility for a MERIT examination adequately considers the appropriate risk factors. We will present the results of that audit in a future report.

BACKGROUND

The FDIC helps to promote confidence and stability in the Nation's financial system by insuring deposits in banks and thrifts. The FDIC examines and supervises approximately 5,300 state non-member banks, including state-licensed insured branches of foreign banks and state-chartered mutual savings banks. DSC has conducted several process improvement efforts that have changed its processes for examinations and supervision, including the implementation of a risk-focused examination process and streamlined examination procedures at banks with low-risk profiles.

Risk-focused Examination Process

On October 1, 1997, the FDIC, in conjunction with the Federal Reserve Board (FRB) and Conference of State Bank Supervisors (CSBS), began implementing a new risk-focused examination process designed to focus safety and soundness examinations on bank functions that pose the greatest risk exposure. To ensure consistent application nationwide, DSC developed examination procedure modules to provide examiners with a tool to focus on risk management and to establish an appropriate scope for the examination process. These modules include functional areas such as risk scoping, capital adequacy, loan portfolio management, earnings analysis, and anti-money laundering. Each module contains a series of examination decision factors and procedures for examiners to consider when evaluating an institution's management strategies and associated risk control practices. To reduce the amount of work conducted in completing the modules, an examiner can choose to test, evaluate, and accept the results from institution control systems such as internal and external audits, loan policy, loan review, and loan grading systems, while keeping in mind the size, complexity, and risk-profile of the institution. The examiner-in-charge (EIC) is responsible for developing an examination plan that is commensurate with the level of risk in each functional area and for documenting this plan in a scope memorandum referred to as the Pre-Examination Planning Memorandum. The memorandum sets forth scope decisions in terms of work to be performed, areas to receive special attention, and decisions to limit examination procedures.

DSC's Process Redesign Efforts

In 2000, DSC recognized the need to adjust to a changing banking industry and began a series of process redesign efforts to evaluate its own organization. The DSC's Process Redesign program was divided into several phases focusing on strategic changes in examination processes and economies in personnel.

Process Redesign I Streamlines Examination, Supervision, and Application Processes

In 2001, Process Redesign I resulted in recommendations to streamline DSC's examination, supervision, and application review processes. Some of the changes included: streamlining the pre-examination process and loan reviews, revising the report of examination format, using software packages to accelerate and standardize routine examination processes, training examiners to review large and complex data service providers and vendors, and developing a comprehensive contingency plan for major technology problems. DSC estimated that these changes saved resources equivalent to the work of about 95 examiners.

Process Redesign II Establishes MERIT Guidelines

In 2002, Process Redesign II focused on the effectiveness and efficiency of examinations of well-rated (1- and 2-rated), well-capitalized banks with total assets of $250 million or less. Based on the low-risk profile of those institutions, DSC concluded that maximum use of risk-focused examination procedures was warranted. Therefore, effective for examinations commencing after March 31, 2002, DSC implemented the MERIT guidelines to assist examiners in risk-focusing examination procedures in well-rated, well-capitalized banks while maintaining the integrity of the examination process. MERIT guidelines reemphasized existing risk-focused examination procedures and the use of examiner judgment to properly assess a financial institution's risk profile, and identified target ranges for the size of the loan sample selected for review. Use of the MERIT guidelines is to be considered in the examination of all banks, where appropriate. From April 1, 2002 through September 30, 2004, the FDIC conducted 5,976 safety and soundness examinations, of which 2,290 were conducted using MERIT guidelines.

Less than 2 years after the implementation of the MERIT guidelines, the FDIC expanded and modified the criteria for MERIT examinations commencing after January 31, 2004, as follows:

  • The total asset threshold for eligibility was increased from $250 million to $1 billion.

  • The basis for selecting the target loan penetration ratio[ 1 ] range would be guided by the Asset Quality component rating of the CAMELS rating system rather than the composite rating.

  • The subprime lender exclusion was broadened to encompass all banks identified on DSC's Quarterly Lending Alert (QLA), which identifies those insured institutions engaged in lending activities that inherently pose an increased risk to the institution.

  • The institution would be required to have a composite 1 or 2 rating at the previous two examinations, rather than just the previous examination.

Additional factors on the use of MERIT guidelines for examinations are outlined in Appendix II.

Additional process improvement efforts have focused on delegations of authority to field supervisors, examination documentation, and a pilot "relationship manager" program for continuous supervision.

Enterprise Risk Management

An important approach to managing risk is through a risk management framework. In its release, Enterprise Risk Management - Integrated Framework, dated September 2004, the Committee of Sponsoring Organizations of the Treadway Commission (COSO)[ 2 ] defined enterprise risk management (ERM) components, described ERM concepts and principles, and provided ERM guidance for all organizations. COSO defined enterprise risk management as "a process, effected by an entity's board of directors, management, and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives." Entities are to provide value for their stakeholders. Management maximizes an entity's value by setting a strategy and objectives that balance goals for growth and return with related risks and by efficiently and effectively deploying resources.

Management should consider the entity's risk appetite in setting the entity's objectives and developing mechanisms to manage the related risks. Entities often consider risk appetite qualitatively with categories such as high, moderate, or low, or entities may take a quantitative approach, reflecting and balancing goals for growth, return, and risk. An entity's risk appetite is directly related to an entity's strategy. That is, management considers its risk appetite as it aligns its organization, people and processes, and designs an infrastructure necessary to effectively respond to and monitor risks.

The COSO ERM framework is focused on achieving an entity's objectives in four categories:

  • Strategic:         high-level goals, aligned with and supporting its mission
  • Operations:     effective and efficient use of its resources
  • Reporting:       reliability of reporting
  • Compliance:   compliance with applicable laws and regulations

ERM consists of various interrelated components that are derived from the way management runs an entity and are integrated with the management process. These components are internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, and monitoring. There is a direct relationship between the objectives and components as depicted in the model below. This audit focused on the monitoring component of the ERM framework.

ERM Model [ D ]


RESULTS OF AUDIT

DSC collects and evaluates readily available information related to the efficiency, quality and integrity of all examinations, including those conducted under the MERIT guidelines. This information shows that application of the MERIT guidelines for well-rated and well-capitalized institutions has increased examination efficiency primarily as the result of fewer loans being reviewed compared to prior risk-focused examinations. Further, DSC has risk management processes and monitoring systems in place for monitoring its overall examination program and the risks to individual institutions and the industry as a whole. However, DSC could benefit from a monitoring process that specifically evaluates, in terms of risk, the outcome of the reduced loan penetration at MERIT examinations, either at the institution level or, more broadly, at the regional or national level. Such ongoing analysis would assist DSC in determining whether recommended loan penetration ranges under MERIT are commensurate with the risk associated with various types of loan portfolios in low-risk institutions. Finally, we found that examiners are required to justify loan penetration levels above, but not below, MERIT-recommended ranges. A clarification of this policy would promote the balance DSC is seeking to achieve in providing risk-based coverage under MERIT and would ensure that reduced loan penetration is adequately supported.

MONITORING THE EFFICIENCY AND RISK OF MERIT EXAMINATIONS

Information maintained by DSC on safety and soundness examinations shows that DSC's application of the MERIT guidelines has been successful in meeting Corporation and division goals for reducing examination time for small, well-rated institutions. However, DSC does not have a monitoring process that specifically evaluates whether reductions in loan coverage as provided by the MERIT guidelines impact the effectiveness of examinations. Developing a process or system for assessing the effectiveness of MERIT examinations would help DSC determine the appropriateness of the loan penetration targets established in the MERIT guidelines.

Monitoring Component of the ERM Model

We focused our audit on the monitoring component of COSO's ERM model, which is described as follows:

Monitoring: Management assesses both the presence and functioning of its components and the quality of their performance. Monitoring is accomplished through ongoing management activities, separate evaluations, or both. Because ongoing monitoring is performed on a real-time basis and reacts dynamically to changing conditions, it is more effective than separate evaluations. Problems often will be identified more quickly by ongoing monitoring routines. Some combination of ongoing monitoring and separate evaluations will help ensure that ERM maintains its effectiveness over time.

Reduction in Average Examination Hours

There has been a significant reduction in the number of hours expended by FDIC examiners in conducting risk-focused examinations. This reduction is attributable to a Corporate Performance Objective (CPO) and the MERIT guidelines, which were both established during the first quarter of 2002.

Corporate Performance Objectives

A 2002 DSC CPO established a 20-percent reduction in the average time spent conducting safety and soundness examinations of 1- and 2-rated institutions with total assets under $250 million. The 20-percent objective did not apply to banks that had a 3, 4, or 5 composite rating at their prior examination and had been subsequently upgraded to a 1 or 2 composite rating. The objective also did not apply to institutions that had been downgraded to a 3, 4, or 5 composite rating. DSC expected that a bank with a 1 composite rating would be examined in less time than an examination of a bank with a 2 composite rating. Therefore, the time spent for an examination of either bank is not expected to be reduced by exactly 20 percent. Accordingly, the CPO required a 20-percent reduction in the aggregate rather than for each examination. DSC Memorandum, Corporate Performance Objective - Composite 1 and 2 Rated Banks Under $250 Million, dated March 27, 2002, states that the time for some examinations may be reduced by more than 20 percent of the national average examination hours for similarly sized institutions to absorb the overage that occurred for other examinations. In 2004, another CPO established an additional 10-20 percent reduction in examination hours.

DSC used the time spent for examinations in 2000 as the baseline to measure the attainment of the 2002 CPO. After compiling data on independent, joint, and concurrent examinations started in 2000 that resulted in composite ratings of 1 or 2, DSC stratified the examinations by asset size and calculated the national average examination hours per asset category. The 2002 CPO reduction in hours was significant. Specifically, in 2002, examiners would have had to reduce the time for examinations by 175,775 hours, or by 20 percent, for 1- and 2-rated banks if DSC conducted the same number of examinations of those banks as had been conducted in 2000. DSC's Washington and regional offices monitored the progress of the CPO. Field office supervisors were required to explain in the Field Office Management Information System any reasons for examinations that exceeded the target hours by 10 percent.

MERIT Guidelines

The examiners' use of MERIT guidelines has led to the reduction of on-site hours for examinations and an overall reduction in examination hours. The reduction in MERIT examination hours is closely related to reduced examination coverage in loan reviews and reduced transactional testing.

As shown in Table 1, the time spent for conducting MERIT examinations exceeded the 20 percent reduction that DSC was targeting.

Table 1: MERIT Examinations Compared to Prior FDIC Examinations
(Percentage of Change in Average Total Examination Hours per Year)
Merit Examinations 2002 2003 2004
Number of Examinations per Year 515
728
818
Current Average Examination Hours 301.14
319.50
341.56
Prior Respective Average Examination Hours 438.53
445.20
467.62
Reduction in Hours (137.39)
(127.50)
(126.06)
Percentage (Decrease) (31.33%)
(28.23%)
(26.96%)
Source: OIG analysis of DSC examination data.

Table 2 illustrates examinations for 1- and 2-rated banks that were not conducted under the MERIT guidelines compared to prior examinations. The comparisons also indicate a reduction in average FDIC examination hours. The reduction, however, was less than the reduction in hours for the MERIT examinations.

Table 2: Non-MERIT Examinations of 1- and 2-Rated Banks Compared to Prior FDIC Examinations
(Percentage of Change in Average Total Examination Hours per Year)
Non-Merit Examinations 2002 2003 2004
Number of Examinations per Year 452
705
360
Current Average Examination Hours 569.08
522.87
438.44
Prior Respective Average Examination Hours 698.54
623.76
529.19
Reduction in Hours (120.46)
(100.89)
(90.75)
Percentage (Decrease) (17.47%)
(16.17%)
(17.15%)
Source: OIG analysis of DSC examination data.

DSC's Manual of Examination Policies states:

The objective of a risk-focused examination is to effectively evaluate the safety and soundness of the bank, including the assessment of risk management systems, financial condition, and compliance with applicable laws and regulations, while focusing resources on the bank's highest risks. The exercise of examiner judgment to determine the depth of review in each functional area is crucial to the success of the risk-focused supervisory process.

During the pre-examination planning for MERIT examinations, the EIC conducts risk scoping activities for determining:

  • work to be performed,
  • areas to receive special attention, and
  • the number and expertise of personnel required.

During the pre-planning phase and at the financial institutions, the EIC may expand the scope of the examination if circumstances indicate that expanded procedures are necessary to fully assess the risks of the institution.

Effects of Reduced Loan Coverage

One of the major changes that distinguish the MERIT guidelines from the prior risk-focused examination guidelines is the establishment of loan penetration ratios to help standardize the percentage of loans reviewed during MERIT examinations. DSC's Manual of Examination Policies provides that:

An appraisal of lending and collection policies, the bank's adherence thereto, and the evaluation of individual loans are among the most important aspects of the examination process. To a great extent, it is the quality of a bank's loan portfolio that determines the risk to depositors and to the FDIC's insurance fund. Conclusions regarding the condition of the bank and the quality of its management are weighted heavily by the examiner's findings with regard to lending practices.

The examiners' use of MERIT guidelines has led to the reduction of time expended on loan portfolio reviews in well-managed banks. MERIT guidelines recommend loan penetration ratios of 15 to 25 percent for Category-1 banks and 20 to 30 percent for Category-2 banks.[ 3 ] These percentages are generally lower than those for prior non-MERIT examinations where, for example, the loan penetration ratio for an examination of composite 1- and 2-rated non-MERIT banks ranged from 26 to over 50 percent. Table 3 below depicts loan penetration ratios for MERIT examinations compared to loan penetration ratios used before the implementation of the MERIT guidelines.[ 4 ]

Table 3: Loan Penetration Ratios: MERIT Examinations Compared to Prior FDIC Examinations Conducted Before Implementation of the MERIT Guidelines
Loan Penetration Ratio Ranges (Percentage of Loans Reviewed) 0-14 15-20 21-25 26-30 31-35 36-50 51-100 Total
MERIT Examinations Since June 2002 21 287 384 209 27 31 8 967*
Percent of Total 2% 30% 40% 21% 3% 3% 1% 100%
Prior Respective Non-MERIT Examinations 28 42 48 116 124 395 214 967*
Percent of Total 3% 4% 5% 12% 13% 41% 22% 100%
Source: OIG analysis of DSC examination data.
*From April 1, 2002 through September 30, 2004, DSC examiners conducted 2,290 MERIT examinations. However, loan penetration ratio information from the prior FDIC examinations was available for only 967 of the banks.

We selected for review 967 MERIT examinations that were conducted from June 2002 through September 2004. Our review showed that 901 (93 percent) examinations had loan penetration ratios of 30 percent or less. Regarding the FDIC's 967 non-MERIT examinations conducted prior to the implementation of the MERIT guidelines, 733 (76 percent) examinations had loan penetration ratios above 30 percent.

Table 4 compares the loan penetration ratios for the 29 banks that had completed a cycle of two FDIC-conducted MERIT examinations as of September 2004.

Table 4: Loan Penetration Ratio Ranges of Recent MERIT Examinations Compared to Ranges for Prior MERIT Examinations
Loan Penetration Ratio Ranges (Percentage of Loans Reviewed) 0-14 15-20 21-25 26-30 31-35 36-50 51-100 Total
Number of MERIT Examinations Since June 2002 2 9 12 2 2 2 0 29
Percent of Total 7% 31% 41% 7% 7% 7% 0% 100%
Number of Prior MERIT Examinations 2 2 14 6 1 3 1 29
Percent of Total 7% 7% 48% 22% 3% 10% 3% 100%
Source: OIG analysis of DSC examination data.

Our comparison shows that examiners for the 29 banks reviewed fewer loans at the most recent examinations. As Table 4 illustrates, for more than 80 percent of the MERIT examinations, the average loan penetration ratio is below the target 30-percent range. Most notable is the shift to the lower 15-20 percent loan penetration range-from 7 percent for the prior MERIT examinations to 31 percent for the most recent MERIT examinations at the banks.

According to MERIT guidelines, when the actual loan penetration ratio exceeds the recommended ranges (15 to 25 percent for Category-1 banks and 20 to 30 percent for Category-2 banks), the examiner should justify the variance in the Pre-Examination Planning Memorandum and/or in the Confidential-Supervisory Section page of the Report of Examination, where appropriate. However, the MERIT guidelines do not require a written justification when the loan penetration ratios fall below the recommended ranges. Although we do not have data to determine the specific loan penetration variances for the Category-1 and Category-2 banks, Table 4 indicates that 7 percent of the selected MERIT examinations fell below the minimum recommended 15-percent loan penetration ratio. Therefore, the potential risks associated with loan coverage that is below the recommended loan penetration ranges should also require justification.

Approaches for Monitoring the Impact of the MERIT Guidelines

As of March 31, 2005, the MERIT guidelines have been used by FDIC examiners for 3 years. The reduction of loan coverage over long periods may or may not impact the levels of risk at FDIC-supervised financial institutions, but DSC has not developed a formal process to evaluate, in terms of risk, the outcome associated with the implementation of the MERIT guidelines. However, there is significant data currently collected through the examination process that can provide useful feedback to management.

DSC has various monitoring controls in place for all examinations. Specifically, there are a number of processes noted below that provide assurances with regard to the integrity of examination findings, including examinations conducted under the MERIT guidelines:

  • an alternating examination schedule with state banking departments,
  • rotation of EICs,
  • multi-tier staff involvement in the examination process,
  • examination review processes,
  • examination surveys,
  • off-site monitoring programs, and
  • banker outreach initiatives.

Additionally, the MERIT guidelines provide a filtering process so that only small, well-rated and well-capitalized institutions are eligible for MERIT examinations. Further, DSC is expanding its internal review work to increase the evaluation of examination work products. This action has been taken in response to increased delegated processing of final examination work in the field offices. As part of the expanded internal review work, DSC would provide an assessment of the adequacy of loan coverage for a sample of examinations, including MERIT examinations.

The following approaches also could help DSC management monitor the impact of reduced loan coverage provided by MERIT examinations:

  • Track and compare various financial ratios, such as Past Due Loan percentages, to help monitor whether the quality of the overall MERIT bank loan portfolios are declining.

  • Establish a periodic sample of MERIT-eligible institutions, and conduct in-depth examinations on these institutions. This would establish a control group for which the results could be statistically benchmarked to all MERIT examinations.

  • Establish a periodic sample of MERIT-eligible institutions and utilize statistical loan sampling techniques for the associated institutions in lieu of judgmentally selected samples. This would establish a benchmark for selecting loan samples for MERIT examinations.

DSC management informed us that, in 2004, DSC examiners determined that about 300 banks were no longer MERIT-eligible. These determinations are a clear indication that risk is being considered at the institution level due to the use of the MERIT-eligibility criteria. However, these criteria supplement but do not overshadow the need for a more systematic monitoring process.

Beginning in 2004, DSC amended the Summary Analysis of Examination Report to collect the following information on MERIT-eligibility factors:

  • Banks identified on the QLA
  • Management changes or change in control
  • Adverse external factors
  • Change in the bank's risk profile
  • Niche bank, such as a credit card or Internet bank
  • Significant new business lines
  • Whether banks have an effective loan grading system.

Each of these factors has a direct impact on removing a bank from MERIT eligibility. An analysis of this data will help DSC to determine why banks have been removed from MERIT eligibility and to perform a risk-based assessment of the MERIT eligibility criteria. Another ongoing audit by our office is focusing on DSC's process for determining an institution's eligibility for MERIT guidelines.

Conclusion

FDIC management has deemed the MERIT guidelines to be a success. The DSC Director stated that the benefits of the MERIT guidelines include less examiner time spent on-site at well-rated institutions and more examination resources devoted to institutions with higher risks. FDIC management made it clear that it intends to ensure that resources are focused on areas of the greatest risk while preserving the integrity of the examination process. Due to less time expended for examinations for well-rated institutions, the savings are quantifiable, and results appear to be successful.

While the use of MERIT has clearly reduced examinations hours, the FDIC's primary objective should be to ensure the continuation of high-quality examinations, early identification of problems and their root causes, and the development and implementation of appropriate refinements to further enhance effective and efficient operations. For DSC to accomplish that objective and effectively monitor, evaluate, and revise when appropriate the use of the MERIT guidelines, it is essential that management have sufficient information on which to base its decisions. In that regard, DSC would benefit from an ongoing monitoring process that evaluates the outcome, positive or negative, of the reduced loan coverage provided by the MERIT guidelines.

RECOMMENDATIONS

We recommend that the Director, DSC:

(1) Implement a monitoring process for tracking and evaluating the impact of reduced loan coverage at MERIT-eligible institutions.

(2) Require examiners to justify variances in the Pre-Examination Planning Memorandum and/or in the Confidential-Supervisory Section page of the Report of Examination if the loan penetration ratio level falls below the recommended ranges for Category-1 and Category-2 MERIT-eligible institutions.

CORPORATION COMMENTS AND OIG EVALUATION

On March 30, 2005, the Director, DSC, provided a written response to the draft report. The response is presented in its entirety in Appendix III of this report. DSC did not concur with recommendation 1 but did concur with recommendation 2. A summary of the Director's comments in general and on each recommendation follows.

DSC agreed with our observation that the application of the MERIT guidelines for well-rated and well-capitalized institutions has increased examination efficiency, but disagreed "with the report's implication that the scaling back of loan portfolio reviews in the lowest-risk institutions represents a potential risk to the integrity of safety and soundness examinations." DSC pointed out that it already utilizes a number of measures to ensure the quality and integrity of the examination process and that the report does not consider the breadth and depth of the existing management processes.

OIG Evaluation: The audit scope focused on DSC's processes, reports, and other data for examinations conducted within the MERIT guidelines. Thus, the draft report did not address other risk management processes for DSC examinations. The report's Background section discusses the risk-focused examination process and how DSC's process redesign efforts led to the MERIT guidelines. MERIT guidelines encourage examiners to streamline the loan review process, principally by establishing reduced loan penetration ratio ranges. We revised the report to reflect that the reduction of loan coverage over long periods may or may not impact the levels of risk at the financial institutions rather than implying that, in fact, there was increased risk. It is our conclusion, however, that DSC could benefit from a monitoring process that specifically evaluates the outcome, in terms of risk, produced by the reduced loan penetration provided by MERIT examinations.

Recommendation 1: Implement a monitoring process for tracking and evaluating the impact of reduced loan coverage at MERIT-eligible institutions.

DSC did not concur with this recommendation, stating that it maintains a strong risk management process, in the form of a comprehensive quality control program, for all examinations. DSC stated that in addition to a sound, risk-focused examination program and utilization of a well-trained and experienced examination staff, there are a number of other processes that provide assurances with regard to the integrity of examination findings, including examinations conducted using the MERIT guidelines. In addition, DSC is expanding its field territory internal review program. During the field reviews, DSC's Internal Control and Review Section will review a sample of examination reports and related work papers to ensure that the examination scope (including loan review) was appropriate, identified examination procedures were followed, and the bank's risk profile was properly identified and addressed.

OIG Evaluation: In response to DSC's comments on the draft audit report, the OIG met with DSC management to discuss its concerns. As a result, we have modified the report to recognize DSC's related risk management and monitoring processes for all examinations. Further, DSC's response provides an analysis of average loan penetration ratios by asset category. Such analysis may assist in monitoring loan penetration ratios. DSC's monitoring processes for all examinations, loan penetration analysis such as that provided in DSC's response, and the upcoming field reviews covering the appropriateness of examination scope and loan review will assist DSC in determining whether recommended loan penetration ratio ranges under MERIT are commensurate with the risk associated with various types of loan portfolios in low-risk institutions. In consideration of these factors and DSC's response, we have concluded that this recommendation is resolved, dispositioned, and closed.

Recommendation 2: Require examiners to justify variances in the Pre-Examination Planning Memorandum and/or in the Confidential-Supervisory Section page of the Report of Examination if the loan penetration ratio level falls below the recommended ranges for Category-1 and Category-2 MERIT-eligible institutions.

DSC concurred with this recommendation. DSC will provide clarification to examiners, indicating that variances both above and below the MERIT-recommended thresholds should be explained in the Pre-Examination Planning Memorandum and/or in the Confidential-Supervisory Section page of the Report of Examination, where appropriate. This clarification will be issued in a written memorandum by June 30, 2005.

OIG Evaluation: This recommendation is resolved but will remain undispositioned and open for reporting purposes until we have determined that agreed-to corrective actions have been completed and are effective.




OBJECTIVE, SCOPE, AND METHODOLOGY

APPENDIX I

Objective

The objective of this audit was to determine whether DSC adequately tracks and evaluates achievement of its goals for the MERIT guidelines. Specifically, we determined the adequacy of processes, reports, and other data that DSC uses in monitoring MERIT examination coverage of financial institutions. We performed the audit from May 2004 through January 2005 in accordance with generally accepted government auditing standards.

Scope and Methodology

To achieve the audit objective, we performed the following:

  • Reviewed DSC policies and procedures related to examination scoping and planning and their impact on the allocation of examination resources.

  • Reviewed and discussed with appropriate DSC officials examinations associated with judgmentally selected banks.

  • Held entrance conferences with and interviewed DSC officials in Washington, D.C., regional, and field offices as appropriate and necessary, and met with DSC officials periodically during the audit.

  • Met with DSC officials to obtain the results of DSC's monitoring of the implementation of the MERIT guidelines and their findings which led to the expansion of MERIT to additional financial institutions during January 2004, as outlined in Transmittal 2004-001, dated January 27, 2004.

  • Reviewed FDIC-established performance goals/objectives that relate to its risk-focused examination process.

  • Reviewed previous Office of Inspector General audit reports related to risk-focused examinations.

  • Obtained, reviewed, and analyzed DSC reports and related information on risk-focused examinations conducted under the MERIT guidelines.

  • Performed an analysis to determine changes in the allocation of examination hours from low- to high-risk banks as a result of DSC's planning and scoping for MERIT examinations.

  • Reviewed DSC's assessment of the MERIT guidelines, specifically the assessment used to justify expansion of use of the MERIT guidelines to additional institutions.

  • Assessed examiner comments/positions on potential problems and successes of MERIT.

  • Performed field work at DSC headquarters and at selected regional and field offices.

  • Obtained examination data of FDIC-conducted examinations from applicable FDIC automated systems--the Virtual Supervisory Information on the Net (ViSION) and Scheduling, Hours and Reporting Package (SHARP) systems. We did not review these systems for data processing procedures and control. We interviewed DSC management knowledgeable about the data and found it was sufficiently reliable for use in the audit. Further, our audit work did not disclose concerns about the examination data produced by the systems.

To determine if DSC systems for capturing and measuring examiner time are sufficient for assessing the purpose of the MERIT guidelines, we analyzed the examination data from April 1, 2002 through September 30, 2004 for changes in total examination time, on-site time, and loan penetration ratios for the following three primary MERIT factors:

  • Composite rating - MERIT institutions, 1 and 2 composite rated non-MERIT institutions, and 3, 4, and 5 CAMELS-rated institutions.

  • Asset size - MERIT institutions, non-MERIT institutions with assets under $1 billion, and institutions with assets over $1 billion that were not eligible for MERIT.

  • Capital adequacy - MERIT institutions, well-capitalized non-MERIT institutions, and less than well-capitalized institutions.

Summary of Prior Audit Coverage

The Office of Inspector General completed three prior reviews of the FDIC's risk-focused examination process. Audit Report No. 00-016, Follow-up Audit of the Implementation of the Risk-Focused Examination Process, was issued May 5, 2000 as a supplement to the report on the Audit of the Implementation of the Risk-Focused Examination Process, which was issued November 5, 1998. These two audits focused primarily on the implementation of risk-focused examination procedures and workpaper and documentation uniformity. Audit Report No. 01-016, Audit of DOS's Use of Expanded and Impact Examination Procedures in the Risk-Focused Examination Process, issued March 30, 2001, focused on workpaper support for risk-focused examinations. The three reviews addressed risk-focused examination procedures but primarily focused on examination mechanics.




MERIT GUIDELINES

APPENDIX II

Effective March 31, 2002, the FDIC implemented the MERIT guidelines to assist examiners in risk-focusing examination procedures at institutions with low-risk profiles. The FDIC developed the guidelines for examinations of 1- and 2-rated well-capitalized banks with total assets of $250 million or less. DSC expanded and modified the MERIT guidelines for all examinations commencing after January 31, 2004, as noted in DSC's Memorandum entitled, Maximum Efficiency, Risk-focused, Institution Targeted (MERIT) Guidelines, Transmittal No. 2004-001, dated January 27, 2004.

  • The total asset threshold for eligibility was increased from $250 million to $1 billion.

  • The basis for selecting the target loan penetration ratio range was changed from the composite rating to the Asset Quality rating.

  • The subprime lender exclusion was broadened to encompass all banks identified on DSC's QLA.

Additional MERIT eligibility factors noted in the memorandum include the following:

  • Stable Management - Banks with management teams that have not exhibited significant changes in operating management or boards of directors since the prior examination.

  • No Change in Control - Banks that have experienced a significant change in ownership or a change in control since the prior examination are ineligible for the MERIT guidelines.

  • No Significant Adverse External Factors - Natural disasters or local and national adverse economic conditions could result in the exclusion of a bank from examination under the MERIT guidelines.

  • No De Novo, Niche, or Banks Identified on DSC's Quarterly Lending Alert - These banks are excluded from examination under the MERIT guidelines. De novo refers to a bank that is "new" or newly formed or chartered and insured. De novo banks, for the purpose of the MERIT guidelines, are institutions that have been FDIC-insured for less than 3 years. Currently, the QLA includes:

    • Institutions in which subprime loans represent 25 percent or more of Tier 1 capital.

    • Institutions in which high loan-to-value loans represent 25 percent or more of Tier 1 capital.

    • Institutions that, as a significant part of their business, make or purchase loans for sale or securitization and have those loans serviced and held off-premises by third parties or affiliates.

    • Institutions in which residual assets represent 25 percent or more of Tier 1 capital.

    • Institutions directly or indirectly engaged in payday lending.


  • No Significant Change in Risk Profile Evident from Off-Site Analysis or Monitoring Systems - The presence of a bank on the Growth Monitoring System (GMS), Statistical CAMELS Offsite Rating (SCOR), and Real Estate Stress Test (REST), etc., will not automatically exclude a bank from examination under the MERIT guidelines. However, adverse conclusions derived from off-site monitoring systems should make a bank ineligible for a MERIT examination.

  • Effective Loan Grading System - Banks that have adequate formal or informal loan grading processes appropriate to the size and complexity of the institution should be considered for MERIT guidelines. Small, rural banks may not have a formal loan review or grading system, but if management exercises appropriate risk selection and identifies credit quality concerns, such banks should be considered for the MERIT guidelines.

  • No Significant New Business Lines - Banks that have entered significant new business lines since the prior examination are ineligible for the MERIT guidelines.

  • No Component rating of 3, 4, or 5 - Banks with any component rated 3, 4, or 5 at the prior examination, or in subsequent rating changes, are ineligible for the MERIT guidelines.

Even though a bank does not meet the criteria to qualify for the MERIT guidelines, examiners are still encouraged to maximize the use of current risk-focused examination procedures in areas that pose minimal risk to the institution. Banks meeting the criteria are divided into two categories:

  • Category 1 - Banks with an asset quality component rating of 1 at the last examination.[ 5 ]

  • Category 2 - Banks with an asset quality component rating of 2 at the last examination.

For examinations of Category-1 banks, the loan penetration ratio should generally range from 15 25 percent. For Category-2 banks, the loan penetration ratio should generally range from 20 30 percent. The EIC has the discretion to target a loan penetration ratio that may be above these ranges, with the Field Supervisor's or Supervisory Examiner's concurrence.




CORPORATION COMMENTS

APPENDIX III



[ D ]







[ D ]


MANAGEMENT RESPONSE TO RECOMMENDATIONS

APPENDIX IV



This table presents the management response that has been made on the recommendations in our report and the status of the recommendations as of the date of report issuance.

Rec. Number Corrective Action: Taken or Planned/Status Expected
Completion Date
Monetary Benefits Resolved: [ a ] Yes or No Dispositioned: [ b ] Yes or No
Open or Closed [ c ]
1
DSC's monitoring processes for all examinations, loan penetration analysis such as that provided in DSC's response, and the upcoming field reviews will assist DSC in determining whether recommended loan penetration ranges under MERIT are commensurate with the risk associated with various types of loan portfolios in low-risk institutions.   Not Applicable   $0   Yes   Yes   Closed
2
DSC will provide clarification to examiners indicating that variances both above and below the MERIT-recommended thresholds should be explained in the Pre-Examination Planning Memorandum and/or in the Confidential-Supervisory Section page of the Report of Examination, where appropriate.   June 30, 2005   $0   Yes   No   Open
a Resolved
(1) Management concurs with the recommendation, and the planned corrective action is consistent with the recommendation.
(2) Management does not concur with the recommendation, but planned alternative action is acceptable to the OIG.
(3) Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as management provides an amount.

b Dispositioned The agreed-upon corrective action must be implemented, determined to be effective, and the actual amounts of monetary benefits achieved through implementation identified. The OIG is responsible for determining whether the documentation provided by management is adequate to disposition the recommendation.

c Once the OIG dispositions the recommendation, it can then be closed.

Last updated 5/27/2005