Effectiveness of Supervisory Corrective Actions

September 2005
Report No. 05-039

AUDIT REPORT

FDIC OIG, Office of Audits

Background and
Purpose of Audit


The Federal Deposit Insurance Corporation (FDIC) uses a number of tools to address supervisory concerns related to the safety and soundness of financial institutions and their compliance with laws and regulations. These tools range from informal advice and written agreements to formal actions that are legally enforceable. Supervisory corrective actions are tailored to each situation and address the specific problems at an institution.

The objective of the audit was to determine whether supervisory corrective actions taken against FDIC-supervised institutions achieved the intended purposes before being terminated. The audit focused on the FDICís use of Cease and Desist orders and Memorandums of Understanding Ė two of the more commonly used supervisory corrective actions.

FDIC, Federal Deposit Insurance Corporation


Results of Audit


The FDICís Division of Supervision and Consumer Protection (DSC) has established policies and procedures that provide detailed guidance pertaining to initiating, monitoring, and terminating formal and informal actions. Specifically, sufficient controls are in place and operating effectively to ensure that supervisory corrective actions achieve their intended purposes before being terminated. From our review of 15 supervisory corrective actions terminated in 2004, we concluded that the institutions were in substantial compliance with the provisions of the actions and that the conditions at the institutions had improved sufficiently so that the actions were no longer needed. We also found that DSC regional office files generally contained adequate justifications for terminating the actions.

In conducting tests related to our audit objective, we found that DSC could improve the timeliness and completeness of data in the Formal and Informal Action Tracking system (FIAT). Specifically, FIAT information for 14 of the 15 actions we reviewed often was not entered into the system in a timely or complete manner. In addition, the system did not include formal enforcement actions that state regulators independently issued to FDIC-supervised institutions. As a result, DSC cannot fully rely on the FIAT data and management reports for monitoring supervisory corrective actions.

Recommendation and Management Response

The report contains three recommendations intended to improve the timeliness and completeness of data in FIAT. FDIC management agreed with the recommendations and is taking corrective actions.

Supervisory Corrective Actions Terminated During 2004

DSC Regional and Area Offices

Cease & Desist Orders

Memorandums of Understanding

Total Terminated Actions

Atlanta

2

15

17

Boston

0

7

7

Chicago

21

32

53

Dallas

3

15

18

Kansas City

5

36

41

Memphis

3

27

30

New York

5

2

7

San Francisco

7

11

18

Total

46

145

191

Source: Office of Inspector Generalís review of FIAT data. [ D ]




TABLE OF CONTENTS

BACKGROUND
RESULTS OF AUDIT
FINDINGS AND RECOMMENDATIONS
FINDING A: PROCESS TO TERMINATE SUPERVISORY CORRECTIVE ACTIONS
FINDING B: FIAT DATA IN ViSION
   Data Stewardship Program
   Data Requirements Addressed in the FIAP Manual
   Review of FIAT Data in ViSION
RECOMMENDATIONS
CORPORATION COMMENTS AND OIG EVALUATION
APPENDIX I: OBJECTIVE, SCOPE, AND METHODOLOGY
APPENDIX II: INFORMAL AND FORMAL SUPERVISORY CORRECTIVE ACTIONS COMMONLY INITIATED BY THE FDIC
APPENDIX III: CORPORATION COMMENTS
APPENDIX IV: MANAGEMENT RESPONSE TO RECOMMENDATION
TABLES
Table 1: C&Ds and MOUs Issued
Table 2: Supervisory Corrective Actions Reviewed
Table 3: FIAT Data in ViSION
Table 4: Supervisory Corrective Actions Terminated During 2004



FDIC OIG letterhead

DATE: September 28, 2005

MEMORANDUM TO: Christopher J. Spoth, Acting Director
Division of Supervision and Consumer Protection

FROM: Russell A. Rau [Electronically produced version; original signed by Russell A. Rau]
Assistant Inspector General for Audits

SUBJECT: Effectiveness of Supervisory Corrective Actions
(Report No. 05-039)

This report presents the results of our audit of the effectiveness of supervisory corrective actions implemented by the Federal Deposit Insurance Corporationís (FDIC) Division of Supervision and Consumer Protection (DSC). The objective of the audit was to determine whether supervisory corrective actions taken against FDIC-supervised institutions achieved the intended purposes before being terminated. The audit focused on the FDICís use of Cease and Desist orders (C&Ds) and Memorandums of Understanding (MOUs) Ė two of the more commonly used supervisory corrective actions. Appendix I of this report discusses our objective, scope, and methodology in detail.

BACKGROUND

A cornerstone of a healthy deposit insurance system is the process used by regulators to identify and, to the extent possible, remedy unsafe and unsound banking practices and noncompliance with laws and regulations. The FDICís supervisory process attempts to identify problems and seek solutions early enough to enable remedial action that will prevent serious deterioration in a bankís condition and reduce risk to the FDIC insurance funds. When problems are detected, examiners must determine the severity along with the timing and form of needed corrective actions. The FDIC uses a number of tools to address supervisory concerns related to the safety and soundness of financial institutions and their compliance with laws and regulations. These tools range from informal advice and written agreements to formal actions that are legally enforceable. The contents of supervisory corrective actions are tailored to each situation and address the specific problems at a particular institution. Appendix II provides a description of informal and formal supervisory corrective actions commonly initiated by the FDIC.

Informal and formal supervisory corrective actions address unsafe and unsound practices and conditions and violations of law that could result in the risk of loss to an insured financial institution. DSCís Risk Management Manual of Examination Policies notes that either an informal or formal action will be taken on banks with composite safety and soundness ratings of 3, 4, or 5 unless specific circumstances argue strongly to the contrary. Additionally, the DSCís Formal and Informal Actions Procedures Manual (FIAP Manual) details steps examiners should take when contemplating corrective actions against banks. After a supervisory action is implemented, DSC regional officials monitor the institutionís compliance with the action, usually through progress reports submitted by the institution. When DSC has determined that an institution is in compliance or substantial compliance with the provisions of the action and/or the institutionís condition has improved sufficiently, the FDIC may terminate the action, or when the provisions of a supervisory corrective action have been partially met, a new formal or informal action may be issued.

Table 1 identifies the number of formal C&Ds and informal MOUs that the FDIC issued in 2003 and 2004 to address safety and soundness, compliance, and other matters at FDIC-supervised institutions.

Table 1: C&Ds and MOUs Issued

Year

Number of FDIC- Supervised Institutions at year-end

Number of C&Ds

Number of MOUs

Total

2003

5,340

38

183

221

2004

5,272

38

186

224

Total

 

76

369

445

Source: Information obtained from the FDICís Virtual Supervisory Information on the Net system (ViSION). [ D ]

DSC monitors supervisory corrective actions issued against FDIC-supervised banks through the Formal and Informal Action Tracking (FIAT) module within ViSION. FIAT includes information related to the tasks of case managers, review examiners, and other staff involved in processing and monitoring supervisory actions. Furthermore, FIAT generates various reports that the FDICís headquarters, regional, and field offices use in tracking the progress of supervisory actions.

RESULTS OF AUDIT

DSC has established policies and procedures that provide detailed guidance on initiating, monitoring, and terminating formal and informal actions. Specifically, controls are in place and operating effectively to ensure that supervisory corrective actions achieve their intended purposes before being terminated. From our review of 15 supervisory corrective actions terminated in 2004, we concluded that the institutions were in substantial compliance with the provisions of the actions and that the conditions at the institutions had improved sufficiently so that the actions were no longer needed. We also found that DSC regional office files generally contained adequate justifications for terminating the actions (see Finding A).

In conducting tests related to our audit objective, we found that DSC could improve the timeliness and completeness of data in FIAT. Specifically, FIAT data for 14 of the 15 actions we reviewed was often not input in a timely manner, and certain data fields were incomplete. In addition, the system did not include formal enforcement actions that state regulators had independently issued to FDIC-supervised institutions. As a result, DSC cannot fully rely on the timeliness or completeness of FIAT data and management reports that are used to manage and monitor DSCís corrective action process (see Finding B).

FINDINGS AND RECOMMENDATIONS

FINDING A: PROCESS TO TERMINATE SUPERVISORY CORRECTIVE ACTIONS

DSC properly monitored and subsequently terminated supervisory corrective actions in accordance with established procedures. We reviewed 224 provisions for the 15 supervisory corrective actions in our sample and found that DSC had monitored the progress of the institutions to ensure compliance with the provisions. Specifically, for the 15 actions reviewed, DSC had received and reviewed progress reports from the institutions. In addition, DSC files contained evidence of ongoing communications with the institutions and DSCís monitoring of institution compliance with the provisions of the actions. We also determined that the institutions had substantially complied with the provisions before all 15 actions were terminated.

FDICís FIAP Manual states that the FDIC may terminate C&Ds or MOUs when any of the following conditions exist:

  • The institution is in significant or material compliance with the provisions of the action.
  • The institutionís condition has improved sufficiently so that the action is no longer needed.
  • The institution has partially met the provisions of the action, and a new action has been issued to address outstanding provisions or new areas of concern.
  • The institution merged or is closed.
  • Deterioration or lack of compliance leads to issuance of a new or revised action.

In addition to the institutionsí achieving substantial compliance with all 15 corrective actions, 14 of the 15 actions were terminated, in part, because the examination composite ratings at the institutions had improved. Details are shown in Table 2 on the next page. Also, 6 of the 15 terminated actions were replaced with a less severe action Ė either a bank board resolution or an MOU.

Table 2: Supervisory Corrective Actions Reviewed

Institution

Type of Action

Type of Examinationa

Number of Provisions

Examination Rating at Time Action Was Initiated

Examination Rating at Time Action Was Rescinded

1

C&D

S&S

16

344422/4

232312/2

2

MOU

S&S

9

223423/3

122312/2

3

MOU

Compliance

5

3

2

4

MOU

S&S

16

333322/3

232222/2

5

C&D

S&S

19

554533/5

333322/3

6

MOU

Compliance

7

4

2

7

MOU

S&S

12

233322/3

232222/2

8

MOU

S&S

27

234212/3

123212/2

9

MOU

S&S

27

233323/3

233322/3

10

C&D

S&S

24

455444/4

223323/3

11

MOU

Compliance

6

3

2

12

MOU

IT

11

2323/3

2323/2

13

MOU

IT

8

4423/3

2223/2

14

C&D

S&S

17

555544/5

443523/4b

15

C&D

S&S

20

444544/4

333333/3

Total

 

 

224

 

 

Source: Information obtained from the FDICís Virtual Supervisory Information on the Net system (ViSION).
a  Safety and Soundness (S&S), Compliance, or Information Technology (IT) examinations.
b  The institution merged with another institution in March 2004.
[ D ]

We also noted that actions had been terminated only after approvals by appropriate senior DSC regional officials. Based on our review of supervisory corrective actions issued to these 15 institutions, we concluded that the process for terminating supervisory corrective actions is operating as intended; therefore, we are not making any recommendations in this area.

FINDING B: FIAT DATA IN ViSION

While evaluating the effectiveness of DSCís supervisory corrective actions, we found that DSC had not adequately implemented controls to efficiently and effectively manage FIAT data related to those actions. Specifically, DSC had not ensured that FIAT data in ViSION[ 1 ] was updated in a timely and complete manner. DSC had not entered 4 of the 15 corrective actions we reviewed into FIAT until 4 or more months after their effective dates, and the records were incomplete for 14 of the 15 actions. In addition, DSC did not use FIAT to track formal enforcement actions that were independently issued by state regulators to FDIC-supervised institutions. As a result, the FDIC cannot fully rely on FIAT data and management reports for monitoring all supervisory corrective actions.

Data Stewardship Program

At the corporate level, the FDIC has recognized that its success is dependent on accurate, reliable, and consistent data. To that end, in September 2001, the FDIC revised its Data Stewardship Program (Circular 1301.3) to establish controls related to business accountability and responsibility for managing and sharing corporate data. The objectives of the revised program included:

  • managing data as a valuable corporate asset;
  • ensuring the usefulness, accuracy, timeliness, and accessibility of corporate data; and
  • facilitating effective, efficient management of large and growing volumes of data.

Under the Data Stewardship Program, division and office directors are responsible for designating subject matter experts (SMEs) to address data issues that have corporate-wide implications and to monitor performance to ensure that data stewardship responsibilities are properly addressed. The role of the SMEs includes preserving the accuracy of data entered into an application system or data base. SMEs are also responsible for preparing written directions and instructions related to FIAT features.

Data Requirements Addressed in the FIAP Manual

The FIAP Manual states that when a formal or informal action is contemplated or initiated, a record of the action must be created in FIAT. Case managers and regional management in DSCís regional offices are responsible for ensuring that FIAT data in ViSION is accurate, current, and complete. Case managers are required to create FIAT records in the early stages of processing actions and are responsible for ensuring that tracking records, such as when progress reports on the actions are due, received, and reviewed, are created and updated in FIAT in a timely manner. Initiating FIAT records in the early stages of processing provides FIAT users with a complete summary of formal and informal actions in progress.

Review of FIAT Data in ViSION

Our review of FIAT data in ViSION for the 15 sampled supervisory corrective actions indicated that DSC case managers had not consistently entered actions in FIAT prior to their effective dates and had not entered all required information. Table 3 summarizes the FIAT data for the 15 C&Ds or MOUs we reviewed that had been terminated during 2004.

Table 3: FIAT Data in ViSION

Institutiona

Number of Days from Effective Date of Action to Date Action Was Input into FIATb

Corrective Action Provisions Not Input into FIAT

Progress Reports Not Input into FIAT

Other Data Not Input into FIAT

1

(111)

 

 

X

2

220

X

X

X

3

(37)

 

 

X

4

(50)

X

X

 

5

9

 

X

X

6

(18)

 

 

 

7

255

 

X

X

8

18

 

X

X

9

125

X

X

X

10

(83)

X

 

X

11

4

X

 

X

12

35

 

 

X

13

131

 

X

X

14

(71)

 

 

X

15

(86)

 

 

X

Source: FIAT data from ViSION.[ D ]
a  We will provide the names of the institutions to DSC under separate cover.
b  Numbers shown in parentheses are negative and indicate that DSC had entered the data in the Formal and Informal Action Tracking (FIAT) system prior to the effective date of the action as recommended in DSC policies.
 

DSC case managers had entered 7 of the 15 supervisory corrective actions into FIAT before the actions became effective. Also, the corrective action provisions were documented in the system for 10 of the 15 actions. However, 4 of the 15 supervisory corrective actions were not entered into FIAT until 125-255 days after the effective dates of the actions. In addition, DSC did not document the progress reports in FIAT for seven of the actions. Finally, for 13 of the 15 actions reviewed, FIAT did not contain other required data, including the dates the institution complied with each provision of the corrective action and the dates DSC received and reviewed the progress reports.

DSCís Internal Review and Control Section identified similar problems during its 2003 and 2004 visits to the FDICís Atlanta and Dallas Regional Offices.[ 2 ] In response, the Dallas Regional Director issued an instructional memorandum on April 1, 2005 regarding the use of FIAT. The memorandum reiterated the case managersí responsibilities for ensuring that FIAT records in ViSION are created and updated in a timely manner. Based on the problems we identified in FIAT records during our audit, DSC needs to emphasize the responsibilities at all the regional offices.

In addition, while reviewing the supervisory corrective actions for the Atlanta region, we identified one institution with a 4 rating that was operating under a safety and soundness C&D that had been issued by a state banking agency. The FDIC concurred with the C&D, but did not jointly sign the C&D with the state. FIAT contained no record that the institution was operating under a formal state enforcement action. Although DSC guidance requires that a FIAT record be created for informal state actions, the FIAP Manual does not address whether a FIAT record should be created for a formal state action that the FDIC has not joined. DSC officials stated that because of the lack of guidance, some case managers were confused about when to create such records. According to DSC officials, the FIAP Manual is being revised to address this issue and will clarify data entry requirements for state regulatory actions.

DSC uses FIAT reports to manage and monitor DSCís enforcement actions to ensure that timely and appropriate actions are taken to address unsafe or unsound practices and conditions or legal violations. Further, other FDIC divisions and offices use FIAT data to meet the needs of Freedom of Information Act requests, legal research, and general studies. Finally, FDIC management uses FIAT data in determining staffing needs and in evaluating management and staff performance. As a result of weaknesses in controls over FIAT data in ViSION, the FDIC cannot fully rely on the information for monitoring all supervisory corrective actions in process or as a source for reliable management reports.

RECOMMENDATION

We recommend that the Director, DSC:

  1. Require case managers to enter all supervisory actions, including those issued by state banking agencies, into ViSION on or before an actionís effective date.

  2. Reinforce DSCís implementation of the Data Stewardship Program and other applicable guidance related to ensuring the accuracy and reliability of FIAT data in ViSION.

  3. Include instructions in the revised FIAP Manual for creating a FIAT record for formal state actions that the FDIC has not joined.

CORPORATION COMMENTS AND OIG EVALUATION

On September 19, 2005, the Acting Director, DSC, provided a written response to the draft report. The response is presented, in its entirety, as Appendix III of this report. DSC agreed with the recommendations and responded that supervisory corrective actions will be entered into FIAT when received by the Regional Director or designee. Also, DSC met with the FDICís Legal Division in September 2005 to address the timeliness and accuracy of FIAT records. Further, through its regional office review process, DSC will conduct internal testing and evaluations pertaining to accurate and timely reporting in FIAT. Finally, DSC agreed to revise the FIAP Manual to address all three recommendations. DSCís planned actions are responsive to our recommendations. Accordingly, the recommendations are resolved but will remain undispositioned and open until we have determined the agreed-to corrective actions have been completed and are effective.



OBJECTIVE, SCOPE, AND METHODOLOGY

APPENDIX I

The objective of the audit was to determine whether supervisory corrective actions achieve intended purposes before being terminated. The audit focused primarily on the FDICís use of MOUs and C&Ds, two of the more commonly used supervisory corrective actions. The audit field work was conducted from February through August 2005 in accordance with generally accepted government auditing standards.

To accomplish our objective, we:

  • reviewed DSCís FIAP Manual, Risk Management Manual of Examination Policies, and Case Manager Procedures Manual, and applicable Regional Director Memorandums;
  • reviewed 2001-2004 Reports of Examination and Summary Analysis of Examination Report comments prepared by the FDIC and state banking agencies for the 15 banks in our sample;
  • reviewed and analyzed progress reports submitted by banks from February 2002 to September 2004 that addressed provisions in supervisory actions;
  • reviewed FIAT data in ViSION;
  • reviewed and analyzed correspondence and other files maintained at the Atlanta Regional Office and Memphis Area Office; and
  • interviewed DSC officials in Atlanta, Memphis, and Washington, D.C.

We also determined the total number of MOUs and C&Ds that DSC had terminated during 2004, which are shown in Table 4.

Table 4: Supervisory Corrective Actions Terminated During 2004

DSC Regional and Area Offices

C&Ds

MOUs

Total Terminated Actions

Atlanta

2

15

17

Boston

0

7

7

Chicago

21

32

53

Dallas

3

15

18

Kansas City

5

36

41

Memphis

3

27

30

New York

5

2

7

San Francisco

7

11

18

Total

46

145

191

Source: OIGís review of FIAT data in ViSION. [ D ]

From this universe, we randomly selected 10 MOUs and 5 C&Ds that had been terminated by the Atlanta Regional Office and the Memphis Area Office during 2004. To determine whether the actions had achieved the intended purposes before being terminated, we reviewed all 224 provisions of the 15 actions. In addition, we reviewed examination reports and other pertinent data to: (1) identify each bankís specific problems, (2) identify the supervisory corrective actions taken and whether they addressed the problems, and (3) determine whether the banks had corrected the problems before the actions were terminated.

Government Performance and Results Act, Reliance on Computer-based Data, Internal Control, Compliance with Laws and Regulations, and Fraud and Illegal Acts

The Government Performance and Results Act of 1993 directs Executive Branch agencies to develop a customer-focused strategic plan, align agency programs and activities with concrete missions and goals, manage and measure results to justify appropriations and authorizations, and design budgets that reflect strategic missions. In this audit, we reviewed the FDICís 2005 Annual Performance Plan and the FDICís Strategic Plans for 2005-2010. The FDIC has annual performance goals that address the need to take prompt supervisory corrective actions for problem banks and that address the need to monitor those banksí compliance with formal and informal supervisory corrective actions.

We conducted tests to determine the reliability of computer-based data obtained from the FDICís ViSION system. Based on the review of information in ViSION, the FIAT data was not up-to-date or complete (see Finding B in this report).

We assessed relevant control activities by examining DSC policies and procedures as presented in the FDICís Rules and Regulations, FDICís Statements of Policy, DSCís Risk Management Manual of Examination Policies, Case Manager Procedures Manual, FIAP Manual, and Regional Directors Memoranda.

Regarding compliance with laws and regulations, we gained an understanding of aspects of the Federal Deposit Insurance (FDI) Act and the requirements of Part 325 of the FDICís Rules and Regulations. Also, we reviewed section 8 of the FDI Act pertaining to formal enforcement actions. Our audit program also included steps for providing reasonable assurance of detecting fraud or illegal acts.



INFORMAL AND FORMAL SUPERVISORY CORRECTIVE ACTIONS COMMONLY
INITIATED BY THE FDIC

APPENDIX II


Type of Action Description of Action
Informal Action Informal actions are voluntary commitments made by an insured financial institutionís board of directors. Such actions are designed to correct noted safety and soundness deficiencies or ensure compliance with federal and state banking laws. Informal actions are not legally enforceable and are undisclosed to the public. Informal action is generally appropriate for institutions that receive a composite rating of 3 for safety and soundness.
Bank Board Resolution A bank-generated document designed to address one or more specific concerns identified by examiners. It is an informal action and is not a binding legal document.
MOU A bilateral agreement seeking informal corrective action from institutions considered to have supervisory concerns but which have not deteriorated to the point at which they warrant formal action. An MOU is not a binding legal document.
Formal Action The purpose of a formal action is to correct noted safety and soundness deficiencies, ensure compliance with federal and state banking laws, and/or enforce removal proceedings. Formal actions are legally enforceable and available to the public after issuance. A formal action is generally initiated against an institution with a composite rating of 4 or 5 for safety and soundness. The FDIC can issue the following formal actions: termination of federal deposit insurance; C&D orders; removal, prohibition, and suspension actions; and civil money penalties. In addition, section 38 of the FDI Act authorizes the FDIC to issue prompt corrective action directives to undercapitalized institutions.
C&D Order A formal bilateral agreement signed by the bankís board of directors and regulatory supervisor. Under the agreement, the supervisory agency may order an insured bank and its directors, officers, employees, and agents to cease and desist from certain practices and violations and take affirmative action to correct the resulting conditions. The failure of a bank to comply with a C&D order can be the basis for subsequent legal actions.
 [ D ]


CORPORATION COMMENTS

APPENDIX III


Corporation Comments, page 1
[ D ]
Corporation Comments, page 2
[ D ]


MANAGEMENT RESPONSE TO RECOMMENDATIONS

APPENDIX IV


This table presents the management response on the recommendation in our report and the status of the recommendation as of the date of report issuance.

Rec. Number Corrective Action for
Recommendation: Taken or
Planned/Status
Completion Date Monetary Benefits Resolved: [ a ] Yes or No Dispositioned: [ b ] Yes or No
Open or Closed [ c ]
1
DSC will revise the FIAP Manual to address creating a FIAT record for all supervisory corrective actions, including those taken independently by the State Authority. March 31, 2006 N/A   Yes   No   Open
2
DSC will revise the FIAP Manual to ensure the accuracy and reliability of FIAT data, and DSCís internal review program will include reviews of data stewardship. March 31, 2006 N/A   Yes   No   Open
3
Instructions will be included in the revised FIAP Manual for creation of FIAT records for formal state actions. March 31, 2006 N/A   Yes   No   Open
a Resolved Ė
(1) Management concurs with the recommendation, and the planned corrective action is consistent with the recommendation.
(2) Management does not concur with the recommendation, but planned alternative action is acceptable to the OIG.
(3) Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as management provides an amount.

b Dispositioned Ė The agreed-upon corrective action must be implemented, determined to be effective, and the actual amounts of monetary benefits achieved through implementation identified. The OIG is responsible for determining whether the documentation provided by management is adequate to disposition the recommendation.

c Once the OIG dispositions the recommendation, it can then be closed.

Last updated 10/21/2005