PRINT




FDIC Office of Inspector General, Office of Audits, Report No. AUD-12-004, The FDIC's Qualification Process for Private Capital Investors Interested in Acquiring or Investing in Failed Insured Depository Institutions









FDIC OIG Executive Summary


The FDIC's Qualification Process for Private Capital Investors Interested in Acquiring or Investing in Failed Insured Depository Institutions
  Report No. AUD-12-004
December 2011
Why We Did The Audit

During 2009, the FDIC was presented with a number of serious challenges. The economic downturn that began in 2007 resulted in a substantial number of failed financial institutions, and existing institutions held a significant amount of distressed assets, particularly real estate assets, on their balance sheets. Further, the number of applications for deposit insurance for de novo banks was experiencing a sharp decline. For these and other reasons, the FDIC's Board of Directors (FDIC Board) recognized the need for additional capital in the banking system and the role that contributions from non-traditional sources of capital such as private capital investors (PCI) could play in satisfying this need. Such alternative capital sources could reduce potential losses to the Deposit Insurance Fund (DIF).

However, the FDIC was also of the view that private capital participation in the acquisition of deposit liabilities, or both liabilities and assets, from a failed depository institution in receivership should be consistent with the basic elements of insured depository institution ownership—such as maintaining a Well Capitalized bank or thrift institution, supporting the institution when it faces difficulties, and establishing protections against insider transactions. Accordingly, in August 2009, the FDIC Board issued the Final Statement of Policy on Qualifications for Failed Bank Acquisitions (SOP) and established a process for evaluating and approving PCIs interested in obtaining eligibility to bid on a failed institution.

In view of the significance of this initiative, the FDIC Office of Inspector General (OIG) contracted with BDO USA, LLP (BDO) to conduct an audit of the FDIC's process for qualifying a PCI to bid on failed insured depository institutions. The objective of the audit was to assess the FDIC's process for qualifying PCIs to bid on failed insured depository institutions. The audit did not include a determination regarding the appropriateness of the FDIC's decisions to grant or deny approval for PCIs to bid on failed insured depository institutions.

Background

The SOP provides guidance to PCIs interested in acquiring or investing in failed insured depository institutions, including terms and conditions that PCIs are expected to satisfy to obtain bidding eligibility for a proposed acquisition structure. The SOP also states that the FDIC Board will review the operation and impact of the SOP within 6 months of its approval date and make adjustments as it deems necessary. Further, the FDIC has statutory responsibility under the Federal Deposit Insurance Act for acting on applications for federal deposit insurance by all depository institutions, including institutions established and used by PCIs for failed bank acquisitions. In situations where PCIs are investing capital in an existing institution for the purpose of such acquisitions, the FDIC's Division of Risk Management Supervision and Legal Division, in conjunction with the Appropriate Federal Banking Agency, review the PCI application to ensure that what is being proposed is consistent with applicable laws, regulations, and policies.

Audit Results

BDO found that the FDIC had established processes and controls that evolved after the issuance of the SOP and that continued to improve during the audit. The FDIC was able to demonstrate that the necessary internal approvals were obtained for PCI Institutions that were qualified to bid on failed insureddepository institutions and staff involved






Executive Summary The FDIC's Qualification Process for Private Capital Investors Interested in Acquiring or Investing in Failed Insured Depository Institutions
  Report No. AUD-12-004
December 2011

in the process maintained voluminous documentation in connection with the applications BDO reviewed. However, the evidence for the approvals and the extent and organization of the supporting documentation varied among the applications BDO reviewed. The FDIC may benefit from re-evaluating its approach for documenting its application approval process to mitigate the risks associated with staff departures and changes, to ensure consistency in its process, and to more efficiently supply supporting information to support decisions reached when asked to do so.

The report also includes an observation regarding actions taken by the FDIC to review the operation and impact of the SOP within 6 months of its approval and make adjustments as deemed necessary. At the time the SOP was approved, FDIC Board members expressed concerns regarding the potential impact of the SOP on costs to the DIF. BDO noted that FDIC officials did take several steps to address the 6-month review provision, including holding a roundtable discussion with FDIC Board members and various public entities and posting Questions and Answers on the FDIC's public Web site. BDO concluded that management may find it beneficial to consider a more thorough and formal review that is presented to the Board and that addresses the Board members' concerns and provides additional transparency.

Recommendation, Management Comments, and OIG Evaluation

The report contains one recommendation for RMS and the Legal Division to review the manner in which approvals and analyses pertaining to PCI applications are documented and maintained and determine whether current procedures and practices in this area are adequate given the risks involved.

The Director, RMS, and the General Counsel, Legal Division, provided a joint response, dated December 13, 2011, to a draft of this report. In the response, RMS and the Legal Division concurred with the report's recommendation and agreed to perform a review of the adequacy of the FDIC's procedures and practices for documenting and maintaining approvals and analyses by March 30, 2012. The response also noted that RMS and the Legal Division would conduct a formal review of the SOP's impact and brief the FDIC Board on the results within 6 months of the issuance of this report.



















FDIC, Federal Deposit Insurance Corporation, Office of Inspector General,  Office of Audits and Evaluations, 3501 Fairfax Drive, Arlington, VA 22226-3500
DATE: December 22, 2011
  
MEMORANDUM TO: Sandra L. Thompson
  Director, Division of Risk Management Supervision
  
  Michael H. Krimminger
General Counsel, Legal Divisionn
   
FROM:Stephen M. Beard[Electronically produced version; original signed by Stephen M. Beard]
  Deputy Inspector General for Audits and Evaluations
   
SUBJECT: The FDIC's Qualification Process for Private Capital Investors
Interested in Acquiring or Investing in Failed Insured Depository
Institutions
(Report No. AUD-12-004)

The subject final report is provided for your information and use. Please refer to the Executive Summary, included in the report, for the overall audit results and recommendation. Our evaluation of your response has been incorporated into the body of the report. Your comments on a draft of this report were responsive to the recommendation.

If you have any questions concerning the report, please contact me at (703) 562-6352, or Mark Mulholland, Assistant Inspector General for Audits and Evaluations, at (703)-562-6316. We appreciate the courtesies extended to the audit staff.

Attachment

cc:       Marilyn E. Anderson, Legal Division
Lisa D. Arquette, RMS
Elaine D. Drapeau, RMS
Andre M. Douek, Legal Division
James H. Angel, Jr., OERM





















[D]



































Part I
Report by BDO USA, LLP






























Audit Report, The FDIC's Qualification Process for Private Capital Investors Interested in Acquiring or Investing in Failed Insured Depository Institutions, December 22, 2011, BDO





Tel: 301-654-4900, Fax: 301-654-3567, 7101 Wisconsin Ave, Suite 800, Bethesda, MD 20814, www.bdo.com,

December 22, 2011

Honorable Jon T. Rymer
Inspector General
Federal Deposit Insurance Corporation
3501 Fairfax Drive
Arlington, VA 22226

Re: Transmittal of Results of the Audit of The FDIC's Qualification Process for Private Capital Investors Interested in Acquiring or Investing in Failed Insured Depository Institutions (Report No. AUD-12-004)

Dear Mr. Rymer:

This letter submits our final report representing the results of our performance audit of The FDIC's Qualification Process for Private Capital Investors (PCIs) Interested in Acquiring or Investing in Failed Insured Depository Institutions performed under Contract Number CORHQ-09-G-0386 dated September 28, 2010. The objective of this performance audit was to assess the FDIC's process for qualifying PCIs to bid on failed insured depository institutions. The audit did not include a determination regarding the appropriateness of the FDIC's decisions to grant or deny approval for PCIs to bid on failed insured depository institutions. As part of our work, we interviewed key Division of Risk Management Supervision (RMS) and Legal Division officials responsible for the process and obtained other evidence to accomplish the audit objective. The results of our audit are included in the Executive Summary on pg. I-5 of the report.

We conducted our performance audit in accordance with Generally Accepted Government Auditing Standards (GAGAS). Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective.

We issued a draft of this report on November 4, 2011. We subsequently met with representatives of the RMS and Legal Divisions in Washington, D.C. and Office of Inspector General (OIG) representatives to obtain informal feedback on the draft report. Based on the informal feedback received, we made changes to the draft report that we deemed appropriate. RMS and the Legal Division provided a joint formal written response dated December 13, 2011, to our draft report.

This performance audit did not constitute an audit of financial statements in accordance with GAGAS. BDO was not engaged to and did not render an opinion on the FDIC's internal controls over financial reporting or over financial management systems. BDO cautions that projecting the results of our audit to future periods is subject to the risks that controls may become inadequate because of changes in conditions or because compliance with controls may deteriorate. The information included in this report was obtained from the FDIC on or before April 15, 2011. We have no obligations to update our report or to revise the information contained therein to reflect events and transactions occurring subsequent to April 15, 2011.



I-2




BDO

Please contact Thomas Cooper at 301-634-4900 if you have any questions or comments regarding this report.

Very truly yours,

BDO USA, LLP































1-3






[D]





I-4






EXECUTIVE SUMMARY

The Federal Deposit Insurance Corporation (FDIC) Office of Inspector General (OIG) contracted with BDO USA, LLP (BDO) to conduct an audit of the FDIC's process for qualifying a Private Capital Investor (PCI) to bid on failed insured depository institutions.

In August 2009, the FDIC's Board of Directors (FDIC Board) issued the Final Statement of Policy on Qualifications for Failed Bank Acquisitions (SOP). The SOP provides guidance to PCIs interested in acquiring or investing in failed insured depository institutions, including terms and conditions that PCIs are expected to satisfy to obtain bidding eligibility for a proposed acquisition structure. The FDIC also has statutory responsibility under the Federal Deposit Insurance Act (FDI Act) for acting on applications for federal deposit insurance by all depository institutions, including institutions used by PCIs for failed bank acquisitions.

The objective of the audit was to assess the FDIC's process for qualifying PCIs to bid on failed insured depository institutions. The audit did not include a determination regarding the appropriateness of the FDIC's decisions to grant or deny approval for PCIs to bid on failed insured depository institutions. The audit covered PCI applications processed by the Division of Risk Management Supervision (RMS) and the Legal Division during the period August 2009 through April 2011. We selected a non-statistical sample1 of 17 of the 58 applications submitted by PCIs during this period. The sample consisted of 9 applications for new charters where PCIs planned to establish a new institution for the purpose of acquiring a failed bank2 and 8 applications involving the injection of significant capital into existing institutions for the purpose of acquiring a failed bank.3 PCI Institutions4 were qualified to bid on failed depository institutions for ten of the selected applications we reviewed. The remaining seven applications were withdrawn, returned, or abandoned.

We found that the FDIC had established processes and controls that evolved after the issuance of the SOP and that continued to improve during our audit. The FDIC was able to demonstrate that the necessary internal approvals were obtained for PCI Institutions that were qualified to bid on failed insured depository institutions, and staff involved in the process maintained voluminous documentation in connection with the applications we reviewed. However, the evidence for the approvals and the extent and organization of the supporting documentation varied among the applications we reviewed. The FDIC may benefit from reevaluating its approach to documenting its application approval process to mitigate the risks associated with staff departures and changes, ensure consistency in its process, and to more efficiently supply supporting information to support decisions reached when asked to do so. Our report also includes an observation regarding actions taken by the FDIC to review the operation and impact of the SOP within 6 months of its approval and make adjustments as deemed necessary.

This audit did not constitute an audit of financial statements in accordance with Generally Accepted Government Auditing Standards (GAGAS). BDO was not engaged to, and did not, render an opinion on the FDIC's internal controls over financial reporting or over financial management systems.




1 A non-statistical sample is judgmental and, therefore, cannot be projected to the population.
2 Referred to as a Shelf Charter application.
3 Referred to as an Inflatable Charter application.
4 In this report, we use "PCI" to refer to the private entities and individuals who propose to invest in either a newly chartered depository institution or an existing depository institution for the purpose of using that institution to submit a bid on the assets and deposits of a failed insured depository institution. Furthermore, we use "PCI Institution" to refer to the institution in which the PCI invests, and which will be used to submit the bid.



I-5






BACKGROUND

Desire for Additional Capital in the Banking Industry

During 2009, the FDIC was presented with a number of serious challenges. The economic downturn that began in 2007 resulted in a substantial number of failed financial institutions,5 and existing institutions held a significant amount of distressed assets, particularly real estate assets, on their balance sheets. Further, as reflected in Table 1, the number of applications for deposit insurance for de novo banks was experiencing a sharp decline. For these and other reasons, the FDIC Board recognized the need for additional capital in the banking system, and the role that contributions from non-traditional sources of capital such as PCIs could play in satisfying this need. Such alternative capital sources could reduce potential losses to the Deposit Insurance Fund (DIF).

[D]

Statement of Policy on Qualifications for Failed Bank Acquisitions

On August 26, 2009, the FDIC Board formally approved a Final Statement of Policy on Qualifications for Failed Bank Acquisitions. The SOP provides guidance to PCIs interested in acquiring or investing in failed insured depository institutions, including terms and conditions that PCIs are expected to satisfy to obtain bidding eligibility for a proposed acquisition structure. The SOP applies prospectively to:

  • Private investors in a company, including any company acquired to facilitate bidding on failed banks or thrifts that its proposing to, directly or indirectly, (including through a shelf charter) assume deposit liabilities, or such liabilities and assets, from the resolution of a failed insured depository institution; and
  • Applicants for insurance in the case of de novo charters issued in connection with the resolution of failed insured depository institutions.

The SOP does not apply to investors in partnerships or similar ventures with bank or thrift holding companies or in such holding companies (excluding shell holding companies) where the holding company has a strong majority interest in the resulting bank or thrift and an established record of successful operation of insured banks or thrifts. In addition, the




5 A total of 3 institutions failed in 2007, 25 failed in 2008, and 140 failed in 2009.





I-6






SOP does not apply to investors who own 5 percent or less of the voting stock of the bank, provided there is no evidence that the investors are acting in concert with other investors. In addition to applicability criteria, the SOP defines guidance related to:

  • Capital Commitments. The subject institution must maintain a ratio of Tier 1 common equity to Total Assets of at least 10 percent for the first 3 years of operation, and remain Well Capitalized for purposes of Prompt Corrective Action thereafter.
  • Cross Support. If two or more insured depository institutions are at least 80 percent owned by the same investor(s), those investors must pledge their stock in the commonly-owned institutions to the FDIC against losses.
  • Transactions with Affiliates. Insured depository institutions acquired by PCIs may not extend credit to investors, their investment funds (if any), and any affiliates of either.
  • Secrecy Law Jurisdictions. Investors using organizational structures domiciled in bank secrecy jurisdictions6 are not eligible to bid on insured depository institutions, unless the investors are subsidiaries of companies subject to comprehensive consolidated supervision, as recognized by the Federal Reserve Board (FRB), and they agree to certain additional requirements.
  • Continuity of Ownership. Covered investors7 are prohibited from selling or transferring their securities for 3 years following the acquisition, absent prior FDIC approval.
  • Prohibited Structures. Complex and functionally opaque ownership structures in which beneficial ownership cannot be ascertained, responsible decision-making parties are not clearly defined, and/or ownership and control are separated are not appropriate for approval as bidders of insured depository institutions.
  • Special Owner Bid Limitation. If an investor directly or indirectly holds 10 percent or more of the equity of a bank or thrift in receivership, the investor will not be considered eligible to bid on that failed depository institution.
  • Required Disclosure. Investors subject to the SOP are expected to submit to the FDIC information about the investors and all entities in the ownership structure.

PCIs that become subject to the SOP may apply to the FDIC Board to be released from the requirements of the policy after 7 years of successful operation. In addition, the FDIC Board may waive provisions of the SOP, if doing so is determined to be in the best interest of the FDIC and the goals of the SOP can be accomplished in other ways. Also included within the SOP is a requirement for the FDIC Board to review the operation and impact of the SOP within six months of its approval date and to make adjustments that the Board deems necessary.

Following the issuance of the SOP, the FDIC published a Questions & Answers (Q&A) in January 2010 and April 2010 addressing the applicability of certain provisions of the SOP. In addition, senior FDIC officials (including several FDIC Board members) held a roundtable discussion on March 22, 2010 with public interest organizations, pension fund managers, private investors, and others to discuss the application of the SOP.




6 A bank secrecy jurisdiction is defined in the SOP as a country that applies a bank secrecy law that limits U.S. bank regulators from determining compliance with U.S. laws or prevents them from obtaining information on the competence, experience, and financial condition of applicants and related parties; lacks authorization for the exchange of information with U.S. regulatory authorities; does not provide for a minimum standard of transparency for financial activities; or permits off-shore companies to operate shell companies without substantial activities within the host country.
7 Covered investors are determined by the Legal Division during its review of the applicability of the SOP to the PCI group. At least one third of a PCI group must be covered investors. Additionally, all investors who own in excess of 5 percent of the voting equity of a PCI group are covered investors.



I-7






Charter Types

PCIs may choose between two different charters when pursuing the opportunity to bid on a failed insured depository institution:

  • Shelf charters – wherein a new institution is established through a process similar to that for a de novo bank. The PCI completes an Interagency Charter and Federal Deposit Insurance Application and the applicable chartering authority decides whether to grant or deny the charter application.
  • Inflatable charters – wherein a significant amount of capital is injected into an existing institution with the intention of using the institution to purchase a failed bank.8 Applications for inflatable charters are governed primarily by the SOP as the existing institution has already applied for, and has been granted, deposit insurance. The PCI and/or PCI Institution may need to submit a change in control notice or change in business plan request to its Appropriate Federal Banking Agency (AFBA), and in any case, must obtain clearance to bid. The business plan for an inflatable charter will indicate that it is the intention of the PCI Institution to purchase one or more failed insured depository institutions.

Between the issuance of the SOP on August 26, 2009 and April 21, 2011, the FDIC received a total of 58 applications from PCIs interested in investing in failed institutions. Table 2 below reflects the status of qualification activities for these PCIs as of April 21, 2011.

[D]






8 All of the inflatable charters reviewed involved the purchase of an institution which had a CAMELS rating of 4 or 5, and the PCI recapitalized the institution and replaced the majority of the management team.





I-8






Deposit Insurance Applications

As discussed in the previous section, a PCI may choose to use a shelf charter when pursuing the opportunity to bid on a failed insured depository institution, which involves establishing a new institution that would require deposit insurance. In that regard, the FDIC Board is charged by Sections 5 and 6 of the FDI Act with the responsibility of acting on applications for federal deposit insurance by all depository institutions, including institutions used by PCIs for failed bank acquisitions. The FDIC Board delegated this responsibility to RMS, but retained the authority to deny applications for deposit insurance. In considering applications for deposit insurance, RMS must evaluate each application in relation to the seven statutory factors prescribed in Section 6 of the FDI Act. Those factors are:

  1. The financial history and condition of the proposed depository institution;
  2. The adequacy of the proposed depository institution's capital structure;
  3. The proposed depository institution's future earnings prospects;
  4. The general character and fitness of the depository institution's management;
  5. The convenience and needs of the community to be served by the depository institution;
  6. The risk presented by such depository institution to the DIF; and
  7. Whether its corporate powers are consistent with the purposes of the FDI Act.

The FDIC has provided information and instructions for completing and submitting applications for deposit insurance through its regulations, deposit insurance application forms, and the Statement of Policy on Deposit Insurance Applications. Applicants seeking deposit insurance in connection with a failed bank acquisition are required to file an Interagency Charter and Federal Deposit Insurance Application which is a combined interagency form issued by the Office of the Comptroller of the Currency (OCC), the Office of Thrift Supervision (OTS)9, and the FDIC. This form helps to eliminate duplicate information requests by consolidating the reporting requirements of the above-mentioned regulatory agencies into one uniform document. All three agencies use the interagency form, regardless of the type of charter under consideration.10 State-chartered banks must file a separate charter application with the appropriate state banking agency, in addition to the interagency form.

An application for deposit insurance also requires the submission of a comprehensive business plan that establishes the proposed institution's goals and objectives, including its financial projections, anticipated capital levels, and proposed actions for accomplishing the primary functions of the institution.

As discussed previously, PCIs may opt to utilize an inflatable charter to pursue being qualified to bid on failed depository institutions. In such cases, those applications involve an existing insured depository institution and would not require FDIC's approval for deposit insurance. However, such applications may involve a change in control notice or change in business plan. These applications are reviewed by RMS and the Legal Division, in conjunction with the AFBA, to ensure that what is being proposed by the PCI and PCI Institution is consistent with relevant laws, regulations, and policies.



9 As of July 21, 2011, all of the powers and duties of the OTS were transferred to the FRB, the FDIC and the OCC.
10 The chartering authority may be the OCC, OTS, or the applicable state regulatory authority.



I-9






Application Process

Notification of PCI Interest – The FDIC may be notified of a PCI's interest in purchasing a failed insured depository institution in a variety of ways. In the case of shelf charters, the organizers select the type of charter they wish to apply for (i.e., federal or state charter) and the FDIC receives an Interagency Charter and Deposit Insurance Application. As part of this process, the FDIC is often copied on applications for changes in control or material business plan changes filed with the institution's AFBA. Many PCIs contact the FDIC and hold a pre-filing meeting to discuss their proposed application.

Application Review Process – RMS assesses the documentation provided by the PCIs for compliance with the criteria established in Sections 5 and 6 of the FDI Act. Working in parallel, the Legal Division evaluates the application and associated documentation for compliance with the SOP. If the application review is determined to be favorable, the results are documented by RMS in a Recommendation Memorandum.11 RMS then sends a Clearance to Bid Letter to the PCI Institution. Concurrently, RMS notifies the Division of Resolutions and Receiverships (DRR) that the PCI Institution should be added to the supplemental bidder list and granted clearance to access failing institution information.

Initial PCI Applications Considered by the FDIC – The first PCI Institutions qualified to bid on failed institutions under the SOP were cleared during a January 7, 2010 meeting12 Table 3 below presents details on the applications reviewed and approved at the January meeting.

[D]

Post-Clearance-to-Bid Process – The Clearance to Bid Letter notifies the PCI Institution, including each covered investor, that it must abide by the conditions contained within the SOP and requires notification of material changes to the application and/or proposal to RMS. Additionally, the Clearance to Bid Letter must be signed by all of the covered investors and returned to RMS prior to the PCI Institution being permitted to bid on a failed institution, evidencing their agreement to abide by the terms of the SOP.

When a PCI Institution identifies a target failed institution, and before it is permitted to bid, RMS requires that the PCI Institution promptly provide a description of the proposed transaction; updated information with respect to the initial submission, including any changes in the proposed organizational structure, capitalization, management, or material aspects in light of size, scope, complexity, or other attributes of the target institution; and a comprehensive customized business plan covering the first 3 years of operation,13 among other items, as required.



11 This memorandum is also referred to as a Summary Memorandum or Clearance to Bid Memorandum.
12 Some PCI were permitted to bid on failed insured depository institutions prior to the SOP. These applications were approved on a case-by-case basis.
13 The plan should be specific to the targeted failing institution and demonstrate sufficient capital given the institution's anticipated risk profile, safe and sound operation, and a reasonable probability for success.





I-10






RESULTS OF AUDIT

Control Activities for Qualifying PCIs Were Evolving

We found that the FDIC had established processes and controls that evolved after the issuance of the SOP and that continued to improve during our audit. Control activities pertaining to the qualification of PCIs to bid on failed insured depository institutions noted during our audit included:

  • Assigning a dedicated review examiner and attorney to each application received from a PCI interested in purchasing a failed institution to evaluate the application in relation to the criteria defined in Sections 5 and 6 of the FDI Act and the SOP, respectively;
  • Holding bi-weekly meetings among RMS, the Legal Division and regional office team members to discuss the status of each application. Problems and issues were discussed, along with best practices in resolving those issues;
  • Memorializing RMS' filing and routing procedures for SOP cases;
  • Establishing a task force comprised of executives from various FDIC divisions and offices to address issues pertaining to PCI applications;
  • Providing written notification to PCI Institutions regarding their eligibility to bid on failed institutions in the form of Clearance to Bid Letters;
  • Obtaining a written commitment from PCI Institutions that were cleared to bid, and their covered investors, that they would comply with the provisions of the SOP.

In addition, for each PCI application, the FDIC developed several standard documents to assist with evaluating and documenting the qualifications of PCIs interested in bidding on failed insured depository institutions. RMS also utilized online information repositories to store documents pertaining to the PCI applications. These repositories may be accessed by various RMS, Legal Division and regional office personnel to assist with both the approval process and when responding to inquiries from outside parties

Evidence of Approvals and Documentation Supporting Reviews and Approvals Were Present, But Varied Among the Applications

We selected a non-statistical sample of 17 applications submitted by PCIs to verify whether appropriate internal FDIC approvals by RMS and the Legal Division were present on the associated Routing Slips and that Routing Folders included Recommendation Memoranda. Seven of the seventeen applications were withdrawn, returned, or abandoned prior to the FDIC's approval and, therefore, were not subject to this review. For the remaining 10 applications, we found signatures denoting RMS' approval for all 10 PCI Institutions that were cleared to bid. We also found documentation demonstrating that a review by RMS and the Legal Division had been performed. However, we noted that the manner in which approvals were evidenced and the extent and organization of documentation supporting the approvals varied. For example,

  • Routing Folders for 2 of the 10 applications could not be located during the course of our audit. However, the FDIC retained electronic copies of the documents that were contained in the missing routing folders, with the exception of the routing slips. In addition, RMS' approval for these two and a third application was evidenced through the signed Clearance to Bid Letter and not on the routing slips as was established in practice.






I-11






  • Signatures evidencing the Legal Division's approval that the PCI Institutions complied with the SOP were not present on the routing slips for three of the ten qualified applications, including the two files for which the routing folders could not be located.
  • Although an analysis of the SOP was summarized in the Recommendation Memoranda, 4 of 10 Recommendation Memoranda did not include a clear determination regarding compliance with the SOP.

We also performed a detailed review for 5 of the 17 selected PCI applications and found that the assigned review examiners and Legal Division attorneys were knowledgeable of the circumstances regarding the application, considered the requirements of Sections 5 and 6 of the FDI Act and the bidder standards in the SOP when evaluating PCI qualifications, and were generally able to locate documentation used to support our requests. We also noted that two of the five selected PCI applications were winning bids and that the FDIC had documented its consideration of the requirements of Sections 5 and 6 of the FDI Act and the applicable provisions of the SOP.

In some instances, however, the FDIC had not fully documented the analysis it performed supporting decisions made on the applications we reviewed. For example, the Summary Memoranda for two of the five applications reviewed did not include a clear recommendation regarding whether the PCI application was in compliance with the SOP. In addition, the analyses performed to evaluate the PCI Institution's compliance with the SOP, including the determination of which investors within the PCI Institution would be subject to the SOP, were not standardized and assembled into an overall analysis. Rather, the analyses performed were located in many documents and not maintained in a uniform manner. Accordingly, documentation supporting the FDIC's analysis was not always readily available and the supporting information was either copies of email communications or hard copy documents stored outside of an official information repository.

The FDIC and GAO have documented a number of overarching internal control and documentation requirements, including FDIC Circular 4010.3, FDIC Enterprise Risk Management Program, and the GAO Standards for Internal Control in the Federal Government. Circular 4010.3 requires divisions to establish, document, and maintain a risk management program which is cost-effective and flexible in order to address emerging issues and facilitate the reprioritization of on-going activities as necessary. The Circular states that internal controls, all transactions, and other significant events shall be clearly documented, and that the documentation shall be readily available for examination. The GAO Standards for Internal Control in the Federal Government provides high level guidance on the appropriate documentation of transactions and internal control. The guidance notes that all transactions and other significant events need to be clearly documented and that documentation and records should be properly managed and maintained.

BDO recognizes that an appropriate balance needs to be struck between developing and maintaining a formal control structure with robust documentation requirements and remaining cost-effective and flexible enough to meet the operational requirements of RMS and the Legal Division. However, when considering the extent to which documentation of the analysis performed is organized and the effort necessary to retrieve this, RMS and the Legal Division should weigh the costs and benefits of documenting an internal control environment with the risks that may result from current practices. In addition, the FDIC may benefit from reevaluating its approach to documenting its application approval process to mitigate the risks associated with staff departures and changes, ensure consistency in its process, and to more efficiently supply supporting information to support decisions reached when asked to do so.





I-12






Recommendation

More specific guidance, including defining the documentation requirements to evidence approval and the manner in which documents are retained, may further mitigate risks associated with the FDIC's qualification of PCIs and facilitate efforts to respond to outside agency inquiries.

We recommend that the Director, RMS, and General Counsel, Legal Division:

  1. Review the manner in which RMS and the Legal Division approvals and analyses are documented and maintained, and determine whether the current procedures and practices are adequate given the risks involved.






















I-13






Observation: The FDIC Has Taken Steps to Address the SOP's Six-Month Review Requirement, But a More Thorough Review Presented to the Board May Be Warranted

As previously discussed, the FDIC Board recognized the need for additional capital in the banking system and the desire to maximize investor interest in failed institutions. The Board also recognized that there was a lot at stake in alternative deals involving non-traditional investors and that such acquisitions must be conducted in a way that protects the safety and soundness of the institutions involved and the DIF.

At the time the SOP was approved, the FDIC Board considered a number of concerns associated with PCIs, such as the potential for such investors to have different investment motives than traditional investors (e.g., shorterterm investment objectives), that may pose increased risk to the DIF. One Board member noted that there was a lack of empirical data, such as an historical analysis of the costs and benefits of PCI bids, to determine whether the SOP would result in an increase or decrease in costs to the DIF. Another Board member expressed concerns regarding the cross-support provisions and capital requirements in the SOP. For these reasons, the FDIC Board included in the preamble of the SOP that they would review the operation and impact of the SOP within 6 months of its approval and make adjustments as it deemed necessary. Such an impact analysis could include, for example, assessing whether the limitations in the SOP, such as higher capital levels, deter PCIs from bidding on failed banks or place PCIs at a competitive disadvantage relative to strategic acquirers, making it more difficult to realize a reasonable return on their investment, and encourage risky post-acquisition investment strategies.

We noted during our audit that the FDIC has taken several steps to address the six-month review provision in the SOP. Most notably, senior FDIC officials, including four of the FDIC Board's five members, held a roundtable discussion on March 22, 2010 that included public interest organizations, pension fund managers, private investors, investment managers, and others to discuss the application of the SOP. In addition, the FDIC provided clarification regarding the application and scope of the SOP through Q&As posted on its public Web site in January and April 2010.

While these steps were positive, we observed that they focused primarily on the operations of the SOP rather than the concerns that Board members expressed when they deliberated and approved the SOP. Further, the FDIC issued the Proposed SOP for comment in the Federal Register, the Board approved the SOP during a public Board meeting, and the final version is available in the Federal Register. Therefore, to more fully address the Board members' concerns and to promote public transparency, management may find it beneficial to consider the need to conduct a more thorough and formal review of the SOP's impact and present the results to the Board in a public Board meeting.







I-14






APPENDIX I

OBJECTIVE, SCOPE, AND METHODOLOGY

We conducted an audit of the FDIC's qualification process for PCIs interested in bidding on failed insured depository institutions. This audit did not address the FDIC's bidding and selection process or, for any successful bidders, the terms of the sales agreements. The audit was performed in accordance with GAGAS.

Objective

The objective of the audit was to assess FDIC's process for qualifying PCIs to bid on failed insured depository institutions. The assessment included FDIC's efforts to:

  • Qualify PCIs in accordance with the terms of the SOP and other applicable criteria.
  • Comply with overall internal control policies, the decision-making process, and general procedures to be followed by RMS in reviewing the application for deposit insurance and providing preliminary clearance for PCIs to bid on failed bank acquisitions.
  • Evaluate applications for PCIs in accordance with the seven factors described in section 6 of the FDI Act (12 USC §1816).
  • Evaluate the applications for PCIs in accordance with RMS' Risk Management Manual of Examination Policies and other applicable criteria.

Because this was a performance audit performed in accordance with GAGAS, internal controls which were significant within the context of the audit objectives were assessed to determine if they were properly designed and implemented. The primary criteria for conducting this audit included:

  • The SOP;
  • RMS' Risk Management Manual of Examination Policies;
  • Other applicable FDIC and DRR directives, policies, and procedures;
  • GAO's Standards for Internal Control in the Federal Government.

The audit addressed the GAO's Standards for Internal Control in the Federal Government which have been adopted by the FDIC and include specific requirements related to internal control, including the monitoring that should take place in the course of normal operations.

Scope

The applications within the scope of the audit included both shelf and inflatable charters. The scope of the audit included applications received between August 26, 2009 and April 15, 2011, and excluded those applications that were processed prior to the FDIC Board's approval of the SOP.

The scope of the audit included procedures, processes, and controls over the FDIC's qualification process for PCIs, including the application for deposit insurance and the preliminary clearance to bid on failed institutions. Specifically, the scope included, but was not limited to:







I-15






  • Testing the compliance with overall internal control policies, the decision-making process and general procedures to be followed by RMS in reviewing the application for deposit insurance and providing preliminary clearance to PCIs to bid on failed bank acquisitions by performing walkthrough procedures, which included a combination of inquiry, observation, verification and re-computation;
  • Evaluation and testing of the procedures and controls in place to ensure that PCIs are evaluated appropriately by the Legal Division under the qualification standard outlined in the SOP;
  • Evaluation and testing of the procedures and controls in place to ensure that RMS has evaluated the applications for PCIs in accordance with the seven factors described in section 6 of the FDI Act (12 USC §1816);
  • Evaluation and testing of the procedures and controls in place to ensure that RMS has evaluated the applications for PCIs in accordance with RMS' Risk Management Manual of Examination Policies.

Methodology

BDO evaluated the design and implementation of the control environment to determine its effectiveness. BDO coordinated with the OIG to select a representative sample of applications and tested them for compliance with the applicable criteria.

BDO conducted its final field work during January and February 2011, which included an additional evaluation of the relevant policies, procedures and key controls, and testing of the sample of applications selected for compliance with the specified criteria. During this time we also interviewed relevant personnel responsible for processing the applications and performing the six month review.

BDO concluded fieldwork in late February 2011, and initial feedback was shared with RMS. RMS raised concerns over the initial findings and communicated that they had an additional information repository which contained the information required to complete the audit. Consequently, an additional sample was selected of one inflatable and one shelf charter whose applications were processed in 2011. These additional sample items were reviewed using the same audit programs as the initial sample. The original samples were also re-evaluated using the additional repository.

For PCI applications selected for testing, the analysis of the application and related supporting documentation was reviewed to ensure compliance with the applicable criteria. Procedures included:

  • Review of the applications to ensure completeness of supporting documentation, appropriate coordination with AFBAs, state regulators, FDIC's Legal Division and relevant FDIC regional office(s), and appropriate review and approvals.
  • Review of supporting documentation which evidenced compliance with the seven statutory factors under the FDI Act.
  • Review of supporting documentation which evidenced compliance with the SOP, for example the final offering materials (e.g., subscription agreements, investment agreement, etc.) for the proposed capital raise, whether the investor capital commitments are firm commitments or merely expressions of interest, a list of investors with firm commitments including for each investor, to ensure they were appropriately considered under the SOP applicability requirements.






I-16






  • Determining whether an appropriate internal control structure is in place for managing and monitoring applications.

The above procedures were developed to provide a basis from which to conclude whether the FDIC's process for qualifying PCIs was compliant with the applicable criteria and performed in a reasonable and timely manner. Audit programs were prepared to address all of the procedures performed.

The full audit testing was performed on an initial sample of five items. Limited audit testing was performed on an additional ten items, with an additional two items selected for 2011, to test the review and approval process, including reviewing the routing packages for the appropriate approval signatures and attached documentation. Tables 4 and 5 provide additional details regarding the composition of the samples.

[D]

[D]







I-17






[D]





I-18






[D]





I-19






[D]



I-20





















Part II Corporation Comments and OIG Evaluation
































OIG Evaluation of Corporation Comments

The Director, RMS, and the General Counsel, Legal Division, provided a joint written response, dated December 13, 2011, to a draft of this report. The response is presented in its entirety beginning on page II-2. In the response, RMS and the Legal Division concurred with the report's recommendation. A summary of management's comments on the recommendation is presented on page II-3. Management's planned action is responsive to the recommendation, and the recommendation is resolved.

The response also noted that RMS and the Legal Division would review the impact of the SOP and brief the FDIC's Board of Directors on the results within six months of the issuance of this report.

























II-1






[D]





II-2






[D]





II-3




Last updated 2/13/2012