PRINT
FDIC OIG Evaluation Report: The FDIC's Acquisition and Management of Securities Obtained through Resolution and Receivership Activities, October 2011


FDIC OIG Executive Summary


The FDIC's Acquisition and Management of
Securities Obtained through Resolution and
Receivership Activities
  Report No. EVAL-12-001
October 2011
Why We Did This Audit

The FDIC Office of Inspector General (OIG) contracted with BDO USA, LLP (BDO) to conduct an audit of the FDIC's acquisition and management of securities obtained through resolution and receivership activities. The audit objectives were to determine whether key procedures, processes, and controls over acquisition and management of securities ensure that: (1) securities were fully identified and accurately recorded into receivership accounts; (2) securities were valued in accordance with pricing policies approved by the Division of Resolutions and Receiverships (DRR) Franchise Marketing Unit (FMU); (3) principal and interest (P&I) payments associated with securities were received and properly recorded; and (4) securities were transferred to the FDIC custodial account completely and accurately or adequate control was established to safeguard the physical securities.

The audit covered the securities that were acquired through the resolution and receivership activities of the failed banks that were closed and placed into FDIC receivership from October 1, 2010 through March 31, 2011. The audit did not include securities covered by shared-loss agreements.

Background

DRR has primary responsibility for managing receivership assets, including securities. Securities may be a substantial portion of failed institutions' assets and may include debt instruments; common and preferred equity, including equity in the institution resolved; equity in subsidiaries owned by the resolved institution; and limited partnerships. Prior to a bank closing, FMU determines which assets, including securities, are transferred to an assuming institution and which assets are transferred to the FDIC receivership. During the bank closing process, DRR's Capital Markets Unit (CMU) performs a valuation of failed bank securities and determines the current market value of readily marketable securities and is responsible for the custody, transfer, management, and disposition of securities that remain with the receivership. CMU also monitors collection of securities distributions and submits expected payment documentation to DRR Receivership Accounting, which ensures that actual payments are received. DRR Receivership Accounting is responsible for allocating cash collected to the corresponding security and receivership.

The value of securities retained by the FDIC in its receivership capacity was $12.8 and $12.4 billion on December 31, 2010 and May 31, 2011, respectively. For the year ended December 31, 2010, principal collections totaled $11.3 billion, and sales of securities in liquidation totaled $9.1 billion. For the period January 1, 2011 through May 31, 2011, principal collections totaled $1.7 billion, and sales of securities totaled $691 million. During the period of our audit, DRR was developing the DRR Capital Markets Policies and Procedures Manual, and while the manual has not yet been finalized, CMU noted that policies and procedures contained within the manual were implemented prior to our review period. As such, we used the manual as the primary criteria during the audit.

Audit Results

BDO concluded that, except as noted below, CMU had established adequate draft procedures, processes, and controls for the FDIC's acquisition and management of securities from failed financial institutions. CMU's draft Capital Markets Policies and Procedures Manual details procedures, processes, and controls for each area covered by our audit objectives, and includes flowcharts of the processes, as well as guidance and job aids. Based on the audit,






Executive Summary The FDIC's Acquisition and Management of
Securities Obtained through Resolution and
Receivership Activities
  Report No. EVAL-12-001
October 2011

BDO observed that CMU had taken steps that substantially address provisions of the draft manual. With regard to each of the audit objectives, BDO determined that all of the securities sampled were: (1) identified and accurately recorded into the receivership accounts, with the exception of one manual error; (2) valued in accordance with the pricing policies approved by FMU; and (3) accurately transferred to the FDIC custodial accounts or to the Division of Finance vault.

However, BDO concluded that DRR had not finalized, approved, and issued its draft Capital Markets Policies and Procedures Manual and that the manual does not include key processes and controls for monitoring P&I and timing guidelines for the transfer of securities to the FDIC custodian. Additionally, BDO concluded that the P&I payments associated with securities were not always received and properly recorded. As part of the audit, BDO requested information and support regarding the monitoring and collection of P&I distributions owed to the FDIC for a sample of securities. In responding to this request, DRR Receivership Accounting identified approximately $9.8 million of P&I distributions associated with 24 securities that were not properly identified, monitored, or collected during the period October 1, 2010 through March 31, 2011. Accordingly, the report includes $9.8 million in questioned costs that we will report in our next Semiannual Report to the Congress. During the audit, DRR commenced a Securities Payment Recapture and Reconciliation Project to identify and collect distributions owed to the FDIC for securities acquired as a result of all bank failures through June 30, 2011. As of September 1, 2011, the project team had identified $44.4 million in payments due to the FDIC from acquirers of failed institutions. DRR anticipates completing the project by December 31, 2011.

Recommendations and Management Response

The report includes four recommendations intended to improve controls over the FDIC's acquisition and management of securities. Specifically, BDO recommended that the Director, DRR:

  1. finalize, approve, and issue the Capital Markets Policies and Procedures Manual ensuring that the process for monitoring and collecting P&I and timing guidelines for the transfer of custody of securities are specifically addressed;
  2. establish and document in the Capital Markets Policies and Procedures Manual procedures and controls for DRR Receivership Accounting acknowledging receipt of expected P&I documentation submitted by CMU and the communication mechanisms for notifying CMU of missing payments;
  3. identify and collect all distributions due to the FDIC and not collected for securities acquired during the past 3 years, including completing the Securities Payment Recapture and Reconciliation Project; and
  4. develop and document in the Capital Markets Policies and Procedures Manual specific guidance related to the transfer of all types of securities acquired by the DRR that addresses the roles and related timing guidelines for the various FDIC groups involved in the transfer of security process.

The Director, DRR, provided a written response to a draft of this report, dated September 29, 2011. Management concurred with the four recommendations and described planned corrective actions that are responsive to each recommendation.







FDIC, Federal Deposit Insurance Corporation, Office of Inspector General,  Office of Evaluations, 3501 Fairfax Drive, Arlington, VA 22226-3500
DATE: October 6, 2011
  
MEMORANDUM TO: Bret D. Edwards
  Director, Division of Resolutions and Receiverships
   
   
FROM:E. Marshall Gentry[Electronically produced version; original signed by E. Marshall Gentry]
  Assistant Inspector General for Evaluations
   
SUBJECT: The FDIC's Acquisition and Management of Securities Obtained
through Resolution and Receivership Activities

(Report No. EVAL-12-001)

The subject final report is provided for your information and use. Please refer to the Executive Summary, included in the report, for the overall audit results. Our evaluation of the Division of Resolutions and Receiverships' response is incorporated into the body of the report. Your comments on a draft of this report were responsive to the recommendations. We have determined that management's planned corrective actions are sufficient to resolve the recommendations.

Consistent with the OIG's new approach to the Corrective Action Closure (CAC) process, the OIG plans to limit its review of CAC documentation to those recommendations that we determine to be particularly significant. Such determinations will be made when the Office of Enterprise Risk Management (OERM) advises us that corrective action for a recommendation has been completed. Recommendations deemed to be significant will remain open in the OIG's System for Tracking and Reporting (STAR) until we determine that corrective actions are responsive. All other recommendations will be closed in STAR upon notification by OERM that corrective action is complete but remain subject to follow-up at a later date.

If you have questions concerning the report, please contact me at (703) 562-6378, or Ann Lewis, Audit Manager, at (703) 562-6379. We appreciate the courtesies extended to the audit staff.

Attachment

cc: Stephen K, Trout, DRR
Sean D. Cassidy, DRR
James H. Angel, Jr., OERM
Larry Choates, DOF








Contents
 
Part I  
Report by BDO USA, LLP
The FDIC's Acquisition and Management of Securities
Obtained through Resolution and Receivership Activities
I-1
Part II  
OIG Evaluation of Management Response
II-1
Corporation Comments
II-2
Summary of Management's Comments on the Recommendations
II-5




















































Part I


Report by BDO USA, LLP
































Audit Report
The FDIC's Acquisition and Management of Securities Obtained through Resolution and Receivership Activities
October 5, 2011, BDO









Tel: 301-654-4900, Fax: 301-654-3567, Tel: 301-654-4900, Fax: 301-654-3567, 7101 Wisconsin Ave, Suite 800, Bethesda, MD 20814www.bdo.com

October 5, 2011

Honorable Jon T. Rymer
Inspector General
Federal Deposit Insurance Corporation
3501 Fairfax Drive
Arlington, VA 22226

Re: Transmittal of Results of the Audit of The FDIC's Acquisition and Management of Securities Obtained through Resolution and Receivership Activities
(Report No. EVAL-12-001)

Dear Mr. Rymer:

This letter submits our final report representing the results of our performance audit of The FDIC's Acquisition and Management of Securities Obtained through Resolution and Receivership Activities in accordance with Contract Number CORHQ-09-G-0386 dated September 28, 2010. The objective of this performance audit was to assess the FDIC's acquisition and management of securities obtained through resolution and receivership activities. As part of our work, we interviewed key DRR officials responsible for the process and obtained other evidence to accomplish the audit objectives.

We conducted our performance audit in accordance with Generally Accepted Government Auditing Standards (GAGAS). Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objective. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objective.

Overall, the acquisition and management of securities obtained through resolution and receivership activities was completed in accordance with the applicable policies, procedures, and guidelines. We found that the FDIC had implemented controls designed to ensure that the acquisition and management of securities was managed effectively and potential losses to the DIF were minimized. While these controls are positive, updated and additional internal control procedures and certain control enhancements are warranted.

We issued a draft of this report on August 18, 2011. We subsequently met with representatives of the FDIC's Division of Resolutions and Receiverships (DRR) in Washington, D.C. and Office of Inspector General (OIG) representatives to obtain informal feedback on the draft report. Based on the informal feedback received, we made changes to the draft report that we deemed appropriate. On September 29, 2011, the Director, DRR, provided a formal written response to our draft report.

BDO USA, LLP, a New York limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms.

BDO is the brand name for the BDO network and for each of the BDO Member Firms.







I-2






BDO icon

This performance audit did not constitute an audit of financial statements in accordance with GAGAS. BDO was not engaged to and did not render an opinion on the FDIC's internal controls over financial reporting or over financial management systems. BDO cautions that projecting the results of our audit to future periods is subject to the risks that controls may become inadequate because of changes in conditions or because compliance with controls may deteriorate. The information included in this report was obtained from the FDIC on or before June 30, 2011. We have no obligations to update our report or to revise the information contained therein to reflect events and transactions occurring subsequent to June 30, 2011.

Please contact Thomas Cooper at 301-634-4900 if you have any questions or comments regarding this report.

Very truly yours,

BDO USA, LLP

BDO USA, LLP



















I-3












[D]
I-4






EXECUTIVE SUMMARY

The Federal Deposit Insurance Corporation (FDIC) Office of Inspector General (OIG) contracted with BDO USA, LLP (BDO) to conduct an audit of the acquisition and management of securities1 obtained through resolution and receivership activities. Based on delegations from the FDIC's Board of Directors, the FDIC's Division of Resolutions and Receiverships (DRR) has primary responsibility for resolving failed financial institutions and managing the resulting receiverships, including security assets retained by the FDIC in its receivership capacity.

The objectives of the audit were to determine whether key procedures, processes, and controls over acquisition and management of securities ensure that:

  • securities were fully identified and accurately recorded into receivership accounts;
  • securities were valued in accordance with pricing policies approved by the DRR Franchise Marketing Unit (FMU);
  • principal and interest (P&I) payments associated with securities were received and properly recorded; and
  • securities were transferred to the FDIC custodial account completely and accurately or adequate control was established to safeguard the physical securities.

The audit covered the securities acquired through the resolution and receivership activities of the failed banks that were closed and placed into FDIC receivership from October 1, 2010 through March 31, 2011. The securities included in the scope of the audit were both marketable and non-marketable securities retained. These securities encompass those held by subsidiaries of institutions which have been subject to the resolution process, as well as securities that were obtained or are potentially available through defaulted loans. The scope of the audit excluded any securities covered by Shared-Loss Agreements (SLAs). We tested the acquisition and management of a sample of 45 of the 442 securities acquired during the period of our review, $214 million out of the total population value of $446 million. The sample of 45 securities covered 12 receiverships out of the 37 receiverships that were established and included retained securities during October 1, 2010 through March 31, 2011.2

The scope of the audit included procedures, processes, and controls over the acquisition and management of securities obtained through resolution and receivership activities. As part of our work, we: (1) interviewed key DRR and Division of Finance (DOF) personnel responsible for the acquisition and management of the securities and other assets; and (2) reviewed a sample of securities acquired through the resolution and receivership activities of the failed




1 The term Securities or security assets includes, but is not limited to, US Treasury instruments, issues of governmental agencies, mortgage-backed obligations, municipal bonds, warrants, options, futures contracts, partnership interests, shares of unit investment trusts, participation certificates, preferred or common stocks and other equity instruments, rated or unrated bonds, notes or other debt instruments, financial derivatives, special purpose finance corporations (subsidiaries) which serve or have served as vehicles for issuing or holding mortgage-backed or asset-backed securities, and all related instruments.
2 In total, 56 receiverships were established during this period, of which 19 did not have any FDIC retained securities.



I-5






banks that were closed from October 1, 2010 through March 31, 2011. The sample was judgmental and, therefore, not projectable to the population of securities. A detailed discussion of our objectives, scope, and methodology is included in Appendix I of this Report. The primary criteria for this audit were: (1) the draft Capital Markets Policies and Procedures Manual,3 (2) the General Accounting Office's (GAO) November 1999 Publication, Standards for Internal Control in the Federal Government, and (3) FDIC Circular 4010.3, FDIC Enterprise Risk Management Program.

With the exception of findings discussed in this report, DRR's Capital Markets Unit (CMU) has established adequate draft procedures, processes, and controls for the FDIC's acquisition and management of securities from failed financial institutions. CMU's draft Capital Markets Policies and Procedures Manual details procedures, processes, and controls for each area covered by our audit objectives, and includes flowcharts of the processes, as well as guidance and job aids. Based on our audit, we observed that CMU had taken steps that substantially address provisions of the draft manual. While the manual has not yet been finalized, CMU noted that policies and procedures contained within the manual were implemented prior to our period of review. As such, we used the manual as the primary criteria in the audit.

With regard to each of our audit objectives, we determined that all of the securities that we sampled were (1) identified and accurately recorded into the receivership accounts, with the exception of one manual error; (2) valued in accordance with the pricing policies approved by FMU; and (3) accurately transferred to the FDIC custodial accounts or to the DOF vault. However, we found that the P&I payments associated with securities were not always received and properly recorded. When responding to our request for information and support regarding the monitoring and collection of P&I distributions owed to the FDIC, DRR Receivership Accounting identified approximately $9.8 million of P&I distributions that were not properly identified, monitored, or collected during the period October 1, 2010 through March 31, 2011 for the securities we sampled. DRR has commenced a Securities Payment Recapture and Reconciliation Project to identify and collect all distributions owed to the FDIC for securities acquired in all bank failures through June 30, 2011.

We also concluded that CMU could improve its draft Capital Markets Policies and Procedures Manual and its compliance with certain procedures within the manual. As of the report date, CMU was still revising the manual4 and, therefore, had not finalized and obtained appropriate approvals for the Capital Markets Policies and Procedures Manual. Further, CMU had not fully implemented provisions for monitoring and overseeing the collection of P&I and other distributions on the security assets that the FDIC as receiver has retained. Additionally, CMU had not established criteria or timing guidelines for the transfer of securities to the FDIC custodian. Enhanced criteria and improved compliance in these areas should help ensure the accuracy and efficiency of the securities acquisition and management process.




3 We used the draft version of the FDIC DRR Capital Markets Policies and Procedures Manual notated by DRR as revised February 2, 2011.
4 In July 2011, we were notified by DRR that the manual had been revised subsequent to the February 2, 2011 version and was being reviewed by the applicable DRR departments.



I-6






Specifically, we are recommending that DRR:

  • finalize, approve, and issue the draft Capital Markets Policies and Procedures Manual;
  • establish and document procedures and corresponding controls for monitoring and collecting P&I or other distributions owed to FDIC for its retained securities; and
  • develop and document criteria defining timing guidelines for the transfer of custody to the FDIC's custodian for book-entry securities.

We conducted this performance audit from January 2011 through July 2011 in accordance with Generally Accepted Government Auditing Standards (GAGAS) issued by the Comptroller General of the United States and with audit policies and procedures established by the FDIC OIG. Those standards, policies, and procedures require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Additionally, we used the GAO's November 1999 publication, Standards for Internal Control in the Federal Government, as criteria for assessing DRR's securities acquisition and management program. The glossary in Appendix III contains definitions for key terms, and Appendix IV contains a listing of acronyms.

This performance audit did not constitute an audit of financial statements in accordance with GAGAS. BDO was not engaged to, and did not, render an opinion on the FDIC's internal controls over financial reporting or over financial management systems. BDO cautions that projecting the results of our audit to future periods is subject to the risks that controls may become inadequate because of changes in conditions or because compliance with controls may deteriorate.















I-7






BACKGROUND

Key aspects of the FDIC's mission are to plan and efficiently administer the resolution of failing FDIC-insured institutions and the acquisition and management of assets acquired by the FDIC in its receivership capacity. Prompt, responsive, and efficient administration of failed financial institutions is required to maintain confidence and stability in our financial system. The FDIC's DRR is chiefly responsible for the acquisition and management of the retained assets, including securities.

Once a financial institution is identified for closing, DRR markets and seeks to sell the assets and/or liabilities to the highest bidder to achieve the greatest return for the Deposit Insurance Fund. If no acquiring institution is found, the FDIC proceeds with a deposit payout when the institution is closed. When a sale is consummated, a Purchase and Assumption Agreement (P&A) is generally executed delineating the failed financial institution's assets and liabilities being acquired by the Assuming Institution (AI). Assets and liabilities not purchased by the AI are retained for management and disposition by the FDIC in its receivership capacity.

When securities are included within a failed institution's assets, FMU verifies the existence of the securities. Generally, the less marketable securities remain with the receivership and must be sold by CMU. Securities obtained by the FDIC as a result of its resolution and receivership activities include, but are not necessarily limited to: debt instruments; common and preferred equity, including equity in the institution resolved; equity in subsidiaries owned by the resolved institution; and limited partnerships. The total value of securities in liquidation held by the FDIC in its receivership capacity was $12.8 and $12.4 billion on December 31, 2010 and May 31, 2011, respectively. For the year ended December 31, 2010, principal collections totaled $11.3 billion and sales of securities in liquidation totaled $9.1 billion. From January 1, 2011 through May 31, 2011, principal collections totaled $1.7 billion, and sales of securities totaled $691 million. The sales encompassed mostly U.S. agency securities and municipal bonds.

DRR contains the key groups that are involved with the acquisition and management of assets, including securities. Prior to a bank closing, FMU determines which assets, including securities, are transferred to the AI and which assets are transferred to the FDIC in its receivership capacity. CMU is responsible for the custody, transfer, management, and disposition of certain assets, including securities, which are transferred to a receivership. DOF assists DRR by facilitating the transfer of the securities to the custodians under instruction from CMU.

During the closing process of the P&A transaction, the FMU and the CMU Closing Team obtain a complete inventory of securities that the FDIC as receiver is retaining, which may include securities such as agency mortgage backed securities (MBS), non-agency private label MBS (PLMBS), and municipal bonds. In addition, the inventory may include other assets, such as various types of loans, limited partnership interests, corporate notes, preferred stock, and qualified financial contracts. Historically, DRR has included securities in its SLAs within the P&A agreements with AIs, providing an FDIC guarantee for a portion of the losses incurred. However, more recently, DRR has retained a larger portion of the securities during the resolution process of failed institutions.

During the closing process, CMU performs a valuation of failed bank securities and determines the current market value of readily marketable securities. For the securities that







I-8






are not readily marketable or are not regularly traded, FMU obtains support for the book value of the security at the time of closing, such as broker or custodian statements. During the closing weekend, FMU records the securities in the Proforma Jackets5 at either the current market value, as provided by CMU, or at the book value for non-readily marketable securities.

After the closing weekend events, CMU advises DOF to transfer the retained securities from the failed institution's custodian6 to the FDIC's custodian, the Federal Home Loan Bank of New York (FHLB NY). Physical securities are generally obtained during the closing weekend and sent to DOF for safekeeping.

Finally, DRR Receivership Accounting is responsible for recording each of the receivership balances separately on the FDIC general ledger system, based on the Proforma Jackets created during the closing weekend.

Significant Criteria Related to Retained Securities

The draft DRR Capital Markets Policies and Procedures Manual includes information on securities and other assets (syndicated loans, syndicated limited partnerships, and qualified financial contracts) managed by DRR. It also addresses organizational responsibilities for the marketing and disposal of these asset types. Prior to and during our audit there were no applicable policies and procedures that had been established in the form of a DRR directive.

DOF does not maintain separate documented policies and procedures for the process of transferring the securities to the FDIC's custodial account. However, DOF's responsibilities are documented in the draft Capital Markets Policies and Procedures Manual.
















5 Documentation prepared by the Proforma Team to convert the failed bank's accounting records from accrual basis to cash basis accounting and to document the split of assets between those remaining with the FDIC as receiver and those sold to the Acquiring Institution.
6 A custodian is a financial institution that has the legal responsibility for a customer's securities.





I-9






RESULTS OF AUDIT

FINDING 1: FDIC DRR POLICIES AND PROCEDURES

CMU is developing a Capital Markets Policies and Procedures Manual that outlines its responsibilities related to securities and other assets. The activities include the valuation of securities, the transfer of custody of the securities to the FDIC's custodian, and the management of the securities portfolio, including periodic reconciliations and monitoring and collection of securities distributions. CMU still needs to finalize procedures and we found that certain procedures were not implemented. Comprehensive policies and procedures are important and help to ensure that management's directives are carried out.

From our review of the Capital Markets Policies and Procedures Manual, all of the main functions of CMU appear to be detailed, including flowcharts of the processes, as well as guidance and job aids. The sections covered in the manual in relation to securities include pre-closing, closing, and post-closing guidance. While the manual has not yet been approved, CMU noted that policies and procedures contained within the manual were implemented prior to our period of review. As such, we used the manual as the primary criteria in the audit.

While we determined that many of the policies and procedures in the draft manual were followed, including those related to the valuation and recording of securities, we noted that certain policies and procedures were not implemented. Specifically, procedures related to the monitoring of P&I and other distributions were not fully implemented during the scope of our audit as discussed further in finding number two. Additionally, certain reconciliations intended to ensure the accuracy of the securities inventory listing were not performed during the time period covered by our audit. The reconciliation process was implemented in January 2011, and from the commencement date through the end of our period of review, the reconciliations were completed.

CMU indicated to us that it had resource constraints and was not able to fully develop and implement policies and procedures regarding the acquisition and management process of securities during the past three years when the FDIC experienced a large number of bank closings and receiverships.

The GAO Standards for Internal Control in the Federal Government provides high level guidance on the appropriate documentation of transactions and internal control. The guidance notes that internal controls need to be clearly documented, and the documentation should appear in management directives, administrative policies, or operating manuals.

FDIC Circular 4010.3, FDIC Enterprise Risk Management Program, establishes policy for the development, maintenance, and evaluation of a comprehensive Enterprise Risk Management (ERM) Program at the FDIC. The ERM Program encompasses four fundamental requirements as follows:

  1. Procedures that are both current and appropriately documented;
  2. Reasonable controls that have been incorporated into those procedures;
  3. Employees who have been trained in the proper execution of their duties; and
  4. Supervisors and managers who are both empowered and held accountable for performance and results.






I-10






The ERM Program Circular provides that to the extent any component of the foundation changes, immediate attention should be given to re-establishing the foundation and the corresponding ability to carry out responsibilities effectively on a day-to-day basis.

DRR Circular 1212.1, DRR Directive System, establishes policies, guidelines, procedures, and responsibilities for DRR staff when preparing, issuing, maintaining, or archiving documents within the Division's Directive System, including policy manuals and job aids. DRR Circular 1212.1 states that program area staff are responsible for preparing directives, job aids and MOU to document policies, procedures and tasks for which they are responsible. Additionally, the Circular states that DRR Directives, Job Aids and MOU should be updated by originating parties in a timely manner to ensure current policies and procedures are reflected.

Policies and procedures will help establish criteria to ensure the FDIC DRR is acquiring and managing its securities assets consistently, timely and efficiently, which would include collecting the distributions that are owed to FDIC as receiver.

Recommendation: We recommend that the Director, DRR:
1) Finalize, approve, and issue the Capital Markets Policies and Procedures Manual in
accordance with DRR Circular 1212.1 and FDIC Circular 4010.3, ensuring that the process for monitoring and collecting principal and interest payments and the timing guidelines for the transfer of custody of the securities are specifically addressed.



















I-11






FINDING 2: CAPITAL MARKETS MONITORING AND COLLECTION OF SECURITIES DISTRIBUTIONS

CMU did not monitor and oversee collection of all securities distributions as required by the draft Capital Markets Policies and Procedures Manual. Specifically, CMU did not monitor expected payments, through the preparation of a payment tracking and monitoring schedule, for 5 of the 45 securities we sampled. Further, DRR Receivership Accounting did not receive payment tracking and monitoring schedules that CMU prepared for the 40 remaining securities in our sample. As a result, the FDIC was unaware that the P&I payments due to the FDIC were not received. Additionally, of the 40 monitoring schedules that were prepared, 4 contained data that did not agree to the source documentation provided and did not contain explanations for the variances.

The payment tracking and monitoring schedules are necessary for DRR Receivership Accounting to allocate the cash collected to the corresponding security and receivership and to determine whether there are missing payments. Once the data for the expected payments has been gathered, CMU is required to send the expected payments documentation to DRR Receivership Accounting, who ensures that the actual payments are received. For any discrepancies, DRR Receivership Accounting is required to notify the Capital Markets Receivership Manager, who is responsible for tracking down missing payments. In that regard, we noted that DRR Receivership Accounting did not receive the payment tracking and monitoring schedules for the 45 securities within our sample. When responding to our request for information and support regarding the monitoring and collection of P&I distributions owed to FDIC, DRR Receivership Accounting prepared its own expected P&I payment documentation for the 45 sampled securities and reconciled the actual payments received to the expected payments documentation. For 24 of the 45 securities, the P&I cash payments due to the FDIC were not received for certain months between October 2010 and March 2011. During this period, the payments due to the FDIC that had not been collected on these 24 securities totaled approximately $9.8 million.

CMU is responsible for coordinating with DRR Receivership Accounting to ensure that the P&I payments are received. Specifically, the draft Capital Markets Policies and Procedures Manual states that the Capital Markets Receivership Manager is responsible for gathering third-party data to monitor expected P&I payments and to coordinate with DRR Receivership Accounting to ensure that the P&I was actually received by the FDIC. We noted that while the manual includes provisions for CMU to send expected P&I payment documentation to DRR Receivership Accounting and for DRR Receivership Accounting to notify CMU of any missing P&I payments, the manual does not specify the manner in which: 1) CMU should send the information to DRR Receivership Accounting, 2) DRR Receivership Accounting should confirm with CMU that it has received the information, or 3) DRR Receivership Accounting should notify CMU of missing P&I payments.

Without proper monitoring and corresponding acknowledgements of the notifications of the securities distributions owed to the Corporation, the FDIC did not collect the cash it was owed under the terms of the securities acquired.

CMU has acknowledged responsibility for tracking the payments related to the retained securities due to the receiverships. Additionally, CMU initiated a Securities Payment Recapture and Reconciliation Project that was started during the course of our review, and is designed to determine whether the expected payments were properly identified and collected for 368 receiverships. In their response to the draft report, DRR stated that as of September 1, 2011, the Securities Payment Recapture and Reconciliation Project identified and transferred







I-12






to FDIC, $106 million in payments due from acquirers of failed institutions (AIs). To date approximately $27.8 million of identified payments have been collected from AIs; collection of the remaining payments due should occur after AIs complete their reviews to confirm the Project's calculations of amounts due FDIC as receiver.

Recommendation: We recommend that the Director, DRR:
2) Establish and document in the Capital Markets Policies and Procedures Manual
procedures and corresponding controls related to DRR Receivership Accounting acknowledging receipt of expected P&I payment documentation submitted by CMU and the communication mechanisms for notifying CMU of missing P&I payments; and
3) Identify and collect all distributions due to the FDIC and not collected, for securities
acquired during the past three years, including completing the Securities Payment Recapture and Reconciliation Project. (The OIG has advised us they will report $9.8 million in questioned costs in its next Semiannual Report to Congress, which represents the amount of distributions owed to the FDIC, but not collected, that DRR identified as a result of our audit. Appendix II provides a detailed explanation of how monetary benefits, including questioned costs, are determined, reported, and resolved according to the Inspector General Act of 1978, as amended.)



























I-13






FINDING 3: TRANSFER OF CUSTODY OF ACQUIRED SECURITIES TO FDIC

We determined that CMU and DOF accurately transferred securities to an FDIC custodian or financial advisor, as required. However, we noted that securities were not always transferred timely. To determine whether the securities obtained through receivership were transferred to FDIC custody both accurately and timely, we tested 45 items and determined the following:

  • The 36 book-entry securities7 within our sample were all transferred to the FDIC custodian without exception.
  • Seven securities in our sample were non-transferable stock or bonds that were appropriately transferred to a financial advisor.
  • Two of the securities in our sample were physical securities, and the certificates were sent to DOF for safekeeping in the FDIC vault.

However, the timing of the transfers to the FDIC's custodian, the FDIC's vault, or the FDIC's financial advisor varied. We noted that the required timing of transfer to FDIC is not addressed in the draft Capital Markets Policies and Procedures Manual. Specifically, for the 36 book entry securities the total number of days between the bank closing date and the date of custody transfer to FHLB NY ranged from 27 to 74 days, with an average of 41 days. Refer to Chart 1 below for the details, which are summarized by receivership.

Additionally, we analyzed the number of days between the bank closing date and the date CMU requested DOF to schedule a transfer to the FDIC's custodian, FHLB NY. Within this component of the transfer process, the timing varied between 10 and 61 days for CMU to request that DOF schedule a transfer, with an average time of 27 days.

Select [D] link to get a text representation of graph


[D]


7 A security for which the purchaser receives a receipt rather than an engraved certificate. Although a certificate may exist in some instances, it is held in one location as ownership changes.



I-14






For the two physical securities in our sample, we observed the security certificates in the DOF vault; however, for one of the two securities we were not able to clearly determine the date that the security was received by DOF, or how the security was received. We noted that this security was from an institution that failed on January 7, 2011, and was included on the DOF safe inventory list as of January 31, 2011. The other security was delivered via courier service with DOF maintaining email documentation supporting the transfer.

For the remaining seven securities in our sample (which included FHLB stock, municipal bonds, and a bond fund), we reviewed a statement or other source documentation included in the Proforma Jackets which evidenced the transfer of custody to the FDIC.

FDIC Circular 4010.3 includes two relevant Control Activities, namely (1) Physical Control Over Valuable Assets, which requires the establishment of physical control to secure and safeguard assets; and, (2) Accurate and Timely Recording of Transactions and Events, which requires the prompt recording of transactions. CMU and DOF do not currently have timeline criteria established for securities transfers to the FDIC's custodian or for the transfer of physical securities to the DOF vault for safekeeping.

The various time ranges for the transfer of the securities resulted from several factors, including resource constraints. CMU communicated that some transfers took longer than others due to encumbrances8, portfolio size, staffing, vacations, delays at the other custodian banks, delays at the assuming institution, and availability of authorized signers. CMU noted that in situations where there was an encumbered security within a receivership, DRR deferred the request to transfer any security within the receivership until the encumbrance(s) were removed.

The timely and efficient transfer of book entry securities from the acquiring institution to FHLB NY is directly correlated to the FDIC receiving P&I distributions it was owed on these securities, as such transfer established physical control in an FDIC account. Timely transfer of securities to the custodian facilitates the receipt of cash directly by the FDIC and eliminates additional settlement efforts that are required to collect the distributions owed to the FDIC in the event the securities are not transferred timely.

Defined criteria for the transfer of physical securities to FDIC would contribute to the physical securities being securely transferred to FDIC in a timely manner.

Recommendation: We recommend that the Director, DRR:
4) Develop and document in the Capital Markets Policies and Procedures Manual specific
guidance related to the timing criteria for the transfer of custody of all types of securities acquired by FDIC DRR that addresses the roles and related timing guidelines for the various FDIC groups involved in the transfer of securities process.








8 An encumbrance is a burden or charge upon property, such as a mortgage or lien.



I-15






OBSERVATION: PROFORMA RECORDATION ERROR

For 44 of the 45 securities tested, the confirmed proforma balances were recorded correctly by FMU in the Proforma Jacket. The remaining non-marketable security's book value was $4,125,000 according to the supporting source documentation in the Proforma Jacket, but this confirmed proforma balance was incorrectly recorded as $5,000,000 in the Jacket.

DRR Circular 4300.1, FDIC Enterprise Risk Management System, establishes the Proforma Manual as the authoritative reference for the accumulation and presentation of DRR Proforma procedures. The Proforma Manual calls for a review process of the Proforma Jackets that are prepared. Specifically, when the Jacket has been completed by the preparer, the Jacket is submitted electronically to the Proforma team leader who completes a detailed review and documents the approval electronically. A general review is then completed and documented by the Financial Manager. Each approval is documented on the Proforma Jacket's cover sheet. The controls in place require three signatures for the recording of the book value in the Proforma Jacket, namely; (1) preparer, (2) reviewer, and (3) general reviewer.

For the one security that we tested with an incorrect book value amount, all three signatures were present indicating the manual control did not operate effectively. The error was most likely attributed to a manual recording error that was not identified during the review process.

As a result of the recordation error in the Proforma Jacket, the security recorded on the FDIC general ledger and system of record was overstated by $875,000. However, we notified DRR Receivership Accounting of this overstatement, and DRR adjusted the general ledger to reflect the actual security value.

DRR noted that the recording error did not impact FDIC monetarily as the asset was assumed by the FDIC, in its receivership capacity. As this error appears to be non-systemic and non-recurring and DRR Receivership Accounting adjusted the general ledger to reflect the security value, we are not making a recommendation regarding this recordation error.















I-16






APPENDIX I

OBJECTIVES, SCOPE, AND METHODOLOGY

We conducted a performance audit that provided an independent assessment of the FDIC's acquisition and management of securities obtained through resolution and receivership activities. This audit did not address the FDIC's process for marketing or disposition of securities. The audit was performed in accordance with GAGAS.

Objectives

The objectives of the audit were to determine whether key procedures, processes, and controls over acquisition and management of securities ensure the following:

  • Securities were fully identified and accurately recorded into receivership accounts.
  • Securities were valued in accordance with pricing policies approved by FMU.
  • P&I payments associated with securities were received and properly recorded.
  • Securities were transferred to the FDIC custodial account completely and accurately or adequate control was established to safeguard the physical securities.

Because this was an audit performed in accordance with GAGAS, internal controls which were significant in the context of the audit objectives were assessed to determine if they are properly designed and implemented. The primary criteria for conducting this audit included:

  • Draft Capital Markets Policies and Procedures Manual;
  • FDIC Circular 4010.3, FDIC Enterprise Risk Management System;
  • DRR Circular 4300.1, Proforma Manual;
  • DRR Circular 1212.1, DRR Directive System; and
  • GAO's Standards for Internal Control in the Federal Government, which have been adopted by the FDIC and include specific requirements related to internal control, including the monitoring that should take place in the course of normal operations.

Scope

Securities within the scope of the audit included marketable and non-marketable securities retained by the FDIC during the receivership process. These securities encompassed those held by subsidiaries of institutions which have been subject to the resolution process as well as securities which were obtained or were potentially available through defaulted loans. The scope of the audit excluded any securities covered by SLAs.







I-17






The scope of the audit included procedures, processes, and controls over the acquisition and management of securities obtained through resolution and receivership activities. Specifically, the scope included, but was not limited to:

  • Processes and controls over the establishment of the inventory of securities to be retained by DRR, to include activities to ensure that all securities are identified;
  • Process and controls over the determination of the book values of securities acquired to include accuracy of the initial valuations;
  • Establishment of the inventory for sales and marketing purposes, including system controls, interaction, reconciliation, and maintenance. Systems include the 4C Inventory System, the Controls Total Module (CTM), and the Metavante Asset Servicing System;
  • Establishment of accounting records on the receivership books and records, including activities to ensure that all acquired securities are accurately recorded;
  • Processes and controls for transferring the acquired securities to the FDIC's single custodian account; and
  • Accounting for management of securities, including receipts of P&I payments and dividends, on receivership books and records to ensure that the FDIC as receiver is receiving distributions following acquisition.

Methodology

BDO evaluated the design and implementation of the control environment to determine its effectiveness. BDO coordinated with the OIG to select a representative sample of securities and test the acquisition and management of them in compliance with the applicable criteria.

BDO conducted its field work during May and June 2011, which included an audit of the relevant policies, procedures, and key controls, and completion of the testing of the sample of securities selected for compliance with the specified criteria. During this time we also interviewed relevant personnel responsible for the acquisition and management of securities obtained through resolution and receivership, which primarily included the FMU, CMU, DOF, and DRR Receivership Accounting personnel.

For our testing, beginning with the acquisition of the securities in FDIC receivership through ongoing management of the securities, we reviewed and assessed a sample of securities acquired to ensure that they were properly recorded on the receivership general ledger and properly managed in accordance with the appropriate criteria. For the selected sample we assessed the following:

Acquisition

We reviewed the completeness, valuation, and accuracy of the securities inventory retained by the FDIC subsequent to a bank's failure as of the acquisition date. We evaluated these assertions by executing the following tasks:







I-18






  • Evaluated the design and implementation of the controls surrounding the development of the securities inventory and determined their operating effectiveness.
  • Assessed the use of valuations in creating the initial book values recorded in the securities inventory.
  • Assessed the recording of the acquired securities in CTM, Metavante and 4C, including any accompanying reconciliations.
  • Identified and assessed any delays in recording the assets in the systems.
  • Verified that the acquired securities were accurately transferred to the FDIC's custodian in a timely manner.

Management

We evaluated the completeness and accuracy of P&I and other distributions along with the management of securities during the scope of the audit. We evaluated these assertions by executing the following tasks:

  • Evaluated the design and implementation of the controls surrounding the management process and determined their effectiveness and efficiency.
  • Assessed whether the FDIC is receiving all P&I payments or other distributions it is owed after the acquisition of assets through the receivership process.
  • Reconciled distributions to the statements of the custodian.
  • Reviewed the accounting for the P&I receipts from securities on the receivership books.

The above procedures were developed to provide a basis from which to conclude whether the FDIC's acquisition and management of securities obtained through resolution and receivership activities were compliant with the applicable criteria and performed in a reasonable and timely manner. The scope of the audit did not include determining why the AI did not remit payments of P&I to the FDIC. We prepared an audit program to address all of the procedures performed. Table 1 provides additional details regarding the components of the securities sample.

[D]





I-19






APPENDIX II

EXPLANATION OF MONETARY BENEFITS TERMS

AND MONETARY RESULTS TABLE

The Inspector General Act of 1978, as amended, (1) defines the terminology associated with monetary benefits identified by auditors and (2) establishes the reporting requirements for the identification and disposition of questioned costs in audit reports. In addition, the explanations provided below indicate that the process for actual recovery of questioned costs involves various stages, evaluations of factors, and decision-making processes. The following defines the key terms associated with monetary benefits and explains how they relate to each other.

  • First, auditors may identify "questioned costs" based on an alleged violation of a provision of a law, regulation, contract grant, cooperative agreement, or other agreement or document governing the expenditure of funds. In addition, a questioned cost may be a finding in which, at the time of the audit, a cost is not supported by adequate documentation (i.e., unsupported questioned cost); or a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable. It is important to note that the OIG does not always expect the FDIC to recover 100 percent of all questioned costs.
  • The next step in the process of making a decision about questioned costs is a "management decision." This is the final decision issued by management after evaluating the finding(s) and recommendation(s) included in an audit report. The management decision must specifically address the questioned costs by either disallowing or not disallowing these costs. A "disallowed cost" is a questioned cost that management, in a management decision, has sustained or agreed should not be charged to the government.
  • Once management has disallowed a cost and, in effect, sustained the auditor's questioned costs, the last step in the process takes place which culminates in the "final action." This is the completion of all actions that management has determined are necessary to resolve the findings and recommendation included in an audit report. Typically, in the case of disallowed costs, management will evaluate factors beyond the conditions in the audit report, such as qualitative judgments of value received or the cost to litigate, and decide whether it is in the FDIC's best interest to pursue recovery of disallowed costs.

When responding to our request for information and support regarding the monitoring and collection of P&I distributions owed to FDIC, DRR Receivership Accounting identified approximately $9.8 million of P&I that was not collected during the period October 1, 2010 through March 31, 2011. Table 2 reflects these monetary benefits.

[D]





I-20






[D]





I-21




























I-22






[D]
















I-23
























Part II


Management's Comments and OIG Evaluation




































MANAGEMENT'S COMMENTS AND OIG EVALUATION

The Director, DRR, provided a written response, dated September 29, 2011, to the draft of this report. The response is presented in its entirety beginning on Page II-2. Management concurred with the four BDO recommendations and the planned actions are sufficient to resolve all of them.

In response to the recommendations, DRR stated that it planned to have the Capital Markets Policies and Procedures Manual finalized and approved by December 31, 2011. Further, DRR indicated that the Capital Markets Policies and Procedures Manual would include timing guidelines for transferring the custody of securities and enhanced procedures that address the monitoring and collection of principal and interest payments. DRR stated that, as of September 1, 2011, the Securities Payment Recapture and Reconciliation Project (Project) identified $44.4 million in payments due from acquirers of failed institutions (assuming institutions), and approximately $27.8 million of identified payments have been collected from assuming institutions. DRR anticipates completing the Project by December 31, 2011. In addition, DRR's Capital Markets and Receivership Accounting, in conjunction with the FDIC's Division of Administration and Division of Information Technology, are in the initial stages of acquiring a securities portfolio management and accounting system that will improve controls in this area. A summary of management's comments on the recommendations begins on page II-5.























II-1




MANAGEMENT'S COMMENTS


DATE:September 29, 2011
 
TO:E. Marshall Gentry
Assistant Inspector General for Evaluations
 
FROM:Bret D. Edwards [Electronically produced version; original signed by Bret D. Edwards]
Director, Division of Resolutions and Receiverships
 
SUBJECT:Response to Draft Audit Report Entitled, The FDIC's Acquisition
and Management of Securities Obtained through Resolution and
Receivership Activities
(Assignment No. 2010-108)
 

This memorandum is in response to the recommendations in the subject draft OIG audit report dated August 18, 2011.

The Division of Resolutions and Receiverships (DRR) takes seriously its responsibility for ensuring the efficient management and liquidation of receivership assets, and welcomes constructive feedback to improve the effectiveness of its controls, processes and procedures involving securities retained by the FDIC in its receivership capacity.

In the third quarter of 2010, DRR Capital Markets (Capital Markets) and DRR Receivership Accounting (Receivership Accounting) identified potential weaknesses in the calculation and collection of payments associated with securities retained by the FDIC as Receiver for failed financial institutions, and implemented procedures to identify amounts due from safekeeping entities and acquirers of failed financial institutions.

In the second quarter of 2011, Capital Markets and Receivership Accounting collaboratively established a team responsible for reviewing principal and interest payments and ensuring that all payments are received; the Securities Payment Recapture and Reconciliation Project (Project). As missing payments are identified, the members of Receivership Accounting and DRR Settlements are working to collect the payments. As of September 1, 2011, the Project identified and transferred to FDIC, $106 million in payments held by custodians. Additionally, the Project identified $44.4 million in payments due from acquirers of failed institutions (assuming institutions). To date approximately $27.8 million of identified payments have been collected from assuming institutions; collection of the remaining payments due should occur after assuming institutions complete their reviews to confirm the Project's calculations of amounts due FDIC as Receiver.

Additionally, Capital Markets and Receivership Accounting, in conjunction with FDIC's Division of Administration and Division of Information Technology, are in the initial stages of acquiring a securities portfolio management and accounting system. The system is anticipated to:

  • reduce errors resulting from the current manual operations employed;







II-2









  • maintain an inventory of securities balances to be accessed and updated by Capital Markets and Receivership Accounting;
  • track securities' movement to custody;
  • provide ongoing monitoring and reconciliation of expected versus actual payments; and
  • significantly reduce the time spent monthly in reconciling securities inventory to the subsidiary system of record and the general ledger.

DRR anticipates implementing the above accounting system by September 30, 2012.

OIG Audit Recommendation 1: Finalize, approve, and issue the Capital Markets Policies and Procedures Manual in accordance with DRR Circular 1212.1 and FDIC Circular 4010.3, ensuring that the process for monitoring and collecting principal and interest payments and the timing guidelines for the transfer of custody of the securities are specifically addressed.

DRR Response: DRR agrees with this recommendation. The Capital Markets Policies and Procedures Manual has been updated to include timing guidelines for transferring the custody of securities. We have the new process in place and plan to have the Policies and Procedures Manual finalized and approved by December 31, 2011.

As discussed with representatives of OIG and BDO (the professional services firm contracted by the OIG to perform the audit), Capital Markets and Receivership Accounting are currently working on the Project. While both the Capital Markets' and Receivership Accounting's Policies and Procedures Manuals specifically address the monitoring and collection of principal and interest payments, it is anticipated that additional processes and procedures may arise as a result of the Project. Capital Markets and Receivership Accounting are in the process of identifying and documenting enhancements to existing procedures that are identified through work on the Project. Any enhancements will be added to the current manuals through the established change management process.

OIG Audit Recommendation 2: Establish and document in the Capital Markets Policies and Procedures Manual procedures and corresponding controls related to DRR Receivership Accounting acknowledging receipt of expected P& I payment documentation submitted by DRR Capital Markets and the communication mechanisms for notifying DRR Capital Markets of missing P&I payments.

DRR Response: DRR agrees with this recommendation. As mentioned above, the Project is currently establishing procedures and controls concerning the receipt of expected principal and interest payments, and the scope of their review includes all bank failures through June 30, 2011.

Capital Markets has implemented the current procedure of providing both Proforma teams and Receivership Accounting with information to identify expected payments, and Receivership Accounting will notify Capital Markets of any discrepancies.


2





II-3









OIG Audit Recommendation 3: Identify and collect all distributions due to the FDIC and not collected, for securities acquired during the past three years, including completing the Securities Recapture and Reconciliation Project. (The OIG has advised us [BDO] they will report $9.8 million in questioned costs in its next Semiannual Report to Congress, which represents the amount of distributions owed to the FDIC, but not collected, that DRR identified as a result of our audit. Appendix II provides a detailed explanation of how monetary benefits, including questioned costs, are determined, reported, and resolved according to the Inspector General Act of 1978, as amended.).

DRR Response: The $9.8 million due FDIC as Receiver was collected June 17, 2011. DRR agrees that all distributions due to FDIC as Receiver should be identified and collected. In the second quarter of 2011, DRR implemented the Project, which is determining distributions due FDIC for collection related to all bank failures through June 30, 2011. The Project is anticipated to complete its task by December 31, 2011.

OIG Audit Recommendation 4: Develop and document in the Capital Markets Policies and Procedures Manual specific guidance related to the timing criteria for the transfer of custody of all types of securities acquired by FDIC DRR that addresses the roles and related timing guidelines for the various FDIC groups involved in the transfer of securities process.

DRR Response: DRR agrees with this recommendation. A guideline has been implemented that Capital Markets will make a request to the FDIC Division of Finance's Treasury Management to schedule the transfer of unencumbered securities within 30 days of an institution's failure. Treasury Management will transfer the unencumbered securities within 10-12 days for smaller portfolios and 15-20 days for larger portfolios after receipt of the request and supporting documentation from Capital Markets and after Capital Markets has responded to all questions that arise upon review of the documentation.

cc:
Pamela Farwig, DRR
Randy Taylor, DRR
Gail Patelunas, DRR
David Cooley, DRR
George Alexander, DRR
James Angel, OERM
Howard Cope, DRR
Steve Trout, DRR



3





II-4






[D]




II-5






[D]




II-6