FDIC Seal












Semiannual Report to the Congress, October 1, 2005 - March 31, 2006

Inspector General’s Statement

Inspectors General seal

The Corporation has faced a number of significant issues over the past 6 months.

The passage of deposit insurance reform legislation in February 2006 posed new challenges as the Corporation began implementing some of the provisions of the legislation. To date, the FDIC has merged the two deposit insurance funds into a single Deposit Insurance Fund and raised the deposit insurance coverage on certain retirement accounts to $250,000 from $100,000. In the months ahead, more changes will occur as reforms are further implemented.

Also during the current reporting period, the Corporation continued its participation in the Federal Financial Institutions Examination Council’s Katrina Working Group and addressed supervisory policy issues emerging from the hurricane disaster. The Corporation hosted a forum for financial institutions and their regulators in New Orleans on March 2 and 3: The Future of Banking on the Gulf Coast: Helping Banks and Thrifts to Rebuild Communities. The FDIC can be proud of its efforts in responding to the Katrina disaster and will continue to monitor closely the condition of the affected financial institutions.

Finally, over the past months much attention was focused on Wal-Mart Bank’s application for federal deposit insurance. Wal-Mart Bank is a proposed Industrial Loan Company (ILC) headquartered in Salt Lake City, Utah. Wal-Mart’s application has generated considerable debate, and the FDIC held public hearings to hear differing views in the Washington, D.C., and Kansas City areas during April 2006. The Corporation has not yet taken action on this application and continues to consider it.

Within the OIG during the reporting period and currently, we face a significant challenge in implementing a change in the manner in which we frame, plan, and report on our work. Our 2006 Business Plan is intended to be more strategic and more reflective of integrating the work of all components of the OIG. Our new plan defines what guides us—our mission and vision; shows what we want to accomplish—our strategic goals; maps out how we plan to get there—our performance goals and key efforts; and provides a means of assessing how we did through performance reporting. It is within the context of the six strategic goals in our new Business Plan that our results of the past 6 months are presented in this semiannual report.

To sustain our successful results, we included the OIG’s budget for $26.3 million in the fiscal year 2007 budget that the President sent to the Congress. This reduced budget has been possible because of the improved health of the banking industry, continued staff downsizing of the FDIC and OIG, and internal efforts to enhance performance and productivity.

Following the departure of former Chairman Powell in November 2005, several significant changes that impact the OIG occurred in the FDIC’s corporate governance structure. Vice Chairman Gruenberg was called upon to lead the Corporation as Acting Chairman. Director Thomas Curry assumed the role of Audit Committee Chairman, a position previously held by the Acting Chairman. I have appreciated the leadership and strong support of both of these senior FDIC officials as I have continued to lead the OIG as Deputy Inspector General over the past 6 months. Further change is expected at the FDIC as Mr. Jon Rymer, nominee to serve as the FDIC Inspector General, and Ms. Sheila Bair, nominee to serve as the next FDIC Chairman, proceed through the Congressional confirmation process.

We look forward to a new Inspector General and a new Chairman joining the FDIC. Inspired by our business planning efforts and communications and coordination with our corporate and Congressional stakeholders, we are ready to face new challenges in the banking industry and renewed in our commitment to carry out the OIG mission at the FDIC.


Patricia M. Black, Deputy Inspector General

Table of Contents

Inspector General’s Statement view
Highlights and Outcomes view
STRATEGIC GOAL AREAS
Supervision: Assist the FDIC to Ensure the Nation’s Banks Operate Safely and Soundly view
Insurance: Help the FDIC Maintain the Viability of the Insurance Funds view
Consumer Protection: Assist the FDIC to Protect Consumer Rights and Ensure Community Reinvestment view
Receivership Management: Help Ensure that the FDIC is Ready to Resolve Failed Banks and Effectively Manages Receiverships view
Resources Management: Promote Sound Governance and Effective Stewardship of Financial, Human, Information Technology, and Procurement Resources view
OIG Internal Processes: Continuously Enhance the OIG’s Business and Management Processes view
Cumulative Results view
Reporting Requirements view
Information Required by the Inspector General Act of 1978, as amended view
Abbreviations and Acronyms view

Highlights and Outcomes

FDIC Seal

STRATEGIC GOAL 1

SUPERVISION: Assist the FDIC to Ensure the Nation’s Banks Operate Safely and Soundly

Achieving this goal is largely dependent on investigative success in combating financial institution fraud, and we made excellent progress in this area. As a result of cooperative efforts with Assistant U.S. Attorneys from around the country, numerous individuals were prosecuted for financial institution fraud during the reporting period. Former Community Bank of Blountsville executives and an excavating contractor received stiff sentences for conspiracy, bank fraud, and causing false entries in bank records. The former President of Hawkeye State Bank was sentenced to 65 months’ incarceration and ordered to pay $3.6 million in restitution for theft, embezzlement, misapplication by a bank officer, and engaging in monetary transactions in property derived from unlawful activity. The former director and the former president of the Bank of Alamo, along with four bank customers, were indicted on charges of conspiracy, money laundering, and bank fraud. Investigations also uncovered that business associates perpetrated real-estate fraud schemes involving property flips that impacted an FDIC-supervised institution. In another case, a securities broker was also sentenced to 60 months’ probation and 6 months’ home confinement after pleading guilty to obstructing an examination of a financial institution. Multiple other guilty pleas, indictments, and sentencings of former bank officers, directors, tellers, contractors, and bank customers contributed to successful OIG results in this goal area. Ongoing work included an audit of the FDIC’s procedures for addressing information technology (IT) security risks at FDIC-supervised financial institutions that offer electronic banking products and services.

STRATEGIC GOAL 2

INSURANCE: Help the FDIC Maintain the Viability of the Insurance Funds

A number of audit assignments focused on helping to maintain the viability of the insurance funds. We issued a report on the FDIC’s risk-related premium system leading to the Division of Insurance and Research’s (DIR) considering improvements to the assessment system to reflect changes in an institution’s capital level and examination composite ratings more frequently than semiannually. DIR planned to present improvements to the FDIC Board in conjunction with changes resulting from deposit insurance reform legislation. DIR will recommend assessment rates that better reflect differences among FDIC-insured institutions and are most likely to keep the insurance fund’s reserve ratio within the range contemplated by legislation. Ongoing audit work during the period addressed the accuracy of the FDIC’s reserve ratio and assessments determination and the FDIC’s industrial loan company deposit insurance application process.

STRATEGIC GOAL 3

CONSUMER PROTECTION: Assist the FDIC to Protect Consumer Rights and Ensure Community Reinvestment

Audits and investigations contributed to the FDIC’s protection of consumers in multiple ways. We issued a report on the implementation of the Gramm-Leach-Bliley Act and Fair and Accurate Credit Transaction (FACT) Act with recommendations to enhance assurance that institutions are taking steps to prevent identity theft to the extent intended by the FACT Act and to encourage the FDIC to coordinate with the joint agency rulemaking committee to expedite issuance of final rules and regulations for all of the FACT Act’s provisions. To help protect consumers, our Electronic Crimes Unit responded to phishing schemes where the FDIC and OIG Web sites were misused to entice consumers to divulge personal information. We successfully shut down several Web sites used for such purposes during the period. We continued to advocate strengthening the FDIC’s enforcement authority to curtail misrepresentation of FDIC insurance. In that regard, as a result of one of our cases this period, a foreign currency trader pleaded guilty to wire fraud after being indicted for multiple counts of wire fraud and two counts of forgery and counterfeiting official seals of the United States, including the FDIC logo. Ongoing work included an audit related to the challenges faced by the FDIC and the efforts taken to identify, assess, and address risks posed to FDIC institutions and consumers from predatory lending practices.

STRATEGIC GOAL 4

RECEIVERSHIP MANAGEMENT: Help Ensure that the FDIC is Ready to Resolve Failed Banks and Effectively Manages Receiverships

We reported that with respect to the Corporation’s Board-approved $31.8 million asset servicing technology enhancement project (ASTEP), the project management team developed planning documents and implemented activities that complied with project management guidance in line with the status of the project. We recommended that as the project advanced and was re-baselined, strengthening project management controls would facilitate decision-making and help ensure ASTEP met user needs effectively and efficiently. Other audit work determined that the Corporation established and implemented an effective system for tracking and recovering unclaimed deposits. We also achieved investigative results in concealment of assets investigations, as evidenced in one successful case where the former Chief Executive Officer of Sunbelt Savings Bank was convicted on all 27 counts of an indictment charging him with mail fraud, false statements, concealment of assets, and money laundering. He was also subject to more than $2 million in cash forfeitures. We continued coordination with the Division of Resolutions and Receiverships, the Legal Division, and Department of Justice on such cases.

STRATEGIC GOAL 5

RESOURCES MANAGEMENT: Promote Sound Governance and Effective Stewardship of Financial, Human, IT, and Procurement Resources

We issued a number of audit reports resulting in positive benefits to the FDIC, for example, strengthening the Corporation’s privacy program for protecting personal employee information; establishing a more effective discrimination complaint resolution process; improving internal control and contracting approaches to save money and ensure optimum performance on the FDIC’s consolidated facilities management contract; enhancing wireless security policies and procedures and restricting access to critical software programs designed to safeguard wireless communications; and strengthening the FDIC’s certification and accreditation program to better secure corporate operations and assets. We continued ongoing work related to the corporate emergency operations plan, contract administration, and the Federal Information Security Management Act. We also continued efforts to ensure employee integrity and heighten awareness of unacceptable or unethical behavior as evidenced by success in investigating a former FDIC intern’s conspiracy to commit bank fraud and identity theft of FDIC employees. The former intern was sentenced to 60 months’ imprisonment and ordered to make restitution of over $630,000.

STRATEGIC GOAL 6

OIG INTERNAL PROCESSES: Continuously Enhance the OIG’s Business and Management Processes

We strengthened our focus on strategically planning OIG work, resulting in issuance of our fiscal year 2006 Assignment Plan and our 2006 Business Plan, which combines our strategic plan and performance plan. These plans unify, guide, and integrate OIG activities in pursuit of our six strategic goals. We began the process of developing performance goals and key efforts for fiscal years 2007/2008, to continue building on this strategic framework. We promoted effective stakeholder relationships and information-sharing by way of OIG Executive meetings with FDIC Executives; presentations at FDIC Audit Committee meetings; Congressional interaction; and coordination with financial regulatory OIGs, other members of the Inspector General community, and the Government Accountability Office. We reviewed and/or commented on eight proposed corporate policies (e.g., Employee Rights and Responsibilities under the Privacy Act of 1974 and Encryption and Digital Signatures for Electronic Mail) and two draft legislative documents and regulations. We focused on continuously enhancing the OIG’s business and management processes by strengthening the OIG’s human capital practices, taking steps to better ensure the quality of OIG activities and products, and investing in cost-effective and secure IT to improve performance and productivity.

SIGNIFICANT OUTCOMES
(October 2005 – March 2006)
Audit and Evaluation Reports Issued 11
Questioned Costs/Funds Put to Better Use $4.9 million
Nonmonetary Recommendations 34
Investigations Opened 26
Investigations Closed 37
OIG Subpoenas Issued 17
JUDICIAL ACTIONS:
Indictments/Informations 31
Convictions 15
Arrests 20
OIG INVESTIGATIONS RESULTED IN:
Fines of $73,900
Restitution of $9,242,037
Other Monetary Recoveries $3,496,064
Total $12,812,001
Cases Referred to the Department of Justice (U.S. Attorney) 30
Cases Referred to FDIC Management 2
OIG Cases Conducted Jointly with Other Agencies 94
Hotline Allegations Referred 54
Proposed Regulations and Legislation Reviewed 2
Proposed FDIC Policies Reviewed 8
Responses to Requests and Appeals under the Freedom of Information Act 3

Strategic Goal 1 - Supervision: Assist the FDIC to Ensure the Nation’s Banks Operate Safely and Soundly

Bank supervision is a cornerstone of the FDIC’s efforts to ensure stability and public confidence in the nation’s financial system. As of March 31, 2006, the FDIC was the primary federal regulator for 5,245 FDIC-insured, state-chartered institutions that were not members of the Federal Reserve System (generally referred to as “state nonmember” institutions). Other banks and thrifts are supervised by the Department of the Treasury (the Office of the Comptroller of the Currency and the Office of Thrift Supervision) or the Federal Reserve Board depending on the institution’s charter. While the number of institutions where the FDIC is the primary federal supervisor showed a steady decline over the past 4 years, the dollar value of assets held by those institutions showed a steady increase during the same period.

The FDIC performs safety and soundness, information technology (IT), trust, and other types of specialty examinations of FDIC-supervised insured depository institutions. The majority of the states participate with the FDIC in an examination program under which certain examinations are performed on an alternating basis by the state regulators and the FDIC. The examinations are conducted to assess an institution’s overall financial condition, management practices and policies, and compliance with applicable laws and regulations. The Corporation also has back-up examination authority to protect the interests of the deposit insurance funds for national banks, state-chartered banks that are members of the Federal Reserve System, and savings associations.

The banking industry has taken on added complexity in the past decade, which can be attributed to the consolidation of the industry, the impact of globalization, and the development of increasingly complex investment strategies available to banks. This has led bank regulators, both domestically and internationally, to devise new standards for bank capital requirements commonly referred to as Basel IA and Basel II. The FDIC has been engaged with other bank regulators in developing new standards and assessing the potential impact on bank safety and soundness.

In addition, the FDIC is faced with developing and implementing programs to minimize the extent to which the institutions it supervises are involved in or victims of financial crimes and other abuse. Bank governance practices are important safeguards against fraud and other abuses, and the FDIC has issued guidance to banks about governance expectations, including adherence to requirements in the Sarbanes-Oxley Act for publicly traded financial institutions. In its role as supervisor, the FDIC also analyzes data security threats, occurrences of bank security breaches, and incidents of electronic crime that involve financial institutions. As part of safety and soundness examinations, the FDIC ensures that the institutions comply with the regulatory reporting requirements of the Bank Secrecy Act.

The FDIC has to facilitate the effective implementation of regulatory reporting requirements without imposing any undue regulatory burden. As more and more laws are passed, and new regulations are adopted to implement those laws, it is incumbent upon policy makers and regulators to ensure that the intended benefits justify the considerable costs. The regulators need to take stock periodically of the cumulative effect of all regulatory requirements on the industry. Pursuant to the Economic Growth and Regulatory Reduction Act of 1996, the FDIC and other bank regulators have been reviewing regulations in order to identify outdated or otherwise unnecessary regulatory requirements imposed on insured depository institutions.

The OIG’s role under this strategic goal is conducting audits and evaluations that review the effectiveness of various FDIC programs aimed at providing continued stability to the nation’s banks. The OIG also conducts investigations of fraud at FDIC-supervised institutions; fraud by bank officers, directors, or other insiders; obstruction of bank examinations; fraud leading to the failure of an institution; fraud impacting multiple institutions; and fraud involving monetary losses that could significantly impact the institution.

2006 Performance Goals: To assist the FDIC to ensure the nation’s banks operate safely and soundly, the OIG will

Evaluate the effectiveness of the FDIC’s supervision program, and
Evaluate and assist FDIC efforts to detect and prevent bank secrecy violations, fraud, and financial crimes in FDIC-insured institutions.


OIG Work in Support of Goal 1

The OIG’s Office of Investigations is a driving force in combating fraud that occurs at or impacts financial institutions. The perpetrators of such crimes can be those very individuals entrusted with governance responsibilities at the institutions—directors and bank officers. In other cases, individuals providing professional services to the banks, others working inside the bank, and customers themselves are principals in fraudulent schemes. Such schemes may involve financial institution fraud, mortgage fraud, and obstruction of examinations.

The following cases from the reporting period are illustrative of the OIG’s success in pursuing Strategic Goal 1 during the reporting period.

Restitution and Incarceration Ordered for Former
Community Bank Executives and Excavating Contractor

"Today’s order of restitution is designed to compensate the bank for the harm caused by these defendants. We will take every step possible to recover all available monies for the victim, Community Bank" stated United States Attorney Alice H. Martin. "Justice has prevailed."

On January 30, 2006, in the U.S. District Court for the Northern District of Alabama, the former chief executive officer (CEO) of Community Bank and the former Community Bank vice president were ordered to pay a total of $1,776,974 in restitution to Community Bank. On January 26, 2006, the owner of J&M Materials, an excavating company that provided contract services to Community Bank, was ordered to pay $238,235 and was sentenced to 21 months’ incarceration. The former vice president was sentenced to 28 months’ incarceration at that time. The former CEO had been sentenced to 60 months’ incarceration in December 2005.

By way of background, a jury convicted the three defendants on several counts of conspiracy, bank fraud, and causing false entries in bank records. The former CEO was also convicted of filing false income tax returns.

The contractor and other subcontractors performed construction services on a 17,000- square foot house that the former CEO was constructing at Heritage Valley Farms and then submitted invoices to Community Bank for those services. The former vice president approved those fraudulent invoices and caused Community Bank to pay in excess of $1.9 million to the contractor and other subcontractors, primarily to fund construction at Heritage Valley Farms. The scheme also resulted in use of Community Bank funds for construction services at other locations owned by the former CEO and his family.

Joint investigation by the FDIC OIG, the Federal Bureau of Investigation (FBI), and the
Internal Revenue Service Criminal Investigation Division, based on a referral from the Division
of Supervision and Consumer Protection (DSC); prosecuted by trial attorneys from the
Department of Justice, Washington, D.C.

Former President of Hawkeye State Bank Ordered
to Pay $3.6 Million in Restitution

In February 2006, the former president and CEO of Hawkeye State Bank (HSB), Iowa City, Iowa, was ordered to pay $3,676,651 in restitution by the U.S. District Court for the Southern District of Iowa. His restitution order was based on his stipulating to having caused $4.9 million in losses charged off by HSB. The defendant earlier pleaded guilty to a twocount information charging him with theft, embezzlement, or misapplication by a bank officer or employee, and engaging in monetary transactions in property derived from specified unlawful activity. He was sentenced to 65 months’ incarceration and 5 years’ supervised release.

Between June 2001 and November 2002, the defendant, who also served as the principal loan officer and was officer of record for 60 percent of the bank’s loan portfolio, engaged in a series of illegal transactions involving both legitimate and bogus accounts at HSB. He used unrelated customer accounts to meet his personal cash flow needs, shifted funds between accounts to hide delinquencies, approved loans to unworthy customers, and issued loans to fictitious entities. The investigation identified 56 separate instances of misapplication of funds totaling over $11 million. In 20 instances, funds were deposited to accounts held by the defendant or his wife, or used directly for his personal use. These 20 transactions totaled in excess of $1 million. Many of the bogus loans were written off by HSB, and both the defendant and the government agree that the actual loss ranges between $2.4 and $4.9 million. The information specifically charged the defendant with depositing a $525,000 cashier’s check from a fraudulent loan into his personal account and later withdrawing the funds to purchase property in Missouri.

Joint investigation by the FDIC OIG and the FBI, based on a referral from DSC;
prosecuted by the U.S. Attorney’s Office for the Southern District of Iowa.

Former Director and Former President of Bank of
Alamo and Bank Customers Indicted on Bank Fraud Charges

On March 22, 2006, in the U.S. District Court for the District of Tennessee, the former director and chairman of the Bank of Alamo, the former president and CEO of the Bank of Alamo, and four Bank of Alamo customers were indicted on charges of conspiracy, money laundering, and bank fraud. Special Agents from the FDIC OIG and FBI arrested the defendants a day after the indictment.

The former bank officials, aided by the bank customers, made and caused to be made false and fraudulent statements in the books and records of the bank. These false statements were made to cover up loans made to one of the customers in excess of the bank’s legal lending limit and to conceal from the FDIC and the state regulators the true financial condition of the Bank of Alamo.

The indictment also alleges that the books and records of the bank reflected that loans from the bank were being made to two of the customers when, in fact, the loans were being made at the direction, and for the benefit, of another. As further alleged, all of the named defendants fraudulently obtained loans from a number of other institutions.

The Bank of Alamo was closed in November 2002 and FDIC was named receiver.

Joint investigation by the FDIC OIG and the FBI, with assistance from the
Division of Resolutions and Receiverships (DRR); prosecuted by the
U.S. Attorney’s Office for the Western District of Tennessee.

Former Senior Vice President and Chief Financial Officer
Admits Guilt in Hamilton Bank Investigation

During the reporting period, the former senior vice president of Hamilton Bank (Hamilton), who was also the chief financial officer of Hamilton’s holding company, Hamilton Bancorp (Bancorp), Miami, Florida, pleaded guilty to one count of securities fraud and one count of obstruction of a formal agency proceeding of a second superseding indictment filed on September 6, 2005.

As part of his plea agreement, the defendant admitted to disseminating materially false and misleading financial information to Fidelity Management and Research Company, Inc. (Fidelity) in an effort to induce Fidelity to purchase Bancorp common stock. He also admitted to making false statements to the Office of the Comptroller of the Currency (OCC) in a sworn deposition while the OCC was involved in a formal order of investigation.

Also in connection with this case, the former Hamilton Bank President earlier pleaded guilty to two counts of securities fraud.

Investigation by the FDIC OIG; prosecuted by the U.S. Attorney’s
Office for the Southern District of Florida.

Real Estate Frauds

The increased reliance by both financial institution and non-financial institution lenders on third-party brokers has created opportunities for fraud. Some of the rising mortgage fraud schemes include “property flipping.” Property flipping is best described as purchasing properties and artificially inflating their value through false appraisals. The artificially valued properties are then repurchased several times for a higher price by associates of the “flipper.” Often flipped properties are ultimately repurchased for 50-100 percent of their original value. These schemes victimize lenders as well as borrowers who are tricked into taking on loans that they would not qualify for otherwise on properties that are appraised over their value. Several investigations during the reporting period addressed fraudulent real estate schemes, as discussed below.

THREE INDICTED AND ARRESTED IN MORTGAGE FRAUD SCHEME
On March 7, 2006, a federal grand jury in the U.S. District Court for the Northern District of Texas returned a 14-count indictment against three business associates from Dallas, Texas.

The grand jury charged one of the defendants with one count of bank fraud, seven counts of wire fraud, and six counts of engaging in monetary transactions derived from specified unlawful activity. A second defendant was charged with one count of bank fraud and six counts of wire fraud. The third was charged with one count of wire fraud. Following the indictment, arrest warrants were issued and agents from the FDIC OIG and the FBI arrested two of the defendants on March 9, 2006. The third defendant self-surrendered on March 10, 2006.

The indictment alleges that the three associates devised a scheme to fraudulently obtain 21 mortgage loans totaling $3,220,550. The defendants used schemes commonly referred to in the mortgage industry as property flips, markups and kickbacks, and HUD swaps to facilitate the mortgage fraud. One of the mortgage companies impacted by this fraud scheme was Fremont Investment & Loan, an FDIC-supervised institution in Brea, California.

In each instance, one of the defendants convinced inexperienced real estate investors to stand in as straw borrowers and purchase the properties for fraudulently inflated sales prices. A second defendant, a loan officer, and the third, a mortgage broker, knowingly submitted false documentation to the lenders to enable the straw borrowers to qualify for the mortgage loans. Each of the straw borrowers received a financial inducement for participating in the fraud scheme. Fraudulent real estate appraisals were also submitted to the lenders to support the inflated sales prices of the properties.

Joint investigation by the FDIC OIG and the FBI; prosecuted by the
U.S. Attorney’s Office for the Northern District of Texas.

CO-DEFENDANT PLEADS GUILTY TO BANK FRAUD IN $2.16 MILLION REAL ESTATE FRAUD
On January 13, 2006, in the U.S. District Court for the Northern District of Texas, a businessman pleaded guilty to count two of an earlier indictment charging him with bank fraud and aiding and abetting. He admitted to defrauding Fremont Investment & Loan by causing a co-defendant to submit falsified loan documents to the institution in connection with a $287,777 loan.

As reported previously, the defendant and three others were indicted on September 7, 2005, in the U.S. District Court for the Northern District of Texas on seven counts of bank fraud, mail fraud, wire fraud, and conspiracy.

According to the indictment, from December 2002 through March 2004, the four men engaged in a real estate scheme to defraud various real estate lenders, buyers, and sellers, including Fremont Investment & Loan. Three of the defendants located single family residences and recruited straw purchasers and borrowers to purchase and finance the residences. Fraudulent loan documents were then submitted to the lenders in the name of the straw borrowers falsely indicating the down payment for the loans had been made by the borrowers. One of the defendants, as an employee of the title company, would release the loan proceeds early to the three others, who would then purchase cashier’s checks in the name of the straw borrowers for the requisite down payment. They all caused inflated loan amounts to be funded by mortgage lenders and financial institutions, and conspired to distribute the fraudulently obtained loan proceeds among themselves and others. Three of the defendants also executed contracts between their company, Better Homes of Dallas, and the straw borrowers, stating the company would be responsible for the loans, but they later failed to fulfill their contract.

Joint investigation by the FDIC OIG and the FBI; prosecuted by the
U.S. Attorney’s Office for the Northern District of Texas.

Other Successful Investigative Outcomes

GUILTY PLEAS IN THE FAILURE OF UNIVERSAL FEDERAL SAVINGS BANK
On March 16, 2006, in the U.S. District Court for the Northern District of Illinois, Universal Federal Savings Bank’s (Universal) former chief operations officer (COO) pleaded guilty to one count of bank fraud. Her brother, a certified public accountant and principal in a now-defunct business, earlier pleaded guilty to aiding and abetting a false entry in the books of a bank. The guilty pleas are the result of an indictment filed in January 2005 concerning the activities surrounding the failure of Universal, a Chicago, Illinois, bank on June 27, 2002.

As previously reported, the indictment alleged that a Universal customer conspired with Universal’s COO to misapply the financial institution’s funds and to make a false entry in a book, report, or statement of or to Universal.

The bank customer wrote insufficient funds checks (NSF checks) and deposited those NSF checks in Universal’s correspondent account at ANB. After receiving immediate credit and availability of those funds, he withdrew some or all of the funds, and then covered the previous NSF checks plus the withdrawn funds by depositing even larger amounts of NSF checks. This cycle continued almost daily for more than 6 months. During the conspiracy, the bank customer made approximately 138 deposits at ANB that included NSF checks totaling more than $200 million.

Universal’s Chairman of the Board of Directors requested a review of the bank customer’s account activity and directed the former COO to provide copies of the fronts and backs of checks. In order to conceal the check-kiting scheme, the former COO and the bank customer agreed that the bank customer would alter the checks. The bank customer and the former COO’s brother, a certified public accountant and authorized signer on the account with the customer, falsified the backs of the account checks to conceal that they were deposited into Universal’s correspondent account at ANB. On or about June 20, 2002, the former COO knowingly provided the falsified check copies to the Chairman in furtherance of the conspiracy. About one week later, the check-kiting scheme was discovered and stopped. The scheme and conspiracy caused a loss in excess of $10 million, and Universal was forced to cease operations.

Joint investigation by the FDIC OIG and the FBI; prosecuted by the
U.S. Attorney’s Office for the Northern District of Illinois.

FORMER VICE PRESIDENT OF REPUBLIC BANK PLEADS GUILTY TO BANK FRAUD AND WIRE FRAUD
On March 27, 2006, the former vice president and loan officer of Republic Bank, Duluth, Minnesota, pleaded guilty to a two-count information charging him with one count of bank fraud and one count of wire fraud.

The information charged that the former vice president and loan officer originated a $120,000 nominee loan in his father-in-law’s name by compiling a loan package that included false financial and personal information about his father-in-law without his father-in-law’s knowledge. The defendant then presented the loan package to Republic Bank officials for loan approval and personally received all of the proceeds of the nominee loan.

The information further charged that the defendant committed wire fraud. He did so by inducing a widow to obtain a mortgage loan from Republic Bank with the promise that he would invest the proceeds of the mortgage in a safe investment that would provide her with a monthly income of over $900.

Joint investigation by the FDIC OIG and the FBI, based on a referral from DSC;
prosecuted by the U.S. Attorney’s Office for the District of Minnesota.

FORMER PRESIDENT OF MAURICEVILLE NATIONAL BANK PLEADS GUILTY TO BANK FRAUD
On March 22, 2006, the former president of Mauriceville National Bank (MNB), Mauriceville, Texas, entered a guilty plea in the U.S. District Court for the Eastern District of Texas to a one-count information charging her with misapplication of funds.

This investigation was initiated in May 2002 based on information initially reported in a Division of Resolutions and Receiverships (DRR) Failing Bank Report for the Chairman. The investigation revealed a $3.5 million check-kiting scheme perpetrated by a customer of the MNB, who was assisted by the former bank president, resulting in the near failure and subsequent sale of the bank.

On April 15, 2004, the customer pleaded guilty to a one-count information charging him with bank fraud. He was sentenced to 33 months’ incarceration and ordered to pay $3,374,256 in restitution to MNB for his involvement in the check-kiting scheme.

Joint investigation by the FDIC OIG and the FBI; prosecuted by the
U.S. Attorney’s Office for the Eastern District of Texas.

FORMER OFFICER OF FALCON INTERNATIONAL BANK PLEADS GUILTY TO BANK FRAUD
On November 8, 2005, a former assistant vice president in the accounting department of Falcon International Bank, Laredo, Texas, pleaded guilty in the U.S. District Court for the Southern District of Texas to a one-count information charging her with embezzlement/misapplication by a bank officer.

The investigation revealed that the defendant made false entries into the bank’s electronic accounting system and debited funds from six of the bank’s general ledger accounts. She then credited those funds to either her personal bank account or to bank accounts of friends and family members. She also coded the false entries as reversal of service charges in an attempt to disguise the illicit nature of the transactions. The investigation determined that the defendant began making false entries on or about February 13, 2003, and she continued her scheme through on or about December 3, 2004, resulting in approximately $106,768 in losses to the bank.

As part of the former assistant vice president’s plea agreement, she stipulated to an action under Section 8(e) of the Federal Deposit Insurance Act, which provides for a lifetime ban from banking.

Joint investigation by the FDIC OIG and the FBI; prosecuted by the
U.S. Attorney’s Office for the Southern District of Texas.

BANK CUSTOMER PLEADS GUILTY TO CONSPIRACY TO COMMIT BANK FRAUD
On November 30, 2005, a bank customer of the Bank of the Panhandle (BOP), Guymon, Oklahoma, and Production Credit Association (PCA) of Woodward, Oklahoma, now Farm Credit Western, pleaded guilty in the U.S. District Court for the Western District of Oklahoma to an information filed on November 9, 2005, charging him with one count of conspiracy to commit bank fraud.

The information alleged that from June 2000 and continuing through November 2002, the bank customer and an unindicted co-conspirator devised a scheme and fraudulently obtained three loans from PCA totaling $2,389,370 for the purchase of cattle. The information further alleged that the bank customer and the unindicted co-conspirator fraudulently obtained three loans from BOP totaling $642,655, in their names and through Gum Land & Cattle Co., Inc., to purchase Guymon Livestock Auction and to purchase cattle. The bank customer represented to PCA and BOP that the loan proceeds were being used to purchase cattle, although the proceeds were used for his own benefit and for the benefit of his businesses. To make it appear to PCA and BOP that he was buying and selling cattle, the bank customer and the unindicted co-conspirator held auctions at Guymon Livestock Auction, created fictitious buyer and seller invoices, and prepared checks to fictitious companies.

As a part of the bank customer’s plea agreement, he agreed to pay PCA $2,361,245 and BOP $366,930 in restitution.

Joint investigation by the FDIC OIG, U.S. Department of Agriculture OIG, and the FBI;
prosecuted by the U.S. Attorney’s Office for the Western District of Oklahoma.

FORMER EXECUTIVE VICE PRESIDENT OF IOWA-NEBRASKA STATE BANK FOUND GUILTY
On March 31, 2006, the former executive vice president of Iowa-Nebraska State Bank, South Sioux City, Nebraska, was found guilty in the U.S. District Court for the Northern District of Iowa, of making false entries in bank records. He was acquitted on charges that he personally benefited from the illegal transaction.

On April 23, 2003, the former executive vice president was indicted on charges that he knowingly made false entries into the records of Iowa-Nebraska State Bank. As a loan officer, the defendant originated an unsecured loan for $125,000 to a bank customer and falsely stated that the purpose of the loan was for “operating expenses” and “for the purchase (down payment) of video lottery machines” when in fact he knew that the borrower was going to transfer the loan proceeds back to him. The indictment also alleged that the former executive vice president used the proceeds of the loan for his personal benefit, including paying off his two daughters’ car loans.

Joint investigation by the FDIC OIG and the FBI, based on a referral from DSC;
prosecuted by the U.S. Attorney’s Office for the Northern District of Iowa.

FORMER PRESIDENT OF GARNAVILLO SAVINGS BANK SENTENCED IN BANK FRAUD SCHEME
On January 27, 2006, the former president of Garnavillo Savings Bank, Garnavillo, Iowa, was sentenced in the U.S. District Court for the Northern District of Iowa, to 21 months’ incarceration, to be followed by 3 years’ supervised release. He was also ordered to pay restitution in the amount of $157,000 to Garnavillo Savings Bank. His sentence resulted from an earlier guilty plea to a one-count information charging him with bank fraud.

The former bank president admitted to executing a scheme between 1996 and 2003 to embezzle funds of more than $157,000 from Garnavillo Savings Bank. Also, as part of his plea agreement, he stipulated to an action under 8(e) of the Federal Deposit Insurance Act, which provides for a lifetime ban from banking.

The OIG coordinated with the FDIC Legal Division regarding the order banning the former president from banking. The OIG coordinated with the FDIC Legal Division regarding the order banning the former bank president from banking.

Joint investigation by the FDIC OIG and the FBI, based on a referral from DSC; prosecuted
by the U.S. Attorney’s Office for the Northern District of Iowa.

FORMER BANK OFFICER SENTENCED FOR BANK FRAUD
On February 15, 2006, the former assistant vice president of Citizens Bank, Farmington, New Mexico, was sentenced in the District of New Mexico. She had earlier pleaded guilty to a one-count information charging her with bank fraud, and was sentenced to 15 months’ imprisonment to be followed by 60 months’ of supervised release. She was also ordered to pay $667,658 in restitution ($25,000 to Citizens Banks and $642,658 to the bank’s insurance bonding company). The defendant previously stipulated to an action under 8(e) of the Federal Deposit Insurance Act, which provides for a lifetime ban from banking.

The defendant admitted to submitting fraudulent debit and credit tickets, which caused funds to be credited to an inactive customer bank account. After the inactive account was credited with the funds, the defendant transferred the funds into her personal bank accounts. She continued her scheme by requesting cash from bank tellers and then submitting fraudulent debit and credit tickets to cover up and balance the transactions. This scheme continued through November 14, 2003, resulting in approximately $667,658 being fraudulently obtained from Citizens Bank.

Joint investigation by the FDIC OIG and the FBI; prosecuted by the
U.S. Attorney’s Office for the District of New Mexico.

FORMER VICE PRESIDENT OF BANK OF SIERRA BLANCA SENTENCED
On February 2, 2006, the former vice president of Bank of Sierra Blanca (BSB), Sierra Blanca, Texas, was sentenced in the U.S. District Court for the Western District of Texas. She earlier pleaded guilty to one count of bank fraud and two counts of misapplication by a bank officer, and was sentenced to 46 months’ incarceration, 5 years’ of supervised release, and ordered to pay restitution in the amount of $884,473 to the FDIC.

By way of background, on January 18, 2002, BSB was closed and the receiving bank, Security State Bank of Pecos, was renamed TransPecos Sierra Blanca Bank. As detailed in the indictment, from in or about 1995 until November 2001, the former vice president devised a scheme to fraudulently obtain money, funds, credits, assets, securities and other property owned by and under the control of BSB. The defendant admitted to abusing her position of trust within the bank by lying to bank personnel and customers, making false entries in bank records, and stealing bank money and credit. The defendant also admitted to concealing her activities by making false entries in the bank’s accounting system, creating a fictitious account under her control, and misapplying additional money and credit from other accounts of the bank and using those funds to replenish accounts victimized by previous thefts.

Joint investigation by the FDIC OIG and the FBI, based on information from DRR;
prosecuted by the U.S. Attorney’s Office for the Western District of Texas.

FORMER STATE OF MINNESOTA REPRESENTATIVE SENTENCED FOR FRAUD
On March 21, 2006, a former State of Minnesota Representative was sentenced in the U.S. District Court for the District of Minnesota to 48 months of incarceration. He was also ordered to pay $284,398 in restitution to Minnesota conservation funds and forfeit $248,398 to the U.S. government. The former representative was found guilty on two counts of mail fraud and one count of money laundering after a 2-week trial in July 2005.

The defendant served in the Minnesota House of Representatives from 1985 to 2002. During his tenure, he served as the chairman of the House Regulated Industries Committee, which oversaw legislation regarding utility companies. The defendant used his position to enact legislation permitting utility companies to use energy conservation funds for research and development projects. Once the legislation was enacted, he used his position to coerce the utility companies to pay $650,000 in grants to Northern Pole, a Minnesota corporation created to recycle old utility poles. The defendant had a significant equity stake in Northern Pole.

The former representative had a personal and business relationship with the former president of Town & Country (T&C) Bank of Almelund. The defendant met the former president as a borrower of the bank and developed a personal relationship when the former president worked on the defendant’s various election campaigns for public office. T&C Bank failed in July 2000, at which time the FDIC was appointed receiver. The bank’s failure resulted in an estimated loss of $3.4 million to the Bank Insurance Fund (BIF).

The defendant and the former president of T&C Bank devised a scheme whereby the former representative would invest in Northern Pole, a troubled creditor of T&C Bank. The scheme involved borrowing money from T&C Bank in the name of the defendant’s other businesses, diverting those funds to Northern Pole and other troubled creditors of the bank, and using State of Minnesota grant money to pay back the defendant’s debt service on the loans.

The former president of T&C Bank pleaded guilty in September 2003 to charges of bank fraud, money laundering, false bank entries, and conspiracy for his role in the fraud that led to T&C Bank’s failure. He has been cooperating in the investigation, and has not yet been sentenced.

Joint investigation by the FDIC OIG, the FBI, and the Internal Revenue Service–Criminal
Investigation Division; prosecuted by the U.S. Attorney’s Office for the District of Minnesota.

BANK BORROWER SENTENCED FOR BANK FRAUD
On October 3, 2005, a borrower at the State Bank of Belle Plaine, Belle Plaine, Minnesota, was sentenced in the District of Minnesota. She was sentenced to 5 months of community confinement and 5 months of home detention, both with work release privileges. She was also sentenced to 5 years’ supervised release and ordered to pay $107,614 in restitution to the State Bank of Belle Plaine. Her sentence was the result of her guilty plea to one count of bank fraud.

The defendant and her husband ran a family-owned trucking business. The business participated in the accounts receivable purchase loan program with the State Bank of Belle Plaine. The bank would advance funds based on the trucking company’s accounts receivable. From December 2001 until about March 2003, the defendant created and submitted fraudulent invoices causing the bank to advance funds. The bank advanced over $107,600 on false invoices. The defendant said she used the funds to keep the company operating.

Joint investigation conducted by the FDIC OIG, FBI, and U.S. Secret Service;
prosecuted by the U.S. Attorney’s Office for the District of Minnesota.

FORMER VICE PRESIDENT OF COLONY BANK AND FIVE DEFENDANTS
ARRAIGNED ON BANK FRAUD CHARGES

On January 25, 2006, the former senior vice president and loan officer of Colony Bank, Fitzgerald, Georgia, and four co-conspirators were arraigned on bank fraud charges in the Middle District of Georgia. The defendants were arrested on January 5, 2006, by Special Agents of the FDIC OIG and the FBI. The arrests were the result of a 13-count indictment charging the defendants with bank fraud and conspiracy to commit fraud.

The indictment alleges that the defendants conspired to defraud Colony Bank by filing false statements on loan applications, and they also diverted the loan proceeds to benefit two of the defendants involved. The indictment further alleges that one of the defendants, in his capacity as loan officer, originated over $2.3 million in fraudulent loans to his two brothers.

Joint investigation by the FDIC OIG and the FBI, based on information provided by the
Legal Division; prosecuted by the U.S. Attorney’s Office for the Middle District of Georgia.

Obstruction of Bank Examinations

The examination of the banks that it regulates is a core FDIC function. Through this process, the FDIC assesses the adequacy of management and internal control systems to identify, measure, and control risks; and bank examiners judge the safety and soundness of a bank’s operations. The intentional denial of accurate information to bank examiners undermines the integrity of this process. The OIG defends the vitality of the FDIC’s examination program by investigating allegations of criminal obstruction of bank examinations and by working with U.S. Attorneys’ Offices to bring these cases to justice. The following investigative case from the reporting period illustrates our efforts in obstruction of examination cases, in this instance, in connection with an examination conducted by the Office of Thrift Supervision (OTS).

BROKER SENTENCED IN OBSTRUCTION CASE
A San Clemente Securities, Inc. (SCS) broker was sentenced in the Northern District of Texas to 60 months’ probation, and 6 months’ home confinement. He was also fined $10,000. His sentence resulted from his earlier guilty plea to aiding and abetting the obstruction of an examination of a financial institution.

During July and August 1998, the OTS conducted an examination of Terrell Federal Savings and Loan (name later changed to Heritage). During the examination, the former president of Heritage was asked by OTS to confirm liquidation values of the nine zero-coupon certificates of deposit he had purchased from the defendant through SCS. The defendant prepared a spread-sheet purporting to represent present liquidation values for the certificates of deposit. He admitted he knew the values represented on the spread-sheet did not disclose or reflect the amounts of premiums that had been deducted by SCS from the amounts paid for the assets by Heritage. The defendant was aware that the former president of Heritage intended to communicate the stated values he was provided to the OTS.

Joint investigation by the FDIC OIG and the FBI; prosecuted by the
U.S. Attorney’s Office for the Northern District of Texas.

Ongoing Audit Work

An ongoing audit in the supervision area is determining whether the FDIC has established and implemented adequate procedures for addressing IT security risks at FDIC-supervised financial institutions that offer electronic banking products and services.


Strategic Goal 2 - INSURANCE: Help the FDIC Maintain the Viability of the Insurance Funds

FDIC deposit insurance remains a central component of the federal government’s assurance to the public that it can be confident in the stability of the Nation’s banks and savings associations. Since its establishment in 1933, the FDIC has insured deposits up to the legally authorized threshold, which presently stands at $100,000. For almost two decades following bank crises in the late-1980s and early 1990s, the FDIC managed two deposit insurance funds—one for banks and one for savings and loans. These funds, which are primarily an accumulation of premiums that insured depository institutions have paid the FDIC and interest earned, have been used to pay FDIC operating expenses and insured depositors, as necessary.

Legislation passed by the Congress on February 1, 2006, has changed how the FDIC manages deposit insurance. The legislation:

Merges the Bank Insurance Fund (BIF) and the Savings Association Insurance Fund (SAIF) into a single Deposit Insurance Fund.
Maintains deposit insurance coverage for individual accounts at $100,000, but provides for indexing for inflation every 5 years beginning in 2011.
Increases deposit insurance coverage for retirement accounts to $250,000 and provides for indexing for inflation every 5 years beginning in 2011.
Replaces the current Designated Reserve Ratio of 1.25 percent of estimated insured deposits by permitting the reserve ratio to move within a range of 1.15 percent to 1.50 percent of estimated insured deposits.
Generally requires the FDIC to provide cash rebates in amount equaling 50 percent of the amount in excess of the amount required to maintain the reserve ratio at 1.35 percent. Requires the FDIC to provide cash rebates in amount equaling the total amount in excess of the amount required to maintain the reserve ratio at 1.50 percent.
Provides financial institutions with a one-time transitional premium assessment credit based on the assessment base of the institution on December 31, 1996, as compared to the combined aggregate assessment base of all eligible depository institutions.

The Corporation is now working to implement the provisions of the new legislation.

As insurer, the FDIC must also evaluate and effectively manage how changes in the economy, the financial markets, and the banking system affect the adequacy and the viability of the deposit insurance funds. Financial instruments and transactions continue to become more complex, and the process of financial intermediation, even in smaller institutions, increasingly sophisticated. Further, the ongoing consolidation of the banking industry means that there are a few very large institutions that represent an increasingly significant share of the FDIC’s exposure. According to the Corporation, as of September 30, 2005, the ten largest FDIC-insured institutions accounted for 42 percent of deposits and 43 percent of the assets of all FDIC-insured institutions.

The OIG has a responsibility to evaluate the FDIC’s programs and operations to ensure that the agency has adequate information to gauge the risks inherent as financial institutions consolidate, enter into new business areas, and become more global.

2006 Performance Goals: In support of the overall strategic goal, to help the FDIC maintain the viability of the insurance funds, the OIG will

Evaluate corporate programs to identify and manage risks in the banking industry that can cause losses to the funds, and
Assess the management of the deposit insurance funds.


OIG Work in Support of Goal 2

The OIG’s Office of Audits issued one report and had two significant audits ongoing in the insurance area as of the end of the reporting period, as discussed below:

Consideration of Safety and Soundness Examination
Results and Other Relevant Information in the FDIC’s
Risk-Related Premium System

To assess deposit insurance premiums on financial institutions, the FDIC uses the Risk-Related Premium System (RRPS). The FDIC places each institution into one of nine assessment risk classifications using a two-step process based first on capital ratios (the Capital Group assignment) and then on safety and soundness examination results and other pertinent information (the Supervisory Subgroup assignment).

We conducted an audit during the reporting period and found that the RRPS-assigned Supervisory Subgroups are adequately tied to the results of examinations by the primary federal regulators and to other information relevant to the institutions’ financial condition. The FDIC adequately reviewed the appropriateness of the Supervisory Subgroups assigned by the RRPS and maintained adequate support for its decisions.

Capital Group assignments, however, are based solely on an institution’s financial reports unless an institution appeals its assessment. An

U.S. Capital Building
institution with a poor safety and soundness capital component rating can be assigned by the RRPS to the best Capital Group if it meets the definition of well capitalized in its financial reports as of the cutoff date for the assessment period.

We also found that the FDIC had performed analyses related to various aspects of deposit insurance, but had not updated its analysis supporting the basis points used to calculate premiums and assigned to the assessment risk classifications in the RRPS matrix. The FDIC’s analysis was limited to bank failures from 1988 to 1992 and did not include thrift failures due to significant changes in the supervision of the thrift industry. Since that time, the banking and supervisory environment has changed significantly, including the establishment of Prompt Corrective Action requirements. Consequently, the assessment rates for the deposit insurance funds may not be representative of trends based on more recent institution failures.

We recommended that the FDIC pursue regulatory and procedural revisions to permit Capital Group adjustments when capital is impaired. The FDIC partially concurred with the recommendation and is considering improvements to the assessment system that would reflect changes in an institution’s capital levels and CAMELS composite ratings more frequently than semiannually.

However, a change to the assessment regulations may still be warranted that would provide the FDIC with the discretion to reclassify an institution’s Capital Group for RRPS purposes when capital is considered impaired. We highlighted this matter for the FDIC Board of Directors’ consideration as it implements changes to the assessment system pursuant to deposit insurance reform legislation.

The report also recommended that the FDIC update the analysis supporting the basis points in the assessment rate matrix, present the updated analysis to the FDIC Board with recommendations for assessment rates, and establish a schedule for periodically updating the assessment rate analysis. The FDIC concurred with these recommendations.

Ongoing Work

THE FDIC RESERVE RATIO AND ASSESSMENT DETERMINATIONS
Historically, the FDIC maintained the BIF and SAIF by assessing institutions a semiannual premium based on the institution’s insured deposit amount and the degree of risk that the institution posed to its respective insurance fund. The Federal Deposit Insurance Act (Act) required the FDIC Board of Directors to set assessments only to the extent necessary to maintain the insurance funds at the designated reserve ratio of 1.25 percent of estimated insured deposits.

At the end of the reporting period, we had an audit ongoing to determine whether: (1) the Division of Insurance and Research accurately determines the funds’ reserve ratios and (2) the Division of Finance has adequate controls in place to ensure that the FDIC accurately calculates, collects, and processes assessments of financial institutions. We will report the results of this work in our upcoming semiannual report.

THE FDIC’S INDUSTRIAL LOAN COMPANY DEPOSIT INSURANCE APPLICATION PROCESS
Industrial Loan Companies (ILC) are FDIC-supervised depository institutions. ILCs are unique because they may be owned by commercial firms, and ILCs’ parent companies are not subject to consolidated regulatory supervision. As of September 2005, there were 59 ILCs with total assets of $141 billion.

We have an ongoing assignment that is evaluating the FDIC’s process for (1) reviewing, investigating, and approving ILC applications for deposit insurance and (2) monitoring business operations to ensure adherence to conditions imposed on ILCs and their business plans. Results of that work will be presented in our next semiannual report.


Strategic Goal 3 - CONSUMER PROTECTION: Assist the FDIC to Protect Consumer Rights and Ensure Community Reinvestment

The U.S. Congress has long advocated particular protections for consumers in relationships with banks. Federal fair lending and consumer protection laws, such as the Fair Housing Act, the Equal Credit Opportunity Act, Gramm-Leach-Bliley Act, the Fair Credit Reporting Act (FCRA) as amended by the Fair and Accurate Credit Transaction Act of 2003 (FACT Act), the Truth in Lending Act as amended by the Home Ownership and Equity Protection Act, and the Real Estate Settlement Procedures Act provide substantive protection to borrowers. These laws provide disclosure requirements, define high-cost loans, and contain anti-discrimination provisions. To help monitor the home lending market, the Federal Reserve and other bank regulators, such as the FDIC, collect and monitor loan data in accordance with the Home Mortgage Disclosure Act. Obtaining the data enables bank regulators, including the FDIC, to conduct efficient fair lending reviews and to make sure banks are providing equal access and pricing for loans regardless of a borrower’s racial or ethnic background or the borrower’s gender. The Congress has also enacted the Community Reinvestment Act (CRA) of 1977 to encourage federally insured banks and thrifts to help meet the credit needs of their entire community, including low- and moderate-income neighborhoods, consistent with safe and sound operations. The CRA requires federal bank regulators to assess each insured institution’s record of meeting these needs.

The FDIC oversees statutory and regulatory requirements aimed at protecting consumers from unfair and unscrupulous banking practices. The FDIC carries out its role by (1) providing consumers with access to information about their rights and disclosures that are required by federal laws and regulations and (2) examining the banks where the FDIC is the primary federal regulator to determine their compliance with laws and regulations governing consumer protection, fair lending, and community investment. A principal effort at consumer education has been the FDIC’s Money Smart program that aims to provide basic financial education skills to current and potential bank customers, often through alliances with government, charitable, and community development organizations.

The FDIC’s bank examiners conduct examinations in FDIC-supervised banks on a scheduled basis to determine the institutions’ compliance with laws and regulations governing consumer protection, fair lending, and community investment. When problem institutions are identified, primarily through the examination process, the FDIC attempts using reason and moral suasion to bring about corrective actions; however, the Corporation possesses broad enforcement powers to correct situations that threaten an institution’s compliance with applicable laws.

The OIG’s role under this strategic goal is to review the effectiveness of various FDIC programs aimed at protecting consumers, fair lending, and community investment. Additionally, the OIG’s investigative authorities are used to identify, target, disrupt, and dismantle criminal organizations and individual operations engaged in fraud schemes that target our financial institutions or that prey on the banking public.

2006 Performance Goals: To assist the FDIC to protect consumer rights and ensure community reinvestment, the OIG will

Evaluate the effectiveness of FDIC programs for protecting consumer privacy,
Review FDIC’s fair lending and community reinvestment examination programs, and
Strengthen enforcement against misrepresentations of deposit insurance coverage.


OIG Work in Support of Goal 3

Several audits completed and ongoing during the reporting period addressed important consumer protection matters. Investigative work related to protection of personal information and misrepresentation of deposit insurance complemented audit efforts in this strategic goal area, as described below.

Guidance to Institutions and Examiners for Implementing
GLBA Title V and the FACT Act

The privacy and security of consumer information in financial institutions is regulated by Title V of the Gramm-Leach-Bliley Act of 1999 (GLBA), the FACT Act, and the FCRA. The FACT Act made many substantive amendments to the FCRA and covers, for example, identity theft, consumers’ access to credit information, enhanced consumer report accuracy, and financial literacy. The statutes prescribe financial institutions’ responsibilities for protecting consumer information and sharing it with other entities.

In an audit conducted during the period, we concluded that the FDIC has established rules and regulations and issued adequate guidance to institutions and examiners for implementing the GLBA Title V provisions related to the privacy and security of consumer information. In contrast, some FACT Act provisions were still lacking rules and regulations.

Ten FACT Act provisions require compliance by FDIC-supervised institutions and rulemaking by the federal banking agencies, National Credit Union Administration (NCUA), or Federal Trade Commission. The FDIC, jointly or in coordination with the other federal banking agencies and NCUA, had completed the rulemaking process for two of the seven FACT Act provisions that require FDIC rulemaking. The Federal Trade Commission had completed rules and regulations for the three provisions for which it has rulemaking responsibility. The FACT Act did not designate a lead agency for the five remaining provisions requiring rules and regulations.

The lack of final rules and regulations could limit the effectiveness of the FACT Act and reduce assurance that institutions are taking steps to prevent identity theft to the extent intended by the Act. However, to some degree, the FDIC has mitigated that risk by issuing interim financial institution and examination guidance addressing all of the provisions that require such guidance.

We recommended that the FDIC finalize the interim examination guidance that addresses FACT Act provisions and develop, in coordination with the joint-agency rulemaking committee, a more aggressive project management plan to expedite the issuance of final rules and regulations for all FACT Act provisions. The FDIC concurred with the recommendations and stated that it is fully committed to, and was in the process of, developing and issuing financial institution and examination guidance.

Ongoing Work in the Consumer Protection Area

As of the end of the reporting period, we were finalizing an audit related to predatory lending. Such lending typically involves imposing unfair and abusive loan terms on borrowers, and statistics show that borrowers lose more than $25 billion annually due to predatory practices. Predatory lending can be detrimental to consumers and increases the financial and reputational risk for financial institutions. Characteristics potentially associated with predatory lending include, but are not limited to, (1) abusive collection practices, (2) balloon payments with unrealistic repayment terms, (3) equity stripping associated with repeat refinancing and excessive fees, and (4) excessive interest rates that may involve steering a borrower to a higher-cost loan.

The objective of our audit was to determine the challenges faced and the efforts taken by the FDIC to identify, assess, and address the risks posed to FDIC-supervised financial institutions and consumers from predatory lending practices. We also gained an understanding of the steps taken by the other federal banking regulators to address predatory lending. We will report the results of our work in our next semiannual report to the Congress.

Four additional assignments were ongoing to address the following:

Examination coverage of third-party servicers’ protection of confidential information,
DRR’s protection of personal information collected and maintained from resolution and receivership functions,
Whether the FDIC adequately addresses compliance violations reported in examinations to ensure FDIC-supervised institutions take appropriate corrective action, and
Examiner use of Home Mortgage Disclosure Act information.
OIG Investigations Seek to Thwart Identity Theft

Despite congressional efforts, regulations promulgated by federal agencies such as the FDIC, and added emphasis by law enforcement, identity theft is becoming more sophisticated and the number of victims is growing.

Social Security Card

Identity theft includes using the Internet for new crimes such as “phishing” e-mails and “pharming” Web sites that attempt to trick people into divulging their private financial information by pretending to be legitimate businesses or government entities with a need for the information that is requested. As referenced above, certain OIG audits and evaluations are designed to focus on these issues and determine the effectiveness of the FDIC’s strategies and its implementation of programs and activities to protect consumer privacy. OIG criminal investigations expose those who illegally seek and use stolen identifications from the FDIC or FDIC-supervised banks and their affiliates and bring them

to justice. Examples of such investigative work conducted during the reporting period follow.

ELECTRONIC CRIMES UNIT RESPONDS TO
PHISHING SCAMS INVOLVING THE FDIC AND OIG

The OIG’s Electronic Crimes Unit (ECU) responded to three incidents involving phishing scams using a spoof of either the FDIC or OIG Web site as part of the scams. In one case, a Web site was mirroring the FDIC public Web site. The ECU obtained a forensic image of the mirror Web site and is investigating the effect of the mirror Web site and the identity of the individual operating the Web site. The mirror Web site is no longer active.

In another incident, an e-mail from an address using the letters “fdic” attempted to solicit confidential information from financial institutions. The ECU subpoenaed MSN Hotmail and is continuing efforts to determine the identity of the individual using the e-mail address and from where the account was accessed. Initial results indicate that the e-mail account was accessed from western Africa, possibly Nigeria.

Finally, the ECU responded to a phishing scam in which the FDIC OIG Web site was spoofed in an effort to solicit confidential information. The e-mails and correspondence replicated portions of the FDIC OIG Web site and included the name of the Deputy Inspector General and other FDIC executives. The fraudulent e-mails and fax correspondence requested that the recipients apply for the issuance of clearance documents and insurance coverage to facilitate the release of funds. They were designed to look like a page from the FDIC OIG’s actual Web site.

In response, the ECU and the OIG prepared a consumer alert and placed it on the FDIC OIG Web site, warning visitors of the phishing scam and referencing information on the FDIC’s Web site at http://www.fdic.gov/consumers/consumer/alerts/index.html.

In addition, the ECU made contact with individuals who received either the fraudulent e-mail or the faxes and the ECU is continuing efforts to determine where the e-mail and faxes originated.

Misrepresentation of FDIC Insurance

Past OIG investigations have identified multiple schemes to defraud depositors by offering them misleading rates of return on deposits. These abuses are effected through the misuse of the FDIC’s name, logo, abbreviation, or other indicators suggesting the products are fully insured deposits. Such misrepresentations induce the targets of schemes to invest on the strength of FDIC insurance while misleading them as to the true nature of the investment products being offered. These depositors, who are often elderly and dependent on insured savings, have lost millions of dollars in the schemes. Depositors may be particularly attracted to these misrepresented investments in our current economy when interest paid on insured deposits is historically low and uninsured investments can put an investor’s principal at substantial risk. Further, abuses of this nature may erode public confidence in federal deposit insurance. Some of our past semiannual reports to the Congress provide information on cases that have been successfully investigated involving these types of misrepresentations, including one case of $9.1 million worth of certificates of deposit misrepresented to about 90 investors, most of whom were elderly.

The FDIC currently has no direct enforcement authority over these misrepresentations. The FDIC may, of course, generally address misconduct occurring in state chartered banks where the FDIC is the primary federal regulator, but the abuses described above generally were perpetrated outside of that system.

The OIG has proposed strengthening the FDIC’s enforcement authority to curtail these abuses by granting the FDIC the authority to impose civil monetary penalties of up to $1 million per day on any person who falsely represents the nature of the product offered or the FDIC insurance coverage available. Section 615 of the Financial Services Regulatory Relief Act (H.R. 3505) contains such provisions. It passed the House of Representatives on March 8, 2006 and has been sent to the U.S. Senate for consideration.

An example of one of our successful cases related to misuse of the FDIC logo follows.

Misuse of FDIC Logo

FOREIGN CURRENCY TRADER PLEADS GUILTY TO WIRE FRAUD
On February 17, 2006, in the Southern District of Florida, a foreign currency trader pleaded guilty to one count of wire fraud. The defendant was previously indicted on 11 counts of wire fraud and 2 counts of forging and counterfeiting official seals of the United States, including the logo of the FDIC. The defendant was to remain in custody until his sentencing scheduled for April 27, 2006.

The indictment to which the defendant pleaded guilty alleged that from April 1999 through June 2003, he fraudulently obtained $8.1 million from approximately 145 investors. The defendant, an illegal immigrant, is a citizen of Venezuela and raised all of his money from investors in Venezuela. The defendant solicited investors by representing that he had exceptional investment expertise and success. He promised approximately 145 investors that they would earn a monthly return of 3 percent or 36 percent per annum on their investment. Although the defendant did trade some currency through brokers in New York and London, his actions rapidly became a Ponzi Scheme and the scheme began to collapse under its own weight.

When investors became suspicious and began asking for the return on their capital, the defendant falsely advised them, directly and through his employees and associates, that he was unable to return their investments because the FDIC had allegedly “frozen” his funds pursuant to the USA PATRIOT Act, and as soon as his case was settled, he would return to each investor the money they demanded. In support of this story, the defendant downloaded from the Financial Crimes Enforcement Network, Department of the Treasury Web site, an assessment of civil money penalty order involving Great Eastern Bank of Florida, an FDIC-supervised institution in Miami, Florida. The defendant then replaced Great Eastern Bank’s letterhead with his own name, added the FDIC logo and seal to the document, and furnished a copy of the fraudulent document to each of his victims.

Joint investigation by the FDIC OIG and FBI; prosecuted by the U.S. Attorney’s Office for
the Southern District of Florida.

ECU RESPONDS TO ALLEGATIONS OF BANKS FALSELY ADVERTISING FDIC INSURANCE
During the reporting period, the FDIC’s Computer Security Incident Response Team reported two incidents of Web sites of financial institutions located outside the United States that advertised FDIC insurance. In both cases, the banks were not FDIC-insured institutions. The OIG’s ECU contacted the Internet service provider that hosted the Web sites and informed the provider that it was illegal to falsely advertise FDIC insurance. In both cases, the Web sites were immediately deactivated.


Strategic Goal 4 - RECEIVERSHIP MANAGEMENT: Help Ensure that the FDIC is Ready to Resolve Failed Banks and Effectively Manages Receiverships

When a bank that offers federal deposit insurance fails, the FDIC fulfills its role as insurer by either facilitating the transfer of the institution’s insured deposits to an assuming institution or by paying insured depositors directly. Specifically, the FDIC’s DRR mission is to plan and efficiently handle the resolutions of failing FDIC-insured institutions and to provide prompt, responsive, and efficient administration of failing and failed financial institutions in order to maintain confidence and stability in the financial system.

Once an institution is closed by its chartering authority—the state for state-chartered institutions, OCC for national banks, and OTS for federal savings associations—the FDIC is responsible for resolving the failed bank or savings association. The FDIC begins the resolution process with an assessment of the assets and liabilities of the institution. Using this information, DRR solicits proposals from approved bidders to pass the insured deposits to an assuming bank and expedite the return of assets to the private sector. Once the FDIC is appointed receiver, it initiates the closing process for the failed institution and works to provide the insured depositors with access to their accounts in 1 or 2 business days. To accomplish this, the FDIC works with the assuming institution so that the insured deposit accounts are transferred to the assuming institution as soon as possible.

If no assuming institution is found during the resolution process, the FDIC disburses to customers of the failed institution the insured amount in each account category. The FDIC, as receiver, manages the receivership estate and the subsidiaries of failed financial institutions with the goal of achieving an expeditious and orderly termination.

Since the FDIC’s inception over 70 years ago, no depositor has ever experienced a loss of insured deposits at an FDIC-insured institution due to a failure. Today record profitability and capital in the banking industry have led to a substantial decrease in the number of financial institution failures and near failures than were experienced in prior years. In fact, 2005 was the first year in the FDIC’s history where no institution has failed and there have been no failures in 2006 to date. Although there have been far fewer failures in recent years than occurred during the years of crisis in the banking industry, the FDIC’s responsibility for resolving troubled institutions remains a challenge. The FDIC reports that failures in today’s economy would differ in nature, size, and cost from the record failures of the 80s and early 90s. Nonetheless, the FDIC could potentially have to handle a failing institution with a significantly larger number of insured deposits than it has had to deal with in the past or have to handle multiple failures caused by a single catastrophic event.

The OIG’s role under this strategic goal is conducting audits and evaluations that assess the effectiveness of the FDIC’s various programs designed to ensure that the FDIC is ready to and does respond promptly, efficiently, and effectively to financial institution closings. Additionally, the OIG investigative authorities are used to pursue instances where fraud is committed to avoid paying the FDIC civil settlements, court-ordered restitution, and other payments as the institution receiver.

2006 Performance Goals: To help ensure the FDIC is ready to resolve failed banks and effectively manages receiverships, the OIG will:

Evaluate the FDIC’s plans and systems for managing bank failures, and
Assist the FDIC in recovering financial losses from individuals fraudulently concealing assets.


OIG Work in Support of Goal 4

Work done by both our Office of Audits and our Office of Investigations during the reporting period addressed the challenges that the Corporation faces in the receivership management area, as discussed below.

Audit of ASTEP

When an institution fails, one of the FDIC’s critical functions is to manage and liquidate all of the institution’s assets. The Corporation’s existing asset servicing environment comprises a complex system of external, interim, and internal (in-house) servicing capabilities. The in-house technology consists of aging and highly customized commercial off-the-shelf software and internally developed applications that fulfill specific business functions. The purpose of the Corporation’s Asset Servicing Technology Enhancement Project (ASTEP) is to modernize the asset servicing function and align the processes performed under this function with industry best practices. ASTEP is intended to allow the FDIC to maximize the use of commercially available software products to integrate as much of the asset servicing function as possible and to provide the FDIC with a variety of vendor sourcing options.

During the reporting period, KPMG LLP conducted an audit on our behalf to determine whether the FDIC has established an adequate project management control framework for ensuring the delivery of ASTEP in a timely and cost-effective manner to meet corporate requirements and user needs. KPMG reported that the ASTEP project management team developed planning documents and implemented various activities that generally complied with the FDIC’s project management guidance and that the project team considered commensurate with the status of the project. That is, during the initiation phase of ASTEP, the project management team performed business case analyses to identify benefits and improvements to the current system of asset servicing and developed a project work plan identifying activities to complete associated milestones. During the planning phase for system development, the project team also developed project charters that defined the goals and objectives for various project teams’ functions and a project governance structure that described support functions to manage system development activities. Additionally, the project team developed acquisition strategy, communications, risk management, and configuration management plans.

We reported that as the project entered the execution phase for system development and was re-baselined, strengthening the project management controls would facilitate decision making and monitoring and help ensure that ASTEP meets the needs of its users within schedule and budget requirements.

In that regard, KPMG recommended that as part of project re-baselining efforts, the FDIC:

fully document the costs and benefits of the ASTEP solution selected, and
enhance the ASTEP planning process to address the areas of improvement discussed in the report to achieve greater compliance with the FDIC Project Management Guide and to provide greater assurance of ASTEP success.

Management agreed with the recommendations and has either initiated or plans to initiate corrective actions.

Audit of Efforts to Recover Unclaimed Deposits

The 1993 Unclaimed Deposits Amendment Act (UDAA) gives account owners 18 months to claim their deposits after the failure of a financial institution. At the end of the 18-month period, the FDIC transfers unclaimed deposits for failed FDIC-insured financial institutions to the appropriate state unclaimed property agency of the owner’s last known address. The state maintains custody of the funds in accordance with its unclaimed property laws for 10 years from the date the FDIC transferred the funds. After the 10-year holding period, state unclaimed property agencies must return any unclaimed funds to the FDIC.

We conducted an audit to determine whether the FDIC has adequate systems in place to accurately track and obtain the recovery of unclaimed deposits. We determined that overall, the FDIC has established and implemented an effective system for tracking and recovering unclaimed deposits transferred to state unclaimed property agencies. DRR has ensured that unclaimed deposits transferred under the UDAA are properly documented, monitored, and recovered in a timely manner. We made no recommendations in the report.

Office of Investigations Pursues Concealment of Assets Cases

The FDIC was owed more than $1.7 billion in criminal restitution as of March 31, 2006. In most instances, the individuals do not have the means to pay. However, a few individuals do have the means to pay but hide their assets and/or lie about their ability to pay. The OIG’s Office of Investigations (OI) works closely with DRR and the Legal Division in aggressively pursuing criminal investigations of these individuals. As of March 31, 2006, concealment of assets cases constituted 12 percent of OI’s caseload. The results of one such significant case are described below.

FORMER CEO OF SUNBELT SAVINGS CONVICTED
On January 31, 2006, after a week-long trial, the former CEO of the now defunct Sunbelt Savings and Loan of Dallas, Texas, was convicted on all 27 counts of a superseding indictment that charged him with 6 counts of mail fraud, 11 counts of making false statements, 9 counts of concealing assets from the FDIC and one count of money laundering. At a separate hearing, the court found that the former CEO was subject to $2,054,366 in cash forfeitures.

According to the indictment, since July 1993, the former CEO engaged in a scheme to defraud the FDIC of its payments under a $7.5 million restitution order and an $8.5 million civil judgment by creating a trust, known as Oslin Nation Trust. He allegedly concealed earnings from his business, and paid his personal expenses, legal, and accounting fees, and income payable to him by causing it to be paid directly to the trust.

The indictment also alleged that the former CEO made false monthly reports to the U.S. Probation Office in order to conceal hundreds of thousands of dollars from the FDIC to avoid the requirements of the FDIC restitution order.

The former CEO pleaded guilty in 1990 to federal fraud charges in connection with the collapse of Sunbelt, which lost approximately $2 billion during the 1980s. In the criminal case against him, he was ordered to pay back $7.5 million to the FDIC and $8.5 million in a civil judgment. His plea agreement required him to relinquish a portion of his income to repay the obligation, with the percentage increasing as the income increased.

We investigated this case with assistance from the FDIC Legal Division. The U.S. Attorney’s
Office for the Northern District of Texas prosecuted the case.

Coordinating with DRR

Our Office of Investigations coordinates closely with the Corporation’s DRR, with special attention to various types of financial institution fraud and related crimes, including concealment of assets cases. During the reporting period, such coordination continued in both our headquarters and Dallas field sites, where OI staff met with DRR and the Legal Division’s Financial Crimes Unit. All criminal cases and referrals involving concealment of asset violations are further coordinated with the various U.S. Attorneys’ Offices.

In the case of bank closings where fraud is suspected, OI is prepared to send case agents and computer forensic special agents from the ECU to the institution. Their principal role is to provide computer forensic support to OI’s investigations by obtaining, preserving, and later examining evidence from computers at the bank.


Strategic Goal 5 -  RESOURCES MANAGEMENT: Promote Sound Governance and Effective Stewardship of Financial, Human, IT, and Procurement Resources

The FDIC must effectively manage and utilize a number of critical strategic resources in order to carry out its mission successfully, particularly its financial, human, IT, and procurement resources. The Corporation does not receive an annual appropriation, except for its OIG, but rather is funded by the premiums that banks and thrift institutions pay for deposit insurance coverage, the sale of assets recovered from failed banks and thrifts, and earnings on investments in U.S. Treasury securities.

The FDIC Board of Directors approves an annual Corporate Operating Budget to fund the operations of the Corporation. This budget provides resources for the operations of the Corporation’s three major programs or business lines—Insurance, Supervision, and Receivership Management—as well as its major program support functions (legal, administrative, financial, IT, etc.). Program support costs are allocated to the three business lines so that the fully loaded costs of each business line are displayed in the operating budget approved by the Board.

The FDIC’s separate Investment Budget is composed of individual project budgets approved by the Board of Directors for major investment projects. Budgets for investment projects are approved on a multi-year basis, and funds for an approved project may be carried over from year to year until the project is completed. A number of the Corporation’s more costly IT projects are approved as part of the investment budget process.

Financial resources are but one aspect of the FDIC’s critical assets. The Corporation’s human capital is also vital to its success. The Government Accountability Office (GAO) has reported that to attain the highest level of performance and accountability, an agency’s people are its most important aspect because they define the agency’s character and ability to perform. GAO identified four key human capital cornerstones for effective management of human capital: Leadership; Strategic Human Capital Planning; Acquiring, Developing, and Retaining Talent; and Performance Culture. The Corporation’s workforce is supplemented by various contracts which must also be overseen by the Corporation.

Information technology drives and supports the manner in which the public and private sector conduct their work. At the FDIC, the Corporation seeks to leverage IT to support its business goals and to improve the operational efficiency of its business processes. The financial services industry employs technology for similar purposes. Emerging technology is introducing new ways for insured depository institutions to deliver and manage traditional products and services, and, in some instances, to develop innovative offerings. Financial data is being exchanged at rapid speed and the business of banking is being greatly facilitated by modernization.

Along with the positive benefits that IT offers comes a certain degree of risk. In that regard, information security has been a long-standing and widely acknowledged concern among federal agencies. A key effort for all agencies must be the establishment of effective information security programs. Title II of the E-Government Act of 2002, entitled the Federal Information Security Management Act, requires each agency to develop, document, and implement an agency-wide information security program to provide adequate security for the information and information systems that support the operations and assets of the agency.

The OIG’s role in this strategic goal is to perform audits, evaluations, and investigations that

identify opportunities for more economical, efficient, and effective corporate expenditures of funds;
recommend actions for more effective governance and risk management practices;
foster corporate human capital strategies that benefit employees; strengthen employees’ knowledge, skills, and abilities; ensure employee and contractor integrity; and inspire employees to perform to their maximum capacity;
help the Corporation to leverage the value of technology in accomplishing the corporate mission and promote the security of both IT and human resources; and
ensure that procurement practices are fair, efficient, effective, and economical.

2006 Performance Goals: To promote sound governance and effective stewardship of FDIC strategic resources, the OIG will

Evaluate the Corporation’s efforts to fund operations efficiently, effectively, and economically.
Assess the Corporation’s human capital strategic initiatives to ensure a high-performing work-force that views the FDIC as an employer of choice and that stands ready to meet challenges in the banking industry.
Promote maximization of IT resources for efficiency and effectiveness and ensure IT and physical security to protect all FDIC resources from harm.
Evaluate the Corporation’s contracting efforts to ensure goods and services are fairly, efficiently, and economically procured.
Monitor corporate efforts to identify and analyze the FDIC risk environment and validate that a sound internal control environment is in place and working well.


OIG Work in Support of Goal 5

Much of our Office of Audits’ work was conducted in pursuit of this strategic goal during the reporting period, as shown in the following discussion. Audits and evaluations addressed important human capital issues, information security matters, and various aspects of corporate procurement activities. Additionally, investigations involving employee integrity issues and investigative work related to identity theft perpetrated upon FDIC employees contributed to positive results of OIG efforts to address Goal 5.

ODEO’s Complaint Resolution Process

The Office of Diversity and Economic Opportunity (ODEO) implements the discrimination complaint resolution process in accordance with Title 29 of the Code of Federal Regulations, Part 1614, Federal Sector Equal Employment Opportunity, effective November 9, 1999, which mandates specific time frames for federal agencies to process, investigate, and issue agency decisions on discrimination complaints.

We conducted a review as a follow-up to earlier evaluations of the FDIC’s Equal Employment Opportunity (EEO) discrimination complaint resolution process that we performed with the FDIC’s Office of Enterprise Risk Management (OERM), formerly the Office of Internal Control Management. The objective of our recent work was to evaluate the FDIC’s discrimination complaint resolution process and management of the FDIC’s formal complaint case load. Because of data reliability issues associated with ODEO’s case tracking system, we focused, instead, on ODEO’s conversion to a new complaint tracking system. We limited our scope to presenting, not validating, ODEO’s case processing statistics and ODEO’s perspective on the statistics.

We noted that ODEO’s overall average case processing time frames had increased by 39 percent since 1996 to 986 days, whereas other federal agencies had experienced a 24-percent increase in case processing time frames over this same period, averaging 469 days. Additionally, ODEO was without reliable data in its discrimination complaint case tracking system. The lack of a reliable case tracking system could hamper ODEO’s ability to effectively manage its complaint case load and to efficiently meet internal and external reporting requirements. Further, ODEO could not readily respond to ad hoc requests for information, and there was an increased vulnerability for reporting errors using manually gathered information.

We recommended that ODEO (1) develop a formal remediation plan to address data reliability of the case tracking system that establishes milestones and identifies appropriate and sufficient resources to complete the remediation in a timely and effective manner and (2) arrange for an independent follow-up review of ODEO’s compliance with EEO case processing time frames, following remediation of the case tracking system data reliability issues.

Management agreed with both of our recommendations and is working with the Corporation’s OERM to address the concerns we identified.

Safeguards Over Personal Employee Information

The Federal Trade Commission defines identity theft as “a fraud that is committed or attempted, using a person’s identifying information without permission.” Identity theft is one of the fastest growing crimes in the country and has involved private sector and federal agency information. The FDIC is no exception and has experienced several breaches involving personal employee information. For example, a security breach identified in 2005 involved unauthorized access to personal information for a large number of current and former FDIC employees.

Among other things, the Privacy Act of 1974 requires federal agencies to limit the collection, disclosure, and use of personal information maintained in systems of records and to establish reasonable safeguards over those records.

In July 2005, at the request of the Director, Division of Administration, we initiated a review to evaluate the FDIC’s policies, procedures, and practices for safeguarding personal employee information in hardcopy and electronic form.

We reported that the FDIC has a corporate-wide program for protecting personal employee information, has appointed a Chief Privacy Officer with responsibility for privacy and data protection policy, and is making efforts to enhance its privacy program in response to legislative requirements and breaches of FDIC employee information. Our report noted that the Corporation had a number of programmatic initiatives and notable physical and electronic safeguards over personal employee information in place or underway.

We identified opportunities for the FDIC to strengthen its privacy program for protecting personal employee information, including:

Developing an overarching privacy policy to ensure coordination between the Chief Privacy Officer and Privacy Act Clearance Officer and updating systems of record notices pertaining to employee information, especially information maintained by contractors.
Ensuring that contracts, for which the scope requires contractors to maintain personal employee information, contain adequate references to the Privacy Act, appropriate confidentiality clauses, and signed confidentiality agreements.
Conducting some form of security review or obtaining assurances through third-party security reviews for contractors and vendors that maintain personal employee information in electronic form.

These additional controls will help to ensure that the FDIC complies fully with privacy-related legislation and regulations; identifies personal employee information maintained by the FDIC and its contractors that needs to be protected; and implements sufficient administrative, physical, and technical controls over such information.

We made 15 recommendations to strengthen the FDIC’s privacy program. The Corporation generally concurred with our report and agreed to take corrective action on 12 recommendations. Other actions taken and/or controls in place were sufficient to address the remaining three recommendations.

The FDIC’s Certification and Accreditation Program

The Office of Management and Budget requires agencies to certify and accredit their information systems consistent with federal security policies, standards, and guidelines. Certification involves the evaluation of an information system’s management, operational, and technical security controls. Accreditation involves a senior agency official’s authorization of an information system to operate. The certification and accreditation of federal information systems is critical to securing the government’s operations and assets. We contracted with KPMG LLP (KPMG) to audit and report on the FDIC’s security certification and accreditation (C&A) program.

KPMG determined that the FDIC established and implemented C&A policies, procedures, and practices that were satisfactory and consistent with federal standards and guidelines. The FDIC continued to build its C&A program during 2005 in response to evolving National Institute of Standards and Technology guidance, and additional improvements were underway at the close of field work. Further, the FDIC had undertaken action to address certain C&A-related matters previously identified in the OIG’s September 2005 security evaluation report required by the Federal Information Security Management Act.

We reported that the FDIC could further strengthen its C&A program by:

enhancing system sensitivity assessment guidance to describe how final security categorizations are determined;
ensuring that application security plans adequately describe how common security controls and general support systems critical to the security of the application are considered in the application’s C&A;
ensuring the cost-benefit of alternative control solutions for reducing or eliminating vulnerabilities;
enhancing written procedures for defining the nature and scope of testing, managing system-level plans of action and milestones, accepting risks associated with system security weaknesses, and issuing interim systems authorizations; and
establishing formal milestone reviews at key points in the C&A process to ensure that critical documentation is current, accurate, and complete.

keyboard

These program enhancements will provide FDIC management with greater assurance that system security risks are effectively managed and that C&A practices are consistently applied throughout the Corporation. We also performed benchmarking with other federal agencies and included the results in our report.

KPMG recommended that the FDIC’s Chief Information Officer strengthen the FDIC’s C&A policies, procedures, and guidelines by considering and addressing, as appropriate, the issues described in this report. The FDIC’s comments were responsive to the recommendation.

Security of Wireless Communications

Wireless technology offers federal agencies a number of important benefits, such as increased employee productivity and ease of network installation. However, this technology also presents a number of potentially significant security risks to the confidentiality, availability, and integrity of sensitive information. Such risks include the interception of communications not intended for public disclosure, denial of service attacks, and unauthorized deployment of wireless-enabled devices. We contracted with KPMG LLP to audit and report on the security of the FDIC’s wireless data communications.

KPMG found that the FDIC established and implemented security controls for its wireless data communications that were generally consistent with the National Institute of Standards and Technology’s recommended practices. Such controls include policies to govern the deployment of wireless-enabled devices connected to the FDIC’s corporate network, security software to authenticate wireless users to the corporate network and protect the confidentiality of their communications, and procedures to assess wireless security activities. However, additional controls are needed to provide reasonable assurance of adequate security.

KPMG recommended that the FDIC’s Chief Information Officer (CIO):

enhance the Corporation’s wireless security policies and awareness training; and
restrict access to critical software programs designed to safeguard wireless data communications.

The CIO provided written comments that were responsive to the report’s recommendations.

Contracting with a Consolidated Facilities Management Approach

As part of the FDIC’s strategic goal to substantially reduce corporate operating costs, the Division of Administration implemented the Consolidated Facilities Management (CFM) approach and awarded a $30.4 million CFM contract to Consolidated Engineering Services, Inc. in April 2003. The CFM approach combined 13 facilities-related contracts into a single “bundled” contract designed to reduce administrative costs and simplify the management of various building services at FDIC-owned headquarters facilities and leased space.

We conducted an audit to determine whether the contract structure and FDIC contract management were adequate to ensure the economical and efficient management of the FDIC’s Washington, D.C., area facilities.

The CFM contract structure (implementation of the CFM approach) and the FDIC’s management of the contract were generally adequate to ensure the efficient operation of the FDIC’s Washington, D.C., area facilities. An independent engineering firm determined that the facilities were well-maintained, and a customer satisfaction survey indicated that most FDIC employees were satisfied with the overall physical environment in FDIC building space. However, we could not determine whether the CFM contract resulted in more economical facilities management services due to weaknesses in certain procurement-related internal controls.

We made recommendations to improve internal control over the process for awarding and monitoring the benefits of bundled contracts, capitalizing costs, and structuring incentives on the CFM contract. We questioned $193,131 in janitorial incentive payments for performance that did not exceed the standards in the statement of work. We also identified a total of $1,538,771 in funds put to better use related to (1) the Corporation’s expensing rather than capitalizing costs and (2) the potential payment of additional incentive fees for janitorial services.

The FDIC generally agreed or provided responsive alternative corrective action to most of our recommendations. In particular, the FDIC agreed to amend policy guidance to include coverage of contract bundling and capitalize costs associated with a major capital improvement. At the time we issued our report, the FDIC did not agree to specifically require market research and justifications for noncompetitive procurement for large-dollar-value work orders on existing contracts. However, we subsequently resolved this recommendation. Additionally, FDIC management did not agree with the monetary benefits we identified.

Billing Reviews and Other Ongoing Work

We conducted two post-award contract audits during the reporting period, and in those audits we identified a total of $3,196,831 in questioned costs.

Ongoing work at the end of the reporting period in support of this strategic goal included audits related to the following:

The FDIC Emergency Operations Plan
Application Controls
Records Disposal
Contract Administration
FEDSIM Contract
Federal Information Security Management Act Evaluation
Investigations of Employee and Contractor Actions

The OIG conducts investigations, as needed, of criminal or serious misconduct on the part of FDIC employees and contractors to ensure a working environment of high integrity. During the reporting period investigations addressed such matters as misuse of government property, misuse of position, and other employee misconduct.

We successfully investigated and achieved results in a case involving a former FDIC intern’s conspiracy to commit bank fraud and identity theft during the reporting period, as discussed below.

FORMER FDIC INTERN AND ACCOMPLICE SENTENCED
On March 24, 2006, in the U.S. District Court for the Eastern District of Virginia, a former intern at the FDIC was sentenced to 60 months’ imprisonment; and ordered to make restitution of $207,186 to the FDIC, $407,890 to CUNA Mutual Insurance Group, and $17,937 to the National Institutes of Health Federal Credit Union (NIHFCU). His sentence was the result of his earlier guilty plea to a one-count information charging him with conspiracy to commit bank fraud and identity theft.

In early 2004, the former intern fraudulently obtained an internal administrative report from an employee of the FDIC, which listed names, dates of birth, and social security numbers for more than 5,000 employees of the FDIC. Beginning in April 2004 and until January 2005, in order to determine which of the FDIC employees had good credit, the former intern went to car dealerships located in Virginia and Maryland and paid individuals working at those dealerships to obtain credit reports on a number of the FDIC employees. Based on these credit reports, he compiled a list of FDIC employees with good credit. He then obtained copies of false Maryland driver’s licenses from another person in Maryland for some of those FDIC employees.

Thereafter, he approached a woman who, at the time, was an employee of the George Washington University branch of the NIHFCU to fraudulently open accounts at, and obtain loans from, NIHFCU under the FDIC employees’ names. Because all of the FDIC employees had good credit, NIHFCU granted lines of credit to each of them. The former intern then made a series of withdrawals on the lines of credit, obtaining approximately $425,827 from NIHFCU. Because its employees’ credit had been put in jeopardy, the FDIC contracted with a credit reporting bureau to provide fraud protection to all affected FDIC employees.

On January 27, 2006, the former NIHFCU employee was sentenced in the U.S. District Court for the Eastern District of Virginia to 24 months’ incarceration, and ordered to pay $425,827 in restitution to the National Institute of Health. Her sentence was reduced as a result of her cooperation against the former intern.

The FDIC OIG is conducting this investigation jointly with the FBI. The U.S. Attorney’s
Office for the Eastern District of Virginia is prosecuting the case.


Strategic Goal 6 - OIG INTERNAL PROCESSES: Continuously Enhance the OIG’s Business and Management Processes

The FDIC OIG is one of 57 such offices in the federal government. Along with GAO and other law enforcement organizations, the Inspectors General are part of a network of government organizations with common purposes for fostering greater accountability, integrity, and excellence in government programs and operations. Although no two organizations are identical, these organizations provide the FDIC OIG with an opportunity to observe and adopt best practices in use in other organizations with similar missions and values.

While the purpose of our organization is focused on FDIC’s programs and operations, the OIG has an inherent obligation to hold itself and its people to the highest standards of performance and conduct. Like any organization, we have processes and procedures for conducting our work; communicating with our clients, staff, and stakeholders; managing our financial resources; aligning our human capital to our mission; strategically planning and measuring the outcomes of our work; maximizing the cost-effective use of technology; and ensuring our work products are timely, value-added, accurate, complete, and meet applicable professional standards.

2006 Performance Goals: To continuously enhance the OIG’s business and management processes, the OIG will

Enhance strategic and annual planning and performance measurement;
Strengthen human capital management to achieve enhanced results;
Ensure the quality and efficiency of OIG audits, evaluations, and investigations;
Foster good relationships with clients, stakeholders, and OIG staff; and
Invest in cost-effective and secure IT that improves performance and productivity.

The following actions during the reporting period supported our efforts to continuously enhance our business and management processes.


Strategic and Annual Planning and
Performance Measurement Activities
Issued our Office of Audits Assignment Plan for Fiscal Year 2006, which included assignments that are designed to add value to the Corporation in a variety of ways, including assessing program effectiveness, management, and results; economy and efficiency; internal control; and compliance with legal or other requirements and by helping to deter and detect instances of fraud, waste, and abuse.
Formulated the OIG’s assessment of the most significant management and performance challenges facing the Corporation, in the spirit of the Reports Consolidation Act of 2000. This assessment was factored into the Office of Audits’ Assignment Plan and helped shape the OIG’s Business Plan for 2006. The OIG’s assessment was provided to FDIC management for inclusion in the FDIC’s performance and accountability report—i.e., the Annual Report. We identified the following challenges:
Assessing and mitigating risks to the insurance funds
Ensuring institution safety and soundness through effective examinations, enforcement, and follow-up
Contributing to public confidence in insured depository institutions
Protecting and educating consumers and ensuring compliance
Being ready for potential institution failures
Managing and protecting financial, human, IT, and procurement resources.
Issued our fiscal year 2006 Business Plan in February 2006. It combines the Strategic Plan for fiscal years 2006 through 2011 and Performance Plan for fiscal year 2006. In updating our plan, we revised our focus to include performance measures more reflective of mission-related goals and outcomes. We also added qualitative performance goals to complement our quantitative performance measures. Each qualitative performance goal includes a set of key efforts representing ongoing work or work to be undertaken during 2006 in support of the goal. Also, potential outcomes were identified for each performance goal to highlight the improvements that may result from these key efforts. Our quantitative measures were streamlined to a few key measures with a greater emphasis on outcomes and results.
Used the 2006 business planning framework to guide office-wide planning efforts for 2007/2008 that will fully integrate and align our performance planning, audit assignment planning, performance reporting, and budgeting processes. A timeline has been prepared showing key milestones in the planning process, including development of the business plan, audit assignment plan, and management and performance challenges.
Continued to assess and monitor risks to the OIG and the internal controls in place to manage the risks as part of our responsibilities under the Corporation’s Internal Control and Risk Management Program. These responsibilities include identifying risks and control objectives, conducting risk assessments, documenting and testing the control process, determining and tracking corrective actions for control weaknesses, reporting the results, and annually certifying to the condition of our internal control program and administrative control systems. The OIG also monitors the administration of its Internal Control and Risk Management Program to help assure that pertinent risks and internal controls are identified and evaluated in an efficient and effective manner.


Human Capital Initiatives
Completed a baseline workforce analysis (2000-2005). It provided data, charts, and graphs illustrating OIG trends in workforce size and demographics, workforce salary/benefits cost, workforce training spending, and employee retirement eligibility through 2010.
Formed mentoring partnerships for four OIG staff members. These partnerships pair newer members of the OIG with other more experienced members of the office to promote professional growth and development.
Focused on OA’s training needs and examined various criteria to use when identifying individual and office training needs. Planned for a training program targeted to message development and report writing skills, a key component of the OIG’s core competency on communications.
Advertised vacancy announcements through the Corporation’s Careers System with questions for applicants to answer relating to OIG core competencies. Such questions are also included in the interview process. Also, all OIG position descriptions are completed with core competencies integrated.
Solicited input from the OIG Employee Advisory Group in light of organizational and leadership changes in the OIG to ensure that the Advisory Group can continue to serve as a forum for OIG staff to address concerns and provide ideas for improving OIG business processes, employee relations, and working conditions.
Assessed OIG activities in support of the Corporation’s diversity goals.


Quality of Audits, Evaluations, Investigations
Underwent an external peer review of our Office of Investigations’ operations, conducted by the Department of the Treasury, Office of Investigations. The report results stated that in Treasury OIG’s opinion, our Office of Investigations’ system of internal safeguards and management procedures for our investigative function is in full compliance with the quality standards established by the President’s Council on Integrity and Efficiency (PCIE) and the Attorney General guidelines. The external review was conducted at our headquarters’ and Eastern Region Atlanta offices. Internal reviews of our Western Region Dallas and Chicago offices will be conducted during the remainder of this fiscal year.
Focused on a segment of the PCIE Peer Review Guide which serves to document the Office of Audits’ quality control policies and procedures, in preparation for OA’s fiscal year 2007 peer review. Continued work to ensure that all working papers from completed audits and evaluations are properly archived.
Began planning for the FDIC OIG’s peer review of the Office of Audits of the Department of Justice OIG, including establishing a point of contact, identifying staffing needs, and establishing a timetable for conducting our review. An entrance conference is scheduled to take place in early September 2006, with final report issuance in February 2007.
Counsel’s Office provided advice and counsel and determinations of legal applicability on issues arising with respect to audits, evaluations, and investigations, including the legal accuracy and sufficiency of audit and evaluation reports.


Fostering Good Relationships with Stakeholders
Participated in quarterly meetings with FDIC senior management officials to keep them apprised of ongoing audit and evaluation reviews and results.
Continued to work closely with FDIC developing presentations that include in-depth discussions of “lessons learned/red flags” based on our experience in investigating major fraud at financial institutions. The presentations provide an overview of the investigative process, alert examiners to possible red flags or signs of fraud and/or obstruction and
provide guidance on making referrals and coordinating with the OIG regarding suspected fraud. Office of Investigations provides these types of presentations at training conferences, Federal Financial Institutions Examination Council seminars, DSC Field Office meetings, and bankers’ outreach sessions.
A Strong Partnership

The OIG has partnered with various U.S. Attorneys’ Offices throughout the country in bringing to justice individuals who have defrauded the FDIC or financial institutions within the jurisdiction of the FDIC, or criminally impeded the FDIC’s examination and resolution processes. The alliances with the U.S. Attorneys’ Offices have yielded positive results during

Continued efforts to keep DSC, DRR, Legal, and other FDIC program offices informed of the status and results of our investigative work impacting their respective offices. We continued to issue quarterly reports to DSC, DRR, Legal and the Chairman’s Office outlining activity and results in our cases involving closed and open banks, asset and debt cases. We continued to meet quarterly with DSC, DRR, and the Financial Crimes Unit to review ongoing cases of interest, and we coordinated routinely with these offices regarding bank closings, financial institution fraud cases, concealment of assets cases, and restitution orders. As appropriate, we continued to coordinate with and brief affected program officials regarding employee cases. Also met with the Ethics Office regarding concerns arising from employee cases.
this reporting period.

Our strong partnership has evolved from years of trust and hard work in pursuing offenders through parallel criminal and civil remedies resulting in major successes, with harsh sanctions for the offenders. Our collective efforts have served as a deterrent to others contemplating criminal activity and helped maintain the public’s confidence in the nation’s financial system.

For the current reporting period, we are especially appreciative of the efforts of the Assistant U.S. Attorneys in the following offices: Southern District of Iowa, Western District of Tennessee, Southern District of Florida, Northern District of Texas, Middle District of Georgia, Northern District of Illinois, District of Minnesota, Eastern District of Texas, Southern District

Reviewed and provided timely comments to corporate stakeholders on eight corporate directives and circulars. Of note, we provided substantive comments on proposed policy regarding Employee Rights and Responsibilities Under the Privacy Act of 1974, Procedures for Processing Freedom of Information Act Requests, Encryption and Digital Signatures for Electronic Mail, and the FDIC’s Software Configuration Management Policy.

of Texas, Western District of Oklahoma, Northern District of Iowa, District of Mexico, Western District of Texas, Central District of Illinois, District of Kansas, District of South Carolina, and the Eastern District of Virginia. The OIG also worked closely with Trial Attorneys from the Fraud Section of the U.S. Department of Justice and the State of Missouri Attorney General.
Attended monthly meetings of the FDIC Audit Committee and presented the results of significant audit and evaluation assignments for consideration by Committee Members.
Communicated with the Acting Chairman regularly through meetings and issuance of Chairman’s Highlights reports.
Participated with other OIGs in the PCIE and Executive Council on Integrity and Efficiency through attendance at regular meetings and participation in ongoing activities in the Inspector General (IG) community, such as the Homeland Security Roundtable, Hurricane Katrina Working Group, IG E-Learning initiative, and various surveys.
Met with representatives of the OIGs of the federal banking regulators (Federal Reserve, Treasury, NCUA) to discuss ongoing or planned audit efforts in response to the Gulf Coast hurricanes.
Attended regular Assistant Inspector General for Investigation meetings and attended the annual OIG Directors of Investigations conference. OI representatives also regularly attended meetings of the National Bank Fraud Working Group and similar working groups held throughout the country. OI participates in the Cyber Fraud and the Check Fraud working groups, subgroups of the Bank Fraud Working Group, attended by law enforcement, Department of Justice officials, and regulators.
Held four congressional briefings on the OIG’s 2006 assignment plan to share with Congressional parties the OIG’s planned approach on matters of mutual interest.
Coordinated with GAO on ongoing audit work and attended a GAO forum on the overall role of Inspectors General and their working relations with GAO.


Investing in Cost-Effective, Secure
IT to Enhance Performance and Productivity
Established Web-based access to our investigative data base to allow more flexibility for agents to enter investigative data.
Continued work with the OIG component offices to post and/or update information on the FDIC OIG Internet and Intranet sites in the interest of facilitating internal work efforts and providing easily accessible information to parties external to our office who are interested in our office and the results of our work.
Took a number of measures in coordination with the Division of Information Technology to ensure the security of OIG IT resources and data.


[ D ]
[ D ]
[ D ]

Reporting Requirements

FDIC Seal
Section 4(a)(2): Review of legislation and regulations view
Section 5(a)(1): Significant problems, abuses, and deficiencies view
Section 5(a)(2): Recommendations with respect to significant problems, abuses, and deficiencies view
Section 5(a)(3): Recommendations described in previous semiannual reports on which corrective action has not been completed view
Section 5(a)(4): Matters referred to prosecutive authorities view
Section 5(a)(5) and 6(b)(2): Summary of instances where requested information was refused view
Section 5(a)(6): Listing of audit reports view
Section 5(a)(7): Summary of particularly significant reports view
Section 5(a)(8): Statistical table showing the total number of audit reports and the total dollar value of questioned costs view
Section 5(a)(9): Statistical table showing the total number of audit reports and the total dollar value of recommendations that funds be put to better use view
Section 5(a)(10): Audit recommendations more than 6 months old for which no management decision has been made view
Section 5(a)(11): Significant revised management decisions during the current reporting period view
Section 5(a)(12): Significant management decisions with which the OIG disagreed view


Information Required by
the Inspector General
Act of 1978, as amended

FDIC Seal

Review of Legislation and Regulations

The FDIC OIG is tasked under the Inspector General Act of 1978 with reviewing existing and proposed legislation and regulations relating to programs and operations of the Corporation and making recommendations in the semiannual reports concerning the impact of such legislation or regulations on the economy and efficiency in the administration of programs and operations administered or financed by the Corporation or the prevention and detection of fraud and abuse in its programs and operations. Foremost, the Office of Counsel reviewed the Deposit Insurance Reform Act of 2006, the FDIC Legal Division’s summary analysis, and the proposed regulations implementing the Reform Act. The Office of Counsel did not issue comments on the legislation or proposed regulations. Additionally, Counsel’s Office reviewed a Preemption Regulation drafted in response to a petition by a banking roundtable group. The regulation sought equal footing for state-chartered banks given the preemption regulations for national banks issued by the Office of the Comptroller of the Currency. Counsel’s Office provided no comments.

Table I: Significant Recommendations From Previous Semiannual Reports on Which Corrective Actions Have Not Been Completed

This table shows the corrective actions management has agreed to implement but has not completed, along with associated monetary amounts. In some cases, these corrective actions are different from the initial recommendations made in the audit reports. However, the OIG has agreed that the planned actions meet the intent of the initial recommendations. The information in this table is based on (1) information supplied by FDIC’s Office of Enterprise Risk Management (OERM) and (2) the OIG’s determination of closed recommendations for reports issued after March 31, 2002. These 11 recommendations from 7 reports involve improvements in operations and programs. OERM has categorized the status of these recommendations as follows:

Management Action in Process: (11 recommendations from 7 reports)

Management is in the process of implementing the corrective action plan, which may include modifications to policies, procedures, systems or controls; issues involving monetary collection; and settlement negotiations in process.


Significant Recommendations From Previous Semiannual Reports on Which Corrective Actions Have Not Been Completed
Report Number,
Title & Date
Significant
Recommendation Number
Brief Summary of Planned Corrective
Actions and Associated Monetary Amounts
MANAGEMENT ACTION IN PROCESS
04-009
Evaluation of FDIC’s Intrusion Detection and Incident Response Capability
February 13, 2004
4 Research and investigate solutions and tools for aggregating event information from different security logging devices to better distinguish malicious activity from normal network traffic to reduce false positives.
04-016
FDIC’s Personnel Security Program
March 30, 2004
3 Review all employees in moderate risk-level positions to ensure that appropriate background investigations have been performed.
05-005
FDIC’s Procurement of Administrative Goods and Services
January 21, 2005
2 Develop a performance measurement framework to consistently monitor and periodically report on the procurement process and progress toward achieving goals to improve procurement economy and efficiency.
05-016
Security Controls Over the FDIC’s Electronic Mail (EMail) Infrastructure
March 31, 2005
1 Ensure that division and office directors provide FDIC employees and contractors with sufficiently detailed guidance to facilitate informed decisions on when to encrypt sensitive e-mail communications.
2 Evaluate alternative solutions to augment the current implementation of Entrust/Express for securing sensitive e-mail communications.
3 Evaluate the feasibility of implementing an e-mail policy compliance tool to achieve greater assurance that sensitive communications are encrypted when appropriate.
5 Develop a security plan for the e-mail infrastructure that defines the FDIC's security requirements and existing and planned controls for ensuring those requirements are satisfied.
05-026
Capital Provision Requirements Established Under Supervisory Corrective Actions
July 15, 2005
1 Revise guidance to supervisory personnel to discuss the use and consideration of Tier 1 Leverage Capital, Tier 1 Risk-Based Capital, and Total Risk-Based Capital ratios in the formulation and recommendation of capital-level provisions.
05-031
FDIC’s Information Technology Configuration Management Controls Over Operating System Software
September 8, 2005
1 Establish a policy that takes an enterprise approach to defining the roles, responsibilities, and overall principles and management expectations for performing configuration management on operating system software.
2 Develop configuration management plan(s) covering the four operating system software platforms addressed in this report consistent with federal standards and guidelines and industry-accepted practices.
05-037
Controls Over the Risk-Related Premium System
September 23, 2005
2 Develop and implement a software configuration management plan for the Risk-Related Premium System that incorporates the appropriate features of StarTeam.
The OIG has not yet evaluated management’s actions in response to OIG recommendations.
The OIG has requested additional information to evaluate management’s actions in response to the OIG recommendation.


Table II: Audit Reports Issued by Subject Area
AUDIT REPORT QUESTIONED COSTS FUNDS
PUT TO
BETTER
USE
Number and Date Title Total Unsupported
I N S U R A N C E
06-008
February 17, 2006
Consideration of Safety and Soundness Examination Results and Other Relevant Information in the FDIC’s Risk-Related Premium System
C O N S U M E R   P R O T E C T I O N
06-009
February 24, 2006
FDIC’s Guidance to Institutions and Examiners for Implementing the Gramm-Leach-Bliley Act Title V and the Fair and Accurate Credit Transactions Act
R E C E I V E R S H I P   M A N A G E M E N T
06-003
December 6, 2005
DRR’s Efforts to Recover Unclaimed Deposits
06-004
December 16, 2005
Project Management Framework for the Asset Servicing Technology Enhancement Project
R E S O U R C E S   M A N A G E M E N T
06-007
February 15, 2006
FDIC’s Security Certification and Accreditation Program
06-012
March 31, 2006
Security Controls Over the FDIC’s Wireless Data Communications
EVAL-06-001
November 4, 2005
FDIC’s Equal Employment Opportunity Discrimination Complaint Process
EVAL-06-005
January 6, 2006
FDIC Safeguards Over Personal Employee Information
06-010
March 30, 2006
FDIC’s Consolidated Facilities Management Approach $193,131 $1,538,771
06-002
November 16, 2005
Post-award Contract Review $508,955 $463,125
06-006
February 1, 2006
Post-award Contract Review $2,687,876 $2,553,282
TOTALS FOR THE PERIOD $3,389,962 $3,016,407 $1,538,771

Table III: Audit Reports Issued with Questioned Costs
Questioned Costs
Number Total Unsupported
A. For which no management decision has been made by the commencement of the reporting period. 2 $981,355 $20,000
B. Which were issued during the reporting period. 3 $3,389,962 $3,016,407
Subtotals of A & B 5 $4,371,317 $3,036,407
C. For which a management decision was made during the reporting period. 2 $482,594 $0
(i) dollar value of disallowed costs. 0 $0 $0
(ii) dollar value of costs not disallowed. 2 $482,594 $0
D. For which no management decision has been made by the end of the reporting period. 2 $3,196,831 $3,016,407
Reports for which no management decision was made within 6 months of issuance. 1 $691,892 $20,000

Table IV: Audit Reports Issued with Recommendations for Better Use of Funds
Number Dollar Value
A. For which no management decision has been made by the commencement of the reporting period. 0 $0
B. Which were issued during the reporting period. 1 $1,538,771
Subtotals of A & B 0 $1,538,771
C. For which a management decision was made during the reporting period. 1 $1,538,771
(i) dollar value of recommendations that were agreed to by management. 0 $0
- based on proposed management action. 0 $0
- based on proposed legislative action. 0 $0
(ii) dollar value of recommendations that were not agreed to by management. 1 $1,538,771
D. For which no management decision has been made by the end of the reporting period. 0 $0
Reports for which no management decision was made within 6 months of issuance. 0 $0

Table V: Status of OIG Recommendations Without Management Decisions

During this reporting period, there were four recommendations more than 6 months old without management decisions. The OIG issued a report on a post-award contract audit (05-030), dated August 25, 2005, containing the four recommendations. The report questioned $691,892 ($20,000 unsupported) related to employee qualifications, approval of key personnel, and excess labor charges. The FDIC requested additional time to complete its review of the reported conditions. The FDIC expects to make a management decision on the recommendations by May 31, 2006.

Table VI: Significant Revised Management Decisions

During this reporting period, there were no significant revised management decisions.

Table VII: Significant Management Decisions with Which the OIG Disagreed

During this reporting period, there were no significant management decisions with which the OIG disagreed.

Table VIII: Instances Where Information Was Refused

During this reporting period, there were no instances where information was refused.


Abbreviations and
Acronyms

ANB American National Bank
ASTEP Asset Servicing Technology Enhancement Project
BIF Bank Insurance Fund
BOP Bank of the Panhandle
BSB Bank of Sierra Blanca
C&A certification and accreditation
CEO chief executive officer
CFM Consolidated Facilities Management
COO chief operations officers
CRA Community Reinvestment Act
DIR Division of Insurance and Research
DRR Division of Resolutions and Receiverships
DSC Division of Supervision and Consumer Protection
ECU Electronic Crimes Unit
EEO equal employment opportunity
FACT Act Fair and Accurate Credit Transaction Act of 2003
FBI Federal Bureau of Investigation
FCRA Fair Credit Reporting Act of 1968
FDIC Federal Deposit Insurance Corporation
FSLIC Federal Savings and Loan Insurance Corporation
GAO Government Accountability Office
GLBA Gramm-Leach-Bliley Act of 1999
HSB Hawkeye State Bank
IG Inspector General
ILC industrial loan company
IT Information Technology
MNB Mauriceville National Bank
NCUA National Credit Union Administration
NIHFCU National Institutes of Health Federal Credit Union
OCC Office of the Comptroller of the Currency
ODEO Office of Diversity and Economic Opportunity
OERM Office of Enterprise Risk Management
OI Office of Investigations
OIG Office of Inspector General
OTS Office of Thrift Supervision
PCA Production Credit Association
PCIE President’s Council on Integrity and Efficiency
RRPS Risk-Related Premium System
SAIF Savings Association Insurance Fund
SCS San Clemente Securities, Inc.
SFG Stevens Financial Group
T&C Bank Town & Country Bank of Almelund
UDAA 1993 Unclaimed Deposits Amendment Act
USA PATRIOT Act Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001

OIG Hotline The Office of Inspector General (OIG) Hotline is a convenient mechanism employees, contractors, and others can use to report instances of suspected fraud, waste, abuse, and mismanagement within the FDIC and its contractor operations. The OIG maintains a toll-free, nationwide Hotline (1-800-964-FDIC), electronic mail address (IGhotline@FDIC.gov), and postal mailing address. The Hotline is designed to make it easy for employees and contractors to join with the OIG in its efforts to prevent fraud, waste, abuse, and mismanagement that could threaten the success of FDIC programs or operations.
To learn more about the FDIC OIG and for complete copies of audit and evaluation reports discussed in this Semiannual Report, visit our homepage: http://www.fdicig.gov
Federal Deposit Insurance Corporation
Office of Inspector General
3501 Fairfax Drive
Arlington, VA. 22226