This memorandum represents the Division of Supervision and Consumer Protection (DSC) response to the draft report entitled, Division of Supervision and Consumer Protection's Supervisory Actions Taken for Compliance Violations (Assignment No. 2006-010) ("Draft Report") prepared by the FDIC's Office of Inspector General (OIG). The stated objective of the audit was to determine whether DSC adequately addresses the violations and program deficiencies reported in compliance examinations to ensure that FDIC-supervised institutions take appropriate corrective action.
The OIG states in the Draft Report that DSC did not adequately ensure that the financial institutions in their sample had appropriate corrective actions for repeat, significant violations identified during examinations. In many of the sample cases reviewed by the OIG, the OIG disagreed with the timeliness of the follow up for supervisory actions taken for "1" or "2" rated institutions. The OIG noted in most of the sample cases, in accordance with DSC and FFIEC guidance for well-rated institutions, that DSC generally followed up on violations at the subsequent examination.
The OIG is recommending that DSC strengthen its monitoring and follow up processes by (1) revising applicable guidance to require follow up between examinations on repeat, significant compliance violations and program deficiencies; (2) considering supervisory actions when any institution's corrective action on repeat, significant violations is not timely or repeat, significant violations are a recurring examination finding; and (3) revising the Division's performance goal to focus more broadly on institutions with repeat, significant violations.
DSC's Commitment to Consumer Protection
DSC takes the enforcement of consumer protection laws very seriously. During the eight year period covered by the sample of 51 examinations and visits that the OIG elected to review, FDIC conducted 18,652 compliance examinations of state nonmember banks. An array of high-risk concerns and violations of law were identified during these examinations. In response, the FDIC issued 1,075 formal and informal enforcement actions. These actions were designed to ensure that institutions under FDIC supervision comply with the laws that protect consumers.
In addition to taking enforcement action, the FDIC requires financial reimbursement for those harmed by violations of consumer protection laws. During the timeframe covered by the OIG sample, the FDIC required 1,240 banks to refund $10,204,610 to 220,567 consumers as a result of Truth in Lending violations discovered during FDIC compliance examinations. DSC has also required two banks to provide over $5,000,000 in reimbursement to consumers harmed by unfair and deceptive practices prohibited by the Federal Trade Commission Act.
The FDIC also refers violations to other agencies so that they may consider taking action against institutions. In 2005 alone, DSC examiners discovered a pattern or practice of illegal discrimination at 40 institutions. In addition to requiring that all of these institutions take corrective action, DSC referred them to the Department of Justice for investigation. These supervisory actions demonstrate DSC's commitment to the enforcement of consumer protection laws. Nevertheless violations do occur, even in institutions that have implemented strong compliance management systems. Examiners use judgment and experience to place violations in the proper context when they draw conclusions from a compliance examination.
Addressing Violations Discovered During Compliance Examinations
The Draft Report focuses on repeat, significant violations cited in the examination reports that the OIG selected for review. All but five of these reports assigned "1" or "2" compliance ratings to the banks involved. For these institutions, which by definition have "strong" or "generally strong" compliance programs that are capable of addressing problems, the FDIC followed up on efforts to correct violations at the next examination. As the OIG acknowledges, this approach is consistent with DSC's compliance examination procedures. Adversely-rated institutions, which by definition have less than satisfactory compliance programs, receive closer supervisory attention. They are examined frequently and are typically subject to enforcement actions that require the submission of quarterly progress reports that document efforts to resolve concerns identified by examiners.
Importantly, the decision to follow up is based on an assessment of both the quality of an institution's compliance management system and the severity of the violations discovered. Violations that represent higher risks to consumers are weighed more heavily in this process. For example, the repeat flood insurance violations for a sample bank referenced in the Draft Report involved the bank's failure to provide notice to borrowers that property offered as collateral was located in a flood hazard zone. When the bank exhibited a practice of failing to provide this important information in 2003, its compliance rating was downgraded to a "3" and it was required to pay substantial civil money penalties. As a result of this strong supervisory response, the bank corrected the violations. The results of the 2005 examination show that the illegal practice had ceased.
The fact that some violations represent less risk to consumers is also evaluated in the decision to follow up. The nature of the violations found in the IG's sample varied. For instance, the repeat Truth in Savings violations noted for one of the banks in the sample involved the failure to label fees correctly, not the failure to disclose them. Similarly, the repeat violations of the Equal Credit Opportunity Act by another bank in the sample were not a sign of illegal discrimination - they were cited because the bank failed to include an updated address for the FDIC contact on adverse action notices to consumers. While DSC expected the violations found at both of these banks to be corrected, the threat of harm to consumers was considered and factored into the overall rating of the institution and the level of supervisory response pursued.
The Draft Report makes three recommendations with respect to repeat significant violations. These relate to: (1) follow up activities when these violations occur, (2) consideration of amendments to the Formal and Informal Enforcement Actions Procedures (FIAP) manual to require supervisory actions when repeat significant violations are cited, and (3) potential amendments to DSC's annual performance goals.
With regard to the second recommendation, current FDIC guidance permits DSC to consider supervisory action against highly rated banks. Specifically, the FLAP manual states that:
"In more serious situations, however, formal action could be considered even for institutions that receive composite ratings of "1" or "2" for safety and soundness or compliance examinations to address specific actions or inactions by the institution." [ 1 ]
We believe this is a clear statement of DSC policy; however, DSC will reevaluate current FDIC and FFIEC guidance to determine whether enhancements or clarifications, if any, are needed. DSC will complete this process by September 30, 2007.
In response to the first and third recommendations, DSC intends to analyze the prevalence and scope of repeatedly cited, significant violations over the next year. The substance and level of risk to consumers related to these violations will be used to evaluate whether any changes in DSC policies and/or performance goals are necessary. DSC will complete this analysis and implement appropriate actions by September 30, 2007.
DSC Response to Ratings Observations
The Draft Report also contains comments on the ratings assigned to 29 examination reports selected for the IG's review, although the IG states, correctly, that its observations are outside the scope of the audit. The Draft Report notes an "apparent inconsistency" in some of the examination reports between the rating definition and the narrative descriptions. The FDIC strives diligently to present examination findings in a consistent manner, and we validate our processes by secondary review and a strong internal audit program. Moreover, the Draft Report comment does not correlate with the much lower incidence of similar exceptions found through our internal audits, which are based on a broader sampling of examination reports.