December 2007

This Business Plan reflects the Office of Inspector General’s (OIG) continuing efforts to clearly articulate and carry out an integrated series of quality audits, evaluations, investigations, and internal organizational activities in service to the Federal Deposit Insurance Corporation (FDIC), the Congress, the public, and other key stakeholders.

In 2006, we adopted a new business planning framework to better align our work with the Corporation’s strategic goals and related activities. For 2007 and 2008, we reexamined our mission and vision, validated our strategic goals, and developed performance goals—both qualitative and quantitative—and key efforts to continue to support those agreed-upon strategic goals.

In developing our business plan for fiscal year 2008, we conducted outreach meetings with FDIC Division Directors and their staffs to help shape our thinking on the issues and risks facing the FDIC. We then shared listings of our planned work with the Chairman and Vice Chairman of the FDIC and sought input from congressional stakeholders on our plans for the fiscal year. We appreciate the feedback from all involved in those initiatives. Our 2008 plan is a blueprint for our work throughout the year. To remain responsive to unforeseen issues or requests requiring our attention, however, we will modify this plan accordingly. During fiscal year 2008, I anticipate expanded investigative activity and results owing to an ongoing reorganization of our Office of Investigations, which will place Office of Investigations resources in several more of the FDIC’s regional offices. Our Office of Audits will address supervision, insurance, and consumer protection issues with more narrowly focused, risk-based objectives; continue to provide needed coverage of information security matters; and devote more

The future holds many challenges for the FDIC and for the OIG. My office stands ready to address those challenges, as demonstrated in our planned work for fiscal year 2008, and we welcome feedback on our efforts throughout the coming year.

Go to Table of Contents

Mission and Vision

The FDIC OIG is an independent and objective unit established under the Inspector General Act of 1978, as amended (IG Act). The OIG’s mission is to promote the economy, efficiency, and effectiveness of FDIC programs and operations, and protect against fraud, waste, and abuse to assist and augment the FDIC’s contribution to stability and public confidence in the nation’s financial system. In carrying out its mission, the OIG conducts audits, evaluations, and investigations; reviews existing and proposed legislation and regulations; and keeps the FDIC Chairman and the Congress currently and fully informed of problems and deficiencies relating to FDIC programs and operations.

In addition to the IG Act, the OIG also has statutory responsibilities to evaluate the FDIC’s information security program and practices under the provisions of the Federal Information Security Management Act of 2002, to evaluate privacy and data protection matters under Section 522 of the Consolidated Appropriations Act of 2005, and to perform material loss reviews of failed FDIC-supervised depository institutions under the provisions of the Federal Deposit Insurance Corporation Improvement Act of 1991.

Our vision is to be a quality-focused FDIC team that promotes excellence and trust in service to the Corporation and the public interest.

Strategic Goals and Performance Measures

The OIG has reviewed the FDIC operating environment looking at long-term and short-term issues facing the Corporation, as well as areas where significant change has occurred or is occurring. As part of the FDIC’s annual reporting process, we develop “Management and Performance Challenges” reflecting significant issues that the Corporation faces in carrying out its mission. We also meet with congressional staff and monitor the issues facing the Congress in its hearings and reports. The OIG has hosted conferences on “Emerging Issues” with participants from other OIGs of financial regulatory agencies, the Government Accountability Office (GAO), regulatory agency officials, and congressional staff. We also maintain ongoing dialogue with the FDIC’s senior leadership and met with FDIC executives to discuss their areas of challenge and concern for 2008. We believe that this process has resulted in OIG strategic goals that are mission-related and outcome-oriented, and that will contribute to the achievement of the FDIC’s mission.

To help accomplish our mission and achieve our vision, the OIG has established six strategic goals. Five of these strategic goals, which are our external goals, relate to the FDIC’s programs and activities. These goals are as follows:

The OIG will

• Assist the FDIC to ensure the nation’s banks operate safely and soundly.
• Help the FDIC maintain the viability of the insurance fund.
• Assist the FDIC to protect consumer rights and ensure customer data security and privacy.
• Help ensure that the FDIC is ready to resolve failed banks and effectively manages receiverships.
• Promote sound governance and effective stewardship and security of human, financial, information technology, and physical resources.

In addition, we have established a sixth (internal) strategic goal:

• Build and sustain a high-quality staff, effective operations, OIG independence, and mutually beneficial working relationships.

We have developed qualitative performance measures that reflect mission-related goals and outcomes. These complement our quantitative performance measures. Each qualitative performance goal includes a set of key efforts representing ongoing work or work to be undertaken during 2008 in support of the goal. Also, potential outcomes have been identified for each performance goal to highlight the improvements that may result from these key efforts. We will measure our success in meeting our qualitative goals by having OIG senior management assess the extent to which we accomplish the work described in the key efforts under each goal. As part of our assessment, senior management will consider the amount of work conducted and the results and recommendations made for each key effort, and then determine whether the overall body of work produced adequately achieves or addresses the related goal.

We are also continuing to use a streamlined list of quantitative measures that emphasize outcomes and results. These measures include financial benefits resulting from our audits, evaluations, and investigations; positive changes resulting from our recommendations (e.g., improved FDIC policies, practices, processes, systems, or controls); investigation actions (e.g., indictments, convictions, employee actions); recommendations implemented; and timeliness and cost-effectiveness of our work and related products.

Together, our qualitative and quantitative performance measures will help us determine the degree to which the OIG’s work provides timely, quality support to the Congress, the Chairman, other FDIC officials, the banking industry, and the public. We will periodically assess the results of our performance and the appropriateness of our performance measures and goals, and make changes, as warranted.

Under Goal 6, our plan presents a number of initiatives to improve the quality and effectiveness of OIG processes and products. Our key efforts have a strategic importance for the OIG to ensure that we produce high-quality work, operate effectively, maintain our independence, and sustain the positive working relationships that we have established with our stakeholders.

To achieve our strategic and performance goals, we provide objective, fact-based information and analysis to the Congress, the FDIC Chairman, other FDIC officials, and the Department of Justice. This effort typically involves our audits, evaluations, or criminal investigations conducted pursuant to the IG Act and in accordance with applicable professional standards. We also make contributions to the FDIC in other ways, such as reviewing and commenting on proposed corporate policies and draft legislation and regulations; participating as advisors in joint projects with management; providing technical assistance and advice on various issues such as information technology, strategic planning, risk management, and human capital; and participating in internal FDIC conferences and seminars.

In planning and budgeting our resources, we use an enterprise-wide risk assessment and planning process that considers current and emerging industry trends, and corporate programs, operations, and risks. Our audit and evaluation plans, which outline planned audit and evaluation coverage for the coming year, are based in part on the OIG’s assessment of risks to the FDIC in meeting its strategic goals and objectives. This risk-based assessment process is linked to the Corporation’s program areas and the OIG’s identification of management and performance challenges in those areas. In formulating our assignment plans, we solicit input from senior FDIC management and members of the FDIC Audit Committee, as well as the Congress.

Conducting investigations of activities that may harm or threaten to harm the operations or integrity of the FDIC and its programs is a key activity for achieving our goals. These investigations involve fraud at financial institutions, obstruction of FDIC examinations, misrepresentations of deposit insurance coverage, identity theft crimes, concealment of assets by FDIC debtors, or criminal or other serious misconduct on the part of FDIC employees or contractors. In conducting our investigations, we coordinate and work closely with U.S. Attorneys’ Offices, other law enforcement organizations, and FDIC divisions and offices. The OIG also operates an Electronic Crimes Unit (ECU) and laboratory in Washington, D.C. The ECU is responsible for conducting computer-related investigations and providing computer forensic support to investigations nationwide. We also manage the OIG Hotline for FDIC employees, contractors, and others to report allegations of fraud, waste, abuse, and mismanagement via a toll-free number or e-mail.

Another means of ensuring we achieve our goals is to maintain positive working relationships with the Congress, the Chairman, FDIC officials, and other OIG stakeholders. We provide timely, complete, and high-quality responses to congressional inquiries and communicate regularly with the Congress about OIG work and its conclusions. Also, the OIG communicates with the Chairman, Vice Chairman, other Board Members, and senior executives through briefings about ongoing and completed work and is a regular participant at Audit Committee meetings. The OIG also places a high priority on building strong alliances with GAO, the President’s Council on Integrity and Efficiency (PCIE), the Executive Council on Integrity and Efficiency (ECIE), and other agencies’ Offices of Inspector General.

The OIG’s employees are our most important resource for accomplishing our mission and achieving our goals. For that reason, we strive to operate a human resources program that attracts, develops, motivates, rewards, and retains a highly skilled, diverse, and capable staff.

The OIG staff is comprised of auditors, criminal investigators, attorneys, program analysts, computer specialists, and administrative personnel. The OIG staff holds numerous advanced educational degrees and possesses a number of professional licenses and certificates. To maintain professional proficiency, each of our staff attains an average of about 55 hours of continuing professional education and training annually.

Like much of the FDIC, the OIG has been downsizing its staff for several years in response to changes in the banking industry that have resulted in bank consolidations and improved financial health and the near completion of resolutions of failed institutions during the banking and thrift crises of the 1980s and early 1990s. Overall OIG staffing will have decreased from the authorized level of 190 in fiscal year 2003 to an authorized level of 127 in fiscal year 2008.

We strive to closely link information technology (IT) planning and investment decisions to our mission and goals, thus helping ensure that OIG managers and staff have the IT tools and services they require to successfully and productively perform their work. We want to enable our managers and staff, through reliable and modern technology, to maximize productivity and responsiveness. To help realize this goal and vision, our strategy will be to pursue IT solutions that optimize our effectiveness and efficiency, connectivity, reliability, and security, and employ best practices in managing our IT systems, services, and investments. In 2008, we plan to explore ways to leverage the various IT resources of our component offices.

The IG Act, as amended, makes the OIG responsible for keeping both the FDIC Chairman and the Congress fully and currently informed about problems and deficiencies relating to FDIC programs and operations. This dual reporting responsibility makes our role unique at the FDIC and can present a number of challenges for establishing and maintaining an effective working relationship with management. Although we are an integral part of the Corporation, unlike any other FDIC division or office, our legislative underpinning requires us to operate as an independent and objective oversight unit at the same time. As such, a certain amount of tension with the Corporation may be inherent in the nature of our mission. Notwithstanding, the OIG has established a cooperative and productive relationship with the Corporation by fostering open and honest communication; building relationships based upon mutual respect; conducting our work in an objective and professional manner; and recognizing and addressing the risks, priorities, and needs of the FDIC.

Go to Table of Contents

The Corporation’s bank supervision program promotes the safety and soundness of FDIC-supervised insured depository institutions. As of September 30, 2007, the FDIC was the primary federal regulator for 5,210 FDIC-insured, state-chartered institutions that were not members of the Federal Reserve System (generally referred to as “state non-member” institutions). The Department of the Treasury (the Office of the Comptroller of the Currency and the Office of Thrift Supervision) or the Federal Reserve Board supervise other banks and thrifts, depending on the institution’s charter.

The Corporation also has back-up examination authority to protect the interests of the deposit insurance fund for more than 3,400 national banks, state-chartered banks that are members of the Federal Reserve System, and savings associations.

The examination of the banks that it regulates is a core FDIC function. The Corporation’s year-to-date information reports that through September 30, 2007, the Corporation had conducted 1,706 safety and soundness examinations. Through this process, the FDIC assesses the adequacy of management and internal control systems to identify, measure, and control risks; and bank examiners judge the safety and soundness of a bank’s operations. The examination program employs risk-focused supervision for banks. According to examination policy, the objective of a risk-focused examination is to effectively evaluate the safety and soundness of the bank, including the assessment of risk management systems, financial condition, and compliance with applicable laws and regulations, while focusing resources on the bank’s highest risks.

In the event of an insured depository institution failure, the Federal Deposit Insurance (FDI) Act, requires the cognizant OIG to perform a review when the deposit insurance fund incurs a material loss. The FDIC OIG performs the review if the FDIC is the primary regulator of the institution. The Department of the Treasury OIG and the OIG at the Board of Governors of the Federal Reserve System perform reviews when their agencies are the primary regulators. These reviews identify what caused the material loss, evaluate the supervision of the federal regulatory agency (including compliance with the Prompt Corrective Action requirements of the Federal Deposit Insurance Act), and propose recommendations to prevent future failures. A loss is considered material to the insurance fund if it will exceed $25 million and 2 percent of the failed institution’s total assets. During the past fiscal year, the failure of FDICMetropolitan Bank in February 2007 did not meet the materiality threshold for the OIG to conduct a material loss review. The OIG, however, must be prepared to conduct such a review, as necessary, and will work with the Division of Supervision and Consumer Protection (DSC) and the Division of Resolutions and Receiverships (DRR) to ensure such readiness.

Bank regulators, both domestically and internationally, have devised new standards for bank capital requirements commonly referred to as Basel IA and Basel II. The intent of Basel II is to more closely align regulatory capital with risk in large or multinational banks. In conjunction with the transition to Basel II, the FDIC and the other federal bank regulatory agencies are pursuing a more risk-sensitive capital framework for the institutions that are not subject to or that opt out of Basel II. This new Basel IA capital framework seeks to minimize potential inequities between large and small banks resulting from Basel II implementation while maintaining adequate capital levels and avoiding undue burden on the affected institutions.

The OIG’s investigators play a key role in helping to ensure the nation’s banks operate safely and soundly. All financial institutions today are at risk of being used to facilitate criminal activities, including money laundering and terrorist financing. The Corporation needs to guard against a number of financial crimes and other threats, including money-laundering, terrorist financing, data security breaches, and financial institution fraud. Bank management is the first line of defense against fraud, and the banks’ independent auditors are the second line of defense. Because fraud is both purposeful and hard to detect, it can significantly raise the cost of a bank failure, and examiners must be alert to the possibility of fraudulent activity in financial institutions.

The OIG’s Office of Investigations (OI) works closely with FDIC management in DSC and the Legal Division to identify and investigate financial institution crime, especially various types of fraud. OIG investigative efforts are concentrated on those cases of most significance or potential impact to the FDIC and its programs. The goal, in part, is to bring a halt to the fraudulent conduct under investigation, protect the FDIC and other victims from further harm, and assist the FDIC in recovery of its losses. Pursuing appropriate criminal penalties not only serves to punish the offender but can also deter others from participating in similar crimes.

Since the terrorist attacks of September 11, 2001, the Federal Bureau of Investigation (FBI) has no longer been able to devote the same level of resources to financial institution fraud cases. U.S. Attorneys’ Offices and FBI Offices throughout the country are increasingly relying on the FDIC OIG to handle such cases. The OIG is also receiving more referrals of financial institution fraud matters from DSC. Our criminal investigations can also be of benefit to the FDIC in pursuing enforcement actions to prohibit offenders from continued participation in the banking system. The mutually beneficial working relationships we have established with others in the FDIC have reaped valuable benefits.

When investigating instances of financial institution fraud, the OIG also defends the vitality of the FDIC’s examination program by investigating associated allegations or instances of criminal obstruction of bank examinations and by working with U.S. Attorneys’ Offices to bring these cases to justice.

The OIG’s investigations of financial institution fraud currently constitute approximately 80 percent of the OIG’s investigation caseload. The OIG is also committed to continuing its involvement in interagency forums addressing fraud. Such groups include national and regional bank fraud, check fraud, mortgage fraud, cyberfraud, identity theft, and anti-phishing working groups. Additionally, the OIG engages in industry outreach efforts to keep financial institutions informed on fraud-related issues and to educate bankers on the role of the OIG in combating financial institution fraud.

Under the Bank Secrecy Act (BSA), banks must file a Currency Transaction Report (CTR) with the Treasury Department for each transaction over $10,000 or multiple cash transactions by any individual in one business day or over the period of a day aggregating over $10,000. The BSA also requires banks to file Suspicious Activity Reports (SARs) when suspected money laundering or BSA violations occur. Although the Department of the Treasury has overall authority for BSA enforcement and compliance, the Financial Crimes Enforcement Network (FinCEN), created in 1990, has delegated authority to administer the BSA. FinCEN maintains automated systems from which DSC examiners can download information on CTRs and SARs filed by FDIC-supervised institutions. The filing and use of SARs and CTRs has been the subject of significant regulatory, congressional, and banking community interest. Our establishment of a data base of SARs has augmented our capability to coordinate with the Corporation and search and sort data from FinCEN and assist OIG investigations and DSC enforcement actions. In the upcoming year, we will continue to refine our SAR database to maximize its usefulness to support investigations and FDIC enforcement activities.

The OIG’s role under this strategic goal is conducting audits and evaluations that review the effectiveness of various FDIC programs and examination processes aimed at providing continued stability to the nation’s banks. Areas of focus for 2008 include the CAMELS ratings process, examiner assessment of interest rate risk, aspects of non-traditional mortgage products, and FDIC activiites addressing liquidity risks. Another major means of achieving this goal will be through investigations of fraud at FDIC-supervised institutions; fraud by bank officers, directors, or other insiders; fraud leading to the failure of an institution; fraud impacting multiple institutions; and fraud involving monetary losses that could significantly impact the institution.

2008 Performance Goals: To assist the FDIC to ensure the nation’s banks operate safely and soundly, the OIG will

• Help ensure the effectiveness and efficiency of the FDIC’s supervision program, and
• Investigate and assist in prosecuting BSA violations, money laundering, terrorist financing, fraud, and other financial crimes in FDIC-insured institutions.

Ongoing audit and evaluation key efforts related to this strategic goal that will carry over to FY 2008 include the following:

• The FDIC’s Assessment of Commercial Real Estate Concentration Risk
• DSC’s Examination Assessment of Interest Rate Risk
• FDIC Oversight of Subprime Credit Card Lending
• FDIC’s Implementation of the USA PATRIOT Act
• Examination Procedures for Assessing Controls to Protect Customer and Consumer Information at Multiregional Data Processing Servicers

Go to Table of Contents

Federal deposit insurance remains a fundamental part of the FDIC’s commitment to maintain stability and public confidence in the Nation’s financial system. A priority for the FDIC is to ensure that the Deposit Insurance Fund remains viable to protect depositors in the event of an institution’s failure. To maintain sufficient DIF balances, the FDIC collects risk-based insurance premiums from insured institutions and invests deposit insurance funds.

The FDIC, in cooperation with the other primary federal regulators, proactively identifies and evaluates the risk and financial condition of every insured depository institution. The FDIC also identifies broader economic and financial risk factors that affect all insured institutions. The FDIC is committed to providing accurate and timely bank data related to the financial condition of the banking industry. Industry-wide trends and risks are communicated to the financial industry, its supervisors, and policymakers through a variety of regularly produced publications and ad hoc reports. Risk-management activities include approving the entry of new institutions into the deposit insurance system, off-site risk analysis, assessment of risk-based premiums, and special insurance examinations and enforcement actions. In light of increasing globalization and the interdependence of financial and economic systems, the FDIC also supports the development and maintenance of effective deposit insurance and banking systems world-wide.

Primary responsibility for identifying and managing risks to the Deposit Insurance Fund lies with the FDIC’s Division of Insurance and Research, DSC, and DRR. To help integrate the risk management process, the FDIC established the National Risk Committee (NRC), a cross-divisional body. Also, a Risk Analysis Center monitors emerging risks and recommends responses to the NRC. In addition, a Financial Risk Committee focuses on how risks impact the Deposit Insurance Fund and financial reporting.

The consolidation of the banking industry has resulted in fewer and fewer financial institutions controlling an ever expanding percentage of the Nation’s financial assets. While over 90 percent of U.S. banks and thrifts are small community-based institutions, the 25 largest banking organizations hold about 71 percent of the industry’s assets. The FDIC is the primary federal regulator for none of these large financial institutions. In recent years, the FDIC has taken a number of measures to strengthen its oversight of the risks to the insurance fund posed by the largest institutions, and its key programs include the following:

• Large Insured Depository Institution Program,
• Dedicated Examiner Program,
• Shared National Credit Program, and
• Off-site monitoring systems.

During 2007, the OIG conducted audits of both the Dedicated Examiner Program and the Shared National Credit Program and reported positive findings on both.

The Congress enacted deposit insurance reform in early 2006 that gives the FDIC more discretion in managing the DIF and allows the Corporation to better price deposit insurance based on risk. In October 2006, the Board of Directors approved a final rule to implement a one-time assessment credit to banks and thrifts. The credit is being used to offset future assessments charged by the FDIC and recognizes contributions that certain institutions made to capitalize the funds during the first half of the 1990s. In November 2006, the Board also adopted a final rule on the pricing structure and approved a more risk-sensitive framework for the 95 percent of insured institutions that are well-capitalized and well managed.

The OIG’s audit work for 2008 envisions an audit of the Corporation’s investment management practices related to the Deposit Insurance Fund, a review of the Corporation’s off-site monitoring activities, and an audit addressing the FDIC’s receipt of savings association subsidiary notices. We will also evaluate an important aspect of deposit insurance reform implementation, specifically, invoicing and collecting deposit insurance assessments.

We would note that investigative activity described in Goal 1 also fully supports the strategic goal of helping to maintain the viability of the DIF. The OIG’s efforts often lead to successful prosecutions of fraud in financial institutions, and/or fraud that can cause losses to the fund.

2008 Performance Goals: To help the FDIC maintain the viability of the deposit insurance fund, the OIG will

• Evaluate corporate programs to identify and manage risks that can cause losses to the fund.
• Evaluate selected aspects of implementation of deposit insurance reform.

Go to Table of Contents

Consumer protection laws are important safety nets for Americans. The U.S. Congress has long advocated particular protections for consumers in relationships with banks. For example:

• The Community Reinvestment Act (CRA) encourages federally insured banks to meet the credit needs of their entire community.
• The Equal Credit Opportunity Act prohibits creditor practices that discriminate based on race, color, religion, national origin, sex, marital status, or age.
• The Home Mortgage Disclosure Act was enacted to provide information to the public and federal regulators regarding how depository institutions are fulfilling their obligations towards community housing needs.
• The Fair Housing Act prohibits discrimination based on race, color, religion, national origin, sex, familial status, and handicap in residential real-estate-related transactions.
• The Gramm-Leach-Bliley Act eliminated barriers preventing the affiliations of banks with securities firms and insurance companies and mandates new privacy rules.
• The Truth in Lending Act requires meaningful disclosure of credit and leasing terms.
• The Fair and Accurate Credit Transaction Act further strengthened the country’s national credit reporting system and assists financial institutions and consumers in the fight against identity theft.

The FDIC serves a number of key roles in the financial system and among the most important is the FDIC’s work in ensuring that banks serve their communities and treat consumers fairly. The FDIC carries out its role by providing consumers with access to information about their rights and disclosures that are required by federal laws and regulations and examining the banks where the FDIC is the primary federal regulator to determine the institutions’ compliance with laws and regulations governing consumer protection, fair lending, and community investment. As of September 30, 2007, the Corporation had conducted 1,347 compliance and Community Reinvestment Act examinations during 2007.

The FDIC’s Consumer Response Center is responsible for investigating consumer complaints about FDIC-supervised institutions and responding to consumer inquiries about consumer laws and regulations and banking practices.

As the FDIC Chairman pointed out in September 2007 testimony before the House Committee on Financial Services, recent events in the credit and mortgage markets present regulators, policymakers, and the financial services industry with serious challenges. In that testimony, the Chairman committed to working with the Congress and others to ensure that the banking system remains sound and that the broader financial system is positioned to meet the credit needs of the economy, especially the needs of creditworthy households that may experience distress. Another important FDIC initiative and a priority for the FDIC Chairman is promoting expanded opportunities for the underserved banking population in the United States to enter and better understand the financial mainstream.

On June 29, 2007, the federal bank, thrift, and credit union regulatory agencies issued the Statement on Subprime Mortgage Lending to address issues relating to certain adjustable-rate mortgage products that can result in payment shock. The statement describes prudent safety and soundness and consumer protection standards that institutions should follow to ensure borrowers obtain loans they can afford to repay. The agencies also published illustrations of consumer information designed to help institutions implement the consumer protection portion of the Interagency Guidance on Nontraditional Mortgage Product Risks. The illustrations should help consumers better understand nontraditional mortgage products and associated payment options.

Consumers today are also concerned about data security and financial privacy. Banks are increasingly using third-party servicers to provide support for core information and transaction processing functions. Of note, the increasing globalization and cost saving benefits of the financial services industry are leading many banks to make greater use of foreign-based service providers. Although generally permissible, this outsourcing practice raises certain risks. The obligations of a financial institution to protect the privacy and security of information about its customers under applicable U.S. laws and regulations remain in full effect when the institution transfers the information to either a domestic or foreign-based service provider.

Every year fraud schemes rob depositors and financial institutions of millions of dollars. The OIG’s OI can identify, target, disrupt, and dismantle criminal organizations and individual operations engaged in fraud schemes that target our financial institutions or that prey on the banking public. OIG investigations have identified multiple schemes that defraud depositors. Common schemes range from identity fraud to Internet scams such as “phishing” and “pharming.”

The misuse of the FDIC’s name and/or logo has also been identified as a scheme to defraud depositors. Such misrepresentations have led depositors to invest on the strength of FDIC insurance while misleading them as to the true nature of the investment products being offered. These depositors, who are often elderly and dependent on insured savings, have lost millions of dollars in the schemes. Further, abuses of this nature may erode public confidence in federal deposit insurance.

Investigative work related to such fraudulent schemes is ongoing and will continue. With the help of sophisticated technology, the OIG’s Electronic Crimes Unit (ECU) will continue to work with FDIC divisions and other federal agencies to help with the detection of new fraud patterns and combat existing fraud. Coordinating closely with the Corporation’s DRR and the various U.S. Attorneys’ Offices, the OIG will help to sustain public confidence in federal deposit insurance and goodwill within financial institutions

The OIG’s role under this strategic goal is conducting audits, evaluations, and investigations to review the effectiveness of various FDIC programs aimed at protecting consumer rights and ensuring customer data security and privacy. We have several audits ongoing or planned to address various aspects of mortgage lending and institutions’ consumer credit underwriting practices. We also plan evaluation coverage of the Consumer Response Center and will continue to conduct investigations of fraudulent schemes that target financial institutions and the public.

2008 Performance Goals: To assist the FDIC to protect consumer rights and ensure customer data security and privacy, the OIG will

• Contribute to the effectiveness of the Corporation’s efforts to ensure compliance with consumer protections at FDIC-supervised institutions.
• Conduct investigations of fraudulent representations of the FDIC affiliation or insurance that negatively impact public confidence in the banking system.

Ongoing audit and evaluation key efforts related to this strategic goal that will carry over to FY 2008 include the following:

• Implementation of the FDIC’s Supervisory Guidance for Nontraditional Mortgage Products

Go to Table of Contents

The United States provides protection to depositors in its banks, savings and loan associations, and credit unions. The FDIC plays a key role in this regard. Among its various functions, the FDIC seeks the least costly resolution strategy and acts as the receiver or liquidating agent for failed FDIC-insured institutions. The success of the FDIC’s efforts in resolving troubled institutions has a direct impact on the banking industry and on the taxpayers.

DRR exists to plan and efficiently handle the resolutions of failing FDIC-insured institutions and to provide prompt, responsive, and efficient administration of failing and failed financial institutions in order to maintain confidence and stability in our financial system.

• The resolution process involves valuing a failing federally insured depository institution, marketing it, soliciting and accepting bids for the sale of the institution, determining which bid to accept, and working with the acquiring institution through the closing process.
• The receivership process involves performing the closing function at the failed bank; liquidating any remaining assets; and distributing any proceeds to the FDIC, the bank customers, general creditors, and those with approved claims.

The FDIC’s resolution and receivership activities pose tremendous challenges. Today record profitability and capital in the banking industry have led to a substantial decrease in the number of financial institution failures compared to prior years. However, as indicated by the trends in mergers and acquisitions, banks are becoming more complex, and the industry is consolidating into larger organizations. As a result, the FDIC could potentially have to handle a failing institution with a significantly larger number of insured deposits than it has had to deal with in the past.

Although there have been far fewer failures in recent years, DRR must be ready to resolve troubled institutions and is, in fact, continuing to focus on its ability to resolve institutions of any size. According to FDIC analysis, the failures of the 1980s and early 1990s were concentrated in the energy, agriculture, and commercial real estate sectors. In contrast, more recent bank failures are largely attributable to fraud, mismanagement, improper accounting and reporting practicies, and losses related to investments in sub-prime lending.

The change between how the FDIC handled resolutions and receiverships 20 years ago and how it will be handling them 20 years from now will be largely based on learning to anticipate and plan, instead of reacting. Through the development of new resolution strategies within the various DRR business lines, the FDIC must set far-reaching plans for the future to keep pace with a changing industry. DRR has developed models to train FDIC staff and prepare for differing circumstances. One major corporate initiative was the Corporation’s 2007 Strategic Readiness Project. The purpose of the project was to create a simulation that would stress the decision-making associated with a large bank failure, enhance the FDIC’s ability to determine an effective resolution strategy, advance knowledge of the process, and identify lessons learned. The OIG monitored the simulation, and insights gained have helped in planning work for this goal area in 2008.

From an investigative standpoint, the OIG coordinates closely with DRR, with special attention to various types of financial institution fraud and related crimes, including concealment of assets. In many instances, the individuals do not have the means to pay. However, a few individuals do have the means to pay but hide their assets and/or lie about their ability to pay. OI works closely with DRR and the Legal Division in aggressively pursing criminal investigations of these individuals. In the case of bank closings where fraud is suspected, OI is prepared to send case agents and computer forensic special agents from the ECU to the institution. Agents use different investigative tools to provide computer forensic support to OI’s investigations by obtaining, preserving, and later examining evidence from computers at the bank.

The OIG’s role under this strategic goal is conducting audits and evaluations that assess the effectiveness of the FDIC’s various programs designed to ensure that the FDIC is ready to and does respond promptly, efficiently, and effectively to financial institution closings. For 2008, we have two evaluations planned related to potential bank failures. One will evaluate the Corporation’s approach to contingency contracts to assist in resolution activities. The other will look more closely at the FDIC’s planning and preparation for challenges associated with closing a large bank.

The OIG itself will be looking at its own protocols for responding in the event of a large bank or multiple bank failures. Additionally, the OIG’s investigative authorities will be used to pursue instances where fraud has contributed to the bank failure or where fraud is committed to avoid paying the FDIC civil settlements, court-ordered restitution, and other payments as the institution receiver. The OIG will also continue to work with FDIC officials to keep current with ongoing efforts of DRR and the Corporation as a whole, to sustain proficiency in resolution activity and to prepare for the possibility of a large institution failure or multiple failures caused by a single catastrophic event.

2008 Performance Goals: To help ensure the FDIC is ready to resolve failed banks and effectively manages receiverships, the OIG will:

• Evaluate the FDIC’s plans and systems for managing bank resolutions.
• Investigate crimes involved in or contributing to the failure of financial institutions or which lessen or otherwise affect recoveries by the Deposit Insurance Fund, involving restitution or otherwise.

Go to Table of Contents

The FDIC must effectively manage and utilize a number of critical strategic resources in order to carry out its mission successfully, particularly its human, financial, IT, and physical resources.

Human Capital Resources: In the aftermath of corporate downsizing, and in light of a growing number of employees with retirement eligibility, the FDIC was faced with significant human capital challenges. The FDIC established a new human capital framework and strategy to guide its planned evolution toward a more flexible permanent workforce that will be capable of responding rapidly to significant changes in the financial services industry or unexpected changes in workload or priorities. The implementation of the Corporate Employee Program, (CEP) the Succession Management Program, and the Leadership Development Program are initiatives to that end. To cross-train employees and build a more diverse and ready workforce, the FDIC also created the Professional Learning Account (PLA) program in 2007 to allocate time and money for each qualified employee to manage, in partnership with the employee’s supervisor, the employee’s learning goals. OIG work planned for 2008 includes an evaluation of the CEP program.

With corporate downsizing has come, in many instances, increased reliance on contracted services and potential increased exposure to risk if contracts are not managed properly. Processes and related controls for identifying needed goods and services, acquiring them, and monitoring contractors after contract award must be in place and work effectively. As a good steward, the FDIC must ensure it receives the goods and services purchased with corporate funds. Further, the FDIC must have mechanisms in place to periodically evaluate the continuing need for contracts and determine whether there are corporate contracts that can be eliminated. During 2007, the OIG conducted several evaluations in the contracting area. In one, we evaluated the Corporation’s process for issuing task orders under a $554.8 million IT application basic services ordering agreement. In another, we assessed contract administration. In 2008, our focus will include performance-based contracting and FDIC benefits contracts. We will also audit the Corporation’s oversight of a significant infrastructure services contract.

The achievement of the FDIC’s mission, in large part, depends upon employees and contractors who uphold values of integrity, honesty, and a commitment to maintain the public’s trust and confidence in the Corporation. In order to promote a working environment that embraces such values, there must be means in which misconduct is identified and handled appropriately. To foster a working environment of high integrity, it is also critical that employees and contractors receive ethics and conduct training. As a means of ensuring employee integrity, the OIG investigates allegations of serious crimes, misconduct, or ethical violations on the part of FDIC employees. The OIG also maintains a Hotline to field such concerns from others.

Financial Resources: The Corporation does not receive an annual appropriation, except for its OIG, but rather is funded by the premiums that banks and thrift institutions pay for deposit insurance coverage, the sale of assets recovered from failed banks and thrifts, and from earnings on investments in U.S. Treasury securities.

The FDIC Board of Directors approves an annual Corporate Operating Budget to fund the operations of the Corporation. The operating budget provides resources for the operations of the Corporation’s three major programs or business lines—Insurance, Supervision, and Receivership Management—as well as its major program support functions (legal, administrative, financial, IT, etc.). Program support costs are allocated to the three business lines so that the fully loaded costs of each business line are displayed in the operating budget approved by the Board.

In addition to the Corporate Operating Budget, the FDIC has a separate Investment Budget that is composed of individual project budgets approved by the Board of Directors for major investment projects. Budgets for investment projects are approved on a multi-year basis, and funds for an approved project may be carried over from year to year until the project is completed. A number of the Corporation’s more costly IT projects are approved as part of the investment budget process.

Expenditures from the Corporate Operating and Investment Budgets are paid from two funds managed by the FDIC—the Deposit Insurance Fund and the FSLIC Resolution Fund. The Board approved a $1.14 billion operating budget for 2008.

IT Resources: At the FDIC, the Corporation seeks to leverage IT to support its business goals in insurance, supervision and consumer protection, and receivership management, and to improve the operational efficiency of its business processes. Along with the positive benefits that IT offers comes a certain degree of risk. In that regard, information security has been a long-standing and widely acknowledged concern among federal agencies. The E Government Act of 2002 recognized the importance of information security. Title III of the E Government Act, entitled the Federal Information Security Management Act (FISMA), requires each agency to develop, document, and implement an agency-wide information security program to provide adequate security for the information and information systems that support the operations and assets of the agency. Section 522 of the Consolidated Appropriations Act of 2005 requires agencies to establish and implement comprehensive privacy and data protection procedures and have an independent third-party review performed of their privacy programs and practices. The OIG has performed yearly evaluations of the Corporation’s information security and privacy programs and will do so again in 2008. We will also conduct a Section 522 review during the upcoming year.

Improving project management is another ongoing business concern. In 2005, the Division of Information Technology (DIT) Program Management Office was established as a resource center for clients, executives, project managers, and project team members engaged in the operations and oversight of IT projects. DIT initiated a Program Management Office to establish standard, repeatable project management practices and improve the results of IT project management activities. Successful project management is highly dependent upon keeping decision-makers fully informed of the cost and status of projects. The OIG has a number of audit and evaluation projects planned in 2008 to promote the best and most secure use of IT at the FDIC. These include an evaluation of the controls related to upgrading and migrating the New Financial Environment (NFE) to a UNIX operating environment, and an evaluation of the use and management of Commercial off-the-Shelf software.

Physical Resources: The FDIC employs approximately 4,500 people. It is headquartered in Washington, D.C., but conducts much of its business in six regional offices and in field offices throughout the United States. Ensuring the safety and security of the human and physical resources in those offices is a fundamental corporate responsibility that is directly tied to the Corporation’s successful accomplishment of its mission.

Corporate Governance and Risk Management: To provide assurance that the FDIC is achieving its strategic goals and objectives, there must be gauges that track and measure the Corporation’s performance of its operations, activities, and initiatives. Furthermore, these gauges must be aligned with the Corporation’s strategic goals and objectives and be useful to FDIC management and stakeholders.

Revised OMB Circular A-123, which became effective for fiscal year 2006, requires a strengthened process for conducting management’s assessment of the effectiveness of internal control over financial reporting. The circular also emphasizes the need for agencies to integrate and coordinate internal control assessments with other internal control-related activities and ensure that an appropriate balance exists between the strength of controls and the relative risk associated with particular programs and operations. During 2007, the OIG conducted a comprehensive evaluation of the FDIC’s enterprise risk management program in the interest of ensuring an effective and efficient approach to identifying and managing risks that could threaten the Corporation’s success.

2008 Performance Goals: To promote sound governance and effective stewardship and security of human, financial, IT, and physical resources, the OIG will

• Evaluate corporate efforts to manage human resources and operations efficiently, effectively, and economically.
• Promote integrity in FDIC internal operations.
• Promote alignment of IT with the FDIC’s business goals and objectives.
• Promote IT security measures that ensure the confidentiality, integrity, and availability of corporate information.
• Promote personnel and physical security.
• Promote sound corporate governance and effective risk management and internal control efforts.