The Federal Deposit Insurance Corporation (FDIC) and the Division of Supervision and Consumer Protection (DSC) appreciate the opportunity to respond to the Office of Inspector General's (OIG) draft audit entitled FDIC's Supervision of Financial Institutions' OFAC Compliance Programs. The objective of this audit was to determine whether DSC provides effective supervision of FDIC-supervised institutions' compliance with Office of Foreign Assets Control (OFAC) regulations. We are pleased that you found that our examiners are following interagency guidelines in assessing appropriate controls within the financial institutions that we supervise. Further, you acknowledge the many steps that the FDIC has taken to address institutions' OFAC compliance, such as `participating in developing and issuing interagency guidance for examiners and banking organizations, providing industry notifications on updates to OFAC's SDN list; conducting OFAC-related training and outreach activities for examiners and the banking industry; issuing cease and desist orders that included OFAC-related provisions; and signing an interagency Memorandum of Understanding, which governs information-sharing between the Federal Banking Agencies and OFAC.'
We are strongly committed to our role in ensuring that depository institutions have reasonable programs to comply with all applicable economic and trade sanctions which are both administered and enforced by OFAC. To this end, we will continue to devote appropriate resources and efforts to ensure that depository institutions fully understand our OFAC compliance expectations and promptly correct any problems with their programs.
OIG Recommendations:
- Implement a process to monitor and track OFAC sanctions violations, deficient OFAC compliance programs, and OFA C-related enforcement actions to assist in monitoring OFA C compliance.
DSC Response
DSC concurs with this recommendation. While the number of OFAC sanctions violations (0.002% of FDIC-supervised institutions) and deficient OFAC compliance programs is relatively low, effective November 2006 DSC has implemented a centralized process to track violations of OFAC sanctions and institutions with compliance program deficiencies. Records for all enforcement actions, including those with OFAC provisions, are stored in ViSION's Formal and Informal Actions Tracking module. The completed action addresses this recommendation.
- Issue examination guidance to clarify the nature and extent of documentation expected for OFAC examination coverage, including documentation related to the planned scope of OFAC compliance coverage, OFAC actions related to the institution, the completion of core examination procedures, examination results and conclusions, and the effectiveness of the institution's interdiction system.
DSC Response
DSC agrees to review our examination guidance for opportunities to provide additional clarification. We will review existing guidance and, where necessary issue revised guidance or reminders to examiners by September 30, 2007.
DSC previously complied with part of this recommendation by issuing examination guidelines for: (a) OFAC examination coverage, including documentation related to the planned scope of OFAC compliance coverage; and (b) actions related to the institution. On July 28, 2006, DSC issued Regional Director Memorandum 2006-22 entitled "Revised Bank Secrecy Act/Anti-Money Laundering Examination Manual." This guidance states that "examiners should continue to review the bank's OFAC risk assessment and audit (if these have been performed) to appropriately scope the OFAC compliance review." Additionally, on December 9, 2005, DSC issued Regional Director Memorandum 2005-045, "Formal and Informal Actions Procedures Manual," which provides information on administrative procedures related to formal and informal corrective actions and is intended to support the work of Field, Regional, and Washington Office staff involved in processing and monitoring enforcement actions.
- Issue examination guidance on including the scope of work performed and conclusions on OFAC compliance in reports of examination.
DSC Response
DSC agrees with the intent of this recommendation. We have evaluated the recommendation and we have concluded that current guidance fulfills this recommendation. Therefore, no further action is needed.
DSC has issued the following examination guidance to date: On July 28, 2006, DSC issued Regional Director Memorandum 2006-22 entitled "Revised Bank Secrecy Act/Anti-Money Laundering Examination Manual." This guidance states that "examiners should continue to review the bank's OFAC risk assessment and audit to appropriately scope the OFAC compliance review. "Examiners are expected to include relevant OFAC examination results and conclusions when an institution has an inadequate OFAC program and/or inadequate OFAC interdiction system.
- Issue examination guidance to ensure that OFAC concerns at financial institutions are clearly identified apart from BSA-related observations for monitoring and tracking purposes.
DSC Response
DSC agrees with the intent of this recommendation. As stated in the response to recommendation 1, DSC implemented a centralized system to track violations of OFAC sanctions and institutions with compliance program deficiencies. In conjunction with our response to recommendation 2, we will review existing guidance and, as necessary issue revised guidance or reminders to examiners by September 30, 2007.
