Flag Image FDIC Seal

Office of Inspector General
Semiannual Report
to the Congress

April 1, 2002 - September 30, 2002

OIG Mission

The Office of Inspector General Promotes the economy, efficiency, and effectiveness of FDIC programs and operations, and protects against fraud, waste, and abuse, to assist and augment the FDIC's contribution to the stability of, and public confidence in, the nation's financial system.

Strategic Goals

Value and impact

OIG products will add vaule by achieving significant impact related to addressing issues of importance to the Chairman, the Congress, and the public.
Communication and Outreach

Communication between the OIG and the Chairman, the Congress, and other stakeholders will be effective.
Human Capital

The OIG will align its human resources to support the OIG mission.

The OIG will effectively manage its resources.

Inspector General's Statement

In looking back at the reporting period, three priority issues come to mind, each deserving serious consideration:
  • Corporate Downsizing,
  • Human Capital, and
  • Information Security.

The past 6 months at the Federal Deposit Insurance Corporation (FDIC) have been marked by dramatic corporate downsizing, streamlining, and restructuring as the Corporation continues to reinvent itself under the leadership of Chairman Donald Powell. The Corporation's overall streamlining efforts included merging four divisions into two, an action that is estimated to save nearly 300 positions and $35 million per year. The streamlining is also intended to increase operational efficiencies and empower employees through the delegation of increased authority and responsibility to lower levels within the organization. As part of overall savings, the Corporation's approved field management restructuring plan is estimated to save $23.5 million over 5 years. As of September 30, 2002 its 2002 buyout/retirement incentive program had achieved a reduction of 699 staff and $80 million projected savings in future operating costs. Additional staff departures are anticipated in 2003. Looking ahead, the Corporation anticipates a staffing level of approximately 5,380 by December 31, 2006. Current staff totals 5,500. In light of so many fundamental changes, each with ramifications to thousands of FDIC employees and the work they carry out in pursuit of the FDIC mission, some key questions must be asked.

Is the Corporation placing sufficient emphasis on human capital concerns? Is it developing an integrated human capital framework that evidences leadership commitment to human capital management; strategic human capital planning; acquiring, developing, and retaining talent; and a results-oriented organizational culture-all cornerstones of human capital management according to the U.S. General Accounting Office (GAO)?

While there are positive signs that human capital activities are indeed ongoing throughout the Corporation, I urge increased attention to this issue given the Corporation's current state of flux. As we discuss later in this semiannual report, the strategies that the Corporation is currently pursuing will be most effective if they are centralized, focused, and sustained. The Corporation's Human Resources Committee and the recruitment of a human capital professional as Associate Director of the Human Resources Branch of the Division of Administration are steps in the right direction towards achieving this goal.

The Office of Inspector General (OIG) will continue to emphasize this view in the months ahead and offer assistance to the Corporation as it builds on the cornerstones discussed above. The OIG must lead by example, and we are in the process of doing so. The OIG's participation in the FDIC's early retirement and buyout program and other attrition will result in the separation of 54 employees, or 25 percent of our April 2002 staff level. We also closed our San Francisco office during the reporting period. We understand the need to effectively manage the corresponding changes in our organization and processes. We also recognize the impact of organizational upheaval on the individuals comprising our current workforce. Mindful of this, during the reporting period we issued the final version of our Human Capital Strategic Plan. I fully support this plan. It incorporates input received from OIG staff, the GAO, and another OIG. Workforce analysis; competency investments; leadership development; and a results-oriented, high-performance culture are at its core. We are currently developing a technical knowledge inventory tool and will be working to develop key competencies for our occupational series to align our recruiting, training, and professional development efforts with the OIG mission.

Turning now to the issue of Information Security. Information, much of which is sensitive, is a critical corporate resource that must be protected. Information and analysis on banking, financial services, and the economy form the basis for the development of public policies and promote public understanding of and confidence in the nation's financial system. Sound information resources management is essential to the successful accomplishment of the FDIC's mission, goals, and objectives. Based on our work this year related to the Government Information Security Reform Act (GISRA), we concluded that the Corporation had established and implemented management controls that provided limited assurance of adequate security over its information resources.

The FDIC had made progress in addressing a number of security problems identified in our 2001 report. For example, it enhanced its risk management program, developed a security awareness program, improved security controls in the mainframe environment, and strengthened its disaster recovery and business continuity planning and incident response tracking and reporting. However, we concluded that in 3 of 10 key management control areas evaluated, (Contractor Security, Capital Planning and Investment Control, and Performance Measurement), the FDIC had no assurance that adequate security had been achieved. In a fourth area-Security Act Responsibilities and Authorities-we highlighted opportunities for the FDIC to strengthen the accountability and authority of one of its most important leadership positions related to information security-the Chief Information Officer (CIO). We provided Chairman Powell a list of 10 actions in priority order to address the concerns we identified in our review. Chief among those, we advocated appointing a permanent CIO, ensuring that the CIO reports directly and solely to the Chairman, and filling key vacancies in the Division of Information Resources Management that support information security initiatives and operations.

For its part, as referenced later in our semiannual report, during the reporting period, in addition to our GISRA-related work, the OIG participated in a number of meetings and exchanges governmentwide to tackle information security issues. The OIG has also focused attention on information security matters in its internal operations. In keeping with the security program being implemented throughout the Corporation, we named an information security officer, formed an advisory committee with representatives from each OIG component, published "e-security tips" for OIG staff, drafted new security-related policies, and identified priority information security areas for future focus. We will continue to devote attention to these issues internally and will also work closely with the Corporation to further its efforts to implement a comprehensive information security program that provides reasonable assurance of adequate security for its information resources.

And finally, I am again compelled to address an unresolved matter related to the FDIC's organizational leadership. In past semiannual report statements I have voiced concern that the Corporation has been operating with key vacancies on its Board of Directors, a condition that I believe is to the Board's detriment and that fails to ensure the independence of the FDIC. First, the position of Vice Chairman has been vacant since January 2001. On October 3, 2002, the Senate Banking Committee held confirmation hearings regarding the nomination of Director John Reich to be Vice Chairman of the FDIC. As of the date of this statement, he had not yet been confirmed.*

Second, I am concerned not only that Director Reich is awaiting confirmation as Vice Chairman, but also that a vacancy exists on the Board because one of the three FDIC Director positions has remained unfilled since September 1998. While several names have been sent forward for consideration, no definitive action has taken place to select a third FDIC Board Member. Given the make-up of the five-member Board, comprised of the Chairman of the FDIC, two FDIC Directors, the Comptroller of the Currency, and the Director of the Office of Thrift Supervision, the OIG's position is that the balance between various interests implicit in the Board's structure is preserved only when all Board positions are filled. Thus, I reiterate my position that it is critical-especially at this juncture in the FDIC's history, that a full Board be in place to provide the Corporation the strong, sustained leadership needed to meet the Corporation's many challenges.

The FDIC Chairman himself has recently offered a daunting challenge to the entire regulatory community, a challenge that will likely warrant FDIC Board attention and input. Speaking recently about the future of regulatory agencies, the Chairman noted:

"We've seen amazing dynamism and innovation in banking over the last 20 years. Yet we keep in place a regulatory system rooted in an era that is truly gone with the wind…Despite the convergence, efficiencies, and economies of scale achieved by the industry, the regulatory community is still mired in a confusing web of competing jurisdictions, overlapping responsibilities, and cumbersome procedures. I know we can do better."

The Chairman's proposed overhaul of financial services regulation would put in place three federal regulators. These entities would oversee the banking industry, the securities industry, and those companies that choose an optional federal insurance charter. In line with his proposed revamping of the regulatory agencies, the Chairman announced that the FDIC would be conducting a major study over the next year on the future of banking in America. He has invited a number of parties to join the FDIC in developing a new and better structure for a new financial age. The FDIC Board could have a significant role to play in the debate that the Chairman has launched. Only with a full complement of Members can the Board provide maximum input to that debate and fully carry out its corporate governance responsibilities.

Of additional note with respect to the FDIC's leadership, the Corporation named Steven O. App as its new Chief Financial Officer during the reporting period. Mr. App formerly served as the Deputy Chief Financial Officer at the Department of the Treasury. The OIG looks forward to continuing to work with him to address issues of mutual interest. Similarly, the OIG has appointed new senior leadership since our last semiannual report. Patricia Black, former Counsel to the Inspector General is now Deputy Inspector General, and Fred Gibson, who has been serving as Acting Counsel, was recently named Counsel to the Inspector General. Pat and Fred are eminently qualified to assume these new responsibilities. I am counting on their assistance and sound legal advice and counsel as I continue to lead our organization and serve the FDIC at this critical time in its history.

Gaston L. Gianni, Jr (FDIC Inspector General)
Gaston L. Gianni, Jr.
Inspector General
October 31, 2002

Table of Contents

Inspector General's Statement2
Major Issues11
OIG Organization45
Reporting Terms and Requirements2
Appendix I: Statistical Information Required by the Inspector General Act of 1978, as amended 56
Abbreviations and Acronyms64
Table 1: Significant OIG Achievements50
Table 2: Nonmonetary Recommendations50
Figure 1: Products and Investigations Closed53
Figure 2: Questioned Costs/Funds Put to Better Use53
Figure 3: Fines, Restitution, and Monetary Recoveries Resulting from OIG Investigations 53


This section of our report focuses on key challenges confronting the FDIC as it works to accomplish its mission. In the OIG's view, these major issues fall into two broad categories. First, the Corporation faces challenges related to its core mission of contributing to the stability and public confidence in the nation's financial system by insuring deposits, examining and supervising financial institutions, and managing receiverships. Such challenges sometimes involve significant policy decisions and are often influenced by external factors such as industry events, economic trends, activities of other federal banking regulators, consumer concerns, and congressional interest. Second, a number of important operational matters require the Corporation's attention as its workforce actually carries out the corporate mission. These issues touch on, for example, information technology (IT) resources and security, contracting activities, human capital concerns, cost efficiencies, performance measurement and accountability, and physical security.

In our prior semiannual report, we identified a new emerging issue-that of the Quality of Bank Financial Reporting and Auditing. This emerging risk potentially affects the FDIC in its role as regulator, receiver, and insurer. We update the OIG's and the Corporation's efforts to address this issue in this semiannual report.

With respect to the major issues relating to the Corporation's core mission, the FDIC must address risks to the insurance funds in a complex global banking environment that continues to experience change and offer expanded services. At the same time, the Corporation is charged with effectively supervising financial institutions and carefully protecting consumers' rights. A Board of Directors operating at full strength is essential to lead the Corporation as it faces such challenges. Without a full Board, the Corporation's independence cannot be guaranteed. As the Corporation moves forward, deposit insurance reforms will continue to be debated and deliberated by the banking industry and the Congress. One aspect of such reform involves the possible merger of the Bank Insurance Fund and the Savings Association Insurance Fund, an action that the OIG supports.

Turning attention to the Corporation's more "operational" demands, the use of IT at the FDIC is crosscutting and absolutely essential to the Corporation's accomplishment of its mission. IT must be effectively and efficiently used to achieve program results corporate-wide. The Corporation must also continue to develop an enterprise architecture process to manage technology, applications, and technical infrastructure for the Corporation. It also needs to follow sound system development procedures and comply with IT principles espoused by legislation and regulation. A critical priority is ensuring that effective controls are in place and implemented to ensure information system security, mitigate risks, and protect IT resources. Given the extent of the FDIC's contracting activities, strong controls and vigilant contractor oversight are also critical to the Corporation's success. Contracting must be done in a fair and cost-effective manner. The Corporation's contract oversight mechanisms must protect the FDIC's financial interests and help ensure that the FDIC is actually receiving the goods and services for which it is spending millions of dollars.

Major downsizing over the past years has impacted the FDIC workplace, and during the reporting period more occurred. In addition to losing staff, the Corporation has merged groups and streamlined its organizational structure. As a result of these activities, the Corporation has lost leadership and, in some cases, expertise and historical knowledge. The Corporation is taking steps to compensate for these resource losses and must build on ongoing initiatives to develop a comprehensive, integrated approach to human capital issues. It has established a Human Resources Committee and must continue to focus attention on human capital concerns in light of such significant recent organizational change and additional resource challenges to come.

In light of changes in the banking industry, advances in technology, and such dramatic shifts in staffing and skill levels, the Corporation has been closely scrutinizing its business processes and their associated costs in the interest of identifying operational efficiencies. Among other activities, its Supervision Process Redesign, New Financial Environment, focus on e-business, and plans to relocate many D.C.-based staff to Virginia Square in the future have generated ideas for such efficiencies and are positive steps.

Under the provisions of the Government Performance and Results Act with its emphasis on accountability, the Corporation establishes goals, measures performance, and reports on its accomplishments for all of these major issues and their corresponding challenges. With respect to a more recent concern, largely as a result of the events of September 11, 2001, one year ago we added the major issue of Ensuring Security of the FDIC's Physical and Human Resources to our list of management challenges. Our report discusses actions that the Corporation as taken to address these areas.

Our Major Issues section discusses the OIG's completed and ongoing/planned work to help the Corporation successfully confront these major issues and their associated challenges. We discuss areas where we identified opportunities for improvements and the recommendations we made in those areas. We identified potential monetary benefits of $2.1 million and made 73 nonmonetary recommendations during the reporting period. Our work targets all aspects of corporate operations and includes a number of proactive approaches and cooperative efforts with management to add value to the FDIC (see pages 11-32).


The operations and activities of the OIG's Office of Investigations are described beginning on page 33 of this report. As detailed in the Investigations section, the Office of Investigations is reporting fines, restitution, and recoveries totaling approximately $820 million. Cases leading to those results include investigations of bank fraud, theft of government funds, credit card fraud, and misrepresentations regarding FDIC insurance. Our report also highlights efforts of OIG agents who received the Attorney General's Award for Distinguished Service. Some of the investigations described reflect work we have undertaken in partnership with other law enforcement agencies and with the cooperation and assistance of a number of FDIC divisions and offices. To ensure continued success, the OIG will continue to work collaboratively with FDIC management, U.S. Attorneys' Offices, the Federal Bureau of Investigation, and a number of other law enforcement agencies (see pages 33-44).

OIG Organization

The OIG Organization section of our report highlights several key internal initiatives that we have actively pursued during the reporting period. The OIG's internal focus has been on realigning resources in light of significant downsizing of staff and planning for the challenges of the future. Our Human Capital Strategic Plan is an important driver of that activity. This section of our report also references some of the cooperative efforts we have engaged in with management during the reporting period. These include making presentations at corporate conferences and meetings and providing technical assistance to corporate management in determining whether FDIC policies ensure that accounting and auditing contractors comply with the U.S. General Accounting Office's new independence standards. We note the proposed or existing laws and regulations reviewed during the past 6 months, refer to litigation and other efforts of OIG Counsel, and also capture some of our other internal initiatives this reporting period. In keeping with our goal of measuring and monitoring our progress, we visually depict significant results over the past five reporting periods (see pages 45-53).


We list the Inspector General Act reporting requirements and define some key terms in this section. The appendixes also contain much of the statistical data required under the Act (see pages 56-63).


star The Office of Audits issues 22 reports containing total questioned costs of $556,535 and a memorandum identifying funds put to better use of $1.6 million.

star OIG reports include 73 nonmonetary recommendations to improve corporate operations and activities. Among these are recommendations to strengthen security over FDIC information systems, improve the effectiveness of the offsite review program, develop additional policy for and better capture and track Gramm-Leach-Bliley Act-related activities, and enhance the asset valuation review process.
star OIG investigations result in 14 indictments/informations; 17 convictions; and approximately $820 million in total fines, restitution, and other monetary recoveries. Approximately $819 million of that amount represents court-ordered restitution and is not an amount that has been collected.

star The OIG's participation in the FDIC's early retirement and buyout program and other attrition will result in the separation of 54 employees. All OIG components adjust to reductions through staff reorganizations and modifications in operational processes.
star Office of Audits reorganizes around five operational directorates: Resolution, Receivership, and Legal Affairs; Insurance, Supervision, and Consumer Affairs; Information Assurance; and Resource Management. A fifth directorate, Corporate Evaluations, performs corporate-wide and other evaluations.
star The OIG issues its Human Capital Strategic Plan for 2002-2006 outlining four objectives relating to workforce analysis; competency investments; leadership development; and a result-oriented, high-performance culture.
star The OIG focuses audit and evaluation work on information security matters through such projects as issuance of the 2002 Government Information Security Reform Act evaluation report, presentations at governmentwide meetings, and coordination with the U.S. General Accounting Office (GAO) and Office of Management and Budget.
star The OIG issues its Government Information Security Reform Act report, concluding that the Corporation had established and implemented management controls that provided limited assurance of adequate security over its information resources. While progress had been made in addressing previously identified weaknesses, in 3 of 10 key management control areas evaluated (Contractor and Outside Agency Security, Capital Planning and Investment Control, and Performance Measurement), the FDIC had no assurance that adequate security had been achieved. Our report also highlighted opportunities for the Corporation to strengthen the accountability and authority of its Chief Information Officer position.
star The OIG and GAO continue their joint effort to audit the Corporation's financial statements. The OIG and GAO agree that the OIG will commit three staff members to perform the receivables from bank/thrift resolutions and receivership receipts audit work. One staff member will assist with information systems testing. The OIG is developing a multi-year strategy for performance of the information systems audit requirements starting in 2003.
star OIG counsel litigates 11 matters during the reporting period and provides advice and counsel on a number of issues. H The OIG reviews and comments on one proposed federal regulation and 22 proposed FDIC policies and directives and responds to 13 requests under the Freedom of Information Act and Privacy Act.
star The OIG coordinates with and assists management on a number of initiatives, including a joint project with the Office of Internal Control Management and the Division of Administration to ensure that accounting and auditing contractors comply with GAO's new independence standards, coordination with the Division of Supervision and Consumer Protection (DSC) on its Process Redesign II project, and Office of Investigations and Office of Audits executives' participation at the DSC Field Office Supervisor meetings.
star The OIG accomplishes a number of internal office initiatives, including completion of a comprehensive plan for downsizing and restructuring, issuance of Office of Audits' Fiscal Year 2003 Assignment Plan, establishment of an information security program, and outreach activity to various banking organizations on OIG operations.
star Four OIG Special Agents are among an 11-member team that receives the Attorney General's Award for Distinguished Service for their exemplary work in the investigations and prosecutions relating to the failure of Keystone Bank, Keystone, West Virginia.
star The OIG completes its annual review of the FDIC's Internal Control and Risk Management Program, concluding that the program complied with policy and was consistent with the Federal Managers' Financial Integrity Act provisions.
star The OIG issues the results of its evaluations of the adequacy of the physical security of FDIC facilities in headquarters and other selected sites.
star As Vice Chair of the President's Council on Integrity and Efficiency, the Inspector General leads the Inspector General community's activities designed to facilitate agency efforts related to the President's Management Agenda. These include work in the financial management, government performance, information technology, and human capital arenas.

Major Issues

Major Issues at the FDIC

In the interest of improving federal performance government-wide, the Senate Governmental Affairs Committee has asked Offices of Inspector General to identify the most significant management challenges facing their agencies. At the FDIC, our office has identified and previously reported these challenges or major issues as follows:

  • Organizational Leadership
  • Addressing Risks to the Insurance Funds
  • Supervising Insured Institutions
  • Protecting Consumer Interests
  • Deposit Insurance Reform
  • Managing Information Technology
  • Ensuring Sound Controls and Oversight of Contracting Activities
  • Establishing Goals and Measuring Results
  • Addressing Human Capital Issues
  • Containing Costs and Assessing Business Processes
  • Ensuring Security of Physical and Human Resources

In our previous semiannual report, we discussed a new issue that has potential impact on the FDIC in its role as regulator, insurer, and receiver: the Quality of Bank Financial Reporting and Auditing. We update progress in this area in this semiannual report. The Corporation has a number of ongoing programs and initiatives in place to address all of these challenges, and we continue to work in partnership with the Corporation on these major issues.

Consistent with the concept of the Reports Consolidation Act, the Corporation will be consolidating financial and performance reports for 2002 reporting.

The OIG will be updating its major issues and will provide input on the most serious management and performance challenges facing the Corporation for consideration in the FDIC's 2002 reporting.

The FDIC and the banking industry are experiencing significant and rapid change. We believe a number of issues associated with these challenges are deserving of special attention at this time.

Organizational Leadership

Strong leadership has always been vital to the success of the banking and financial services industry. The FDIC Board is comprised of five directors, including the FDIC Chairman, two other FDIC directors, the Comptroller of the Currency, and the Director of the Office of Thrift Supervision. All are presidential appointees. At the FDIC, during the 1990s, one or more presidentially appointed positions on the Board of Directors frequently were vacant.

Additionally, the Board position of Vice Chairman has been unfilled since January 2001. John Reich, currently a Director on the Board, has been nominated to serve as Vice Chairman, and his confirmation hearing occurred on October 3, 2002. Notwithstanding his potential confirmation, a Board vacancy still exists. The Board has operated with an FDIC Director vacancy since September 1998.

The FDIC is the independent regulator of a significant portion of the nation's banking system as well as the only federal insurer of deposits wherever they are placed in our nation's banks. As a corporation governed by its Board of Directors, the vital balance between various interests implicit in the Board's structure is preserved only when all vacancies are filled. Accordingly, we have strongly urged that vacancies on the FDIC's Board be filled as promptly as practicable in order to afford the FDIC the balanced governance and sustained leadership essential to the agency's continued success.

We cite organizational leadership as a major issue facing the Corporation based on our belief that to handle the challenges and issues facing the Corporation, particularly in a regulatory environment that may change dramatically in the future, a Board of Directors operating at full strength must be in place.

Addressing Risks to the
Insurance Funds

A primary goal of the FDIC under its insurance program is to ensure that its deposit insurance funds remain viable. Achieving this goal is a considerable challenge, given that the FDIC supervises only a portion of the insured depository institutions. The identification of risks to non-FDIC supervised institutions requires coordination with the other federal banking agencies. The FDIC engages in an ongoing process of proactively identifying risks to the deposit insurance funds and adjusting the risk-based deposit insurance premiums charged to the institutions. The Division of Finance completes the final phase of this ongoing process by collecting the premium assessments.

Although the FDIC has a continuous program to ensure the viability of the deposit insurance funds, recent trends and events continue to pose additional risks to the funds. The economic landscape changed dramatically following the events of September 11, 2001, and the potential exists for an increased number of bank failures. Additionally, the environment in which financial institutions operate is evolving rapidly, particularly with the acceleration of interstate banking; new banking products and asset structures; electronic banking; and consolidations that may occur among the banking, insurance, and securities industries resulting from the Gramm-Leach-Bliley Act (GLBA).

Bank mergers have created "megabanks," or "large banks" (defined as institutions with assets of over $25 billion), and, for many of these institutions, the FDIC is not the primary federal regulator. As of March 31, 2001, there were 38 megabanks in the country. Of the $5.3 trillion consolidated assets controlled by the 38 megabanks, the FDIC was the primary regulator for only $162.5 billion in 3 institutions. The megabanks created as a result of mergers and the new or expanded services that the institutions can engage in under GLBA are presenting challenges to the FDIC. The failure of a megabank, for example, along with the potential closing of closely affiliated smaller institutions, could result in huge losses to the deposit insurance funds.

During the reporting period, the Corporation selected designated onsite examiners to enhance the FDIC's risk monitoring of the eight largest insured institutions.

Focus on Bank Insurance Fund
Designated Reserve Ratio

The Federal Deposit Insurance Act, Section 7(b), Assessments, requires the FDIC Board of Directors to set semiannual assessments for insured depository institutions if the required reserve ratio of the insurance fund balance to estimated insured deposits falls below 1.25 percent.

As of March 31, 2002, the Bank Insurance Fund (BIF) reserve ratio was at 1.23 percent, the first time it had fallen below 1.25 percent since 1995. By June 30, 2002, the BIF reserve ratio was at 1.26 percent, slightly above the statutorily mandated designated reserve ratio for the deposit insurance funds. If the BIF ratio is below 1.25 percent, the FDIC Board of Directors must charge premiums to banks that are sufficient to restore the ratio to the designated reserve ratio within 1 year.

Mindful of this significant issue, the OIG will be conducting related work during the upcoming months.

OIG Completes Superior Bank-Related Reviews

In our previous semiannual report, we reported on a series of reviews that we had conducted based on a congressional request from Senator Paul Sarbanes, Chairman of the Senate Committee on Banking, Housing, and Urban Affairs, related to the failure of Superior Bank, FSB, Hinsdale, Illinois.

Upon the failure of Superior Bank, the Office of Thrift Supervision closed the institution on July 27, 2001. At the time of closure, Superior had total assets of $2.2 billion and total deposits of $1.6 billion. The FDIC was named conservator and transferred the insured deposits and substantially all of the assets of Superior to Superior Federal, FSB (New Superior), a newly chartered, full-service mutual savings bank. The failure of Superior was one of the costliest of all recent failures. The FDIC's most recent loss estimate is $440 million.

During the reporting period, we completed the last of our series of audits related to the Superior Bank failure-an audit of the Division of Resolutions and Receiverships' (DRR) marketing efforts for the deposit liabilities, assets, and principal product groups of New Superior.

We determined that DRR effectively marketed Superior's deposit liabilities and assets to maximize the return to the conservatorship. The FDIC, as the receiver, transferred deposit liabilities totaling $1.5 billion and assets totaling $2 billion to New Superior. We reviewed the sale of the deposit liabilities and approximately 65 percent of the assets. DRR awarded the sales to the highest bidders in all sales we reviewed, except for one security sale. We were unable to determine whether DRR selected the highest bidder for the one security sale, because of insufficiencies in the sale file documentation.

OIG Reviews the FDIC's Implementation
of GLBA Provisions

Signed into law on November 12, 1999, GLBA reverses many of the barriers between banking and commerce erected by the Glass-Steagall Act of 1933 and is the most extensive reform of financial services regulation in over 60 years. GLBA also affects how various bank and affiliate activities are regulated and examined. GLBA eliminates many federal and state barriers to affiliations among banks and securities firms, insurance companies, and other financial services providers. Financial organizations are provided flexibility in structuring these new financial affiliations through a holding company structure or a financial subsidiary. The Federal Reserve System remains the "umbrella" supervisor for holding companies, but GLBA also incorporates "functional regulation" to use the strengths of the various federal and state financial supervisors. Increased affiliation between state non-member banks and other financial services providers engaged in expanded activities-in a new functional regulation environment-poses risks to the FDIC and the Bank Insurance Fund.

We conducted an audit that focused on three of the GLBA's seven titles to determine whether: (1) the Division of Supervision (DOS), now known as the Division of Supervision and Consumer Protection (DSC), had established coordination arrangements for GLBA activities with other regulatory agencies; (2) DOS procedures had been updated to address the restrictions and safeguards in GLBA; and (3) DOS was identifying banks that are directly or indirectly engaged in GLBA activities. We concluded that DOS had established coordination arrangements with other regulatory agencies but needed an updated agreement for information sharing with the Securities and Exchange Commission (SEC). DOS had also updated or created related policies and procedures to address most of the GLBA provisions covered in our review although some additional guidance was needed in the area of related organizations. Also, while the FDIC had access to Federal Reserve System data on financial holding companies, DOS information systems did not identify banks that were directly or indirectly engaged in GLBA-affected activities.

We made four recommendations to DSC related to developing information-sharing procedures in conjunction with the FDIC Legal Division and the SEC, expediting policy revisions, and enhancing information systems and databases to better capture and track GLBA-related activity. DSC is taking action to address all recommendations.

Supervising Insured Institutions

The FDIC shares supervisory and regulatory responsibility for approximately 9,480 banks and savings institutions with other regulatory agencies including the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, and state authorities. The FDIC is the primary federal regulator for 5,417 federally insured state-chartered commercial banks that are not members of the Federal Reserve System, which includes state non-member banks, including state-licensed branches of foreign banks and state-chartered mutual savings banks. The challenge to the Corporation is to ensure that its system of supervisory controls will identify and effectively address financial institution activities that are unsafe, unsound, illegal, or improper before the activities become a drain on the insurance funds.

Emerging trends and new developments in the banking industry require the DSC to identify and assess risks from such activities as:

  • subprime lending;

  • declining underwriting standards for commercial real estate lending;

  • rapid changes in bank operations between safety and soundness examinations;

  • the growth of information technology and its increasing impact on payment systems and other traditional banking functions;

  • fraudulent activities, which have contributed significantly to bank failures in recent years; and

  • expanded banking activities permitted by the GLBA.

Further, DSC may have to reevaluate the concepts of risk, capital, and asset valuation in light of ever developing investment products and methods.

The FDIC has worked to increase the efficiency of the bank examination process designed to identify and assess these risks. Its Process Redesign efforts are ongoing. Additionally, the Corporation reported in its 3rd quarter Letter to Stakeholders that for the year-to-date, it had completed 485 expedited examinations of well-managed/well-capitalized banks under $250 million, resulting in a reduction of the average examination time on these institutions of more than 20 percent. With the possibility of a serious economic downturn, and in light of the magnitude of FDIC corporate reorganization and downsizing, DSC must continue to assess its size and the mix of expertise and skills in its workforce to ensure sufficient capacity for addressing increased risks. Considering the lead-time for developing new commissioned examiners, the FDIC needs to ensure the examination workforce will be adequate for handling potential problems and bank failures.

Joint Evaluation of the Federal Financial Institutions Examination Council

We collaborated with the Offices of Inspector General of the Department of the Treasury and the Board of Governors of the Federal Reserve System (FRB) to conduct a review of the Federal Financial Institutions Examination Council (FFIEC). The FFIEC is a formal interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the FRB, FDIC, National Credit Union Administration, Office of the Comptroller of the Currently (OCC), and Office of Thrift Supervision (OTS) and to make recommendations to promote uniformity in the supervision of financial institutions.

We issued a report concluding that the FFIEC is accomplishing its legislative mission of prescribing uniform principles, standards, and report forms and is achieving coordination between the banking agencies. Further, most officials stated that the FFIEC's role and mission were appropriate going forward and should not be expanded because of the Gramm-Leach-Bliley Act. Notwithstanding, some officials indicated that the FFIEC could accomplish its mission more effectively. The Council has discussed a number of measures to improve FFIEC effectiveness, including having the principals more actively involved in FFIEC matters and developing annual goals, objectives, and work priorities for the task forces.

The FRB, OTS, OCC, and FDIC provided written comments on a draft of the report. The FRB, OCC, and FDIC responses concurred with the report's overall conclusions. The OTS's response did not specifically comment on the overall conclusions but raised several points that we clarified in the final report. A detailed summary of the various agency comments is included in the final report.

OIG Reviews Offsite Rating Tool

During 1998, the FDIC implemented a new offsite rating tool, the Statistical CAMELS Offsite Rating (SCOR) review, to more effectively and efficiently monitor risk to the banking and thrift systems. SCOR uses quarterly Reports of Condition and Income (Call Reports)1 to identify institutions that could potentially receive a downgrade in their CAMELS ratings at their next safety and soundness examination. To do this, SCOR uses statistical techniques to estimate the relationship between Call Report data and the results of the latest examination and estimates the probability of an institution being downgraded at the next examination.

We completed an audit to determine the effectiveness of SCOR as an early warning system and to assess actions taken by the DSC in response to early warning flags identified by SCOR. The audit was conducted nationwide and included a sample of banks from all FDIC regional offices.

We concluded that the effectiveness of the SCOR review program in detecting potential deterioration in the financial condition of insured depository institutions, as presently implemented, was limited. SCOR had not identified emerging supervisory concerns or provided early warnings of potential deterioration at the majority of financial institutions we reviewed. Further, case managers were placing limited reliance on SCOR as an early warning system.

Our report contained three recommendations intended to improve the SCOR offsite review program. First, we recommended that DSC assess the usefulness of SCOR as an early warning system as it is currently being implemented. If DSC determines that SCOR should continue as part of the offsite monitoring program, we recommended that DSC revise SCOR procedures to require that the DSC case manager analyses be performed within shorter timeframes than allowed by the current procedures. We also recommended that DSC instruct case managers to more often recommend onsite activity or other interactions with the institution as a follow-up action for those institutions flagged by SCOR that also have previously identified management weaknesses.

DSC concurred with each of the three recommendations and took corrective action in response.

The FDIC's Assessment of Corrective Action
Work Performed by Third-Party Contractors

One of the Corporation's annual performance goals for 2002 is that prompt supervisory actions are taken to address problems identified in institutions identified as problem insured depository institutions and that the Corporation monitor these institutions' compliance with formal and informal enforcement actions. Corrective actions are agreements (informal) or legally enforceable orders (formal) that the FDIC may institute against a financial institution or individual respondent to correct noted safety and soundness or compliance deficiencies. During the reporting period we conducted an audit to determine whether work performed by third-party contractors for FDIC-supervised institutions met the requirements of corrective actions instituted by the FDIC's DOS.

Asset Valuation Review
Process for Sinclair National Bank

We audited the FDIC's asset valuation review (AVR) process for Sinclair National Bank, which failed on September 7, 2001. The Division of Resolutions and Receiverships' (DRR) AVR process resulted in a reasonable estimate of the overall value for the assets of Sinclair. We found that 28 of the 68 individual Sinclair asset valuations that we tested contained significant misstatements, defined as valuation discrepancies that exceeded or could have exceeded 10 percent of the FDIC's final AVR price for the individual asset. However, the net dollar impact of these errors, when the revised valuations were incorporated into the Standard Asset Value Estimation process, was less than 1 percent of the total AVR price of $21.6 million for all the Sinclair assets.

While the individual valuation discrepancies for the Sinclair resolution were not large in relation to the total AVR price for all assets, they stemmed from procedural weaknesses that could result in larger dollar losses on the disposition of individual assets in future resolutions. We also identified other weaknesses that could result in unnecessary costs to the FDIC in future resolutions if not corrected.

Thus, while the process was generally effective, we recommended additional controls to help DRR maintain the accuracy of the AVR process results and recover the highest value for failing institutions. DRR was responsive to all recommendations.

We concluded that the FDIC accepted work performed by third parties as meeting the requirements of the corrective actions instituted by the Corporation, and third-party work was completed within established timeframes. Also, DOS reviewed the corrective actions to ensure their completeness in addressing the underlying safety and soundness concerns. We made no recommendations in this report.

Protecting Consumer Interests

The FDIC is legislatively mandated to enforce various statutes and regulations regarding, for example, consumer protection and civil rights with respect to state-chartered, non-member banks and to encourage community investment initiatives by these institutions. Some of the more prominent laws and regulations in this area include the Truth in Lending Act, Fair Credit Reporting Act, Real Estate Settlement Procedures Act, Fair Housing Act, Home Mortgage Disclosure Act, Equal Credit Opportunity Act, and Community Reinvestment Act of 1977.

The Corporation accomplishes its mission related to fair lending and other consumer protection laws and regulations primarily by conducting compliance examinations, taking enforcement actions to address unsafe or unsound banking practices and compliance violations, encouraging public involvement in the compliance process, assisting financial institutions with fair lending and consumer protection compliance through education and guidance, and providing assistance to various parties within and outside of the FDIC. During the reporting period the Corporation made progress implementing its adult financial education curriculum, "Money Smart," nationwide.

In the area of consumer protection, the OIG has planned an audit of the implementation of GLBA privacy provisions. GLBA requires banking agencies to establish appropriate standards for financial institutions relating to the administrative, technical, and physical safeguards of consumer records and information. The Federal Financial Institutions Examination Council has issued guidance summarizing procedures for examining compliance with the regulation. Our audit work will address whether privacy examinations are conducted in accordance with applicable GLBA provisions and corrective actions are taken in a timely manner when banks do not comply.

Deposit Insurance Reform

In October 2001, Chairman Powell testified on deposit insurance reform before the Subcommittee on Financial Institutions and Consumer Credit, Committee on Financial Services, U.S. House of Representatives. The Chairman recommended the merger of the Bank Insurance Fund (BIF) and the Savings Association Insurance Fund (SAIF), charging risk based premiums to all institutions, allowing insurance funds to build or shrink around a target or range, establishing assessment credits based on past contributions, and indexing insurance coverage and raising the insurance on retirement accounts.

The FDIC views these recommendations as interrelated and believes they should be implemented as a package because piecemeal implementation could introduce new distortions and aggravate the problems that the recommendations are designed to address. During the reporting period, on May 22, 2002, deposit insurance reform legislation, based on the FDIC's recommendations, passed the House of Representatives. The Corporation also continued to pursue its case for comprehensive deposit insurance reform in speeches, banker outreach sessions, and visits to other Members of Congress.

While conceptually the recommendations appear to the OIG to be sound, we have not done work related to all of them. Based on work to date, the OIG strongly supports merging the funds.

Chairman Powell has noted the unanimity within the banking community on this particular point. Today, as a result of bank mergers and acquisitions, many institutions hold both BIF- and SAIF-insured deposits, obscuring the difference between the funds. The resulting merged fund would not only be stronger and better diversified but would also eliminate the concern about a premium disparity between the BIF and the SAIF. Assessments in the merged fund would be based on the risk that institutions pose to the single fund. The prospect of different prices for identical deposit insurance coverage would be eliminated. Also, insured institutions would no longer have to track their BIF and SAIF deposits separately, resulting in cost savings for the industry.

We will continue to monitor deposit insurance reform, as changes in this area will impact the way the FDIC operates and how our office can best support the FDIC in pursuit of its mission.

Managing Information Technology

As the Corporation works to contribute to the stability and public confidence in our nation's financial system, information technology (IT) continues to play an increasingly greater role in every aspect of the FDIC mission. As corporate employees carry out the FDIC's principal business lines of insuring deposits, examining and supervising financial institutions, and managing receiverships, they rely on information and corresponding technology as a critical resource. Information and analysis on banking, financial services, and the economy form the basis for the development of public policies and promote public understanding and confidence in the nation's financial system.

In early 1998, the Corporation's Division of Information Resources Management (DIRM) and the other FDIC divisions laid out an IT strategy to address the next 3-5 years and articulated five IT strategic goals:

  • Make Customer Satisfaction Our Primary Measure of Success.

  • Improve Corporate Business Processes and External Relationships Through the Use of Technology.

  • Manage Information for the Corporation.

  • Provide an IT Infrastructure that Works Everywhere, All the Time.

  • Improve the Efficiency and Effectiveness of IT Management.

The plan is updated every year based on DIRM management planning conferences, client input, changes in the overall business planning process and priorities, and new technology developments. Accomplishing IT goals efficiently and effectively requires significant expenditures of funds and wise decision-making and oversight on the part of FDIC management. The Corporation's 2002 IT budget is approximately $192.5 million.

OIG Participates on
EBISS Project

A member of the OIG's audit staff participated in a group focusing on Network Vulnerability Scanning Tools (NVSTs) under the Executive Branch Information Systems Security (EBISS) committee. EBISS was established by the President's Critical Infrastructure Protection Board. Our representative, along with seven other government and industry representatives, completed a report and made the following recommendations to the EBISS committee.

  • Mandate the use of NVSTs for all federal agencies.

  • Establish a hybrid centralized/decentralized approach: centralized procurement, decentral- ized execution, and centralized reporting.

  • Establish, formalize, and promulgate minimum standards for NVST evaluation and usage (based on the National Institute of Standards and Technology Special Publication 800-42, Draft Guideline on Network Security Testing).

  • Assign a central entity with the responsibility to maintain a list of NVSTs that meet the minimum standards described above.

This report is significant because the actions recommended would improve the security and reliability of the government's critical networks.

The Corporation must constantly evaluate technological advances to ensure that its operations continue to be efficient and cost-effective and that it is properly positioned to carry out its mission. The capabilities provided by IT advances, such as paperless systems, electronic commerce, electronic banking, and the instantaneous and constant information-sharing through Internet, Intranet, and Extranet sources, also pose risks to the Corporation and the institutions that it regulates and insures. Many of the risks are new and unique. Solutions to address them are sometimes difficult and without precedent.

In addition to technological advances that assist the Corporation in its mission, the Corporation must continue to respond to the impact of laws and regulations on its operations. Management of IT resources and IT security have been the focus of several significant legislative acts, such as the Government Performance and Results Act and the Paperwork Reduction Act. The Government Information Security Reform Act (GISRA) requires the OIG to conduct an annual evaluation of the FDIC's information security controls. We completed our second such review during the reporting period, as discussed in more detail below. According to the 2002 Annual Performance Plan, the Corporation will continue to be engaged in several major technology initiatives during the remainder of 2002. These include the following:

star New Financial Environment. The FDIC is working to replace core components of its financial system and anticipates that the new financial environment will improve business processes by adopting the best practices built into software packages, simplify and consolidate financial systems applications and data, enhance efficiency by automating manual work, maximize e-business opportunities, and provide better decision-making to ensure continuity of financial operations.

star E-Business. The FDIC is actively pursuing e-business relationships both with the institutions it insures and with the vendor community that provides goods and services to the Corporation. It is making FDICconnect available to more than 9,000 insured institutions. FDICconnect is an e-business channel between the FDIC and its insured institutions and allows for the direct exchange and sharing of information over the Internet.

star Information security program improvements. The Corporation continues to develop and implement an information security program to address identified weaknesses. Several areas of focus are enhancing security performance measurement and contractor and external security.

star Enterprise Architecture. A new enterprise architecture process will be introduced to manage technology, applications, and technical infrastructure for the Corporation. The new enterprise architecture process will be integral to corporate and IT planning and should provide a corporate view of and future direction for business processes, information, applications, and infrastructure. It will also provide the standards and procedures to be followed whenever a new information system is built.

Our work in the IT area during the reporting period focused principally on our reporting responsibility under GISRA and related assignments, as discussed below.

OIG Reports GISRA Results

The most significant report that we issued in the IT area was our GISRA report entitled Independent Evaluation of the FDIC's Information Security Program-2002. GISRA requires annual agency program reviews of information security by agency program officials, in consultation with Chief Information Officers, and annual independent evaluations by agency Inspectors General. Our first such evaluation report, entitled Independent Evaluation of the FDIC's Information Security Program Required by the Government Information Security Reform Act, was issued in September 2001.

The objective of our 2002 review was to evaluate the effectiveness of the FDIC's information security program and assess the FDIC's compliance with the requirements of the Security Act and related information security policies, procedures, standards, and guidelines. We relied primarily on the Office of Management and Budget (OMB) Circular No. A-130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Resources, as criteria for evaluating the adequacy of the FDIC's information security program. In addition, our evaluation focused on the FDIC's efforts to improve its information security controls and practices relative to the baseline established in our 2001 Security Act evaluation report.

In summary, we concluded that the Corporation had established and implemented management controls that provided limited assurance of adequate security over its information resources. In 3 of 10 key management control areas evaluated (Contractor and Outside Agency Security,2 Capital Planning and Investment Control, and Performance Measurement), the FDIC had no assurance that adequate security had been achieved. In a fourth management control area (Security Act Responsibilities and Authorities), we highlighted opportunities for FDIC management to strengthen the accountability and authority of one of its most important leadership positions related to information security, the Chief Information Officer.

The FDIC had been working hard to address the security weaknesses identified in our 2001 Security Act evaluation report and new weaknesses identified in recent audits and reviews. However, weaknesses in the FDIC's security operations continued to surface because the FDIC had not fully implemented a comprehensive information security management program. Frequently, security improvements at the FDIC were the result of a reaction to specific audit and review findings, rather than the result of a comprehensive program that provided continuous and proactive identification, correction, and prevention of security problems. Government oversight agencies, such as the U.S. General Accounting Office (GAO) and OMB, and other recognized standard setting organizations, such as the National Institute of Standards and Technology, have identified fundamental management principles and controls needed to implement an effective information security management program. Based on our evaluation work, we found that the FDIC had taken some, but not all, of the actions necessary to establish and implement these fundamental management principles and controls. We concluded that the FDIC's progress in addressing the security weaknesses identified in our 2001 Security Act evaluation report was offset by the emergence of new information security weaknesses identified during our current year evaluation. Accordingly, our overall assessment of the FDIC's information security program remained the same as last year.

Based on our evaluation results, we identified 10 steps, listed in priority order, that the Corporation could take in the near term to improve its information security operations (see write-up on next page). The observations and conclusions contained in our evaluation report were designed to assist the Corporation in furthering its efforts to implement a comprehensive information security program that provides reasonable assurance of adequate security for its information resources. Consistent with the intent of the Security Act, we will continue to work with the Corporation in accomplishing its goals in this critical area.

Products Supporting GISRA Results We issued the following individual reports in support of our GISRA-reported results during the reporting period:

Computer Security Incident Response
Team (CSIRT) Activities:
CSIRT developed and implemented procedures for identifying and detecting, investigating and resolving, tracking, and reporting security incidents. CSIRT also communicated with appropriate external organizations concerning new threats, vulnerabilities, solutions, and security incidents that the team had investigated. However, we reported that the effectiveness of the program could be improved by consistently defining computer security incidents in relevant FDIC policies and guidance, updating various policy documents, preparing test plans for vulnerability testing, better tracking of incidents, increased reporting to other FDIC security components, and establishing performance goals and measures for CSIRT. DIRM agreed to recommended actions.

OIG Identifies GISRA Action Items

The OIG's Government Information Security Reform Act report communicated the following actions, in priority order, to the FDIC Chairman. These actions should be taken to better ensure adequate security of corporate information resources.

1. Strengthen accountability and authority for information security by (a) appointing a permanent Chief Information Officer, (b) ensuring that the individual serving as the Chief Information Officer reports directly and solely to the Chairman, and (c) filling key vacancies within the Division of Information Resources Management that support information security initiatives and operations;

2. Make security a key selection factor in the 2003 information technology (IT) capital planning and investment control process to ensure that appropriate and cost-effective security controls are considered and funded over the life cycle of the FDIC's IT investments. For 2004, the FDIC should have a completed IT Capital Plan;footnote

3. Complete the FDIC IT enterprise architecture to ensure that security controls for components, applications, and systems are consistent with current and planned IT architectures;

4. Continue and complete efforts to define the sensitivity of all corporate data and related business rules and ensure that the results are considered when developing and implementing security measures for corporate systems and applications;

5. Strengthen the FDIC's Acquisition Policy Manual and other Corporation policies and procedures related to contractor-provided services by incorporating the security standards prescribed by OMB Circular No. A-130 and the National Institute of Standards and Technology;

6. Establish key measures to assess the performance of corporate information security activities against established baselines and target performance levels. Such measures should be designed to proactively improve security processes and controls;

7. Define clear roles and responsibilities for all areas related to information security, including general support systems, major applications, information security managers, application contingency plans, and the pre-exit clearance process for employees and contractors;

8. Complete and begin using the recently developed Information Security Program Management Report to better track the integration of the FDIC's information, physical, and operational security activities;

9. Implement a formal software configuration management program that ensures all required software modifications, including software patches, are properly tested, approved, and documented in a timely manner; and

10. Complete and formally issue planned revisions to FDIC circulars related to information security.

footnote IT Capital Plan is one output of the capital planning and investment control process and serves as the implementation plan for the budget year. The IT Capital Plan should include a component that demonstrates that IT projects include security controls that are consistent with the agency's enterprise architecture. An enterprise architecture is an institutional systems blueprint that defines in both business and technological terms an organization's current and target operating environments and how the organization will transition between the two.

Information Security Management of FDIC Contractors: We concluded that the FDIC's contractor information security policies and procedures needed improvement. Specifically, the policies and procedures were deficient with respect to the consideration of contractor security in acquisition planning and oversight of contractor security practices. Further, the Corporation's implementation of contractor information security in acquisition planning, incorporation of information security requirements in FDIC contracts, and oversight of contractor security practices were not adequate. Finally, contractors generally failed to implement sufficient security measures. These control weaknesses exposed the FDIC's information resources to the risk of unauthorized disclosure, destruction, and modification of sensitive and critical data, and disruption of system operations.

We made eight recommendations to address the concerns we identified. DIRM and Division of Administration (DOA) management agreed to work jointly to implement corrective actions in response to our recommendations.

Internal and Security Controls Related to the General Examination System (GENESYS): GENESYS is the system used to prepare the report of examination, which contains the results of examinations and ratings given to financial institutions. The finalized report of examination is provided to the examined institution and other federal and state examiners with responsibilities for the institution. Institution regulators are charged with maintaining strict confidentiality in matters related to the financial institution examinations. GENESYS contains confidential information related to the institution's financial condition and management. Our audit, conducted by an independent public accounting firm under our general guidance, evaluated the adequacy of selected internal and security controls related to the system. The independent public accounting firm concluded that automated controls in GENESYS were adequate but recommended enhancements to better protect sensitive data through improved safeguards, password controls, and warning banner screens. Management agreed with the recommendations in our report.

Network Operations Vulnerability Assessment: We engaged PricewaterhouseCoopers Consulting (PwC), an independent professional services firm, to perform a multi-phase vulnerability assessment of the FDIC's network operations.

The primary objective of the first phase of PwC's assessment was to review past security practices and develop a plan for a more detailed assessment of the vulnerability to FDIC's network operations during a follow-on Phase II. The resulting report from Phase I contained seven observations and multiple recommendations intended to improve performance and management controls.

DIRM partially concurred with all but two of PwC's recommendations. DIRM's written comments resolved some recommendations and caused us, in consultation with PwC, to revise four others. A substantial number of recommendations were unresolved at the time of report issuance; however, as of the end of the reporting period, we had reached agreement on all recommendations.

Integration of Information Security into the Capital Planning and Investment Control Process: The OIG and Office of Internal Control Management conducted a joint review to evaluate the FDIC's progress in integrating information security into the capital planning and investment control process (CPICP) since the OIG's first GISRA report was issued in September 2001. That report identified CPICP as an area that may warrant reporting as an individual material weakness. Our objective was to evaluate the extent to which the FDIC integrates security into that process.

Although not issued in final form during the reporting period, we issued our draft report to management. We determined that the FDIC had continued efforts to improve its overall IT capital planning process, but more progress was needed in establishing and implementing three key CPICP management controls related to security: an enterprise architecture that specifically addresses security requirements, consideration of information security in capital IT investment decisions, and system life cycle security management. Until these key management controls are fully established and implemented, corporate level decision-makers cannot be assured that security is appropriately integrated in FDIC systems commensurate with the level of risk associated with those systems.

Because deficiencies in the CPICP were again identified as a potential material weakness in our 2002 GISRA report, we will carefully evaluate the forthcoming management response to this report outlining specific corrective actions and will discuss this review in more detail in our upcoming semiannual report.

Ensuring Sound Controls and Oversight of Contracting

The private sector provides goods and services to the FDIC as needed through contracting to assist the Corporation in accomplishing its mission. Contractors provide assistance in such areas as information technology, legal matters, loan servicing, asset management, and financial services.

Maintaining a strong system of internal controls and effective oversight of contracting is critical to the FDIC's success. The Corporation has taken a number of steps in this regard-training, revisions to the Acquisition Policy Manual, and Contractor Oversight working groups. A goal related to contractor oversight was added to the Corporation's Annual Performance Plan, which is formulated in accordance with the Government Performance and Results Act. The Corporation must sustain such efforts going forward. Additionally, with increased downsizing and possibly more involvement of contractors to carry out the FDIC mission, effective oversight will become even more critical.

Projections of calendar year 2002 non-legal contract awards and purchases total 1,400 actions valued at approximately $375 million. Information technology has always been one of the most active areas of contracting. As of September 30, 2002, there were more than 415 active information resources management contracts valued at approximately $476 million that had been awarded in headquarters. Approximately $230 million of this expenditure authority for active contracts had been spent and approximately $246 million remained to be used as of that date.

New Approach to Contract Audits

In coordination with DOA, the OIG developed a new approach to conducting audits of contractor billings and completed several audits using the new approach during the reporting period. Post-award audits of contractors focus specifically on contract provisions to determine the allowability of costs. Preaward audits focus on the bids received from potential contractors. We also can review the contract award process and contractor controls, as needed.

We questioned a total of $528,492 in two post-award reports for reasons including unauthorized subcontractors, unallowable subcontractor mark-ups, incorrect timesheets, unreasonable project management hours billed, and billings for unauthorized labor categories.

Management's response for $215,174 of that amount was not due as of the end of the reporting period. For the remainder, management disallowed $34,926.

We issued three preaward reports. Two of the reports related to activities regarding the construction of the Virginia Square II building and the third addressed contracting for Local Area Network administration and mainframe and operational support.

Management has expressed appreciation to the OIG for its efforts in this area of contract auditing.

Establishing Goals and
Measuring Results

The Government Performance and Results Act (Results Act) of 1993 was enacted to improve the efficiency, effectiveness, and accountability of federal programs by establishing a system for setting goals, measuring performance, and reporting on accomplishments. Specifically, the Results Act requires most federal agencies, including the FDIC, to prepare a strategic plan that broadly defines each agency's mission, vision, and strategic goals and objectives; an annual performance plan that translates the vision and goals of the strategic plan into measurable annual goals with specific indicators and targets; and an annual performance report that compares actual results against planned goals.

The Corporation's strategic plan and annual performance plan lay out the agency's mission and vision and articulate goals and objectives for the FDIC's three major program areas of Insurance, Supervision, and Receivership Management. The plans focus on four strategic goals that define desired outcomes identified for each program area: (1) Insured Depositors Are Protected from Loss Without Recourse to Taxpayer Funding, (2) FDIC-Supervised Institutions Are Safe and Sound, (3) Consumers' Rights Are Protected and FDIC-Supervised Institutions Invest in Their Communities, and (4) Recovery to Creditors of Receiverships Is Achieved. Through its annual performance report, the FDIC is accountable for reporting actual performance and achieving these strategic goals, which are closely linked to the major issues discussed in this semiannual report.

The Corporation has made significant progress in implementing the Results Act and will continue to address the challenges of developing more outcome-oriented performance measures, linking performance goals and budgetary resources, implementing processes to verify and validate reported performance data, and addressing crosscutting issues and programs that affect other federal financial institution regulatory agencies. The FDIC is committed to fulfilling both the requirements of the Results Act and congressional expectations that the performance plans and reports clearly inform the Congress and the public of the results and outcomes of the FDIC's major programs and activities, including how the agency will accomplish its goals and measure the results.

OIG Formulates Results Act Review Plan

In 1998, the House Leadership formally requested that the Inspectors General of 24 executive agencies develop and implement a plan for reviewing their agencies' Results Act activities. The Congress attaches great importance to effective implementation of the Results Act and believes that Inspectors General have an important role to play in informing agency heads and the Congress on a wide range of issues concerning efforts to implement the Results Act. We believe the congressional views on such a review plan represent an appropriate direction for all Offices of Inspector General.

OIG's Results Act Review Plan

The FDIC OIG is fully committed to taking an active role in the Corporation's implementation of the Results Act. We have developed a review plan to help ensure that the Corporation satisfies the requirements of the Results Act and maintains systems to reliably measure progress toward achieving its strategic and annual performance goals. Our review plan consists of the following three integrated strategies:

Linking Planned Reviews to the Results Act. We will link planned reviews to corporate strategic goals and provide appropriate Results Act coverage through audits and evaluations. As part of this strategy, our planning effort this year will seek to align our audit work more closely with the Corporation's strategic plan.

Targeted Verification Reviews. We will maintain a program of independent reviews to periodically evaluate the adequacy and reliability of selected information systems and data supporting FDIC performance reports. The OIG has developed a standard work program to conduct these evaluations.

Advisory Comments. We will continue our practice of providing advisory comments to the Corporation regarding its update or cyclical preparation of strategic and annual performance plans and reports.

Examples of OIG audit findings and recommendations during the reporting period that are linked to Result Act issues and concepts include the following:

We issued a report on the FDIC's receivership termination activity. We concluded that DRR was complying with policies and procedures for terminating receiverships and data contained in the Receivership Termination System for the sampled receiverships were accurate and complete. We identified one area of concern, however, related to DRR annual performance planning and receivership termination activity.

Specifically, DRR's 2002 annual performance planning indicators and targets did not cover all significant receivership termination activities. Specifically, a 2002 performance indicator and target for terminating receiverships initiated prior to 2000 was not developed. Pre-2000 receiverships accounted for 157 of the 168 active receiverships in inventory at January 1, 2002. We recommended that DRR establish an interim 2002 performance indicator and targets that include all active receiverships when formulating future annual performance plans. DRR concurred with the two recommendations in our report and planned corrective action in response. (Also see write-up related to Third-Party Corrective Actions.)

OIG Reviews FDIC 2001 Program
Performance Report

During this reporting period, the OIG reviewed and provided advisory comments to management on the FDIC's draft 2001 Program Performance Report. The purpose of our review was to provide suggestions for enhancing the Corporation's performance report based on our knowledge and OIG work related to the Results Act. In addition, we reviewed the report to determine if it was in compliance with the Results Act and related OMB guidance. We noted that the draft performance report was not clear with respect to reporting on receivership termination activity and suggested that it be clarified. In addition, we suggested that the FDIC performance report include a reference to the OIG performance report in accordance with OMB guidance. Management agreed with our comments and incorporated many of our suggestions into the final report that was sent to the Congress and OMB.

The OIG will continue to develop and refine its integrated oversight strategy to help ensure that the FDIC's Results Act-related efforts fully conform to the spirit and intent of the Act. We plan to continue to work with the Corporation to improve the FDIC's performance measurement and reporting through our audits, evaluations, and management advisory reviews and analyses. The OIG will also continue to monitor and review legislation proposed in the Congress to amend the Results Act and will actively participate to refine appropriate OIG Results Act roles, responsibilities, and activities through the President's Council on Integrity and Efficiency and the interagency groups it sponsors.

Addressing Human Capital Issues

The FDIC has been in a downsizing mode for the past 10 years as the workload from the banking and thrift crises of the late l980s and 1990s has been accomplished. During the reporting period, a number of division mergers and reorganizations took place and the Corporation concluded its 2002 buyout/retirement incentive programs. As noted in its 3rd quarter Letter to Stakeholders, these most recent incentive programs achieved a reduction of 699 staff and $80 million projected savings in future operating costs. In total, over the past 10+ years, the workforce (combined from the FDIC and the Resolution Trust Corporation) has fallen from approximately 23,000 in 1992 to 5,500 as of September 30, 2002.

By June 2003, the Corporation hopes to substantially complete required downsizing and correct existing skills imbalances. To do so, the Corporation continues to carry out other features of its comprehensive program such as solicitations of interest, reassignments, retraining, outplacement assistance, and possible reductions-in-force. As the Corporation adjusts to a smaller workforce, it must continue to ensure the readiness of its staff to carry out the corporate mission.

The Corporation has also predicted that almost 20 percent of FDIC employees will be eligible to retire within the next 5 years. The Corporation must continue to conserve and replenish the institutional knowledge and expertise that has guided the organization over the past years. Hiring and retaining new talent will be important, and hiring and retention policies that are fair and inclusive remain a significant component of the corporate diversity plan.

An important corporate consideration is determining where FDIC employees will be housed over the long-term. In that regard, the Corporation's Board of Directors approved construction of a new nine-story building at its Virginia Square office complex in Northern Virginia. This building will house FDIC staff for the most part now working in leased space in the District of Columbia. The expansion will cost approximately $111 million; however, the Corporation anticipates substantial savings in the long run-more than $78 million (in today's dollars) over the next 20 years. At DOA's request, the OIG conducted a preaward review to ensure that the process for soliciting and hiring contractors to perform the work of constructing the new site is carefully controlled and properly carried out. (See earlier write-up on preaward reviews.)

The Corporation's organizational make-up has been altered dramatically, and more change is in store. Designing, implementing, and maintaining effective human capital strategies are critical priorities and must be the focus of sustained corporate attention.

OIG Evaluates Selected Corporate Human
Capital Strategies

The OIG initiated an evaluation of aspects of the Corporation's employee training and development efforts. At the time we were conducting our work, the Corporation was in the midst of announcing several new initiatives and implementing a number of organizational changes that impacted both its training and development and overall human capital programs. As a result, we determined that it was not an appropriate time to review these activities. Because we had also gathered information associated with the FDIC's overall human capital strategy, we issued a memorandum to management to communicate that information as we terminated our review.

Our memorandum noted that last year, GAO added strategic human capital management to its list of high-risk government programs as an area that needs attention to ensure that the federal government functions in the most economic, efficient, and effective manner possible.

In its Model of Strategic Human Capital Management, GAO identified three cornerstones3 that relate to the activities we addressed in our evaluation:

  • Leadership commitment to human capital management,

  • Strategic human capital planning, and

  • Acquiring, developing, and retaining talent.

In our memorandum, we communicated our observations on past corporate activities in these areas and focused on on-going or planned initiatives, pointing out where we believe the Corporation should continue to concentrate its efforts.

Leadership Commitment

  • The Corporation's Human Resources Committee (HRC), comprised of eight executives from throughout the Corporation, is a key driver of the Corporation's human capital initiatives to streamline the organization, complete downsizing, establish clear performance expectations and incentives for executives, and build a flexible workforce through a Corporate University and job rotation program. The HRC is responsible for developing policy recommendations for the Chief Operating Officer (COO), Chief Financial Officer (CFO), and the Deputy to the Chairman, as well as monitoring the implementation of the Corporation's human capital initiatives.

  • The Corporate University is one of the key initiatives to transform the FDIC. It will be organizationally placed in the newly designed Human Resources Branch-a merger of the Training and Consulting Services Branch and the Personnel Services Branch-within DOA.

  • The FDIC is recruiting a human capital professional as Associate Director of the Human Resources Branch. This position will report to the Deputy Director, DOA, who is also the Chairman of the HRC. The Associate Director's responsibilities will include the development of a comprehensive human capital program for the Corporation.

Strategic Workforce Planning

  • The Corporation conducted an FDIC Human Capital Self-Assessment based on GAO guidelines, drafted a Human Resources Strategic Plan, and included various human capital initiatives in both the FDIC Strategic Plan and the FDIC 2002 Annual Plan. However, the FDIC has not yet finalized its development of a fully integrated human capital framework, such as the Human Resources Strategic Plan could provide. The HRC indicated that the draft Human Resources Strategic Plan would be revisited this fall before presenting it to the COO, CFO, and Deputy to the Chairman. We consider completion of this plan to be a critical priority for the FDIC.

  • The Corporation's annual planning process addresses workforce planning in its core staffing analysis. However, the Corporation's current practices do not include a formalized corporate-wide skill gap analysis for long-term human capital planning purposes. In its draft Human Resources Strategic Plan, the Corporation recognized that the FDIC does not have such a process to compare the skills possessed by the workforce against future needs and identify strategies to address those gaps.

Acquiring, Developing, and Retaining Talent

  • DOA's Training and Consulting Services Branch, as the principal training and employee development organization, works with the divisions and offices to identify the best ways to address their learning needs and develop core training programs.

  • The strategies embodied in the FDIC Diversity Strategic Plan include enhancing the corporate recruiting program, creating developmental opportunities, enhancing the internal and external selection processes, and addressing benefit and workplace issues.

  • The Chairman's announcements of the Corporate University and job rotation program will build on the Diversity Strategic Plan foundation and help create a broader corporate perspective through training and employee development.

  • The Corporate University Steering Committee is currently developing its strategy for the Corporate University to best fit the FDIC's mission and operations. The Committee is also consulting with private-sector corporate universities, academic institutions, and other experts to identify best practices. The Steering Committee anticipates completing its work and presenting an options paper to the Chairman by the end of 2002.

Because human capital management is critical to the Corporation's future success, we will continue to monitor the Corporation's progress and provide audit coverage of the program and initiatives, as we deem appropriate.

Containing Costs and Assessing
Business Processes

The Corporation continues efforts to identify and implement ways to contain and reduce costs, either through more careful spending or assessing and making changes in business processes to increase efficiency. As steward for the BIF and the SAIF, the FDIC looks for cost reductions and efficiency improvements to minimize the draw on the funds.

The Corporation has taken steps to increase emphasis in this area. As discussed in the previous section of this report, savings will result from the Corporation's planned building of its new Virginia Square site. It is also expected that the Corporation's New Financial Environment will result in lower costs, better functionality, and enhanced efficiency. Several other initiatives are in process to better understand what the various business processes and activities within the FDIC cost, how they can be made more efficient, and how they compare to private and public sector entities. The Corporation may also need to recognize and plan for unmet needs which can add to operating costs. Such needs may include, for example, further ensuring information resources security and maintaining essential physical security.

Since being named head of the FDIC, FDIC Chairman Powell has underscored the importance of efficiency and effectiveness of the FDIC in various communications with FDIC employees. Certainly, the Corporation's organizational streamlining and downsizing were designed to achieve such efficiencies and economies. Additionally, the Corporation is evaluating the cost of certain corporate operations against appropriate benchmark organizations. The results of such studies will help the Corporation identify areas in which its costs may be higher than other organizations and potential "best practices" to reduce these costs.

In this connection, the Corporation is implementing a service costing initiative-new procedures to charge receiverships for services provided by the Corporation by applying standard rates. This initiative should also result in improved allocation of receivership expenses. The OIG is conducting a review of data quality of service costing to determine whether adequate controls exist to ensure the accuracy, timeliness, and completeness of receivership-related data used by the service costing system. Additionally, the OIG plans future work on service costing billing rates to determine whether the rates developed have been adequately supported and controls are in place to ensure that receiverships are being accurately billed. Our results will be discussed in future semiannual reports.

The FDIC's Travel Card Program

We conducted an audit of the Corporation's travel card program and concluded that the Corporation has taken necessary steps to implement effective internal control over the program. The FDIC's policies and monitoring activities, along with the Bank of America's contractual travel card restrictions, serve to mitigate the risk of abuses and potential damage to the public's confidence in the Corporation as financial institution supervisor or insurer.

Ensuring Security of Physical and
Human Resources

Largely in light of the events of September 11, 2001, we identified an emerging issue that the FDIC needed to address: the security of the FDIC's physical and human resources. The Corporation has devoted considerable attention to these areas since the tragic events of that day and continues to do so. It has enhanced important physical security features of its properties. It has worked to keep employees informed of security matters and events occurring in the Washington, D.C., area and field offices that may impact employee safety and security. It also developed an Emergency Response Plan on which the OIG provided extensive comments to the Chief Operating Officer during the previous reporting period.

We completed fieldwork on our evaluations of the FDIC's physical security of Washington, D.C., area and regional and field office facilities during the reporting period and issued two reports conveying our results.

Evaluation of Physical Security for the FDIC's Washington, D.C. Area Facilities
We issued a report on the FDIC's physical security program and its implementation in the Corporation's Washington, D.C. metropolitan area facilities, including Virginia Square. Generally the Corporation's program addresses perimeter security, entry security, interior security, and security planning-the four broad areas covered by Department of Justice-recommended minimum security standards. However, we noted several areas where the Corporation could improve its physical security program. Specifically, the Corporation needed to require that a risk level be assigned to each FDIC building and that the minimum security standards deemed practicable for each building be documented. Security risk assessments of FDIC facilities also needed to be conducted in accordance with time frames prescribed by FDIC policy. Finally, and this is a point that DOA recognized and acted upon, the initial design and assignment of responsibilities for emergency evacuation to both the Physical Security Unit and the Health Safety and Environmental Unit was confusing, and responsibilities were reassigned solely to the Physical Security Unit. We made 11 recommendations and offered several suggestions to better ensure the safety and security of individuals and property. The actions already taken or planned by the Corporation are responsive to our concerns.

Security for Field Sites
We also reported that regional and field offices had implemented perimeter, entry, and interior security measures that met or exceeded the Department of Justice's recommended minimum standards for the facilities' assigned security levels. DOA had performed vulnerability assessments of regional and field office facilities and implemented recommended security measures identified from those assessments. Each of the 15 offices in our sample had established procedures for responding to and reporting on emergencies and other security-related incidents. However, differences existed among the various offices regarding the types of security-related incidents reported for inclusion in the FDIC's incident reporting and investigation system. This inconsistent reporting limited the FDIC's ability to use the data for detecting trends that may require additional security measures. We made two recommendations to improve the completeness and usefulness of data contained in the system, and management agreed with both of them.

Update on Emerging Issue: The Quality of Bank Financial
Reporting and Auditing

During the previous reporting period, the OIG identified the following emerging issue as warranting FDIC management's attention.

Recent highly publicized business failures, including financial institution failures, have raised significant questions about the quality of financial reporting and auditing of these businesses. Various dimensions of this issue have been, and continue to be, widely discussed and reported in various forums, most notably with congressional hearings on the failure of Enron Corporation. Aspects of the problem as it relates to financial institutions have been documented in relatively recent OIG work on bank failures-Superior Bank and Keystone Bank-as presented in prior semiannual reports.

The issues involve interrelated roles of management (including Boards of Directors and Audit Committees), independent auditors, and regulators. Management is primarily responsible for the reliability of financial reports with auditors providing an independent audit function and regulators relying on the financial data.

Affected regulators include the Securities and Exchange Commission as well as the FDIC and other financial institution regulators. The need for reliable financial data affects the ability of regulators to effectively achieve their oversight missions. To the extent that the financial reporting of businesses (including financial institutions) is not reliable, the regulatory processes and mission achievement can be adversely affected. Financial institution regulators are affected by the quality of reporting of financial institutions and businesses transacting with financial institutions. Critical operational processes of financial institution regulators can be adversely affected. Essential research and analysis (used for economic analysis and decision-making) and bank supervision (examinations) can be complicated and potentially compromised by poor quality financial reports and audits.

In addition to supervision safety and soundness issues, the FDIC, in its roles as receiver and insurer, is potentially affected by financial reporting and audit quality, regardless of whether the FDIC is the primary federal regulator. Receivership management operations, relying on accounting and auditing contractors, can be adversely affected. Potentially, the insurance funds can be affected, for example, by financial institution and other business failures precipitated in whole or in part by financial reporting irregularities.

The financial reporting and audit quality issues are complicated by a number of interrelated risk factors, including: auditor independence; complexity and sophistication of business structures and transactions; adequacy and complexity of standards; fraud; auditors' document retention procedures; adequacy of auditor oversight; and qualifications and fitness of Audit Committees, Boards of Directors, and Officers.

Corporation Takes Steps to Address Issue
The Corporation has initiated actions to address many aspects of the bank financial reporting and audit quality issue that we discussed in our last semiannual report. The Corporation's 2001 Annual Report to the Congress (under the Chief Financial Officers Act), issued during this period, discussed this matter as an emerging issue. The Corporation also initiated several key actions to help ensure the quality of financial reporting and auditing of financial institutions.

The Corporation's actions considered the impact of recent significant changes to standards and policies for auditors. These changes resulted from the recent Sarbanes-Oxley Act of 2002 and new government auditing standards for independence issued by the Comptroller General of the United States:

  • The Sarbanes-Oxley Act of 2002 established dramatic changes for publicly held companies and their auditors to protect investors and improve the accuracy and reliability of corporate financial reporting and disclosures. Among other provisions, the Act revised auditor independence rules, created a Public Company Accounting Oversight Board, revised corporate governance standards, and significantly increased the criminal penalties for violations of securities laws.

  • GAO published revised independence standards in January 2002, effective for governmental audits beginning on or after January 1, 2003.

To address these issues, the Corporation established a joint group that included the Office of Internal Control Management, DOA, and the OIG. The OIG's role was to provide independent technical advice. The group's initial objective was to determine the actions that the Corporation should take regarding its use of services from accounting firms to ensure compliance with the new GAO independence standards. The Corporation's Legal Division and the DRR also joined the group to address contract issues within their respective divisions. The DSC subsequently joined the group to ensure coordination with the independence initiatives under consideration, such as the independence requirements and interpretations of the Securities and Exchange Commission and the Sarbanes-Oxley Act of 2002 as it affects accounting firms' work in insured institutions.

Corporate initiatives, highlighted below, address: independence requirements for corporate contracts with accounting firms; auditor independence for insured institutions; disciplining accountants; and additional Sarbanes-Oxley Act considerations.

Independence Requirements for Corporate Contracts with Accounting Firms
The new GAO independence standards include the following two overarching principles:

  • Auditors should not perform management functions or make management decisions; and

  • Auditors should not audit their own work or provide nonaudit services in situations where the nonaudit services are significant/material to the subject matter of audits.

To address the overarching independence principles involving corporate contracts with accounting firms, the following key actions have been taken:

  • Revise ethics regulation to address lack of independence as a conflict of interest. In May 2002, the FDIC Board approved an interim final rule (12 CFR Part 366). A final version of the rule has been prepared for FDIC Board approval.

  • Address significance and materiality for nonaudit services. The Legal Division will work with divisions/offices to prepare factors to be considered in determining whether nonaudit services are significant/material, to assess compliance with GAO's overarching principle.

  • Address expert witness contracts. The Legal Division uses expert witnesses from accounting firms. These firms will be reviewed to ensure there are no conflicts of interest. In addition, the guidance for outside counsel will be updated, as necessary.

  • Address contracts of failed institutions. Guidance is being developed to address auditor independence for contracts with accounting firms inherited from failed institutions.

  • Use Ethics Conflicts Committee. The Legal Division's ethics conflicts committee, established to address potential ethical conflicts of interest, will be convened as necessary to address auditor independence conflicts.

  • Update Acquisition Policy Manual (APM). DOA will update the APM to address auditor independence. The APM establishes a consolidated and uniform set of policies and procedures for procuring goods and services on behalf of the Corporation.

  • Update standard contracts. DOA and the Legal Division will ensure that updated standard contracts address lack of independence as a conflict of interest. Also, contractor certifications will be required to ensure auditor independence standards.

  • Consider automated tracking mechanism. DOA will consider the feasibility of using an automated mechanism to track the various types of auditor services being provided to assist in monitoring potential independence issues.

Also, the OIG is updating its internal policies and procedures to ensure appropriate compliance with Generally Accepted Government Auditing Standards, including independence standards. The OIG will also address the work of accounting firms conducting work under OIG contracts.

Auditor Independence Requirements for Insured Institutions
The FDIC's DSC, in coordination with other financial regulatory agencies, has a number of initiatives underway related to audits of insured banking institutions:

Under FDIC regulations (12 CFR Part 363) and explanatory guidelines and interpretations, auditors of insured institutions with $500 million or more in assets must "meet the independence requirements and interpretations of the SEC and its staff." As a result of the Sarbanes-Oxley Act of 2002, DSC believes that auditors are prohibited from performing both internal audit outsourcing and consulting work for external audit clients.

An interagency working group, headed by the FDIC, had been revising the guidance on auditor independence in the December 1997 "Interagency Policy Statement on the Internal Audit Function and its Outsourcing" in response to the SEC's adoption of revised independence rules in November 2000. As a result of the Sarbanes-Oxley Act of 2002, the guidance will require further revision. The following actions are among those being considered:

  • Advise institutions with $500 million or more in total assets and all publicly-held institutions that they should follow the requirements of the new Sarbanes-Oxley Act;

  • Encourage institutions with under $500 million in total assets that are not publicly held to follow the requirements of the new Sarbanes-Oxley Act; and

  • Advise all state-chartered institutions to also follow any state laws or regulations with regard to auditor independence.

Disciplining Accountants Who Perform Audit Services
For institutions with $500 million or more in total assets - Section 36 of the Federal Deposit Insurance Act requires the federal banking agencies to jointly issue rules of practice for removing, suspending, and barring accountants from performing audit services for institutions subject to Part 363. An interagency working group has been drafting proposed rules of practice. These rules would permit the agencies to suspend/remove/bar independent public accountants from performing services under Section 36 for good cause. The rules of practice would define "good cause."

For all institutions - For several years, the FDIC has maintained a program of reporting apparent noncompliance by bank auditors with applicable professional standards (including Generally Accepted Auditing Standards (GAAS)) to the American Institute of Certified Public Accountants (AICPA) and state boards of accountancy. The AICPA as a professional association investigates GAAS infractions and may discipline accountants. Disciplinary action frequently involves additional education for the disciplined person but may ultimately result in revocation of an accountant's AICPA membership. State boards are able to revoke an accountant's license to practice; however, followup on referrals by some boards may be constrained by financial or staff limitations.

Additional Sarbanes-Oxlely Act Considerations
Where the FDIC has authority under Section 36 of the Federal Deposit Insurance Act, the FDIC is considering whether to amend Part 363 to be consistent with the Sarbanes-Oxley Act by:

  • Requiring independent public accountants to be registered accounting firms;

  • Accepting registration applications, annual reports, and inspection reports of registered accounting firms in lieu of peer review reports;

  • Requiring that the independent public accountant retain audit documentation and any needed computer programs for a period of 7 years; and

  • Adding the duties and responsibilities of the audit committee outlined in the new Act.

The OIG will continue to monitor and assess this issue for consideration in planning future audit and oversight work. In this regard, one ongoing audit is currently reviewing examiner reliance on the work of independent public accountants.

Agreement with GAO Regarding the Corporation's
Financial Statement Audit Work

During the reporting period, we reached agreement with the General Accounting Office (GAO) regarding the level of OIG resources available for the 2002 financial statement audit work and the specific areas that the OIG would accomplish. Based on earlier discussions with GAO, we agreed that the OIG would commit three staff members and perform the receivables from bank/thrift resolutions and receivership receipts audit work. We will conduct the work in accordance with the GAO's Generally Accepted Government Auditing Standards and the GAO/President's Council on Integrity and Efficiency Financial Audit Manual. This approach will enable the GAO to rely on our work for its opinion on each fund's financial statements and internal control.

We also agreed that one OIG staff member will assist GAO in the information systems testing area and have discussed a plan for the OIG to assume complete responsibility for this area in the future. In this regard, we are working on a multi-year strategy for performance of the information systems audit requirements starting in 2003.

The FDIC Stands to Recover Undelivered State
Tax Refunds Belonging to FDIC-Managed
Failed Financial Institutions

During the reporting period we issued a follow-up memorandum to the Director of the Division of Finance and the Director of the Division of Resolutions and Receiverships concerning an earlier review we conducted of undelivered tax refunds. Our earlier review was done to determine whether state revenue or tax departments were holding undelivered tax refunds that belonged to failed financial institutions or their subsidiaries. As a result of that review, we collected about $65,000 in undelivered tax refunds from the state of Massachusetts which we forwarded to corporate officials for posting to appropriate accounting records. We further requested state tax officials in New York and California to research their records to determine whether their states were holding any undelivered or unclaimed tax refunds belonging to FDIC-managed entities.

Tax officials in New York reported back that their research did not identify any such refunds. The tax database they reviewed, however, only covered the past 3 years for refunds. On the other hand, the Tax Counsel for the California Franchise Tax Board reported that California had identified 22 tax refunds totalling $1,576,411 that belonged to FDIC-managed institutions. The majority of the amount belonged to a single institution-Guardian Federal Savings Association of Huntington Beach, California. The Tax Counsel believes that the FDIC will be able to recover $1,559,418 (99 percent of the total) from 6 of the 22 tax refunds held by state tax officials and added that the state would also pay interest to the FDIC for the period that the states held the refunds. Refunds for the remaining 16 institutions may not be collectable because California has suspended the corporate powers of these entities.

Our memorandum advised that the Corporation should seek to promptly recover the undelivered tax refunds. Additionally, we suggested that the Corporation follow up with the state of New York to determine whether information on undelivered tax refunds from the late 1980s and early 1990s can be accessed for purposes of identifying refunds owed to the FDIC. We also suggested that the FDIC determine a risk-based approach to reviewing other states for undelivered tax refunds. We informed the Corporation that we considered the $1,559,418 as a potential monetary benefit to the Corporation. The Corporation has taken steps to address each of our suggested actions.


Investigations Statistics
April 1, 2002 - September 30, 2002

Judicial Actions
OIG Investigations Resulted in:
Fines of$8,800
Restitutions of$819,166,126
Other Monetary Recoveries of$689,691
Cases Referred to the Department of Justice (U.S. Attorney) 11
Referrals to FDIC Management 3
OIG Cases Conducted Jointly with Other Agencies 50

The Office of Investigations (OI) is responsible for carrying out the investigative mission of the OIG. Staffed with agents in Washington, D.C., Atlanta, Dallas, and Chicago, OI conducts investigations of alleged criminal or otherwise prohibited activities impacting the FDIC and its programs. As is the case with most OIG offices, OI agents exercise full law enforcement powers as special deputy marshals, under a blanket deputation agreement with the Department of Justice. OI's main focus is investigating criminal activity that may harm or threaten to harm the operations or the integrity of the FDIC and its programs. In pursuing these cases, our goal, in part, is to bring a halt to the fraudulent conduct under investigation, protect the FDIC and other victims from further harm, and assist the FDIC in recovery of its losses. Another consideration in dedicating resources to these cases is the need to pursue appropriate criminal penalties not only to punish the offender but to deter others from participating in similar crimes.

Joint Efforts

The OIG works closely with U.S. Attorney's Offices throughout the country in attempting to bring to justice individuals who have defrauded the FDIC. The prosecutive skills and outstanding direction provided by Assistant United States Attorneys with whom we work are critical to our success. The results we are reporting for the last 6 months reflect the efforts of U.S. Attorney's Offices in the District of Massachusetts, the Southern District of New York, the Eastern District of New York, the Southern District of Illinois, the Southern District of Iowa, the Southern District of West Virginia, the Eastern District of Tennessee, the Northern District of Alabama, the Southern District of Florida, the Western District of Oklahoma, the Northern District of Texas, the Western District of Texas, and the Central District of California.

Support and cooperation among other law enforcement agencies is also a key ingredient for success in the investigative community. We frequently "partner" with the Federal Bureau of Investigation (FBI), the Internal Revenue Service (IRS), Secret Service, and other law enforcement agencies in conducting investigations of joint interest.


Over the last 6 months, OI opened 23 new cases and closed 12 cases, leaving 113 cases underway at the end of the period. Our work during the period led to indictments or criminal charges against 14 individuals and convictions of 17 defendants. Criminal charges remained pending against 15 individuals as of the end of the reporting period. Fines, restitutions, and recoveries stemming from our cases totaled almost $820 million. The following are highlights of some of the results from our investigative activity over the last 6 months:

Fraud Arising at or Impacting Financial Institutions
Update on Prosecutions Resulting from Investigation
of the Failure of the First National Bank of Keystone

As has been the case in our last several reports, we are again reporting results emanating from the investigation involving the failure of the First National Bank of Keystone (West Virginia). The investigation and prosecutions involving Keystone are being conducted by a multi-agency task force comprised of special agents of the FDIC OIG, FBI, and IRS and prosecutors from the United States Attorney's Office for the Southern District of West Virginia and the U.S. Department of Justice. The FDIC Division of Resolutions and Receiverships has also provided valuable assistance in support of the task force investigations.

An examination that was conducted by the Office of the Comptroller of the Currency in 1999 uncovered information that ultimately resulted in the closure of the First National Bank of Keystone (Keystone) on September 1, 1999. Based on the estimated losses to the insurance fund attributable to the Keystone failure, it is one of the ten costliest bank failures since 1933.

The investigation initially targeted the attempts of the bank principals to obstruct the examination of the bank. Following the successful prosecution of several of the bank officers on obstruction charges, the task force turned its focus to the underlying fraud in the operation of the bank that led to the bank's failure. During the current reporting period, the former senior executive vice president and chief operating officer of Keystone was sentenced on May 29, 2002, in the U.S. District Court for the Southern District of West Virginia to a total of 27 years and 3 months' incarceration to be followed by 3 years' probation. The incarceration is to be served concurrently with her other sentences. She was also ordered to make restitution in the amount of $812,690,627.

The defendant had previously entered a plea of guilty on March 4, 2002, to a criminal information charging her with bank fraud and conspiracy to commit money laundering. Those charges were based on an investigation disclosing that she:

  • diverted monies from the bank's general ledger accounts to her accounts and those of others,

  • made false entries in the records of the bank to conceal financial losses that the bank sustained from a complicated loan securitization program that led to the bank's insolvency,

  • conspired with other uncharged former officials of the bank to launder the proceeds of the bank fraud on at least 335 occasions totaling more than $27 million, and

  • engaged in two other money laundering transactions totaling approximately $10.7 million.

At the time of her most recent sentencing, the defendant was already in prison serving sentences of 4 years and 9 months that she had received in July 2000 following her conviction on charges of obstructing the examination of the bank that ultimately resulted in its closure and 22 years and 7 months that she had received in March 2002 following her conviction on charges of embezzlement, mail fraud, and conspiracy relating to her involvement in the estate of the institution's former president. That sentencing also included an order that she pay $6,120,000 in restitution.

To date, four of the former officers of the bank have been convicted and sentenced for obstructing the examination of the bank. Two of those same officers along with three other officers have been convicted on various other charges relating to illegal activity at the bank, including bank fraud, money laundering, embezzlement, mail fraud, insider trading, and filing false income tax returns. Sentencings thus far have totaled over 88 years' confinement, over 32 years' probation, fines of $124,500, and over $1.3 billion in court-ordered restitution.

The Keystone Task Force is also pursuing a related investigation involving the theft of assets under control of the United States as a result of the failure of Keystone. On June 5, 2002, a former prison inmate with the senior executive vice president and chief operating office of Keystone was indicted by a federal grand jury in the Southern District of West Virginia for violating several federal statutes in connection with an alleged scheme to fraudulently obtain and resell assets. As a part of the prosecution of the cases against the former Keystone bank officer, an injunction was obtained by the government to protect the value of assets that might be used to satisfy any judgment obtained by the FDIC against her. The indictment alleges that, upon her release from prison, the woman participated in a scheme to fraudulently obtain some of the assets that had been frozen by the injunction and resell them to individuals in four states, collecting in excess of $170,000. As part of the scheme, she is alleged to have falsified a document that contained a facsimile of the signature of a United States District Court Judge, which she used to obtain possession of some of the property. Included among the assets she is alleged to have illegally obtained were firearms, classic automobiles, Harley-Davidson motorcycles, a pontoon boat, a ski boat, sport utility vehicles, a tractor, and various other types of vehicles and farm equipment. The Keystone Task Force is continuing to coordinate with the trustee and with the FDIC Division Resolutions and Receiverships in identifying and recovering the stolen assets.
Former Director and Former Vice President of Hartford-Carlisle Savings Bank Sentenced, and Former President and Two Former Board Members Plead Guilty to Bank Fraud-Related Activities Investigations involving the now-defunct Hartford-Carlisle Savings Bank (HCSB), Carlisle, Iowa, culminated in several successful prosecutions during this reporting period. HCSB was an FDIC-regulated institution that was closed on January 14, 2000, by the Iowa Division of Banking and was
reopened the next day under new ownership. State banking regulators questioned the validity of about $6 million in loans when the bank was closed. The FDIC removed the president a week before the bank was closed. At the time, the FDIC concluded that the president, who was also the bank's largest shareholder, had probably engaged or participated in acts, omissions, and practices that constituted "violations of law and regulations, unsafe or unsound banking practices, and breaches of his fiduciary duties to the bank." The investigations that followed the failure of the bank were conducted jointly by the FDIC OIG and the FBI, and the corresponding prosecutions were handled by the U.S. Attorney's Office for the Southern District of Iowa.

On April 12, 2002, a former director of HCSB and shareholder in the bank holding company of HCSB was sentenced in U.S. District Court for the Southern District of Iowa to 3 years' probation and fined $3,000. The sentencing was based on his entry of a plea of guilty in January 2002 to a one-count information charging him with making false statements to HCSB. The false statements were made in a loan application he submitted to HCSB as president of an oil company wherein he stated that the specific purpose of the $500,000 loan was for "term/equipment." Upon receipt of the loan proceeds, he invested the money in the bank holding company of HCSB.

On May 23, 2002, a former vice president and director of HCSB was sentenced in U.S. District Court for the Southern District of Iowa to 3 years' probation and fined $500. The sentencing followed that defendant's plea of guilty in February 2002 to a one-count information charging him with making a false statement to the FDIC. In his position as a vice president and director of HCSB he submitted Consolidated Reports of Condition (Call Reports) to the FDIC. The information to which he pled guilty charged that he submitted a Call Report to the FDIC on behalf of HCSB covering the time period ending June 30, 1999, that failed to identify the existence of a $1 million loan made by the bank to the bank's former president.

On September 4, 2002, the former president of HCSB entered a guilty plea, in the Southern District of Iowa, to 8 counts of a 34-count indictment returned by a federal grand jury in November 2001 charging him and his two brothers, both of whom were former board members of HCSB, with various bank fraud-related activities. The former president pled guilty to making false entries in the records of HCSB in two instances by overstating the value of assets on financial statements submitted in connection with loan applications, and in two other instances by misrepresenting the purpose of loans. He also pled guilty to 4 counts of making false statements. Two of those instances involved the submission of Call Reports to the FDIC that failed to disclose that HCSB had made loans to its executive officers. The third false statement involved his creating a fraudulent HCSB cashier's check and related deposit ticket, which he provided to FDIC examiners purporting them to be true documents. In the fourth instance, he pled guilty to submitting a false financial statement to another FDIC-insured financial institution in connection with an outstanding loan, by understating the true amount and value of his debts and liabilities.

As a result of continuing plea negotiations with the U.S. Attorney's Office, on September 11, 2002, the former president entered guilty pleas to seven additional counts of bank fraud. His brothers also entered guilty pleas on September 11, 2002 to bank fraud for making or causing to be made false statements to the Federal Reserve Bank in connection with an application to acquire the stock of HCSB. The brothers also agreed to make restitution to the FDIC in the amount of their outstanding loans to HCSB at the time of the bank failure, which is estimated to be over $200,000 for each.

The sentencings of the former president and his brothers are scheduled to occur in 2003.

Former Bank Official and Two Bank Customers of First State Bank, Harrah, Oklahoma,
Sentenced for Conspiring to Commit Bank Fraud

On August 7, 2002, a former executive vice president of First State Bank, Harrah, Oklahoma, was sentenced in the United States District Court for the Western District of Oklahoma to 5 years in prison, 180 days' home incarceration, and 208 hours of community service, and was ordered to pay restitution of $3,529,500.

As we previously reported, in February 2001 the former executive vice president and a customer of the bank who was a cattle broker, each pled guilty to conspiracy to commit bank fraud for their participation in a scheme to defraud the bank by creating a series of 11 fraudulent nominee loans. From August through December 1998, they recruited nominee borrowers and created fictitious nominee borrowers to obtain the loans. A nominee borrower is a person or entity whose name is used for the purpose of obtaining a bank loan when the proceeds are actually used for the benefit of another. The former executive vice president used his position at First State Bank to prepare loan documents, secure loan approvals, and disburse the loan proceeds to the cattle broker's employer. The loan proceeds from this scheme totaled $1,703,500.

On August 8, 2002, the cattle broker was sentenced to 14 months in prison to be followed by 3 years' supervised release and was ordered to pay restitution of $1,703,500.

The same former executive vice president was also involved with another customer of the First State Bank in a separate scheme to defraud the bank. In January 2002 that customer pled guilty to a one-count information charging him with conspiracy to commit bank fraud. The information charged that from August through December 1998 the customer conspired with the former executive vice president and others in a scheme to defraud the bank by creating two forged cashier's checks totaling $1,052,000. The checks listed the customer as the remitter, even though he had not expended any funds to purchase those checks.

On August 6, 2002, that customer was sentenced to 5 years in prison to be followed by 3 years of supervised release.

The investigation leading to these actions was conducted jointly by the FDIC OIG and the FBI, and the cases were prosecuted by the U.S. Attorney's Office, Oklahoma City, Oklahoma.

Former Bank Official Pleads Guilty and Is Sentenced for
Bank Fraud, Income Tax Evasion, and Receiving Kickbacks on Loans

On September 23, 2002, a former official at two banks in Morristown, Tennessee, was sentenced in U.S. District Court for the Eastern District of Tennessee to serve 15 months in prison to be followed by 3 years' probation. He was also ordered to pay restitution of $47,563. As part of his plea agreement with the government, the defendant also agreed to consent to an order to be issued by the FDIC banning him from banking.

The sentencing of the former bank official followed his entry of a guilty plea in June to a three-count information charging him with bank fraud, receiving kickbacks on loans, and filing a false federal income tax return. According to the documents filed as part of the plea, the defendant worked for Hamblen County Bank between May 1994 and September 1999 as a vice president, loan officer, and West End branch manager in Morristown, Tennessee. Between September 1999 and November 2000 he was a loan officer and then an assistant vice president and branch manager of Citizens Bank of Grainger County. While employed at these two financial institutions, he received kickbacks on three loans for the purchase of real estate for which the loan amount exceeded the purchase price. He also received kickbacks on numerous loans submitted by an auto sales dealership, the applications for which contained false and misleading information regarding vehicle values, down payments, and the customers' ability to repay.

The guilty plea to bank fraud was based on his failure to disclose his beneficial interest in a number of real estate transactions in which he was involved in securing purchase loans from the institutions where he was employed. As a result of his beneficial interest in the properties, he received a portion of the profits when the real estate was sold. His conviction on filing a false income tax return was based on his failure to report the money he received from the above-described kickback and bank fraud schemes.

The investigation was conducted jointly by agents of the FDIC OIG, FBI, and IRS Criminal Investigations Division, and the prosecution was handled by the United States Attorney's Office for the Eastern District of Tennessee. The FDIC OIG and the prosecutors also coordinated with the FDIC Legal Division and the Division of Supervision and Consumer Protection regarding the order to be issued by the FDIC banning the former bank official from banking.

Bank Customer of Illinois Bank Is
Sentenced for Bank Fraud

On September 30, 2002, the owner of a company that was a customer of Murphy Wall State Bank (MWSB), Pinckneyville, Illinois, was sentenced in the U.S. District Court for the Southern District of Illinois to serve 3 years' probation and was fined $5,000. The sentencing followed his prior plea of guilty in March 2001 to a one-count information charging him with bank fraud.

As previously reported, this bank customer and the former executive vice president of MWSB, were both charged in 2000 in connection with a loan fraud scheme. The former executive vice president pled guilty to obstructing the examination of a financial institution and was sentenced in November 2000 to 1 year's probation and was fined $2,000. Additionally, he signed a Stipulation and Consent agreement with the FDIC resulting in a corresponding order prohibiting him from participating in the operations or affairs of any federally insured depository institution.

The OIG is participating jointly with the FBI in several investigations involving MWSB that are being prosecuted by the U.S. Attorney's Office for the Southern District of Illinois. In addition to the prosecutions described above, these cases have resulted thus far in the conviction of another customer of MWSB on bank fraud charges. That customer was sentenced in June 2001 to 4 months in jail, to be followed by 4 months of home detention and 5 years' probation. He was also fined $200 and ordered to make restitution of $157,312 to MWSB. Although the former president of MWSB was indicted on charges of obstructing an examination of the bank, making a false statement to the FBI, making false bank entries, and misapplying bank funds, he was acquitted on those charges in June of this year.

Former Officer Pleads Guilty to Misapplying Funds of the Institution
for Savings of Newburyport, Massachusetts

On July 8, 2002, the U.S. District Court for the District of Massachusetts accepted a plea of guilty by a former officer of the Institution for Savings (IFS) of Newburyport, Massachusetts, to 59 counts of misapplying the funds. As described in our last semiannual report, the former officer was indicted in March 2002 for misapplying a total of approximately $162,000 of funds between February 1997 and March 2001 by negotiating her personal checks at IFS and then removing them from the bundle of items that IFS was sending to the Federal Reserve Bank for processing. Later, when the missing amounts were reported back to IFS, she would make entries in the books and records of IFS to conceal the missing funds.

As a part of her plea agreement with the government, the defendant will also forfeit her home in Amesbury, Massachusetts, which was purchased, in part, with some of the funds that she embezzled.

The investigation of this case is being conducted jointly by agents of the FDIC OIG and the FBI. Prosecution of the case is being handled by the United States Attorney's Office for the District of Massachusetts.

Owners of Construction Company Indicted for Defrauding
Community Bank of Blountsville, Alabama

On June 11, 2002, an indictment was unsealed that had been returned on May 31, 2002, by a federal grand jury in the Northern District of Alabama charging the husband and wife owners of a construction company and the company itself with bank fraud and conspiracy to commit bank fraud.

As alleged in the indictment, between December 1997 and July 2000 the couple used their company to submit invoices for construction work purportedly performed for Community Bank, an FDIC-regulated bank located in Blountsville, Alabama. According to the indictment, some of the invoices were for work that was never performed and other invoices were for personal construction work performed for the bank's chief executive officer, relatives of the chief executive officer, and the bank's vice president of construction and maintenance. The indictment further alleges that the records of the bank were falsified to reflect that the work was completed at the bank's facilities. In total, the defendants are alleged to have received approximately $1,685,000 as a result of the fraud scheme.

The indictment includes a forfeiture claim seeking any property derived from the fraud scheme. Specifically identified in the forfeiture count are the contents of a bank account of the company, a boat, 2 motorcycles, 11 vehicles, 2 tractors, 7 trailers, various construction equipment, and 6 pieces of real estate.

As we previously reported, in October 2001 agents from the FDIC OIG and FBI seized over $70,000 in proceeds and some unsold items including a semi-tractor trailer and two motorcycles following an asset sale by the construction company. Subsequently, all of the bank accounts of the company were frozen pursuant to a U.S. District Court order.

The investigation of suspected fraud involving Community Bank is being conducted by agents from the FDIC OIG, FBI, and IRS.

Management and Sale of FDIC-Owned Assets
Former Employee of Contract Asset Management Company
Pleads Guilty to Theft of Government Funds

On September 12, 2002, a former employee of a company hired by the Resolution Trust Corporation to manage assets entered a plea of guilty in the U.S. District Court for the Western District of Texas to a one-count information charging him with theft of funds belonging to the FDIC.

The plea was the result of an investigation initiated by the FDIC OIG based on a referral from the FDIC Division of Resolutions and Receiverships indicating that the defendant may have been engaged in self-dealing in the sale of at least one asset. The investigation disclosed that the defendant used his position as an asset specialist with the contractor to negotiate and sell FDIC assets to entities with whom he had undisclosed agreements to collect additional payments and fees. To hide his conflicting interests in the sale of assets, he arranged with his wife and one of his associates to form two companies for the sole purpose of purchasing properties from the portfolio of properties he was responsible for managing for the Resolution Trust Corporation/FDIC. Properties sold to these companies were re-sold shortly thereafter for a higher amount. The defendant also collected additional fees and payments during the sale of the assets.

Through his self-dealings, the defendant received approximately $700,000 in kickbacks and caused the FDIC and the asset management company losses of approximately $1.2 million. In her capacity as the designated owner of one of the companies, the defendant's wife has settled a civil suit filed against her by the asset management company for $541,000, which represents the financial gain realized by that company as a result of the self-dealings. The asset management company, in turn, remitted these settlement funds to the FDIC. The asset management company has also received an "Arbitration Award" against the defendant for

  • actual damages of $631,256.60,

  • punitive damages of $150,000,

  • arbitration cost/expenses of $12,900,

  • prejudgment interest on actual damages of $111,121.83, and

  • post-judgment interest of 10 percent per annum on the entire award.

This investigation was conducted jointly with the FBI, and the criminal prosecution is being pursued by the U.S. Attorney's Office for the Western District of Texas.

Real Estate Speculator Ordered to Pay FDIC
Restitution of $378,000

On September 30, 2002, a real estate speculator was sentenced in the U.S. District Court for the Central District of California to 37 months' incarceration to be followed by 36 months of probation. He was also ordered to pay restitution of $912,000, of which $378,000 is to be paid to the FDIC.

The OIG initiated an investigation based on information that was referred by the Division of Resolutions and Receiverships indicating the defendant and an accomplice may have defrauded the FDIC as part of a transaction involving an FDIC-owned single family residence in Sunset Beach, California. The FDIC had assumed ownership of the property following the closure of Mechanics National Bank.

The investigation confirmed that the FDIC had been defrauded. However, during the course of the investigation it was discovered that the defendant was also under investigation by the FBI for similar fraud schemes involving two other properties and that he had already been indicted on an older, unrelated FBI case involving loan fraud. He pled guilty and was sentenced to probation in December 1998 on the loan fraud case. In pursuing prosecution of the more recent illegal activities, the Assistant United States Attorney who handled the case chose to charge him based on his conduct involving the non-FDIC properties but to use the information pertaining to the FDIC property as relevant conduct during sentencing. Accordingly, when the defendant was sentenced as described above in connection with his prior guilty plea to wire fraud and money laundering, the restitution he was ordered to pay included $378,000 to be paid to the FDIC.

FDIC Property Management Contractor Agrees to Pay FDIC $38,000
On September 10, 2002, an FDIC property management contractor signed a settlement agreement with the FDIC and the United States Attorney's Office for the Eastern District of New York which stipulates that the company will pay the FDIC $38,000. In return, the U.S. Attorney's Office and the FDIC agreed not to pursue potential prosecution or administrative action related to the company profiting from the sale of an FDIC property.

An OIG investigation was initiated based on information received by the OIG Hotline alleging that the company improperly profited from the sale of a property it

managed for the FDIC. The investigation determined that a principal of the company provided financing to the purchaser of a property he was managing for the FDIC. Additionally, the investigation determined that when the original purchaser resold the property, the same company principal received not only his original investment, but an agreed-upon profit.

Based on the results of the investigation, the U.S. Attorney's Office and the FDIC negotiated a settlement with the company whereby the company will repay the FDIC the $28,000 profit it received on the transaction plus $10,000 towards the cost of the OIG investigation.

Restitution and Other Debt Owed the FDIC
Owners of Company that Owed Over $3 Million to the Former First New York
Bank for Business Indicted for Conspiracy and Bank Fraud

On June 20, 2002, the two owners of a company that borrowed over $3 million from the now-defunct First New York Bank for Business (First New York) were indicted by a federal grand jury in the Southern District of New York on charges of defrauding and conspiring to defraud the bank. The FDIC was appointed to act as the receiver for First New York following its closure by the State of New York Banking Department in November 1992.

As alleged in the indictment, beginning in March 1990, the defendants entered into a series of loan agreements, guarantees, and promissory notes on behalf of their company with First New York. In 1992, they acknowledged they had defaulted on the loans and entered into repayment agreements with First New York in which, among other things, they agreed to repay the loans by granting First New York the right to clear all payments made by company's customers. The defendants also agreed to direct all present and future customers to make their payments directly to First New York.

However, unbeknownst to First New York, between July 1992 and August 1995 the defendants deposited accounts receivable payments owed to First New York pursuant to the agreements into an account they had set up at another bank. The indictment also alleges that, in furtherance of their scheme, they formed a series of shell companies, which they used to falsely hide business activities between the company and its customers, thereby circumventing the repayment agreements with First New York.

The OIG initiated this investigation based on a referral from the FDIC Legal Division, which became aware of questionable transfers during the discovery phase of civil litigation with the company over its debt.

Former Contract Auctioneer Pleads Guilty and
Is Sentenced for Credit Card Fraud

On April 18, 2002, a former contract auctioneer for the Resolution Trust Corporation pled guilty in the U.S. District Court for the Southern District of Florida to credit card fraud in excess of $200,000. The plea was entered pursuant to an agreement with the United States, which also provided that a second charge pending against him for concealing assets to avoid paying restitution to the FDIC would be withdrawn. However, he acknowledged in the plea agreement that he still owes approximately $77,000 in restitution in connection with the credit card fraud and that he owes the FDIC restitution of $118,130 less payments already made. On June 11, 2002, he was sentenced in the U.S. District Court for the Southern District of Florida to 18 months in jail, 3 years' probation, and ordered to pay $76,985.51 in restitution.

The defendant and his company were the subjects of a prior OIG investigation that resulted in his prosecution for embezzling funds from the FDIC while serving as a contract auctioneer. In April 2000 he was sentenced in that case to serve 5 months of confinement, 150 days of home detention, and 1 year of probation and to pay a fine of $75,000. Also as part of the sentencing, he and his company were ordered to pay restitution jointly and severally of $118,130 to the FDIC.

Following a joint investigation by agents of the OIG and the U.S. Secret Service, the former contract auctioneer was indicted in August 2001 for concealing assets to avoid paying the restitution to the FDIC and for credit card fraud. With respect to the concealment charge, the indictment alleged that he transferred his interest in his home via quit claim deed to his wife within days after learning of an imminent potential indictment against him in the embezzlement case. The home was sold in May 2000 for a net profit of $663,396.

Misrepresentations Regarding FDIC Insurance or Affiliation
Accomplice Sentenced for Participation in Fraud Scheme
Involving Uninsured Certificates of Deposit

On April 18, 2002, an accomplice in a fraud scheme involving the sale of certificates of deposit (CDs) was sentenced in the U.S. District Court for the Western District of North Carolina to 41 months' imprisonment and 2 years' probation. He was also ordered to pay restitution totaling $190,662.83. The sentencing followed his prior plea of guilty in August 2000 to one count of money laundering.

The defendant was prosecuted for his part in a scheme involving the sale of CDs that were falsely represented to have been issued by the Bank of America and FDIC-insured up to $100,000, as well as privately insured. The scheme was initiated by the principal owner/manager of an insurance agency located in Oklahoma City, Oklahoma, who, aided and abetted by others, convinced mostly elderly individuals to purchase the CDs through advertisements offering high rates of return. In fact, however, the CDs were issued by an entity established for the purpose of collecting money from the unwary investors. Accordingly, the CDs were not separately insured by the FDIC, nor were they privately insured as promised. More than $1.3 million in proceeds from the sale of CDs was commingled in a single bank account in Dallas, which the principals of the scheme intended to use to make high-risk investments that were not FDIC-insured. The accomplice who was sentenced as described above was the intended recipient of the $1.3 million generated as a result of this scheme.

As we previously reported, the insurance agency owner was also prosecuted for his part in the scheme. Following his guilty plea to one count of securities fraud, in January 2001 he was sentenced to 14 months' imprisonment and 3 years' probation. Additionally, over $1.3 million generated from the sale of the CDs was seized by the government and subsequently returned to the victims.

Securities Dealer Charged and Arrested for Theft and the Selling
of Unregistered Securities Totaling $67,390,735

Based on an investigation that the FDIC OIG is conducting jointly with the Riverside County (California) District Attorney's Office, a 67-count complaint has been filed charging a securities dealer in California with selling unregistered securities (CDs), making false statements in the sale of the securities, and theft. He is also charged with participating in a pattern of felony conduct involving the taking of more than $500,000.

The securities dealer was licensed to sell securities through San Clemente Services, Inc., another company involved in the sale of brokered CDs. However, as reflected in the charges against him, he is accused of defrauding investors through material misrepresentations regarding FDIC insurance coverage, investment yields, fees, and commissions in the sale of approximately 1,241 CDs totaling $67,390,735.

This OIG investigation was initiated based on a referral by the Division of Supervision and Consumer Protection of information obtained during the examination of a bank indicating irregularities in deposits the bank had placed with San Clemente Services. The prosecution of the case is being handled by the Riverside County District Attorney's Office.

Employee Activities
Former Examiner Pleads Guilty and Is Sentenced for
Illegal Conversion of FDIC Funds

On June 12, 2002, a former FDIC examiner with the Division of Supervision was sentenced in the U.S. District Court for the Western District of Texas to 5 years' probation, 100 hours of community service, and ordered to pay restitution of $14,789.01. The sentencing followed the former examiner's guilty plea in April of this year to an information charging her with illegally converting public property (FDIC funds) to her own use. The OIG initiated an investigation of the former examiner based on a referral by the then-Division of Supervision indicating the employee may have submitted false claims to the FDIC for reimbursement of relocation-related expenses. The examiner terminated her employment with the FDIC in May 2000. Based on an affidavit by the OIG case agent which set forth facts obtained during the investigation, a warrant was issued for her arrest, and on March 1, 2002, special agents of the OIG arrested her at her home. As described in the affidavit, between February and May 1998 she submitted vouchers for relocation-related expenses totaling $32,978. The vouchers included claims for temporary quarters supported by hotel receipts that had been manufactured by the employee.

Former Security Guard at FDIC Facility in Dallas Is
Sentenced for Theft of FDIC Cellular Telephones

On August 23, 2002, a former security guard at an FDIC facility in Dallas was sentenced in the District Court for Dallas County, Texas, to pay a fine of $300, court costs of $280.25, and $500 restitution to the FDIC. He was also placed on probation for 1 year.

The OIG initiated an investigation based on a referral from the Division of Information Resources Management indicating that six activated cellular telephones had been stolen from the FDIC offices in Dallas between August 2000 and April 2001. The defendant was identified as the suspect through investigative efforts, which included analysis of telephone calling patterns. He had worked as a security guard at the FDIC facility from August 2000 until April 2001, when he was terminated for unrelated conduct. An interview of the suspect in May 2001 resulted in the recovery of two of the cellular telephones.

Man Who Posed as "FDIC Inspector" Pleads Guilty to Fraudulently
Using Bank Routing and Account Numbers

Pursuant to a plea agreement with the United States Attorney's Office, on September 20, 2002, a man who had posed as an "inspector" with the FDIC pled guilty in the U.S. District Court for the Northern District of Texas to one count of fraudulent use of an access device.

This OIG investigation was initiated based upon a referral from a case manager in the then-Division of Supervision who reported that he had received two phone calls from businesses located at Preston Forest Village shopping center. Both callers said that a man representing himself as an "inspector" with the FDIC had asked to look at their credit card machines and merchant account statements. Investigation identified the defendant as the responsible party. At the time he was employed by a company that is in the business of selling credit card processing services and payment systems to small businesses. Upon learning of his misrepresenting himself as an FDIC inspector, the company terminated his employment.

Further OIG investigation of his related activities disclosed that the defendant had been employed as a collection representative by The Associates National Bank, Irving, Texas, and, as such, had access to the bank routing and account numbers of the bank's credit card clients. In February 2001 he opened an account at Chase Manhattan Bank, Irving, Texas. He then falsely made 10 checks totaling approximately $7,062 using the bank account numbers of clients of The Associates National Bank and deposited the checks into his account at Chase Manhattan Bank.

Witness Is Charged and Pleads Guilty to Theft of Government Funds On July 18, 2002, a witness who had been interviewed as a part of an OIG investigation into alleged concealment of assets pled guilty in the U.S. District Court for the District of Massachusetts to theft of government funds. The witness had been previously indicted in June 2002 for receiving approximately $45,000 in Social Security disability benefits to which he was not entitled.

The witness was contacted as a part of an OIG investigation because of his affiliation with a suspect who was allegedly concealing assets to avoid paying $5 million in restitution that he owed the FDIC as a result of his conviction on bank fraud charges in 1991. Because of apparent false information that the witness provided in an affidavit, additional investigation was conducted which disclosed that he had been continuing to receive Social Security disability benefits to which he was not entitled.

Four OIG Special Agents Receive Attorney General's
Award for Distinguished Service
Department of Justice Award Assistant Special Agent in Charge Phil Robertson, and Special Agents Gary Sherrill, Bart Henkle, and Todd Price were among the 11 team members who received the Attorney General's Award for Distinguished Service for their exemplary work in the investigations and prosecutions relating to the failure of the First National Bank of Keystone (West Virginia). Attorney General John Ashcroft personally presented the award to the team members during the Attorney General's 50th Annual Awards Ceremony, which was held on July 17, 2002, at Constitution Hall in Washington, D.C.

The basis for the award to the Keystone team was summarized as follows in the ceremony program:

"The team is recognized for their exemplary role in the investigation and prosecution of former bank executives in Keystone, West Virginia. They demonstrated outstanding dedication, teamwork, and skill in investigating and prosecuting those responsible for one of the largest single bank failures in recent history, a failure which cost the Federal Deposit Insurance Corporation insurance fund over $800 million. Their noteworthy efforts, which resulted in the conviction of seven defendants and included two trials and a series of guilty pleas in a very complex investigation, serve as a model for cooperation and partnership."

The Distinguished Service award is the second highest award given by the Attorney General. Only three other teams and one individual received the award this year. Among the other recipients in this category were awards for the investigative team responsible for the successful prosecution of Ahmed Ressam, a member of the Osama bin Laden terrorist organization who was arrested transporting explosives in an attempt to destroy the Los Angeles International Airport during the 2000 millennium celebration. Another was presented to the investigative team responsible for the investigation and prosecution of those responsible in the bombings of our embassies in Nairobi, Kenya, and Dar Es Sallam, Tanzania, in August 1998.

OIG Organization

Like the Corporation, the OIG has been engaged in a major downsizing effort, which has resulted in significant reorganization. Through participation in the Corporation's early retirement and buyout program and other attrition, by March 2003, 54 employees will have separated from the OIG, or 25 percent of our April 2002 staff level. The OIG also closed its San Francisco field office during the reporting period. The OIG plans to have a permanent staff level of 168 in 2003, compared with the 215 staff authorized for 2002. As a result, our 2003 corporate budget is 12 percent less than our 2002 budget. The downsizing has presented us with new challenges that parallel the Corporation's challenges-both operational and human capital-related. The separation of so many employees has resulted in a loss of hundreds of years of knowledge and expertise. In light of such dramatic changes, the OIG is committed to evaluating its workload and analyzing existing knowledge and skills to determine what gaps exist, how to best fill those gaps, whether any "surplus" staff exist and, if so, how they can best be re-deployed.

The new organization, though smaller, is more closely aligned with key FDIC mission areas. We are also making strategic changes that align our planning process more closely with our budget process and with reporting requirements of the Inspector General Act. We continue to work to improve the quality of our goals, objectives, and performance measures. The plans that drive our work will reflect the OIG's transition from a calendar year performance planning and reporting cycle to a fiscal year cycle ending September 30. This will be consistent with the OIG's separate appropriation based on a typical government fiscal year and will also be consistent with the semiannual reporting periods prescribed by the Inspector General Act. Further, we have identified four strategic goals to reflect the OIG's future priorities: (1) Value and Impact, (2) Communication and Outreach, (3) Human Capital, and (4) Productivity.

The Office of Audits (OA) was most impacted by the OIG's downsizing initiative. To meet the needs of the Corporation and to better ensure that our work adds value, OA has undergone a major reorganization around five operational directorates: Resolution, Receivership, and Legal Affairs; Insurance, Supervision, and Consumer Affairs; Information Assurance; and Resources Management. A fifth directorate, Corporate Evaluations, performs corporate-wide and other evaluations, which are integrated into each of the other primary Directorates. We issued our Fiscal Year 2003 Assignment Plan, which identifies audits and evaluations based on our understanding of the prioritization of key risks to the FDIC. The projects included in the plan are specifically designed to help the FDIC successfully address risks, meet its many challenges, and accomplish its strategic goals.

OIG Internal IT Security

The OIG continued development of an Information Security Program for the OIG's automated information and systems. The program is part of a wider information security program being implemented throughout the FDIC. The efforts internal to the OIG have thus far included designating an information security manager, appointing an advisory committee with representatives from each OIG organization component, publishing "e-security tips" for OIG staff, and drafting new policies for further consideration. In the future, this program will also address areas such as data access control, hardware control, virus protection, disaster recovery, contingency planning, business continuity, data storage management, and application security management. The OIG is also working with Corporation staff to propose measures to enhance corporate-wide information technology security.

Our Office of Investigations (OI) has also realigned its staff and field operations in response to the OIG's downsizing effort. OI operates two regional offices: the East Region, based in Atlanta, has agents in Atlanta and Washington, D.C., and the West Region, based in Dallas, has agents in Dallas and Chicago. In addition to regional operations, OI maintains a Special Investigations and Electronic Crimes Team based in Washington, D.C. Members of this team are assigned to particularly sensitive investigations and, where needed, provide support to major investigations underway in the regions. This team also specializes in conducting investigations of computer crimes and in supporting OI in cases requiring seizure and analysis of computer evidence. Other OIG offices have adapted to changing workloads and/or combined functions in seeking to improve overall process efficiencies.

While restructuring to a smaller workforce, the OIG continues to look to increasing the value of our people and the performance capacity of the OIG. During this reporting period the OIG issued a Human Capital Strategic Plan, which will align and integrate our human resource policies and practices with the OIG mission. As referenced earlier, the alignment of our human resources with our mission is a new strategic goal in the OIG's revised Strategic Plan. It complements the other strategic goals of the Strategic Plan by seeking to align and integrate human resource policies and practices with our business practices. The Human Capital Strategic Plan outlines four objectives to maximize the return on our human capital investments and sustain a high-performance organization. The objectives relate to workforce analysis; competency investments; leadership development; and a result-oriented, high-performance culture.

Internal OIG Activities
  • Issued Office of Audits' FY 2003 Assignment Plan.

  • Issued OIG Human Capital Strategic Plan.

  • Submitted 2003 corporate budget to the FDIC's Chief Financial Officer. As a result of OIG downsizing, our 2003 budget is 12 percent less than our 2002 corporate budget
  • .

  • Attended and spoke at various conferences regarding information technology and Government Information Security Reform Act (GISRA) issues based on our recent GISRA work, including sponsoring an update conference with the U.S. General Accounting Office (GAO), Office of Management and Budget, and 11 federal departments and 34 independent agencies regarding the implementation of GISRA.

  • Attended various professional conferences including: Institute of Internal Auditors' International Conference; Association of Government Accountants' Professional Development Conference; Federal Audit Executive Council's Annual Conference; FDIC's Corporate Security Conference; and National Academy of Public Administration's Performance Conference.

  • Hosted meeting of GAO-sponsored Joint Information Security Audit Initiative to develop strategies for addressing information security risks to the government.

  • Briefed representatives of the President's Critical Infrastructure Board on recent and planned audit and evaluation coverage of physical and information security issues.

  • Further strengthened the OIG's internal Information Technology Security Program through a number of new initiatives. (See highlighted write-up in this section.)

  • Spoke on information security issues at a meeting of the Computer System Security and Privacy Advisory Board, providing an audit perspective on baseline information security risks, the statutory framework related to information security, program and systems security standards, and matrices that are useful for assessing both information systems and information security programs.

  • Inspector General makes presentations to America's Community Bankers, Conference of State Bank Supervisors, and Independent Community Bankers of

  • America representatives at various briefings during the reporting period. Topics include the role, work, and priorities of the FDIC OIG.
  • Completed a joint evaluation of the Federal Financial Institutions Examination Council, performed jointly with the OIGs of the Department of the Treasury and the Board of Governors of the Federal Reserve System. The evaluation concluded that the Federal Financial Institutions Examination Council is accomplishing its legislative mission of prescribing uniform principles, standards, and report forms and achieving coordination between the banking agencies.

  • Continued participation in inter-agency Government Performance and Results Act (Results Act) Interest Groups sponsored by the President's Council on Integrity and Efficiency and the U.S. Office of Personnel Management to share ideas and best practices on the Results Act implementation.

  • Participated in a panel discussion at the FDIC/Department of Justice Federal Strategies Against Fraud Conference relating to the OIG's investigation of the Keystone National Bank failure. The OIG provided an overview of the obstruction and fraud investigation stemming from Keystone's failure, as well as a discussion of the "red flags" or fraud indicators discovered during the course of this and other investigations.

  • Four OIG Special Agents received the Attorney General's Award for Distinguished Service for their exemplary work in the investigations and prosecutions relating to the failure of the First National Bank of Keystone in West Virginia. (See write-up in Investigations section of this report.)

  • Patricia Black became Deputy Inspector General for the OIG. For the past 5 years Ms. Black has served as Counsel to the Inspector General and was Counsel to the Resolution Trust Corporation (RTC) Inspector General from the RTC's inception in 1989 until the RTC merged with the FDIC.

  • Led a PCIE committee to update OIG quality standards.

  • Reviewed and provided comments on the exposure draft of GAO's revised Government Auditing Standards.

  • Presented results of OIG audits and evaluations at three Audit Committee meetings.

Assistance to FDIC Management
  • Participated in National Conference for Field Office Supervisors regarding the progress of Process Redesign Phase II.

  • Participated in the FDIC's development and implementation of the Office of Management and Budget's Information Quality Guidelines.

  • Briefed the Chairman and FDIC Operating Committee on the OIG's Fourth Annual OIG Client Survey.

  • Commented on the FDIC's 2001 Annual Performance Report. (See Establishing Goals and Measuring Results write-up.)

  • Completed an annual review of the Corporation's Internal Control and Risk Management Program, concluding that the program was conducted in accordance with FDIC policy and was consistent with provisions of the Federal Managers' Financial Integrity Act.

  • Provided technical assistance in a joint project with the Office of Internal Control Management and the Division of Administration to determine whether FDIC policies ensure that accounting and auditing contractors comply with GAO's new independence standards. (See Establishing Goals and Measuring Results write-up.)
  • Attended various meetings with FDIC Division Directors and Division of Supervision and Consumer Protection (DSC) Field Office Supervisors to continue outreach initiatives by discussing ongoing and planned audits and evaluations, risk areas, and other issues of mutual interest. The meetings are intended to communicate and coordinate OIG work throughout the Corporation.

  • Met with Memphis and Atlanta DSC management officials to discuss our Office of Investigations' involvement in open bank investigations, handling of Right to Financial Privacy Act issues concerning DSC examiners and OIG investigations, and bank examiner awareness of situations involving possible obstruction of FDIC bank examinations. Also discussed issues related to open and closed bank investigations being conducted in DSC's Atlanta and Memphis regions and the Office of Investigation's new organizational structure. These issues were also discussed by the Office of Investigations at a Division of Supervision/Division of Compliance and Consumer Affairs training conference.

  • Inspector General and Director, OICM, make a joint presentation to Association of Government Accountants' professional development conference on the roles and responsibilities of the FDIC Audit Committee.

The Inspector General's Seal


FDIC Inspector General
Involvement in IG Community

Over the last 6 months, the Inspector General (IG) community has been very active in helping the government achieve better results. As a whole, the community has remained focused on various management initiatives as well as issuing reports and responding to congressional requests for information. The FDIC Inspector General, who has served as the Vice Chair of the President's Council on Integrity and Efficiency (PCIE) since April 1999, has provided the leadership for the community's efforts.

Over the last few months, the IG community has been concentrating many of its activities on areas that would facilitate agency efforts related to the President's Management Agenda. For example, in the financial management arena, the IG community has worked on erroneous payments and accelerated reporting issues, and produced a guide to review government purchase card activity. In the areas of government performance, information technology, and human capital, PCIE committees and working groups continue to sponsor meetings and forums to share expert experiences and best practices.

To enhance the IG community's ability to continue fulfilling its mission, the PCIE co- hosted its annual conference to highlight challenges facing the community and explore ways to address them. During the 2-day conference, IGs heard perspectives from members of the Administration and agency officials, congressmen and congressional staff, and the media on a cross-section of issues the IG community faces internally as well as when working with their agency heads.

Finally, the PCIE issued several documents over the last 6 months that contributed to good government. These documents addressed our nation's critical infrastructure protection, critical security, and government-wide management challenges. Several of these documents were requested by congressional oversight committees to augment their oversight abilities.

Table 1: Significant OIG Achievements
(April 2002 - September 2002)
Acheivement Number
Audit and Evaluation Reports Issued22
Questioned Costs and Funds Put to Better Use$2.1 million
Investigations Opened23
Investigations Closed12
OIG Subpoenas Issued14
Fines, Restitutions, and Monetary Recoveries$820 million
Hotline Allegations Referred15
Allegations Closed15
Allegations Substantiated1
Proposed Regulations and Legislation Reviewed1
Proposed FDIC Policies Reviewed22
Responses to Requests and Appeals under the Freedom of Information and Privacy Acts 13

Table 2: Nonmonetary Recommendations
Period Number
April 2000 - September 200074
October 2000 - March 200190
April 2001 - September 200134
October 2001 - March 200268
April 2002 - September 200273

OIG Counsel Activities
(April 2002 - September 2002)

The Mission of the Office of Counsel
The Office of Counsel serves the legal needs of the OIG. To that end, Counsel's office provides the legal advice and assistance on the entire range of issues that have faced, are facing, or will face the OIG. The Office litigates personnel cases; provides advice and counsel on matters arising during the course of audits, investigations, and evaluations, including the legal sufficiency of reports; reviews, analyzes, and comments on proposed or existing regulations or legislation, including recent banking legislation and implementing regulations; communicates or negotiates with other entities; responds to Freedom of Information Act and Privacy Act requests and appeals; prepares and enforces subpoenas for issuance by the Inspector General; and coordinates with the Legal Division. Examples include:

Counsel's Office has actively litigated or assisted in the litigation of 11 matters during the reporting period. These matters involved claims brought before the Equal Employment Opportunity Commission and the Merit Systems Protection Board, the "qui tam" provisions of the False Claims Act, and civil and criminal cases in which OIG documents were sought in discovery. These matters are in addition to 12 matters that are awaiting further action by the parties or rulings by the court or other adjudicatory bodies.

Advice and Counseling
Counsel's Office provided advice and counseling, including written opinions on a number of issues, including closed bank matters; personnel issues including downsizing, reorganization, and mobility requirements; use of travel and procurement cards; review of the Gramm-Leach-Bliley Act and FDIC's Special Examination Authority; investigative matters; contract interpretations; and various ethics-related matters. In addition, Counsel's Office provided comments relative to the legal sufficiency of more than 20 audit reports and evaluations.

Legislation/Regulation Review
Counsel's Office has carried out its responsibilities under the Inspector General Act to review proposed or existing legislation and regulations. During this reporting period, Counsel's Office reviewed and provided comments on one FDIC regulation.

Counsel's Office prepared 14 subpoenas for issuance by the Inspector General during this reporting period.

Freedom of Information Act/Privacy Act
Counsel's Office responded to 13 requests under the Freedom of Information Act and the Privacy Act.

[ NOTE:This report has been physically divided into two sections in order to maintain download performance ]
Link to Section II of the OIG's Semiannual Report to the Congress
Last Updated 12/23/2002 Contact the OIG