Inspector General's Statement
When I wrote my last semiannual report statement in October 2003, the Inspector General (IG) community was in the midst of commemorating the 25th anniversary of the IG Act of 1978, and that important event was fittingly acknowledged throughout the community. As Vice Chair of the President’s Council on Integrity and Efficiency, I thank all who contributed to the success of that anniversary. And now, even closer to home, another milestone occurs. On April 17, 2004, my office proudly marked its 15th anniversary. The Federal Deposit Insurance Corporation (FDIC) Office of Inspector General (OIG) was established in 1989, pursuant to the IG Act Amendments of 1988. The Congress amended the IG Act in 1993 to designate the IG position at the FDIC as a Presidential appointment. Since April 29, 1996, I have served as the first FDIC IG appointed by the President. Thus, I have just concluded my 8th year as IG at the FDIC.
The role of an OIG in any agency is unique. At the FDIC, although we are an integral part of the Corporation, unlike any other FDIC division or office, our legislative underpinning requires us to operate as an independent and objective unit at the same time--an organizational placement that is potentially problematic. The FDIC OIG is fortunate, however, in that over the past years, we have established an excellent working relationship with the Corporation. When I testified at a March 2004 hearing on Oversight of the FDIC, held by the House Financial Services Committee, Subcommittee on Oversight and Investigations, I emphasized the OIG’s cooperative relationship with the FDIC. I indicated that both the Chairman and Vice Chairman of the FDIC provide a very supportive “tone at the top” that enables us to carry out our statutory responsibilities. My office appreciates and is committed to continuing that relationship into the future.
This semiannual report discusses our audit and evaluation work over the past 6 months to address the management and performance challenges that we identified and communicated to the Chief Financial Officer in December 2003 for inclusion in the Corporation’s annual report. Several significant audits during the reporting period focused on the challenge of Management and Analysis of Risks to the Insurance Funds, including our audit resulting in a report entitled Observations from OIG Material Loss Reviews Conducted 1993 through 2003. That report addresses recurring and root causes of the failures of 10 financial institutions and reports on the common stages of such failures. We also issued a report during the period on the Corporation’s follow-up of Bank Secrecy Act (BSA) violations in which we reported that the FDIC needs to strengthen its follow-up process for BSA violations to ensure to the greatest extent possible that institutions comply with Department of the Treasury and FDIC anti-money laundering requirements.
Equally important is our body of work in the information technology area, much of which will support our 2004 work under the Federal Information Security Management Act of 2002. In that connection, I wish to highlight the impressive and well-deserved achievement of our Assistant Inspector General for Audits, Russell Rau, who was honored with a Federal 100 Award during the reporting period by Federal Computer Week. These awards recognize individuals in government, industry, and academia for their contributions to the development, acquisition, and management of federal information technology. Rus was cited for his vision, leadership, and pioneering efforts in the information technology audit and evaluation program at the FDIC and for coordinating Federal Information Security Management Act activities among OIGs and others governmentwide.
The investigations featured in this semiannual report show that our work continues to focus on cases of fraud arising at or impacting financial institutions, restitution and other debt owed to the FDIC, and misrepresentations regarding FDIC insurance or affiliation, as we seek to ensure integrity in FDIC and banking industry operations and activities. Of special note during the reporting period, John Crawford, one of the Special Agents from our Atlanta office, received a letter of commendation from the Director of the Federal Bureau of Investigation (FBI) for his exceptional work in the joint investigation with the FBI and Internal Revenue Service-Criminal Investigations of the embezzlement of over $48 million from the failed Oakwood Deposit Bank Company, Oakwood, Ohio.
As an organization, we have also been working aggressively in pursuit of the goals outlined in our recently issued Strategic Plan for 2004 -2008, as evidenced in the many activities and initiatives outlined in the OIG Organization section of this report. We have engaged in efforts to add value and make an impact on the Corporation’s pursuit of its mission. We have taken advantage of multiple opportunities for communication and outreach to the Chairman, the Congress, OIG employees, and other stakeholders. In that regard, we are preparing for our sixth external client survey, an important communication vehicle, to obtain feedback from corporate management. Additionally, aligning our human resources to support the OIG mission and working to effectively and efficiently manage resources and enhance the quality of our efforts has been a principal focus over the past 6 months. We have submitted our budget requests for 2004 and 2005, and each marks a decrease from the previous year. In fact, fiscal year 2005 will mark the ninth consecutive year of such a decrease. We are also undertaking our first OIG employee survey and expect to gain helpful insights from our staff on how we might improve our operations, working conditions, and overall effectiveness.
Looking ahead, we will continue to emphasize information technology and related security at the Corporation. The new Chief Information Officer (CIO) is now in place and we are participating in an advisory capacity at meetings of the CIO Council. We also have advisory participation on the Audit Committee’s Information Technology Security Subcommittee, and with the Division of Information Resources Management’s Transformation Advisory Group. These are clear indications of coordination with management on matters of mutual interest, and we appreciate the opportunity for input. Additionally, the Corporation’s Office of Internal Control Management recently became the Office of Enterprise Risk Management (OERM), representative of that office’s intent to adopt a more proactive and enterprise-wide approach to internal risk management activities. This is another positive step, and we look forward to continuing to work closely with OERM and sharing information as that office sets out in a new direction.
I close by thanking all who have supported me in the past 8 years as I have served as Inspector General at the FDIC—the Chairmen and Vice Chairmen of the FDIC, Members of the Congress, the FDIC Board of Directors, the Audit Committee, FDIC corporate management, others in the IG community, the leadership of the Office of Management and Budget, individuals from other private and public sector agencies and organizations, and especially the members of the FDIC OIG, past and present, who have worked with such dedication to the mission of both the OIG and the FDIC.
Gaston L. Gianni, Jr.
Management and Performance Challenges
The Management and Performance Challenges section of our report presents OIG results of audits, evaluations, and other reviews carried out during the reporting period in the context of the OIG's view of the most significant management and performance challenges currently facing the Corporation. We identified the following 10 management and performance challenges, and, in the spirit of the Reports Consolidation Act of 2000, we presented our assessment of them to the Chief Financial Officer of the FDIC in December 2003. The Act calls for these challenges to be presented in the FDIC's consolidated performance and accountability report. The FDIC included such reporting as part of its 2003 Annual Report. Our work has been and continues to be largely designed to address these challenges and thereby help ensure the FDIC’s successful accomplishment of its mission.
OIG work conducted to address these areas during the current reporting period includes 17 audit and evaluation reviews containing questioned costs of nearly $4.3 million and 51 nonmonetary recommendations; comments and input to the Corporation's draft policies in significant operational areas; participation at meetings, symposia, conferences, and other forums to jointly address issues of concern to the Corporation and the OIG; and assistance provided to the Corporation in such areas as concealment of assets cases and review of the Corporation’s draft Strategic Plan, Annual Performance Plan, and Annual Report.
In the Investigations section of our report, we feature the results of work performed by OIG agents in Washington, D.C., Atlanta, Dallas, and Chicago who conduct investigations of alleged criminal or otherwise prohibited activities impacting the FDIC and its programs. In conducting investigations, the OIG works closely with U.S. Attorneys’ Offices throughout the country in attempting to bring to justice individuals who have defrauded the FDIC. The legal skills and outstanding direction provided by Assistant U.S. Attorneys with whom we work are critical to our success. The results we are reporting for the last 6 months reflect the efforts of U.S. Attorneys’ Offices throughout the United States. Our write-ups also reflect our partnering with the Federal Bureau of Investigation, the Internal Revenue Service, and other law enforcement agencies in conducting investigations of joint interest. Additionally, we acknowledge the invaluable assistance of the FDIC’s Divisions and Offices with whom we work closely to bring about successful investigations.
Investigative work during the period led to indictments or criminal charges against 15 individuals and convictions of 9 defendants. Criminal charges remained pending against 33 individuals as of the end of the reporting period. Fines, restitution, and recoveries stemming from our cases totaled about $1.7 million. This section of our report also includes an update of the work of our Electronic Crimes Team and acknowledges an award given to one of our Special Agents by the Director of the Federal Bureau of Investigation and several gestures of appreciation extended by the OIG to FDIC staff and law enforcement officials who have helped bring about successful investigations.
In the Organization section of our report, we note many significant activities and initiatives that the FDIC OIG has pursued over the past 6 months in furtherance of our four main strategic goals and corresponding objectives. These activities complement and support the audit, evaluation, and investigative work discussed in the earlier sections of our semiannual report. Activities of OIG Counsel and cumulative OIG results covering the past five reporting periods are also shown in this section.
Statistical Tables Required Under the Inspector General Act
The statistical tables required under the Inspector General Act, as amended, are included here.
Management & Performance Challenges
In prior semiannual reports, we have identified our view of the most significant issues facing the Corporation as it carried out its mission. Over the past 8 years, we have reported our work in the context of these major issues in our semiannual reports, largely in response to the request of various congressional Committees that OIGs identify these issues across the government. In our more recent semiannual reports, in the spirit of the Reports Consolidation Act of 2000, we present our work in the context of “the most significant management and performance challenges” facing the Corporation.
In December 2003 we updated our assessment of these challenges and provided them to the Corporation. The 10 challenges we have identified are listed below in priority order and fall under two categories. The first category, which includes challenges 1 through 4, relates to rather broad corporate and industry issues, and the second category, which includes challenges 5 through 10, relates to more specific operational issues at the FDIC. Of note, the challenge of transitioning to a new financial environment was expanded to include the management of other major projects as well. Also, given progress made in the challenge involving organizational leadership, that challenge focuses more now on managing human capital.
We also note that some issues envisioned in our audit and evaluation work for fiscal year 2005 relate to internal governance issues within the Corporation, so that our first listed challenge—adequacy of corporate governance in insured depository institutions—may be broadened in the future to include, for example, the Corporation’s many efforts to assess and manage risk. We plan to continue and perhaps expand our work examining the Corporation’s processes for managing risk going forward to help ensure the Corporation’s success in accomplishing its goals.
We will continue to pursue audits, evaluations, investigations, and other reviews that address the management and performance challenges we identified. Our work during the reporting period can be linked directly to these challenges and is presented as such in the sections that follow. We will continue to work with corporate officials to successfully address all challenges identified.
1. Adequacy of Corporate Governance in Insured Depository Institutions
Corporate governance is generally defined as the fulfillment of the broad stewardship responsibilities entrusted to the Board of Directors, Officers, and external and internal auditors of a corporation. A number of well-publicized announcements of business failures, including financial institution failures, have raised questions about the credibility of accounting practices and oversight in the United States. These recent events have increased public concern regarding the adequacy of corporate governance and, in part, prompted passage of the Sarbanes-Oxley Act of 2002. The public’s confidence in the nation’s financial system can be shaken by deficiencies in the adequacy of corporate governance in insured depository institutions. For example, the failure of senior management, boards of directors, and auditors to effectively conduct their duties has contributed to some recent financial institution failures. In certain cases, board members and senior management engaged in high-risk activities without proper risk management processes, did not maintain adequate loan policies and procedures, and circumvented or disregarded various laws and banking regulations. In other cases, independent public accounting firms rendered clean opinions on the institutions’ financial statements when, in fact, the statements were materially misstated. To the extent that financial reporting is not reliable, the regulatory processes and FDIC mission achievement (that is, ensuring the safety and soundness of the nation’s financial system) can be adversely affected. For example, essential research and analysis used to achieve the supervision and insurance missions of the Corporation can be complicated and potentially compromised by poor quality financial reports and audits. The insurance funds could be affected by financial institution and other business failures involving financial reporting problems. In the worst case, illegal and otherwise improper activity by management of financial institutions or their boards of directors can be concealed, resulting in potential significant losses to the FDIC insurance funds.
The FDIC has initiated various measures designed to mitigate the risk posed by these concerns, such as reviewing the bank’s board activities and ethics policies and practices and reviewing auditor independence requirements. In addition, the FDIC reviews the financial disclosure and reporting obligations of publicly traded state non-member institutions. The FDIC also reviews their compliance with Securities and Exchange Commission regulations and the Federal Financial Institutions Examination Council (FFIEC)-approved and recommended policies to help ensure accurate and reliable financial reporting through an effective external auditing program and on-site FDIC examination.
The Corporation reports that in response to questions about the applicability of the Sarbanes-Oxley Act to insured depository institutions that are not public companies, it issued comprehensive guidance in March 2003, describing significant provisions of the Act and related rules of implementation adopted by the Securities and Exchange Commission. The guidance explained how adopting sound corporate governance practices outlined in the Act may benefit banking organizations, including those that are not public companies, and how several of the Act’s requirements mirror existing banking agency policy guidance related to corporate governance. We have an active program of coverage related to corporate governance within the banking industry that will include a review of the implementation of the Sarbanes-Oxley Act and related banking regulations this year.
Other corporate governance initiatives include the FDIC’s issuing Financial Institution Letters, allowing bank directors to participate in regular meetings between examiners and bank officers, maintaining a “Directors’ Corner” on the FDIC Web site, and the expansion of the Corporation’s “Directors’ College” program. Also, the Chairman has established leadership challenges for FDIC managers that strive to promote external confidence in the FDIC and the confidence of FDIC staff in addressing the strategic goals of the Corporation. While the FDIC has taken significant strides, corporate governance issues are a key concern.
Also, pursuant to the Economic Growth and Regulatory Reduction Act of 1996, the FDIC, along with the other members of the FFIEC, is engaged in reviewing regulations in order to identify outdated or otherwise unnecessary regulatory requirements imposed on insured depository institutions. The OIG supports prudent opportunities to reduce regulatory burdens on insured depository institutions along with consideration to the impact on the FDIC’s ability to adequately supervise the institutions.
OIG Audit and Investigative Work Addresses Corporate Governance Issues
During the reporting period, we issued a report entitled Observations from FDIC OIG Material Loss Reviews Conducted 1993 through 2003 (Report No. 04-004, January 22, 2004), a report that attests to the significance of the issue of corporate governance. In this report, we address recurring and root causes of failure for the 10 FDIC-supervised institutions that caused material losses to the Bank Insurance Fund during the past 10 years. Estimated losses to the Bank Insurance Fund from these 10 failures total over $584 million. We concluded that the major causes of failure were inadequate corporate governance, poor risk management, and lack of risk diversification. Additional details of our findings are in the section of the semiannual report entitled Management and Analysis of Risks to the Insurance Funds.
Our investigative work also addresses corporate governance issues. In a number of cases, financial institution fraud is a principal contributing factor to an institution’s failure. Unfortunately, the principals of some of these institutions—that is, those most expected to ensure safe and sound corporate governance—are at times the parties perpetrating the fraud. Our Office of Investigations plays a critical role in investigating such activity. (See the Investigations section of this report for specific examples of bank fraud cases involving corporate governance weaknesses.)
2. Protection of Consumer Interests
The FDIC’s mission is to maintain public confidence in the Nation’s financial system. The availability of deposit insurance to protect consumer interests is a very visible way in which the FDIC accomplishes this mission. Additionally, as a regulator, the FDIC oversees a variety of statutory and regulatory requirements aimed at protecting consumers from unfair and unscrupulous banking practices. The FDIC, together with other primary Federal regulators, has responsibility to help ensure bank compliance with statutory and regulatory requirements related to consumer protection, civil rights, and community reinvestment. Some of the more prominent laws and regulations related to this area include the Truth in Lending Act, Fair Credit Reporting Act, Real Estate Settlement Procedures Act, Fair Housing Act, Home Mortgage Disclosure Act, Equal Credit Opportunity Act, Community Reinvestment Act of 1977, and Gramm-Leach-Bliley Act.
The Corporation accomplishes its mission related to fair lending and other consumer protection laws and regulations by conducting compliance examinations, taking enforcement actions to address compliance violations, encouraging public involvement in the community reinvestment process, assisting financial institutions with fair lending and consumer compliance through education and guidance, and providing assistance to various parties within and outside of the FDIC.
The FDIC’s examination and evaluation programs must assess how well the institutions under its supervision manage compliance with consumer protection and fair lending laws and regulations and meet the credit needs of their communities, including low- and moderate-income neighborhoods. The FDIC must also work to issue regulations that implement federal consumer protection statutes both on its own initiative and together with the other federal financial institution regulatory agencies.
The Corporation’s community affairs program provides technical assistance to help banks meet their responsibilities under the Community Reinvestment Act. One of the FDIC’s current areas of emphasis is financial literacy, aimed specifically at low- and moderate-income individuals who may not have had previous banking relationships. The Corporation’s “Money Smart” initiative is a key outreach effort. The FDIC must also continue efforts to maintain a Consumer Affairs program by investigating consumer complaints about FDIC-supervised institutions, answering consumer inquiries regarding consumer protection laws and banking practices, and providing data to assist the examination function.
The continued expansion of electronic banking presents a challenge for ensuring consumers are protected. The number of reported instances of identity theft has also ballooned in recent years. The Corporation will need to remain vigilant in conducting comprehensive, risk-based compliance examinations, analyzing and responding appropriately to consumer complaints, and educating individuals on money management topics, including identity protection.
The Corporation’s deposit insurance program promotes public understanding of the federal deposit insurance system and seeks to ensure that depositors and bankers have ready access to information about the rules for FDIC insurance coverage. Informing bankers and depositors about the rules for deposit insurance coverage fosters public confidence in the banking system by helping depositors to ensure that their funds are fully protected.
OIG Efforts to Address Consumer Protection Issues
We did not issue reports in the area of Consumer Protection during the reporting period; however, we are planning an assignment to address the Corporation’s risk-focused compliance examination program and will report the results of that review in an upcoming semiannual report.
The OIG’s involvement with Consumer Protection matters includes our investigative cases regarding misrepresentations of FDIC insurance or affiliation to unsuspecting consumers. Recently our Office of Investigations’ Electronic Crimes Team has been involved in investigating emerging e-mail “phishing” identity theft schemes that have used the FDIC’s name in an attempt to obtain personal data from unsuspecting consumers who receive the emails. Our investigations have also uncovered multiple schemes to defraud depositors by offering them misleading rates of returns on deposits. These abuses are effected through the misuse of the FDIC’s name, logo, abbreviation, or other indicators suggesting that the products are fully insured deposits. Such misrepresentations induce the targets of schemes to invest on the strength of FDIC insurance while misleading them as to the true nature of the investments being offered. These depositors, who are often elderly and dependent on insured savings, have lost millions of dollars in such schemes. In one case, $9.1 million worth of certificates of deposit were misrepresented to about 90 investors, most of whom were elderly. Abuses of this nature not only harm innocent victims but may also erode public confidence in federal deposit insurance.
Our experience with such cases prompted us on March 4, 2003, to submit to the House Financial Services Committee Chairman, Michael Oxley, a legislative proposal to prevent misuse of the Corporation’s guarantee of insurance. This proposal was incorporated in H.R. 1375: Financial Services Regulatory Relief Act of 2003. On March 24, 2004, H.R. 1375 was passed by the House of Representatives and referred to the U.S. Senate. Section 615 of H.R. 1375, as we suggested, would provide the FDIC with enforcement tools to limit misrepresentations regarding FDIC deposit insurance coverage. We appreciate the Congressional support of this proposal.
3. Management and Analysis of Risks to the Insurance Funds
The FDIC seeks to ensure that failed financial institutions are and continue to be resolved within the amounts available in the insurance funds and without recourse to the U.S. Treasury for additional funds. Achieving this goal is a significant challenge because the insurance funds generally average just over 1.25 percent of insured deposits and the FDIC supervises only a portion of the insured institutions. In fact, the preponderance of insured institution assets are in institutions supervised by other federal regulators. Therefore, the FDIC has established strategic relationships with the other regulators surrounding their shared responsibility of helping to ensure the safety and soundness of the nation’s financial system. The FDIC engages in an ongoing process of proactively identifying risks to the deposit insurance funds and adjusting the risk-based deposit insurance premiums charged to the institutions. One of the key tools used by the FDIC is its safety and soundness examination process which, when combined with off-site monitoring and extensive industry risk analysis, generally provides an early warning and corrective action process for emerging risks to the funds.
Recent trends and events continue to pose risks to the funds. From January 1, 2002 to March 31, 2004, 17 insured financial institutions failed, and the potential exists for additional failures. While some failures may be attributable primarily or in part to economic factors, as previously mentioned, bank mismanagement and apparent fraud have also been factors in the most recent failures. The environment in which financial institutions operate is evolving rapidly, particularly with the acceleration of interstate banking, new banking products and complex asset structures, and electronic banking. The industry’s growing reliance on technologies, particularly the Internet, has changed the risk profile of banking. Continuing threats to the U.S. financial infrastructure have made business continuity planning an essential ingredient to sound risk management programs. The consolidations that may occur among banks, securities firms, insurance companies, and other financial services providers resulting from the Gramm-Leach-Bliley Act pose additional risks to the FDIC’s insurance funds. Also, institutions face challenges in managing interest rate risks in an environment of historically low interest rates. The Corporation’s supervisory approach, including risk-focused examinations, must operate to identify and mitigate these risks and their real or potential impact on financial institutions to preclude adverse consequences to the insurance funds.
The FDIC employs a number of supervisory approaches, several of which are described below, to identify and mitigate institution risk and faces challenges in ensuring that each meets its intended purpose.
Supervisory Strategies for Large Banks: With regard to the risks associated with “megabanks” or “large banks” (generally defined as institutions with assets of over $25 billion) for which the FDIC is the insurer but is not the primary federal regulator, in 2002, the FDIC initiated the Dedicated Examiner Program for the eight largest banks in the U.S. Senior examiners are dedicated to those institutions to participate in targeted reviews and attend management meetings. Also, case managers closely monitor such institutions through the Large Insured Depository Institutions Program’s quarterly analysis and executive summaries. Additionally, case managers consistently remain in communication with their counterparts at the other regulatory agencies, frequently attending pre-examination meetings, post-examination meetings, and exit board meetings.
Maximum Efficiency, Risk-focused, Institution Targeted (MERIT) Examinations Program: This program was introduced in March 2002 and is designed to improve the efficiency and effectiveness of bank examinations by maximizing the use of risk-focused examination procedures in well-managed banks in sound financial condition. As of December 31, 2003, over 4,600 of approximately 5,300 FDIC-supervised institutions were MERIT-eligible based on asset size (less than $1 billion) and composite rating (of 1 or 2). DSC has reported that the MERIT program has reduced the average time spent conducting safety and soundness examinations of small, low-risk institutions by well over the 20 percent target in qualifying institutions.
Relationship Manager Program: Still in its early, pilot stage, under this approach, commissioned examiners are assigned a portfolio of banks and are designated the “Relationship Manager” or primary point of contact for these banks. As such, relationship managers will conduct comprehensive risk assessments of the banks in their portfolios and in consultation with other experts prepare a risk-focused supervisory plan. Off-site and on-site activities will be conducted as needed throughout the examination cycle rather than the current “point-in-time” approach. The emphasis is on scheduling off-site and on-site reviews during the examination cycle to better leverage external sources of information.
Many other challenges also exist as the Corporation seeks to protect and ensure the continued strength of the insurance funds, as discussed below:
Merging the Insurance Funds: Because of bank mergers and acquisitions, many institutions hold deposits insured by both the Bank Insurance Fund (BIF) and Savings Association Insurance Fund (SAIF), obscuring the difference between the funds. There is ongoing consideration of merging the two insurance funds with the perceived outcome being that the merged fund would not only be stronger and better diversified but would also eliminate the concern about a deposit insurance premium disparity between the BIF and the SAIF. The prospect of different premium rates for identical deposit insurance coverage would be eliminated. Also, insured institutions would no longer have to track their BIF and SAIF deposits separately, resulting in cost savings for the industry. Assessments in the merged fund would be based on the risk that institutions pose to that fund. The Corporation has worked hard to bring about deposit insurance reform, and the OIG supports the FDIC’s continued work with the banking community and the Congress in the interest of eventual passage of reform legislation.
The Designated Reserve Ratio: If the BIF ratio is below 1.25 percent, in accordance with the Federal Deposit Insurance Act, the FDIC Board of Directors must charge premiums to banks that are sufficient to restore the ratio to the statutorily mandated designated reserve ratio within 1 year. As of March 31, 2002, the BIF reserve ratio was at 1.23 percent, the first time since 1995 that the ratio had fallen below 1.25 percent. By June 30, 2002, the BIF reserve ratio was at 1.25 percent, precisely at the minimum mandated level. According to the Chairman’s Letter to Stakeholders, the BIF ratio reported for 4th Quarter 2003 was 1.32 percent. The Corporation must maintain or exceed the designated reserve ratio, as required by statute.
Setting Deposit Insurance Premiums: Insurance premiums are generally assessed based on the funding requirements of the insurance funds independent of the financial risk to the funds for institutions that pose safety and soundness concerns. This approach has the impact of assessing premiums during economic downturns when banks are failing and are likely not in the best position to afford the premiums. Also, numerous institutions have benefited from being able to sharply increase insured deposits without contributions to the insurance funds commensurate with this increased risk. This situation can occur because the designated reserve ratio is not breached, thereby triggering across-the-board premiums. Current deposit insurance reform proposals include provisions for risk-based premiums to be assessed on a more frequently scheduled basis than would occur using the existing approach. Risk-based premiums can provide the ability to better match premiums charged to institutions with related risk to the insurance funds.
Adoption of the Proposed Basel Committee II Capital Accord: Adoption of the accord poses a potential additional threat to the insurance funds due to the prospect of lower minimum capital requirements for large institutions. The initial Basel Capital Accord only took credit risks into account; Basel II will require that banks evaluate and measure other forms of risk, including operational risk. Banks will have to make capital provisions to effectively act as a contingency fund, to cover the direct and indirect losses that emergent operational risks could cause. The failure of at-risk institutions to fully adhere to this proposed contingency funding mechanism in place of higher minimum capital requirements constitutes a threat of increased insurance losses to the funds.
Risk Management: Internally, the Corporation is currently operating under an internal control policy that predates many developments toward proactive risk management. Since the Corporation issued its internal control policy in February 1998, the U.S. General Accounting Office (GAO) has issued Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999), which discusses five components of internal control and provides an overall framework for identifying and addressing major performance challenges and areas of greatest risk for fraud, waste, abuse, and mismanagement. Also, many organizations in the insurance industry and other organizations have begun using an Enterprise Risk Management (ERM) approach to managing not only financial risks, but all business and compliance risks. ERM is a process that incorporates the five components of internal control and provides: (1) the mechanisms to help staff understand risk in the context of the entity’s objectives and (2) assurance that the organization will be able to execute its business strategy and achieve its objectives. The Committee of Sponsoring Organizations of the Treadway Commission recently issued a draft document that explains essential concepts and the interrelationship between ERM and internal control. (Note: On April 2, 2004, the Corporation renamed its Office of Internal Control Management to the Office of Enterprise Risk Management to stress a more proactive and enterprise-wide approach to internal risk management.)
OIG Report Examines Causes and Stages of Bank Failures
As mentioned previously, our analysis of material loss reviews conducted during 1993-2003 for 10 failed banks disclosed that the major causes of failure were inadequate corporate governance, poor risk management, and lack of risk diversification. Bank management—that is, the Board of Directors and Executive officers—took risks that were not mitigated by systems to adequately identify, measure, monitor, and most importantly, control the risks. As a result, bank management did not adequately fulfill its responsibility to ensure that the banks operated in a safe and sound manner. Although economic conditions may have contributed to bank failures and the resulting material losses, the economy was not the sole cause of failure. In fact, the financial condition of the majority of the banks became dependent on the economy as a result of bank management decisions.
Our report points out that the failed banks typically went through four stages:
The observations discussed in this report underscore one of the more difficult challenges facing bank regulators today—limiting risk assumed by banks when their profits and capital ratios make them appear financially strong. A critical aspect of limiting risk is early corrective action by bank regulators in response to bank examinations that identify potential problems and effects on a bank’s condition. For example, if a bank is experiencing rapid growth, the effects of poor underwriting in commercial real estate loans may not appear on the bank’s financial statements until several months or even years after the loans are made. Left uncorrected, poor underwriting could result in the serious and intractable problems experienced by the banks we reviewed.
The FDIC has taken a number of steps to address these challenges through risk-focused examination programs and risk-based capital requirements. Nevertheless, we recognize that bank failures may never be eliminated and, in a free economy, might even be necessary to cull the industry of marginal performers and excess capacity.
The Corporation’s Follow-up of Bank Secrecy Act Violations
The Bank Secrecy Act of 1970 (BSA) requires financial institutions to maintain appropriate records and to file certain reports that are used in criminal, tax, or regulatory investigations or proceedings. The Congress enacted the BSA to prevent banks and other financial service providers from being used as intermediaries for or to hide the transfer or deposit of money derived from criminal activity. A report that we issued this reporting period addressed whether DSC adequately follows up on reported BSA violations to ensure that institutions take appropriate corrective action. We reviewed supervisory actions that DSC has taken to ensure BSA compliance, including efforts to follow up with bank management after examinations and the use of regulatory actions to prompt management action. We concluded that the FDIC needs to strengthen its follow-up process for BSA violations and has initiatives underway to reassess and update its BSA policies and procedures.
From the sample of 41 institutions we selected to review, 27 had repeat violations. Of those 27 institutions, 17 (63 percent) were not subject to regulatory action for their repeat violations, although other supervisory efforts may have been in progress. For the 41 banks in our sample, we reviewed 82 reports that cited apparent and often multiple BSA violations. For 25 (30 percent) of those 82 reports, DSC waited until the next examination to follow up on some or all of the BSA violations. In addition, we noted that not all BSA deficiencies described in DSC’s examination reports were cited in the violations section of the reports.
We also observed that DSC offices took various approaches to referring bank violations to the Treasury Department and exercised wide discretion in deciding whether and when to follow up on the violations or to take regulatory action. In some cases, more than 1 to 5 years passed before either bank management took corrective action and the action was effective in preventing repeat violations or DSC applied regulatory actions to address continuing violations. Additionally, although the FDIC typically alternates examinations with state banking authorities, state examinations usually did not cover BSA compliance. As a result, 2 to 3 years could elapse until the next FDIC examination without any follow-up on BSA violations.
As a result of these conditions, the FDIC’s supervisory actions have not ensured to the greatest extent possible that institutions are in compliance with both the Department of the Treasury’s and the FDIC’s anti-money laundering requirements. In responding to our observations, DSC officials explained that they focused their efforts on BSA compliance based on the division’s assessment of the risk of money laundering activity for FDIC-supervised institutions.
We made three recommendations to strengthen DSC’s monitoring and follow-up efforts for BSA violations, update guidance for referring institution violations to the Treasury Department, and provide alternative coverage when state examinations do not cover BSA compliance. DSC management concurred with the recommendations and plans to take corrective actions.
DSC’s response provided detailed analyses and comments on several issues that relate to DSC’s overall BSA program. Because our audit focused on supervisory actions taken in response to BSA violations, not DSC’s overall BSA program, we did not respond to these comments in our final report. However, in reviewing DSC’s other comments that relate generally to our audit and specifically to our audit results and scope, there were several issues that warranted further discussion and clarification which are addressed in detail in our final report. (Report No. 04-017, March 31, 2004.)
Results of Other Examination Process-Related Reviews
DSC’s Supervisory Appeals Process: We reported on the FDIC’s process to review safety and soundness ratings questioned and appealed by FDIC-supervised institutions. We concluded that with respect to an allegation we had received, the FDIC complied with procedures related to upgrading preliminary component examination ratings and that the Regional Director acted within delegated authority when changing the institution’s preliminary component rating. However, we noted that certain areas of the appeals process needed improvement and recommended actions to enhance guidance on necessary documentation for appeals, improve communication with state regulatory authorities, and clarify that the appeal and review processes should be limited to the facts and conditions prior to or at the time the material supervisory determination is made. DSC generally concurred with the report’s findings and agreed to take actions regarding the recommendations. (Report No. 04-015, March 29, 2004.)
Reliance on State Examinations: The Federal Deposit Insurance Act requires all FDIC-insured institutions to undergo on-site examinations by a federal regulator every 12 or 18 months, depending on asset size and bank performance. In accordance with the Act, the FDIC may alternate bank examinations with state banking regulators if the FDIC determines that the state examination is an acceptable substitute. We issued a report on the process the FDIC uses to rely on safety and soundness examinations performed by state banking departments. Overall, we determined that the FDIC’s process is adequate for relying on these examinations. However, we identified several opportunities for improvement and recommended that the Director, DSC, in cooperation with state banking departments, amend working agreements, based on a model agreement, to address, among other things: current examination frequency requirements, workpaper sharing, coordinating examination programs and supervisory actions, and encouraging the mutual support of efforts to maintain quality control programs. DSC generally concurred with the report’s findings and agreed to take responsive action. (Report No. 04-013, March 26, 2004.)
4. Effectiveness of Resolution and Receivership Activities
One of the FDIC’s corporate responsibilities is planning and efficiently handling the franchise marketing of failing FDIC-insured institutions and providing prompt, responsive, and efficient resolution of failed financial institutions. These activities maintain confidence and stability in our financial system. Notably, since the FDIC’s inception over 70 years ago, no depositor has ever experienced a loss of insured deposits at an FDIC-insured institution due to a failure.
Receivership Management Reports
The two following reports that we issued during the reporting period addressed receivership management issues:
FDIC’s 2003 Service Line Rates: The FDIC uses a Service Costing System to ensure that FDIC-established receiverships are properly billed for their fair share of indirect expenses. In the 10-month period ended October 31, 2003, the FDIC billed 120 receiverships over $33 million. We found that during 2003, the FDIC process for billing receiverships had improved. However, we identified opportunities to enhance the FDIC’s ability to document that established rates were fair and reasonable. The Corporation will be improving analyses, enhancing reports and cost data, and conducting training to provide greater assurance that receiverships are properly billed. (Report No. 04-002, January 15, 2004.)
Limited Partnership Review: We conducted an audit of a partnership in which the FDIC is a limited partner. The Division of Resolutions and Receiverships (DRR), which is responsible for the oversight of the partnership, requested that we conduct the audit because of concerns DRR had relating to payments of development and accounting fees to an affiliate, questionable charitable donations made by the General Partner, and other potentially improper charges. Our work showed that the General Partner charged the Partnership $232,867 for expenses that were either unallowable or unsupported, and we recommended that the Director, DRR, recover the questionable expenses on behalf of the partnership. We also determined that the General Partner sold an asset to a charitable organization for $425,000 less than its reported fair market value and in doing so, realized a tax benefit. This transaction was not in the best interest of the FDIC, and we recommended that the Corporation evaluate the transaction further and pursue recovery of all or part of this amount on behalf of the Partnership. The Corporation’s response to our recommendations is expected in mid-May 2004. (Report No. 04-012, March 16, 2004.)
Cases Involving Concealment of Assets
As referenced earlier, the OIG’s Office of Investigations coordinates closely with the FDIC’s DRR and with the Legal Division regarding ongoing investigations involving fraud at failed institutions, fraud by FDIC debtors, and fraud in the sale or management of FDIC assets. In particular, investigators coordinate closely with the Corporation to address issues arising in connection with the prosecution of individuals who have illegally concealed assets in an attempt to avoid payment of criminal restitution to the FDIC. As of March 31, 2004, the FDIC was owed more than $1.17 billion in criminal restitution. In most cases, the convicts subject to restitution orders do not have the means to pay. We focus our investigations on those individuals who do have the means to pay but hide their assets from and/or lie about their ability to pay. Details of some such investigative cases are contained in the Investigations section of this semiannual report.
5. Management of Human Capital
Human capital issues pose significant elements of risk that interweave all the management and performance challenges facing the FDIC. The FDIC has been in a downsizing mode for the past 10 years as the workload from the banking and thrift crises of the late l980s and 1990s has been accomplished. A number of division mergers and reorganizations took place, and the Corporation concluded its major buyout/retirement incentive programs. In total, over the past 11+ years, the workforce (combined from the FDIC and the Resolution Trust Corporation) has decreased from approximately 23,000 in 1992 to approximately 5,300 currently. The Corporation has also predicted that about 20 percent of FDIC employees will be eligible to retire within the next 5 years.
As the FDIC continues to move past an era that has been so characterized by continual downsizing, the demands placed on the Corporation by a rapidly changing external environment require a dynamic and strategic approach to managing the Corporation’s human capital. The FDIC must remain flexible in managing changes in the Corporation’s workload and business processes that may have an impact on the size and skill composition of its workforce, whether these changes are planned or unanticipated. It is incumbent on all executives and managers in the FDIC to continually assess the goals and objectives, workload, and staffing of their organizations and to take appropriate steps to ensure that they have a workforce with the right experience and skills to fulfill their mission. It is imperative that the Corporation’s business planning and human resources processes incorporate effective means to manage such changes in the size and skill composition of the workforce, in order to promote efficiency and productivity and diminish the possibility of a future reduction-in-force.
The Corporation continues to carry out other features of its comprehensive downsizing program such as solicitations of interest, reassignments, retraining, and outplacement assistance. It is also in the process of revamping its compensation program to place greater emphasis on performance-based incentives. Other challenges for the Corporation include working to fill key vacancies in a timely manner, engaging in careful succession planning, and continuing to conserve and replenish the institutional knowledge and expertise that has guided the organization over the past years. A need for additional outsourcing may arise, and hiring and retaining new talent will be important. Hiring and retention policies that are fair and inclusive must remain a significant component of the corporate diversity plan. Designing, implementing, and maintaining effective human capital strategies are critical priorities and must be the focus of centralized, sustained corporate attention. The Corporation’s Human Resources Committee and negotiations with the National Treasury Employees Union play a key role in such efforts.
Of note, the FDIC has undertaken a significant effort to address skill levels and maintain the preservation of institutional knowledge by creating the FDIC Corporate University. The Corporate University is comprised of the following five Schools: (1) Supervision and Consumer Protection, (2) Resolutions and Receiverships, (3) Insurance, (4) Leadership Development, and (5) Corporate Operations. Also the Division of Administration's Human Resources Branch contains a Center for Career and Educational Services that strives to prepare employees to more effectively manage their careers by offering developmental programs, career counseling, forums, workshops, and seminars.
The Division of Information Resources Management (DIRM) initiated a priority project called the Comprehensive Information Technology Program Review. One aspect of this effort is an assessment of human capital needs and a plan to identify and address any shortfalls in staff resources or skills mix for the information technology security program. Until an assessment is performed, and a human capital plan developed and tracked, the FDIC is at risk of not having the appropriate staffing resources to manage the IT security program.
OIG Reviews the FDIC’s Strategic Alignment of Human Capital
During the reporting period, we completed an evaluation in which we concluded that the Corporation’s human capital framework addresses the underlying human capital concepts that the Office of Personnel Management, Office of Management and Budget, and the U.S. General Accounting Office consider vital to successful human capital management. We did, however, recommend and the FDIC agreed to strengthen its human capital program by institutionalizing the Human Resources Committee, an element of its human capital framework, and developing a human capital blueprint. Taking these actions will sustain the FDIC’s long-term commitment and focus on strategic human capital management and will maintain transparency in the development, implementation, and monitoring of human capital initiatives. (EVAL Report No. 04-005, January 23, 2004.) We have a series of reviews planned to address the various components of the Corporation’s human capital program, and we have an ongoing evaluation related to strategic workforce planning.
6. Management and Security of Information Technology Resources
The Corporation’s Approach to Data Sensitivity for Legacy ApplicationsWe initiated an evaluation in response to FDIC program office management’s concerns over whether a plan designed to determine the sensitivity of data within selected FDIC legacy applications was appropriate. Concerns had been raised given the significant costs for the plan’s implementation, continuing costs to maintain data classifications, and potential disruption to program operations. Generally, our report concluded that the FDIC’s approach to identifying and protecting sensitive data resident in legacy applications was consistent with applicable federal standards for categorizing information and information systems. Further, DIRM has actions underway to more closely align its existing guidance and methodology for determining the sensitivity of data and information systems with applicable federal standards. (EVAL Report No. 04-011, February 27, 2004.)
Two Reviews Recommend Strengthening IT Security Controls
The OIG engaged IBM Business Consulting Services (IBM), an independent professional services firm, in support of OIG efforts to satisfy reporting requirements related to FISMA. IBM conducted the following two reviews in the information security area:
Intrusion Detection and Incident Response:
FDIC’s Personnel Security Program:
7. Security of Critical Infrastructure
The adequate security of our nation’s critical infrastructures has been at the forefront of the federal government’s agenda for many years. Specifically, the President’s Commission on Critical Infrastructure Protection (established in July 1996) was tasked to formulate a comprehensive national strategy for protecting the nation’s critical infrastructure from physical and “cyber” threats. Included among the limited number of systems whose incapacity or destruction were deemed to have a debilitating impact on the defense or economic security of the nation was the banking and finance system. With the increased consolidation and connectivity of the banking industry in the years since 1996, and with the new awareness of the nation’s vulnerabilities to terrorist attacks since September 11, 2001, the security of the critical infrastructure in the banking industry is even more important.
On May 22, 1998, Presidential Decision Directive (PDD) 63 Title 5 was signed. The directive called for a national effort to ensure the security of the nation’s critical infrastructures. PDD 63 defined the critical infrastructure as the “physical and cyber-based systems essential to the minimum operations of the economy and government.” The President declared that securing our critical infrastructure is essential to our economic and national security and issued two Executive Orders (EO 13228, The Office of Homeland Security and the Homeland Security Council, and EO 23231, Critical Infrastructure Protection in the Information Age) to improve the federal government’s critical infrastructure protection program in the context of PDD 63.
The intent of PDD 63 was to ensure that the federal government maintained the capability to deliver services essential to the nation’s security and economy and to the health and safety of its citizens in the event of a cyber- or physical-based disruption. Much of the nation’s critical infrastructure historically has been physically and logically separate systems that had little interdependence. However, as a result of technology, the infrastructure has increasingly become automated and interconnected. These same advances have created new vulnerabilities to equipment failures, human error, natural disasters, terrorism, and cyber-attacks.
On December 17, 2003, the President issued Homeland Security Presidential Directive (HSPD) 7, which established a national policy for federal agencies to identify and prioritize the nation’s critical infrastructure and key resources and to protect them from terrorist attacks. This Directive supersedes PDD 63. Included in this directive is a requirement for agencies to submit for OMB’s approval their plans for protecting their critical physical and cyber infrastructure and to submit progress reports to OMB. As a government Corporation, the FDIC falls under this directive.
To effectively protect critical infrastructure, the FDIC’s challenge is to implement measures to mitigate risks, plan for and manage emergencies through effective contingency and continuity planning, coordinate protective measures with other agencies, determine resource and organization requirements, and engage in education and awareness activities. The FDIC will need to continue to work with the Department of Homeland Security and the Finance and Banking Information Infrastructure Committee, created by Executive Order 23231 and chaired by the Department of the Treasury, on efforts to improve security of the critical infrastructure of the nation’s financial system. To address this risk, the FDIC is sponsoring 24 outreach conferences for the Financial and Banking Information Infrastructure Committee and Financial Services Sector Coordinating Council through 2005, which will address protecting the financial sector. The Corporation will also need to be attentive to the new requirements of HSPD 7.
Evaluation of FDIC’s Unix Systems Security
A third review conducted by IBM on the OIG’s behalf addressed issues associated with the Corporation’s Unix operating system. The scope of the evaluation was specifically designed to focus on Unix security policies, standards, and procedures; configuration management; and technical controls as part of the assessment of the Network and Mainframe Security area. IBM found a number of good security practices being applied in the Unix system environment but identified improvements that could be made. Most significantly, IBM recommended that administration of the Unix servers be centralized to improve the consistency and uniformity of security controls and practices applied to the servers. The Corporation has agreed to pursue corrective actions to address all of the report’s recommendations. (Report No. 04-008, February 13, 2004.)
8. Management of Major Projects
Project management is the defining, planning, scheduling, and controlling of the tasks that must be completed to reach a goal and the allocation of the resources to perform those tasks. The FDIC has engaged in several multi-million dollar projects, such as the New Financial Environment (NFE), Central Data Repository (CDR), and Virginia Square Phase II Construction. Without effective project management, the FDIC runs the risk that corporate requirements and user needs may not be met in a timely, cost-effective manner. We have done several reviews of these projects and identified the need for improved defining, planning, scheduling, and controlling of resources and tasks to reach goals and milestones. The Corporation has included a project management initiative in its 2004 performance goals and established a program management office to address the risks and challenges that these kinds of projects pose.
In September 2002, the FDIC executed a multi-year contract to replace its core financial systems and applications with a commercial-off-the-shelf software package. NFE is a major corporate initiative to enhance the FDIC's ability to meet current and future financial management and information needs. At the time the Board case was approved, the FDIC estimated the total life-cycle cost of NFE, including FDIC staff time, to be approximately $62.5 million over 8 years. NFE offers the FDIC significant benefits and presents significant challenges. These challenges will test the Corporation’s ability to (1) maintain unqualified opinions on the FDIC's annual financial statements through the system implementation and associated business process reengineering; (2) manage contractor resources, schedules, and costs; and (3) coordinate with planned and ongoing system development projects related to NFE. We have reported on several NFE matters in the past and are currently monitoring the Corporation’s ongoing NFE efforts.
The Call Report Processing Modernization project is a collaborative effort by the FDIC, the Federal Reserve Board, and the Office of the Comptroller of the Currency to improve the processes and systems used to collect, validate, store, and distribute Call Report information. The project resulted in a CDR approach to managing bank Call Report Information. The agencies developed a consensus vision for a new Call Report processing business model that incorporates open data standards, uses a common reporting language, and offers tools to enable banks to submit better reports.
XBAT Contracting and Project Management
One of our reports during the reporting period addressed an aspect of the Call Report Processing Modernization project, and the CDR, in particular. FDIC executives expressed concerns that the Extensible Business Reporting Language Business Analyst Tool (XBAT) delivered to the CDR contractor was not fully functional and asked us to identify lessons learned in contract administration and project management that could be applied to the larger CDR effort. The OIG conducted a joint review with the Office of Enterprise Risk Management to address these concerns.
We concluded that the FDIC received some value from the XBAT procurement. However, the development of the XBAT software was not successful. The FDIC determined that XBAT lacked the functionality to successfully manage Call Report taxonomies. (Taxonomies contain common terms, definitions, and relationships for Call Report data items.) The FDIC did not always follow established acquisition procedures, prudent project management practices, or System Development Life Cycle guidance. As a result, the FDIC paid for software that did not meet all corporate needs or expectations. Moreover, the conditions exposed the FDIC to risks for potential delays in the CDR project and to reputation risk in the eyes of the CDR contractor, other banking agencies, and FDIC-insured institutions. The FDIC issued a change order to the CDR contract for the development of an alternative tool that will replace XBAT. According to the CDR contractor, development of the alternative tool should not impact the overall milestones for implementing the CDR.
We did not make recommendations in this report, but we identified a number of lessons learned related to contracting and project management that we shared with FDIC divisions involved in the project. (EVAL Report No. 04-014, March 26, 2004.)
9. Assessment of Corporate Performance
Assessing corporate performance is a key challenge because good intentions and good beginnings are not the measure of success. What matters in the end is completion: performance and results. To that end, the Government Performance and Results Act (Results Act) of 1993 was enacted. This Act requires most federal agencies, including the FDIC, to prepare a strategic plan that broadly defines each agency's mission, vision, and strategic goals and objectives; an annual performance plan that translates the vision and goals of the strategic plan into measurable annual goals; and an annual performance report that compares actual results against planned goals.
The current administration has raised the bar further in this area. Specifically, OMB is using an Executive Branch Management Scorecard to track how well departments and agencies are executing the management initiatives, and where they stand at a given point in time against the overall standards for success. OMB has also introduced the Program Assessment Rating Tool (PART) to evaluate program performance, determine the causes for strong or weak performance, and take action to remedy deficiencies and achieve better results.
The Corporation’s strategic plan and annual performance plan lay out the agency’s mission and vision and articulate goals and objectives for the FDIC’s three major program areas: Insurance, Supervision, and Receivership Management. The plans focus on four strategic goals that define desired outcomes identified for each program area: (1) Insured Depositors Are Protected from Loss Without Recourse to Taxpayer Funding, (2) FDIC-Supervised Institutions Are Safe and Sound, (3) Consumers’ Rights Are Protected and FDIC-Supervised Institutions Invest in Their Communities, and (4) Recovery to Creditors of Receiverships Is Achieved. Through its annual performance report, the FDIC is accountable for reporting actual performance and achieving these strategic goals. In addition to the Corporation’s strategic and annual goals and objectives established under the Results Act, the Chairman maintains a comprehensive set of objectives used for internal management which are summarized in terms of Stability, Sound Policy, and Stewardship.
The Corporation has made significant progress in implementing the Results Act, with which it is required to comply. Over the years, it has developed more outcome-oriented performance measures, better linked performance goals and budgetary resources, and improved processes for verifying and validating reported performance. While the FDIC is not included on the Management Scorecard nor required to submit a PART to the OMB, some of the Corporation’s divisions have begun using a “scorecard” approach to monitoring and evaluating performance, and we encourage broader use of these tools.
My office has played an active role in evaluating the Corporation’s efforts in this area. We have conducted reviews of the processes used for verifying and validating data and made recommendations that the Corporation adopted. We have also evaluated the Corporation’s budget and planning process and are doing so again because significant changes have been made to bring down the cost of formulating and executing the budget and more effectively link it to performance goals. Finally, as part of the Corporation’s overall planning process, we provide input and our perspective annually on the FDIC’s strategic goals and objectives. In doing so, we have pointed to the need to better align the strategic and annual planning process under the Results Act with the separate process used to develop detailed annual corporate performance objectives and initiatives designed to accomplish the Chairman’s priorities. During the reporting period we provided the following advisory comments on the FDIC’s Results Act-related efforts:
Draft FDIC Strategic and Annual Plans: We provided advisory comments to the Division of Finance on drafts of the FDIC Strategic Plan and 2004 Annual Performance Plan. We acknowledged continuing efforts to improve the plans and offered observations and suggestions. These included (1) considering improving the linkage of the Results Act annual goal-setting process to the separate Corporate Performance Objectives process and the FDIC’s activities related to the governmentwide initiatives in the President’s Management Agenda; (2) updating the strategic plan section on “FDIC and the Banking Industry” to reflect additional events warranting inclusion; and (3) improving the performance plan by including specific performance goals for key corporate initiatives in human capital, corporate cost efficiencies, and information technology and security issues.
Draft 2003 Annual Report: We responded to the Chief Financial Officer’s request for comments on a draft of the FDIC’s 2003 Annual Report. Our comments were advisory in nature and included suggestions for the report regarding (1) recognition of the OIG evaluation function; (2) presentation of management and performance challenges; and (3) information in the performance and controls sections of the report.
10. Cost Containment and Procurement Integrity
Stewardship of resources has been a focus of the FDIC’s current Chairman. As steward for the insurance funds, the Chairman has embarked on a campaign to identify and implement measures to contain and reduce costs, either through more careful spending or assessing and making changes to business processes to increase efficiency.
A key challenge to containing costs relates to the contracting area. To achieve success in this area, the FDIC must ensure that its acquisition framework—that is, its policies, procedures, and internal controls—is marked by sound planning; consistent use of competition; fairness; well-structured contracts designed to produce cost-effective, quality performance from contractors; and vigilant contract management to ensure successful oversight management activities. The Corporation has taken a number of steps to strengthen controls and oversight of contracts. However, our work in this area continues to show further improvement is needed to reduce risks, such as consideration of contractor security in acquisition planning and oversight of contractor security practices. We also have a contract audit program that looks at the reasonableness and support for billings on significant Corporation contracts and, as needed, evaluates contract award processes. Our work in the contracting area during the reporting period included the following:
We issued reports of two pre-award audits for contractor proposals for construction of Virginia Square Phase II. The focus of the first was to evaluate the reasonableness and support for the contractor’s proposed costs for excavation, mobilization, and concrete engineering for the project. We questioned $1,329,289 of the contractor’s proposed costs. FDIC management provided additional information and justification to support the determination that the contractor’s costs were fair and reasonable.
We issued a second report discussing the process by which the FDIC’s Acquisition Services Branch (ASB) and the contractor arrived at a $78 million negotiated price and executed a contract modification for construction of the remaining balance of the Virginia Square Phase II project. During November and December 2003, the OIG, ASB, the Corporate Services Branch, and the Corporation’s construction advisors reviewed and evaluated several proposals submitted by the contractor to complete the Virginia Square project. As a result of the collective input and efforts of all parties involved, ASB was successful in negotiating a $2 million reduction in the contractor's proposed price. Of the OIG questioned costs of $2,231,547, management disallowed $1,029,649.
Post-award Contract Audits
We issued two post-award contract audit reports during the reporting period. The objectives of the post-award audits are to determine whether amounts charged to FDIC contracts are allowable, allocable, and reasonable. We reported a total of $287,133 in monetary benefits as a result of the post-award audits. As of the end of the reporting period, management decisions were pending for the total amount identified as monetary benefits.
IG Gianni thanks OIG staff on the occasion of the 15th anniversary of the FDIC OIG.
Investigations – Making an Impact
OI Cases Target High-Risk Areas
OI concentrates its investigative efforts on those cases of most significance or potential impact to the FDIC and its programs. Our goal, in part, is to bring a halt to the fraudulent conduct under investigation, protect the FDIC and other victims from further harm, and assist the FDIC in recovery of its losses. Another consideration in dedicating resources to these cases is the need to pursue appropriate criminal penalties not only to punish the offender but to deter others from participating in similar crimes.
Currently, the majority of OI’s caseload is comprised of investigations involving major financial institution fraud. OI’s work in this area targets schemes that resulted in significant losses or vulnerabilities for the institution(s), and/or involves institution officers or insiders, multiple subjects and institutions, obstruction of bank examiners; and/or misrepresentation of FDIC-insurance or affiliation. It also includes investigations of fraud resulting in institution failures. Cases in this area are highly complex and resource-intensive, often requiring teams of agents and years to complete. Despite the resource demands, the OIG’s commitment to these investigations is imperative, in light of their significance and potential impact to FDIC and the banking industry. Additionally, from a cost-benefit perspective, these cases have brought results that seem to make our investment in them well worth the effort, as illustrated in some of the cases reported for this period. Although it is impossible to put a price tag on the benefit derived from bringing criminals in these cases to justice, our investigations of major financial institution fraud schemes have brought increased returns measured by successful prosecutions resulting in incarceration, court-ordered fines, restitution to victims, and administrative actions.[D]
In addition to pursuing financial institution-related cases, the OIG commits significant resources to investigations that target fraud by FDIC debtors seeking to conceal their assets from the FDIC. These cases, which include investigations of individuals who fraudulently attempt to avoid payment of court-ordered restitution to the FDIC, made up 23 percent of our caseload as of March 31, 2004. These cases are of great significance to the FDIC, which was owed more than nearly $1.2 billion in criminal restitution as of March 2004. In most instances, the convicts subject to these restitution orders do not have the means to pay. The focus of OIG investigations in this area is on those individuals who do have the means to pay but hide their assets from and/or lie about their ability to pay. The individuals targeted in these investigations have been previously convicted for engaging in fraud schemes that caused major losses to and, in some instances, led to the collapse of federally insured financial institutions. After release from prison, they continue to perpetuate fraud by illegally transferring and hiding their assets and making false statements to the government about their ability to repay their debt to the FDIC. In many cases, they have continued to live lavish lifestyles, while representing to their Probation Office and to the FDIC that they have no assets. Although successful prosecutions of these individuals does not always mean the FDIC will recover the restitution it is owed; it is imperative that these individuals be brought to justice and that other convicts who have defrauded our financial institutions recognize that they face the possibility of returning to prison if they attempt to hide their assets from the Corporation. We work closely with the Division of Resolutions and Receiverships (DRR) and the Legal Division in aggressively pursuing investigations of these individuals. We believe that a partnership approach and commitment to these cases is critical to successfully prosecute those that continue to defraud the FDIC, and to ensure that the FDIC, as the victim, recovers as much of its loss as possible.
Although currently only about 7 percent of our caseload, the OIG must always be prepared to commit resources when necessary to investigations of criminal or serious misconduct on the part of FDIC employees. These are among the most sensitive of OIG cases and are critical to ensure the integrity of and public confidence in FDIC operations. Other consistent areas of investigation for the OIG are those cases involving fraud in the sale or management of FDIC assets and fraud by contractors.
Partnering for Success
The OIG works closely with U.S. Attorneys’ Offices throughout the country in attempting to bring to justice individuals who have defrauded the FDIC. The prosecutorial skills and outstanding direction provided by Assistant U.S. Attorneys with whom we work are critical to our success. The results we are reporting for the last 6 months reflect the efforts of U.S. Attorneys’ Offices in the District of Minnesota, Northern District of Ohio (Western Division), District of South Dakota, District of Oklahoma, Northern District of Texas, District of Connecticut, Northern District of Alabama, Central District of Illinois, Western District of Louisiana, Northern District of Georgia, District of New Hampshire, District of Montana, and the Southern District of Georgia. In addition to working with local U.S. Attorneys’ Offices, the OIG worked with Trial Attorneys from the Fraud Section of the U.S. Department of Justice and State prosecutors from Missouri and California.
Support and cooperation among other law enforcement agencies is also a key ingredient for success in the investigative community. We frequently “partner” with the Federal Bureau of Investigation (FBI), the Internal Revenue Service Criminal Investigation (IRS-CI), and other law enforcement agencies in conducting investigations of joint interest.
Also vital to our success is our partnership with FDIC program offices. We coordinate closely with the FDIC’s Division of Supervision and Consumer Protection in investigating fraud at financial institutions and with DRR and the Legal Division in investigations involving failed institutions and fraud by FDIC debtors. Our ECT coordinates closely with the Division of Information Resources Management in carrying out its mission. The successes highlighted for the period would not have been possible without the collaboration of these offices.
In addition to carrying out its direct investigative responsibilities, the OIG is committed to providing training and sharing information with FDIC components and other regulators based on “lessons learned” regarding red flags and fraud schemes identified through our investigations. OI agents provide training and frequently give presentations to FDIC staff during regional and field meetings. We are also called upon by the Federal Financial Institutions Examination Council, state banking regulatory agencies, and law enforcement agencies to present case studies. Over the last 6 months OI opened 33 new cases and closed 31 cases, leaving 112 cases underway at the end of the period. Our work during the period led to indictments or criminal charges against 15 individuals and convictions of 9 defendants. Criminal charges remained pending against 38 individuals as of the end of the reporting period. Fines, restitutions, and recoveries stemming from our cases totaled $1,715,604.
The following are highlights of some of the results from our investigative activity over the last 6 months:
The woman’s ex-husband, who was co-owner of the bank and served as its chairman was also indicted on November 20, but died shortly thereafter. A bank contractor, who sold over $24 million in sub-prime loans to Sinclair National Bank, and for a time serviced the loans for Sinclair National Bank, was also charged with conspiracy, misapplication of bank funds, and obstructing the OCC in the examination of the bank.
As described in the indictments, the former bank owners allegedly conspired to submit a false document to the OCC in order to influence acceptance of their application to purchase Sinclair National Bank. The indictment also alleged that the defendants obstructed the OCC examination by creating and submitting false documents to cover up their prior false statements.
The defendants allegedly misapplied Sinclair National Bank funds by causing the bank to purchase over $15 million in loans from the bank contractor’s company while both had a financial interest in the contractor’s company and with the bank contractor personally.
In addition, the indictment included a forfeiture count which seeks $15 million each from the defendants.
The case was brought to the grand jury by the Department of Justice, Main Justice Attorneys from the Fraud Section. The case is being investigated by the FDIC OIG (Audit and Investigations), the Treasury OIG, FBI, and IRS-CI.
Commercial Contractor Pleads Guilty to Conspiracy to Commit Bank Fraud
As previously reported, the bank’s former president pleaded guilty to one count of conspiracy to commit bank fraud and one count of money laundering. On September 10, 2003, a third subject, the former bookkeeper of Riverwoods Development Corporation, pleaded guilty to one count of bank fraud.
This case is being investigated jointly by the FDIC OIG, the FBI, and the IRS-CI, and is being prosecuted by the U.S. Attorney’s Office for the District of Minnesota.
Former Bank Employee Pleads Guilty to Bank Fraud
On March 3, 2004, following her earlier indictment on related charges, a former employee of Soy Capital Bank, Decatur, Illinois, pleaded guilty to embezzlement. The investigation leading to her guilty plea found that the employee had embezzled almost $71,000 in funds. On more than 100 occasions over a 1½ year period, she obtained funds from bank tellers by falsely representing that the cash was needed to pay customers who did not receive the proper amount of cash from Soy ATM machines.
The employee also defrauded Citizens Community Bank, where she obtained a branch manager position after being terminated from employment at Soy Capital Bank. As a service to its customers, Citizens Community Bank accepted certain telephone and utilities payments at the bank, and customers were assured that such payments would be immediately credited to the customers’ accounts. The telephone and utility system payments were set up through American Payment Systems (APS). The defendant removed $1,000 in funds paid by customers who intended to pay telephone and utilities bills, hid her activity by altering the bank’s teller machine ticket for APS payments, wrote over the figures on the teller tape, or sometimes tore the tape, thereby removing certain transactions.
This case is being investigated by the FDIC OIG and the FBI. Prosecution is being handled by the U.S. Attorney’s Office for the Central District of Illinois.
Former President of Farmers Bank & Trust Pleads Guilty to Bank Fraud
In his guilty plea, the defendant admitted that he committed bank fraud by making false entries and statements on at least 24 loans and applications for loans. He also admitted to forging documentation that falsely showed that these loans were secured by Farm Service Agency guarantees and to making false entries on the books, reports, statements, and records of the bank that misrepresented borrower’s total indebtedness to the bank. To prevent this bank fraud and other illegal practices from being detected by an audit conducted by the Louisiana Office of Financial Institutions and the FDIC, the defendant made additional false entries on the records of the bank. He also falsely applied a portion of all of a borrowers’ indebtedness to nominee loans. These and other actions were taken to misrepresent the borrower’s total indebtedness and to conceal it from the bank board, the FDIC, and the state bank examiner.
As a result of the defendant’s actions, the bank suffered a loss of over $3 million. On December 17, 2002, Farmers Bank & Trust was closed by bank regulators.
This case is being investigated jointly by the FDIC OIG and the FBI and is being prosecuted by the U.S. Attorney's Office for the Western District of Louisiana.
Accountant Indicted for Bank Fraud
The indictment alleged that the defendant’s actions resulted in more than $1 million in losses for individuals and businesses and more than $650,000 in losses for three financial institutions. Those institutions include Northern Star Bank in Mankato, of which the defendant was a founder; Merchants State Bank of Lewisville, which the indictment claims was forced to sell its assets to Farmers State Bank of Madelia because of the defendant’s unpaid loans; and Americana Community Bank in Chanhassen.
The indictment further alleged that the defendant started the Ponzi scheme sometime before January 1, 1999, by enticing individuals and organizations to invest millions of dollars with him by promising their investments would be safe and claiming they would receive a high rate of return. According to the indictment, the defendant invested only about 30 percent of the money he received from the investors. The majority of the funds were used by him for his personal benefit, to pay personal lines of credit, and to make lulling payments to other investors. The defendant allegedly lulled investors into believing their investment funds had been invested by making payments to them from funds obtained from other investors and by providing them with statements that purported to show the status of their account and the purported rate of return the investor obtained.
The grand jury alleged that it was the defendant’s Ponzi-type scheme that helped hide his fraud until November 2001, when he attempted to file bankruptcy. Through this scheme, individual investors and organizations suffered losses well in excess of $1 million. In addition to defrauding investors, the indictment alleged that the defendant fraudulently obtained more than $1.6 million from financial institutions, including Northern Star Bank, where he was a director and officer. The defendant allegedly misstated his assets and liabilities, substantially overstating his net worth in order to obtain loans that he used to further his Ponzi scheme. Financial institutions suffered losses in excess of $650,000.
The defendant was also charged with stealing from pension plans. The grand jury alleged that he stole approximately $100,000 from Catalytic Combustion Corporation, Bloomer, Wisconsin, in which he was a 40-percent minority shareholder and the chief financial officer, and approximately $120,000 from a Mankato architectural firm.
Further, the grand jury alleged that in November 2001, when the defendant’s Ponzi scheme was no longer viable and sustainable, the defendant attempted to declare bankruptcy. The indictment also charged him with bankruptcy fraud in connection with his November 2001 filing for failing to disclose his repayment of a $500,000 loan nearly 5 months prior to his bankruptcy filing. This case is being investigated jointly by the FDIC OIG, the FBI, and the U.S. Department of Labor’s Employee Benefits Security Administration, and is being prosecuted by the U.S. Attorney’s Office for the District of Minnesota.
As previously reported, in August 2002 the former executive vice president of FSBH was sentenced in the U.S. District Court for the Western District of Oklahoma for his role in the scheme. He was sentenced to serve 5 years’ probation, 180 days’ home confinement, and 208 hours of community service; he was also ordered to pay restitution of $3,529,500.
The investigation of the activities involving FSBH is being conducted jointly by the FDIC OIG and the FBI. The case is being prosecuted by the U.S. Attorney's Office, Oklahoma City, Oklahoma.
Bank Customer Pleads Guilty in Check-Kiting Scheme
The check-kite investigation is being investigated by the FDIC OIG and the FBI. Prosecution of the case is being handled by the U.S. Attorney’s Office for the Northern District of Ohio, Western Division, Toledo.
Loan Officer Pleads Guilty to Fraud
In late 1999, the defendant, while serving as a loan officer at Citizens First Bank, misapplied approximately $300,000 in funds from the line of credit of a bank customer to the operating account of another bank customer. During the same period, the defendant made a false entry into the records of Citizens First Bank by creating a fictitious customer and a related $800,000 line of credit. The defendant continued his scheme of misapplying funds from other customer accounts and fictitious accounts to a specific bank customer and, at one point, exposed the bank to over $7 million in uncollateralized outstanding loans. Eventually the customer, who claimed no knowledge of the defendant’s unauthorized actions, worked with bank officials to collateralize or otherwise pay off his outstanding debt.
This case is being investigated jointly by the FDIC OIG and the FBI and is being prosecuted by U.S. Attorney’s Office for the Northern District of Georgia.
According to the indictment, since July 1993, the former CEO engaged in a scheme to defraud the FDIC of its payments under a $7.5 million restitution order and an $8.5 million civil judgment. The former CEO pleaded guilty in 1990 to federal fraud charges in connection with the collapse of Sunbelt, which lost approximately $2 billion during the 1980s. In the criminal case against him, the former CEO was ordered to pay back $7.5 million to the FDIC and $8.5 million in a civil judgment. His plea agreement required him to relinquish a portion of his income to repay the obligation, with the percentage increasing as the income increases.
Investigation leading to the indictment developed evidence that the former CEO allegedly created a trust that he used to conceal earnings from his business; pay his personal expenses, legal and accounting fees; and hide income payable to him by causing it to be paid directly to the trust. The indictment also alleged that the former CEO made false monthly reports to the U.S. Probation Office to conceal hundreds of thousands of dollars from the FDIC and avoid the requirements of the FDIC restitution order.
This case is being investigated by the FDIC OIG. An attorney from the FDIC Legal Division has been designated a Special Assistant U.S. Attorney, assigned to the U.S. Attorney's Office for the Northern District of Texas, and is prosecuting the case.
Former Debtor Pleads Guilty to Defrauding the FDIC
In his guilty plea, the debtor admitted he provided false financial statements and a false affidavit of his financial condition to the FDIC. He also admitted that he hid several hundred thousand dollars worth of assets in companies he had incorporated in Nevada. The money used by the third party to purchase the judgment had actually been withdrawn from a bank account of one of the secret Nevada companies by the debtor himself.
This investigation was initiated based on a referral from the FDIC Legal Division, and the DRR Dallas office is assisting in the preparation of two sentencing hearings. Prosecution of the case is being handled by the U.S. Attorney's Office for the District of New Hampshire.
FDIC Debtor Returned to Prison After Violating Terms of Probation by Concealing Assets
In January 1987, the debtor pleaded guilty to three counts of mail fraud and extortion related to a fraudulent scheme to induce Progressive Savings and Loan (Progressive) to loan the debtor’s company $5.7 million. As part of his sentence, the debtor was ordered to pay Progressive, and subsequently the FDIC as receiver, a sum of $2 million.
The FDIC investigation found that the debtor owned and operated five businesses that were involved in selling real estate and financing the purchases. The debtor stated on his monthly financial reports to the U.S. Probation Office that he had no business holdings or real estate, when, in fact, he reported to a local bank that his entities owned real estate with a combined equity of $1.9 million. The debtor used funds from one of these businesses to pay the mortgage on his personal residence. He also declared on his financial reports that he had a monthly income of $628, when, in fact, he transferred at least $200,000 during a 3-year period from his business accounts to a personal checking account.
In his ruling the judge stated that the debtor had shrewdly manipulated legal concepts to achieve illegal results and that he had used every device available to avoid repaying his restitution obligation.
This case was investigated by the FDIC OIG. The case was prosecuted by the U.S. Attorney’s Office for the Southern District of Georgia.
The 88-count superseding indictment charged the defendants from SCS and UCC with conspiracy, securities fraud, investment advisor fraud, making false statements to financial institutions, wire fraud, mail fraud, bank fraud, and obstructing the examination of a financial institution. The former president of Heritage was charged with conspiracy, assisting the bank fraud, making false entries in books and records of a financial institution, and obstructing the examination of a financial institution.
Also, the defendants from SCS and UCC are charged with operating a Continuing Criminal Enterprise, in violation of 18 U.S.C. 225. This statute, also known as the “Financial Kingpin Statute,” states that whoever organizes, manages, or supervises a continuing financial crimes enterprise and receives $5 million or more in gross receipts from such enterprise during a 24-month period, shall be fined not more than $10 million and imprisoned for a term of not less than 10 years up to a possible sentence of life imprisonment. This is the first time a defendant in the Northern District of Texas has been charged with violating this statute.
This indictment expanded the charges that were filed in August 2003 by alleging that all four defendants operated the conspiracy that defrauded numerous financial institutions throughout the country, as well as numerous individual investors, from August 1995 to April 2001. Defendants schemed to defraud the various financial institutions and individual investors by inducing them to enter into investment contracts to purchase Certificates of Deposits (CDs) and other securities issued by the Federal Home Loan Mortgage Corporation and the Federal National Mortgage Association, which would be held and managed by UCC.
The former president of Heritage, in concert with the defendants, allegedly defrauded the bank by causing it to purchase investments from SCS from which they subtracted substantial undisclosed fees and commissions ranging from 3 percent to 57 percent. The former president also made false entries into the books and records of Heritage with the specific intent to deceive the bank and conceal the fraud.
As part of their scheme, the defendants allegedly falsely and fraudulently failed to advise investors of the following:
In addition, on December 17, 2003, an SCS broker was indicted by the federal grand jury for the Northern District of Dallas and charged with one count of false statements. In January 1997 the broker allegedly made a false statement to Amarillo Federal Credit Union (Amarillo) in order to influence the decision to purchase CDs through SCS, in that he falsely represented to Amarillo that no fees would be charged against its invested principal. The fee charged to Amarillo was $2,344.
The case is being investigated by the FDIC OIG and the FBI. The case is being prosecuted by the U.S. Attorney’s Office for the Northern District of Dallas. The investigation was initiated based on a referral from the Division of Supervision and Consumer Protection.
Our office continued to aggressively pursue our four main OIG goals and related objectives during the reporting period. These goals and objectives form the blueprint for our work. While the audit, evaluation, and investigative work described in the earlier sections of this report drives our organization and contributes very fundamentally to the accomplishment of our goals, a number of other activities and initiatives complement and support these efforts and enhance the achievement of our goals.
Value and Impact: OIG products will add value by achieving significant impact related to addressing issues of importance to the Chairman, the Congress, and the public. This goal means that we contribute to ensuring the protection of insured depositors, safety and soundness of FDIC-supervised institutions, protection of consumer rights, achievement of recovery to creditors of receiverships, and effective management of agency resources. Efforts in support of this goal and related objectives include the following:
Communication and Outreach: Communications between the OIG and the Chairman, the Congress, employees, and other stakeholders will be effective. We seek to foster effective agency relations and communications, congressional relations and communications, OIG employee relations and communications, and relations and communications with other OIG stakeholders. Efforts in support of this goal and related objectives include the following:
OIG Dallas staff Leon Wellons and Rhonda Bunte on left in photo during
outreach session with Dallas FDIC corporate staff.
IG Gianni welcomes representatives from African countries
OIG's Ross Simms is collaborating with GAO to
share Yellow Book expertise with others in the government.
Human Capital: The OIG will align its human resources to support the OIG mission. We aim to enhance our workforce analysis and planning, competency investments, leadership development, and the development of a results-oriented, high-performance culture. Efforts in support of this goal and related objectives include the following:
Productivity: The OIG will effectively manage its resources. We have taken steps to contain OIG costs and undertook several initiatives to ensure that our processes are efficient and that our products meet quality standards. Efforts in support of this goal and related objectives include the following:
Vice Chairman Reich addresses OIG staff at Fall 2003 conference.
Reporting Terms and Requirements
The Inspector General Act defines the terminology and establishes the reporting requirements for the identification and disposition of questioned costs in audit reports. To understand how this process works, it is helpful to know the key terms and how they relate to each other.
The first step in the process is when the audit report identifying questioned costs (1) is issued to FDIC management. Auditors question costs because of an alleged violation of a provision of a law, regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds. In addition, a questioned cost may be a finding in which, at the time of the audit, a cost is not supported by adequate documentation; or, a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable.
The next step in the process is for FDIC management to make a decision about the questioned costs. The Inspector General Act describes a “management decision” as the final decision issued by management after evaluation of the finding(s) and recommendation(s) included in an audit report, including actions deemed to be necessary. In the case of questioned costs, this management decision must specifically address the questioned costs by either disallowing or not disallowing these costs. A “disallowed cost,” according to the Inspector General Act, is a questioned cost that management, in a management decision, has sustained or agreed should not be charged to the government.
Once management has disallowed a cost and, in effect, sustained the auditor’s questioned costs, the last step in the process takes place which culminates in the “final action.” As defined in the Inspector General Act, final action is the completion of all actions that management has determined, via the management decision process, are necessary to resolve the findings and recommendations included in an audit report. In the case of disallowed costs, management will typically evaluate factors beyond the conditions in the audit report, such as qualitative judgments of value received or the cost to litigate, and decide whether it is in the Corporation’s best interest to pursue recovery of the disallowed costs. The Corporation is responsible for reporting the disposition of the disallowed costs, the amounts recovered, and amounts not recovered.
Except for a few key differences, the process for reports with recommendations that funds be put to better use is generally the same as the process for reports with questioned costs. The audit report recommends an action that will result in funds to be used more efficiently rather than identifying amounts that may need to be eventually recovered. Consequently, the management decisions and final actions address the implementation of the recommended actions and not the disallowance or recovery of costs.(1)It is important to note that the OIG does not always expect 100 percent recovery of all costs questioned
Statistical Information Required by the Inspector General Act of 1978, as amended
Table I: Significant Recommendations From Previous Semiannual Reports on Which Corrective Actions Have Not Been Completed
This table shows the corrective actions management has agreed to implement but has not completed, along with associated monetary amounts. In some cases, these corrective actions are different from the initial recommendations made in the audit reports. However, the OIG has agreed that the planned actions meet the intent of the initial recommendations. The information in this table is based on (1) information supplied by the FDIC’s Office of Enterprise Risk Management (OERM) and (2) the OIG’s determination of closed recommendations for reports issued after March 31, 2002. These 27 recommendations from 8 reports involve monetary amounts of over $5.7 million. OERM has categorized the status of these recommendations as follows:
Management Action in Process: (8 recommendations from 6 reports)
Litigation: (19 recommendations from 2 reports, $5.7 million)