U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

Reliability of Data in the FDIC Virtual Supervisory Information on the Net System

View Summary Announcement

Report Information

Publish Date
Report sub-type
Evaluation Report
Report Number
EVAL-22-001

Unimplemented Recommendations

Develop and conduct training on the updated guidance, including the importance of verification procedures to detect errors in key ViSION system data.

Revise data quality assurance procedures to ensure reviews consistently detect and correct in a timely manner errors in ViSION system Completion and Mail Dates.

Assess the 155 additional entries in the ViSION system where the FDIC records indicated that the Completion Date was the same as the Mail Date, and correct any errors identified in ViSION system data.

Conduct a risk assessment to identify key supervisory information in the ViSION system based on the current operating environment and reporting requirements.

Revise and update FDIC data reliability guidance for the ViSION system based on the results of the risk assessment.

Text Alternative

This is the accessible text file for FDIC OIG report number Eval-22-001 entitled 'Reliability of Data in the FDIC Virtual Supervisory Information on the Net System'.

This text file was formatted by the FDIC OIG to be accessible to users with visual impairments.

We have maintained the structural and data integrity of the original printed product in this text file to the extent possible. Accessibility features, such as descriptions of tables, footnotes, and the text of the Corporation’s comments, are provided but may not exactly duplicate the presentation or format of the printed version.

The portable document format (PDF) file also posted on our Web site is an exact electronic replica of the printed version.

[FDIC OIG logo]

Reliability of Data in the FDIC Virtual Supervisory Information on the Net System

November 2021 

EVAL-22-001

Evaluation Report

Audits, Evaluations, and Cyber

Integrity Independence Accuracy Objectivity Accountability

Executive Summary

Reliability of Data in the FDIC Virtual Supervisory Information on the Net System

The Federal Deposit Insurance Corporation (FDIC) maintains a system that supports its supervision and insurance responsibilities called the Virtual Supervisory Information on the Net (ViSION). The FDIC has designated its ViSION system as essential to its mission. The FDIC has identified 19 key data elements in the ViSION system that per FDIC guidance must be error free, with a required accuracy rate of 100 percent. As of August 2021, there were more than 3,200 users of the ViSION system at the FDIC, and over 900 users at the Board of Governors of the Federal Reserve System (FRB) and the State Bank Supervisors (State agencies).

The objective of our evaluation was to determine whether key supervisory information in the ViSION system was reliable, which we defined as accurate, complete, and supported by source documentation retained in the FDIC system of record. For purposes of the evaluation, we focused on 4 of the 19 key ViSION system data elements:

• FDIC ratings of banks’ safety and soundness – “Examination Ratings;”

• The date that a bank examination commenced – “Start Date;”

• The date that a bank examination was completed – “Completion Date;” and

• The date that the regulatory agency transmits the examination report to the bank – “Mail Date.”

These four key data elements are critical to the FDIC’s recordkeeping, because the FDIC relies upon these elements for: (1) Compliance with statutory requirements for examination frequency; (2) Calculation of deposit insurance assessments; (3) Internal management reporting; and (4) Reporting responsibilities to Congress and the American public.

Results

Among the four key data elements we tested in the ViSION system, we found that two data elements were not reliable. Specifically, we found an error for the Completion Date for 14 banks and an error for the Mail Date for 12 banks. As a result, the FDIC did not achieve its goal of 100 percent accuracy for the key data elements of Completion Date and Mail Date. We did not find errors for the other two data elements tested, the Examination Ratings and Start Date.

We determined that the unreliable data resulted from weaknesses in the FDIC’s procedures and practices for identifying and ensuring the quality of the Completion Date and Mail Date key data elements in the ViSION system. In particular, the FDIC did not develop and implement standard guidance for identifying and supporting Completion Dates for State-led examinations and for identifying the documentation that should be used and retained to support the Mail Date data element. Further, FDIC review procedures did not consistently detect or correct errors in a timely manner.

We also found that the risk-based assessment of ViSION system data was undocumented and outdated. The FDIC had not updated the assessment and the related guidance since 2009 to consider changes in FDIC operations and reporting that rely on ViSION system data. FDIC personnel expend resources to periodically review the key ViSION system data. Therefore, a current risk assessment and updated guidance on key data elements would help the FDIC to identify the most important data elements based on the current FDIC operating environment and reporting requirements, and focus review resources on those elements.

Recommendations

The report contains six recommendations. We recommend that the FDIC develop and implement standard guidance for the Completion Dates and Mail Dates in the ViSION system; conduct training on the guidance; and revise quality assurance procedures. In addition, we recommend that the FDIC research, and correct additional entries we found in the ViSION system that may have errors related to the Completion Date. We also recommend that the FDIC conduct a risk assessment to identify key supervisory information in the ViSION system based on the current operating environment and reporting requirements, and update the data reliability guidance for the ViSION system based on the results of the risk assessment. The FDIC concurred with all six of the report recommendations and plans to complete corrective actions by September 30, 2022.

[end of Executive Summary]

Contents

BACKGROUND

EVALUATION RESULTS

Two Data Elements in the ViSION System Were Not Reliable

The FDIC Had Not Updated the Risk Assessment of Key ViSION System Data

FDIC COMMENTS AND OIG EVALUATION

Appendices

1. Objective, Scope, Methodology

2. Acronyms and Abbreviations

3. FDIC Listing of Key Data Elements in the ViSION System

4. FDIC Comments

5. Summary of the FDIC’s Corrective Action

Table

Summary of Completion Date and Mail Date Errors for the Sample of FDIC-Supervised Institutions

[end of Contents]

[FDIC letterhead, Federal Deposit Insurance Corporation, Office of Inspector General
Audits, Evaluations, and Cyber]

November 22, 2021

Subject

Reliability of Data in the FDIC Virtual Supervisory Information on the Net System | EVAL-22-001
The Federal Deposit Insurance Corporation (FDIC) identified the Virtual Supervisory Information on the Net (ViSION) system as an FDIC mission-essential system1 that supports the FDIC’s supervision2 and insurance responsibilities and provides users with access to financial, examination, and supervisory information on financial institutions.3 As of August 2021, there were more than 3,200 users of the ViSION system at the FDIC, and over 900 users at the Board of Governors of the Federal Reserve System (FRB) and the State Bank Supervisors (State agencies).4

Footnote: 1 - According to FDIC Directive 1360.13, Information Technology Continuity Implementation Program (June 2021), a mission-essential system supports a function that is directly related to accomplishing the FDIC’s mission. The FDIC Annual Report 2020 (February 2021) states that the FDIC’s mission is to maintain stability and public confidence in the nation’s financial system by insuring deposits; examining and supervising financial institutions for safety and soundness and consumer protection; making large and complex financial institutions resolvable; and managing receiverships.

Footnote: 2 - The FDIC directly supervises and examines banks and savings associations, collectively, “financial institutions.” https://www.fdic.gov/about/what-we-do/. For purposes of our report, we also used the generic term “bank” to refer to both banks and savings associations.

Footnote: 3 - FDIC, Virtual Supervisory Information on the Net Security Profile (December 2018).

Footnote: 4 - The FDIC, the FRB, and the Office of the Comptroller of the Currency (OCC) are the primary Federal supervisors of FDIC-insured banks. 12 U.S.C. § 1813(q). State Bank Supervisors also have primary regulatory authority over State-chartered banks. 12 U.S.C. § 1813(r).

This evaluation follows an audit we conducted in 2008, wherein we found that certain supervisory information accessed through the ViSION system was not fully reliable in four areas assessed (Financial Institution Examination Ratings, Bank Secrecy Act (BSA) Examinations, Safety and Soundness Reports of Examination (ROE), and ROE Processing Dates).5 The FDIC indicated that it had addressed the recommendation from our earlier report by developing and issuing Regional Directors (RD) Memorandum 2009-044, Maintenance of Reliable Electronic Supervisory Information (October 2009), which defines and identifies key supervisory information maintained in the ViSION system and assigns responsibility for ensuring the accuracy of this information through the use of data integrity procedures.

Footnote: 5 - OIG Report, Reliability of Supervisory Information Accessed Through the Virtual Supervisory Information on the Net (ViSION) System (AUD-08-019) (September 2008). https://www.fdicoig.gov/sites/default/files/publications/08-019.pdf. The report recommended that the FDIC “conduct an assessment of supervisory information accessed through the ViSION system in order to define an acceptable accuracy rate and define controls and responsibilities over the reliability of supervisory information consistent with the results of the assessment.”

According to RD Memorandum 2009-044, the FDIC’s former Division of Supervision and Consumer Protection6 conducted a risk-based assessment of information accessed in ViSION to identify the key information that requires the highest rate of accuracy based on its mission importance and use in internal and external reports. Specifically, the RD Memorandum states that FDIC personnel evaluated ViSION system information based upon its use in, or impact on:

Footnote: 6 - In August 2010, the FDIC Board of Directors approved renaming the former Division of Supervision and Consumer Protection as the Division of Risk Management Supervision (RMS), and establishing the Division of Depositor and Consumer Protection (DCP) as a separate Division.

1) Compliance with statutory requirements for examination frequency;7

2) Calculation of deposit insurance assessments; or

3) Reporting or contractual responsibilities.

Footnote: 7 - The FDIC Rules and Regulations Frequency of Examination provision requires the FDIC “to conduct a full-scope, on-site examination of every insured state nonmember bank and insured State savings association at least once during each 12-month period.” 12 C.F.R. § 337.12(a). However, for certain small institutions, the FDIC may conduct a full-scope, on-site examination at least once during each 18-month period. 12 C.F.R. § 337.12(b).

According to the RD Memorandum, the FDIC’s risk-based assessment identified
19 key ViSION system data elements that required an accuracy rate of 100 percent. See Appendix 3 for a listing of the19 key data elements.

Our evaluation objective was to determine whether key supervisory information in the ViSION system was reliable, which we defined as accurate, complete, and supported by source documentation retained in the FDIC system of record.8 The evaluation scope included recent examinations for a stratified random sample of 127 financial institutions from the population of 3,213 FDIC-supervised institutions9 as of December 31, 2020.10

Footnote: 8 - According to RD Memorandum 2019-014-RMS, 2019-005-DCP, Regional Automated Document Distribution and Imaging System (July 2019), the FDIC uses its Regional Automated Document Distribution and Imaging System (RADD) as the official recordkeeping and electronic filing system for RMS and DCP supervisory business records.

Footnote: 9 - For purposes of our report, we defined this term to be institutions for which the FDIC is the primary federal regulator.

Footnote: 10 - Statistical sampling is the selection of a sample by some random method to obtain information or draw conclusions about a population. The sample results produce an unbiased estimate of the true error rate in the population. A stratified random sample is a statistical sampling method that divides the population into subpopulations called “strata,” and then draws a random sample from each stratum. Government Accountability Office (GAO), Using Statistical Sampling (GAO/PEMD-10.1.6) (May 1992). See Appendix 1 for details on the sampling methodology.

We conducted this evaluation in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Inspection and Evaluation. Appendix 1 contains more information regarding the evaluation objective, scope, and methodology.

BACKGROUND

The FDIC’s RMS, State agencies, and other Federal regulatory agencies11 coordinate to conduct safety and soundness examinations of banks.12 Examinations of FDIC-supervised institutions can be:

Footnote: 11 - Banks can be chartered by a State or by the OCC. State-chartered-banks can choose to join the Federal Reserve System. The FDIC RMS supervises and examines, in coordination with State agencies, State-chartered banks that do not join the Federal Reserve System. https://www.fdic.gov/about/what-we-do/. The FRB supervises and examines, in coordination with State agencies, State-chartered banks that join the Federal Reserve System. The OCC supervises and examines banks that it charters.

Footnote: 12 - A safety and soundness examination assesses an institution’s operating condition, management practices and policies, and compliance with applicable laws and regulations. FDIC Annual Report 2020 (February 2021).

• Performed solely by the FDIC (FDIC-only) or led by the FDIC and performed jointly with a State agency (Joint FDIC-led). In this report we refer to such examinations collectively as FDIC-led examinations, or

• Performed solely by a State agency (State-only) or led by a State agency and performed jointly with the FDIC (Joint State-led). In this report we refer to such examinations collectively as State-led examinations.

Examiners summarize the examination results in a ROE, and RMS personnel record information from the ROEs into the ViSION system. RMS personnel incorporate ROE data from the ViSION system into the FDIC’s National Examination Scheduling System to develop, and monitor compliance with, examination frequency schedules. RMS personnel also use the ViSION system to track bank applications, including those for new deposit insurance, mergers, and changes in control at institutions.13

Footnote: 13 - The FDIC website lists several types of applications. https://www.fdic.gov/regulations/applications/actions.html.

Personnel in the FDIC’s RMS and DCP use ViSION system data to document and monitor bank compliance with enforcement actions,14 and to report actions taken under delegated authority to the FDIC Board of Directors.15 RMS personnel also rely on ViSION system data to develop information regarding applications, enforcement actions, and examinations for the FDIC’s Annual Report to the President and Congress. Further, RMS personnel use ViSION system data to report summary information about Bank Secrecy Act (BSA) examinations and enforcement actions to the Department of the Treasury Financial Crimes Enforcement Network (FinCEN).16 RMS personnel also use ViSION system data to maintain and update data on applications and examinations the FDIC publishes on its Transparency & Accountability websites.17

Footnote: 14 - The FDIC uses formal and informal enforcement actions to address violations, unsafe or unsound practices, and other actionable misconduct exhibited by institutions. Formal actions are notices or orders issued by the FDIC against institutions and are legally enforceable. Informal actions are voluntary commitments made by the institution’s Board of Directors or institution affiliated party, and are not legally enforceable. FDIC, Formal and Informal Enforcement Actions Manual (November 2019).

Footnote: 15 - RMS personnel provide a monthly Enforcement Actions Taken Under Delegated Authority report, and DCP personnel provide a monthly Formal Enforcement Actions Issued Under Delegated Authority report, to the FDIC Board of Directors. RMS personnel provide a monthly Application Actions Taken Under Delegated Authority report to the FDIC Board of Directors.

Footnote: 16 - In September 2004, the FDIC signed a Memorandum of Understanding (MOU) with the FRB, National Credit Union Administration, FinCEN, OCC, and Office of Thrift Supervision. According to Regional Directors (RD) Memorandum 2004-051, Compliance with FinCEN Memorandum of Understanding (October 2004), one purpose of the MOU is to report to FinCEN on a quarterly basis aggregate BSA-related information “intended to help FinCEN in fulfilling its role as administrator of the BSA and to assist the FDIC in fulfilling its role as a financial institution supervisor.”

Footnote: 17 - The Transparency & Accountability websites - www.fdic.gov/transparency/bankapplications.html and www.fdic.gov/transparency/examination.html - include performance information on bank applications and bank examinations that rely on ViSION system data. According to RMS personnel, the FDIC publicly reports examination-related performance information for FDIC only examinations.

Personnel in the FDIC’s Division of Insurance and Research (DIR) incorporate safety and soundness examination rating data from the ViSION system into the Risk Related Premium System in order to calculate a bank’s quarterly deposit insurance assessment rate. The FDIC’s Financial Risk Committee18 also uses ViSION system data related to safety and soundness examination ratings in order to calculate the FDIC’s contingent loss reserve for anticipated failures.19

Footnote: 18 - The FDIC Financial Risk Committee has cross divisional representation including RMS, DIR, the Division of Finance, the Division of Resolutions and Receiverships, and the Division of Complex Institution Supervision and Resolution.

Footnote: 19 - The contingent loss reserve reflects the “probable and estimable” losses that the Deposit Insurance Fund could incur as a result of bank failures anticipated over the next 12-month period. The FDIC establishes this reserve quarterly and records it as a contingent liability for anticipated failure of insured institutions.

Key Supervisory Information Assessed During the Evaluation
For purposes of this evaluation, we focused on the following 4 of the 19 key ViSION system data elements identified by the FDIC:

• Examination Ratings: The FDIC uses the Uniform Financial Institutions Rating System to assign each financial institution a composite rating based on an evaluation of six financial and operational components, each of which is also rated.20 RMS uses this data element as a measure of risk and to help determine the frequency at which the FDIC must conduct safety and soundness examinations of an institution. Regulators may extend examination intervals from 12 to 18 months for certain institutions with favorable ratings and therefore lower risk.
21 These ratings can also help determine the frequency and intensity of bank monitoring activities between examinations, and the assessment rate to use in calculating an institution’s deposit insurance premium.22

Footnote: 20 - The component ratings reflect an institution’s capital, asset quality, management, earnings, liquidity, and sensitivity to market risk (commonly referred to as CAMELS). Examiners assign composite and component ratings based on a numerical scale from 1 to 5, with 1 indicating the highest rating.

Footnote: 21 - 12 C.F.R. § 337.12(a) and (b).

Footnote: 22 - The FDIC calculates the deposit insurance assessment rate for an individual institution using formulas that, in general, assign values to each CAMELS component and composite rating. The rate calculators are available on the FDIC website https://www.fdic.gov/resources/deposit-insurance/deposit-insurance-fund…. For small institutions in existence less than 5 years, the CAMELS ratings may not factor into the calculation of the deposit insurance assessment rate.

• Start Date: The “date that the examination commenced, typically the date when the examination team begins formal on-site examination of the financial institution.”23 RMS uses this data element to identify any delinquencies in meeting statutory requirements for examination frequency. RMS also uses this date to monitor the “examination turnaround” performance measure, which is the number of days between the start of the safety and soundness examination field work and mailing the ROE to the institution. RMS reports examination turnaround information internally to FDIC management and the FDIC reports externally to the public.24

Footnote: 23 - RMS Manual of Examination Policies 16.1, Report of Examination Instructions (December 2020).

Footnote: 24 - The FDIC reports median examination turnaround days over a 12-month-period for examinations conducted solely by FDIC personnel, and the percent of such examinations meeting a 75 day goal, on its Transparency & Accountability - Bank Examinations website.

• Completion Date: The “date the examiner formally completes the examination and submits the ROE for review.”25 RMS can use this data element to calculate the date when the next examination should start in order to comply with statutory requirements for examination frequency.26 RMS also uses this date to monitor the “examination report processing” performance measure, which is the number of days between submission of the ROE for supervisory review and mailing the ROE to the institution. RMS reports examination report processing information internally to FDIC management and the FDIC reports externally to the public.27

Footnote: 25 - RMS Manual of Examination Policies 16.1, Report of Examination Instructions (December 2020).

Footnote: 26 - According to the RMS Manual of Examination Policies, Section 1.1, “[f]or purposes of monitoring compliance with examination frequency schedules, the end of the examination is defined as the earlier of the date the [examiner-in-charge] submits the report for review, or 60 calendar days from the examination start date as defined in the Report of Examination Instructions.”

Footnote: 27 - The FDIC reports median examination report processing days over a 12-month-period for examinations conducted solely by FDIC personnel, and the percent of such examinations meeting a 45 day goal, on its Transparency & Accountability - Bank Examinations website.

• Mail Date: The date that the regulatory agency transmits the completed ROE to the financial institution.28 DIR uses this data element to determine when changes to deposit insurance assessments become effective for financial institutions. RMS also uses this date to monitor both the examination turnaround and report processing performance measures.

Footnote: 28 - RMS document titled, OIG ViSION Data Reliability Audit Information Request (February 2021).

Quality Assurance Procedures for ViSION System Data

RD Memorandum 2009-044 established responsibility for ensuring the accuracy of ViSION System data through quality assurance procedures. According to this Memorandum and RMS personnel, these quality assurance procedures include three types of review:

• Verification. A Supervisory Examiner, Field Supervisor, or Case Manager verifies key data elements that an Administrative Assistant or Examiner-in-Charge enters into the ViSION system.

• Regional Review. Each of the six FDIC Regional Offices has personnel that periodically review the accuracy of the key data elements. RMS personnel stated that the Regions conduct the reviews at varying frequencies - weekly, monthly, quarterly, semi-annually, or annually - as determined by each Region, based on the data elements reviewed.29

Footnote: 29 - For example, the Kansas City Region reviews safety and soundness examination data and application data weekly, BSA data quarterly, and enforcement action data annually. In comparison, the Atlanta and Chicago Regions review all key ViSION system data elements quarterly.

• Headquarters Review. RMS Headquarters personnel review the accuracy of the key data elements to assess the effectiveness of the quality assurance procedures in the Regions. RMS personnel perform these reviews triennially at each Regional Office.

We determined that the unreliable data occurred because the FDIC did not develop and implement standard guidance for identifying and supporting the Completion Date for State-led examinations and for identifying the documentation that should be used and retained to support the Mail Date. Further, FDIC review procedures did not consistently detect or correct errors in a timely manner. As a result, the FDIC did not achieve the requirement of 100 percent accuracy for the Completion Date and Mail Date.

We also found that the risk-based assessment of ViSION system data was undocumented and outdated, because the FDIC had not updated the assessment and the related guidance since 2009 to consider changes in FDIC operations and reporting that rely on ViSION system data.

Two Data Elements in the ViSION System Were Not Reliable

The Government Accountability Office (GAO) considers data to be “reliable,” if the data are sufficiently complete, accurate, and consistent.30 In addition, GAO recommends that records be properly documented and maintained in a manner that allows the documentation to be readily available for examination.31

Footnote: 30 - GAO focuses on the reliability of data in terms of completeness and accuracy. However, GAO considers consistency as another data quality consideration when assessing reliability, and refers to consistent data as data that is “sufficiently clear and well defined to yield comparable results in similar analyses.” GAO, Assessing Data Reliability (GAO-20-283G) (December 2019).

Footnote: 31 - GAO, Standards for Internal Control in the Federal Government (GAO-14-704G) (September 2014).

Our review of the supporting documentation for recent examinations for the sample of 127 FDIC-supervised financial institutions found that the Completion Dates and Mail Dates in the ViSION system were not reliable. Because of the importance of these two dates, the FDIC requires that these data elements be 100 percent accurate. We did not find errors for the other two ViSION system data elements we tested, the Examination Ratings and Start Date.

The Table below summarizes the number of institutions we found that had an examination with an error for the ViSION system Completion Date or the Mail Date data element. We defined an error as a date that did not align with supporting documentation or did not have supporting documentation in the FDIC’s RADD system. The Table shows the errors for each data element related to FDIC-led examinations or State-led examinations, as well as the combined total for both. The following Table also includes the estimated error rates and the 95 percent confidence
interval for those error rates given as the “lower limit error rate” and the “upper limit error rate.”32

Footnote: 32 - The estimated error rate takes into account the different probabilities of selection for the small and large institution strata in the stratified random sample and is unbiased, as discussed in Appendix 1. A 95 percent confidence interval is a range of values that you can be 95 percent confident contains the true error rate of the population sampled. The low end of that range of values is referred to as the “lower limit” and the high end of that range of values is referred to as the “upper limit.” The lower limit error rate represents the lowest potential error and the upper limit error rate represents the highest potential error in the population of FDIC-supervised institutions, with 95 percent confidence.

Table: Summary of Completion Date and Mail Date Errors for the Sample of FDIC-Supervised Institutions

Row 1;
Completion Date;
Data Element and Lead Examination Authority: FDIC-led Examinations(1);
Institutions with an Error: 1;
Estimated Error Rate(3): 0.08%;
Lower Limit Error Rate: 0.01%;
Upper Limit Error Rate: 4.79%;

Row 2;
Completion Date;
Data Element and Lead Examination Authority: State-led Examinations(2);
Institutions with an Error: 13;
Estimated Error Rate(3): 27.87%;
Lower Limit Error Rate: 16.90%;
Upper Limit Error Rate: 42.33%;

Row 3;
Data Element and Lead Examination Authority: Errors and Error Rates;
Institutions with an Error: 14;
Estimated Error Rate(3): 13%;
Lower Limit Error Rate: 7%;
Upper Limit Error Rate: 21%;

Row 4;
Mail Date;
Data Element and Lead Examination Authority: FDIC-led Examinations(1);
Institutions with an Error: 10;
Estimated Error Rate(3): 13.41%;
Lower Limit Error Rate: 6.74%;
Upper Limit Error Rate: 24.90%;

Row 5;
Mail Date;
Data Element and Lead Examination Authority: State-led Examinations(2);
Institutions with an Error: 2;
Estimated Error Rate(3): 4.63%;
Lower Limit Error Rate: 1.30%;
Upper Limit Error Rate: 15.14%;

Row 6;
Data Element and Lead Examination Authority: ….Errors and Error Rates;
Institutions with an Error: 12;
Estimated Error Rate(3): 9%;
Lower Limit Error Rate: 5%;
Upper Limit Error Rate: 17%;

Source: OIG consolidated summary based on a stratified random sample of 95 small and 32 large institutions, and projected results to a population of 3,213 FDIC-supervised institutions as of December 31, 2020. We rounded the overall error rates to the nearest whole percent.

(1) Includes FDIC-only and Joint FDIC-led examinations for the small and large institution strata.

(2) Includes State-only and Joint State-led examinations for the small and large institution strata.

(3) The estimated error rate weights the sample data from the small and large institution strata to take into account the different probabilities of selection for the two strata and is unbiased, as discussed in Appendix 1.

[end of table]

Unreliable Completion Dates

We found an error related to the ViSION system Completion Date for 14 institutions, which went undetected by supervisors, and in some cases, by Regional reviews. Projecting these results to the population of 3,213 FDIC-supervised institutions, we determined with 95 percent confidence that the overall error rate for this data element could be as low as 7 percent or as high as 21 percent, with an estimated error rate of 13 percent. Thus, the Completion Date was not reliable in the ViSION system, particularly because the FDIC’s guidance required the data to be error-free, with 100 percent accuracy.

The majority of Completion Date errors (13 of 14 errors) were related to State-led examinations. For State-led examinations, RMS Case Managers or support staff manually enter the Completion Dates into the ViSION system after receipt of the ROE and related documentation from the State agencies.

• For 5 of the 14 Completion Date errors, RMS personnel erroneously entered the Mail Date as the Completion Date in the ViSION system for these State-only examinations. In all five cases, the ROE-related documents supported a Completion Date that was earlier than the Mail date.

• In 5 other instances, RMS personnel stated that they used various information to support a Completion Date in the ViSION system; however, supporting documentation was not retained or was not in the RADD system.

• For the remaining 4 errors, RMS personnel stated that they were caused by RMS personnel making typographical or other mistakes.

We determined that RMS did not develop and implement standard guidance for identifying the Completion Date to record in the ViSION system for State-led examinations, when the State ROE does not provide this date. According to RMS practice, its personnel should use the date of the examination exit meeting in such instances.33 Additionally, three of the six FDIC Regions had a practice of using the Mail Date as the Completion Date, if ROE-related documents did not contain a completion or exit meeting date.34

Footnote: 33 - According to the RMS Manual of Examination Policies, examiners are expected to hold an exit meeting with bank management prior to the end of the examination to discuss examination findings and obtain management comments on the findings. Examiners then incorporate management comments on the findings into the report of examination. The ROE template includes a section titled “Meetings with Management and the Board of Directors,” which examiners use to document the exit meeting.

Footnote: 34 - The Atlanta, Chicago, and San Francisco Regions had this practice while the Dallas, Kansas City, and New York Regions did not have this practice.

Adding to the challenge of identifying the correct Completion Date, the State examiners did not consistently document the Completion Date in ROE-related documents. For example, we found that one State-only ROE in our sample did not identify an examination Completion Date at all, and five others used terms such as “Report Complete Date” or “Examination Conclusion Date,” which RMS personnel recorded in the ViSION system as the examination Completion Date.

As described in more detail below, incorrect Completion Dates can impact FDIC examination frequency scheduling decisions and monitoring of FDIC examination performance. Developing and implementing standard guidance for identifying Completion Dates for State-led examinations for recording in the ViSION system would help ensure the reliability of the data, by facilitating consistent understanding and application of the guidance. Coordinating with State agencies to facilitate more consistent identification of the examination Completion Date would further improve the reliability of this ViSION system data element.

Based on the five errors we found in our sample wherein RMS personnel mistakenly used the examination Mail Date as the Completion Date, we compared ViSION Completion and Mail Dates for all State-only examinations started during the years 2019 through 2020. In doing so, we found an additional 155 State-only examinations of FDIC-supervised institutions that had the same date recorded for the examination Completion and Mail Dates.35 On May 20, 2021, we provided RMS personnel a list of all the State-only examinations we found in the ViSION system for which the Completion and Mail Dates were the same, and requested that they research these examinations and correct any ViSION system data that RMS found to be inaccurate.

Footnote: 35 - The 155 examinations were outside the scope of the most recent examinations we evaluated for the stratified random sample of 127 FDIC-supervised institutions.

Unreliable Mail Dates

We found an error related to the ViSION system Mail Date for 12 institutions, which went undetected by supervisors, and in one case, by the Regional review. Projecting these results to the population of 3,213 FDIC-supervised institutions, we determined with 95 percent confidence that the overall error rate for this data element could be as low as 5 percent or as high as 17 percent, with an estimated error rate of 9 percent. Thus, the Mail Date was not reliable in the ViSION system, particularly because the FDIC required the data to be error-free, with 100 percent accuracy.

According to RMS practice, its personnel should manually enter the Mail Date based on the ROE “transmittal letter” to the bank. Eight of the 12 identified errors involved a one business-day difference between the date on the transmittal letter and the Mail Date recorded in the ViSION system. RMS personnel advised that in most of these cases, the ROE transmittal letter was dated one day, but the ROE was not mailed to the bank until the next business day. RMS personnel retained in RADD the transmittal letter to support the examination Mail Date instead of retaining the relevant documentation to support the date the ROE was actually transmitted to the institution. We therefore determined that RMS did not develop and implement standard guidance for identifying the documentation that should be consistently used and retained to support the Mail Date data element.

RMS personnel stated that the remaining four Mail Date errors were the result of mistakes or oversights. As described in more detail below, incorrect Mail Dates could potentially affect DIR calculation of deposit insurance assessment rates and RMS monitoring of FDIC examination performance.

Inadequate Review Procedures

We found that although RMS had established certain review procedures, some of the Completion and Mail Date errors in our sample indicated that the verification procedure was either not performed or was not effective in detecting and correcting those errors. In addition, the Regional reviews did not detect one Completion Date and one Mail Date error, or correct in a timely manner one Completion Date error that we found during our review. Further, four of the six FDIC Regions reviewed 100 percent of their safety and soundness examinations for correct Completion and Mail dates, while two Regions reviewed only a sample of examinations.36 Four errors in our sample were not detected because the related examinations had not been reviewed by those two Regions.

Footnote: 36 - The Atlanta, Dallas, Kansas City, and San Francisco Regions reviewed 100 percent of safety and soundness examinations, while the Chicago and New York Regions reviewed samples of safety and soundness examinations.

Further, as described earlier in this report, the Regions conducted reviews weekly, monthly, quarterly, semi-annually, or annually as determined by each Region, based on the data elements reviewed. RMS Dallas Region personnel stated they conducted a semi-annual review concurrent with the OIG evaluation. However, due to the multiple steps involved in the review process, the Dallas Region had not yet corrected all ViSION data errors prior to OIG identification. As a result, RMS personnel stated the Dallas Region subsequently changed from a semi-annual to a weekly review to facilitate quicker identification and remedy of any potential exceptions. The FDIC should determine if there is a need for more consistency in the timing of reviews across all Regions.

Lastly, as stated above, RMS personnel in three Regions were instructed to use the Mail Date as the Completion Date for State examinations in limited circumstances, while RMS personnel in the other three Regions were not instructed to use the Mail Date as the Completion Date. However, we found a large number of State-only examinations where the Completion Date was the same as the Mail Date in the ViSION system, including five errors for our sample institutions. The prevalence of such examinations indicates the Regional review procedures may not consistently identify and check such instances for potential errors.

Effect of Unreliable Completion and Mail Dates

The FDIC requires 100 percent accuracy for the Completion Date and Mail Date data elements. RMS uses the Completion Date to calculate the date the next examination should start in order for the FDIC to comply with examination frequency requirements. The FDIC reports its compliance with these requirements in its Annual Report. Unreliable Completion Dates may increase the risk of a late examination start and thereby noncompliance with statutory requirements for examination frequency. We did not find that the errors for the Completion Dates resulted in a late examination start.

DIR uses the Mail Date to determine when deposit insurance assessment pricing changes become effective for financial institutions. Unreliable mail dates may increase the risk of incorrect deposit insurance assessments, because they may result in the FDIC applying a new deposit insurance assessment rate too early or too late. However, we did not identify incorrect deposit insurance assessments based on the Mail Date errors for our sample.

As described earlier in the report, RMS uses both the Completion Date and Mail Date to monitor FDIC examination performance, including reporting to FDIC management and publication on the Transparency & Accountability – Bank Examinations website. While any incorrect Completion Date or Mail Date would affect the data used to monitor FDIC examination performance, we did not find that the errors identified in our testing would significantly impact reporting of FDIC examination performance information.

Recommendations

We recommend that the Director, Division of Risk Management Supervision:

1. Develop and implement standard guidance for identifying and supporting examination Completion and Mail Dates for recording in the ViSION system.

2. Develop and conduct training on the updated guidance, including the importance of verification procedures to detect errors in key ViSION system data.

3. Revise data quality assurance procedures to ensure reviews consistently detect and correct in a timely manner errors in ViSION system Completion and Mail Dates.

4. Assess the 155 additional entries in the ViSION system where the FDIC records indicated that the Completion Date was the same as the Mail Date, and correct any errors identified in ViSION system data.

The FDIC Had Not Updated the Risk Assessment of Key ViSION System Data

According to FDIC Directive 4010.3, Enterprise Risk Management and Internal Control Program (October 2018), management should ensure policies, procedures, and control activities are regularly monitored and updated to ensure strong controls are in place and risks have been addressed. In addition, GAO’s Standards for Internal Control in the Federal Government states that management should periodically review policies, procedures, and related control activities for continued relevance and effectiveness in achieving the entity’s objectives or addressing related risks.

The FDIC guidance document dated 2009, RD Memorandum 2009-044, references a risk assessment that identified the 19 key ViSION system data elements requiring the highest rate of accuracy based on their mission importance, or use in external and internal reports. Following our request, RMS personnel indicated that they could not locate the risk assessment. In addition, the FDIC had not updated the risk assessment and related guidance since 2009, in order to consider changes in the FDIC’s operations and reporting that rely on ViSION system data. For example, as previously stated in this report, the former Division of Supervision and Consumer Protection is now operating as two divisions – RMS and DCP.

As an example of changes in reporting, the FDIC Chairman launched an FDIC Trust Through Transparency initiative in 2018. This initiative led to the creation of public Transparency & Accountability – Bank Applications and Transparency & Accountability – Bank Examinations websites that report application and examination-related performance information. This initiative also led to an Application Search Tool37 that allows the public to obtain information about FDIC actions taken on specific bank applications. Both the websites and the tool rely on ViSION system data.

Footnote: 37 - https://www.fdic.gov/regulations/applications/actions.html.

In the absence of a risk assessment, RMS personnel documented for us their understanding of the significance of the 19 key ViSION system data elements identified in RD Memorandum 2009-044. Of note, RMS personnel considered certain data elements related to enforcement actions, applications, and BSA examinations to be “significant,” in part, because they affected internal and external reporting, such as:

• Enforcement Actions Taken Under Delegated Authority and Application Actions Taken Under Delegated Authority monthly reports to the FDIC Board of Directors;

• FDIC Annual Report;

• Transparency & Accountability websites and Application Search Tool; and

• Memorandum of Understanding Section II.C. Federal Deposit Insurance Corporation Quarterly Report provided to FinCEN.

However, we found important relevant factors related to the FDIC’s current operating environment that FDIC personnel might not have considered in the determination of key data elements in 2009. For example, the following information may be relied upon frequently for internal and external reporting and therefore could be key data elements to include in an updated risk assessment:

• Application Type, Received Date, and Accepted Date. The Application Actions Taken Under Delegated Authority reports, the Application Search Tool, and the Transparency & Accountability - Bank Applications website rely on these ViSION system data. The FDIC Annual Report 2020 also reports on an FDIC timeliness goal that relies on the Accepted Date.38

Footnote: 38 - The FDIC has established a goal of acting on 75 percent of deposit insurance applications within 120 days after the application is accepted as substantially complete. FDIC Annual Report 2020 (February 2021).

• Civil Money Penalty (CMP)39 Amount. The RMS and DCP monthly reports to the FDIC Board on enforcement actions taken under delegated authority rely on these ViSION system data.

Footnote: 39 - A CMP is a type of formal enforcement action imposed to punish an institution for misconduct involving violations, practices, or breaches, and to create, by example, a disincentive for similar misconduct by others. An institution pays CMPs to the U.S. Treasury. FDIC, Formal and Informal Enforcement Actions Manual (November 2019).

• Enforcement Action Basis Type.40 The RMS and DCP monthly reports to the FDIC Board on enforcement actions taken under delegated authority and the FDIC Annual Report 2020 rely on these ViSION system data. In addition, if the enforcement action basis type in the ViSION system has an entry of “BSA,” the FDIC should include the enforcement action in the total figures on the quarterly report to FinCEN.41

Footnote: 40 - The enforcement action basis type is the event that resulted in the FDIC taking its enforcement action. These events may include safety and soundness, BSA, information technology, and compliance examinations that identified the deficiencies addressed in the enforcement action.

Footnote: 41 - The FDIC quarterly reports to FinCEN include the “[n]umber of terminated enforcement actions by category [informal or formal] that addressed BSA compliance under either Title 12 or Title 31 of the United States Code.”

• Examinations with Bank Secrecy Act/Anti-Money Laundering Compliance Program42 or Pillar43 Violations. The Transparency & Accountability - Bank Examinations website relies on these ViSION system data.

Footnote: 42 - Bank Secrecy Act/Anti-Money Laundering compliance program requirements are set forth in 31 U.S.C. § 5318(h), and clarifying regulations issued by the Department of the Treasury at 31 C.F.R. § 1020.210(a) and the FDIC at 12 C.F.R. § 326.8(c).

Footnote: 43 - The FDIC refers to each of the components of a Bank Secrecy Act/Anti-Money Laundering compliance program as a “pillar.” FDIC, Formal and Informal Enforcement Actions Manual (November 2019).

In addition, an ongoing OIG assignment on the FDIC’s termination of Bank Secrecy Act/Anti-Money Laundering Consent Orders included a review of data in the ViSION system. As part of that ongoing review, we found that two FDIC quarterly reports to FinCEN contained the incorrect number of terminated enforcement actions, because RMS personnel incorrectly recorded the underlying Bank Secrecy Act/Anti-Money Laundering Consent Order termination data for three Consent Orders in the ViSION system.44 Therefore, an updated risk assessment should consider the data elements underlying the totals reported to FinCEN.45

Footnote: 44 - In August 2020, RMS personnel stated that once it was discovered that the termination of three Consent Orders was not reported to FinCEN, RMS notified FinCEN of the terminations.

Footnote: 45 - See Appendix 3 for a list of the seven BSA-related totals the FDIC reports to FinCEN.

Lastly, when updating the risk assessment, the FDIC should address the current significance of the data elements. The information below indicates that at least 2 of the 19 key ViSION system data elements, or aspects of them, may not be significant enough to require 100 percent accuracy in the current operating environment.

• Enforcement Action Issued Date and Effective Date. We found that these dates are usually the same for formal enforcement actions.46 For example, of the 538 formal enforcement action documents issued to FDIC-insured institutions from January 1, 2018 to May 31, 2021, only 16 (3 percent) had an effective date that differed from the issued date. In addition, the DCP Formal Enforcement Actions Issued Under Delegated Authority reports to the FDIC Board did not include the Effective Date, indicating this date may not be as significant as the Issued Date.

Footnote: 46 - Formal enforcement actions include, among others, a Cease and Desist Order, a CMP, and a Restitution Order.

• Civil Money Penalty Reason Code. RMS personnel stated that this key data element is not used for Risk Management CMPs. Of the 75 CMP orders in the ViSION system issued to FDIC-supervised institutions from January 1, 2018 to May 31, 2021, 36 (48 percent) related to Risk Management CMPs issued by RMS and the remaining 39 related to Compliance CMPs issued by DCP. The majority (79 percent) of the CMP Reason Codes recorded in the ViSION system during this period were “Flood Insurance Act.”

RMS personnel expend resources to review key ViSION system data; therefore, the FDIC should periodically ensure that the review process addresses the information that has the most significant impact on the FDIC. A current risk assessment and updated guidance on key data elements would help the FDIC to identify the most important data elements based on the current FDIC operating environment and reporting requirements, and focus review resources on those elements.

Recommendations

We recommend that the Director, Division of Risk Management Supervision:

5. Conduct a risk assessment to identify key supervisory information in the ViSION system based on the current operating environment and reporting requirements.

6. Revise and update FDIC data reliability guidance for the ViSION system based on the results of the risk assessment.

FDIC COMMENTS AND OIG EVALUATION

On October 29, 2021, the FDIC Director, Division of Risk Management Supervision, provided a written response to a draft of the report which is included in its entirety in Appendix 4. The FDIC concurred with all six of the report recommendations. The recommendations will remain open until we confirm that corrective actions have been completed and are responsive. A summary of the FDIC’s corrective actions is in Appendix 5.

Appendix 1

Objective, Scope, and Methodology

Objective

The evaluation objective was to determine whether key supervisory information in the ViSION system was reliable, which we defined as accurate, complete, and supported by source documentation retained in the FDIC system of record.

We performed our work remotely from March 2021 through June 2021. We conducted our work in accordance with the Council of the Inspectors General on Integrity and Efficiency’s Quality Standards for Inspection and Evaluation.

Scope and Methodology

Our scope included FDIC-supervised financial institutions. We excluded from the scope institutions supervised by the FRB and the OCC, because information in the ViSION system for these institutions did not impact FDIC examination frequency scheduling decisions or FDIC examination performance measurement.

We divided the FDIC-supervised financial institutions into two strata based on asset size: large institutions with more than $10 billion in assets, and small institutions with $10 billion or less in assets as of December 31, 2020. We used two strata because the FDIC calculates the deposit insurance assessment rates differently for large and small institutions. We coordinated with a DIR statistician to select a stratified random sample of institutions from a population of 3,213 institutions, comprised of 46 large and 3,167 small institutions. We excluded from this population the six FDIC-supervised branches of foreign banks and eight newly insured FDIC-supervised institutions that did not have CAMELS ratings in the ViSION system as of December 31, 2020.

The DIR Statistician determined the sample sizes for the two strata using a 95 percent confidence-level assuming a 10 percent population proportion of errors for any given data item, and using a 5 percent margin of error for a one-sided confidence interval. The probability of selection was different for the two strata, and the estimated error rates given previously in the Table of this report account for this, providing unbiased estimation. The resulting sample included:

• 95 small FDIC-supervised institutions.

• 32 large FDIC-supervised institutions.

We selected for testing 4 of the 19 key ViSION system data elements identified by the FDIC: (1) Examination Ratings, (2) Start Date, (3) Completion Date, and (4) Mail Date. We chose these elements because the FDIC required them to be 100 percent accurate, and they were used in, or impacted, at least two of the following:

• The calculation of deposit insurance assessments;

• Compliance with statutory requirements for examination frequency; and

• Internal and external reporting responsibilities.

Methodology

To address our evaluation objective we:

• Interviewed FDIC Headquarters and Regional Office personnel, including:

o RMS personnel responsible for maintaining the 19 key ViSION system data elements;

o RMS and DIR personnel responsible for using selected ViSION system data; and

o RMS personnel responsible for reviewing ViSION system data accuracy.

• Identified the process for recording data into the ViSION system using documents located in the RADD system and other records.

• Reviewed the results of periodic quality assurance reviews to determine how RMS Regional Office and Headquarters personnel tested the key data elements.

• Reviewed the FDIC Risk Inventory (June 2021) to determine if there were any Agency risks related to the objective.

• Selected 4 of the 19 key ViSION system data elements to review for the most recent examination of each sample institution that was completed and mailed as of December 31, 2020. We also reviewed examinations started in 2020 for three sampled institutions for which we found the Completion Date and the Mail Date were the same.

• Downloaded data from the ViSION system on March 26, 2021, for testing the selected key data elements.

• Obtained documents stored electronically in the RADD system, such as Reports of Examination, transmittal letters, and other correspondence, for each examination we reviewed.

• Compared the Examination Ratings, Start Date, Completion Date, and Mail Date in the ViSION system to source documents in the RADD system and in other records, as warranted, for each examination we reviewed.

• Coordinated with RMS personnel to determine the cause of errors we identified in the tested data elements.

• Coordinated with the DIR Statistician to project the sample results to the population of FDIC-supervised institutions.

• Identified all safety and soundness examinations with a Start Date after December 31, 2018 and a Completion Date and Mail Date that were the same in the ViSION system.

• Assessed the risk related to certain ViSION system data elements that the FDIC uses for important internal and external reporting.

We reviewed the following FDIC policies and guidance related to documenting and storing key data elements in the ViSION and RADD systems.

• Regional Directors Memoranda, 2009-044 Maintenance of Reliable Electronic Supervisory Information (October 2009) and 2019-014 Regional Automated Document Distribution and Imaging System (July 2019).

• Case Manager Procedures, Section 3.1 FDIC Full Scope Reports (April 2021), Section 3.3 State Reports for FDIC Supervised Institutions (February 2021), and Section 3.9 Summary Analysis of Examination Report (February 2021).

• RMS Manual of Examination Policies, Section 1.1 Basic Examination Concepts and Guidelines (February 2021) and Section 16.1 Report of Examination Instructions (December 2020).

Appendix 2

Acronyms and Abbreviations

BSA - Bank Secrecy Act

CAMELS - Capital, Asset Quality, Management, Earnings, Liquidity, and Sensitivity to Market Risk

CMP - Civil Money Penalty

DCP - Division of Depositor and Consumer Protection

DIR - Division of Insurance and Research

FDIC - Federal Deposit Insurance Corporation

FinCEN - Department of the Treasury Financial Crimes Enforcement Network

FRB - Board of Governors of the Federal Reserve System

GAO - Government Accountability Office

MOU - Memorandum of Understanding

OCC - Office of the Comptroller of the Currency

OIG - Office of Inspector General

RADD - Regional Automated Document Distribution and Imaging System

RD - Regional Directors

RMS - Division of Risk Management Supervision

ROE - Report of Examination

ViSION - Virtual Supervisory Information on the Net System

Appendix 3

FDIC Listing of Key Data Elements in the ViSION System

Regional Directors Memorandum 2009-044 identified 19 key data elements in the ViSION system deemed to be significantly important and requiring the highest rate of accuracy. The FDIC’s list of 19 key data elements is provided below.

Row 1;
Category: Examination Ratings;
Item No.: 1;
Information: Capital, Asset Quality, Management, Earnings, Liquidity, Sensitivity to Market Risk, and Composite Ratings;

Row 2;
Category: Report of Examination Processing Dates;
Item No.: 2;
Information: Safety and Soundness Examination Start Date;

Row 3;
Category: Report of Examination Processing Dates;
Item No.: 3;
Information: Safety and Soundness Examination Completion Date;

Row 4;
Category: Report of Examination Processing Dates;
Item No.: ;
Information: Safety and Soundness Examination Mail Date;

Row 5;
Category: Bank Secrecy Act Examination information reported to the Financial Crimes Enforcement Network;
Item No.: 5;
Information: Number of BSA examinations conducted by FDIC or Joint with State.;

Row 6;
Category: Bank Secrecy Act Examination information reported to the Financial Crimes Enforcement Network;
Item No.: 6;
Information: Number of BSA examinations conducted by State.;

Row 7;
Category: Bank Secrecy Act Examination information reported to the Financial Crimes Enforcement Network;
Item No.: 7;
Information: Number of BSA examinations or visitations conducted outside the agency’s established BSA examination cycle.;

Row 8;
Category: Bank Secrecy Act Examination information reported to the Financial Crimes Enforcement Network;
Item No.: 8;
Information: Number of banking organizations cited for BSA violations.;

Row 9;
Category: Bank Secrecy Act Examination information reported to the Financial Crimes Enforcement Network;
Item No.: 9;
Information: Number and Type of BSA violations cited.;

Row 10;
Category: Bank Secrecy Act Examination information reported to the Financial Crimes Enforcement Network;
Item No.: 10;
Information: Number of enforcement actions by category.;

Row 11;
Category: Bank Secrecy Act Examination information reported to the Financial Crimes Enforcement Network;
Item No.: 11;
Information: Number of terminated enforcement actions.;

Row 12;
Category: Enforcement Actions;
Item No.: 12;
Information: Nature of Action;

Row 13;
Category: Enforcement Actions;
Item No.: 13;
Information: Issued Date;

Row 14;
Category: Enforcement Actions;
Item No.: 14;
Information: Effective Date;

Row 15;
Category: Enforcement Actions;
Item No.: 15;
Information: Action Closed Date;

Row 16;
Category: Enforcement Actions;
Item No.: 16;
Information: Issuer;

Row 17;
Category: Enforcement Actions;
Item No.: 17;
Information: Civil Money Penalty (CMP) Reason Code;

Row 18;
Category: Application Tracking;
Item No.: 18;
Information: Regional Office/Field Office Processing Action Taken;

Row 19;
Category: Application Tracking;
Item No.: 18;
Information: Washington Office Action Taken;

Row 20;
Category: Application Tracking;
Item No.: 19;
Information: Regional Office/Field Office Processing Action Date;

Row 21;
Category: Application Tracking;
Item No.: 19;
Information: Washington Office Action Date;

Appendix 4

FDIC Comments

[FDIC Letterhead, Division of Risk Management Supervision, 550 17th Street NW, Washington, D.C. 20429-9990]

DATE:    October 29, 2021

TO:    Terry L. Gibson, Assistant Inspector General, Program Audits and Evaluations FDIC Office of Inspect General
 
FROM:    Doreen R. Eberley Director

SUBJECT: OIG Draft Evaluation Report – Reliability of Data in the FDIC Virtual Supervisory Information on the Net System (#2021-005)

This memorandum responds to the draft evaluation report (Draft Report) for assignment No. 2021-005. The Draft Report evaluated data reliability of key supervisory information in the ViSION system, focusing on four of nineteen data elements for which the Division of Risk Management Supervision (RMS) has established an accuracy rate of 100 percent.

The Draft Report identifies isolated data entry exceptions, none of which impacted examination scheduling, deposit insurance assessments, or examination performance reports. As described in the Draft Report, most of exceptions related to state-led examinations. These exceptions were caused by inconsistencies in the way various states provide information regarding report processing to the FDIC and a lack of granularity in FDIC’s instructions for handling these inconsistencies. The FDIC is committed to ensuring key supervisory information maintained in the ViSION system is reliable and agrees with the recommendations detailed below. FDIC also notes that it is in the process of replacing the functionality of the ViSION system with modernized business processes that will not require as much manual computer entry as the current system, thereby reducing the potential for human error.

Recommendation 1 – Develop and implement standard guidance for identifying and supporting examination Completion and Mail Dates for recording in the ViSION system.

The FDIC is in the process of evaluating and updating instructions for identifying and supporting State examination Completion Dates and Mail Dates in the ViSION system. These updates will be communicated to staff via a regional director notice by March 31, 2022.

Recommendation 2 – Develop and conduct training on the updated guidance, including the importance of verification procedures to detect errors in key ViSION system data.

The FDIC is in the process of evaluating and updating instructions and quality assurance procedures for the entry of data into the ViSION system. Revised policy and data verification instructions will be used to train RMS staff responsible for these functions. Such training will be conducted by April 30, 2022.

Recommendation 3 – Revise data quality assurance procedures to ensure reviews consistently detect and correct in a timely manner errors in ViSION system Completion and Mail Dates.

The FDIC is in the process of evaluating and revising ViSION system data quality assurance procedures to provide for timely detection and correction of errors in Completion and Mail Dates. The FDIC is committed to leveraging technological and automation processes to improve our ViSION data integrity capabilities. Revised procedures for data quality assurance will be issued by June 30, 2022.

Recommendation 4 – Assess the 155 additional entries in the ViSION system where the FDIC records indicated that the Completion Date was the same as the Mail Date, and correct any errors identified in ViSION system data.

Following issuance of the aforementioned revisions to policy and procedures, the FDIC will assess the referenced State examination ViSION system entries for accuracy in the context of the new policy and procedures, and correct any identified errors by April 30, 2022.

Recommendation 5 – Conduct a risk assessment to identify key supervisory information in the ViSION system based on the current operating environment and reporting requirements. (p. 17)

The FDIC will conduct a ViSION system data risk assessment to re-evaluate and identify the key supervisory information that has the most impact on FDIC’s operation and reporting, and will complete a ViSION system data risk assessment report by June 30, 2022.

Recommendation 6 – Revise and update FDIC data reliability guidance for the ViSION system based on the results of the risk assessment. (p. 17)

Based on the results of the risk assessment discussed in Recommendation 5, RMS will issue updated instructions regarding data validation processes in the ViSION system by September 30, 2022.

Appendix 5

Summary of the FDIC’s Corrective Actions

This table presents management’s response to the recommendations in the report and the status of the recommendations as of the date of report issuance.

Row 1;
Rec. No.: 1;
Corrective Action- Taken or Planned: The FDIC is evaluating and updating instructions for identifying and supporting State examination Completion Dates and Mail Dates in the ViSION system. These updates will be communicated to staff via a regional director notice.;
Expected Completion Date: March 31, 2022;
Monetary Benefits: $0;
Resolved:a Yes or No: Yes;
Open or Closedb: Open;

Row 2;
Rec. No.: 2;
Corrective Action- Taken or Planned: The FDIC is evaluating and updating instructions and quality assurance procedures for the entry of data into the ViSION system. Revised policy and data verification instructions will be used to train RMS staff responsible for these functions.;
Expected Completion Date: April 30, 2022;
Monetary Benefits: $0;
Resolved:a Yes or No: Yes;
Open or Closedb: Open;

Row 3;
Rec. No.: 3;
Corrective Action- Taken or Planned: The FDIC is evaluating and revising ViSION system data quality assurance procedures to provide for timely detection and correction of errors in Completion and Mail Dates. The FDIC plans to leverage technological and automation processes to improve ViSION data integrity capabilities.;
Expected Completion Date: June 30, 2022;
Monetary Benefits: $0;
Resolved:a Yes or No: Yes;
Open or Closedb: Open;

Row 4;
Rec. No.: 4;
Corrective Action- Taken or Planned: The FDIC will assess the 155 additional entries in the ViSION system where the FDIC records indicated that the Completion Date was the same as the Mail Date for accuracy in context of the new policy and procedures, and correct any identified errors.;
Expected Completion Date: April 30, 2022;
Monetary Benefits: $0;
Resolved:a Yes or No: Yes;
Open or Closedb: Open;

Row 5;
Rec. No.: 5;
Corrective Action- Taken or Planned: The FDIC will conduct a ViSION system data risk assessment to re-evaluate and identify the key supervisory information that has the most impact on FDIC’s operations and reporting.;
Expected Completion Date: June 30, 2022;
Monetary Benefits: $0;
Resolved:a Yes or No: Yes;
Open or Closedb: Open;

Row 6;
Rec. No.: 6;
Corrective Action- Taken or Planned: The FDIC will issue updated instructions regarding data validation processes in the ViSION system based on the results of the risk assessment discussed in Recommendation 5.;
Expected Completion Date: September 30, 2022;
Monetary Benefits: $0;
Resolved:a Yes or No: Yes;
Open or Closedb: Open;

a Recommendations are resolved when —

1. Management concurs with the recommendation, and the planned, ongoing, and completed corrective action is consistent with the recommendation.

2. Management does not concur with the recommendation, but alternative action meets the intent of the recommendation.

3. Management agrees to the OIG monetary benefits, or a different amount, or no ($0) amount. Monetary benefits are considered resolved as long as management provides an amount.

b Recommendations will be closed when the OIG confirms that corrective actions have been completed and are responsive.

[end of table]

[end of report]

Federal Deposit Insurance Corporation

Office of Inspector General

3501 Fairfax Drive, Room VS-E-9068, Arlington, VA 22226, (703) 562-2035

The OIG’s mission is to prevent, deter, and detect waste, fraud, abuse, and misconduct in FDIC programs and operations; and to promote economy, efficiency, and effectiveness at the agency.