Home > News & Events > Financial Institution Letters




Inactive Financial Institution Letters


COMPLIANCE EXAMINATION PROCEDURES

FIL-52-2003
June 20, 2003

TO: CHIEF EXECUTIVE (also of interest to Compliance Officer)
SUBJECT: Revised Compliance Examination Process
Summary: The Federal Deposit Insurance Corporation (FDIC) has revised its process for examining FDIC-supervised depository institutions to determine their compliance with consumer protection laws and regulations. The revised process focuses increased attention on an institution's compliance management system. Examiners will begin to use these procedures for all examinations for which an on-site review is scheduled to begin on or after June 30, 2003.

The Federal Deposit Insurance Corporation has revised its approach to examining institutions for compliance with consumer protection laws and regulations. Under the new approach, FDIC compliance examinations will combine the risk-based examination process it now employs with an in-depth evaluation of an institution’s compliance management system, resulting in a top-down, risk-focused approach to examinations.   Examiners will start using the new approach for examinations for which an on-site review is scheduled to begin on or after June 30, 2003. 

The revised examination process will not affect the current approach to examining fair lending compliance (although the approaches are similar), or evaluating Community Reinvestment Act performance. 

In the mid-1990s, the FDIC introduced risk-scoping in the compliance examination process.  Transaction testing was reduced or eliminated based upon an assessment of the risk of noncompliance in a particular area.  That re-engineering effort improved both efficiency and effectiveness.  However, experience has shown that further gains are possible.  The new examination approach recognizes that the banking industry’s compliance responsibilities continue to grow and become more complex with changes in financial products and services, and in their delivery systems.  Moreover, by focusing on the institution’s compliance program, emphasis is placed on the institution’s responsibility to ensure it complies with consumer protection laws.  Over time, the approach may reduce the amount of time examiners spend at well-managed institutions, allowing the agency to spend more time supervising institutions with weak compliance management systems.

Focus on Compliance Management

To help financial institutions prepare for compliance examinations under the new process, the FDIC has prepared the attached two chapters that will be incorporated into the FDIC Compliance Examination Manual.  The first, "Overview of the Compliance Examination," provides a general description of the FDIC compliance examination under the revised examination procedures.  The second, "Compliance Management System," discusses the three principal elements of a compliance management system:  board and management oversight, compliance program (policy and procedures, monitoring, training, and response to customer complaints), and audit.

In developing this revised process, special attention was given to how its underlying standards should be applied to the many small banks that the FDIC supervises.  For example, the FDIC does not expect small banks to necessarily have separate compliance officers or defined, written compliance programs.  The FDIC does expect small banks to have considered their responsibilities and thought about what works best for them, and to have effectively implemented a successful method that ensures compliance.  On the other hand, as an institution gets larger, or its product line expands, the FDIC believes that written programs and dedicated compliance staff may be necessary to ensure compliance.

Similarly, whether an institution needs a regular compliance audit depends upon its particular business.  Many banks do not perform compliance audits, but have a satisfactory compliance management system because of strong board and management oversight and an effective compliance program.  Some banks perform informal audits, which may not have a written report and may not be thought of as an audit.  Examiners will consider whether an internal audit function exists, regardless of label, and will look at its effectiveness. 

If there is a formal audit function, it should result in a written report that specifies the scope of the audit, including sample sizes; the nature and circumstances of any deficiencies found; and other information sufficient to allow the institution to determine the cause of problems and formulate corrective action.  FDIC and interagency audit policies should be followed (see FIL-21-2003, dated March 17, 2003, "Interagency Policy Statement on the Internal Audit Function and Its Outsourcing"; and FIL-96-99, dated October 25, 1999, "Interagency Policy Statement on External Auditing Programs of Banks and Savings Associations").

The end result of this process is an examination report that concentrates on the strengths and weaknesses of the institution’s approach to compliance, whether the institution has a formal program or a less formal set of practices.  Violations found through transaction testing will illustrate and confirm weaknesses in the bank’s administration of its compliance responsibilities.  The point of the report – and examiner interaction with institution management – is to assist the institution in strengthening its compliance posture.  Increasing the focus of the examination on compliance management should result in fewer violations in the future, a smoother, more efficient examination process, and long-term benefits to consumers. 

How the Revised Process Differs From Current Practice

Examination Process – The FDIC has combined the information and document requests sent to the bank into one new document, the "Compliance Information and Document Request."  This new document now includes items specific to compliance management.  This information will enable examiners to begin an evaluation of an institution’s compliance management system off site.  Over time, the pre-examination review will become more efficient, as examiners build on previous examinations and focus attention primarily on what has changed in between examinations. 

While examiners have always reviewed policies and procedures, the new process focuses additional early attention on both written and informal practices.  Examiners will determine actual practice through extensive discussions with bank management and staff and a review of relevant documents. Transaction testing will be completed using existing Federal Financial Institutions Examination Council (FFIEC) procedures, but it will be more particularized based on the examiner’s assessment of the institution’s compliance risk profile.  For example, an examiner may not test for all aspects of Truth in Lending Act compliance, but might focus just on rescission practices in a bank’s home equity line of credit program.

Report of Examination – There will be a single report format, instead of two.  The report will focus on an institution’s compliance management system, and only significant violations will be included.  Other violations will continue to be provided to management, and tracked by the FDIC.

Where to Find Out More

The complete revised compliance examination procedures will be available on the FDIC Web site in June.  A copy of the revised FDIC Compliance Examination Manual will be mailed later in the year to current subscribers.

Please contact your FDIC Division of Supervision and Consumer Protection Regional Office for more information.

  Michael J. Zamorski
  Director

Attachment: Overview of the Compliance Examination

Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342, option 5, or (703) 562-2200).

Last Updated 03/06/2008 communications@fdic.gov