Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

2014 Annual Performance Plan

Supervision Program

The FDIC’s Supervision Program promotes the safety and soundness of insured depository institutions, protects consumer rights, and promotes community investment initiatives by FDIC-supervised institutions.

The FDIC is the primary federal regulator for state-chartered banks and savings institutions that are not members of the Federal Reserve System, generally known as state nonmember banks and state-chartered thrifts.  This includes state-licensed insured branches of foreign banks and state-chartered savings institutions.  As insurer, the FDIC also has special (back-up) examination authority for state member banks that are supervised by the Federal Reserve Board (FRB) and national banks and thrift institutions that are supervised by the Office of the Comptroller of the Currency (OCC).  The FDIC’s roles as insurer and primary supervisor are complementary, and many activities undertaken by the FDIC support both the insurance and supervision programs.  Through the review of examination reports, off-site monitoring tools, participation in examinations conducted by other federal regulators, and, where appropriate, special (back-up) examination activities, the FDIC regularly monitors the potential risks at all insured institutions, including those for which it is not the primary federal regulator.

DFA expanded the FDIC’s statutory responsibilities beyond insured depository institutions to bank holding companies with more than $50 billion in assets and nonbank financial companies that are designated as systemically important financial institutions (SIFIs) by the Financial Stability Oversight Council (FSOC).  DFA designates the FRB as the primary supervisor of these companies, but the FDIC has established on- and off-site monitoring programs and has certain statutory back-up authorities for these companies.  The purpose of the FDIC monitoring and risk assessment activities for these institutions is, where possible, to mitigate identified risks and to be prepared, if necessary, to conduct an orderly liquidation of the company. 

As the primary federal regulator of all insured state nonmember banks and state-chartered thrifts, the FDIC performs periodic risk management examinations of these institutions to assess their overall financial condition, management policies and practices, and compliance with applicable laws and regulations.  Through the examination process, the FDIC also assesses the adequacy of their management and internal control systems to identify and control risks and to detect the risks of fraud or insider abuse.  In addition, the FDIC uses off-site monitoring programs to enhance its ability to promptly identify emerging safety-and-soundness issues.

The FDIC conducts separate examinations for all state nonmember banks that are not subject to the primary jurisdiction of the Consumer Financial Protection Bureau (CFPB) to assess their compliance with consumer protection statutes and regulations.  The FDIC also conducts separate Community Reinvestment Act (CRA) examinations for all state nonmember banks.  As part of the compliance examination process, the FDIC reviews substantive compliance issues as well as the accuracy and completeness of information and disclosures that institutions provide to consumers.

If weaknesses are identified through the examination process, the FDIC promptly takes appropriate supervisory action.  Formal and informal enforcement actions may be issued to correct identified violations or other problems for institutions that are operating in a deteriorated financial condition; failing to comply with consumer protection, fair lending and other statutes; or displaying other significant weaknesses.  These enforcement actions remain in place until the identified weaknesses are remedied.

The FDIC also investigates consumer complaints about FDIC-supervised insured depository institutions.  Consumers write or electronically submit to the FDIC complaints and inquiries regarding consumer protection and fair lending issues.  Through its investigation of and response to consumer complaints and inquiries, the FDIC attempts to help consumers better understand their rights under federal consumer protection and fair lending laws.  The FDIC monitors the level of public satisfaction with its responses to consumer complaints and inquiries.

In addition, the FDIC acts on applications from FDIC-supervised insured depository institutions to undertake new or expanded business activities.  The FDIC evaluates various factors, including capital adequacy, quality of management, financial condition, and compliance with applicable laws and regulations.  It also considers an institution’s compliance with consumer protection, fair lending, and privacy laws and its performance under CRA.  In addition, it also ensures compliance with the Statement of Policy on Qualifications for Failed Bank Acquisitions.

Information about the FDIC’s supervisory program, including laws, regulations, and regulatory guidance, is available at www.fdic.gov.  The FDIC’s semiannual Supervisory Insights journal provides information about bank supervision for bankers, bank examiners, and other practitioners.

The FDIC is focused in 2014 on addressing emerging risks to financial institutions including potential changes in interest rates and cybersecurity risks.  In addition, the FDIC will continue to implement its new authorities under the DFA, as well as its ongoing community banking initiative.

The FDIC continues to monitor potential changes in interest rates.  In October 2013, the FDIC issued a Financial Institution Letter, reiterating expectations that institutions would manage their interest rate risk exposure, particularly in a challenging interest rate environment.  The guidance states that a number of institutions are reporting a significantly liability-sensitive balance sheet position, which means that in a rising interest rate environment, the potential exists for adverse effects on net income and, in turn, earnings performance.  In 2014, the FDIC will make significant efforts, through offsite analysis and onsite examinations, to identify and address interest rate risk at FDIC supervised institutions.  

Another growing concern for the banking industry is cybersecurity as the financial services sector increases its use of technology, both to provide efficiencies to internal operations as well as provide services to consumers.  The increasing use and reliance on technology can increase security risks if IT systems are vulnerable to cyber-attacks or failures to technology or electronic networks.  In 2014, the FDIC will add additional staff and resources to ensure that financial institutions are addressing risks related to cybersecurity.  This includes routine information technology (IT) examinations at FDIC-supervised institutions as well as the major technology service providers (TSPs) that support financial institutions.  In addition, the FDIC will continue its efforts to promote the security and resilience of the financial services sector by collaborating with its fellow banking regulators through the newly-formed FFIEC Cybersecurity and Critical Infrastructure Working Group and the Financial and Banking Information Infrastructure Committee. 

In 2014, the FDIC will also continue to develop its capabilities related to its responsibilities under DFA.  In the risk management area, this includes ongoing reviews of all banking organizations with more than $100 billion in assets as well as certain nonbank SIFIs. In addition, reviews will be completed of the resolution plans submitted by insured depository institutions and bank holding companies with assets of $50 billion or more as well as nonbank financial companies designated by the FSOC.  The FDIC has the responsibility to ensure that these resolution plans provide a viable approach for reorganizing or liquidating through bankruptcy without creating an adverse effect on the financial stability of the U.S.  Throughout 2014, the FDIC will also continue to work closely with the federal banking agencies to implement the new capital standards, including the development of regulatory reports and instructions for all banking organizations so that they are prepared to comply with the interim final capital rule.   

Community bank issues will also continue to be a high priority in 2014. The FDIC will follow up on the recommendations in the Community Banking Study to make the supervisory process more efficient, consistent and transparent to community banks.  For 2014, this will include more outreach and guidance to community banks, similar to efforts made in 2013, such as the development of the Directors Resource Center on the FDIC website that provides useful information to bankers.  In addition, the FDIC will commence a comprehensive review of all of its regulations, as required by the Economic Growth and Regulatory Paperwork Reduction Act, to identify any regulations that are outdated, unnecessary or unduly burdensome, with a focus on community banking issues.

The following table depicts the strategic goal, strategic objective, and annual performance goals for the Risk Management component of the Supervision Program.

Strategic Goal

Strategic Objectives

Annual Performance Goals

FDIC-insured institutions are safe and sound.

The FDIC exercises its statutory authority, in cooperation with primary federal regulators and state agencies, to ensure that all FDIC-insured institutions appropriately manage risk.

 

Conduct on-site risk management examinations to assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised depository institutions.  When problems are identified, promptly implement appropriate corrective programs, and follow up to ensure that identified problems are corrected.(2.1-1)

 

Assist in protecting the infrastructure of the U.S. banking system against terrorist financing, money laundering, and other financial crimes. (2.1-2)

 

More closely align regulatory capital standards with risk and ensure that capital is maintained at prudential levels. (2.1-3)

 

Identify and address risks in financial institutions designated as systemically important. (2.1-4)

 

Implement strategies to promote enhanced cybersecurity within the banking industry. (2.1-5)


The following table depicts the strategic goal, strategic objectives, and annual performance goals for the Compliance and Consumer Affairs components of the Supervision Program.

Strategic Goal

Strategic Objectives

Annual Performance Goals

Consumers’ rights are protected, and FDIC-supervised institutions invest in their communities.

FDIC-supervised institutions comply with consumer protection, CRA, and fair lending laws and do not engage in unfair or deceptive practices.

 

Conduct on-site CRA and compliance examinations to assess compliance with applicable laws and regulations by FDIC-supervised depository institutions.  When violations are identified, promptly implement appropriate corrective programs, and follow up to ensure that identified problems are corrected. (3.1-1)

Consumers have access to accurate and easily understood information about their rights and the disclosures due them under consumer protection and fair lending laws.

Effectively investigate and respond to written consumer complaints and inquiries about FDIC-supervised financial institutions. (3.2-1)

The public has fair access to banking services and is treated equitably by FDIC-supervised institutions.

Promote economic inclusion and access to responsible financial services through supervisory, research, policy, and consumer/community affairs initiatives. (3.3-1)

 



STRATEGIC GOAL 2:
FDIC-insured institutions are safe and sound.


STRATEGIC OBJECTIVE 2.1    

The FDIC exercises its statutory authority, in cooperation with primary federal regulators and state agencies, to ensure that all FDIC-insured institutions appropriately manage risk.

Annual Performance Goal 2.1-1     

Conduct on-site risk management examinations to assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised depository institutions.  When problems are identified, promptly implement appropriate corrective programs, and follow up to ensure that identified problems are corrected.

Indicators and Targets

  1. Percentage of required examinations conducted in accordance with statutory requirements and FDIC policy
    • Conduct all required risk management examinations within the timeframes prescribed by statute and FDIC policy.
  1. Implement appropriate corrective program where violations are identified
    • Implement formal or informal enforcement actions within 60 days for at least 90 percent of all institutions that are newly downgraded to a composite Uniform Financial Institutions Rating of 3, 4, or 5.

Means and Strategies

Operational Processes (initiatives and strategies):  Risk management examinations assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised depository institutions.  The FDIC performs safety and soundness, Bank Secrecy Act, and information technology (IT) reviews at each risk management examination of an FDIC-supervised insured depository institution.  As applicable, the FDIC also conducts reviews of trust, registered transfer agent, municipal securities dealer, and government security dealer activities at these examinations.

In 2014, the FDIC projects that it will conduct more than 2,300 risk management examinations required under statute, FDIC policy, or agreements with state supervisors. The number of risk management examinations conducted during 2014 may fluctuate as the number of FDIC-supervised insured depository institutions changes due to mergers, closings, newly approved charters, and other actions.  In addition, increases in asset size or changes to an institution’s condition or capital levels may accelerate examination cycles and increase the number of required examinations.

The FDIC follows a risk-focused approach to examinations, which allows examiners to focus resources on those areas with the greatest potential risk.  The FDIC has several analytical models to identify higher-risk financial institutions by considering factors such as rapid growth, fluctuating earnings, economic downturns, and concentrations in vulnerable industry sectors.
Examiners use these off-site tools to help them risk-focus during on-site examinations.  These models are also used to identify the need for inquiries or on-site visits to FDIC-supervised institutions outside of the regular examination cycle.

The FDIC also continues to focus on the risks posed by technology.  On-site examinations review technology-related activities to determine how each FDIC-supervised depository institution manages its IT risks.  The FDIC proactively monitors indicators of technology risk that may affect FDIC-supervised institutions and provides information to the industry about risks associated with technology outsourcing practices (e.g., contracting for computer services).  The FDIC regularly talks with technology vendors, bank trade associations, and standards and rule-setting entities to identify and promote effective risk management practices for emerging technologies.

Troubled and problem institutions (those with a composite rating of 3, 4, or 5) are identified primarily through the examination process.  While discussions with banks are the primary means used to address deficiencies, the FDIC has broad enforcement powers to correct practices, conditions, or violations of law that threaten an institution’s financial condition.  The examination report identifies the corrective actions to be taken by the institution. The FDIC may impose informal and formal enforcement actions on an institution or responsible individuals to address identified problems.

The examination report identifies the corrective actions to be taken by the institution.  If deemed necessary, a formal or informal enforcement action is sent to the financial institution with the report of examination.  To ensure that supervisory actions are taken promptly, the FDIC monitors the time it takes to provide examination reports to FDIC-supervised institutions after the completion of an examination.

A follow-up examination or on-site visit is conducted to review compliance with supervisory actions for each institution that receives a composite Uniform Financial Institutions Rating of 3, 4, or 5 except in rare instances where it is determined by FDIC management to be unnecessary.  Additional follow-up action is taken when the corrective program is determined to have been insufficient in addressing the identified problem.

The responsible FDIC regional office closely monitors each troubled and problem depository institution.  In addition to an on-site visit and a subsequent examination, compliance with an enforcement action is assessed through progress reports from the institution, use of off-site monitoring tools, and direct communication with management of the financial institution.

Human Resources (staffing and training):  The FDIC has 1,779 authorized positions (1,520 permanent and 259 non-permanent) in its field examination workforce for risk management in 2013.  Field examiners conduct on-site examinations and visits.  Staffing and training needs are reviewed regularly to ensure that the staff resources supporting the risk management examination program are adequate to conduct a high quality examination program and that employees possess the skills and knowledge to effectively identify existing and emerging risks.

The FDIC has cooperative agreements with most states to conduct joint or alternating risk management examinations.  If a state supervisor handling an examination has scheduling, staffing, or other resource constraints, the statutory examination requirement may not be met.  In such cases, the FDIC will work with the state supervisor to make sure that any delinquent examination is quickly scheduled and completed.  When appropriate, the FDIC may conduct the examination instead of the state supervisor.

Case managers and other regional office officials finalize and monitor compliance with enforcement programs.  Staffing and training needs are reviewed regularly to ensure that resources available for this function are adequate and that employees possess the required skills and knowledge.

Information Technology:  The FDIC’s Virtual Supervisory Information on the Net system (ViSION) is used to schedule and track the completion of risk management examinations. ViSION is also used to monitor all enforcement activity and other significant events at troubled institutions and to schedule on-site visits and follow-up examinations of 3-, 4-, and 5-rated institutions.

The FDIC is in the midst of a multi-year project to develop a new Examination Tools Suite (ETS) that will replace four examination-related software applications and address the risk of technological obsolescence.  In 2012, the first phase of ETS was implemented with the replacement of the electronic loan review software that had been in use since 1996.  The final phase of ETS development will be completed in mid-2014, with training and field implementation beginning in 2015.

Verification and Validation

The number and timing of examinations are tracked through ViSION and reported through established management processes.  Enforcement actions and the timing of required on-site visits are tracked through ViSION. 

The FDIC uses its Regional Office Internal Control Review program to make sure that regions effectively monitor the compliance of FDIC-supervised institutions with formal and informal enforcement actions.  This review incorporates various components of the supervisory process, including assessment of the appropriateness of formal and informal corrective actions and monitoring of enforcement implementation and follow-up activities. Any material exceptions noted during the reviews are brought to management’s attention for appropriate action.

2013 Performance Results

This annual performance goal and its associated performance indicators and targets are unchanged from 2013. In 2013, the FDIC successfully met this performance target.


Annual Performance Goal 2.1-2

Assist in protecting the infrastructure of the U.S. banking system against terrorist financing, money laundering, and other financial crimes.

Indicator and Target

  1. Percentage of required examinations conducted in accordance with statutory requirements and FDIC policy

Means and Strategies

Operational Processes (initiatives and strategies):  The FDIC conducts Bank Secrecy Act/Anti-Money Laundering (BSA/AML) examinations and Office of Foreign Assets Control (OFAC) reviews to assess the BSA/AML and OFAC compliance programs of supervised financial institutions.  These examinations and reviews cover sound risk management, compliance with recordkeeping requirements, and the ability of the institution to identify and report suspicious activity.  BSA/AML examinations and OFAC reviews are performed as a part of all risk management examinations of FDIC-supervised insured depository institutions.  The FDIC also completes BSA exams for states that do not conduct these exams.  The FDIC follows a risk-based approach to BSA/AML examinations and OFAC reviews, which allows examiners to focus resources on those areas with the greatest potential risk.

Guidance is provided to risk management staff through written memoranda, participation in the FFIEC BSA/AML Examination Workshop, and attendance at the Advanced BSA/AML Specialists Conference.

Human Resources (staffing and training):  The FDIC has 332 examiners who are designated as BSA/AML subject matter experts, including 77 with advanced certifications for this discipline. Staffing and training needs are reviewed regularly to ensure that the staff resources supporting the BSA/AML examination program are adequate and that employees possess the skills and knowledge to effectively and successfully assess compliance with BSA/AML requirements and detect any emerging risks.

Information Technology:  ViSION is used to track the number and timing of required BSA/AML examinations.  Other risk management and compliance supervisory systems are also used to obtain dates for these examinations.  ETS is also used to provide updated BSA violation codes to examiners automatically, thereby increasing efficiency of those examinations.

Verification and Validation

The number and timing of BSA/AML examinations are tracked in ViSION and reported through established management processes.

2013 Performance Results

This annual performance goal and its associated performance indicator and target are unchanged from 2013.  The FDIC successfully met this performance target in 2013.


Annual Performance Goal 2.1-3     

More closely align regulatory capital standards with risk and ensure that capital is maintained at prudential levels.

Indicators and Target

  1. Issuance of final Basel III reporting instructions
    • Finalize Basel III reporting instructions in time to ensure that institutions that are using the advanced approaches can implement Basel III in the first quarter of 2014 and that all IDIs can implement the standardized approach in the first quarter of 2015.
  1. Issuance of a final Basel Liquidity Coverage Ratio rule
    • Publish a final Basel Liquidity Coverage Rule, in collaboration with other regulators by December 31, 2014.
  1. Issuance of a final rule implementing the Basel III capital accord
    • Publish a final rule implementing the Basel III capital accord in collaboration with other regulators, by December 31, 2014.
  1. Issuance of an enhanced U.S. supplementary leverage ratio standard
    • Finalize, in collaboration with other regulators, an enhanced U.S. supplementary leverage ratio standard by December 31, 2014.

Means and Strategies

In 2013, the FDIC adopted an interim final rule implementing the new Basel III capital standards after a comprehensive review of more than 2,500 public comments, the majority of which were from community banking organizations.  The new standards will take effect in January 2015 for most institutions; for advanced approaches banking organizations, select aspects of the new rules take effect in the first quarter of 2014.  The FDIC also published a Notice of Proposed Rulemaking to implement the Basel III liquidity standards and to establish for large U.S. banks a supplementary leverage ratio.

In 2014, the FDIC will continue to work closely with the other federal banking agencies to implement the new capital standards, including developing regulatory reports and instructions for all banking organizations so that they are prepared to comply with the interim final capital rule.  The FDIC will proceed with finalizing the enhanced supplementary leverage ratio standards and will also carefully consider comments received on the liquidity coverage ratio to develop a final liquidity coverage ratio rule in 2014. 

Additionally, the FDIC will continue to promote strong minimum international standards for capital and liquidity by participating in meetings and activities of the Basel Committee on Banking Supervision (BCBS) and its various groups and subgroups, including the Policy Development Group, the Trading Book Group, the Standards Implementation Group, and the Working Group on Liquidity.  Key efforts in 2014 will include participating in the BCBS’s numerous quantitative impact studies, including those that are designed to monitor the new international liquidity requirements; participating in the BCBS’s fundamental review of the trading book and further work on counterparty credit risk; participating in the Basel Committee’s review of the capital requirements for securitization exposures; and developing a regulatory capital charge for systemically important financial institutions. 
 
Human Resources (staffing and training):  The breadth and depth of knowledge among FDIC staff on bank capital and capital markets matters has expanded in recent years, partly through their continued participation and active involvement in Basel policy development groups.  In 2013, shortly after the interim final capital rule was approved, the FDIC launched a public outreach effort to explain the proposals, emphasizing those areas affecting community banks.  The FDIC posted training videos and an interagency estimation calculator on its Web site, visited each Region to discuss the new capital rule with community bankers, and hosted a national conference call to address questions and concerns.  While these efforts were targeted to community bankers, the online resources and conference call were also available to FDIC staff.  In 2014, the FDIC will continue to increase the number of staff with expertise on bank capital by providing internal and external training on the final rules.

Information Technology:  The FDIC will use existing technology to accomplish this annual performance goal.

Verification and Validation

Progress in meeting this annual performance goal will be tracked through periodic meetings and established reporting processes.

2013 Performance Results

This annual performance goal is unchanged, but its associated performance indicators and targets have been updated for 2013.  The FDIC successfully met the performance targets for 2013.


Annual Performance Goal 2.1-4

Identify and address risks in financial institutions designated as systemically important.

Indicators and Targets

  1. Risk monitoring of systemically important banks, bank holding companies and designated non-banking firms
    • Conduct ongoing risk analysis and monitoring of SIFIs to understand their structure, business activities and risk profiles and their resolution and recovery capabilities.
  1. Completion of statutory and regulatory requirements under Title I of DFA
    • Complete, in collaboration with the Federal Reserve Board and in accordance with statutory and regulatory timeframes, all required actions associated with the review of resolution plans submitted by financial companies subject to the requirements of section 165 (d) of DFA.
  1. Meetings of the Systemic Resolution Advisory Committee
    • Hold at least one meeting of the Systemic Resolution Advisory Committee to obtain feedback on resolving SIFIs.

Means and Strategies

Operational Processes (initiatives and strategies):  Ongoing risk monitoring is conducted by the FDIC through resident teams at the largest SIFIs as well as through the work of offsite analysts.  The offsite teams analyze industry and market conditions and trends to support individual institution monitoring and the consideration of broader policy issues.  Efforts include monitoring financial condition and performance, risk management abilities, and recovery plans to include early warning signals and triggers and the range of response actions to be taken should recovery plan triggering events occur.  Such efforts are performed collaboratively with other regulatory agencies. 

Under Title I of the Dodd-Frank Act Section 165(d), covered companies are required to submit annually plans for a non-systemic resolution under the bankruptcy code.  Among other things, the resolution plans are required to identify each firm’s critical operations, core business lines, and the key obstacles to a rapid and orderly resolution.  Impediments to resolution include areas such as a firm’s internal organizational structure, interconnections of the firm with other SIFIs, and management information system limitations.  The Federal Reserve Board and the FDIC have shared authority for the review of the plans submitted by covered companies to assess informational completeness and the resolvability of individual banks and bank holding companies.  The FDIC also works with the Federal Reserve to develop any required additional guidance to covered firms on their future submissions of plans.  All covered companies are required to submit resolution plans during 2014.

The Systemic Resolution Advisory Committee advises the FDIC on a variety of issues including  the effects on financial stability and economic conditions resulting from the failure of a SIFI, the ways in which specific resolution strategies would affect stakeholders and their customers, the tools available to the FDIC to wind-down the operations of a failed organization, and the tools needed to assist in cross-border relations with foreign regulators and governments when a systemic company has international operations.  Members of the Committee bring a wide range of knowledge and experience to these issues, including expertise in managing complex firms, administering bankruptcies, working within different legal jurisdictions, and understanding the application of accounting rules and practices.  During 2013, the Committee continued to provide important advice to the FDIC regarding systemic resolutions.
 
Human Resources (staffing and training):  Ongoing risk monitoring is conducted by resident teams at the largest systemically important financial institutions and offsite analysts who have expertise with large financial institution operations.  The FDIC’s review of resolution plans submitted under Section n165 (d) of DFA is carried out by a multidisciplinary team with expertise across all major operational and business line functions of the covered companies, both domestically and internationally. Training needs for each of these groups are reviewed regularly to ensure that these teams have knowledge and expertise necessary to appropriately perform their assigned responsibilities.  Training specifically related to non-bank covered companies has been developed and will be administered to appropriate team members in 2014.

Information Technology:  The FDIC uses existing secure technology systems to track the submission and review of the resolution plans required under Section 165(d) of DFA.

Verification and Validation

Progress in achieving this annual performance goal will be monitored through established management reporting processes.

2013 Performance Results

This annual performance goal is unchanged from 2013, but the performance indicators and targets have been updated for 2014.  In 2013, the FDIC successfully met the performance targets for this annual performance goal.


Annual Performance Goal 2.1-5
 
Implement strategies to promote enhanced cybersecurity within the banking industry.

Indicator and Target

  1. Implementation of an enhanced information technology (IT) supervision program
    • In coordination with the FFIEC, implement recommendations to enhance the FDIC’s supervision of the IT risks at insured depository institutions and their technology service providers. 

Means and Strategies

Operational Processes (initiatives and strategies):  The FDIC assesses the ability of FDIC-supervised banks and technology service providers (TSPs) to manage information technology risks through a comprehensive framework of IT risk management standards, risk ratings and on-site examinations.  The framework is jointly established by the members of the Federal Financial Institutions Examination Council (FFIEC).  It focuses on evaluating information security, business continuity, incident response, audit and assessment, board and management oversight, vendor relationships, and payment systems.  When significant weaknesses are identified, the FDIC and the other FFIEC member agencies have the authority to issue enforcement actions to compel them to correct these weaknesses.

Given the changing technology landscape and increasing scope and complexity of IT operations, the members of the FFIEC are assessing existing examination programs and developing strategies to promote enhanced oversight of the IT systems of supervised institutions.  Broad areas of focus include examinations of TSPs, communications between TSPs and client institutions, and industry awareness of cyber-related threats.  The FDIC is actively participating in these efforts through the Cybersecurity and Critical Infrastructure Working Group and the Information Technology Subcommittee of the FFIEC Task Force on Supervision.

Human Resources (staffing and training):  The vast majority of the FDIC’s 1,100 commissioned risk management examiners have training and experience in basic IT examination skills.  Of these, 59 are dedicated IT examiners.  The FDIC also has 106 Examination Specialists who are intermediate and advanced IT subject matter experts and assist on examinations, focusing on technical IT risks at financial institutions.  In 2014, the FDIC will expand the number of trained IT examination staff and specialists in its workforce to address the management of emerging IT risks in financial institutions and the banking industry.
 
The IT examination functions of the FDIC are supported by as staff of seven IT policy and examination personnel in Washington, DC.  The FDIC will also be expanding its Washington operations to address the growing risk exposure in the payment services area and to enhance its examination of TSPs and cybersecurity risks in the banking industry. 

Information Technology:  ViSION is used to schedule and track the completion of risk management examinations and any related enforcement actions or significant events at institutions due to non-compliance with IT related banking laws and regulations. 

Verification and Validation

The number and timing of examinations are tracked through ViSION and reported through established management processes.  Enforcement actions and the timing of required on-site visits are also tracked through ViSION. 
 
The FDIC uses its Regional Office Internal Control Review program to make sure that regions effectively monitor the compliance of FDIC-supervised institutions with formal and informal enforcement actions.  This review incorporates various components of the supervisory process, including assessment of the appropriateness of formal and informal corrective actions and monitoring of enforcement implementation and follow-up activities.  Any material exceptions noted during the reviews are brought to management’s attention for appropriate action.

2013 Performance Results

This annual performance goal is new for 2014.

 



STRATEGIC GOAL 3:
Consumers’ rights are protected, and FDIC-supervised institutions invest in their communities.


STRATEGIC OBJECTIVE 3.1    

FDIC-supervised institutions comply with consumer protection, CRA, and fair lending laws and do not engage in unfair or deceptive practices.

Annual Performance Goal 3.1-1     

Conduct on-site CRA and compliance examinations to assess compliance with applicable laws and regulations by FDIC-supervised depository institutions.  When violations are identified, promptly implement appropriate corrective programs and follow up to ensure that identified problems are corrected.

Indicators and Targets

  1. Percentage of examinations conducted in accordance with the timeframes prescribed by FDIC policy
    • Conduct 100 percent of required examinations within the timeframes established by FDIC policy.
  1.  Implementation of corrective programs
    • Conduct visits and/or follow-up examinations in accordance with established FDIC policies to ensure that the requirements of any required corrective program have been implemented and are effectively addressing identified violations.

Means and Strategies

Operational Processes (initiatives and strategies):  The FDIC conducts CRA and compliance examinations of FDIC-supervised depository institutions to determine compliance with consumer protection and fair lending laws and performance under CRA.  The frequency of compliance examinations is specified by FDIC policy.  For CRA examinations, the FDIC’s examination frequency policy conforms to applicable provisions of the Gramm-Leach-Bliley Act (GLBA), which establishes the CRA examination cycle for most small banks.  In 2014, the FDIC estimates that it will conduct approximately 1,400 compliance and/or CRA examinations.

The FDIC’s compliance examination approach emphasizes a risk-focused scoping process to look at an institution’s compliance risk management practices as opposed to exhaustive transactional testing.  This approach involves an expanded review of an institution’s systems and compliance policies so that transaction testing can be better targeted and focused on areas that pose the greatest risk for consumer harm.  This approach creates a more efficient and effective use of examination resources, especially in financial institutions with high compliance risk profiles.

Institutions with compliance deficiencies are identified primarily through the examination process.  While discussions with bank management are usually sufficient to correct these deficiencies, the FDIC has broad enforcement powers to correct practices, conditions, or violations of law that threaten an institution’s compliance with consumer protection and fair lending laws or a consumer’s rights under those laws. 

Institutions that are subject to enforcement actions because of unfavorable ratings for compliance with consumer protection and fair lending laws and regulations are closely monitored by regional office officials.  A follow-up examination or on-site visit is conducted to review compliance with supervisory actions for each institution that receives an unsatisfactory rating. . Additional follow-up action is taken when the initial corrective program is determined to have been insufficient in addressing the identified problem.  Progress in complying with an enforcement action is also assessed through quarterly progress reports from, and direct communication with, management of the financial institution.

Human Resources (staffing and training):  The FDIC has 511 authorized positions (470 permanent, 41 non-permanent) in its field examination workforce for compliance and consumer protection in 2014.  Staffing and training needs are reviewed regularly to ensure that staff resources supporting the compliance supervision program are adequate to conduct a high quality examination program and that employees possess the skills and knowledge to effectively implement this program.

Information Technology:  The System of Uniform Reporting of Compliance and CRA Examinations (SOURCE) is used to schedule and track compliance examinations, support pre-examination planning, and provide management information.

Verification and Validation

The FDIC will analyze examination-related data collected in SOURCE to determine whether the performance target for this goal is achieved during the reporting period.  Results will be reported through established management processes.

2013 Performance Results

This annual performance goal and its associated performance indicators and targets are unchanged from 2013 except that Annual Performance Goals 3.1-1 and 3.1-2 have been combined into a single goal for 2014. The performance targets for both of those annual performance goals were substantially met in 2013.



STRATEGIC OBJECTIVE 3.2

Consumers have access to easily understood information about their rights and the disclosures due them under consumer protection and fair lending laws.

Annual Performance Goal 3.2-1     

Effectively investigate and respond to written consumer complaints and inquiries about FDIC-supervised financial institutions.

Indicator and Target

  1. Timely responses to written consumer complaints and inquiries
    • Respond to 95 percent of written consumer complaints and inquiries within timeframes established by policy, with all complaints and inquiries receiving at least an initial acknowledgement within two weeks.

Means and Strategies

Operational Processes (initiatives and strategies):  The FDIC has a comprehensive program to disseminate information to banks and the public on consumer rights under consumer protection and fair lending law and regulations.  It also operates a centralized Consumer Response Center that coordinates the investigation of and response to consumer complaints and inquiries.  For correspondence related to an FDIC supervised institutions, FDIC staff contacts the institution and reviews applicable federal consumer protection regulations before providing a response. Correspondence regarding institutions under the jurisdiction of other primary federal regulators is referred to those agencies.  Target response times vary by the type of inquiry or complaint. 

Human Resources (staffing and training):  The FDIC’s centralized Consumer Response Center is located in Kansas City and is staffed by FDIC employees. In addition, consumer affairs staff in Washington, D.C., support the Consumer Response Center by providing guidance and assistance with consumer complaints and inquiries that involve new or unusual issues or sensitive matters.

Information Technology:  The FDIC utilizes an electronic Customer Assistance Form on the FDIC’s Web site to facilitate receipt of consumer correspondence.  The Specialized Tracking And Reporting System (STARS) database is used to capture and report information regarding FDIC’s consumer assistance program, including response time. 

Verification and Validation

Progress in meeting this annual performance goal will be monitored through established management reporting processes.  The FDIC closely monitors the timeliness of its acknowledgment letters and responses through STARS.

In addition, surveys are sent to a sample of consumers who have filed written consumer protection and fair lending complaints to assess their satisfaction with the FDIC’s investigations and responses.  Accepted survey research methods are used to ensure the validity and reliability of the survey instrument and results.

2013 Performance Results

This annual performance goal and its associated performance indicator and target are unchanged from 2013.  In 2013, the FDIC successfully met the performance target for this annual performance goal.


STRATEGIC OBJECTIVE 3.3

The public has fair access to banking services and is treated equitably by FDIC-supervised institutions.

Annual Performance Goal 3.3-1

Promote economic inclusion and access to responsible financial services through supervisory, research, policy, and consumer/community affairs initiatives.

Indicator and Targets

  1. Completion of planned initiatives
    • Publish the results of the 2013 FDIC National Survey of Unbanked and Under banked Households (conducted jointly with the U.S. Census Bureau).

Means and Strategies

Operational Processes (initiatives and strategies):  Approximately 28 percent of U.S. households are underserved by the banking industry, based on survey data previously published by the FDIC.  This includes both “unbanked” households (those with no checking or savings accounts) and “underbanked” households (those with checking or savings accounts who have utilized nonbank alternative financial services and providers, in the past twelve months, such as money orders, check cashing services, payday loans, rent-to-own agreements, pawn shops, or refund anticipation loans). 

The FDIC’s Advisory Committee on Economic Inclusion supports research, demonstrations, and pilot projects and promotes sound supervisory and public policies to improve the “appropriate engagement” of underserved households with mainstream financial institutions.
Appropriate engagement means that households are using financial products and services that are affordable, easy to understand, and not subject to unfair or unforeseen fees.

During 2014, the FDIC will publish the results of its 2013 FDIC National Survey of Unbanked and Underbanked Households conducted jointly with the U.S. Census Bureau.  The FDIC will also continue work on the Survey of Banks’ Efforts to Serve the Unbanked and Underbanked.  A target publication date for this study has not yet been determined because FDIC is considering merging this study with other research activities.  Ultimately, the FDIC will provide an important set of references that help assess progress and remaining challenges for economic inclusion.  In addition, the FDIC will be better positioned to identify strategies that promote economic inclusion by studying opportunities to expand access to mainstream financial services, identifying the role that community banks play in meeting community needs, and increasing awareness of communities that are currently underserved or at risk of becoming underserved.

The Advisory Committee’s work will support the expanded availability of SAFE accounts and the responsible use of technology, including mobile banking, to expand banking services to the underbanked population.  In 2014, the FDIC will publish a white paper evaluating the economic inclusion potential presented by mobile financial services. The Advisory Committee may recommend to the FDIC specific measures of improvement, many of which may represent national objectives that require the participation and cooperation of multiple stakeholders, including other federal agencies; federal, state, and local policy makers; the financial services industry; nonprofit and philanthropic groups; and consumer groups.

During 2014, FDIC working groups will continue to conduct research, develop policy proposals, facilitate partnerships, and conduct outreach related to expanding access to mainstream banking services for underserved consumers.  The FDIC may present these proposals to the Advisory Committee for advice and recommendations.

Human Resources (staffing and training):  This annual performance goal will be carried out largely by existing staff in the FDIC’s consumer research, policy, and consumer and community   affairs functions.  The activities of the Advisory Committee are supported by staff in several FDIC divisions. Employees in those divisions provide staff support for the Advisory Committee, as needed, including support for its research and demonstration activities.

Information Technology:  Existing technology will be used to accomplish this goal.  The FDIC broadcasts the Advisory Committee’s public meetings on its Web site.

Verification and Validation

Progress in completing the initiatives planned for this annual performance goal will be monitored through established management reporting processes.

2013 Performance Results

This annual performance goal and its associated performance indicators are unchanged from 2013, but its performance targets have been updated for 2014.  In 2013, the FDIC successfully met one of the two performance targets for this goal.  Initiation of work on the Survey of Banks’ Efforts to Serve the Unbanked and Underbanked was delayed until 2014.