Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

2019 Annual Performance Plan

Supervision Program

To promote public confidence and stability in the nation’s financial system, the FDIC’s Supervision Program promotes the safety and soundness of IDIs, protects consumer rights, and promotes community investment initiatives by FDIC-supervised institutions.

The FDIC is the primary federal regulator for state-chartered banks and savings associations that are not members of the Federal Reserve System, generally known as state nonmember banks and state-chartered savings associations. This includes state-licensed insured branches of foreign banks and state-chartered savings institutions. As insurer, the FDIC also has special (back-up) examination authority for state member banks that are supervised by the Board of Governors of the Federal Reserve System (FRB) and national banks and federal savings associations that are supervised by the Office of the Comptroller of the Currency (OCC). The FDIC’s roles as insurer and primary supervisor are complementary, and many activities undertaken by the FDIC support both the insurance and supervision programs.

Through the review of examination reports, use of off-site monitoring tools, participation in examinations conducted by other federal regulators, and, where appropriate, performance of special (back-up) examination activities, the FDIC regularly monitors the potential risks at all insured institutions, including those for which it is not the primary federal regulator.

The Dodd-Frank Act expanded the FDIC’s statutory responsibilities beyond IDIs to bank holding companies (BHCs) with more than $250 billion in assets and nonbank financial companies that are designated as systemically important financial institutions (SIFIs) by the Financial Stability Oversight Council (FSOC). The Dodd-Frank Act designates the FRB as the primary supervisor of these companies, and the FDIC has established off-site monitoring programs and has certain statutory back-up examination authorities for these companies. The purpose of the FDIC’s monitoring and risk assessment activities for these institutions is, where possible, to mitigate identified risks; to assess the adequacy of the institution’s efforts to prepare to reorganize or liquidate through bankruptcy in the event of financial distress; and be prepared, if necessary, to conduct an orderly liquidation of the company.

As the primary federal regulator of all insured state nonmember banks and state-chartered thrifts, the FDIC performs periodic risk management examinations of these institutions to assess their overall financial condition, management policies and practices, and compliance with applicable laws and regulations. The FDIC also performs Bank Secrecy Act (BSA) and information technology (IT) reviews at each risk management examination and, when applicable, conducts reviews of trust, registered transfer agent, municipal securities dealer, and government security dealer activities at these examinations.

Through the examination process, the FDIC also assesses the adequacy of an institution’s management and internal control systems to identify and control risks and to detect the risks of fraud or insider abuse. In addition, the FDIC uses off-site monitoring programs to enhance its ability to promptly identify emerging safety-and-soundness issues.

The FDIC’s compliance examination program promotes compliance with federal consumer protection laws, fair lending statutes, the Community Reinvestment Act (CRA), and the regulations that implement these laws and statutes. The program seeks to ensure that consumers are treated fairly and that the disclosures institutions provide to consumers are accurate and complete. To promote the most effective and efficient use of resources, the compliance examination program focuses on the bank’s activities and products that pose the greatest potential risk of consumer harm or otherwise require increased supervisory attention. The FDIC conducts separate examinations for all FDIC-supervised institutions to assess the effectiveness of their compliance management systems and CRA performance. Institutions that are subject to the primary jurisdiction of the Consumer Financial Protection Bureau (CFPB) are examined for compliance with the regulations that were not transferred to the CFPB, including the CRA. More information on the FDIC’s relationship with CFPB is found in Appendix D.

If weaknesses are identified through the examination process, the FDIC promptly takes appropriate supervisory action. Formal and informal enforcement actions may be taken to correct identified violations, unsafe or unsound practices, or breaches of fiduciary duty. Enforcement actions may also be taken if institutions are operating in a deteriorated financial condition or are failing to comply with consumer protection, fair lending, or other statutes. These enforcement actions remain in place until the identified weaknesses are remedied.

The FDIC also investigates consumer complaints about FDIC-supervised IDIs. Consumers write or electronically submit to the FDIC complaints and inquiries regarding consumer protection and fair lending issues. Through its investigation of and response to consumer complaints and inquiries, the FDIC attempts to help consumers better understand their rights under federal consumer protection and fair lending laws. The FDIC uses surveys to monitor consumers’ satisfaction with its responses to complaints and inquiries.

In addition, the FDIC acts on applications from IDIs to undertake certain transactions or engage in new or expanded business activities. In reviewing these applications, the FDIC evaluates the statutory factors relevant to the application. Generally, depending on the type of application, these factors may pertain to, for instance, capital adequacy, management, financial resources, convenience and needs of the community to be served, and risk to the DIF. Consistent with the relevant statutory factors, the FDIC’s evaluations consider an institution’s compliance with consumer protection and fair lending requirements, as well as performance under the CRA.

Information about the FDIC’s supervisory program, including laws, regulations, and supervisory guidance, is available at www.fdic.gov. The FDIC’s semiannual Supervisory Insights journal provides information about bank supervision to bankers, bank examiners, and other practitioners.

In 2019, the FDIC will address a variety of risks to financial institutions, including potential changes in interest rates and cybersecurity risks. In addition, the FDIC will continue to implement provisions of the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA) to reduce regulatory burden on community banks, and continue its ongoing community banking initiative.

Interest-Rate Risk, Credit Risk, and Liquidity Risk

As the post-crisis economic expansion has continued, loan growth in the banking industry has remained strong. Institutions with concentrated portfolios continue to grow those portfolios. At some banks, loan growth has been accompanied by a reduction in holdings of liquid assets and increased reliance on funding sources other than stable core deposits. These trends have the potential to give rise to heightened credit and liquidity risks. In addition, the extended period of historically low interest rates and tightening net interest margins created incentives for IDIs to reach for yield in their lending and investment portfolios by extending portfolio durations, potentially increasing their vulnerability to interest-rate risk.

Through regular on-site examinations and interim contacts with FDIC-supervised institutions, FDIC staff regularly engages in dialogue with such institutions to ensure that their policies to manage credit, liquidity, and interest-rate risks are effective. Where appropriate, FDIC staff works with institutions that have significant exposure to these risks and encourages them to take appropriate risk-mitigating steps. The FDIC uses off-site monitoring to help identify institutions that have potentially higher risk exposure and follows up with individual institutions to better understand their risk profiles.

During the examination process, FDIC examiners assess how well an institution is managing the risks associated with concentrated credit exposures and concentrated funding sources. The findings of these assessments are shared with the institution’s management in the report of examination. In 2019, the FDIC will continue to identify and address interest-rate risk, credit risk, and liquidity risk at FDIC-supervised institutions through off-site analysis and on-site examinations.

Cybersecurity

Cybersecurity remains an ongoing concern for the financial services sector because of the reliance on IT not only in bank operations, but also as an interface with customers. The frequency and sophistication of cyber-attacks continues to increase, and the financial services sector is a prime target. In response, financial institutions and their service providers are continually challenged to assess the quickly changing risks and to allocate adequate resources to mitigate those risks to an acceptable level. 

The FDIC monitors cybersecurity issues on a regular basis, primarily through on-site examinations of insured institutions. During 2018, the FDIC assisted banks in evaluating their own operational readiness and resilience by publishing new scenarios for the Cyber Challenge series and hosting a webinar to discuss other government resources available for free to financial institutions. The FDIC created “Cyber Challenge: A Community Bank Cyber Exercise” to encourage community banks to discuss operational risk issues and the potential impact of IT disruptions on common banking functions.

In 2019, the FDIC, along with the other members of the Federal Financial Institution Examination Council (FFIEC), will continue to update the FFIEC IT Examination Handbook, which provides examination guidelines and procedures. The FDIC, in concert with other agencies, will also assess risks horizontally at large and complex institutions to understand the level of risk in the system.

Monitoring Large Institutions

In 2019, the FDIC will continue to develop its capabilities related to its responsibilities under the Dodd-Frank Act. The FDIC will conduct ongoing risk monitoring reviews of all banking organizations with more than $100 billion in assets, as well as any nonbank financial companies designated as systemically important by the FSOC (designated nonbank SIFIs).

The FDIC and the FRB are jointly responsible for reviewing the resolution plans filed by BHCs and designated nonbank SIFIs to ensure that each provides a credible plan for reorganizing a firm or liquidating it through bankruptcy without severe adverse consequences for the financial system or the U.S. economy. The FDIC will review the resolution plans submitted by BHCs with assets of $250 billion or more. In addition, the FDIC will review the resolution plans submitted by any other BHCs with assets between $100 billion and $250 billion designated by the FRB, and those of any nonbank SIFIs designated by the FSOC, as being subject to the resolution plan requirements under Title I of the Dodd Frank Act.

The FDIC also presently requires IDIs with more than $50 billion in assets to submit IDI resolution plans pursuant to the FDIC’s independent IDI Plan Rule. In the near future, the FDIC intends to publish an advanced notice of proposed rulemaking (ANPR) soliciting public comments on possible amendments to the IDI Plan Rule to tailor IDI resolution plan requirements.

Community Banking Initiative

Finally, community bank issues will remain a top priority in 2019. The FDIC will continue to consult with the CBAC and follow up on the recommendations from its Community Banking Study to make its supervisory process more efficient, consistent, and transparent to community banks. In addition, the FDIC will release a number of new or updated videos as part of its Technical Assistance Video Program.

The following table depicts the strategic goal, strategic objective, and annual performance goals for the Risk Management component of the Supervision Program.

Strategic Goal

Strategic Objectives

Annual Performance Goals

FDIC-insured institutions are safe and sound.

The FDIC exercises its statutory authority, in cooperation with other primary federal regulators and state agencies, to ensure that all FDIC-insured institutions appropriately manage risk.

Conduct on-site risk management examinations to assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised depository institutions. When problems are identified, promptly implement appropriate corrective programs, and follow up to ensure that identified problems are corrected. (2.1-1)

Assist in protecting the infrastructure of the U.S. banking system against terrorist financing, money laundering, and other financial crimes. (2.1-2)

Establish regulatory capital standards that ensure institutions have sufficient loss-absorbing capacity to remain resilient under stress while reducing complexity and maximizing efficiency. (2.1-3)

Implement strategies to promote enhanced cybersecurity and business continuity within the banking industry. (2.1-4)


The following table depicts the strategic goal, strategic objectives, and annual performance goals for the Compliance and Consumer Affairs components of the Supervision Program.

Strategic Goal

Strategic Objectives

Annual Performance Goals

Consumers’ rights are protected, and FDIC-supervised institutions invest in their communities.

FDIC-supervised institutions comply with consumer protection, CRA, and fair lending laws and do not engage in unfair or deceptive practices.

 

Conduct on-site CRA and consumer compliance examinations to assess compliance with applicable laws and regulations by FDIC- supervised institutions. When violations are identified, promptly implement appropriate corrective programs, and follow up to ensure that identified problems are corrected. (3.1-1)

Consumers have access to accurate and easily understood information about their rights and the disclosures due them under consumer protection and fair lending laws.

Effectively investigate and respond to written consumer complaints and inquiries about FDIC-supervised financial institutions. (3.2-1)

The public has access to safe and affordable products and services from IDIs and the opportunity to benefit from a banking relationship.

Promote economic inclusion and access to responsible financial services through supervisory, research, policy, and consumer/community affairs initiatives. (3.3-1)

The following table depicts the strategic goal, strategic objectives, and annual performance goal for the Resolution Planning component of the Supervision Program.

Strategic Goal

Strategic Objectives

Annual Performance Goals

Large and complex financial institutions are resolvable in an orderly manner under bankruptcy.

Large and complex financial institutions are resolvable under the Bankruptcy Code.

Identify and address risks in large, complex financial institutions, including those designated as systemically important. (4.1-1)

 


STRATEGIC GOAL 2:
FDIC-insured institutions are safe and sound.


STRATEGIC OBJECTIVE 2.1    

The FDIC exercises its statutory authority, in cooperation with primary federal regulators and state agencies, to ensure that all FDIC-insured institutions appropriately manage risk.

Annual Performance Goal 2.1-1     

Conduct on-site risk management examinations to assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised depository institutions.  When problems are identified, promptly implement appropriate corrective programs and follow up to ensure that identified problems are corrected.

Indicators and Targets

  1. Percentage of required examinations conducted in accordance with statutory requirements and FDIC policy
    • Conduct all required risk management examinations within the timeframes prescribed by statute and FDIC policy.
  2. Follow-up actions on identified problems
    • For at least 90 percent of IDIs that are assigned a composite CAMELS rating of 2 and for which the examination report identifies “Matters Requiring Board Attention” (MRBAs), review progress reports and follow up with the institution within six months of the issuance of the examination report to ensure that all MRBAs are being addressed.

Means and Strategies

Operational Processes (initiatives and strategies): Risk management examinations assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised institutions. The FDIC performs safety and soundness, BSA, and IT reviews at each risk management examination of an FDIC-supervised IDI. As applicable, the FDIC also conducts reviews of trust, registered transfer agent, municipal securities dealer, and government security dealer activities at these examinations.

In 2019, the FDIC projects that it will conduct more than 1,476 risk management examinations required under statute, FDIC policy, or agreements with state supervisors. The number of risk management examinations conducted during 2019 may fluctuate as the number of FDIC-supervised IDIs changes as a result of mergers, closings, newly approved charters, and other actions. In addition, increases in asset size or changes to an institution’s condition or capital levels may accelerate examination cycles and increase the number of required examinations.

The FDIC follows a risk-focused approach to examinations, which allows examiners to focus resources on those areas with the greatest potential risk. The FDIC has several analytical tools to identify higher-risk financial institutions by considering factors such as rapid growth, fluctuating earnings, economic downturns, and concentrations in vulnerable industry sectors. Examiners use these off-site tools to help them focus on various risks during on-site examinations. These tools are also used to identify the need for inquiries or on-site visits to FDIC-supervised institutions outside of the regular examination cycle.

On-site examinations also review technology-related activities to determine how each FDIC- supervised institution manages its IT risks. The FDIC proactively monitors indicators of technology risk that may affect FDIC-supervised institutions and provides information to the industry about risks associated with technology outsourcing practices. The FDIC regularly engages with technology vendors, trade associations, and standards-and rule-setting entities to identify and promote effective risk management practices for emerging technologies.

The examination report identifies any corrective actions to be taken by the institution. If deemed necessary, a formal or informal enforcement action is sent to the financial institution with the report of examination. To ensure that supervisory actions are taken promptly, the FDIC monitors the time it takes to provide examination reports to FDIC-supervised institutions after the completion of an examination. In addition to an on-site visit and a subsequent examination, compliance with an enforcement action is assessed through progress reports from the institution, use of off-site monitoring tools, and direct communication with management of the financial institution.

At this point in the economic cycle, it is important to ensure that problems identified at well-rated institutions are promptly addressed before they result in more serious deficiencies requiring formal or informal corrective programs. When there are material issues and recommendations that require attention by the institution’s board of directors, the examination report will identify MRBAs to highlight areas that, if not properly measured, monitored, and controlled, could adversely affect the institution. A timely response is requested from institution management to mitigate risks and correct noted deficiencies. The response is reviewed to ensure it is appropriate and that it addresses supervisory concerns.

Human Resources (staffing and training): In 2019, the FDIC has 1,485 authorized positions in its field workforce to conduct risk management examinations. Field examiners conduct on-site examinations and visits. Additionally, there are 23 IT examiner and specialized Information Technology Examination Analyst (ITEA) positions authorized to augment the IT expertise within the examination workforce.

Staffing and training needs are reviewed regularly to ensure that the examination staff possesses the skills and knowledge to effectively identify existing and emerging risks. The FDIC is currently updating its certification training programs and subject matter expertise in the areas of IT, trust, accounting, BSA/anti-money laundering, and capital markets.

The FDIC has cooperative agreements with most states to conduct joint or alternating risk management examinations. If a state supervisor handling an examination has scheduling, staffing, or other resource constraints, the statutory examination requirement may not be met. In such cases, the FDIC will work with the state supervisor to make sure that any delinquent examination is quickly scheduled and completed. When appropriate, the FDIC may conduct the examination instead of the state supervisor.

Case managers and other regional office officials finalize reports of examination and monitor compliance with enforcement programs. Staffing and training needs for this function are also reviewed regularly to ensure that the resources available are adequate and that employees possess the required skills and knowledge.

Information Technology: The FDIC’s Virtual Supervisory Information on the Net (ViSION) system is used to schedule and track the completion of risk management examinations. ViSION also is used to monitor all enforcement activity and other significant events at troubled institutions and to schedule on-site visits and follow-up examinations of 3-, 4-, and 5-rated institutions.

Verification and Validation

The number and timing of examinations are tracked through ViSION and reported through established management reporting processes. Enforcement actions and the timing of required on-site visits are also tracked through ViSION. The FDIC uses its Regional Office Internal Control Review program to ensure that regions effectively monitor the compliance of FDIC-supervised institutions with formal and informal enforcement actions. This review incorporates various components of the supervisory process, including assessment of the appropriateness of formal and informal corrective actions and monitoring of enforcement implementation and follow-up activities. Any material exceptions noted during the reviews are brought to management’s attention for appropriate action.

2018 Performance Results

The FDIC successfully met the performance targets for this annual performance goal in 2018. This annual performance goal and its associated performance indicators and targets are unchanged for 2019.


Annual Performance Goal 2.1-2

Assist in protecting the infrastructure of the U.S. banking system against terrorist financing, money laundering, and other financial crimes.

Indicator and Target

  1. Percentage of required examinations conducted in accordance with statutory requirements and FDIC policy
    • Conduct all BSA examinations within the timeframes prescribed by statute and FDIC policy.

Means and Strategies

Operational Processes (initiatives and strategies): The FDIC conducts Bank Secrecy Act/Anti- Money Laundering (BSA/AML) examinations and Office of Foreign Assets Control (OFAC) reviews to assess the BSA/AML and OFAC compliance programs of FDIC-supervised institutions. These examinations and reviews cover sound risk management, compliance with recordkeeping and reporting requirements, the ability of the institution to identify and report suspicious activities, and compliance with trade and economic sanctions. BSA/AML examinations and OFAC reviews are performed as a part of all risk management examinations of FDIC-supervised institutions. The FDIC also completes BSA/AML examinations and OFAC reviews for states that do not conduct these examinations. The FDIC follows a risk-based approach to BSA/AML examinations and OFAC reviews, which allows examiners to focus resources on those areas with the greatest potential risk.

Guidance is provided to risk management staff through written memoranda, participation in the FFIEC BSA/AML Examination Workshop, and attendance at the FFIEC Advanced BSA/AML Specialists Conference.

Human Resources (staffing and training): There are 322 FDIC examiners who are designated as BSA/AML subject matter experts. Staffing and training needs are reviewed regularly to ensure the staff resources supporting the BSA/AML examination program are adequate and that employees possess the skills and knowledge to effectively and successfully assess compliance with BSA/AML requirements and detect any emerging risks. In 2017, the FDIC strengthened its BSA/AML staffing resources by establishing senior BSA/AML examiner positions in each region. In 2018, the FDIC developed a formal on-the-job training program to develop higher-level proficiencies in the BSA/AML and OFAC examination specialty area. This program will be implemented in 2019.

Information Technology: ViSION is used to track the number and timing of required BSA/AML examinations. Examiners also use the Examination Tool Suite (ETS) to update BSA violation codes automatically, thereby increasing the efficiency of those examinations.

Verification and Validation

The number and timing of BSA/AML examinations are tracked in ViSION and reported through established management reporting processes.

2018 Performance Results

The FDIC successfully met the performance target for this annual performance goal in 2018. This annual performance goal and its associated performance indicator and target are unchanged for 2019.


Annual Performance Goal 2.1-3     

Establish regulatory capital standards that ensure institutions have sufficient loss-absorbing capacity to remain resilient under stress while reducing complexity and maximizing efficiency.

Indicators and Targets

  1. Simplification of capital standards for community banks
    • Complete, by September 30, 2019, rulemaking for a community bank leverage ratio and conforming changes to the deposit insurance assessment process.
    • Finalize aspects of the interagency capital simplification proposal issued in September 2017, including changes to the regulatory capital treatment of mortgage servicing assets, deferred tax assets, investments in the capital instruments of other financial institutions, and minority interest.
    • Issue interagency final rules to adopt the statutory definition of high volatility commercial real estate for risk based capital.
  2. U.S. implementation of internationally agreed regulatory standards
    • Reevaluate and take appropriate actions on Basel III requirements for small banks that do not meet or are not eligible for the community bank leverage ratio.
    • Issue a final rule, by December 31, 2019, to implement the Net Stable Funding Ratio (NSFR).
  3. Implementation of other changes to capital requirements directed by the Congress
    • Issue interagency final rules to tailor capital requirements for large financial institutions.
    • Issue interagency rulemaking to remove certain central bank deposits from the denominator of the supplementary leverage ratio for custodial banks.

Means and Strategies

Operational Processes (initiatives and strategies): FDIC staff has been working closely with the staffs of the other federal banking agencies to simplify the capital framework applicable to community banks. In 2017, the federal banking agencies issued a Notice of Proposed Rulemaking (NPR) to seek comment on simplifications to the capital framework as part of the agencies’ Economic Growth and Regulatory Paperwork Reduction Act of 1996 (EGRPRA) efforts. Parts of the proposed rulemaking were superseded by certain capital framework provisions of EGRRCPA. As a result, the federal banking agencies issued in September 2018 an NPR to seek comment on implementation of the revised statutory definition of High Volatility Commercial Real Estate and issued in November 2018 an additional NPR to seek comment on the leverage ratio for qualifying community banks. FDIC staff, along with the staff of other federal banking agencies, plan to complete a review of comments received on both 2018 NPRs and put forth final rules on both of these capital simplification efforts in 2019. The agencies also will explore other areas of regulatory capital rules that may be simplified or streamlined.  

In 2018, FDIC staff, along with the staff of other federal banking agencies, continued to review comments received in response to the 2017 NPR to simplify the capital rules for small banks not eligible for the community bank leverage ratio, including the regulatory capital treatment of mortgage servicing assets, deferred tax assets, investments in the capital instruments of other financial institutions, and minority interest.

Staff has also been working closely with the staffs of the other federal banking agencies to tailor capital and liquidity requirements for large institutions, consistent with the provisions of EGRRCPA. EGRRCPA raised the asset threshold for the application of enhanced prudential standards under the Dodd-Frank Act to $250 billion, while giving the FRB the authority to apply enhanced standards to firms with total consolidated assets between $100 billion and $250 billion under certain conditions. In December 2018, the agencies sought comment on an NPR to implement the relevant EGRRCPA provisions by more finely tailoring the application of regulatory capital and liquidity requirements based on a banking organization's size, risk profile, and systemic footprint. The largest, most systemically important banks would continue to be subject to the most rigorous standards, and their smaller, less systemically important peers would be subject to standards tailored to their risk profile. Although a final rulemaking is subject to agreement among multiple federal banking agencies, FDIC staff, along with staff of the other federal banking agencies, will review comments during 2019, with a goal of issuing a final rule. EGRRCPA also made certain changes to the leverage ratio calculation for custody banks. The agencies will issue an NPR to address these changes early in 2019 with a goal of issuing a final rule before year-end.

During the financial crisis, a number of large banking organizations failed, or experienced serious difficulties, in part because of severe liquidity problems. In May 2016, the FDIC and other banking agencies proposed a rule that would reduce the vulnerability of large banking organizations to liquidity risk. The NSFR rule would require certain large banks to maintain sufficient levels of stable funding, including capital, long-term debt, and other stable sources over a one-year window, to account for the liquidity risks arising from their assets, derivatives, and off-balance sheet activities. Comments were received and carefully reviewed by FDIC staff along with the staff of other federal banking agencies. FDIC staff anticipates a final rule for consideration in 2019.

Human Resources (staffing and training): The breadth and depth of knowledge among FDIC staff on bank liquidity, funding, and other capital markets matters has expanded in recent years, partly through continued staff participation and active involvement in numerous Basel policy development groups. In 2019, the FDIC will continue to increase the number of staff with capital market expertise by providing internal and external training on liquidity, funding, capital, trading activities, financial modeling, and other capital market areas. The FDIC is also developing a formal on-the-job training program to develop higher-level proficiencies in the Capital Markets specialty area.

Information Technology:  The FDIC will use existing technology to accomplish this annual performance goal.

Verification and Validation

Progress in meeting this annual performance goal will be tracked through periodic meetings and established management reporting processes.

2018 Performance Results

The FDIC did not meet the performance targets for this annual performance goal in 2018. This annual performance goal and its associated performance indicators and targets have been updated for 2019. The FDIC issued two additional NPRs in 2018 for a simplified capital framework for community banks to meet new requirements of EGRRCPA, and now expects to complete this performance target in 2019. A final rule to implement the proposed Basel III NSFR is still under review.


Annual Performance Goal 2.1-4

Implement strategies to promote enhanced cybersecurity and business continuity within the banking industry.

Indicator and Targets

  1. Enhance the cybersecurity awareness and preparedness of the banking industry
    • Continue to conduct horizontal reviews that focus on the IT risks in large and complex supervised institutions and in technology service providers.
    • Continue to use the Cybersecurity Examination Program for the most significant service provider examinations.
    • Improve the analysis and sharing of cybersecurity-related threat information with financial institutions.

Means and Strategies

Operational Processes (initiatives and strategies): The importance of cybersecurity and business continuity management to ensure the soundness and stability of the nation’s financial sector cannot be overstated. Therefore, the FDIC takes this issue extremely seriously and continually updates its procedures in order to effectively supervise financial institutions and examine their technology service providers. Currently, the FDIC assesses supervised institutions’ ability to manage IT risks through the Information Technology Risk Examination (InTREx) program. This program, developed in collaboration with the FRB and the Conference of State Bank Supervisors (CSBS), supports examiners in evaluating cybersecurity, business continuity, incident response, audit and assessment, board and management oversight, vendor relationships, and payment systems. When weaknesses are identified in supervised institutions or technology service providers, the FDIC uses a range of informal and formal actions to compel correction.

The FDIC co-led an effort through the FFIEC Task Force on Supervision to develop a uniform process and tool for assessing how technology service providers manage cybersecurity risks. The Cybersecurity Examination Program was issued in August 2017 and is now being used to assess cybersecurity risk management at the most significant technology service provider examinations.

Human Resources (staffing and training): All commissioned risk management examiners have basic IT examination skills attained through the FDIC’s training programs. The FDIC also has 63 dedicated IT examiners, 175 risk management examiners designated as either intermediate or advanced IT subject matter experts based on completion of the FDIC’s IT on-the-job training program, and 27 specialized ITEAs who support the IT examination process with advanced technical skills. IT policy and examination personnel at headquarters also support the examination function.

Information Technology: ViSION is used to schedule and track the completion of risk management examinations, and to track any related enforcement actions or significant events at institutions due to noncompliance with IT-related banking laws and regulations.

Verification and Validation

The number and timing of IT examinations are tracked through ViSION and reported through established management processes. Enforcement actions and the timing of required on-site visits are also tracked through ViSION.

The majority of technology service provider examinations are conducted and scheduled on an interagency basis. Planning for examinations of the largest technology service providers takes place annually with the OCC and the FRB. Examinations of smaller technology service providers are managed at the FDIC regional office level in coordination with local FRB and OCC counterparts.

All IT examination activity (including technology service provider examinations) conducted by FDIC staff and detailed information on individual examiner participation is tracked through FDIC systems.

The FDIC uses its Regional Office Internal Control Review program to ensure that regions effectively monitor the compliance of FDIC-supervised institutions with formal and informal enforcement actions. This review incorporates various components of the supervisory process, including assessment of the appropriateness of formal and informal corrective actions and monitoring of enforcement implementation and follow-up activities. Any material exceptions noted during the reviews are brought to management’s attention for appropriate action.

2018 Performance Results

The FDIC successfully met the performance targets for this annual performance goal in 2018. This annual performance goal and associated performance indicator are unchanged, but the performance targets have been updated for 2019.


STRATEGIC GOAL 3:
Consumers’ rights are protected, and FDIC-supervised institutions invest in their communities.


STRATEGIC OBJECTIVE 3.1    

FDIC-supervised institutions comply with consumer protection, CRA, and fair lending laws and do not engage in unfair or deceptive practices.

Annual Performance Goal 3.1-1     

Conduct on-site CRA and consumer compliance examinations to assess compliance with applicable laws and regulations by FDIC-supervised institutions. When violations are identified, promptly implement appropriate corrective programs and follow up to ensure that identified problems are corrected.

Indicators and Targets

  1. Percentage of examinations conducted in accordance with the timeframes prescribed by FDIC policy
    • Conduct all required examinations within the timeframes established.
  2.  Implementation of corrective programs
    • Conduct visits and/or follow-up examinations in accordance with established FDIC processes to ensure that the requirements of any corrective program have been implemented and are effectively addressing identified violations.

Means and Strategies

Operational Processes (initiatives and strategies): The FDIC conducts CRA and compliance examinations of FDIC-supervised depository institutions to determine compliance with consumer protection and fair lending laws and performance under CRA. The frequency of compliance examinations is specified by FDIC policy. For CRA examinations, the FDIC’s examination frequency policy conforms to applicable provisions of the Gramm-Leach-Bliley Act (GLBA), which establishes the CRA examination cycle for most small institutions. In 2019, the FDIC estimates that it will conduct approximately 1,224 compliance and/or CRA examinations.

The FDIC’s compliance examination approach emphasizes a risk-focused scoping process to look at an institution’s compliance risk management practices and the potential risk of consumer harm. This approach involves an expanded review of an institution’s systems and compliance policies so that transaction testing can be better targeted and focused on areas that pose the greatest risk for consumer harm. This approach creates a more efficient and effective use of examination resources, especially in financial institutions with high compliance risk profiles.

Institutions with compliance deficiencies are identified primarily through the examination process. While discussions with bank management are usually sufficient to correct these deficiencies, the FDIC has broad enforcement powers to correct practices, conditions, or violations of law that threaten an institution’s compliance with consumer protection and fair lending laws or a consumer’s rights under those laws.

Institutions that are subject to enforcement actions because of unfavorable ratings for compliance with consumer protection and fair lending laws and regulations are closely monitored by regional office officials. A follow-up examination or on-site visit is conducted to review compliance with supervisory actions for each institution that receives an unsatisfactory rating. Additional follow-up action is taken when the initial corrective program is determined to have been insufficient in addressing the identified problem. Progress in complying with an enforcement action is also assessed through quarterly progress reports from, and direct communication with, management of the financial institution.

Human Resources (staffing and training): The FDIC has 454 authorized permanent compliance examiner positions in its field examination workforce in 2019. Staffing and training needs are reviewed regularly to ensure that staff resources supporting the compliance supervision program are adequate to conduct a high-quality examination program and to ensure that employees possess the skills and knowledge to effectively implement this program.

Information Technology:  The System of Uniform Reporting of Compliance and CRA Examinations (SOURCE) is used to schedule and track compliance examinations, support pre-examination planning, and provide management information.

Verification and Validation

The FDIC will analyze examination-related data collected in SOURCE to determine whether the performance target for this goal is achieved during the reporting period.  Results will be reported through established management reporting processes.

2018 Performance Results

The FDIC substantially achieved the performance targets for the annual performance goal in 2018. This annual performance goal and its associated performance indicators and targets are unchanged for 2019.



STRATEGIC OBJECTIVE 3.2

Consumers have access to accurate and easily understood information about their rights and the disclosures due them under consumer protection and fair lending laws.

Annual Performance Goal 3.2-1     

Effectively investigate and respond to written consumer complaints and inquiries about FDIC-supervised financial institutions.

Indicators and Targets

  1. Timely responses to written consumer complaints and inquiries
    • Respond to 95 percent of written consumer complaints and inquiries within timeframes established by policy, with all complaints and inquiries receiving at least an initial acknowledgement within two weeks.
  2. Public availability of information on consumer complaints
    • Publish, through the Consumer Response Center (CRC), an annual report regarding the nature of the FDIC’s interactions with consumers and depositors.
    • Publish, on the FDIC’s website, and regularly update metrics on requests from the public for FDIC assistance.

Means and Strategies

Operational Processes (initiatives and strategies): The FDIC has a comprehensive program to disseminate information to IDIs and the public on consumer rights under consumer protection and fair lending laws and regulations. It also operates a centralized CRC that coordinates the investigation of, and response to, consumer complaints and inquiries. For correspondence related to FDIC-supervised institutions, FDIC staff contacts the institution and reviews its actions for compliance with applicable federal consumer protection regulations before providing a response. Correspondence regarding institutions under the jurisdiction of other primary federal regulators is referred to those agencies. Target response times vary by the type of inquiry or complaint.

Human Resources (staffing and training): The CRC is located in Kansas City and is staffed by FDIC employees. CRC staff and management work in partnership with supervisory staff in each region on consumer complaints and inquiries involving new or unusual issues or sensitive matters.

Information Technology: The FDIC uses an automated Customer Assistance Form on the FDIC’s public website to facilitate submission of consumer correspondence. During 2018, the CRC implemented a new system of record, EPIC, to replace the Specialized Tracking and Reporting System (STARS). EPIC provides similar functionality as STARS in capturing and reporting information regarding complaints and inquiries, including response time. 

Verification and Validation

The FDIC closely monitors the timeliness of its acknowledgment letters and responses through EPIC. Performance results are monitored through established management reporting processes.

In addition, surveys are sent to all consumers who have filed written consumer protection and fair lending complaints about an FDIC-supervised institution to assess their satisfaction with the FDIC’s investigations and responses. Established survey research methods are used to ensure the validity and reliability of the survey instrument and results.

2018 Performance Results

The FDIC successfully met the performance target for this annual performance goal in 2018. This annual performance goal is unchanged from 2018, but a new indicator and target have been included for 2019.


STRATEGIC OBJECTIVE 3.3

The public has access to safe and affordable products and services from IDIs and the opportunity to benefit from a banking relationship.

Annual Performance Goal 3.3-1

Promote economic inclusion and access to responsible financial services through supervisory, research, policy, and consumer/community affairs initiatives.

Indicator and Targets

  1. Completion of planned initiatives
    • Administer the 2019 Survey of Unbanked and Underbanked Households.
    • Conduct outreach to institutions and the public to expand the availability and usage of low-cost transaction accounts tailored to the needs of unbanked and underbanked households.
    • Expand the reach of the new Money Smart for Adults through online resources, translating the curriculum into other languages, and outreach.
    • Strengthen connections between small businesses and FDIC-insured institutions.
    • Increase engagement and collaboration with, and provide support for, Minority Depository Institutions (MDIs).

Means and Strategies

Operational Processes (initiatives and strategies): Approximately 25 percent of U.S. households are underserved by the banking industry, based on survey results published by the FDIC in October 2018. This includes both “unbanked” households (i.e., those with no checking or savings accounts) and “underbanked” households (i.e., those with checking or savings accounts who have used nonbank alternative financial services and providers, such as money orders, check cashing services, payday loans, rent-to-own agreements, pawn shops, or refund anticipation loans, in the past 12 months). 

During 2019, the FDIC will advance and promote the recently updated Money Smart for Adults curriculum. This curriculum, released in November 2018, provides banks, non-profit organizations, and others with research-based and tested tools to help people build financial skills and confidence through knowledge and practice. In particular, the FDIC plans to market this and other Money Smart resources during outreach to banks and the public to promote the usage of low-cost transactional accounts tailored to the needs of unbanked and underbanked households.

The FDIC will also encourage IDIs and their partners to prudently serve the financial needs of emerging entrepreneurs and small businesses through training and technical assistance. For example, the FDIC will expand awareness of the recently updated Money Smart for Small Business curriculum in collaboration with the U.S. Small Business Administration (SBA) by promoting promising strategies to use the curriculum to support lending activities. The FDIC will also engage community banks and their partners to identify and promote local opportunities to support small businesses. These efforts include raising awareness of responsive, effective, and prudent lending programs offered by the SBA and others.

During 2019, the FDIC will administer the 2019 FDIC National Survey of Unbanked and Underbanked Households, conducted jointly with the U.S. Census Bureau. In addition to the survey, the FDIC also collects information to provide insights into banks’ efforts to serve the unbanked and underbanked. In 2019, the FDIC will publish a report on previously collected data describing eligibility requirements, costs, and terms of basic, entry-level accounts at insured banks and will explore additional opportunities to conduct research to these ends. Together, these efforts will enable the FDIC to provide an important set of references that will help assess progress in the area of economic inclusion, as well as remaining challenges.

ComE-IN supports research, demonstrations, and pilot projects, and promotes sound supervisory and public policies to improve the “appropriate engagement” of underserved households with mainstream financial institutions. Appropriate engagement means that households are using financial products and services that are affordable, easy to understand, and not subject to unfair or unforeseen fees.

ComE-IN’s work will support the expanded availability of SAFE accounts and the responsible use of technology, including mobile banking, to expand banking services to the underbanked population. ComE-IN may recommend to the FDIC specific measures of improvement, many of which may represent national objectives that require the participation and cooperation of multiple stakeholders, including other federal agencies; federal, state, and local policy makers; the financial services industry; nonprofit and philanthropic groups; and consumer groups.

During 2019, FDIC working groups will continue to conduct research, facilitate partnerships, and conduct outreach to expand access to mainstream banking services for underserved consumers. The FDIC may present these proposals to ComE-IN for advice and recommendations.

The FDIC will increase its engagement with MDIs in 2019 by adding to its outreach activities; the FDIC will host roundtables designed to promote collaboration and partnerships between minority banks and non-MDIs and will publish collaboration success stories. The agency is updating research on the role MDIs play in serving their communities for publication in 2019, and hosting an interagency conference to discuss issues unique to minority banks, as well as tools and resources for addressing these issues. The FDIC also engages troubled MDIs through the execution of supervisory strategies, enhanced outreach, and technical assistance.

Human Resources (staffing and training): This annual performance goal will be carried out largely by existing staff in the FDIC’s consumer research, policy, and consumer and community affairs functions. ComE-IN activities are supported by staff in several FDIC divisions. Employees in those divisions provide staff support for ComE-IN, as needed, including support for its research and demonstration activities.

Information Technology: Existing technology will be used to accomplish this goal.  The FDIC broadcasts ComE-IN’s public meetings on its website.

Verification and Validation

Progress in completing the initiatives planned for this annual performance goal will be monitored through established management reporting processes.

2018 Performance Results

The FDIC successfully met the performance targets for this annual performance goal in 2018. This annual performance goal and its associated performance indicator are unchanged from 2018, but the performance targets have been updated for 2019.



STRATEGIC GOAL 4:
Large and complex financial institutions are resolvable in an orderly manner under bankruptcy.


STRATEGIC OBJECTIVE 4.1    

Large and complex financial institutions are resolvable under the Bankruptcy Code.

Annual Performance Goal 4.1-1     

Identify and address risks in large, complex financial institutions, including those designated as systemically important.

Indicators and Targets

  1. Rulemaking for resolution planning requirements
    • Complete interagency rulemaking with the FRB to tailor application of resolution planning requirements under Section 165(d) of the Dodd-Frank Act.
    • Issue an ANPR to tailor and make adjustments to the FDIC’s resolution planning requirements for IDIs.
  2. Compliance with the statutory and regulatory requirements under Title I of the Dodd-Frank Act and Section 360.10 of the FDIC Rules and Regulations
    • In collaboration with the FRB, review all resolution plans subject to the requirements of Section 165(d) of the Dodd-Frank Act to ensure their conformance to statutory and other regulatory requirements. Identify and provide feedback to firms on potential impediments in those plans to resolution under the Bankruptcy Code.
    • Review resolution plans subject to the requirements of Section 360.10 of the Insured Depository Institutions (IDI) Rule to ensure their conformance to other regulatory requirements.
  3. Risk monitoring of large, complex financial institutions, BHCs, and designated nonbanking firms
    • Conduct ongoing risk analysis and monitoring of large, complex financial institutions to understand and assess their structure, business activities, risk profiles, and resolution and recovery plans.

Means and Strategies

Operational Processes (initiatives and strategies): Under Section 165(d) of the Dodd-Frank Act, covered companies are required to submit resolution plans that provide for their rapid and orderly resolution under the Bankruptcy Code in the event of material financial distress or failure. The staffs of the FDIC and FRB have shared responsibility for the review of the plans submitted by covered companies to assess informational completeness and the resolvability of individual banks and BHCs.

In addition, under Section 360.10 of the FDIC Rules and Regulations, the IDI Plan Rule requires each covered IDI to provide a resolution plan that allows the FDIC as receiver to resolve the institution in an orderly manner, enable prompt access to insured deposits, maximize the return from the failed institution’s assets, and minimize losses realized by creditors and the DIF. The FDIC has the authority to review those plans.

Ongoing risk analysis and monitoring is conducted by resident FDIC teams at large, complex financial institutions and off-site analytical teams composed of quantitative experts and complex financial institution specialists with resolution and supervision backgrounds. The off-site teams analyze industry and market conditions and trends to support individual institution monitoring and the consideration of broader policy issues. They attempt to identify early warning signals and triggers and the range of possible response actions by monitoring financial condition and performance, assessing institutional risk management capabilities, and reviewing recovery plans. FDIC staff also participate in collaborative risk management examinations and targeted reviews of SIFIs with other regulatory agencies.

In response to EGRRCPA, the FDIC and FRB, in 2018, changed the thresholds for resolution plan requirements. In 2019, the agencies intend to tailor resolution planning requirements for BHCs. In addition, as noted above, the FDIC intends to publish, in 2019, an ANPR soliciting public comments on possible amendments to the IDI Plan Rule to tailor IDI resolution plan requirements.

Human Resources (staffing and training): The FDIC’s review of resolution plans submitted under Section 165(d) of the Dodd-Frank Act is carried out by a multidisciplinary team of personnel from various divisions with expertise across all major operational and business line functions of the covered companies, both domestically and internationally. The FDIC’s review of resolution plans submitted under the IDI Plan Rule is carried out by multidisciplinary teams primarily consisting of commissioned examiners and resolution specialists. These teams are complemented by subject matter experts, as necessary. Training needs for each of these groups are reviewed regularly to ensure that these teams have the knowledge and expertise necessary to appropriately perform their assigned responsibilities.

Ongoing risk monitoring is conducted by on-site resident teams and off-site analysts who have expertise with large, complex financial institution operations.

Information Technology: The FDIC uses existing technology to track the submission and review of the resolution plans required under Section 165(d) of the Dodd-Frank Act and Section 360.10 of the FDIC Rules and Regulations. In addition, the FDIC uses the Systemic Monitoring System for ongoing risk monitoring of systemically important BHCs and nonbank financial companies.

Verification and Validation

Progress in achieving this annual performance goal will be monitored through established management reporting processes.

2018 Performance Results

The FDIC successfully met the performance targets for this annual performance goal in 2018. This annual performance goal is unchanged from 2018, but the performance indicators and targets have been updated for 2019.



 

Skip Footer back to content