FDIC Header
Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

2017 Annual Performance Plan

Supervision Program

To promote public confidence and stability in the nation’s financial system, the FDIC’s Supervision Program promotes the safety and soundness of insured depository institutions, protects consumer rights, and promotes community investment initiatives by FDIC-supervised institutions. 

The FDIC is the primary federal regulator for state-chartered banks and savings institutions that are not members of the Federal Reserve System, generally known as state nonmember banks and state-chartered thrifts.  This includes state-licensed insured branches of foreign banks and state-chartered savings institutions.  As insurer, the FDIC also has special (back-up) examination authority for state member banks that are supervised by the Federal Reserve Board (FRB) and national banks and thrift institutions that are supervised by the Office of the Comptroller of the Currency (OCC).  The FDIC’s roles as insurer and primary supervisor are complementary, and many activities undertaken by the FDIC support both the insurance and supervision programs.  Through the review of examination reports, use of off-site monitoring tools, participation in examinations conducted by other federal regulators, and, where appropriate, performance of special (back-up) examination activities, the FDIC regularly monitors the potential risks at all insured institutions, including those for which it is not the primary federal regulator.

The Dodd-Frank Act (DFA) of 2010 expanded the FDIC’s statutory responsibilities beyond insured depository institutions to bank holding companies with more than $50 billion in assets and nonbank financial companies that are designated as systemically important financial institutions (SIFIs) by the Financial Stability Oversight Council (FSOC).  The DFA designates the FRB as the primary supervisor of these companies, but the FDIC has established on- and off-site monitoring programs and has certain statutory back-up examination authorities for these companies.  The purpose of the FDIC monitoring and risk assessment activities for these institutions is, where possible, to mitigate identified risks; assess the adequacy of the institution’s efforts to prepare to reorganize or liquidate through bankruptcy in the event of financial distress; and be prepared, if necessary, to conduct an orderly liquidation of the company. 

As the primary federal regulator of all insured state nonmember banks and state-chartered thrifts, the FDIC performs periodic risk management examinations of these institutions to assess their overall financial condition, management policies and practices, and compliance with applicable laws and regulations.  The FDIC also performs Bank Secrecy Act and information technology reviews at each risk management examination and, when applicable, conducts reviews of trust, registered transfer agent, municipal securities dealer, and government security dealer activities at these examinations. Through the examination process, the FDIC also assesses the adequacy of an institution’s management and internal control systems to identify and control risks and to detect the risks of fraud or insider abuse.  In addition, the FDIC uses off-site monitoring programs to enhance its ability to promptly identify emerging safety-and-soundness issues.

The FDIC’s compliance examination program promotes compliance with federal consumer protection laws, fair lending statutes, the Community Reinvestment Act (CRA), and the regulations that implement these laws and statutes.  The program seeks to ensure that consumers are treated fairly and that the disclosures institutions provide to consumers are accurate and complete.  To promote the most effective and efficient use of resources, the compliance examination program focuses on the bank’s activities and products that pose the greatest potential risk of consumer harm or otherwise require increased supervisory attention.  The FDIC conducts separate examinations for all state nonmember banks to assess the effectiveness of their compliance management systems and CRA performance.  Banks that are subject to the primary jurisdiction of the Consumer Financial Protection Bureau (CFPB) are examined for compliance with the regulations that were not transferred to the CFPB, including the CRA. More information on the FDIC’s relationship with CFPB can be found in Appendix D.

If weaknesses are identified through the examination process, the FDIC promptly takes appropriate supervisory action.  Formal and informal enforcement actions may be issued to correct identified violations or other problems for institutions that are operating in a deteriorated financial condition; failing to comply with consumer protection, fair lending, and other statutes; or displaying other significant weaknesses, including weaknesses in operations or risk management practices.  These enforcement actions remain in place until the identified weaknesses are remedied.

The FDIC also investigates consumer complaints about FDIC-supervised insured depository institutions.  Consumers write or electronically submit to the FDIC complaints and inquiries regarding consumer protection and fair lending issues.  Through its investigation of and response to consumer complaints and inquiries, the FDIC attempts to help consumers better understand their rights under federal consumer protection and fair lending laws.  The FDIC uses surveys to monitor consumers’ satisfaction with its responses to complaints and inquiries.

In addition, the FDIC acts on applications from FDIC-supervised insured depository institutions to undertake new or expanded business activities.  For reviewing these applications, the FDIC evaluates various factors, including capital adequacy, quality of management, financial condition, and compliance with applicable laws and regulations.  It also considers an institution’s compliance with consumer protection, fair lending, and privacy laws and its performance under the CRA.

Information about the FDIC’s supervisory program, including laws, regulations, and regulatory guidance, is available at www.fdic.gov.  The FDIC’s semiannual Supervisory Insights journal provides information about bank supervision to bankers, bank examiners, and other practitioners.

The FDIC will focus in 2017 on addressing a variety of risks to financial institutions including potential changes in interest rates, growth in asset concentrations, and cybersecurity risks. In addition, the FDIC will continue to implement its authorities under the DFA, as well as its ongoing community banking initiative.

Interest-Rate Risk

While interest rates remained stable for an extended period, a recent interest rate increase and a rising interest rate environment could adversely affect the net worth and earnings performance of a number of institutions.  In an effort to alleviate the impact of low interest rates and increase net interest margins, banks have been investing in longer-term assets and increasing the mismatch between asset and liability maturities.  This mismatch exposes an institution to interest-rate risk.  In 2017, the FDIC will continue to identify and address interest-rate risk at FDIC-supervised institutions through off-site analysis and on-site examinations.

Concentration Risk

In 2017, the FDIC also will closely monitor concentrations of assets at FDIC-supervised institutions to ensure that they are managing the potential risks associated with holding a large concentration of assets in any particular area.  High concentrations of assets can expose an institution to economic, credit, and interest-rate risks.  Although many institutions effectively manage portfolio concentrations, the recent financial crisis demonstrated that a number of banks failed to do so, either by failing to implement effective risk management practices or through a lack of sufficient financial and managerial resources.  As a result, improperly managed concentration risk contributed significantly to bank losses and failures, as well as losses to the DIF.  In 2017, the FDIC will continue to identify and monitor the risk management practices of institutions with high levels of asset concentrations.  Examination procedures will focus on underwriting, credit administration, portfolio management, and monitoring practices.

Cybersecurity

Cybersecurity is another significant concern for the banking industry because of the industry’s use of and reliance on technology, not only in bank operations, but also as an interface with customers.  Cybersecurity has become one of the most critical challenges facing the financial services sector due to the frequency and increasing sophistication of cyber attacks.  In response, financial institutions and their service providers are continually challenged to assess and strengthen information security programs and refocus their efforts and resources to address cybersecurity risks. 

In 2016, the FDIC added to its cybersecurity awareness resources for financial institutions.  For example, the FDIC published an article in Supervisory Insights titled, “Framework for Cybersecurity” that discusses how financial institutions’ information security programs can be enhanced to address evolving cybersecurity risks.  The FDIC also published a technical assistance video on outsourcing technology services to assist community banks in developing a comprehensive risk-assessment program for vendor management.  The FDIC created a dedicated cybersecurity resources webpage on www.fdic.gov that provides bankers with quick access to the technical assistance videos, articles, exercises, and FILs that address cybersecurity.

Finally, the FDIC published information brochures financial institutions can use to educate their retail and business banking customers on cyber risk prevention.  These include a Cybersecurity Awareness video and Cyber Challenge, a series of seven video vignettes and exercises that are intended to encourage bank management and staff to discuss operational risk issues and the potential impact of information technology disruptions on common banking functions. 

As a member of the Federal Financial Institutions Council (FFIEC), the FDIC developed and issued numerous statements about emerging cybersecurity and technology risks and provided additional information on how the interagency Cybersecurity Assessment Tool can help financial institutions assess their inherent risk and cybersecurity preparedness.

The FDIC monitors cybersecurity issues on a regular basis through on-site bank examinations.  During 2016, the FDIC continued to strengthen our IT and operational risk supervision program by adding approximately 20 authorized positions that will be responsible for conducting and providing oversight of complex IT examinations of financial institutions and large Technology Service Providers.  The FDIC also implemented a revised IT examination work program for community banks that includes an assessment of an institution’s cybersecurity preparedness efforts.

The FDIC will continue its efforts to promote the security and resilience of the financial services sector by collaborating with its fellow banking regulators through the FFIEC’s Cybersecurity and Critical Infrastructure Working Group, the Information Technology Subcommittee, and the Financial and Banking Information Infrastructure Committee.

Dodd-Frank Responsibilities

In 2017, the FDIC will continue to develop its capabilities related to its responsibilities under the DFA.  The FDIC will conduct ongoing risk monitoring reviews of all banking organizations with more than $100 billion in assets, as well as certain nonbank SIFIs.  In addition, we will complete our review of the resolution plans submitted by insured depository institutions and bank holding companies with assets of $50 billion or more, as well as nonbank financial companies designated by the FSOC.  The FDIC is responsible for ensuring that these resolution plans provide a viable approach for reorganizing a firm or liquidating it through bankruptcy without severe adverse consequences for the financial system or the U.S. economy. 

Community Banking Initiative

Finally, community bank issues will remain a high priority for 2017.   The FDIC will continue to consult with the Community Banking Advisory Committee and to follow up on the recommendations from its Community Banking Study to make its supervisory process more efficient, consistent, and transparent to community banks.

The following table depicts the strategic goal, strategic objective, and annual performance goals for the Risk Management component of the Supervision Program.

Strategic Goal

Strategic Objectives

Annual Performance Goals

FDIC-insured institutions are safe and sound.

The FDIC exercises its statutory authority, in cooperation with primary federal regulators and state agencies, to ensure that all FDIC-insured institutions appropriately manage risk.

 

Conduct on-site risk management examinations to assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised depository institutions.  When problems are identified, promptly implement appropriate corrective programs, and follow up to ensure that identified problems are corrected. (2.1-1)

 

Assist in protecting the infrastructure of the U.S. banking system against terrorist financing, money laundering, and other financial crimes. (2.1-2)

 

More closely align regulatory capital standards with risk and ensure that capital is maintained at prudential levels. (2.1-3)

 

Implement strategies to promote enhanced information security, cybersecurity, and business continuity within the banking industry. (2.1-4)


The following table depicts the strategic goal, strategic objectives, and annual performance goals for the Compliance and Consumer Affairs components of the Supervision Program.

Strategic Goal

Strategic Objectives

Annual Performance Goals

Consumers’ rights are protected, and FDIC-supervised institutions invest in their communities.

FDIC-supervised institutions comply with consumer protection, CRA, and fair lending laws and do not engage in unfair or deceptive practices.

 

Conduct on-site CRA and compliance examinations to assess compliance with applicable laws and regulations by FDIC-supervised depository institutions.  When violations are identified, promptly implement appropriate corrective programs, and follow up to ensure that identified problems are corrected. (3.1-1)

Consumers have access to accurate and easily understood information about their rights and the disclosures due them under consumer protection and fair lending laws.

Effectively investigate and respond to written consumer complaints and inquiries about FDIC-supervised financial institutions. (3.2-1)

The public has fair access to banking services and is treated equitably by FDIC-supervised institutions.

Promote economic inclusion and access to responsible financial services through supervisory, research, policy, and consumer/community affairs initiatives. (3.3-1)

The following table depicts the strategic goal, strategic objectives, and annual performance goals for the Resolution Planning component of the Supervision Program.

Strategic Goal

Strategic Objectives

Annual Performance Goals

 

Large and complex financial institutions are resolvable in an orderly manner under bankruptcy.

 

Large and complex financial institutions are resolvable under the Bankruptcy Code.

Identify and address risks in large and complex financial institutions, including those designated as systemically important. (4.1-1)

 


STRATEGIC GOAL 2:
FDIC-insured institutions are safe and sound.


STRATEGIC OBJECTIVE 2.1    

The FDIC exercises its statutory authority, in cooperation with primary federal regulators and state agencies, to ensure that all FDIC-insured institutions appropriately manage risk.

Annual Performance Goal 2.1-1     

Conduct on-site risk management examinations to assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised depository institutions.  When problems are identified, promptly implement appropriate corrective programs and follow up to ensure that identified problems are corrected.

Indicators and Targets

  1. Percentage of required examinations conducted in accordance with statutory requirements and FDIC policy
    • Conduct all required risk management examinations within the timeframes prescribed by statute and FDIC policy.
  1. Follow-up actions on identified problems
    • For at least 90 percent of institutions that are assigned a composite CAMELS rating of 2 and for which the examination report identifies “Matters Requiring Board Attention” (MRBAs), review progress reports and follow up with the institution within six months of the issuance of the examination report to ensure that all MRBAs are being addressed.

Means and Strategies

Operational Processes (initiatives and strategies): Risk management examinations assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised depository institutions.  The FDIC performs safety and soundness, Bank Secrecy Act, and information technology (IT) reviews at each risk management examination of an FDIC-supervised insured depository institution.  As applicable, the FDIC also conducts reviews of trust, registered transfer agent, municipal securities dealer, and government security dealer activities at these examinations.

In 2017, the FDIC projects that it will conduct more than 1,676 risk management examinations required under statute, FDIC policy, or agreements with state supervisors. The number of risk management examinations conducted during 2017 may fluctuate as the number of FDIC-supervised insured depository institutions changes as a result of mergers, closings, newly approved charters, and other actions.  In addition, increases in asset size or changes to an institution’s condition or capital levels may accelerate examination cycles and increase the number of required examinations.

The FDIC follows a risk-focused approach to examinations, which allows examiners to focus resources on those areas with the greatest potential risk.  The FDIC has several analytical models to identify higher-risk financial institutions by considering factors such as rapid growth, fluctuating earnings, economic downturns, and concentrations in vulnerable industry sectors.
Examiners use these off-site tools to help them focus on various risks during on-site examinations.  These models are also used to identify the need for inquiries or on-site visits to FDIC-supervised institutions outside of the regular examination cycle.

On-site examinations also review technology-related activities to determine how each FDIC-supervised depository institution manages its IT risks.  The FDIC proactively monitors indicators of technology risk that may affect FDIC-supervised institutions and provides information to the industry about risks associated with technology outsourcing practices (e.g., contracting for computer services).  The FDIC regularly talks with technology vendors, bank trade associations, and standards- and rule-setting entities to identify and promote effective risk management practices for emerging technologies.

The examination report identifies any corrective actions to be taken by the institution.  If deemed necessary, a formal or informal enforcement action is sent to the financial institution with the report of examination.  To ensure that supervisory actions are taken promptly, the FDIC monitors the time it takes to provide examination reports to FDIC-supervised institutions after the completion of an examination.  In addition to an on-site visit and a subsequent examination, compliance with an enforcement action is assessed through progress reports from the institution, use of off-site monitoring tools, and direct communication with management of the financial institution.

At this point in the economic cycle, it is important to ensure that problems identified at well-rated institutions are promptly addressed before they result in more serious deficiencies requiring formal or informal corrective programs.  When there are material issues and recommendations that require attention by the institution’s Board of Directors, the examination report will identify MRBAs to highlight areas that, if not properly measured, monitored, and controlled, could adversely affect the institution.  A timely response is requested from institution management to mitigate risks and correct noted deficiencies.  The response is reviewed to ensure it is appropriate and that it addresses supervisory concerns.

Human Resources (staffing and training): In 2017, the FDIC has 1,594 authorized positions (1,520 permanent and 74 nonpermanent) in its field workforce to conduct risk management examinations.  This includes 30 specialized IT Examination Analyst (ITEA) positions to augment the IT expertise within the examination workforce.  Field examiners conduct on-site examinations and visits.

Staffing and training needs are reviewed regularly to ensure that the examination staff possesses the skills and knowledge to effectively identify existing and emerging risks.  During 2016, all FDIC field examiners received training on the Information Technology Risk Examination (InTREx) program that was released in June 2016.  A comprehensive update to the FDIC Information Technology Examination Course also was completed in 2016 and is part of the core FDIC Commissioned Examiner program.  In addition, the FDIC began revising the IT subject matter expert on-the-job training program in 2016 and will complete that revision in 2017.

The FDIC has cooperative agreements with most states to conduct joint or alternating risk management examinations.  If a state supervisor handling an examination has scheduling, staffing, or other resource constraints, the statutory examination requirement may not be met.  In such cases, the FDIC will work with the state supervisor to make sure that any delinquent examination is quickly scheduled and completed.  When appropriate, the FDIC may conduct the examination instead of the state supervisor.

Case managers and other regional office officials finalize reports of examination and monitor compliance with enforcement programs.  Staffing and training needs for this function are also reviewed regularly to ensure that the resources available are adequate and that employees possess the required skills and knowledge.

Information Technology: The FDIC’s Virtual Supervisory Information on the Net (ViSION) system is used to schedule and track the completion of risk management examinations.  ViSION also is used to monitor all enforcement activity and other significant events at troubled institutions and to schedule on-site visits and follow-up examinations of 3-, 4-, and 5-rated institutions.

The FDIC completed in 2016 a multi-year project to develop and implement a new Examination Tools Suite (ETS) that replaces four examination-related software applications and addresses the risk of technological obsolescence.  This suite replaces legacy electronic loan review and report of examination generator software.

Verification and Validation

The number and timing of examinations are tracked through ViSION and reported through established management processes.  Enforcement actions and the timing of required on-site visits are tracked through ViSION.  The FDIC uses its Regional Office Internal Control Review program to ensure that regions effectively monitor the compliance of FDIC-supervised institutions with formal and informal enforcement actions.  This review incorporates various components of the supervisory process, including assessment of the appropriateness of formal and informal corrective actions and monitoring of enforcement implementation and follow-up activities.  Any material exceptions noted during the reviews are brought to management’s attention for appropriate action.

2016 Performance Results

The FDIC successfully met the performance target for this annual performance goal in 2016.  This annual performance goal and its associated performance indicators and targets are unchanged for 2017.


Annual Performance Goal 2.1-2

Assist in protecting the infrastructure of the U.S. banking system against terrorist financing, money laundering, and other financial crimes.

Indicator and Target

  1. Percentage of required examinations conducted in accordance with statutory requirements and FDIC policy

Means and Strategies

Operational Processes (initiatives and strategies):  The FDIC conducts Bank Secrecy Act/Anti-Money Laundering (BSA/AML) examinations and Office of Foreign Assets Control (OFAC) reviews to assess the BSA/AML and OFAC compliance programs of FDIC-supervised financial institutions.  These examinations and reviews cover sound risk management, compliance with recordkeeping requirements, and the ability of the institution to identify and report suspicious activity.  BSA/AML examinations and OFAC reviews are performed as a part of all risk management examinations of FDIC-supervised insured depository institutions.  The FDIC also completes BSA exams for states that do not conduct these exams.  The FDIC follows a risk-based approach to BSA/AML examinations and OFAC reviews, which allows examiners to focus resources on those areas with the greatest potential risk.

Guidance is provided to risk management staff through written memoranda, participation in the FFIEC BSA/AML Examination Workshop, and attendance at the FFIEC Advanced BSA/AML Specialists Conference.

Human Resources (staffing and training): There are 330 FDIC examiners who are designated as BSA/AML subject matter experts.  Staffing and training needs are reviewed regularly to ensure that the staff resources supporting the BSA/AML examination program are adequate and that employees possess the skills and knowledge to effectively and successfully assess compliance with BSA/AML requirements and detect any emerging risks.

Information Technology: ViSION is used to track the number and timing of required BSA/AML examinations.  Examiners also use ETS to update BSA violation codes automatically, thereby increasing the efficiency of those examinations.

Verification and Validation

The number and timing of BSA/AML examinations are tracked in ViSION and reported through established management processes.

2016 Performance Results

The FDIC successfully met the performance target for this annual performance goal in 2016.  This annual performance goal and its associated performance indicator and target are unchanged for 2017.


Annual Performance Goal 2.1-3     

More closely align regulatory capital standards with risk and ensure that capital is maintained at prudential levels.

Indicator and Target

  1. Simplification of capital standards for community banks

    • Issue a Notice of Proposed Rulemaking (NPR) for a simplified capital framework for community banks

  2. U.S. implementation of internationally agreed regulatory standards

    • Issue a final rule implementing the Basel III Net Stable Funding Ratio.

Means and Strategies

Operational Processes (initiatives and strategies): FDIC staff has been working with closely with the staffs of the other federal banking agencies to develop a proposal to simplify the capital framework applicable to community banks.  The federal banking agencies identified the regulatory capital framework as a regulation that could be simplified as part of their most recent review of opportunities for regulatory burden reduction conducted pursuant to the Economic Growth and Regulatory Paperwork Reduction Act.  The federal banking agencies hope, in particular, to simplify and streamline the capital treatment applicable to certain commercial real estate exposures.  An NPR to seek comment on simplifications to the regulatory capital framework is targeted for consideration by the FDIC Board of Directors in September 2017.    

FDIC staff has also been working closely with the staffs of other federal banking agencies to develop a final Net Stable Funding Ratio (NSFR) rule to implement in the United States.  The rule would apply to internationally active banking organizations.  In 2016, the FDIC, OCC, and FRB devoted substantial resources to develop an interagency notice of proposed rulemaking (NPR) to implement the NSFR rule.  The NPR was issued in May 2016 and the public comment period closed August 5, 2016.  The agencies received 27 comment letters and are reviewing them in order to draft a proposed final rule. In considering these comments, the FDIC has been consulting internally with individuals and groups that have specialized expertise in areas such as complex financial institutions, supervision, accounting, consumer compliance, and insurance and research.  FDIC staff also continues to lead and support the Basel Committee’s ongoing quantitative impact study work on the NSFR.

Human Resources (staffing and training): The breadth and depth of knowledge among FDIC staff on bank liquidity, funding, and other capital markets matters has expanded in recent years, partly through continued staff participation and active involvement in numerous Basel policy development groups.  In 2017, the FDIC will continue to increase the number of staff with capital market expertise by providing internal and external training on liquidity, funding, capital, trading activities, financial modeling, and other capital market areas.

Information Technology:  The FDIC will use existing technology to accomplish this annual performance goal.

Verification and Validation

Progress in meeting this annual performance goal will be tracked through periodic meetings and established reporting processes.

2016 Performance Results

The FDIC successfully met the performance target for this annual performance goal in 2016.  The annual performance goal and its associated performance indicator are unchanged from 2016, but its associated performance target has been updated for 2017.


Annual Performance Goal 2.1-4

Implement strategies to promote enhanced information security, cybersecurity, and business continuity within the banking industry.

Indicator and Targets

  1. Enhance the cybersecurity awareness and preparedness of the banking industry
    • Continue implementation of a horizontal review program that focuses on the IT risks in large and complex supervised institutions and Technology Service Providers (TSPs).
    • Revise and implement by December 31, 2017, the Cybersecurity Examination Tool for TSPs.

Means and Strategies

Operational Processes (initiatives and strategies): The importance of cybersecurity in ensuring the soundness and stability of the nation’s financial sector cannot be overstated.  As such, the FDIC takes this issue extremely seriously, and continually updates its procedures in order to effectively handle potential threats to the banking sector.  Currently, the FDIC assesses supervised institutions’ ability to manage information technology risks through the InTREx program.  This program, developed in collaboration with the FRB and the Conference of State Bank Supervisors, supports examiners in evaluating information security, cybersecurity risk management, business continuity, incident response, audit and assessment, board and management oversight, vendor relationships, and payment systems.  Whenever significant weaknesses are identified in supervised financial institutions or TSPs, the FDIC issues enforcement actions to compel correction.

In June 2015, the FFIEC agencies released a Cybersecurity Assessment Tool that institutions may use to conduct a self-assessment of their cyber preparedness.  The FFIEC is in the process of preparing a cybersecurity assessment tool for TSPs that is planned to be released in 2017.

Human Resources (staffing and training): The vast majority of the FDIC’s commissioned risk management examiners have basic IT examination skills attained through the FDIC’s IT training programs.  There are 478 commissioned FDIC examiners who have completed all four post-commission IT schools and more than 1,200 who have completed at least one of these schools.  The FDIC also has 63 dedicated IT examiners, and 123 risk management examiners designated as either intermediate or advanced IT subject matter experts based on completion of the FDIC’s IT on-the-job training program.  Finally, 49 specialized Information Technology Examination Analysts support the IT examination process with advanced technical skills.  

The IT examination function is supported by IT policy and examination personnel in the Washington, D.C., headquarters.  The FDIC also has expanded its headquarters operations to address the growing risk exposure in the payment services area and to enhance its examination of TSPs and cybersecurity risks in the banking industry.

Information Technology: ViSION is used to schedule and track the completion of risk management examinations and any related enforcement actions or significant events at institutions due to noncompliance with IT-related banking laws and regulations.

Verification and Validation

The number and timing of IT examinations are tracked through ViSION and reported through established management processes.  Enforcement actions and the timing of required on-site visits are also tracked through ViSION

The majority of TSP exams are conducted and scheduled on an interagency basis.  Planning for examinations of the largest TSPs takes place annually with the OCC and the FRB.  Examinations of smaller TSPs are managed at the FDIC regional office level in coordination with the local FRB and OCC counterparts.  All IT examination activity (including TSP examinations) conducted by FDIC staff and detailed information on individual examiner participation is tracked through FDIC systems.

The FDIC uses its Regional Office Internal Control Review program to ensure that regions effectively monitor the compliance of FDIC-supervised institutions with formal and informal enforcement actions.  This review incorporates various components of the supervisory process, including assessment of the appropriateness of formal and informal corrective actions and monitoring of enforcement implementation and follow-up activities.  Any material exceptions noted during the reviews are brought to management’s attention for appropriate action.

2016 Performance Results

The FDIC successfully met the performance targets for this annual performance goal in 2016.  This annual performance goal is unchanged from 2016, but the associated indicator and performance targets have been updated for 2017.


STRATEGIC GOAL 3:
Consumers’ rights are protected, and FDIC-supervised institutions invest in their communities.


STRATEGIC OBJECTIVE 3.1    

FDIC-supervised institutions comply with consumer protection, CRA, and fair lending laws and do not engage in unfair or deceptive practices.

Annual Performance Goal 3.1-1     

Conduct on-site CRA and compliance examinations to assess compliance with applicable laws and regulations by FDIC-supervised depository institutions.  When violations are identified, promptly implement appropriate corrective programs and follow up to ensure that identified problems are corrected.

Indicators and Targets

  1. Percentage of examinations conducted in accordance with the timeframes prescribed by FDIC policy
    • Conduct all required examinations within the timeframes established by FDIC policy.
  1.  Implementation of corrective programs
    • Conduct visits and/or follow-up examinations in accordance with established FDIC policies to ensure that the requirements of any required corrective program have been implemented and are effectively addressing identified violations.

Means and Strategies

Operational Processes (initiatives and strategies): The FDIC conducts CRA and compliance examinations of FDIC-supervised depository institutions to determine compliance with consumer protection and fair lending laws and performance under CRA.  The frequency of compliance examinations is specified by FDIC policy.  For CRA examinations, the FDIC’s examination frequency policy conforms to applicable provisions of the Gramm-Leach-Bliley Act (GLBA), which establishes the CRA examination cycle for most small banks.  In 2017, the FDIC estimates that it will conduct approximately 1,303 compliance and/or CRA examinations.

The FDIC’s compliance examination approach emphasizes a risk-focused scoping process to look at an institution’s compliance risk management practices and the potential risk of consumer harm.  This approach involves an expanded review of an institution’s systems and compliance policies so that transaction testing can be better targeted and focused on areas that pose the greatest risk for consumer harm.  This approach creates a more efficient and effective use of examination resources, especially in financial institutions with high compliance risk profiles.

Institutions with compliance deficiencies are identified primarily through the examination process.  While discussions with bank management are usually sufficient to correct these deficiencies, the FDIC has broad enforcement powers to correct practices, conditions, or violations of law that threaten an institution’s compliance with consumer protection and fair lending laws or a consumer’s rights under those laws. 

Institutions that are subject to enforcement actions because of unfavorable ratings for compliance with consumer protection and fair lending laws and regulations are closely monitored by regional office officials.  A follow-up examination or on-site visit is conducted to review compliance with supervisory actions for each institution that receives an unsatisfactory rating.  Additional follow-up action is taken when the initial corrective program is determined to have been insufficient in addressing the identified problem.  Progress in complying with an enforcement action is also assessed through quarterly progress reports from, and direct communication with, management of the financial institution.

Human Resources (staffing and training): The FDIC has 490 authorized positions (470 permanent, 20 nonpermanent) in its field examination workforce for compliance and consumer protection in 2017.  Staffing and training needs are reviewed regularly to ensure that staff resources supporting the compliance supervision program are adequate to conduct a high quality examination program and that employees possess the skills and knowledge to effectively implement this program.

Information Technology:  The System of Uniform Reporting of Compliance and CRA Examinations (SOURCE) is used to schedule and track compliance examinations, support pre-examination planning, and provide management information.

Verification and Validation

The FDIC will analyze examination-related data collected in SOURCE to determine whether the performance target for this goal is achieved during the reporting period.  Results will be reported through established management processes.

2016 Performance Results

The FDIC successfully met the performance targets for the annual performance goal in 2016.   This annual performance goal and its associated performance indicators and targets are unchanged for 2017.



STRATEGIC OBJECTIVE 3.2

Consumers have access to accurate and easily understood information about their rights and the disclosures due them under consumer protection and fair lending laws.

Annual Performance Goal 3.2-1     

Effectively investigate and respond to written consumer complaints and inquiries about FDIC-supervised financial institutions.

Indicator and Target

  1. Timely responses to written consumer complaints and inquiries
    • Respond to 95 percent of written consumer complaints and inquiries within timeframes established by policy, with all complaints and inquiries receiving at least an initial acknowledgement within two weeks.

Means and Strategies

Operational Processes (initiatives and strategies): The FDIC has a comprehensive program to disseminate information to banks and the public on consumer rights under consumer protection and fair lending laws and regulations.  It also operates a centralized Consumer Response Center (CRC) that coordinates the investigation of, and response to, consumer complaints and inquiries.  For correspondence related to FDIC-supervised institutions, FDIC staff contacts the institution and reviews the bank’s actions for compliance with applicable federal consumer protection regulations before providing a response. Correspondence regarding institutions under the jurisdiction of other primary federal regulators is referred to those agencies.  Target response times vary by the type of inquiry or complaint. 

Human Resources (staffing and training): The CRC is located in Kansas City and is staffed by FDIC employees.  CRC staff and management work in partnership with supervisory staff in each region on consumer complaints and inquiries involving new or unusual issues or sensitive matters.

Information Technology: The FDIC uses an automated Customer Assistance Form on the FDIC’s website to facilitate submission of consumer correspondence.  The Specialized Tracking and Reporting System (STARS) is used to capture and report information regarding the FDIC’s consumer assistance program, including response time. 

Verification and Validation

The FDIC closely monitors the timeliness of its acknowledgment letters and responses through STARS.  Performance results are monitored through established management processes. In addition, surveys are sent to all consumers who have filed written consumer protection and fair lending complaints about a FDIC-supervised institution to assess their satisfaction with the FDIC’s investigations and responses.  Established survey research methods are used to ensure the validity and reliability of the survey instrument and results.

2016 Performance Results

The FDIC successfully met the performance target for this annual performance goal in 2016.  This annual performance goal and its associated performance indicator and target are unchanged for 2017.


STRATEGIC OBJECTIVE 3.3

The public has fair access to banking services and is treated equitably by FDIC-supervised institutions.

Annual Performance Goal 3.3-1

Promote economic inclusion and access to responsible financial services through supervisory, research, policy, and consumer/community affairs initiatives.

Indicator and Targets

  1. Completion of planned initiatives

Means and Strategies

Operational Processes (initiatives and strategies): Approximately 27 percent of U.S. households are underserved by the banking industry, based on survey results previously published by the FDIC.  This includes both “unbanked” households (i.e., those with no checking or savings accounts) and “underbanked” households (i.e., those with checking or savings accounts who have used nonbank alternative financial services and providers, such as money orders, check cashing services, payday loans, rent-to-own agreements, pawn shops, or refund anticipation loans, in the past 12 months). 

The Advisory Committee on Economic Inclusion (ComE-IN) supports research, demonstrations, and pilot projects and promotes sound supervisory and public policies to improve the “appropriate engagement” of underserved households with mainstream financial institutions.  Appropriate engagement means that households are using financial products and services that are affordable, easy to understand, and not subject to unfair or unforeseen fees.

During 2017, the FDIC will revise and administer the FDIC National Survey of Unbanked and Underbanked Households conducted jointly with the U.S. Census Bureau.  In addition to the survey, the FDIC also collects information to provide insights into banks’ efforts to serve the unbanked and underbanked.  In 2017, the FDIC will conduct research focusing on banks’ use of mobile financial services to reach low- and moderate-income consumers.  Together, these efforts will enable the FDIC to provide an important set of references that will help assess progress in the area of economic inclusion, as well as remaining challenges.  In addition, the FDIC will be better positioned to identify strategies that promote economic inclusion by studying opportunities to expand access to mainstream financial services, identifying the role that community banks play in meeting community needs, and increasing awareness of communities that are currently underserved or at risk of becoming underserved.

ComE-IN’s work will support the expanded availability of SAFE accounts and the responsible use of technology, including mobile banking, to expand banking services to the underbanked population.  ComE-IN may recommend to the FDIC specific measures of improvement, many of which may represent national objectives that require the participation and cooperation of multiple stakeholders, including other federal agencies; federal, state, and local policy makers; the financial services industry; nonprofit and philanthropic groups; and consumer groups.

During 2017, FDIC working groups will continue to conduct research, facilitate partnerships, and conduct outreach related to expanding access to mainstream banking services for underserved consumers.  The FDIC may present these proposals to ComE-IN for advice and recommendations.

Human Resources (staffing and training): This annual performance goal will be carried out largely by existing staff in the FDIC’s consumer research, policy, and consumer and community   affairs functions.  ComE-IN activities are supported by staff in several FDIC divisions. Employees in those divisions provide staff support for ComE-IN, as needed, including support for its research and demonstration activities.

Information Technology: Existing technology will be used to accomplish this goal.  The FDIC broadcasts ComE-IN’s public meetings on its website.

Verification and Validation

Progress in completing the initiatives planned for this annual performance goal will be monitored through established management reporting processes.

2016 Performance Results

The FDIC met the performance targets for this annual performance goal in 2016.  This annual performance goal and its associated performance indicator are unchanged from 2016, but its performance targets have been updated for 2017.



STRATEGIC GOAL 4:
Large and complex financial institutions are resolvable in an orderly manner under bankruptcy.


STRATEGIC OBJECTIVE 4.1    

Large and complex financial institutions are resolvable under the Bankruptcy Code.

Annual Performance Goal 4.1-1     

Identify and address risks in large, complex financial institutions, including those designated as systemically important.

Indicators and Targets

  1. Compliance with the statutory and regulatory requirements under Title I of the DFA and Section 360.10 of the FDIC Rules and Regulations
    • In collaboration with the FRB continue to review all resolution plans subject to the requirements of Section 165(d)of the DFA to ensure their conformance to statutory and other regulatory requirements.  Identify potential impediments in those plans to resolution under the Bankruptcy Code.
    • Continue to review all resolution plans subject to the requirements of Section 360.10 of the IDI Rule to ensure their conformance to statutory and other regulatory timeframes.  Identify potential impediments to resolvability under the Federal Deposit Insurance (FDI) Act.
  1. Risk monitoring of large, complex financial institutions, bank holding companies and designated nonbanking firms
    • Conduct ongoing risk analysis and monitoring of large, complex financial institutions to understand and assess their structure, business activities, risk profiles, and resolution and recovery plans.

Means and Strategies

Operational Processes (initiatives and strategies): Under Section 165(d) of the DFA, covered companies are required to submit resolution plans that provide for their rapid and orderly resolution under the Bankruptcy Code in the event of material financial distress or failure.  The staffs of the FDIC and FRB have shared responsibility for the review of the plans submitted by covered companies to assess informational completeness and the resolvability of individual banks and bank holding companies.

In addition, under Section 360.10 of the FDIC Rules and Regulations, the IDI Rule requires each covered IDI to provide a resolution plan that allows the FDIC as receiver to resolve the institution in an orderly manner, enable prompt access to insured deposits, maximize the return from the failed institution’s assets, and minimize losses realized by creditors and the DIF.  The FDIC has the authority to review those plans.

Ongoing risk analysis and monitoring is conducted by resident FDIC teams at large, complex financial institutions and off-site analytical teams composed of quantitative experts and complex financial institution specialists with resolution and supervision backgrounds.  The off-site teams analyze industry and market conditions and trends to support individual institution monitoring and the consideration of broader policy issues.  They attempt to identify early warning signals and triggers and the range of possible response actions by monitoring financial condition and performance, assessing institutional risk management capabilities, and reviewing recovery plans.  FDIC staff also participates in collaborative risk management examinations and targeted reviews of SIFIs with other regulatory agencies.

Human Resources (staffing and training): The FDIC’s review of resolution plans submitted under Section 165(d) of the DFA is carried out by a multidisciplinary team of personnel from various divisions with expertise across all major operational and business line functions of the covered companies, both domestically and internationally.  The FDIC’s review of resolution plans submitted under the IDI Rule is carried out by multidisciplinary teams primarily consisting of commissioned examiners and resolution specialists.  These teams are complemented by subject matter experts, as necessary.  Training needs for each of these groups are reviewed regularly to ensure that these teams have the knowledge and expertise necessary to appropriately perform their assigned responsibilities.

Ongoing risk monitoring is conducted by on-site resident teams and off-site analysts who have expertise with large, complex financial institution operations.

Information Technology: The FDIC uses existing technology to track the submission and review of the resolution plans required under Section 165(d) of the DFA and Section 360.10 of the FDIC Rules and Regulations.  In addition, the FDIC uses the Systemic Monitoring System for ongoing risk monitoring of systemically important bank holding companies and nonbank financial companies.

Verification and Validation

Progress in achieving this annual performance goal will be monitored through established management reporting processes.

2016 Performance Results

The FDIC successfully met the performance targets for this annual performance goal in 2016.  This annual performance goal and its associated indicators and performance targets are substantially unchanged for 2017.



 

Skip Footer back to content