the financial statements of each fund are presented fairly in conformity with U.S.
generally accepted accounting principles;
although certain internal controls should be improved, FDIC had effective internal
control over financial reporting (including safeguarding of assets) and compliance with
laws and regulations; and
no reportable noncompliance with the laws and regulations that we tested.
The following sections discuss our conclusions in more detail. They also present
information on (1) the scope of our audits, (2) a reportable condition 1
related to information system general control weaknesses noted during our 2000 audits, (3)
the future of FRF, and (4) our evaluation of FDICs comments on a draft of this
Opinion on Bank Insurance Funds Financial Statements
The financial statements including the accompanying notes present fairly, in all material
respects, in conformity with U.S. generally accepted accounting principles, the Bank
Insurance Funds financial position as of December 31, 2000 and 1999, and the results
of its operations and its cash flows for the years then ended.
Opinion on Savings Association Insurance Funds Financial Statements
The financial statements including the accompanying notes present fairly, in all material
respects, in conformity with U.S. generally accepted accounting principles, the Savings
Association Insurance Funds financial position as of December 31, 2000 and 1999, and
the results of its operations and its cash flows for the years then ended.
Opinion on FSLIC Resolution Funds Financial Statements
The financial statements including the accompanying notes present fairly, in all material
respects, in conformity with U.S. generally accepted accounting principles, the FSLIC
Resolution Funds financial position as of December 31, 2000 and 1999, and the
results of its operations and its cash flows for the years then ended.
As discussed in note 8 of FRFs financial statements, a contingency exists from
approximately 120 lawsuits filed in the United States Court of Federal Claims concerning
the counting of goodwill assets as part of regulatory capital. FDIC has concluded that it
is probable that FRF will be required to pay possibly substantial amounts as a result of
future judgments and settlements. FDIC is currently unable to estimate a range of loss to
FRF, or determine whether any such loss would have a material effect on the financial
condition of FRF. However, funds to pay such judgments or compromise settlements from
these goodwill litigation cases are made available to the FRF by an indefinite, permanent
appropriation as provided by Section 110 of the Department of Justice Appropriations Act,
Opinion on Internal Control
Although certain internal controls should be improved, FDIC management maintained, in all
material respects, effective internal control over financial reporting (including
safeguarding assets) and compliance as of December 31, 2000, that provided reasonable
assurance that misstatements, losses, or noncompliance, material in relation to the
FDICs financial statements would be prevented or detected on a timely basis. FDIC
management asserted that its internal control was effective based on criteria established
under 31 U.S.C. 3512 (Federal Managers Financial Integrity Act FMFIA). In
making its assertion, FDIC management also fairly stated the need to improve ertain
Our work identified weaknesses in FDICs information system general controls, as
described as a reportable condition in a later section of this report. The weakness in
information system general controls, although not considered material, represents a
significant deficiency in the design or operations of internal control that could
adversely affect FDICs ability to meet its internal control objectives. Although the
weakness did not materially affect the 2000 financial statements, misstatements may
nevertheless occur in other FDIC-reported financial information as a result of the
internal control weakness.
Compliance With Laws and Regulations
Our tests for compliance with selected provisions of laws and regulations disclosed no
instances of noncompliance that would be reportable under U.S. generally accepted
government auditing standards. However, the objective of our audits was not to provide an
opinion on overall compliance with laws and regulations. Accordingly, we do not express
such an opinion.
Objectives, Scope, and Methodology
FDICs management is responsible for (1) preparing the annual financial statements in
conformity with U.S. generally accepted accounting principles, (2) establishing,
maintaining, and assessing internal control to provide reasonable assurance that the broad
control objectives of FMFIA are met, and (3) complying with applicable laws and
We are responsible for obtaining reasonable assurance about whether (1) the financial
statements are presented fairly, in all material respects, in conformity with U.S.
generally accepted accounting principles, and (2) management maintained effective internal
control, the objectives of which are
financial reporting transactions are properly recorded, processed, and summarized
to permit the preparation of financial statements in conformity with U.S. generally
accepted accounting principles, and assets are safeguarded against loss from unauthorized
acquisition, use, or disposition, and
compliance with laws and regulations transactions are executed in accordance with
laws and regulations that could have a direct and material effect on the financial
We are also responsible for testing compliance with selected provisions of laws and
regulations that have a direct and material effect on the financial statements.
In order to fulfill these responsibilities, we
examined, on a test basis, evidence supporting the amounts and disclosures in the
assessed the accounting principles used and significant estimates made by management;
evaluated the overall presentation of the financial statements
obtained an understanding of internal control
related to financial reporting, including safeguarding assets, and compliance with laws
and regulations, including the execution of transactions in accordance with
tested relevant internal control over financial
reporting, including safeguarding assets, and compliance, and evaluated the design and
operating effectiveness of internal control;
considered FDICs process for evaluating and
reporting on internal control based on criteria established by FMFIA; and
tested compliance with selected provisions of the
Federal Deposit Insurance Act, as amended and the Chief Financial Officers Act of 1990.
We did not evaluate all internal controls
relevant to operating objectives as broadly defined by FMFIA, such as those controls
relevant to preparing statistical reports and ensuring efficient operations. We limited
our internal control testing to controls over financial reporting and compliance. Because
of inherent limitations in internal control, misstatements due to error or fraud, losses,
or noncompliance may nevertheless occur and not be detected. We also caution that
projecting our evaluation to future periods is subject to the risk that controls may
become inadequate because of changes in conditions or that the degree of compliance with
controls may deteriorate.
We did not test compliance with all laws and regulations applicable to FDIC. We limited
our tests of compliance to those deemed applicable to the financial statements for the
year ended December 31, 2000. We caution that noncompliance may occur and not be detected
by these tests and that such testing may not be sufficient for other purposes.
We conducted our audits from July 2000 through April 6, 2001. We performed our work in
accordance with U.S. generally accepted government auditing standards.
FDIC provided comments on a draft of this report. They are discussed and evaluated in a
later section of this report.
As part of the financial statement audits, we reviewed FDICs information systems
general controls. The primary objectives of information system general controls are to
safeguard data, protect computer application programs, prevent system software from
unauthorized access, and ensure continued computer operations in case of unexpected
interruption. Information system general controls include corporatewide security program
planning and management, access controls, system software, application software
development and change controls, segregation of duties, and service continuity controls.
The effectiveness of application controls 2 depends on the
effectiveness of general controls. Both information system general controls and
application controls must be effective to help ensure the reliability, appropriate
confidentiality, and availability of critical automated information.
In performing our tests, we identified weaknesses in FDICs corporatewide security
program, access controls, segregation of duties, system software, and service continuity.
As we have reported to FDIC in 1998 and 1999 3 the underlying
cause of many of these general control weaknesses is rooted in the lack of a fully
implemented and effective corporatewide security program. This critical area is generally
the foundation of an entitys security control, and reflects the entitys
commitment to addressing security risks over the long term. In our 1999 report, we
provided FDIC with recommended corrective actions and acknowledged that it takes a
significant and sustained effort by FDIC management to establish an effective
corporatewide security program. In response, FDIC management stated its commitment to
implement a strong information system environment. During 2000, we found that FDIC
developed plans for correcting many of the weaknesses we identified, however,
implementation of these plans had not occurred as of December 31, 2000.
The weaknesses in information system general controls can significantly impair the
effectiveness of all FDICs application controls, including financial systems. We
considered the effect of the information system general control weaknesses and determined
that other management controls mitigated their effect on the financial statements. Because
of their sensitive nature, the details surrounding these weaknesses are being communicated
to FDIC management, along with our recommendations for corrective actions, through
In addition to these weaknesses, we identified less significant matters involving
FDICs system of internal accounting control that we will be reporting in separate
correspondence to FDIC management.
Future of FRF
FDIC, as administrator of FRF, is responsible for completing the liquidation of the assets
and liabilities of the former Federal Savings and Loan Insurance Corporation (FSLIC) and
Resolution Trust Corporation (RTC). 4 FRF will continue
operations until all of its assets are sold or otherwise liquidated and all of its
liabilities are satisfied. As shown in table 1, since 1996 FRF has had a significant
decline in total assets and liabilities and, in particular, in the assets not yet
liquidated. FDIC expects continued rapid decline in FRF assets. Through December 31, 2000,
FRF has returned $4.6 billion to the U.S. Treasury and has made $1.4 billion of payments
to the Resolution Funding Corporation (REFCORP). 5
Table 1: FRFs Assets and Liabilities as of January 1,1996 and December 31, 2000
(Dollars in billions)
Jan 1, 1996
Dec. 31, 2000
Cash and cash equivalents
Assets not yet liquidated
As described in notes 3 and 4 of FRFs financial statements, two major components
of the assets not yet liquidated are receivables from thrift resolutions (about $0.5
billion) and investments in securitization related assets (about $1.8 billion). Most of
the receivables from thrift resolutions represent amounts advanced and/or obligations
incurred for resolving troubled and failed insured thrifts. FDIC manages and disposes the
assets from failed thrifts through receiverships. 6Most of the
remaining assets in these receiverships are cash. FDIC is pursuing the complete
liquidation of these receiverships during the year 2001 except for those receiverships
involved in goodwill litigation. 7 The securitization related
assets had a weighted-average remaining life of less than 1 year on December 31, 2000.
The operations of FRF will eventually meet a point where maintaining a separate
liquidation entity may not be cost-effective. At that time, there may be some assets that
are not fully liquidated; pending legal liabilities that may take years to settle; and
certain assets the disposal of which may not be in the best interest of the United States
government. FDIC has a research and evaluation effort underway to identify the remaining
issues that need to be resolved, along with possible disposition strategies, in order to
dissolve FRF as contemplated by the Federal Deposit Insurance Act. Also, due to the unique
nature of several of these assets and liabilities, FDIC anticipates that its effort will
include the development of new disposal plans for its remaining assets and liabilities.
Following are some of the issues and items remaining in FRF:
Over 900 criminal restitution orders are outstanding, in the amount of
approximately $600 million, which will remain open for nearly 20 years. The actual amount
that will ultimately be collected is unknown. 8 During 2000,
FDIC collected $3.2 million from these outstanding restitution orders.
Over 90 outstanding items, which include litigation claims and judgments, were obtained
against officers and directors and other professionals responsible for causing thrift
losses with an estimated recoverable value of approximately $80 million. These judgments
are renewable based on individual state law. Generally, the renewals vary from 5 to 10
years and are renewable more than once. 9 FDIC recovered $31.9
million in claims during 2000.
Numerous assistance agreements entered into by the former FSLIC will remain open for
many years as those assisted institutions share with FRF their tax savingsthat result from
the tax free nature of FSLIC assistance. 10 In 2000, FRF
collected over $80 million as its share of these tax savings.
Various litigation cases are outstanding. FRF is involved in approximately 700 cases. 11 The most numerous, and substantial in terms of
liability involve goodwill litigation. 12 To date,
approximately 120 lawsuits have been filed against the United States government. Because
of appeals and differences in awarding damages in the cases thus far, the final outcome in
the cases and the amount of any possible damages remain uncertain. There are also
litigation cases in which FRF is the plaintiff for itself, or is acting in a fiduciary
manner on behalf of the receivershipsresulting from failed financial institutions. These
pending cases may take years to settle, and many of the goodwill cases are still pending
from the early 1990s.
Potential liabilities may exist due to representations and warranties made to support
the sale of loans and servicing rights. 13 These liabilities
could be incurred over the remaining life of the loans, which could be as long as 20
Only when the remaining asset and liability issues, some of which are highlighted
above, are resolved can FRF be formally dissolved. FDIC is considering whether seeking
enabling legislation or other measures may be needed to dissolve the remaining FRF assets
FDIC Comments and Our Evaluation
In commenting on a draft of this report, FDIC acknowledged the information system
weakness, and stated a commitment to continue its efforts to strengthen its information
security program and to incorporate GAOs recommendations into its security plans for
2001. We plan to evaluate the effectiveness on FDICs corrective actions in
information security as part of our 2001 audit of FDICs financial statements and
FDIC also stated that it will continue to monitor the other matters discussed in our
report, including goodwill litigation cases.
David M. Walker
of the United States
April 6, 2001
1 Reportable conditions involve matters coming to the
auditors attention that, in the auditors judgment, should be communicated
because they represent significant deficiencies in the design or operation of internal
control, and could adversely affect FDICs ability to meet the control objectives
described in this report.
2 Application controls
consist of the structure, policies, and procedures that apply to separate, individual
systems, such as accounts payable and general ledger systems.
3 Because of their
sensitive nature, in 1998 and 1999 we communicated to FDIC management the details
surrounding the weaknesses and vulnerabilities we identified, along with our
recommendations for corrective action, through separate correspondence.
4 On January 1, 1996,
FRF assumed responsibility for all remaining assets and liabilities of the former RTC.
5 The RTC Completion
Act required FDIC to return to the U.S. Treasury any funds that were transferred to RTC
pursuant to the RTC Completion Act but not needed by RTC. The RTC Completion Act made
available $18.3 billion of additional funding. Prior to RTCs termination on December
31, 1995, RTC drew down $4.6 billion of the $18.3 billion made available by the RTC
Completion Act. The full amount of the appropriation transferred to RTC has been fully
repaid. After providing for all outstanding RTC liabilities, FDIC must also transfer the
net proceeds from the sale of RTC-related assets to the REFCORP. Any funds transferred to
REFCORP are used to pay the interest on REFCORP bonds issued to provide funding for the
early RTC resolutions.
6 The assets held by
receiverships, and the claims against them, are accounted for separately from FRFs
assets and liabilities to ensure that liquidation proceeds are distributed in accordance
with applicable laws and regulations.
7 See note 8 of FRFs financial statements for a description of
goodwill litigation and its impact.
8 U.S. generally
accepted accounting principles state that contingencies that result in gains are usually
not reflected in the financial statements to avoid recognizing revenue prior to its
11 Whereas FRF is
involved in approximately 700 cases, FDIC records losses for only those cases where the
contingent loss is considered probable and reasonably estimable. FDIC also discloses
contingent losses that are reasonably possible. See note 8 of
FRFs financial statements.