To the Board of Directors
Federal Deposit Insurance Corporation
We have audited the statements of financial position as of December
31, 2001 and 2000, for the three funds administered by the Federal
Deposit Insurance Corporation (FDIC), the related statements of
income and fund balance (accumulated deficit), and the statements
of cash flows for the years then ended. In our audits of the Bank
Insurance Fund (BIF), the Savings Association
Insurance Fund (SAIF), and the FSLIC Resolution
Fund (FRF), we found
- the financial statements of each fund are presented fairly,
in all material respects, in conformity with U.S. generally accepted
accounting principles;
- although certain internal controls should be improved, FDIC
had effective internal control over financial reporting (including
safeguarding of assets) and compliance with laws and regulations;
and
- no reportable noncompliance with the laws and regulations that
we tested.
The following sections discuss our conclusions in more detail.
They also present information on (1) the scope of our audits, (2)
a reportable condition 1 related to
information system general control weaknesses, (3) BIF's reserve
ratio, (4) the future activities of FRF, and (5) our evaluation
of the FDICs comments on a draft of this report.
Opinion on BIFs Financial Statements
The financial statements including the accompanying notes present
fairly, in all material respects, in conformity with U.S. generally
accepted accounting principles, BIFs financial position as
of December 31, 2001 and 2000, and the results of its operations
and its cash flows for the years then ended.
Opinion on SAIFs Financial Statements
The financial statements including the accompanying notes present
fairly, in all material respects, in conformity with U.S. generally
accepted accounting principles, SAIFs financial position as
of December 31, 2001 and 2000, and the results of its operations
and its cash flows for the years then ended.
Opinion on FRFs Financial Statements
The financial statements including the accompanying notes present
fairly, in all material respects, in conformity with U.S. generally
accepted accounting principles, FRFs financial position as
of December 31, 2001 and 2000, and the results of its operations
and its cash flows for the years then ended.
Opinion on Internal Control
Although certain internal controls should be improved, FDIC management
maintained, in all material respects, effective internal control
over financial reporting (including safeguarding assets) and compliance
as of December 31, 2001, that provided reasonable assurance that
misstatements, losses, or noncompliance, material in relation to
the FDIC funds financial statements would be prevented or
detected on a timely basis. Our opinion is based on criteria established
under 31 U.S.C. 3512 [Federal Managers Financial Integrity
Act (FMFIA)].
Our work identified weaknesses in FDICs information system
controls, whic we described as a reportable condition in a later
section of this report. The weakness in information system general
controls, although not considered material, represents a significant
deficiency in the design or operations of internal control that
could adversely affect FDICs ability to meet its internal
control objectives. Although the weakness did not materially affect
the funds' 2001 financial statements, misstatements may nevertheless
occur in other FDIC-reported financial information as a result of
the internal control weakness.
Compliance With Laws and Regulations
Our tests for compliance with selected provisions of laws and regulations
disclosed no instances of noncompliance that would be reportable
under U.S. generally accepted government auditing standards. However,
the objective of our audits was not to provide an opinion on overall
compliance with laws and regulations. Accordingly, we do not express
such an opinion.
Objectives, Scope, and Methodology
FDICs management is responsible for (1) preparing the annual
financial statements in conformity with U.S. generally accepted
accounting principles, (2) establishing, maintaining, and assessing
internal control to provide reasonable assurance that the broad
control objectives of FMFIA are met, and (3) complying with applicable
laws and regulations.
We are responsible for obtaining reasonable assurance about whether
(1) the financial statements are presented fairly, in all material
respects, in conformity with U.S. generally accepted accounting
principles, and (2) management maintained effective internal control,
the objectives of which are
- financial reportingtransactions are properly recorded,
processed, and summarized to permit the preparation of financial
statements in conformity with U.S. generally accepted accounting
principles, and assets are safeguarded against loss from unauthorized
acquisition, use, or disposition, and
- compliance with laws and regulationstransactions are executed
in accordance with laws and regulations that could have a direct
and material effect on the financial statements.
We are also responsible for testing compliance with selected provisions
of laws and regulations that have a direct and material effect on
the financial statements.
In order to fulfill these responsibilities, we
- examined, on a test basis, evidence supporting the amounts and
disclosures in the financial statements;
- assessed the accounting principles used and significant estimates
made by management;
- evaluated the overall presentation of the financial statements;
- obtained an understanding of internal control related to financial
reporting (including safeguarding assets) and compliance with
laws and regulations;
- tested relevant internal controls over financial reporting and
compliance, and evaluated the design and operating effectiveness
of internal control;
- considered FDICs process for evaluating and reporting
on internal control based on criteria established by FMFIA; and
- tested compliance with selected provisions of the Federal Deposit
Insurance Act, as amended and the Chief Financial Officers Act
of 1990.
We did not evaluate all internal controls relevant to operating
objectives as broadly defined by FMFIA, such as those controls relevant
to preparing statistical reports and ensuring efficient operations.
We limited our internal control testing to controls over financial
reporting and compliance. Because of inherent limitations in internal
control, misstatements due to error or fraud, losses, or noncompliance
may nevertheless occur and not be detected. We also caution that
projecting our evaluation to future periods is subject to the risk
that controls may become inadequate because of changes in conditions
or that the degree of compliance with controls may deteriorate.
We did not test compliance with all laws and regulations applicable
to FDIC. We limited our tests of compliance to those deemed applicable
to the funds' financial statements for the year ended December 31,
2001. We caution that noncompliance may occur and not be detected
by these tests and that such testing may not be sufficient for other
purposes.
We performed our work in accordance with U.S. generally accepted
government auditing standards.
FDIC provided comments on a draft of this report. They are discussed
and evaluated in a later section of this report and are reprinted
in appendix I.
Reportable Condition
As part of the funds' financial statement audits, we reviewed FDICs
information systems controls. The primary objectives of information
system controls are to safeguard data, protect computer application
programs, provide for the integrity of system software, and ensure
continued computer operations in case of unexpected interruption.
These controls include the corporatewide security management program,
access controls, system software, application development and change
control, segregation of duties, and service continuity controls.
During 2001, we found that FDIC progressed in improving information
system control weaknesses we had previously identified and has taken
other steps to improve security. Nevertheless, we identified additional
weaknesses in FDIC's corporatewide security management program,
access controls, system software, segregation of duties, and service
continuity controls. Specifically, FDIC did not adequately limit
the scope of access granted to authorized users or secure its network
from unauthorized access. Further, FDIC had not fully established
a comprehensive program to routinely oversee and monitor access
to its computer facilities and data to identify unusual or suspicious
access patterns that could indicate unauthorized access.
The effect of these weaknesses in information system controls places
FDIC's financial information at risk of unauthorized disclosure
or loss and its critical financial operations at risk of disruption.
It should also be noted that because computer systems identified
at risk contain other sensitive information such as personnel data
and bank examinations related to financial institutions insured
by FDIC, this information is at risk of being compromised.
As we have previously reported to FDIC's Board of Directors, the
primary reason for its information system control weaknesses has
been that FDIC had not fully developed and implemented a comprehensive
corporatewide security management program. An effective program
would include assessing risks, establishing appropriate policies
and related controls, raising awareness of prevailing risks and
mitigating controls, and evaluating the effectiveness of established
controls. While FDIC has implemented a security awareness program,
updated its security policies and guidance, and taken other actions
to improve security management, it still needs to take additional
steps to fully implement a comprehensive corporatewide security
management program.
We determined that other management controls mitigated the effect
of the information system control weaknesses on the preparation
of the funds' financial statements. Because of their sensitive nature,
the details surrounding these weaknesses are being reported separately
to FDIC management, along with our recommendations for corrective
actions.
BIF's Reserve Ratio
During 2001, as table 1 shows, BIF's reserve ratio decreased from
1.35 percent to 1.26 percent. The Federal Deposit Insurance Corporation
Improvement Act of 1991 (FDICIA) requires FDIC to maintain the BIF
fund balance at a designated reserve ratio of at least 1.25 percent
of estimated insured deposits. 2 BIF's
reserve ratio was significantly below the designated reserve ratio
in 1991 and did not reach the designated reserve ratio of 1.25 percent
of estimated insured deposits until May 1995. 3 This is the first time since 1995 that the BIF's ratio
has come so close to the designated reserve ratio.
Table 1 shows BIF's reserve ratio, fund balance, and estimated
insured deposits from December 31, 1991 through 2001.
Table
1: BIF's Reserve Ratios from December 31, 1991, through
December 31, 2001 |
Dollars in millions |
December
31, |
Reserve
ratio (%) |
Fund
Balance |
Estimated
insured
deposits |
1991 |
(.36) |
$(7,028) |
$1,957,722 |
1992 |
(.01) |
(101) |
1,945,
623 |
1993 |
.69 |
13,122 |
1,906,885 |
1994 |
1.15 |
21,848 |
1,896,060 |
1995 |
1.30 |
25,454 |
1,952,543 |
1996 |
1.34 |
26,854 |
2,007,447 |
1997 |
1.38 |
28,293 |
2,055,874 |
1998 |
1.38 |
29,612 |
2,141,268 |
1999 |
1.36 |
29,414 |
2,157,536 |
2000 |
1.35 |
30,975 |
2,301,604 |
2001 |
1.26 |
30,439 |
2,408,878 |
Under FDIC's required risk-based
insurance system, as long as BIF's reserve ratio is at or above
1.25 percent, FDIC does not charge premiums to most institutions
that are well-capitalized and highly rated by supervisors. Currently
over 90 percent of the industry does not pay for deposit insurance.
Most of BIF's income comes from the interest earned on investments
with the U.S. Treasury.
BIF's fund balance and level
of estimated insured deposits are the factors used to calculate
BIF's reserve ratio. Accordingly, changes in fund balance or insured
deposits can cause the reserve ratio to increase or decrease. Table
1 shows that during 2001 the estimated insured deposits increased
by over $100 billion. To illustrate the sensitivity of this reserve
ratio calculation, if the amount of estimated insured deposits had
increased by an additional $26 billion during 2001, BIF's reserve
ratio of 1.25 percent at December 31, 2001.
Regarding the other key
variable in the calculation, BIF's fund balance declined about $500
million during 2001. This $500 million net loss for 2001 is largely
attributable to recording $1.8 billion of estimated losses for anticipated
failures of insured institutions. Assuming the December 31, 2001,
level of estimated insured deposits, if BIF had i
ncurred an additional $328
million of losses to the fund balance during 2001, its reserve ratio
would have declined to the designated reserve ratio of 1.25 perecent
at December 31, 2001.
Currently, there is proposed
legislation in Congress to reform the federal deposit insurance
system. Among other things, this legislation proposes changes to
the designated reserve ratio requirements.
Future Activities of FRF
FDIC, as administrator of FRF, is responsible for completing the
liquidation of the assets and liabilities of the former Federal
Savings and Loan Insurance Corporation (FSLIC) and Resolution Trust
Corporation (RTC). 4 Under current legislation,
FRF will continue its operations until all of its assets are sold
or otherwise liquidated and all of its liabilities are satisfied.
As shown in table 2, FRF has made significant progress in liquidating
its assets and liabilities since 1996. FDIC expects continued rapid
decline in the remaining FRF assets during 2002. After providing
for all outstanding RTC liabilities, FDIC must also transfer the
net proceeds from the sale of RTC-related assets to the Resolution
Funding Corporation (REFCORP). 5 During
2001, FRF transferred $1.4 billion to REFCORP.
Table
2: FRFs Assets and Liabilities as of January 1,1996
and December 31, 2001 |
Dollars in billions |
|
Jan 1, 1996 |
Dec.
31, 2000 |
Percent
Increase/(Decrease) |
Cash and
cash equivalents |
$1.5 |
$3.5 |
133 |
Assets not
yet liquidated |
13.9 |
1.4 |
(90) |
Total Assets |
$15.4 |
$4.9 |
(68) |
Total
Liabilities |
$11.2 |
$0.02 |
(99) |
Two major components of the assets not yet liquidated are receivables
from thrift resolutions (about $0.3 billion) and investments in
securitization-related assets (nearly $1.1 billion). Most of the
receivables from thrift resolutions represent amounts advanced and/or
obligations incurred for resolving troubled and failed insured thrifts.
FDIC manages and disposes of the assets from failed thrifts through
receiverships. 6 Most of the remaining
assets in these receiverships are cash. FDIC is pursuing the complete
liquidation of these receiverships during the year 2002 with the
exception of those involved in goodwill litigation.
7
FDIC has conducted an extensive review and cataloging of FRF's
residual assets and liabilities and is beginning to explore approaches
for concluding FRF's activities. The following are some of the issues
and items remaining in FRF:
- About 80 litigation claims and judgmentswhich were obtained
against officers and directors and other professionals responsible
for causing thrift lossesare outstanding. These items have
an estimated recoverable value of approximately $59 million. These
judgments are renewable based on individual state law. Generally,
the renewals vary from 5 to 10 years and are renewable more than
once. 9 During 2001 FDIC recovered
$19.2 million in such claims.
- Numerous assistance agreements entered into by the former FSLIC
will remain open for many years as those assisted institutions
share with FRF their tax savings that result from the tax free
nature of FSLIC assistance. 10 During
2001, FRF recovered over $163 million as its share of these tax
savings.
- Various litigation cases are outstanding. FRF remains involved
in approximately 760 cases. 11 The most numerous, and substantial in terms
of potential liability, involve goodwill litigation. 12 To date, approximately 120 lawsuits have been
filed against the U.S. government. Because of appeals and differences
in awarding damages in the cases thus far, the final outcome in
the cases and the amount of any possible damages remain uncertain.
Also, there is litigation in which FRF is the plaintiff for itself
or is acting in a fiduciary manner on behalf of the receiverships
resulting from failed financial institutions. These pending cases
may take years to settle, and many of the goodwill cases are still
pending from the early 1990s.
- Numerous potential liabilities may exist due to representations
and warranties made to support the sale of assets including loans
and servicing rights. 13 These potential
liabilities could be incurred over the remaining life of the loans.
Only when the remaining asset and liability issues, some of which
are highlighted above, are resolved can FRF be formally dissolved.
FDIC is considering whether enabling legislation or other measures
may be needed to liquidate the remaining FRF assets and liabilities.
FDIC Comments and Our Evaluation
In commenting on a draft of this report, FDIC's chief financial
officer (CFO) was pleased to receive unqualified opinions on BIF's,
SAIF's, and FRF's 2001 and 2000 financial statements. FDIC's CFO
also acknowledged the information system weaknesses we identified
and plans to continue with its efforts to strengthen its information
system program and to incorporate GAO's recommendations into its
security plans for 2002. We plan to evaluate the effectiveness of
the corrective actions as part of our 2002 audit of FDIC funds'
financial statements and internal control.
David M. Walker
Comptroller General
of the United States
April 5, 2002
Footnotes
1 Reportable conditions involve matters
coming to the auditors attention that, in the auditors
judgment, should be communicated because they represent significant
deficiencies in the design or operation of internal control, and
could adversely affect FDICs ability to meet the control
objectives described in this report.
2 Section 302 of FDICIA amended section
7 (b) of the Federal Deposit Insurance Act. FDICIA requirements
are the same for both BIF and SAIF. SAIF reached the designated
reserve ratio in 1996, and as of December 31, 2001, SAIF's reserve
ratio was 1.36 percent.
3 If the reserve ratio falls below
1.25 percent of estimated insured deposits, FDICIA requires FDIC's
Board of Directors to set semiannual assessment rates for BIF
members that are sufficient to increase teh reserve ratio to the
designated reserve ratio not later than 1 year after such rates
are set, or in accordance with a recapitalization schedule of
15 years or less.
4 On January 1, 1996, FRF assumed
responsibility for all remaining assets and liabilities of the
former RTC.
5 The Financial Institutions Reform
Recovery and Enforcement Act of 1989 established REFCORP to provide
part of the initial funds used by RTC for thrift resolutions.
6
The assets held by receiverships, and the claims against
them, are accounted for separately from FRFs assets and
liabilities to ensure that liquidation proceeds are distributed
in accordance with applicable laws and regulations.
7 See note 7 of FRFs financial statements for a description
of goodwill litigation and its impact.
8 U.S. generally accepted accounting
principles state that contingencies that may ultimately result
in gains are usually not reflected in the financial statements
to avoid recognizing revenue prior to its realization.
9 See footnote 8 of this report.
10 See footnote 8 of this report.
11 Whereas FRF is involved in over
700 cases, FDIC records losses for only those cases where the
loss is considered probable and reasonably estimable. FDIC also
discloses losses that are reasonably possible. See note
7 of FRFs financial statements.
12 See note 7 of FRF's financial statements for a
description of goodwill litigation and its impact.
13 See note 7 of FRFs financial statements for a description
of representations and warranties.
|