I. Management's Discussion and Analysis - Operational Efficiency and Effectiveness
Although the FDIC is not subject to the President's Management Agenda (PMA), it has given priority attention to continuing efforts to improve operational efficiency and effectiveness, consistent with the PMA. Major initiatives pursued in this area during 2003 are outlined below.
Managing Human Capital
The FDIC has been downsizing its workforce for a decade, as the residual workload from the banking and thrift crises has gradually been completed. FDIC staffing, including staff assigned to the Resolution Trust Corporation, has declined from approximately 23,000 in 1993 to about 5,300 at the end of 2003. In mid-2003, a reduction in force was implemented to address 43 identified surplus positions that remained following aggressive efforts in 2002 and early 2003 to align staffing with current workload through voluntary measures. Like other organizations, the Corporation will continue to review its work processes and employ technology and other means to improve operational efficiency, potentially resulting in excess positions. The Corporation expects to be able to address future surplus positions, in most instances, through a continuing process of carefully managing resources.
The demands placed on the Corporation by a rapidly changing external environment require a more dynamic and strategic approach to managing the Corporation's human capital in order to ensure that the FDIC has the skills and staff necessary to fulfill its mission in the future. The Corporation is in the process of revamping its compensation program to place greater emphasis on performance-based incentives. A new executive classification and pay program was implemented in 2003 that ties all future pay increases to performance against specific measurable objectives. The Corporation also implemented a new Corporate Success Award program that differentiates annual pay increases for the rest of the workforce on the basis of performance. A comprehensive review of the Corporation's human resource management processes identified opportunities to provide increased flexibility in both the recruitment and retention of employees and the management of employee performance. Implementation of the recommendations from that review began in 2003 and will continue in 2004. In addition, the Corporation began to analyze staffing alternatives to ensure that it continues to have the skills it needs in its workforce as it deals with a large number of retirements expected over the next five to seven years.
Key Positions Filled - Chief Economist, Chief Accountant, and Chief Information Officer
In February 2003, the FDIC named the Corporation's Chief Economist and Chief Accountant. The Chief Economist will develop and communicate the FDIC's perspective on a wide range of economic and risk management issues. The Chief Accountant will spearhead FDIC accounting policy development (for banks in the U.S. and abroad), establish regulatory financial reporting requirements, and review depository institutions' accounting for specific transactions. The Chief Accountant will also participate in developing the FDIC's regulations and supervisory policies on capital adequacy and auditing programs and oversee the FDIC's securities registration and disclosure function under federal securities laws. In November 2003, the FDIC filled the vacant Chief Information Officer (CIO) position. The CIO will play a crucial role in overseeing the transformation of the Corporation's Division of Information Resources Management into a more agile and customer-focused strategic partner.
At their official induction as Deans of the FDIC Corporate University (l to r): Erica Cooper, School of
Leadership Development; Fred Carns, School of Insurance; Nancy Hall, School of Supervision and
Consumer Protection; James Wigand, School of Resolutions and Receiverships; and Miguel Torrado,
School of Corporate Operations. CLO Dave Cooke joined in welcoming the new Deans.
In June 2003, the FDIC Chairman appointed the agency's first Chief Learning Officer to head the new Corporate University (CU). The CU represents a departure from traditional training approaches and will provide a continual learning environment for FDIC employees. It will use numerous tools and techniques to prepare them for a changing banking, economic and regulatory landscape. The CU provides opportunities for employees to enhance their sense of corporate identity while learning more about the FDIC's major program areas of Insurance, Supervision and Consumer Protection, and Receivership Management. Further, the CU will be a leader in leveraging technology to improve the efficiency and effectiveness of all Corporate training.
Information Technology Initiatives
To keep pace with an ever-evolving financial services industry, the FDIC is utilizing technology to bring stakeholders information in a more timely, secure manner. Efforts have focused on improving the FDIC's public web site, securing ways to facilitate electronic communication with stakeholders, and streamlining examination efforts through more efficient means of collecting and disseminating data. The FDIC also completed in 2003 a comprehensive review of its Information Technology (IT) program. That review evaluated the cost and performance of the current IT program, identified future skill requirements and alternative sourcing strategies, and recommended a new organizational and staffing structure to begin to transform the IT organization into a strategic partner with the Corporation's major business units over the next two to three years.
Significant IT-related accomplishments in 2003 include:
Considerable progress was made in the development and implementation of a new Enterprise Architecture (EA) to guide the Corporation's future IT efforts. By following the EA program, the FDIC will be able to deploy new systems more quickly, reduce risks normally inherent in large-scale systems, and forecast system development budgets and schedules more accurately, thus reducing system development and support costs. The EA program will also emphasize security and enhance e-government capabilities.
The FDIC's public Web site (www.fdic.gov) was redesigned to make use of the agency's online services faster and easier for bankers, financial analysts, consumers and others. Products and services available on the Web site include resources for bankers about their requirements for safe operations and compliance with consumer protection laws, data about individual banks and the banking industry, useful information for consumers about deposit insurance and rights as depositors and borrowers, and updates on FDIC press releases.
FDIC achieved several successes with FDICconnect, a secure Web site developed to facilitate electronic communication with insured financial institutions. During 2003, twelve business transactions were activated to enable institutions to conduct business online with the FDIC. These transactions included filing of new branch applications by insured institutions, collection of information for the 2003 summary of deposits, public retrieval of beneficial ownership reports, and access to bank assessments.
In June 2003, FDIC implemented the Assessment Information Management System (AIMS II), which calculates, collects and accounts for the quarterly assessment premiums paid by financial institutions. The FDIC issues over 9,000 invoices quarterly and captures a full history of assessment-related transactions. The assessment function is vital to the FDIC, and the improvements realized by putting this system in place have made the Corporation more efficient. Assessment invoices are now made available to insured institutions using FDICconnect.
FDIC partnered with several external organizations to emphasize the importance of robust information security programs to financial institutions. These organizations included the Federal Bureau of Investigation, the Financial and Banking Information Infrastructure Committee, Financial Crimes Enforcement Network, and the Critical Infrastructure Protection Project of George Mason University School of Law. In partnership with these organizations, the FDIC sponsored a series of cyber-security symposia and helped to identify and develop a set of best practices for cyber-security for use in financial institutions.
Improved Information Security
In response to a reportable condition on information security weaknesses identified in the GAO's audit of the Corporation's 2002 financial statements, the FDIC continued to give priority attention in 2003 to its information security management program. Major program accomplishments in 2003 included the following:
Updated policies on contractor and outside agency security were issued, and contractor security requirements were added to the Acquisition Policy Manual. Security audits of local outside contractor sites were also conducted.
Security performance measures were identified and tracked through quarterly performance reports to senior FDIC management.
The annual Federal Information Security Management Act audit conducted by the OIG noted significant improvement in the FDIC's information security program during the prior 12 months. The audit assigned an overall "limited assurance" rating, but identified only one area that was assigned a "minimal/no assurance" rating, down from three in 2002. Efforts to improve all areas of information security will continue in 2004.