Each depositor insured to at least $250,000 per insured bank



Home > About FDIC > Financial Reports > 2010 Annual Report


2010 Annual Report

IV. Financial Statements and Notes

Government Accountability Office’s Audit Opinion

To the Board of Directors

The Federal Deposit Insurance Corporation

In accordance with section 17 of the Federal Deposit Insurance Act, as amended, we are responsible for conducting audits of the financial statements of the funds administered by the Federal Deposit Insurance Corporation (FDIC). In our audits of the Deposit Insurance Fund’s (DIF) and the FSLIC Resolution Fund’s (FRF) financial statements1 for 2010 and 2009, we found

  • the financial statements as of and for the years ended December 31, 2010, and 2009, are presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles;
  • FDIC’s internal control over financial reporting was effective as of December 31, 2010; and
  • no reportable noncompliance with provisions of laws and regulations we tested.

The following sections discuss in more detail (1) these conclusions; (2) our audit objectives, scope, and methodology; and (3) agency comments and our evaluation.

Opinion on the DIF’s Financial Statements

The financial statements, including the accompanying notes, present fairly, in all material respects, in conformity with U.S. generally accepted accounting principles, the DIF’s assets, liabilities, and fund balance as of December 31, 2010, and 2009, and its income and fund balance and its cash flows for the years then ended.

As discussed in note 8 to the DIF’s financial statements, FDIC-insured financial institutions continued to face significant challenges in 2010. The slowly recovering economy and credit environment continued to challenge the soundness of many DIF-insured institutions. In 2010, 157 banks with combined assets of approximately $93 billion failed, costing the DIF an estimated $24 billion—this cost was generally recognized in the DIF’s 2009 financial statements. Regulatory and market data suggest that the banking industry will continue to experience elevated levels of stress over the coming year. In addition to the losses reflected on the DIF’s financial statements, FDIC has identified additional risk as of year-end 2010 that could result in further estimated losses to the DIF of up to approximately $25 billion should other potentially vulnerable insured institutions ultimately faiL. FDIC continues to evaluate the ongoing risks to affected institutions in light of current economic and financial conditions, and the effect of such risks on the DIF. Actual losses, if any, will largely depend on future economic and market conditions and could differ materially from FDIC’s estimates. As discussed in note 17 to the DIF’s financial statements, through March 14, 2011, 25 institutions failed during 2011.

As of December 31, 2010, the DIF had a negative fund balance of $7.4 billion and its ratio of reserves to estimated insured deposits was a negative 0.12 percent. In contrast, at December 31, 2009, the DIF had a negative fund balance of $20.9 billion and its ratio of reserves to estimated insured deposits was a negative 0.39 percent. The improvement in 2010 was primarily attributable to lower losses from 2010 bank failures than projected at December 31, 2009, and lower estimates of losses from anticipated failures at December 31, 2010. During 2010, FDIC continued its efforts to maintain the DIF’s ability to resolve problem institutions. As discussed in notes 4 and 7 of DIF’s financial statements, FDIC continued the use of purchase and assumption resolution transactions containing loss-share agreements with acquirers of failed institutions as a means of both conserving the initial cash outlay required by the DIF in resolving a troubled institution and as a longer-term means of attempting to further minimize the ultimate losses to the DIF. Under such agreements, which typically cover a 5- to 10-year period, an acquiring institution assumes all of the deposits and purchases most, if not all, of the assets of a failed institution. FDIC, in turn, agrees to cover a large percentage of any losses on assets covered under the agreements up to a stated threshold. During 2010, 130 of the 157 institutions that failed and were resolved by FDIC were handled through the use of loss-share agreements with acquirers of these institutions.

The DIF has a variety of resources available to carry out its insurance responsibilities. At December 31, 2010, the DIF had $12.4 billion in investments in U.S. Treasury obligations in addition to $27 billion in cash and cash equivalents, which provide a ready source of funds for its insurance activities. These funds were primarily obtained through FDIC’s charging the industry approximately 3 years of advanced assessments at the end of 2009. In addition, as discussed in note 1 to DIF’s financial statements, FDIC can borrow up to $100 bilion from the U.S. Treasury and it also has a note agreement with the Federal Financing Bank enabling it to borrow up to $100 billion. However, the total amount that FDIC can borrow from these sources for the DIF would be subject to the DIF’s statutory maximum obligation limitation, which equaled $106.3 billion as of December 31, 2010.

The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act)2 contains significant provisions related to assessments and capitalization of the DIF. One of these provisions requires FDIC to define the assessment base as average consolidated total assets minus average tangible equity. This contrasts with the previous assessment base consisting of domestic deposits. This change will broaden the assessment base and is intended to better measure the risk that a bank poses to the DIF. The act also sets the statutory minimum designated reserve ratio of not less than 1.35 percent of estimated insured deposits, or the comparable percentage of the new assessment base, and requires that FDIC take such steps as may be necessary to achieve this reserve ratio by September 30, 2020. This change, intended to strengthen the DIF, increases the minimum designated reserve ratio from 1.15 percent, but as noted above, extends the target date for the DIF to achieve this minimum designated reserve ratio from December 31, 2016. FDIC adopted a new restoration plan on October 19, 2010 in response to the above requirements. In addition, the act provides for a permanent increase in the standard deposit insurance coverage amount from $100,000 to $250,000 (retroactive to January 1, 2008) and unlimited deposit insurance coverage for noninterest-bearng transaction accounts for 2 years to the end of 2012. The act also authorizes FDIC to undertake enforcement actions against depository institution holding companies if their conduct or threatened conduct poses a risk of loss to the DIF.

The DIF continues to face some exposure as a result of actions taken pursuant to the systemic risk determnation made in 2008 by the Department of the Treasury, in consultation with the President and upon recommendation of the Boards of FDIC and the Federal Reserve. As discussed in note 16 to the DIF’s financial statements, FDIC established the Temporary Liquidity Guarantee Program (TLGP). The TLGP consists of the (1) Debt Guarantee Program, under which FDIC guaranteed newly issued senior unsecured debt up to prescribed limits issued by insured institutions and certain holding companies, and (2) Transaction Account Guarantee Program (TAGP), under which, through December 31, 2010, FDIC provided unlimited coverage for noninterest-bearing transaction accounts held by participating insured institutions. FDIC charged fees to participants that are to be used to cover any losses under both guarantee programs. The unlimited deposit insurance coverage for noninterest-bearing transaction accounts under the Dodd-Frank Act essentially replaces the TAGP, except that FDIC will not charge a separate assessment fee for insuring the transaction accounts. As discussed in note 16, as of December 31, 2010, the amount of debt guaranteed by FDIC under the Debt Guarantee Program was $267 billion.

Opinion on the FRF’s Financial Statements

The financial statements, including the accompanying notes, present fairly, in all material respects, in conformity with U.S. generally accepted accounting principles, FRF’s assets, liabilities, and resolution equity as of December 31, 2010, and 2009, and its income and accumulated deficit and its cash flows for the years then ended.

Opinion on Internal Control

FDIC maintained, in all material respects, effective internal control over financial reporting as of December 31, 2010, which provided reasonable assurance that misstatements, losses, or noncompliance material in relation to the financial statements would be prevented or detected and corrected on a timely basis. Our opinion is based on criteria established under 31 U.S.C. 3512 (c), (d), commonly known as the Federal Managers’ Financial Integrity Act of 1982 (FMFIA).

Resolution of Prior Year Material Weakness

In our 2009 audit report³ we reported a material weakness4 in FDIC’s controls over its process for deriving and reporting estimates of losses to the DIF from resolution transactions involving loss-share agreements5 because existing controls were not fully effective in preventing or detecting and correcting errors in developing and reporting loss-share loss amounts in FDIC’s draft 2009 financial statements of the DIF. As described in our audit report, we identified weaknesses in FDIC’s controls over (1) the development of initial loss-share loss estimates, including verifying the accuracy of the calculations; (2) managerial review and oversight of the initial loss-share estimation process and its underlying assumptions; and (3) reporting of the loss-share loss estimates as part of the allowance for losses against the Receivables from resolutions, net on the DIF’s balance sheet. We subsequently provided further details of the control deficiencies related to this material weakness as well as recommendations for corrective actions in a separate report to FDIC management.6 To correct these control deficiencies, we recommended that FDIC officials (1) establish mechanisms for monitoring implementation of newly issued policies and procedures over the process for calculating initial loss-share loss estimates; (2) develop specific procedures for documenting assumptions underlying initial loss-share loss estimates, including periodic managerial review and approval of assumptions and changes over time; and (3) establish and document detailed procedures for ensuring the completeness and accuracy of the overall allowance for loss calculations, including loss-share related losses.

In response to the material weakness in internal control, FDIC developed and implemented a corrective action plan that included additional controls to address the control deficiencies we identified. Specifically, FDIC

  • implemented a new review process and documentation procedures over the development of initial loss-share loss amounts;
  • established additional monitoring and review of loss-share estimates with the creation of the Closed Bank Financial Risk Committee dedicated to oversight of the loss-share agreement process, including approval of underlying assumptions in loss-share related calculations and ongoing periodic reviews of initial and updated loss-share loss estimates; and
  • enhanced controls over both the inclusion of loss-share related losses in the allowance for loss determination and the overall process for calculating the allowance for loss related to the Receivables from resolutions, net line item on the DIF’s balance sheet.

During our audit, we found that FDIC’s actions significantly reduced the risk that a material misstatement would not be detected and timely corrected, and concluded that remaining control deficiencies in FDIC’s process of deriving and reporting estimates of losses involving loss-share agreements do not individually or collectively constitute a material weakness or significant deficiency.7

Although FDIC made significant improvements to its controls over its process for estimating losses related to loss-share agreements, it continues to face risk because of ongoing financial institution failures and the highly manual process FDIC employs in its loss-share estimation process. Although improved, FDIC’s current loss-share estimation process is complex, is not fully documented, and involves multiple manual data entries. As a result, the process relies heavily on effective reviews and oversight for ensuring data accuracy. The determination of the overall allowance for losses associated with receivables from resolution activity equally depends upon a highly complex series of integrated spreadsheets that draw information from multiple, often manually input, data sources, and thus also relies heavily on effective supervisory review and oversight for ensuring data accuracy. Because of the nature of this process, FDIC will need to continue to provide effective review and oversight controls to accurately report estimated loss-share losses and the overall allowance for loss related to resolution activity on the DIF’s financial statements.

Resolution of Prior Year Significant Deficiency

In our 2009 audit report, we reported a significant deficiency concernng the effectiveness of FDIC’s security over its information systems, which reduced FDIC’s ability to ensure that authorized users had only the access needed to perform their assigned duties, and that its systems were sufficiently protected from unauthorized access. The audit report highlighted the control issues that constituted the significant deficiency. Specifically, FDIC did not (1) adequately control access to its computer systems; (2) enforce its policies and procedures governing the assignment, use, and monitoring of mainframe user identifications (IDs); (3) appropriately configure certain key systems, potentially allowing the systems to be manipulated by internal users without detection; (4) have policies and procedures in place to prevent users from having inappropriate or incompatible access to multiple applications; and (5) effectively test and verify that all system interfaces were properly configured for major changes to some important accounting and system administrative applications. Subsequently, we provided more details on these issues and reported additional underlying control weaknesses, along with recommendations for corrective actions, to FDIC management.8

During 2010, FDIC made substantial progress in correcting many of the underlying control issues that constituted the significant deficiency. Specifically, FDIC did the following:

  • Corrected weaknesses in controls over access to computer systems and a business application that had not effectively limited individuals’ access to only those functions and data necessary to perform their assigned duties. For example, FDIC strengthened network configurations such that users are now prevented from obtaining unauthorized access to network controls and control information. Additionally, FDIC addressed weaknesses that had resulted in granting users inappropriate and excessive access privileges to a business application supporting resolution and receivership activities.
  • Corrected weaknesses in enforcing revised policies and procedures governing the assignment, use, and monitoring of mainframe user IDs intended to support technical assistance to business processes. FDIC also greatly reduced the incidence of the use of access privileges that provide a limited number of system administrators full access to all data and programs on the mainframe.
  • Corrected the configuration of certain key systems, significantly reducing the potential for the misuse of powerful mainframe programs.
  • Made progress in resolving deficiencies in controls designed to prevent users from having inappropriate or incompatible access to multiple applications.
  • Corrected deficiencies in the interfaces of two applications that increased the risk of errors in data as it is transferred from one system to another.

As a result of the improvements we noted in FDIC’s information system controls, we concluded that the remaining unresolved prior year issues and new issues identified in our 2010 audit do not individually or collectively constitute a material weakness or significant deficiency. In order to sustain the progress FDIC has made in improving its information system controls, it will be important for FDIC to continue to place a high level of emphasis on this area, especially with respect to continuous and periodic monitoring activities.

During our 2010 audit, we identified other deficiencies in FDIC’s system of internal control that we do not consider to be material weaknesses or significant deficiencies but merit FDIC management’s attention and correction. We have communicated these matters to FDIC management and as appropriate, will be reporting them in writing to FDIC separately, along with recommendations for corrective actions.

Compliance with Laws and Regulations

Our tests for compliance with selected provisions of laws and regulations disclosed no instances of noncompliance that would be reportable under U.S. generally accepted government auditing standards. However, the objective of our audits was not to provide an opinion on overall compliance with laws and regulations. Accordingly, we do not express such an opinion.

Objectives, Scope, and Methodology

FDIC management is responsible for (1) preparing the annual financial statements in conformity with U.S. generally accepted accounting principles; (2) establishing and maintaining effective internal control over financial reporting and evaluating its effectiveness; and (3) complying with applicable laws and regulations. Management evaluated the effectiveness of FDIC’s internal control over financial reporting as of December 31, 2010, based on criteria established under FMFIA. FDIC management provided an assertion concerning the effectiveness of its internal control over financial reporting (see app. I).

We are responsible for planning and performing the audit to obtain reasonable assurance and provide our opinion about whether (1) the financial statements are presented fairly, in all material respects, in conformity with U.S. generally accepted accounting principles, and (2) FDIC management maintained, in all material respects, effective internal control over financial reporting as of December 31, 2010. We are also responsible for testing compliance with selected provisions of laws and regulations that have a direct and material effect on the financial statements.

In order to fulfill these responsibilities, we

  • examined, on a test basis, evidence supporting the amounts and disclosures in the financial statements;
  • assessed the accounting principles used and significant estimates made by FDIC management;
  • evaluated the overall presentation of the financial statements;
  • obtained an understanding of FDIC and its operations, including its internal control over financial reporting;
  • considered FDIC’s process for evaluating and reporting on internal control over financial reporting based on criteria established under FMFIA;
  • assessed the risk that a material misstatement exists in the financial statements and the risk that a material weakness exists in internal control over financial reporting;
  • tested relevant internal control over financial reporting;
  • evaluated the design and operating effectiveness of internal control over financial reporting based on the assessed risk;
  • tested compliance with certain laws and regulations, including selected provisions of the Federal Deposit Insurance Act, as amended; and
  • performed such other procedures as we considered necessary in the circumstances.

An entity’s internal control over financial reporting is a process affected by those charged with governance, management, and other personnel, the objectives of which are to provide reasonable assurance that (1) transactions are properly recorded, processed, and summarized to permit the preparation of financial statements in conformity with U.S. generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition, and (2) transactions are executed in accordance with laws and regulations that could have a direct and material effect on the financial statements.

We did not evaluate all internal controls relevant to operating objectives as broadly defined by FMFIA, such as controls relevant to preparing statistical report and ensuring efficient operations. We limited our internal control testing to controls over financial reporting. Because of inherent limitations in internal control, internal control may not prevent or detect and correct misstatements due to error or fraud, losses, or noncompliance. We also caution that projecting any evaluation of effectiveness to future periods is subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with policies and procedures may deteriorate.

We did not test compliance with all laws and regulations applicable to FDIC. We lited our tests of compliance to those laws and regulations that have a direct and material effect on the financial statements for the year ended December 31, 2010. We caution that noncompliance may occur and not be detected by these tests and that such testing may not be sufficient for other purposes.

We performed our audit in accordance with U.S. generally accepted government auditing standards. We believe our audit provides a reasonable basis for our opinions and other conclusions.

FDIC Comments and Our Evaluation

In commenting on a draft of this report, FDIC’s Chief Financial Officer (CFO) noted that he was pleased that FDIC had received unqualified opinions on the DIF’s and FRF’s 2010 and 2009 financial statements. He noted that over the past year, FDIC had worked diligently to resolve the material weakness and significant deficiency that we had reported in our 2009 audit. In particular, he cited significant steps taken to strengthen controls over the loss-share estimation process and over information systems security. The CFO stated that FDIC would continue to make improvements in these areas in the coming year, and stressed that FDIC’s dedication to sound financial management remains a top priority.

The complete text of FDIC’s comments and its Management Report containing its assertion on the effectiveness of its internal control over financial reporting are reprinted in appendix I.

Steven J. Sebastian
Director
Financial Management and Assurance
March 14, 2011


1 A third fund to be managed by FDIC, the Orderly Liquidation Fund, established by section 210 of the Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, 124 Stat. 1376, 1506 (July 21, 2010), is unfunded and conducted no transactions during the fiscal years covered by this audit.

2 Pub. L. No. 111-203, 124 Stat. 1376 (July 21, 2010).

3 GAO, Financial Audit: Federal Deposit Insurance Corporation Funds’ 2009 and 2008 Financial Statements, GAO-10-705 (Washington, D.C.: June 25, 2010).

4 A material weakness is a deficiency, or a combination of deficiencies, in internal control such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected on a timely basis. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct misstatements on a timely basis.

5 In 2009, and continuing in 2010, FDIC increasingly used whole bank purchase and assumption transactions with accompanying loss-share agreements as the primary means of resolving failed financial institutions. Under such an agreement, FDIC sells a failed institution to an acquirer with an agreement that FDIC, through the DIF, will share in losses the acquirer experiences in servicing and disposing of assets purchased and covered under the loss-share agreement.

6 GAO, Management Report: Opportunities for Improvements in FDIC’s Internal Controls and Accounting Procedures, GAO-11-23R (Washington, D.C.: Nov. 30, 2010).

7 A significant deficiency is a control deficiency, or combination of deficiencies, in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged with governance.

8 GAO, Information Security: Federal Deposit Insurance Corporation Needs to Mitigate Control Weaknesses, GAO-11-29 (Washington, D.C.: Nov. 30, 2010).

Last Updated 5/5/2011 communications@fdic.gov