C. Office of Inspector General’s Assessment of the Management and Performance Challenges Facing the FDIC
Under the Reports Consolidation Act of 2000, the Office of Inspector General (OIG) is required to identify the most significant management and performance challenges facing the Corporation and provide its assessment to the Corporation for inclusion in the FDIC’s annual performance and accountability report. The OIG conducts this assessment annually and identifies specific areas of challenge facing the Corporation at the time. In doing so, we keep in mind the Corporation's overall program and operational responsibilities; financial industry, economic, and technological conditions and trends; areas of congressional interest and concern; relevant laws and regulations; the Chairman’s priorities and corresponding corporate goals; and ongoing activities to address the issues involved.
In looking at the recent past and the current environment and anticipatingto the extent possiblewhat the future holds, the OIG believes that the FDIC faces challenges in the areas listed below.
Implementing New Systemic Resolution Responsibilities
The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) has given the FDIC significant new authorities to help address the risks in systemically important financial companies or institutions (SIFIs). The FDIC’s Office of Complex Financial Institutions (OCFI) is focusing on three areas to carry out its new responsibilities: monitoring risk within and across these large, complex firms from the standpoint of resolution; conducting resolution planning and developing strategies to respond to potential crisis situations; and coordinating with regulators overseas regarding the significant challenges associated with cross-border resolution.
Importantly, under Title I of the Dodd-Frank Act, bank holding companies with more than $50 billion in assets and other firms designated as systemic must develop their own resolution plans or “living wills.” The firms must show how they could be resolved under the bankruptcy code without disrupting the financial system and the economy. The first resolution plans were submitted in early July 2012 by the nine largest companies with nonbank assets of over $250 billion. The FDIC and the Federal Reserve Board are reviewing those plans for completeness and compliance with related rulemaking requirements.
OCFI has also been developing its own resolution plans to be ready to resolve a failing systemic financial company. These internal FDIC resolution plans apply many of the same powers that the FDIC has long used to manage failed-bank receiverships to a failing SIFI. If the FDIC is appointed as receiver of such an institution, it will face the challenge of carrying out an orderly liquidation in a manner that maximizes the value of the company’s assets and ensures that creditors and shareholders appropriately bear any losses. The goal is to close the institution without putting the financial system at risk.
The coming months will continue to be challenging for the FDIC and all of the regulatory agencies as they continue to carry out the mandates of the Dodd-Frank Act, develop rules to implement key sections, and fulfill their responsibilities as members of the Financial Stability Oversight Council (FSOC). With respect to the FDIC’s OCFI, in particular, it will need to ensure that it has the needed expertise and resources to build its capabilities, integrate its operations and systems within the FDIC’s infrastructure and established control environment, and supplement existing controls, as warranted, to ensure the success of the FDIC’s activities with respect to SIFIs. This is especially important, given the significance of OCFI’s responsibilities, the sensitivity of the information it is handling, and the potential consequences of any unauthorized disclosure of such information.
Resolving Failed Institutions and Managing Receiverships
The Corporation continues to handle a demanding resolution and receivership workload. From 2008 through 2012, 465 institutions failed with total assets (as of their final Call Reports) of $680 billion. Estimated losses resulting from the failures total approximately $86.8 billion. As of December 31, 2012, the number of institutions on the FDIC’s “Problem List” was 651, indicating the potential of more failures to come, albeit with far less frequency, and an increased asset disposition workload. Total assets of problem institutions were $233 billion as of year-end 2012.
The FDIC frequently enters into shared-loss agreements (SLAs) with acquiring institutions (AIs) of failed bank assets. These agreements guarantee that the FDIC will share in a portion of future asset losses and recoveries for a specific time period. In return, the AI agrees to manage the failed bank assets consistently with its legacy assets, pursue residential loan modifications on qualified loans, and work to minimize losses. Since loss sharing began in November 2008, through June 30, 2012, the Corporation had entered into more than 290 SLAs involving $212.7 billion in covered assets.
The FDIC has established controls over its SLA monitoring program, which help protect the FDIC’s interests and meet the goals of the program. We have pointed out that the FDIC should place additional emphasis on monitoring commercial loan extension decisions to ensure that AIs do not inappropriately reject loan modification requests as SLAs approach termination. Additionally, the FDIC needs to formulate a better strategy for mitigating the impact of impending portfolio sales and SLA terminations on the Deposit Insurance Fund (DIF) so that the FDIC will be prepared to address a potentially significant volume of asset sale requests.
As another resolution strategy, the FDIC has entered into 34 structured sales transactions involving 42,900 assets with a total unpaid principal balance of about $26.0 billion. Under these arrangements, the FDIC retains a participation interest in future net positive cash flows derived from third-party management of the assets. Such transactions involve selling assets to third parties that are not regulated financial institutions. Differences in controls in place for regulated financial institutions, in contrast to private capital investors with unregulated systems of internal control that are not subject to regular oversight by banking supervisors, can present challenges. Such arrangements need to be closely monitored to ensure compliance with all terms and conditions of the agreements. Compliance with the agreements is important to ensure that the FDIC receives the cash flows to which it is entitled.
Other post-closing asset management activities will continue to require much FDIC attention. FDIC receiverships manage assets from failed institutions, mostly those that are not purchased by acquiring institutions through SLAs or involved in structured sales. As of December 31, 2012, the Division of Resolutions and Receiverships (DRR) was managing 466 active receiverships (including three FSLIC-related) with assets totaling about $17.0 billion. These assets include securities, delinquent commercial real-estate and single-family loans, and participation loans. Post-closing asset managers are responsible for managing many of these assets and rely on receivership assistance contractors to perform day-to-day asset management functions. Since these loans are often sub-performing or nonperforming, workout and asset disposition efforts can be intensive and challenging.
Maintaining the Viability of the Deposit Insurance Fund
Insuring deposits remains at the heart of the FDIC’s commitment to maintain stability and public confidence in the nation’s financial system. The Dodd-Frank Act made permanent the increase in the coverage limit to $250,000. It also provided deposit insurance coverage on the entire balance of noninterest-bearing transaction accounts at all insured depository institutions (IDIs) until December 31, 2012. A priority and ongoing challenge for the FDIC is to ensure that the DIF remains viable to protect all insured depositors. To maintain sufficient DIF balances, the FDIC collects risk-based insurance premiums from insured institutions and invests deposit insurance funds.
In the aftermath of the financial crisis, FDIC-insured institutions continue to make gradual but steady progress. Commercial banks and savings institutions insured by the FDIC reported aggregate net income of $37.6 billion in the third quarter of 2012, a $2.3 billion improvement from the $35.2 billion in profits the industry reported in the third quarter of 2011. This is the 12th consecutive quarter that earnings have registered a year-over-year increase. Also noteworthy with respect to the viability of the fund was the decline in the number of banks on the FDIC’s “Problem List” from 813 in the fourth quarter of 2011 to 651 in the fourth quarter of 2012. The fourth quarter marked the seventh consecutive quarter that the number of problem banks has fallen. As noted earlier, total assets of “problem” institutions also declined year-over-year between 2011 and 2012 from $319.4 billion to $233 billion. Eight insured institutions failed during the fourth quarterthe smallest number of failures in a quarter since the second quarter of 2008, when there were two.
In light of such progress, the DIF balance has continued to increase. During 2012, the DIF balance increased by $21.2 billion, from $11.8 billion to $33.0 billion. Over the twelve consecutive quarters since the beginning of 2010, the fund balance has increased a total of $53.8 billion.
While the fund is considerably stronger than it has been, the FDIC must continue to monitor the emerging risks that can threaten fund solvency in the interest of continuing to provide the insurance coverage that depositors have come to rely upon. Given the volatility of the global markets and financial systems, new risks can emerge without warning and threaten the safety and soundness of U.S. financial institutions and the viability of the DIF. The FDIC must be prepared for such a possibility.
Ensuring Institution Safety and Soundness Through an Effective Examination and Supervision Program
The Corporation’s supervision program promotes the safety and soundness of FDIC-supervised IDIs. The FDIC is the primary federal regulator for approximately 4,500 FDIC-insured, state-chartered institutions that are not members of the Federal Reserve Board (FRB)generally referred to as “state non-member” institutions. As such, the FDIC is the lead federal regulator for the majority of community banks. The Chairman has made it clear that one of the FDIC’s most important priorities is the future of community banks and the critical role they play in the financial system and the U.S. economy as a whole. The Corporation has undertaken a number of initiatives to further its understanding of the challenges and opportunities facing community banks, including a conference, a comprehensive study, and an assessment of both risk-management and compliance supervision practices to see if there are ways to make the supervisory processes more efficient. It will continue its efforts in this regard going forward.
Through the FDIC’s examination program, examiners assess the adequacy of the bank’s management and internal control systems to identify, measure, monitor, and control risks; and bank examiners judge the safety and soundness of a bank’s operations. When the FDIC determines that an institution’s condition is less than satisfactory, it may take a variety of supervisory actions, including informal and formal enforcement actions against the institution or its directors and officers and others associated with the institution, to address identified deficiencies and, in some cases, ultimately ban individuals from banking. Generally, the FDIC pursues enforcement actions for violations of laws, rules, or regulations; unsafe or unsound banking practices; breaches of fiduciary duty; and violations of final orders, conditions imposed in writing, or written agreements. In addition, the FDIC has the statutory authority to terminate the deposit insurance of any IDI for violation of a law, rule, regulation, condition imposed in writing, or written agreement, or for being in an unsafe or unsound condition or engaging in unsafe or unsound banking practices.
Part of the FDIC’s overall responsibility and authority to examine banks for safety and soundness relates to compliance with the Bank Secrecy Act (BSA), which requires financial institutions to develop and implement a BSA compliance program to monitor for suspicious activity and mitigate associated money laundering risks within the financial institution. This includes keeping records and filing reports on certain financial transactions. An institution’s level of risk for potential terrorist financing and money laundering determines the necessary scope of a Bank Secrecy Act examination. Maintaining a strong examination program, vigilant supervisory activities, and effective enforcement action processes for all institutions and applying lessons learned in light of the recent crisis will be critical to ensuring stability and continued confidence in the financial system going forward.
Another challenging supervisory issue that concerns the FDIC, and community banks in particular, relates to Basel III and recently proposed changes to the federal banking agencies’ regulatory capital requirements. In June 2012, the federal banking agencies issued for public comment three separate Notices of Proposed Rulemaking (NPR), proposing changes to the regulatory capital requirements. The agencies proposed the NPRs to address deficiencies in bank capital requirements that became evident in the recent banking crisis. The FDIC is reviewing the more than 2,000 comments it has received so that it can address concerns about the costs and potential unintended consequences of various aspects of the proposals. As the primary federal supervisor for the majority of community banks, the FDIC is particularly focused on ensuring that community banks are able to properly analyze the capital proposals and assess their impact. The basic purpose of the Basel III framework is to strengthen the long-term quality and quantity of the capital base of the U.S. banking system. The FDIC’s challenge is to achieve that goal in a way that is responsive to the concerns expressed by community banks about the potential for unintended consequences, and the FDIC will be carefully considering such issues in the coming months.
Protecting and Educating Consumers and Ensuring an Effective Compliance Program
The FDIC serves a number of key roles in the financial system and among the most important is its work in ensuring that banks serve their communities and treat consumers fairly. The FDIC carries out its role by providing consumers with access to information about their rights and disclosures that are required by federal laws and regulations and examining the banks where the FDIC is the primary federal regulator to determine the institutions’ compliance with laws and regulations governing consumer protection, fair lending, and community investment. During early 2011, in response to the Dodd-Frank Act and in conjunction with creation of the Consumer Financial Protection Bureau (CFPB), the FDIC established its new Division of Depositor and Consumer Protection. This Division is responsible for the Corporation’s compliance examination and enforcement program as well as the depositor protection and consumer and community affairs activities that support that program. It has also adopted a new coordinating role with CFPB on consumer issues of mutual interest.
Historically, turmoil in the credit and mortgage markets has presented regulators, policymakers, and the financial services industry with serious challenges. The FDIC has been committed to working with the Congress and others to ensure that the banking system remains sound and that the broader financial system is positioned to meet the credit needs of consumers and the economy, especially the needs of creditworthy households that may experience distress. A challenging priority articulated by the Chairman is to continue to increase access to financial services for the unbanked and underbanked in the United States. Successful activities in pursuit of this priority will continue to require effort on the part of the Corporation going forward.
Consumers today are also concerned about data security and financial privacy at their banks, and the FDIC needs to promote effective controls within the banks to protect consumers. Banks are also increasingly using third-party servicers to provide support for core information and transaction processing functions, and the sensitive information servicers handle can be vulnerable. The FDIC must continue to ensure that financial institutions protect the privacy and security of information about customers under applicable U.S. laws and regulations. New cyber threats emerge frequently, and financial institutions and their servicers face continuing challenges safeguarding highly sensitive information from unauthorized disclosure that can cause financial and personal distress or ruin.
Effectively Managing the FDIC Workforce and Other Corporate Resources
The FDIC must effectively and economically manage and utilize a number of critical strategic resources in order to carry out its mission successfully, particularly its human, financial, information technology (IT), and physical resources. These resources have been stretched during the past years of the recent crisis, and the Corporation will continue to face challenges as it returns to a steadier state of operations and carries out its mission in both headquarters and regional office locations. New responsibilities, reorganizations, and changes in senior leadership and in the makeup of the FDIC Board have affected the entire FDIC workforce over the past few years. Efforts to promote sound governance and effective stewardship of its core business processes and the IT systems supporting those processes, along with attention to human and physical resources, will be key to the Corporation’s success in the months ahead.
As the number of financial institution failures continues to decline, the Corporation is reshaping its workforce and adjusting its budget and resources accordingly. The FDIC closed the West Coast Office and the Midwest Office in January 2012 and September 2012, respectively, and plans to close the East Coast Office in 2014. In this connection, authorized staffing for DRR, in particular, has fallen from a peak of 2,460 in 2010 to 1,463 proposed for 2013, which reflects a reduction of 393 positions from 2012 and 997 positions over three years. DRR contractor funding also has fallen from a peak of $1.34 billion in 2010 to about $457 million proposed for 2013, a reduction of about $319 million from 2012 and nearly $885 million (66 percent) over three years. Still, the significant surge in failed-bank assets and associated contracting activities will continue to require effective and efficient contractor oversight management and technical monitoring functions.
With the number of troubled FDIC-supervised institutions also on the decline, the FDIC has reduced authorized nonpermanent examination staff as well. Risk management examination staffing has declined from a peak of 2,237 in 2011 to 1,966 proposed for 2013, a reduction of 271 nonpermanent positions. The number of compliance examination staff as well has begun to decline, though not as muchfrom a peak of 572 in 2012 to 522 proposed for 2013, a reduction of 50 nonpermanent positions.
To fund operations, the FDIC Board of Directors recently approved a $2.7 billion Corporate Operating Budget for 2013, about 18 percent lower than the 2012 budget. In conjunction with its approval of the 2013 budget, the Board also approved an authorized 2013 staffing level of 8,026 employees, down from 8,713 previously authorized, a net reduction of 687 positions, with further reductions projected in 2014 and future years. The FDIC’s operating expenses are paid from the DIF, and consistent with sound corporate governance principles, the Corporation’s financial management efforts must continuously seek to be efficient and cost-conscious, particularly in a government-wide environment that is facing severe budgetary constraints.
As conditions improve throughout the industry and the economy, the Corporation and staff are adjusting to a new work environment and workplace. The closing of the two temporary offices and the plans for closing the third can disrupt current workplace conditions. These closings can also introduce risks, as workload, responsibilities, and files are transferred and employees depart to take other positionssometimes external to the FDIC. Fewer risk management and compliance examiners can also pose challenges to the successful accomplishment of the FDIC’s examination responsibilities. Further, the ramping up of the new Office of Complex Financial Institutions, with hiring from both internal and external sources will continue to require attentionwith respect to on-boarding, training, and retaining staff with requisite skills for the challenging functions of that office. For all employees, in light of a transitioning workplace, the Corporation will seek to sustain its emphasis on fostering employee engagement and morale. Its new Workplace Excellence Program is a step in that direction.
From an IT perspective, amidst the heightened activity in the industry and economy, the FDIC has engaged in massive amounts of information sharing, both internally and with external partners. This is also true with respect to sharing of highly sensitive information with other members of the FSOC formed pursuant to the Dodd-Frank Act. As noted earlier with respect to OCFI, FDIC systems contain voluminous amounts of critical data. The Corporation needs to ensure the integrity, availability, and appropriate confidentiality of bank data, personally identifiable information, and other sensitive information in an environment of increasingly sophisticated security threats and global connectivity. In a related vein, continued attention to ensuring the physical security of all FDIC resources is also a priority. The FDIC needs to be sure that its emergency response plans provide for the safety and physical security of its personnel and ensure that its business continuity planning and disaster recovery capability keep critical business functions operational during any emergency.
Finally, a key component of corporate governance at the FDIC is the FDIC Board of Directors. With the confirmations of the FDIC Chairman and Vice Chairman, along with appointments of others to fill Board positions over the past year, the Board is now operating at full strength. The Board will likely face challenges in leading the organization, accomplishing the Chairman’s priorities, and coordinating with the other regulatory agencies on issues of mutual concern and shared responsibility. Enterprise risk management is a related aspect of governance at the FDIC. Notwithstanding a stronger economy and financial services industry, the FDIC’s enterprise risk management activities need to be attuned to emerging risks, both internal and external to the FDIC, and the Corporation as a whole needs to be ready to take necessary steps to mitigate those risks as changes occur and challenging scenarios present themselves.