Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Consumer Compliance Examination Manual

II-6 Communicating Findings

Chapter Last Updated: March 2024

Communicating Findings

At the conclusion of an FDIC risk-focused, consumer compliance and Community Reinvestment Act (CRA) examination or review1, compliance examination staff communicates supervisory findings to institutions describing the strengths and weaknesses of an institution’s compliance management system (CMS), assessing adherence to the consumer protection laws and regulations, and describing potential or actual consumer harm. Typically, such findings are conveyed during a meeting with the institution’s management and/or the Board of Directors/Trustees (Board) at the conclusion of a consumer compliance examination, and also in the Report of Examination (ROE).

Examiners communicate Matters Requiring Board Attention (MRBAs) when significant issues are identified requiring an institution’s Board and management to take prompt corrective action on behalf of the institution and elevated supervisory attention is necessary. Examiners also provide recommendations to management when issues are identified that have a lower risk of consumer harm and are correctable by management in the normal course of business. If institutions take recommended actions, their CMS generally improves, and subsequent supervisory attention may not be necessary.

Exit Meeting

An exit meeting is held with management at the conclusion of a consumer compliance and CRA examination or review. When practical, at least two FDIC representatives should be present at the exit meeting. Attendance by financial institution representatives other than management is at the discretion of management. These participants may include: consultants, agents, counsel, accountants, holding company officers, directors, and employees who work directly with consumer protection laws or CRA. The presence of the aforementioned representatives should only be during segments that pertain to their area of responsibility. Third party participants must be under contract with the bank, with appropriate confidentiality language, in order to attend the exit meeting.

During concurrent examinations with Risk Management Supervision (RMS), DCP’s Examiner-in-Charge (EIC) coordinates with RMS examiners to schedule the exit and Board meetings in an effort to ensure that all necessary attendees are present and that the bank’s and FDIC staff’s time is used efficiently. Reasonable requests from management, such as for separate meetings, are considered and accommodated, if practical.

Examination findings, including consumer compliance and CRA ratings, are not final until the appropriate reviews are conducted by review staff, and/or the Regional or Washington Offices, as applicable. Prior to the exit meeting, Regional Offices generally consult with examiners and approve enforcement action recommendations.

The exit meeting is used to:

  • Summarize review or examination findings. All critical issues are discussed. If significant issues arise subsequently, they are discussed with management either in person, virtually, or by telephone. If management presents significant, new information at the exit meeting, additional review by the examiner may be required. In such instances, the examination process is left open for further review of applicable regulatory issues and the institution’s records. A second meeting with management may be necessary to discuss any additional matters.
  • Discuss, when appropriate, positive findings to acknowledge the effectiveness of the institution’s consumer compliance or CRA efforts.
  • Provide recommendations to address noted weaknesses or deficiencies.
  • Recommend actions that would strengthen or enhance the financial institution’s CMS, as applicable.
  • Obtain management’s response(s) and commitment(s) for corrective action for deficiencies identified in the CMS, including recommendations, and for cited violations and the resulting consumer harm.
  • Advise management of recommended consumer compliance and CRA ratings, as well as any recommendations for formal or informal enforcement actions.

The agenda for the exit meeting lists the discussion items in the order of their significance in relation to the overall conclusions. The agenda also includes a tentative listing of Level 3 and Level 2 violations, and to the extent possible, draft copies of the pertinent violation sections of the ROE. At the exit meeting, examiners also provide management with a copy of the Level 1 violations, if applicable. A copy of the agenda is provided to management and included in the examination workpapers.

Board Meeting

The purpose of a meeting with the financial institution’s Board is to convey the pertinent findings of the examination directly to persons ultimately responsible for the operating policies and procedures of the institution. Board meetings are conducted after the exit meeting with management, and are planned for regularly scheduled Board meetings, whenever possible. When significant issues requiring consultation with the Regional Office are present, the FDIC’s Consultation Policy is followed prior to scheduling the Board meeting.

Board meetings must be attended by at least a quorum of Directors/Trustees. The EIC, Field Supervisor, Supervisory Examiner, and/or Review Examiner or senior member of the Regional Office staff attend, as deemed appropriate.

Board meetings may be appropriate in a variety of situations, but are required under one or more of the following circumstances:

  • An informal or formal enforcement action is recommended
  • The proposed consumer compliance rating is “3,” “4,” or “5”
  • The proposed composite CRA rating, state rating, or multi-state rating is “Needs to Improve” or “Substantial Noncompliance”
  • The institution’s management or Board requests such a meeting

A Board meeting is not required for:

  • Visitations;
  • Consumer Complaint Investigations; or
  • Other Special Reviews.

Report of Examination

Introduction

The ROE is a consumer compliance examination’s principal document of record. It communicates the results of an examination to the Board and management of the financial institution. The ROE highlights the strengths and weaknesses of a financial institution’s CMS and cites violations (if any) in order of significance. The ROE may also include pages that inform the institution about MRBAs, compliance with enforcement actions, or other matters. The ROE offers recommendations for addressing deficiencies and improving future compliance management performance.2 Compliance examiners develop the ROE’s content and its findings based on bank information reviewed during the supervisory process, FDIC examination policies and procedures, and examiner experience and professional judgment.

Format of the Report of Examination

The ROE is a standalone document that is organized as follows:

  • Transmittal Letter
  • Report Cover
  • Examiner’s Comments and Conclusions
    • Consumer Compliance Examination Scope and Rating
    • Compliance Management System
      • Board and Management Oversight
      • Compliance Program
    • Optional headers to address significant findings (if applicable), such as Third Party Oversight, Fair Lending, etc.
    • Violations of Law and Consumer Harm
    • Community Reinvestment Act Scope and Rating (if applicable)
    • Enforcement Action(s) (if applicable, including proposed enforcement actions)
    • Matters Requiring Board Attention (if applicable)
    • Recommendation(s)
    • Meeting with Management
    • Meeting with Board of Directors (if applicable)
  • Matters Requiring Board Attention (if applicable)
  • Compliance with Enforcement Actions (if applicable)
  • Level 3/High Severity Violations (if applicable)
  • Level 2/Medium Severity Violations (if applicable)
  • Other Matters (if applicable)
  • Compliance - Supervisory Section (if applicable)

Transmittal Letter

A transmittal letter accompanies a ROE to a financial institution’s Board. The transmittal letter requires the institution, within a timeframe established by the applicable Regional Office, to send a letter or letters to the appropriate FDIC office notifying it, in sufficient detail, of the actual resolution of the MRBAs, recommendations, and Level 3 and Level 2 violations.

Appropriate staff at the Regional Office reviews an institution’s response and determines whether the response sufficiently addresses the issues. The Regional Office maintains a tracking system to ensure responses are received and corrective actions are completed in a timely manner. In cases where an enforcement action is pursued against an institution, examination staff will follow established monitoring procedures.

Content of the Report of Examination

The guiding principle for completing the ROE is that it contains all information that is necessary and useful for the institution’s Board and management to understand the scope and conclusions of the examination and any corrective actions that may be necessary to achieve compliance or address consumer harm. The ROE should aid the Board and management in developing an action plan to address any findings or supervisory concerns. Examiners exercise judgment and discretion when determining the amount of information and detail to include in the ROE. Factors examiners could consider when determining the amount of detail include significant CMS structure or management changes, significant changes in business strategy that impact the consumer harm risk profile, changes in ratings or adverse ratings, CMS weaknesses, violations resulting in significant consumer harm, civil money penalties, de novo or charter conversion status, complex or unusual programs or products, or management disagreement with ratings.3

Examiner’s Comments and Conclusions

Consumer Compliance Examination Scope and Rating 

This section of the ROE provides information regarding the date and scope of the compliance examination, including the fair lending review. Additionally, this section contains a table that discloses the consumer compliance ratings for the current and prior examination, as applicable. The table also includes the applicable rating definition for the current examination.

Compliance Management System 

This section of the ROE includes the EIC’s comments and conclusions regarding the overall quality of the institution’s CMS and the Board and management’s ability to effectively meet its compliance responsibilities. This section discusses the EIC’s comments and conclusions relative to each of the two elements of a CMS: Board and management oversight and the compliance program. Both positive and negative aspects of the institution’s management of its compliance responsibilities are discussed, while focusing on analysis rather than stating known facts about the bank’s CMS.

Fair lending matters are incorporated into the ROE. Fair lending findings are incorporated into the CMS section of the ROE, as appropriate. If warranted, a separate fair lending section may be included in the ROE, with reference to the appropriate CMS section.

Violations of Law and Consumer Harm 

This section of the ROE summarizes the relationship between violations identified and the deficiencies in the CMS. This section also summarizes the consumer harm that resulted from such deficiencies. Generally, examiners consider the collective significance and frequency of all infractions and any mitigating factors.

Violations are categorized as Level 3/High Severity, Level 2/Medium Severity, and Level 1/Low Severity. Only violations at Levels 3 and 2 that are of high or medium severity are discussed in this section of the ROE. Level 1 violations will not be mentioned in the examiner’s comments and conclusions pages of the ROE.

If applicable, this section will include information about restitution of any type and briefly state the total amount of restitution when reliable estimates have been determined, or estimates based upon the examiner’s calculations, including the assumptions on which the estimates are based. Finally, a reference to the violation page(s) is included.

Community Reinvestment Act Scope and Rating 

If a concurrent CRA evaluation was conducted, this section provides information regarding the scope of the CRA evaluation and any notable weaknesses identified. This section also includes a table with the current and previous CRA ratings, the definition of the current CRA rating, and the current and previous CRA rating components for Intermediate Small Bank and Large Bank evaluations, if applicable. Finally, a reference to the CRA Performance Evaluation is included.

Matters Requiring Board Attention 

This section addresses matters requiring board attention, as applicable, and includes a reference to the separate MRBA page.

Recommendation(s) 

This section summarizes all examiner recommendations that were not fully addressed during the examination, as applicable, including violation-, CRA-, and fair lending-related recommendations. If no recommendations were provided or all recommendations were fully addressed during the examination, this section will note that, as applicable.

Enforcement Action(s) 

This section includes a brief comment summarizing any proposed enforcement action(s) and/or the institution’s actions with regard to any outstanding enforcement action(s). For outstanding enforcement action(s), the adequacy of the steps taken by the institution to comply with each provision will be discussed on separate “Compliance with Enforcement Actions” pages.

When an EIC recommends an informal or formal enforcement action against an institution, the provisions of the proposed enforcement action as well as the reasons for the recommendation should be discussed with the Board and management and documented in the Meeting with Management and Meeting with the Board of Directors sections of the Examiner’s Comments and Conclusions pages in the ROE.

Meeting with Management 

This section of the ROE describes the exit meeting with management.

Meeting with Board of Directors 

This section of the ROE describes the meeting with the Board members.

Matters Requiring Board Attention

The MRBA page is only included in the ROE for items that are significant and require prompt corrective action and elevated supervisory attention. MRBAs are intended to clearly convey to an institution’s Board and management issues of the highest degree of supervisory concern. MRBAs could include violations of consumer protection laws; CMS weaknesses that, if left unaddressed, could adversely affect the institution; activities that resulted in consumer harm; or emerging issues that impact the institution and require proactive attention to mitigate risks.

If a matter that requires the Board and management’s attention is included as a provision in a proposed enforcement action, it should not be duplicated on the MRBA page.

Compliance with Enforcement Actions 

The Compliance with Enforcement Actions page is only included when applicable and discusses how management has addressed weaknesses identified in the action. The guidance in this section applies to both formal and informal actions. The page will start with a brief overview of the facts leading to the issuance of an action.

Each provision should be followed with the examiner’s assessment of the adequacy of the steps taken by the institution to comply with the provision. For example, an assessment of a new policy might say “The updated Compliance Policy is comprehensive and tailored to the bank’s product offerings.” Examiners should not use conclusory statements of opinion such as “The institution is in compliance/noncompliance with this provision.” Comments should indicate whether any time limits set forth in actions have been met.

At the first examination/visitation after the issuance of a formal or informal action, the provisions of the action will generally appear verbatim on this page. At subsequent examinations/visitations, the examiner need only address provisions of an ongoing nature and those that remain outstanding. In all cases, a summary of the institution’s actions with regard to the enforcement action will be included on the examiner’s comments and conclusions page along with the examiner’s recommendation to terminate, continue, or change the enforcement action.

Violations

The violations page(s), when applicable, serve as the institution’s official record of violations identified during an examination.

Level 3 and Level 2 violations are described in the ROE and are listed in order of severity with management’s response to each violation. Level 1 violations are recorded as a list on the Level 1 Violations page. The Level 1 Violations page is left with management at the conclusion of the exit meeting but is not included in the ROE or mentioned in the examiner’s comments and conclusions pages of the ROE.

Descriptions of the Level 3 and Level 2 violations in the violations pages readily call attention to the general nature and magnitude of these matters. Examiner’s recommendations to address the violations along with management’s responses will be included on the violations pages. Where no violation was found for a particular level of violation, the associated violations page is omitted.

The FDIC relies on examiner professional judgment in categorizing the level of violations. Examiners make reasonable efforts to appropriately categorize violations; however, the key purpose of the categorization system is to communicate to institutions the FDIC’s level of concern regarding each of the violations cited, and for institutions to appropriately prioritize efforts to correct violations cited.

Violations that have been self-identified by a bank and fully corrected before the start of the examination (including remedial action, if appropriate) generally are not cited on the violations pages or recorded in FOCUS.4 Examiners confirm that the bank identified the root cause of the violation and that the corrective action gives reasonable assurance that the violation will not recur.

Note: The self-identification of violations is the result of a proactive approach to identify weaknesses in an effort to facilitate the early detection of regulatory violations and limit the scope of consumer harm. Self-identification reflects a robust and effective CMS that includes adequate monitoring and/or audit functions and effective responses to consumer complaints. Examiners consider self-identification of violations, along with prompt and full corrective action, including remediation of consumer harm, as applicable, as a strength of the bank’s CMS when its corrective action is the result of proactive measures resulting from the bank's CMS functions. Examiners do not consider violations identified by way of supervisory activities between examination cycles (e.g. visitations or other regulator-initiated engagement), litigation, investigations by other agencies, or other means outside of the bank's CMS functions, as self-identified or a strength of the CMS, although promptly addressing issues identified through these channels will be considered positively.

Level 3/High Severity Violations 

Violations of the highest concern that have resulted in significant harm to consumers or members of a community are classified as Level 3/High Severity. These violations typically result in a request or a requirement that the institution provide restitution in excess of $10,000 (in aggregate), or include, for example, pattern or practice violations of anti-discrimination provisions, including redlining or widespread discouragement.

Level 2/Medium Severity Violations 

Violations of moderate concern reflecting systemic, recurring, or repetitive errors that represent a failure of the bank to meet a key purpose of an underlying regulation or statute are classified as Level 2/Medium Severity. These violations may have had a small, but negative impact on consumers or have the potential to have a negative impact if uncorrected. Level 2 violations may also include those resulting in potential restitution in an amount below the Level 3 threshold.

Level 1/Low Severity Violations 

Violations of the lowest concern that are isolated or sporadic, or systemic violations that are unlikely to affect consumers or the underlying purposes of an applicable regulation or statute are classified as Level 1/Low Severity. These violations are typically due to individual instances of failure to follow established procedures or minor errors in the implementation of reasonable procedures to comply with the obligations of a regulation or statute.

Other Matters 

The Other Matters page, if used, discusses matters that arise during an examination that may not rise to the level of a violation of law or regulation regarding which the FDIC has examination authority. Other matters may include apparent violations that are referred to another agency, or details to support a potential risk that is included on the examiner’s comments and conclusions pages.

Compliance - Supervisory Section 

The purpose of the Supervisory Section is to provide the FDIC Regional Office, Washington Office, and other banking regulators with confidential or controversial information. It also provides information to succeeding examiners on supervisory and examination activities relating to the institution. The Supervisory Section is not included in the ROE transmitted to the institution. Examples of information important to report on this page include:

  • Planned changes in key management positions or compliance personnel that are not widely known in the institution
  • Pending litigation on a consumer protection matter that is not widely known in the institution
  • Tentative plans or strategies that are not widely known in the institution that may affect the frequency or scope of future compliance examinations
  • An explanation as to why civil money penalties are not imposed for Flood Insurance violations involving pattern or practice violations
  • Bank’s compliance with the Interstate Banking and Branching Efficiency Act of 1994

This page is omitted when there are no issues to discuss, or all information is accessible in FOCUS, or the examination workpapers.

Review of the Report of Examination

The EIC or Review Examiner, as directed by regional policy, completes and uploads the following documents into FOCUS for review:

  • Transmittal Letter
  • Report Cover
  • Examiner’s Comments and Conclusions
  • CRA Performance Evaluation (if applicable)
  • Matters Requiring Board Attention (if applicable)
  • Compliance with Enforcement Actions (if applicable)
  • Level 3/High Severity Violations (if applicable)
  • Level 2/Medium Severity Violations (if applicable)
  • Level 1/Low Severity Violations (if applicable)
  • Other Matters (if applicable)
  • Compliance - Supervisory Section (if applicable)
  • Final examination scoping documents for compliance and fair lending.

The EIC ensures that all FOCUS submission requirements are met, which includes completing all applicable screens and recording the appropriate violation code for all levels of violations cited during the examination or visitation.

During the review process, Review Examiners identify any gaps, inconsistencies, or unsupported or unexplained conclusions contained in the ROE or any other document informing the institution of an FDIC material supervisory determination. The assigned Review Examiner and the EIC shall fully support the facts identified with supporting information before the ROE or document is submitted to the institution.

Generally, examiners conduct Board meetings before forwarding the ROE to FDIC’s Regional or Washington Office for review. However, in special circumstances, examiners may conduct the meeting after forwarding the report for review. If this occurs, the EIC will prepare a memorandum to the Regional Office summarizing the pertinent issues from the Board’s discussion for inclusion in the ROE.

The FDIC communicates with the financial institution if, during the review process, the examiner’s recommended rating is downgraded or the examiner’s conclusions are changed in a way that adversely affects the financial institution.

After the ROE is signed, it is delivered to the Board of the financial institution.

 

1See Overview of Compliance Examinations section for the type and scope of supervisory activities.
2Best practices may be communicated to an institution verbally. There is no supervisory expectation that an institution should implement suggested best practices.
3These factors are meant to be an illustrative example and are not all-inclusive.
4FOCUS is FDIC's system of record for all consumer compliance and CRA examination activities. It stores both examination data and documents including the consumer compliance examination’s ROE and the CRA Performance Evaluation.

Last Updated: March 1, 2024