The purpose of the FDIC Report of Examination (ROE) is to summarize examination findings in order to inform bank management and directors of undue risks and provide recommendations for improvement. To focus the attention of management and the directorate on material issues and recommendations requiring immediate consideration, examination reports include, as warranted, a discussion of Matters Requiring Board Attention (MRBA). When bank management promptly responds to concerns detailed in MRBAs, problems can be addressed early and reduce the overall risk to the institutions. This article summarizes the trends and types of issues identified by safety-and-soundness examiners in the aftermath of the financial crisis, as reflected by MRBAs contained in FDIC Reports of Examination.1 These trends provide one view of the “hot button” issues that most frequently concern FDIC examiners and how these have changed over time as risks facing the banking industry have evolved.
The MRBA page was added to the beginning of the ROE in 1993. The addition of this page was instituted in conjunction with the Interagency Policy Statement on the Uniform Common Core Report of Examination released by the four federal banking agencies.2 The policy statement detailed common pages that each agency’s ROE could include, allowing for flexibility to accommodate the different agency data requirements while ensuring a consistent minimum standard of information. When MRBAs are cited in an FDIC examination report,3 the letter transmitting the report to the institution must note any identified MRBAs and request a response from the board that addresses affirmative steps that will be taken to correct noted deficiencies.
Since 2010, the FDIC has employed an MRBA tracking system to detail examination recommendations, document responses from bank management, and facilitate follow-up by regional office or field staff. During the four years since the tracking system was implemented, more than 3,400 FDIC Risk Management ROEs cited MRBAs; about 85 percent of these were at institutions with composite ratings of “1” or “2” under the Uniform Financial Institutions Rating System. MRBAs are more commonly cited for these institutions because those rated “3” or worse are usually under an informal or formal enforcement action, such as a Memorandum of Understanding or Consent Order, that impose similar but more formal reporting requirements on management to submit Progress Reports that detail corrective actions undertaken to address deficiencies.
On average, during the past four years, about 48 percent of ROEs at satisfactorily rated FDIC-supervised institutions have had at least one MRBA cited. The percentage of institutions with MRBAs has declined during the past two years, reflecting overall improvement in the financial condition of the banking industry (see Chart 1). This article summarizes data from the FDIC tracking system for MRBAs cited in satisfactorily rated institutions from 2010 through 2013, describes the categories of MRBAs cited most often, and highlights trends in these categories since 2010.
Most Commonly Cited MRBA Categories
During the past four years, MRBAs have most often addressed deficiencies in two categories: Loans (approximately 69 percent of all ROEs with MRBAs cited) and Board/Management (approximately 45 percent of all ROEs with MRBAs cited) (see Chart 2).
Within the broad category of Loans, over three-quarters of the MRBAs were related to credit administration (see Chart 3). These MRBAs included the need to improve appraisal review, loan review, and the loan grading system; reduce credit data or collateral documentation exceptions; prepare cash flow analyses on loans; and properly account for troubled debt restructurings.
Approximately 41 percent of the loan-related MRBAs addressed elevated volumes of problem assets. MRBAs in this category included the need to reduce the volume of criticized assets, nonperforming loans, nonaccruals, and past dues; update detailed workout plans on classified assets; and implement risk reduction strategies for all criticized assets in excess of a specified dollar amount.
Additionally, about 28 percent of the loan-related MRBAs involved the need to correct deficiencies in the Allowance for Loan and Lease Losses (ALLL) methodology or the need for additional provisions to the institution’s ALLL to restore it to an appropriate level. The last significant sub-category represents approximately 12 percent of loan-related MRBAs and reflects the need for increased monitoring and oversight of concentrations in commercial real estate, agricultural, and small-business loans.
Board/Management is the second largest category, noted in approximately 45 percent of all ROEs with MRBAs cited. The category addresses several areas (see Chart 4), including the need for management to revise and comply with Board-approved policies (approximately 49 percent of Board/Management-related MRBAs cited). Audit is also included in this category and comprises approximately 27 percent of Board/Management related MRBAs cited. Audit recommendations range from the need for the development of an Audit Plan that reflects the institution’s risk profile to the need for increased board or management oversight of the Audit function. Other Board/Management– related MRBAs include the need to improve strategic planning, succession planning, risk management practices, and overall oversight; address operational weaknesses; conduct a position review of employees; ensure appropriate staffing and training; and increase oversight of insider transactions.
Violations, Earnings, and Interest Rate Risk (IRR) each comprise about 24 percent of all ROEs with MRBAs cited from 2010 through 2013. MRBAs in the Violations category focused on the board of directors’ need to correct the apparent violations cited in the ROE and ensure these violations do not recur. Part 323 of the FDIC Rules and Regulations addressing real estate appraisals and the Federal Reserve Board’s Regulation O governing loans to executive officers, directors, and principal shareholders were two examples of apparent violations commonly noted within these MRBAs.
MRBAs cited related to Earnings included the need to identify strategies to improve earnings to an acceptable level without relying on extraordinary items or increasing the risk to the institution. The MRBA may have also directed management to develop budgeting and profit-planning strategies. IRR MRBAs focused on the need to develop strategies to improve monitoring and control of this area, such as establishing risk tolerance parameters for IRR model results, enhance models to capture the risk inherent in the institution’s balance sheet, and increase board oversight and understanding of the institution’s models.
Trends in MRBA Categories
MRBAs cited at examinations reflect changes in risks faced by the institutions during the past four years, as the financial environment for institutions has changed. A comparison of the categories cited in the MRBAs on a year-to-year basis from 2010 through 2013 indicates the emergence of certain noteworthy trends (see Chart 5).
MRBAs in the Loans category continue to be the most commonly cited at examinations; however, the proportion of loan-related MRBAs has declined over time consistent with the ongoing improvement in loan quality. The noncurrent loan rate and the quarterly net charge-off rate have both declined and are trending down a similar path.4
MRBAs related to Liquidity have also declined during the past four years from more than 17 percent to less than 10 percent of all ROEs with MRBAs cited. The decline in MRBAs in the Liquidity category may be attributed in part to the actions that management and boards of directors have taken in response to regulatory guidance, along with overall substantial improvement of liquidity in the banking industry since 2010. The federal banking agencies issued guidance in April 2010 on sound practices for managing funding and liquidity risk and strengthening liquidity risk management practices.5 This guidance emphasizes the importance of cash-flow projections, diversified funding sources, stress testing, a cushion of liquid assets, and a formal, well-developed contingency funding plan as essential tools for measuring and managing liquidity risk.
In contrast, a significant increase has occurred in MRBAs cited in the IRR category. During 2010, MRBAs in this category were cited in approximately 17 percent of all ROEs with MRBAs. Each subsequent year the percentage increased, reaching approximately 30 percent in 2013. Given the sustained low interest-rate environment and the resulting shifts in banks’ asset and liability structures, it has become increasingly important for financial institutions to actively manage IRR.6
During the past four years, the FDIC has released industry guidance regarding IRR management.7 The most recent guidance, released on October 8, 2013, titled “Managing Sensitivity to Market Risk in a Challenging Interest Rate Environment,” discusses the importance of prudent IRR oversight and management to help prepare institutions for a period of rising interest rates. The FDIC also released a series of videos in 2013, including an IRR module in a virtual version of the FDIC’s Directors’ College Program8 and a technical assistance video series on IRR specifically for use by community bank management and individuals who are directly involved in the IRR management function.9 Many of the issues described in the IRR MRBAs are discussed in the guidance provided by the FILs and in the videos.
Until recently, MRBAs in the Information Technology (IT) category were cited less often than the categories discussed above. IT MRBAs were cited in 12 percent of all ROEs with MRBAs cited in 2010; MRBAs in this category increased to approximately 21 percent in 2012 before falling slightly to 18 percent in 2013. MRBAs in the IT category include the need for management to strengthen IT risk assessment programs, information security programs, and/or vendor management programs. The increase in MRBAs in this category could be attributed to the ever-changing and challenging risk in the IT environment, which make board and management oversight increasingly complex and difficult. In response, the FDIC developed a video as part of the virtual version of the FDIC’s Directors’ College Program that explains IT governance programs, discusses emerging and significant IT risks, and provides relevant questions to consider at the directorate level.10
In addition, the FDIC re-issued three documents for informational purposes that contain practical ideas for community banks to consider when they engage in technology outsourcing. These documents discuss how to select service providers, draft contract terms, and oversee multiple service providers when outsourcing for technology products and services.11
Conclusion
Over 80 percent of the time, FDIC supervisory staff determined that management’s first response satisfactorily addressed the MRBAs cited during examinations from 2010 through 2013. Multiple submissions were required when management’s responses were general in nature and did not provide details of how management addressed or planned to address the MRBA. Management’s and directorates’ willingness and ability to effectively address weaknesses and risks are critical to the financial health of the institution. The FDIC will continue to use MRBAs as a tool to focus bank management’s and directorates’ attention on areas that if not properly measured, monitored, and controlled, could adversely affect the institution.
Catherine H. Goñi
Case Manager
Division of Risk Management Supervision
cgoni@fdic.gov
Paul S. Vigil
Senior Quantitative Risk Analyst
Division of Risk Management Supervision
pvigil@fdic.gov
Larry R. Von Arb
Senior Quantitative Risk Analyst
Division of Risk Management Supervision
lvonarb@fdic.gov
Kenneth A. Weber
Senior Quantitative Risk Analyst
Division of Risk Management Supervision
kweber@fdic.gov
1 Unless otherwise noted, the analysis in this article is for FDIC-supervised institutions rated “1” or “2” as defined by the Uniform Financial Institutions Rating System, FIL-105-96, “Adoption of Revised FFIEC Policy Statement on Uniform Financial Institutions Rating System,” December 26, 1996. http://www.fdic.gov/news/news/financial/1996/fil96105.html.
2 The four federal banking agencies in 1993 were the Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, Federal Reserve Board, and Office of Thrift Supervision. https://www.occ.gov/static/rescinded-bulletins/bulletin-2019-11.pdf.
3 FDIC examiners have the option of including in the ROE a separate MRBA page, or addressing these matters on the Examination Conclusions and Comments page.
4 FDIC Chairman Martin J. Gruenberg, Opening Statement on the Fourth Quarter 2013 Quarterly Banking Profile,February 26, 2014. http://www.fdic.gov/news/news/speeches/spfeb2614.html.
5 FIL-13-2010, “Funding and Liquidity Risk Management Interagency Guidance,” April 5, 2010. http://www.fdic.gov/news/news/financial/2010/fil10013.html.
6 See Andrew D. Carayiannis, “Interest-Rate Risk Management,” Supervisory Insights, Winter 2013 http://www.fdic.gov/regulations/examinations/supervisory/insights/siwin13/siwinter13-article1.pdf.
7 FIL-2-2010, “Financial Institution Management of Interest Rate Risk,” January 20, 2010, http://www.fdic.gov/news/news/financial/2010/fil10002.html, FIL-2-2012, “Interest Rate Risk Management: Frequently Asked Questions,” January 12, 2012, http://www.fdic.gov/news/news/financial/2012/fil12002.html, and FIL-46-2013, “Managing Sensitivity to Market Risk in a Challenging Interest Rate Environment,” October 8, 2013, http://www.fdic.gov/news/news/financial/2013/fil13046.html.
8 Interest Rate Risk video, Directors’ Resource Center, Virtual Directors’ College Program http://www.fdic.gov/regulations/resources/director/virtual/irr.html.
9 Interest Rate Risk video, Directors’ Resource Center, Technical Assistance Video Program http://www.fdic.gov/regulations/resources/director/technical/irr.html.
10 Information Technology video, Directors’ Resource Center, Virtual Directors’ College Program https://www.fdic.gov/regulations/resources/director/video.html.
11 FIL-13-2014, “Technology Outsourcing: Informational Tools for Community Bankers,” April 7, 2014, http://www.fdic.gov/news/news/financial/2014/fil14013.html.