Skip Header
U.S. flag

An official website of the United States government

Supervisory Insights

Winter 2006 Vol. 3, Issue 2 - Table of Contents

Last Updated: July 11, 2023

Supervisory Insights - Winter 2006 - PDF

Letter from the Director


Incident Response Programs: Don't Get Caught Without One

The media has been filled with stories of data compromises and security breaches at all types of organizations. A security incident can damage corporate reputations, cause financial losses, and foster identity theft, and banks are increasingly becoming targets for attack because they hold valuable data that, when compromised, allow criminals to steal an individual's identity and drain financial accounts. To mitigate the effects of security breaches, organizations are finding it necessary to develop formal incident response programs (IRPs). This article highlights the importance of IRPs to a bank's information security program and provides information on required content and best practices banks may consider when developing effective response programs.

Chasing the Asterisk: A Field Guide to Caveats, Exceptions, Material Misrepresentations, and Other Unfair or Deceptive Acts or Practices

Although the vast majority of FDIC-supervised institutions adhere to a high level of professional conduct, the FDIC has seen an increase in violations of Section 5 of the Federal Trade Commission Act (FTC Act), which prohibits unfair or deceptive practices in or affecting commerce. The Act applies to all aspects of financial products and services, and this increase in violations may be the result of increased competition among financial institutions, along with a growing dependence on fee income, expansion into the subprime market, and the increase in the number of products with complex structures and pricing. This article outlines how examiners identify and address acts or practices that may violate the prohibition against unfair or deceptive acts or practices, and it provides information to help financial institutions assess their products and services and develop a plan to avoid violations of Section 5 of the FTC Act.

Understanding BSA Violations

While most insured financial institutions have an adequate system of BSA controls, high-profile cases in which large civil money penalties have been assessed for noncompliance with the BSA highlight the importance of banks' efforts to ensure compliance with the BSA and its implementing rules. Shortfalls in BSA controls can result in violations of the BSA and the implementing rules being cited in Reports of Examination. This article highlights recent USA PATRIOT Act changes, discusses the types of BSA-related violations cited in examination reports, and clarifies the difference between a significant BSA program breakdown and technical problems in financial institutions. The article also provides examples of best practices for maintaining strong BSA and Anti-Money Laundering compliance programs.

Regular Features

From the Examiner’s Desk . . . Examiners Report on Commercial Real Estate Underwriting Practices

Banks are becoming increasingly reliant on commercial real estate (CRE) lending, and, in some markets, underwriting and administration of such loans have deteriorated in the effort to gain market share. This article provides an update on CRE lending nationwide by looking at examples of bank policies and practices in CRE concentrations and presenting best practices for identifying, monitoring, and controlling such risk.

Accounting News: Auditor Independence

When CPAs and their firms provide certain services that require them to be independent, such as audits of financial statements and audits of internal control over financial reporting, they are referred to as independent public accountants, independent auditors, or external auditors. But what does "independence" mean when external auditors provide these services? This article summarizes existing professional standards for auditor independence, including recent developments on tax services and contingent fees as well as the use of limitation of liability clauses in engagement letters.

Regulatory and Supervisory Roundup

This feature provides an overview of recently released regulations and supervisory guidance.

Supervisory Insights

Supervisory Insights is published by the Division of Supervision and Consumer Protection of the Federal Deposit Insurance Corporation to promote sound principles and best practices for bank supervision.

Sheila C. Bair
Chairman, FDIC

Sandra L. Thompson
Director, Division of Supervision and Consumer Protection

Journal Executive Board

George French, Deputy Director and Executive Editor
Christopher J. Spoth, Senior Deputy Director
John M. Lane, Deputy Director
Robert W. Mooney, Acting Deputy Director
William A. Stark, Deputy Director
John F. Carter, Regional Director
Doreen Eberley, Acting Regional Director
Stan R. Ivie, Regional Director
James D. LaPierre, Regional Director
Sylvia H. Plunkett, Regional Director
Mark S. Schmidt, Regional Director

Journal Staff

Bobbie Jean Norris
Managing Editor

Christy C. Jacobs
Financial Writer

Eloy A. Villafranca
Financial Writer

Supervisory Insights is available online by visiting the FDIC’s website at To provide comments or suggestions for future articles, request permission to reprint individual articles, or to request print copies, send an e-mail to

The views expressed in Supervisory Insights are those of the authors and do not necessarily reflect official positions of the Federal Deposit Insurance Corporation. In particular, articles should not be construed as definitive regulatory or supervisory guidance. Some of the information used in the preparation of this publication was obtained from publicly available sources that are considered reliable. However, the use of this information does not constitute an endorsement of its accuracy by the Federal Deposit Insurance Corporation.