The Office of Inspector General’s
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
December 2007 This Business Plan reflects the Office of Inspector General’s (OIG) continuing efforts to clearly articulate and carry out an integrated series of quality audits, evaluations, investigations, and internal organizational activities in service to the Federal Deposit Insurance Corporation (FDIC), the Congress, the public, and other key stakeholders. In 2006, we adopted a new business planning framework to better align our work with the Corporation’s strategic goals and related activities. For 2007 and 2008, we reexamined our mission and vision, validated our strategic goals, and developed performance goals—both qualitative and quantitative—and key efforts to continue to support those agreed-upon strategic goals.
The future holds many challenges for the FDIC and for the OIG. My office stands ready to address those challenges, as demonstrated in our planned work for fiscal year 2008, and we welcome feedback on our efforts throughout the coming year. [Electronically produced version; original signed by Jon T. Rymer] Jon T. Rymer Inspector General |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
****JavaScript based drop down DHTML menu generated by NavStudio. (OpenCube Inc. - http://www.opencube.com)****
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Mission and Vision The FDIC OIG is an independent and objective unit established under the Inspector General Act of 1978, as amended (IG Act). The OIG’s mission is to promote the economy, efficiency, and effectiveness of FDIC programs and operations, and protect against fraud, waste, and abuse to assist and augment the FDIC’s contribution to stability and public confidence in the nation’s financial system. In carrying out its mission, the OIG conducts audits, evaluations, and investigations; reviews existing and proposed legislation and regulations; and keeps the FDIC Chairman and the Congress currently and fully informed of problems and deficiencies relating to FDIC programs and operations. In addition to the IG Act, the OIG also has statutory responsibilities to evaluate the FDIC’s information security program and practices under the provisions of the Federal Information Security Management Act of 2002, to evaluate privacy and data protection matters under Section 522 of the Consolidated Appropriations Act of 2005, and to perform material loss reviews of failed FDIC-supervised depository institutions under the provisions of the Federal Deposit Insurance Corporation Improvement Act of 1991. Our vision is to be a quality-focused FDIC team that promotes excellence and trust in service to the Corporation and the public interest. Strategic Goals and Performance Measures The OIG has reviewed the FDIC operating environment looking at long-term and short-term issues facing the Corporation, as well as areas where significant change has occurred or is occurring. As part of the FDIC’s annual reporting process, we develop “Management and Performance Challenges” reflecting significant issues that the Corporation faces in carrying out its mission. We also meet with congressional staff and monitor the issues facing the Congress in its hearings and reports. The OIG has hosted conferences on “Emerging Issues” with participants from other OIGs of financial regulatory agencies, the Government Accountability Office (GAO), regulatory agency officials, and congressional staff. We also maintain ongoing dialogue with the FDIC’s senior leadership and met with FDIC executives to discuss their areas of challenge and concern for 2008. We believe that this process has resulted in OIG strategic goals that are mission-related and outcome-oriented, and that will contribute to the achievement of the FDIC’s mission. To help accomplish our mission and achieve our vision, the OIG has established six strategic goals. Five of these strategic goals, which are our external goals, relate to the FDIC’s programs and activities. These goals are as follows: The OIG will
In addition, we have established a sixth (internal) strategic goal:
We have developed qualitative performance measures that reflect mission-related goals and outcomes. These complement our quantitative performance measures. Each qualitative performance goal includes a set of key efforts representing ongoing work or work to be undertaken during 2008 in support of the goal. Also, potential outcomes have been identified for each performance goal to highlight the improvements that may result from these key efforts. We will measure our success in meeting our qualitative goals by having OIG senior management assess the extent to which we accomplish the work described in the key efforts under each goal. As part of our assessment, senior management will consider the amount of work conducted and the results and recommendations made for each key effort, and then determine whether the overall body of work produced adequately achieves or addresses the related goal. We are also continuing to use a streamlined list of quantitative measures that emphasize outcomes and results. These measures include financial benefits resulting from our audits, evaluations, and investigations; positive changes resulting from our recommendations (e.g., improved FDIC policies, practices, processes, systems, or controls); investigation actions (e.g., indictments, convictions, employee actions); recommendations implemented; and timeliness and cost-effectiveness of our work and related products. Together, our qualitative and quantitative performance measures will help us determine the degree to which the OIG’s work provides timely, quality support to the Congress, the Chairman, other FDIC officials, the banking industry, and the public. We will periodically assess the results of our performance and the appropriateness of our performance measures and goals, and make changes, as warranted. OIG Resources ManagementUnder Goal 6, our plan presents a number of initiatives to improve the quality and effectiveness of OIG processes and products. Our key efforts have a strategic importance for the OIG to ensure that we produce high-quality work, operate effectively, maintain our independence, and sustain the positive working relationships that we have established with our stakeholders. Means and Strategies To achieve our strategic and performance goals, we provide objective, fact-based information and analysis to the Congress, the FDIC Chairman, other FDIC officials, and the Department of Justice. This effort typically involves our audits, evaluations, or criminal investigations conducted pursuant to the IG Act and in accordance with applicable professional standards. We also make contributions to the FDIC in other ways, such as reviewing and commenting on proposed corporate policies and draft legislation and regulations; participating as advisors in joint projects with management; providing technical assistance and advice on various issues such as information technology, strategic planning, risk management, and human capital; and participating in internal FDIC conferences and seminars. In planning and budgeting our resources, we use an enterprise-wide risk assessment and planning process that considers current and emerging industry trends, and corporate programs, operations, and risks. Our audit and evaluation plans, which outline planned audit and evaluation coverage for the coming year, are based in part on the OIG’s assessment of risks to the FDIC in meeting its strategic goals and objectives. This risk-based assessment process is linked to the Corporation’s program areas and the OIG’s identification of management and performance challenges in those areas. In formulating our assignment plans, we solicit input from senior FDIC management and members of the FDIC Audit Committee, as well as the Congress. Conducting investigations of activities that may harm or threaten to harm the operations or integrity of the FDIC and its programs is a key activity for achieving our goals. These investigations involve fraud at financial institutions, obstruction of FDIC examinations, misrepresentations of deposit insurance coverage, identity theft crimes, concealment of assets by FDIC debtors, or criminal or other serious misconduct on the part of FDIC employees or contractors. In conducting our investigations, we coordinate and work closely with U.S. Attorneys’ Offices, other law enforcement organizations, and FDIC divisions and offices. The OIG also operates an Electronic Crimes Unit (ECU) and laboratory in Washington, D.C. The ECU is responsible for conducting computer-related investigations and providing computer forensic support to investigations nationwide. We also manage the OIG Hotline for FDIC employees, contractors, and others to report allegations of fraud, waste, abuse, and mismanagement via a toll-free number or e-mail. Another means of ensuring we achieve our goals is to maintain positive working relationships with the Congress, the Chairman, FDIC officials, and other OIG stakeholders. We provide timely, complete, and high-quality responses to congressional inquiries and communicate regularly with the Congress about OIG work and its conclusions. Also, the OIG communicates with the Chairman, Vice Chairman, other Board Members, and senior executives through briefings about ongoing and completed work and is a regular participant at Audit Committee meetings. The OIG also places a high priority on building strong alliances with GAO, the President’s Council on Integrity and Efficiency (PCIE), the Executive Council on Integrity and Efficiency (ECIE), and other agencies’ Offices of Inspector General. Human CapitalThe OIG’s employees are our most important resource for accomplishing our mission and achieving our goals. For that reason, we strive to operate a human resources program that attracts, develops, motivates, rewards, and retains a highly skilled, diverse, and capable staff. The OIG staff is comprised of auditors, criminal investigators, attorneys, program analysts, computer specialists, and administrative personnel. The OIG staff holds numerous advanced educational degrees and possesses a number of professional licenses and certificates. To maintain professional proficiency, each of our staff attains an average of about 55 hours of continuing professional education and training annually. Like much of the FDIC, the OIG has been downsizing its staff for several years in response to changes in the banking industry that have resulted in bank consolidations and improved financial health and the near completion of resolutions of failed institutions during the banking and thrift crises of the 1980s and early 1990s. Overall OIG staffing will have decreased from the authorized level of 190 in fiscal year 2003 to an authorized level of 127 in fiscal year 2008. Information TechnologyWe strive to closely link information technology (IT) planning and investment decisions to our mission and goals, thus helping ensure that OIG managers and staff have the IT tools and services they require to successfully and productively perform their work. We want to enable our managers and staff, through reliable and modern technology, to maximize productivity and responsiveness. To help realize this goal and vision, our strategy will be to pursue IT solutions that optimize our effectiveness and efficiency, connectivity, reliability, and security, and employ best practices in managing our IT systems, services, and investments. In 2008, we plan to explore ways to leverage the various IT resources of our component offices. Relationship of the OIG to the FDICThe IG Act, as amended, makes the OIG responsible for keeping both the FDIC Chairman and the Congress fully and currently informed about problems and deficiencies relating to FDIC programs and operations. This dual reporting responsibility makes our role unique at the FDIC and can present a number of challenges for establishing and maintaining an effective working relationship with management. Although we are an integral part of the Corporation, unlike any other FDIC division or office, our legislative underpinning requires us to operate as an independent and objective oversight unit at the same time. As such, a certain amount of tension with the Corporation may be inherent in the nature of our mission. Notwithstanding, the OIG has established a cooperative and productive relationship with the Corporation by fostering open and honest communication; building relationships based upon mutual respect; conducting our work in an objective and professional manner; and recognizing and addressing the risks, priorities, and needs of the FDIC. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The Corporation’s bank supervision program promotes the safety and soundness of FDIC-supervised insured depository institutions. As of September 30, 2007, the FDIC was the primary federal regulator for 5,210 FDIC-insured, state-chartered institutions that were not members of the Federal Reserve System (generally referred to as “state non-member” institutions). The Department of the Treasury (the Office of the Comptroller of the Currency and the Office of Thrift Supervision) or the Federal Reserve Board supervise other banks and thrifts, depending on the institution’s charter. The Corporation also has back-up examination authority to protect the interests of the deposit insurance fund for more than 3,400 national banks, state-chartered banks that are members of the Federal Reserve System, and savings associations. The examination of the banks that it regulates is a core FDIC function. The Corporation’s year-to-date information reports that through September 30, 2007, the Corporation had conducted 1,706 safety and soundness examinations. Through this process, the FDIC assesses the adequacy of management and internal control systems to identify, measure, and control risks; and bank examiners judge the safety and soundness of a bank’s operations. The examination program employs risk-focused supervision for banks. According to examination policy, the objective of a risk-focused examination is to effectively evaluate the safety and soundness of the bank, including the assessment of risk management systems, financial condition, and compliance with applicable laws and regulations, while focusing resources on the bank’s highest risks. In the event of an insured depository institution failure, the Federal Deposit Insurance (FDI) Act, requires the cognizant OIG to perform a review when the deposit insurance fund incurs a material loss. The FDIC OIG performs the review if the FDIC is the primary regulator of the institution. The Department of the Treasury OIG and the OIG at the Board of Governors of the Federal Reserve System perform reviews when their agencies are the primary regulators. These reviews identify what caused the material loss, evaluate the supervision of the federal regulatory agency (including compliance with the Prompt Corrective Action requirements of the Federal Deposit Insurance Act), and propose recommendations to prevent future failures. A loss is considered material to the insurance fund if it will exceed $25 million and 2 percent of the failed institution’s total assets. During the past fiscal year, the failure of FDICMetropolitan Bank in February 2007 did not meet the materiality threshold for the OIG to conduct a material loss review. The OIG, however, must be prepared to conduct such a review, as necessary, and will work with the Division of Supervision and Consumer Protection (DSC) and the Division of Resolutions and Receiverships (DRR) to ensure such readiness. Bank regulators, both domestically and internationally, have devised new standards for bank capital requirements commonly referred to as Basel IA and Basel II. The intent of Basel II is to more closely align regulatory capital with risk in large or multinational banks. In conjunction with the transition to Basel II, the FDIC and the other federal bank regulatory agencies are pursuing a more risk-sensitive capital framework for the institutions that are not subject to or that opt out of Basel II. This new Basel IA capital framework seeks to minimize potential inequities between large and small banks resulting from Basel II implementation while maintaining adequate capital levels and avoiding undue burden on the affected institutions. The OIG’s investigators play a key role in helping to ensure the nation’s banks operate safely and soundly. All financial institutions today are at risk of being used to facilitate criminal activities, including money laundering and terrorist financing. The Corporation needs to guard against a number of financial crimes and other threats, including money-laundering, terrorist financing, data security breaches, and financial institution fraud. Bank management is the first line of defense against fraud, and the banks’ independent auditors are the second line of defense. Because fraud is both purposeful and hard to detect, it can significantly raise the cost of a bank failure, and examiners must be alert to the possibility of fraudulent activity in financial institutions. The OIG’s Office of Investigations (OI) works closely with FDIC management in DSC and the Legal Division to identify and investigate financial institution crime, especially various types of fraud. OIG investigative efforts are concentrated on those cases of most significance or potential impact to the FDIC and its programs. The goal, in part, is to bring a halt to the fraudulent conduct under investigation, protect the FDIC and other victims from further harm, and assist the FDIC in recovery of its losses. Pursuing appropriate criminal penalties not only serves to punish the offender but can also deter others from participating in similar crimes. Since the terrorist attacks of September 11, 2001, the Federal Bureau of Investigation (FBI) has no longer been able to devote the same level of resources to financial institution fraud cases. U.S. Attorneys’ Offices and FBI Offices throughout the country are increasingly relying on the FDIC OIG to handle such cases. The OIG is also receiving more referrals of financial institution fraud matters from DSC. Our criminal investigations can also be of benefit to the FDIC in pursuing enforcement actions to prohibit offenders from continued participation in the banking system. The mutually beneficial working relationships we have established with others in the FDIC have reaped valuable benefits. When investigating instances of financial institution fraud, the OIG also defends the vitality of the FDIC’s examination program by investigating associated allegations or instances of criminal obstruction of bank examinations and by working with U.S. Attorneys’ Offices to bring these cases to justice. The OIG’s investigations of financial institution fraud currently constitute approximately 80 percent of the OIG’s investigation caseload. The OIG is also committed to continuing its involvement in interagency forums addressing fraud. Such groups include national and regional bank fraud, check fraud, mortgage fraud, cyberfraud, identity theft, and anti-phishing working groups. Additionally, the OIG engages in industry outreach efforts to keep financial institutions informed on fraud-related issues and to educate bankers on the role of the OIG in combating financial institution fraud. Under the Bank Secrecy Act (BSA), banks must file a Currency Transaction Report (CTR) with the Treasury Department for each transaction over $10,000 or multiple cash transactions by any individual in one business day or over the period of a day aggregating over $10,000. The BSA also requires banks to file Suspicious Activity Reports (SARs) when suspected money laundering or BSA violations occur. Although the Department of the Treasury has overall authority for BSA enforcement and compliance, the Financial Crimes Enforcement Network (FinCEN), created in 1990, has delegated authority to administer the BSA. FinCEN maintains automated systems from which DSC examiners can download information on CTRs and SARs filed by FDIC-supervised institutions. The filing and use of SARs and CTRs has been the subject of significant regulatory, congressional, and banking community interest. Our establishment of a data base of SARs has augmented our capability to coordinate with the Corporation and search and sort data from FinCEN and assist OIG investigations and DSC enforcement actions. In the upcoming year, we will continue to refine our SAR database to maximize its usefulness to support investigations and FDIC enforcement activities. The OIG’s role under this strategic goal is conducting audits and evaluations that review the effectiveness of various FDIC programs and examination processes aimed at providing continued stability to the nation’s banks. Areas of focus for 2008 include the CAMELS ratings process, examiner assessment of interest rate risk, aspects of non-traditional mortgage products, and FDIC activiites addressing liquidity risks. Another major means of achieving this goal will be through investigations of fraud at FDIC-supervised institutions; fraud by bank officers, directors, or other insiders; fraud leading to the failure of an institution; fraud impacting multiple institutions; and fraud involving monetary losses that could significantly impact the institution. 2008 Performance Goals: To assist the FDIC to ensure the nation’s banks operate safely and soundly, the OIG will
Key Efforts and Potential Benefits
Ongoing audit and evaluation key efforts related to this strategic goal that will carry over to FY 2008 include the following:
Key Efforts and Potential Benefits
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Federal deposit insurance remains a fundamental part of the FDIC’s commitment to maintain stability and public confidence in the Nation’s financial system. A priority for the FDIC is to ensure that the Deposit Insurance Fund remains viable to protect depositors in the event of an institution’s failure. To maintain sufficient DIF balances, the FDIC collects risk-based insurance premiums from insured institutions and invests deposit insurance funds. The FDIC, in cooperation with the other primary federal regulators, proactively identifies and evaluates the risk and financial condition of every insured depository institution. The FDIC also identifies broader economic and financial risk factors that affect all insured institutions. The FDIC is committed to providing accurate and timely bank data related to the financial condition of the banking industry. Industry-wide trends and risks are communicated to the financial industry, its supervisors, and policymakers through a variety of regularly produced publications and ad hoc reports. Risk-management activities include approving the entry of new institutions into the deposit insurance system, off-site risk analysis, assessment of risk-based premiums, and special insurance examinations and enforcement actions. In light of increasing globalization and the interdependence of financial and economic systems, the FDIC also supports the development and maintenance of effective deposit insurance and banking systems world-wide. Primary responsibility for identifying and managing risks to the Deposit Insurance Fund lies with the FDIC’s Division of Insurance and Research, DSC, and DRR. To help integrate the risk management process, the FDIC established the National Risk Committee (NRC), a cross-divisional body. Also, a Risk Analysis Center monitors emerging risks and recommends responses to the NRC. In addition, a Financial Risk Committee focuses on how risks impact the Deposit Insurance Fund and financial reporting. The consolidation of the banking industry has resulted in fewer and fewer financial institutions controlling an ever expanding percentage of the Nation’s financial assets. While over 90 percent of U.S. banks and thrifts are small community-based institutions, the 25 largest banking organizations hold about 71 percent of the industry’s assets. The FDIC is the primary federal regulator for none of these large financial institutions. In recent years, the FDIC has taken a number of measures to strengthen its oversight of the risks to the insurance fund posed by the largest institutions, and its key programs include the following:
During 2007, the OIG conducted audits of both the Dedicated Examiner Program and the Shared National Credit Program and reported positive findings on both. The Congress enacted deposit insurance reform in early 2006 that gives the FDIC more discretion in managing the DIF and allows the Corporation to better price deposit insurance based on risk. In October 2006, the Board of Directors approved a final rule to implement a one-time assessment credit to banks and thrifts. The credit is being used to offset future assessments charged by the FDIC and recognizes contributions that certain institutions made to capitalize the funds during the first half of the 1990s. In November 2006, the Board also adopted a final rule on the pricing structure and approved a more risk-sensitive framework for the 95 percent of insured institutions that are well-capitalized and well managed. The OIG’s audit work for 2008 envisions an audit of the Corporation’s investment management practices related to the Deposit Insurance Fund, a review of the Corporation’s off-site monitoring activities, and an audit addressing the FDIC’s receipt of savings association subsidiary notices. We will also evaluate an important aspect of deposit insurance reform implementation, specifically, invoicing and collecting deposit insurance assessments. We would note that investigative activity described in Goal 1 also fully supports the strategic goal of helping to maintain the viability of the DIF. The OIG’s efforts often lead to successful prosecutions of fraud in financial institutions, and/or fraud that can cause losses to the fund. 2008 Performance Goals: To help the FDIC maintain the viability of the deposit insurance fund, the OIG will
Key Efforts and Potential Benefits
Key Efforts and Potential Benefits
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Consumer protection laws are important safety nets for Americans. The U.S. Congress has long advocated particular protections for consumers in relationships with banks. For example:
The FDIC serves a number of key roles in the financial system and among the most important is the FDIC’s work in ensuring that banks serve their communities and treat consumers fairly. The FDIC carries out its role by providing consumers with access to information about their rights and disclosures that are required by federal laws and regulations and examining the banks where the FDIC is the primary federal regulator to determine the institutions’ compliance with laws and regulations governing consumer protection, fair lending, and community investment. As of September 30, 2007, the Corporation had conducted 1,347 compliance and Community Reinvestment Act examinations during 2007. The FDIC’s Consumer Response Center is responsible for investigating consumer complaints about FDIC-supervised institutions and responding to consumer inquiries about consumer laws and regulations and banking practices. As the FDIC Chairman pointed out in September 2007 testimony before the House Committee on Financial Services, recent events in the credit and mortgage markets present regulators, policymakers, and the financial services industry with serious challenges. In that testimony, the Chairman committed to working with the Congress and others to ensure that the banking system remains sound and that the broader financial system is positioned to meet the credit needs of the economy, especially the needs of creditworthy households that may experience distress. Another important FDIC initiative and a priority for the FDIC Chairman is promoting expanded opportunities for the underserved banking population in the United States to enter and better understand the financial mainstream. On June 29, 2007, the federal bank, thrift, and credit union regulatory agencies issued the Statement on Subprime Mortgage Lending to address issues relating to certain adjustable-rate mortgage products that can result in payment shock. The statement describes prudent safety and soundness and consumer protection standards that institutions should follow to ensure borrowers obtain loans they can afford to repay. The agencies also published illustrations of consumer information designed to help institutions implement the consumer protection portion of the Interagency Guidance on Nontraditional Mortgage Product Risks. The illustrations should help consumers better understand nontraditional mortgage products and associated payment options. Consumers today are also concerned about data security and financial privacy. Banks are increasingly using third-party servicers to provide support for core information and transaction processing functions. Of note, the increasing globalization and cost saving benefits of the financial services industry are leading many banks to make greater use of foreign-based service providers. Although generally permissible, this outsourcing practice raises certain risks. The obligations of a financial institution to protect the privacy and security of information about its customers under applicable U.S. laws and regulations remain in full effect when the institution transfers the information to either a domestic or foreign-based service provider. Every year fraud schemes rob depositors and financial institutions of millions of dollars. The OIG’s OI can identify, target, disrupt, and dismantle criminal organizations and individual operations engaged in fraud schemes that target our financial institutions or that prey on the banking public. OIG investigations have identified multiple schemes that defraud depositors. Common schemes range from identity fraud to Internet scams such as “phishing” and “pharming.” The misuse of the FDIC’s name and/or logo has also been identified as a scheme to defraud depositors. Such misrepresentations have led depositors to invest on the strength of FDIC insurance while misleading them as to the true nature of the investment products being offered. These depositors, who are often elderly and dependent on insured savings, have lost millions of dollars in the schemes. Further, abuses of this nature may erode public confidence in federal deposit insurance. Investigative work related to such fraudulent schemes is ongoing and will continue. With the help of sophisticated technology, the OIG’s Electronic Crimes Unit (ECU) will continue to work with FDIC divisions and other federal agencies to help with the detection of new fraud patterns and combat existing fraud. Coordinating closely with the Corporation’s DRR and the various U.S. Attorneys’ Offices, the OIG will help to sustain public confidence in federal deposit insurance and goodwill within financial institutions The OIG’s role under this strategic goal is conducting audits, evaluations, and investigations to review the effectiveness of various FDIC programs aimed at protecting consumer rights and ensuring customer data security and privacy. We have several audits ongoing or planned to address various aspects of mortgage lending and institutions’ consumer credit underwriting practices. We also plan evaluation coverage of the Consumer Response Center and will continue to conduct investigations of fraudulent schemes that target financial institutions and the public. 2008 Performance Goals: To assist the FDIC to protect consumer rights and ensure customer data security and privacy, the OIG will
Key Efforts and Potential Benefits
Ongoing audit and evaluation key efforts related to this strategic goal that will carry over to FY 2008 include the following:
Key Efforts and Potential Benefits
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The United States provides protection to depositors in its banks, savings and loan associations, and credit unions. The FDIC plays a key role in this regard. Among its various functions, the FDIC seeks the least costly resolution strategy and acts as the receiver or liquidating agent for failed FDIC-insured institutions. The success of the FDIC’s efforts in resolving troubled institutions has a direct impact on the banking industry and on the taxpayers. DRR exists to plan and efficiently handle the resolutions of failing FDIC-insured institutions and to provide prompt, responsive, and efficient administration of failing and failed financial institutions in order to maintain confidence and stability in our financial system.
The FDIC’s resolution and receivership activities pose tremendous challenges. Today record profitability and capital in the banking industry have led to a substantial decrease in the number of financial institution failures compared to prior years. However, as indicated by the trends in mergers and acquisitions, banks are becoming more complex, and the industry is consolidating into larger organizations. As a result, the FDIC could potentially have to handle a failing institution with a significantly larger number of insured deposits than it has had to deal with in the past. Although there have been far fewer failures in recent years, DRR must be ready to resolve troubled institutions and is, in fact, continuing to focus on its ability to resolve institutions of any size. According to FDIC analysis, the failures of the 1980s and early 1990s were concentrated in the energy, agriculture, and commercial real estate sectors. In contrast, more recent bank failures are largely attributable to fraud, mismanagement, improper accounting and reporting practicies, and losses related to investments in sub-prime lending. The change between how the FDIC handled resolutions and receiverships 20 years ago and how it will be handling them 20 years from now will be largely based on learning to anticipate and plan, instead of reacting. Through the development of new resolution strategies within the various DRR business lines, the FDIC must set far-reaching plans for the future to keep pace with a changing industry. DRR has developed models to train FDIC staff and prepare for differing circumstances. One major corporate initiative was the Corporation’s 2007 Strategic Readiness Project. The purpose of the project was to create a simulation that would stress the decision-making associated with a large bank failure, enhance the FDIC’s ability to determine an effective resolution strategy, advance knowledge of the process, and identify lessons learned. The OIG monitored the simulation, and insights gained have helped in planning work for this goal area in 2008. From an investigative standpoint, the OIG coordinates closely with DRR, with special attention to various types of financial institution fraud and related crimes, including concealment of assets. In many instances, the individuals do not have the means to pay. However, a few individuals do have the means to pay but hide their assets and/or lie about their ability to pay. OI works closely with DRR and the Legal Division in aggressively pursing criminal investigations of these individuals. In the case of bank closings where fraud is suspected, OI is prepared to send case agents and computer forensic special agents from the ECU to the institution. Agents use different investigative tools to provide computer forensic support to OI’s investigations by obtaining, preserving, and later examining evidence from computers at the bank. The OIG’s role under this strategic goal is conducting audits and evaluations that assess the effectiveness of the FDIC’s various programs designed to ensure that the FDIC is ready to and does respond promptly, efficiently, and effectively to financial institution closings. For 2008, we have two evaluations planned related to potential bank failures. One will evaluate the Corporation’s approach to contingency contracts to assist in resolution activities. The other will look more closely at the FDIC’s planning and preparation for challenges associated with closing a large bank. The OIG itself will be looking at its own protocols for responding in the event of a large bank or multiple bank failures. Additionally, the OIG’s investigative authorities will be used to pursue instances where fraud has contributed to the bank failure or where fraud is committed to avoid paying the FDIC civil settlements, court-ordered restitution, and other payments as the institution receiver. The OIG will also continue to work with FDIC officials to keep current with ongoing efforts of DRR and the Corporation as a whole, to sustain proficiency in resolution activity and to prepare for the possibility of a large institution failure or multiple failures caused by a single catastrophic event. 2008 Performance Goals: To help ensure the FDIC is ready to resolve failed banks and effectively manages receiverships, the OIG will:
Key Efforts and Potential Benefits
Key Efforts and Potential Benefits
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The FDIC must effectively manage and utilize a number of critical strategic resources in order to carry out its mission successfully, particularly its human, financial, IT, and physical resources. Human Capital Resources: In the aftermath of corporate downsizing, and in light of a growing number of employees with retirement eligibility, the FDIC was faced with significant human capital challenges. The FDIC established a new human capital framework and strategy to guide its planned evolution toward a more flexible permanent workforce that will be capable of responding rapidly to significant changes in the financial services industry or unexpected changes in workload or priorities. The implementation of the Corporate Employee Program, (CEP) the Succession Management Program, and the Leadership Development Program are initiatives to that end. To cross-train employees and build a more diverse and ready workforce, the FDIC also created the Professional Learning Account (PLA) program in 2007 to allocate time and money for each qualified employee to manage, in partnership with the employee’s supervisor, the employee’s learning goals. OIG work planned for 2008 includes an evaluation of the CEP program. With corporate downsizing has come, in many instances, increased reliance on contracted services and potential increased exposure to risk if contracts are not managed properly. Processes and related controls for identifying needed goods and services, acquiring them, and monitoring contractors after contract award must be in place and work effectively. As a good steward, the FDIC must ensure it receives the goods and services purchased with corporate funds. Further, the FDIC must have mechanisms in place to periodically evaluate the continuing need for contracts and determine whether there are corporate contracts that can be eliminated. During 2007, the OIG conducted several evaluations in the contracting area. In one, we evaluated the Corporation’s process for issuing task orders under a $554.8 million IT application basic services ordering agreement. In another, we assessed contract administration. In 2008, our focus will include performance-based contracting and FDIC benefits contracts. We will also audit the Corporation’s oversight of a significant infrastructure services contract. The achievement of the FDIC’s mission, in large part, depends upon employees and contractors who uphold values of integrity, honesty, and a commitment to maintain the public’s trust and confidence in the Corporation. In order to promote a working environment that embraces such values, there must be means in which misconduct is identified and handled appropriately. To foster a working environment of high integrity, it is also critical that employees and contractors receive ethics and conduct training. As a means of ensuring employee integrity, the OIG investigates allegations of serious crimes, misconduct, or ethical violations on the part of FDIC employees. The OIG also maintains a Hotline to field such concerns from others. Financial Resources: The Corporation does not receive an annual appropriation, except for its OIG, but rather is funded by the premiums that banks and thrift institutions pay for deposit insurance coverage, the sale of assets recovered from failed banks and thrifts, and from earnings on investments in U.S. Treasury securities. The FDIC Board of Directors approves an annual Corporate Operating Budget to fund the operations of the Corporation. The operating budget provides resources for the operations of the Corporation’s three major programs or business lines—Insurance, Supervision, and Receivership Management—as well as its major program support functions (legal, administrative, financial, IT, etc.). Program support costs are allocated to the three business lines so that the fully loaded costs of each business line are displayed in the operating budget approved by the Board. In addition to the Corporate Operating Budget, the FDIC has a separate Investment Budget that is composed of individual project budgets approved by the Board of Directors for major investment projects. Budgets for investment projects are approved on a multi-year basis, and funds for an approved project may be carried over from year to year until the project is completed. A number of the Corporation’s more costly IT projects are approved as part of the investment budget process. Expenditures from the Corporate Operating and Investment Budgets are paid from two funds managed by the FDIC—the Deposit Insurance Fund and the FSLIC Resolution Fund. The Board approved a $1.14 billion operating budget for 2008. IT Resources: At the FDIC, the Corporation seeks to leverage IT to support its business goals in insurance, supervision and consumer protection, and receivership management, and to improve the operational efficiency of its business processes. Along with the positive benefits that IT offers comes a certain degree of risk. In that regard, information security has been a long-standing and widely acknowledged concern among federal agencies. The E Government Act of 2002 recognized the importance of information security. Title III of the E Government Act, entitled the Federal Information Security Management Act (FISMA), requires each agency to develop, document, and implement an agency-wide information security program to provide adequate security for the information and information systems that support the operations and assets of the agency. Section 522 of the Consolidated Appropriations Act of 2005 requires agencies to establish and implement comprehensive privacy and data protection procedures and have an independent third-party review performed of their privacy programs and practices. The OIG has performed yearly evaluations of the Corporation’s information security and privacy programs and will do so again in 2008. We will also conduct a Section 522 review during the upcoming year. Improving project management is another ongoing business concern. In 2005, the Division of Information Technology (DIT) Program Management Office was established as a resource center for clients, executives, project managers, and project team members engaged in the operations and oversight of IT projects. DIT initiated a Program Management Office to establish standard, repeatable project management practices and improve the results of IT project management activities. Successful project management is highly dependent upon keeping decision-makers fully informed of the cost and status of projects. The OIG has a number of audit and evaluation projects planned in 2008 to promote the best and most secure use of IT at the FDIC. These include an evaluation of the controls related to upgrading and migrating the New Financial Environment (NFE) to a UNIX operating environment, and an evaluation of the use and management of Commercial off-the-Shelf software. Physical Resources: The FDIC employs approximately 4,500 people. It is headquartered in Washington, D.C., but conducts much of its business in six regional offices and in field offices throughout the United States. Ensuring the safety and security of the human and physical resources in those offices is a fundamental corporate responsibility that is directly tied to the Corporation’s successful accomplishment of its mission. Corporate Governance and Risk Management: To provide assurance that the FDIC is achieving its strategic goals and objectives, there must be gauges that track and measure the Corporation’s performance of its operations, activities, and initiatives. Furthermore, these gauges must be aligned with the Corporation’s strategic goals and objectives and be useful to FDIC management and stakeholders. Revised OMB Circular A-123, which became effective for fiscal year 2006, requires a strengthened process for conducting management’s assessment of the effectiveness of internal control over financial reporting. The circular also emphasizes the need for agencies to integrate and coordinate internal control assessments with other internal control-related activities and ensure that an appropriate balance exists between the strength of controls and the relative risk associated with particular programs and operations. During 2007, the OIG conducted a comprehensive evaluation of the FDIC’s enterprise risk management program in the interest of ensuring an effective and efficient approach to identifying and managing risks that could threaten the Corporation’s success. 2008 Performance Goals: To promote sound governance and effective stewardship and security of human, financial, IT, and physical resources, the OIG will
Key Efforts and Potential Benefits
Key Efforts and Potential Benefits
Key Efforts and Potential Benefits
Key Efforts and Potential Benefits
Key Efforts and Potential Benefits
Key Efforts and Potential Benefits
Ongoing audit and evaluation key efforts related to this strategic goal that will carry over to FY 2008 include the following:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
While the OIG’s work is focused principally on the FDIC’s programs and operations, we have an inherent obligation to hold ourselves to the highest standards of performance and conduct. Our performance and value to our clients and stakeholders is directly linked to the knowledge and abilities of our staff. As our individual and collective abilities increase, so do the performance capacity of our organization and value to clients and stakeholders. OIG Staff: To ensure a high-quality work environment, we must continuously invest in keeping staff knowledge and skills at a level equal to the work that needs to be done. Training and development plans are one means for ensuring that the OIG is making sound investments in staff development. While each staff member has the primary responsibility for managing his or her career, OIG supervisors and management play a key role in helping staff create and implement career development plans. In the past year, a number of OIG staff have participated in banking schools in various sectors of the country to enhance their understanding of the financial services industry. Others have pursued professional certifications to become more knowledgeable. An emerging issues symposium is another means of keeping OIG staff attuned to changes in the bank regulatory environment, and the OIG will be hosting such a symposium, along with the other federal regulatory IGs in November 2007. Also, a mentoring program that we implemented has proven beneficial to provide career and developmental guidance to some OIG staff. A committed leadership team is essential to our strategic goal to build and sustain a high-quality work environment. The OIG needs to develop its leaders for succession to sustain its effectiveness and excellence. OIG leaders must provide straightforward, honest, and constructive feedback about individual and organizational performance to employees. To that end, we have developed a number of tools and processes to add to the frequency and quality of performance feedback. Complementing the OIG workforce are contracted staff who can provide expertise beyond what we possess. We will be awarding an expert services contract in November 2007 to continue to enhance our existing workforce and assist us to build more quality into our work products. OIG Operations: To carry out its responsibilities, the OIG must be professional, independent, objective, fact-based, nonpartisan, fair, and balanced in all its work. Also, the Inspector General and OIG staff must be free both in fact and in appearance from personal, external, and organizational impairments to their independence. The OIG adheres to the Quality Standards for Federal Offices of Inspector General, issued by the PCIE and ECIE. Further, the OIG conducts its audit work in accordance with generally accepted Government Auditing Standards; its evaluations in accordance with PCIE Quality Standards for Inspections; and its investigations, which often involve allegations of serious wrongdoing that may involve potential violations of criminal law, in accordance with Quality Standards for Investigations established by the PCIE and ECIE, and procedures established by the Department of Justice. The Government Auditing Standards and PCIE/ECIE standards require organizations conducting audit and investigative work in accordance with the standards to have appropriate internal quality control systems in place and undergo an external quality control review. The external quality control reviews are conducted once every 3 years by an organization not affiliated with the OIG. IT has become an essential component of almost every OIG business operation. As a component of the FDIC, the OIG receives and will continue to receive support and services offered throughout the Corporation. Where operational independence is necessary to ensure completion of the OIG mission, the OIG independently undertakes IT initiatives as needed. For instance, OIG staff are connected to the FDIC computer network and carry out day-to-day functions within the Corporation’s firewall protections. In other areas, the OIG needs more independence. For example, we manage our own Internet site and content to ensure timely and complete dissemination of appropriate information. The OIG continuously looks for opportunities for improving our security, performance, and productivity with cost-effective computer equipment and software. Working Relationships: The IG Act, as amended, makes the OIG responsible for keeping both the FDIC Chairman and the Congress fully and currently informed about problems and deficiencies relating to FDIC programs and operations. This dual reporting responsibility is the framework within which IGs perform their functions, and serves as a legislative safety net that protects the OIG’s independence and objectivity. The OIG places a high priority on maintaining positive working relationships with the Chairman, other FDIC Board members, and FDIC officials. The OIG regularly communicates with the Chairman and Vice Chairman through briefings about ongoing and completed audits, evaluations, and investigations. The OIG is a regular participant at Audit Committee meetings where recently issued audit and evaluation reports are discussed. Other meetings occur throughout the year as OIG officials meet with division and office leaders and attend/participate in internal FDIC conferences. The OIG also places a high priority on maintaining positive relationships with the Congress and providing timely, complete, and high quality responses to congressional inquiries. In most instances, this communication would include semiannual reports to the Congress, letters for reporting serious problems, issued audit and evaluation reports, information related to completed investigations, comments on legislation and regulations, written statements for congressional hearings, contacts with congressional staff, responses to congressional correspondence, and materials related to OIG appropriations. The IGs appointed by the President and confirmed by the Senate are members of the PCIE. Historically, the FDIC OIG has fully supported and participated in PCIE activities, and will continue to do so in a number of ways in 2008. This organization
The OIG also fully supports activities of OIGs who are members of the Executive Council on Integrity and Efficiency. Additionally, the OIG meets with representatives of the Government Accountability Office (GAO) to coordinate work and minimize duplication of effort. The OIG also meets with representatives of the Department of Justice, including the FBI and U.S. Attorneys’ Offices, to coordinate our criminal investigative work and pursue matters of mutual interest. Regular meetings are held with the financial regulatory OIGs and other groups where the OIG has similar business interests. An Employee Advisory Group, made up of elected and/or appointed OIG staff, meets regularly and communicates employee views to the Inspector General on a wide variety of issues in a non-threatening environment. A Diversity Coordinator also helps promote corporate diversity initiatives in our workplace. OIG Planning, Budgeting, and Reporting: The FDIC OIG has its own strategic and annual planning processes independent of the Corporation’s planning process, in keeping with the independent nature of the OIG’s core mission. The Government Performance and Results Act of 1993 (GPRA) was enacted to improve the management, effectiveness, and accountability of federal programs. GPRA requires most federal agencies, including the FDIC, to develop a strategic plan that broadly defines the agency’s mission and vision, an annual performance plan that translates the vision and goals of the strategic plan into measurable objectives, and an annual performance report that compares actual results against planned goals. The OIG strongly supports GPRA and is fully committed to applying its principles of strategic planning and performance measurement and reporting to our operations. The OIG Strategic Plan and Annual Performance Plan, as presented in this Business Plan, lay the basic foundation for establishing goals, measuring performance, and reporting accomplishments consistent with the principles and concepts of GPRA. In the upcoming year, we will seek to better integrate risk management considerations in all aspects of OIG planning—both with respect to external and internal work. In that connection, the OIG recognizes that internal controls and systems are important components in the design and implementation of practices for accomplishing strategic and performance goals. Consequently, continuous assessments of risks and the internal controls in place to manage the risks are part of the OIG’s business strategies. Unlike the FDIC, which reports on a calendar year basis, the OIG receives a separate appropriation based on the typical government fiscal year ending September 30. Therefore, our performance planning and reporting is done on a September 30 fiscal year cycle. The fiscal year cycle is also consistent with the semiannual reporting periods prescribed by the IG Act. 2008 Performance Goals: To build and sustain a high-quality staff, effective operations, OIG independence, and mutually beneficial working relationships, the OIG will
Key Efforts and Potential Benefits
Key Efforts and Potential Benefits
Key Efforts and Potential Benefits
Key Efforts and Potential Benefits
Key Efforts and Potential Benefits
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The table below presents our FY 2008 targets for our quantitative performance measures. The table also reflects our performance during the last three fiscal years for these measures, where available. To establish targets for these measures, we examined what we have been able to achieve in the past and the external factors that influence our work, such as budgetary resources and staffing levels. OIG staffing and budgets, after adjusting for inflation, have continuously decreased during the past decade in response to changes in the banking industry and the FDIC. Consequently, some performance targets may be lower than previous years’ actual accomplishments to reflect the reduced work and staffing. OIG Quantitative Performance Measures and Targets
2 Benefits to the FDIC that cannot be estimated in dollar terms which result in improved services; statutes, regulations, or policies; or business operations and occurring as a result of work that the OIG has completed over the past several years. Includes outcomes from implementation of OIG audit/evaluation recommendations. 3 Fiscal year 2006 recommendations implemented by fiscal year-end 2008. 4 Indictments, convictions, informations, arrests, pre-trial diversions, criminal non-monetary sentencings, monetary actions, employee actions, and other administrative actions. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The FDIC OIG is comprised of five component offices as shown below. A brief description of the duties and responsibilities of each office is also shown. Office of Audits The Office of Audits provides the FDIC with professional audit and related services covering the full range of its statutory and regulatory responsibility, including major programs and activities. These audits are designed to promote economy, efficiency, and effectiveness and to prevent fraud, waste, and abuse in corporate programs and operations. This office ensures the compliance of all OIG audit work with applicable audit standards, including those established by the Comptroller General of the United States. It may also conduct external peer reviews of other OIG offices, according to the cycle established by the PCIE. The Office of Audits is organized into two primary Directorates: (1) Insurance, Supervision, and Receivership Management Audits and (2) Systems Management and Security Audits. Office of Evaluations and Management The Office of Evaluations evaluates, reviews, studies, or analyzes FDIC programs and activities to provide independent, objective information to facilitate FDIC management decision-making and improve operations. Evaluation projects are conducted in accordance with the PCIE Quality Standards for Inspections. Evaluation projects are generally limited in scope and may be requested by the FDIC Board of Directors, FDIC management, or the Congress. The Office of Management is the management operations arm of the OIG with responsibility for providing business support for the OIG, including financial resources, human resources, and IT support; strategic planning and performance measurement; internal controls; coordination of OIG reviews of FDIC proposed policy and directives; and OIG policy development. Office of Investigations The Office of Investigations (OI) carries out a comprehensive nationwide program for the prevention, detection, and investigation of criminal or otherwise prohibited activity that may harm or threaten to harm the operations or integrity of the FDIC and its programs. OI maintains close and continuous working relationships with the U.S. Department of Justice; the Federal Bureau of Investigation; other Offices of Inspector General; and federal, state and local law enforcement agencies. OI coordinates closely with the FDIC’s Division of Supervision and Consumer Protection in investigating fraud at financial institutions, and collaborates with the Division of Resolutions and Receiverships and the Legal Division in investigations involving failed institutions and fraud by FDIC debtors. In addition to its headquarters and regional presence, OI operates an Electronic Crimes Unit and forensic laboratory in Washington, D.C. The Electronic Crimes Unit is responsible for conducting computer-related investigations impacting the FDIC and providing computer forensic support to OI investigations nationwide. OI also manages the OIG Hotline for employees, contractors, and others to report instances of suspected fraud, waste, abuse, and mismanagement within the FDIC and its contractor operations via a toll-free number or e-mail. Office of Counsel The Office of Counsel to the Inspector General is responsible for providing independent legal services to the Inspector General and the managers and staff of the OIG. Its primary function is to provide legal advice and counseling and interpret the authorities of, and laws related to, the OIG. The Counsel’s Office also provides legal research and opinions; reviews audit, evaluation, and investigative reports for legal considerations; represents the OIG in personnel-related cases; coordinates the OIG’s responses to requests and appeals made pursuant to the Freedom of Information Act and the Privacy Act; prepares Inspector General subpoenas for issuance; and reviews draft FDIC regulations and draft FDIC and OIG policies and proposed or existing legislation, and prepares comments when warranted; and coordinates with the FDIC Legal Division when necessary. The Counsel’s Office also handles the OIG’s congressional relations activities. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table briefly describes the external factors that could affect the achievement of the strategic and performance goals in this plan.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table briefly describes the program evaluations, studies, and other assessments used to review and revise our strategic and performance goals.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table describes the sources for our performance data and how the data will be verified and validated.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Below is a list of the planned OIG audits for FY 2008. A description of each audit is provided on the following pages.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Below is a list of the planned OIG evaluations for FY 2008.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
5 SCOR is a financial model that uses statistical techniques, off-site data, and historical examination results to assign an off-site CAMELS rating and to measure the likelihood that an institution will receive a CAMELS downgrade at the next examination.
6 SCOR-Lag is a derivation of SCOR that attempts to more accurately assess financial condition in rapidly growing banks. SCOR-Lag begins with current period SCOR data and then adjusts the asset quality ratios by a 1-year lag. 7 GMS is an off-site rating tool that identifies institutions experiencing rapid growth and/or having a funding structure highly dependent on non-core funding sources. Using statistical techniques, GMS analyzes financial ratios and changes in volume to identify banks that have experienced rapid growth and assigns a percentile ranking between 1 and 99. 8 REST attempts to simulate what would happen to banks today if they encountered a real estate crisis similar to that of New England in the early 1990s. REST uses statistical techniques and Call Report data to forecast an institution’s condition over a 3- to 5-year horizon and provides a single rating from 1 to 5 in descending order of performance quality. |