Division of Supervision Implementation
DATE: July 31, 2002 TO: Michael J. Zamorski, Director, Division of Supervision and Consumer Protection FROM: Russell A. Rau [Electronically produced version; original signed by Russell Rau], Assistant Inspector General for Audits SUBJECT: Division of Supervision Implementation of Gramm-Leach-Bliley Act Provisions (Audit Report No. 02-025) The Federal Deposit Insurance Corporation’s (FDIC) Office of Inspector General (OIG) has completed an audit of the Division of Supervision’s (DOS) implementation of Gramm-Leach-Bliley Act (GLBA) provisions affecting state nonmember banks. (Note: As the result of a reorganization that became effective June 30, 2002, the Division of Supervision was merged with the Division of Compliance and Consumer Affairs to become the Division of Supervision and Consumer Protection (DSC). DOS performs safety and soundness examinations of FDIC-supervised institutions through a decentralized organization of regional and field offices. DOS headquarters establishes policies and procedures and provides instruction for the examinations.) The objectives of this audit were to determine whether: (1) DOS has established coordination arrangements with other regulatory agencies that relate to GLBA activities, (2) DOS’s policies and procedures have been updated to address the restrictions and safeguards in GLBA, and (3) DOS is identifying banks that are directly or indirectly engaged in GLBA activities. (Note: The other regulatory agencies include the Board of Governors of the Federal Reserve System (FRB), Office of the Comptroller of the Currency (OCC), and Securities and Exchange Commission (SEC).) The audit focused on DOS headquarters and did not extend to regional office and examiner activities. Additional details on our objectives, scope, and methodology are contained in Appendix I. Signed into law on November 12, 1999, GLBA reverses many of the barriers between banking and commerce erected by the Glass-Steagall Act of 1933 and is the most extensive reform of financial services regulation in over 60 years. (Note: The Glass-Steagall Act of 1933 separated banking and commerce in order to restore confidence in the country’s financial system following the stock market crash of 1929 and subsequent revelations of self-dealing and other market abuses by some large banks through securities affiliates. Over ensuing years, the barriers between banking and commerce have been gradually disassembled through a series of legislative and regulatory actions.) GLBA has seven titles addressing financial services, affiliations, regulatory authority, and consumer issues. Its content and language is made complicated by the need to amend the many laws involved. In this audit we looked at sections of the act with the greatest potential of affecting the safety and soundness of state nonmember banks supervised by the FDIC. The audit focused on GLBA’s first three titles – Title I – Facilitating Affiliations Among Banks, Securities Firms, and Insurance Companies; Title II – Functional Regulation; and Title III – Insurance, Subtitle A – State Regulation of Insurance. (Note: GLBA’s Table of Contents is provided in Appendix II. The text of GLBA can be found at the Library of Congress Web site for legislative information on the Internet, http://thomas.loc.gov. Refer to Public Law 106-102.) BACKGROUND Gramm-Leach-Bliley Act of 1999 The Gramm-Leach-Bliley Act of 1999 impacts the types of financial activities that banks and their affiliates can conduct. GLBA also affects how various bank and affiliate activities are regulated and examined. According to the Statement of Managers, H.R. Conference Report 106-434 (1999 U.S.C.C.A.N. 245, 247), GLBA eliminates many federal and state law barriers to affiliations among banks and securities firms, insurance companies, and other financial services providers. Financial organizations are provided flexibility in structuring these new financial affiliations through a holding company structure or a "financial subsidiary." (Note: "Financial subsidiaries" are bank operating subsidiaries engaged in some of the new financial activities permitted for holding companies and their affiliates.) The legislation preserves the role of the FRB as the "umbrella" supervisor for holding companies but also incorporates a system of "functional regulation" to utilize the strengths of the various federal and state financial supervisors. (Note: "Functional regulation" means that various financial activities should be overseen by the regulator with the corresponding regulatory experience: banking is to be supervised by banking regulators, securities activities by the SEC and state regulators, and insurance activities by state insurance regulators.) GLBA stipulates that banks may not participate in the new financial affiliations unless they are well capitalized and well managed. The appropriate regulators are given clear authority to address any failure to maintain these safety and soundness standards in a prompt manner. (Note: GLBA maintains the FDIC’s authority to examine bank affiliates. Section 112. Authority of State Insurance Regulator and Securities and Exchange Commission and Section 115. Examination of Investment Companies uphold the FDIC’s authority to examine an affiliate of an insured depository institution to determine the nature and effect of the relations. GLBA also maintains the FDIC’s authority to regulate bank subsidiaries. Section 114. Prudential Safeguards, upholds the FDIC’s authority to impose restrictions or requirements on relationships or transactions between a state nonmember bank and a subsidiary that are appropriate to avoid significant risk or other adverse effects such as undue concentration of resources, decreased or unfair competition, or conflicts of interest.) In addition to financial services affiliations and functional regulation, GLBA also has titles or sections relating to unitary thrift holding companies, protecting the privacy of consumer financial information, Federal Home Loan Bank system modernization, automated teller machine fee reform, and the Community Reinvestment Act. As noted previously, these titles or sections were not within the scope of our audit. GLBA Titles I, II, and III, Subtitle A Safety and soundness concerns stemming from GLBA derive from the increased affiliations among banks, securities firms, insurance companies, and other financial services providers and the revised regulatory authorities and structure – areas that are addressed under GLBA Titles I, II, and III, Subtitle A.
Risks to FDIC and the Bank Insurance Fund Increased affiliation between state nonmember banks and other financial services providers engaged in expanded financial activities – in a new functional regulation environment – poses risks to the FDIC and the Bank Insurance Fund:
GLBA-Related Activity of State Nonmember Banks Federal Reserve System data indicate that, as of December 31, 2001, the bank holding companies of 480 of a total of 4,971 state nonmember banks had elected to become financial holding companies. (Note: We could not assess the overall extent of state nonmember banks’ GLBA-related activities using available data, in part because it is difficult to identify non-bank affiliates and aggregate the data.) Consolidated Report of Condition and Income (Call Report) regulatory capital data indicate that as of December 31, 2001, six state nonmember banks reported equity in financial subsidiaries; however, FDIC’s DOS has subsequently determined that five of these banks misreported and only one owns a financial subsidiary. Call Report noninterest income data indicate that, as of December 31, 2001, large numbers of state nonmember banks are generating income from activities that may be affected by GLBA regulations and examination requirements. For example, from a total of 4,971 state nonmember banks, 1,174 or 24 percent report income from "investment banking, advisory, brokerage, and underwriting fees and commissions" – activities affected by GLBA Title II – Functional Regulation, Subtitle A – Brokers and Dealers, particularly because it designates the SEC as primary regulator. Also, 2,433 or 49 percent of state nonmember banks report income from "insurance commissions and fees" – activities that are affected by GLBA Title III – Insurance, Subtitle A – State Regulation of Insurance. (Note: These are not new activities authorized by GLBA. With the possible exception of financial subsidiaries, GLBA does not authorize new in-house state nonmember bank activities but might affect how they are regulated and examined.) Appendix III provides a more complete analysis of noninterest income data. FDIC Approach to Addressing GLBA Upon enactment of GLBA, an FDIC agency-wide meeting was held to assign Divisions responsibility for each section of the law. From this process, a "GLBA Corporate Project List" was developed. DOS has been assigned multiple sections on the Project List and for many sections serves as the lead division. A closeout procedure consisting of an explanation and certification is required for each GLBA section on the Project List. The Legal Division maintains the list. As of May 2, 2002, 49 of 62 items included on the Project List have been closed out. Appendix IV shows the status of each item on the Project List as of that date. Using a combination of personal contacts, the Federal Register, industry publications, and database search vehicles such as Lexis, the FDIC Legal Division monitors other agencies’ GLBA activities, including the issuance of regulations. Other agencies usually notify the Legal Division of pending or final action and the Legal Division then notifies DOS. GLBA sections on the Project List have been assigned to individuals within various DOS sections and branches based upon their areas of expertise. Also, DOS created the position of GLBA Project Coordinator to monitor and coordinate the Division’s GLBA-related activities. DOS typically issues examination policies and procedures as Regional Directors Memorandums (RD Memos), Examination Documentation Modules (ED Modules), revisions to the Manual of Examination Policies, and revisions to the Trust Examination Manual. Consistent with that approach, DOS has issued guidance on specific GLBA areas in the form of RD Memos and has addressed securities-related issues in amendments to the Trust Examination Manual. RESULTS OF AUDIT DOS has established coordination arrangements with other federal regulatory agencies through working groups, personal contacts, and monitoring activities. DOS representatives attend periodic meetings of the informal Cross-Sector Regulatory Working Group, consisting of representatives from each of the financial regulatory agencies. The purpose of the Group is to provide for communication and increased awareness of each agency’s GLBA-related responsibilities and activities. For state nonmember bank insurance activities, "Information Sharing and Confidentiality Agreements" with state insurance commissioners have been developed and are being entered into on a state-by-state basis. (Note: The purpose of the Agreements is to facilitate the exchange of examination and other information regarding insurance companies and affiliate depository institutions, as authorized by GLBA Section 307. Interagency Consultation. The Agreements cover exchange of information on enforcement actions, consumer complaints, and other supervisory activities.) As of March 6, 2002, agreements had been completed with 36 states. Also, DOS representatives are attending quarterly meetings of the National Association of Insurance Commissioners. DOS and Legal Division personnel have participated in an interagency working group addressing information sharing with the SEC. However, an information sharing agreement with the SEC dating from June 17, 1987 needs to be updated to reflect GLBA considerations. The effect of not having updated this agreement is that DOS examinations staff do not have current procedures regarding information sharing with the SEC. This is important because GLBA places restrictions on the examination of bank and affiliate securities activities, as described below. Without current procedures, information requests have to be developed and processed on a case-by-case basis. With respect to DOS’s updating of policies and procedures to address restrictions and safeguards in GLBA, DOS has updated or created related policies and procedures to address most of the GLBA sections covered in our review. However, two sources of reference for examiners, the Manual of Examination Policies and a Supplemental ED Module, have not been updated with respect to guidance on "Related Organizations" to address the issue of bank relations with affiliates, including holding companies. The effect of not updating these policies and procedures is that examination staff have lacked comprehensive guidance on this aspect of the law. SEC has not issued final rules for GLBA Section 201. Definition of Broker and Section 202. Definition of Dealer, both of which replace the broad exemption banks had from SEC regulation with more limited exemptions. Once final rules are issued, the FDIC and other federal banking agencies will issue rules for Section 204. Information Sharing, which requires that recordkeeping requirements be established for banks relying on the limited exemptions contained in Section 201 and Section 202. DOS is waiting for final regulations on Section 204 before issuing guidance in its examination policies and procedures. As for the overall timeliness of updating GLBA-related policies and procedures, Appendix V compares when GLBA sections became effective to when guidance was issued. Guidance on Title I has been issued for some sections, while other sections have been partially addressed or not at all. Guidance on Title II has been issued except for bank recordkeeping requirements, which are dependent on regulations to be issued by SEC. Guidance has been issued for all of Title III, Subtitle A. While FDIC has access to Federal Reserve System data on financial holding companies, DOS information systems do not currently identify banks that are directly or indirectly engaged in GLBA-affected activities. Several internal databases used by DOS to describe bank and holding company structure information do not identify GLBA-related entities such as financial holding companies and financial subsidiaries. The DOS databases for bank and holding company structure information also do not include nonbank affiliates such as insurance companies and securities firms. Not having this information detracts from the ability to assess risk; examine for transactions with affiliates; and, consistent with the premise of functional regulation, coordinate with primary regulators overseeing financial activities corresponding to their areas of expertise. Also concerning DOS information systems, the recordkeeping requirements in Section 204. Information Sharing could identify banks engaged in securities-related activities that are exempt from SEC oversight. This information would be of help in examinations and for coordinating with SEC. Early analysis of Section 204. Information Sharing’s impact on DOS information systems is important because of the time requirements to budget project funds and coordinate with other FDIC divisions to accomplish system modifications. PROCEDURES FOR SHARING INFORMATION WITH THE SEC An agreement has existed since June 17, 1987 establishing procedures for the FDIC to access the SEC’s nonpublic information. The agreement has not been updated and broadened to address certain GLBA sections described below. Progress has not been made in revising the agreement in part because the SEC has given priority to working with the FRB and the OCC. DOS and Legal Division personnel believe that state nonmember bank investment company and investment adviser activity is minimal and so have given the matter a low priority. The effect of not having updated this agreement is that DOS examinations staff do not have current procedures regarding notifications of, and information sharing with, the SEC. Without current procedures, information requests have to be developed and processed on a case-by-case basis. Procedures for the exchange of information with the SEC have not been updated to address the following GLBA sections:
Based on the June 17, 1987 agreement between the FDIC and the SEC, DOS issued an RD Memo titled, "Access to Securities and Exchange Commission’s Nonpublic Information" (no. 87-129, dated July 16, 1987). The language of the sample documentation request letters, provided as attachments to the RD Memo, relates to criminal or civil investigations and is not clearly applicable to information with respect to any registered investment company (Section 115) or investment adviser (Section 217, Section 220, and Section 222). (Note: The sample documentation request letters contain the verbiage, "This request is made in connection with an ongoing lawful investigation or official proceeding inquiring into a violation of, or failure to comply with, a criminal or civil statute or regulation, rule or order issued pursuant thereto, being conducted by [name of requesting agency].") DOS and Legal Division personnel have participated in an inter-agency working group addressing information sharing with the SEC. DOS and Legal Division personnel have suggested that progress has not been made in revising the agreement to allow the FDIC access to the SEC’s nonpublic information in part because the SEC has given priority to working with the FRB and the OCC. DOS and Legal Division personnel believe that state nonmember bank investment company and investment adviser activity is minimal and so have given the matter a low priority. Recommendation We recommend that the Director, DOS:
DOS POLICIES AND PROCEDURES ON "RELATED ORGANIZATIONS" AND BANK RECORDKEEPING REQUIREMENTS The DOS Manual of Examination Policies and Supplemental ED Module guidance on "Related Organizations," covering significant areas affected by GLBA, particularly bank relations with affiliates, have not been updated. The DOS practice of making comprehensive, as opposed to piecemeal, revisions to the Manual of Examination Policies has affected the timing of the update. Manual of Examination Policies Section 4.3 "Related Organizations" will be revised before the Supplemental ED Module on related organizations. The effect of not updating these policies and procedures is that examination staff have lacked comprehensive guidance on examining GLBA’s impact on bank affiliates. Appendix V compares when GLBA sections became effective to when guidance was issued. Guidance on Title I was issued for some sections, while other sections have been partially addressed or not at all. (These other sections are described below under DOS Policies and Procedures on "Related Organizations.") Guidance on Title II has been issued except for bank recordkeeping requirements, which are dependent on regulations to be issued by the SEC. (This matter is described below under DOS Examination Guidance on Bank Recordkeeping Requirements.) Guidance has been issued for all of Title III, Subtitle A. Once the SEC issues final rules for GLBA Section 201. Definition of Broker and Section 202. Definition of Dealer, both of which replace the broad exemption banks had from SEC regulation with more limited exemptions, the FDIC and other federal banking agencies will issue rules for Section 204. Information Sharing, which requires that recordkeeping requirements be established for banks relying on the limited exemptions contained in Section 201 and Section 202. DOS plans to issue guidance on Section 204 after final regulations have been issued. Because banks are not being asked to comply until final regulations are issued, the lack of DOS guidance has no effect. DOS Policies and Procedures on "Related Organizations" The Manual of Examination Policies Section 4.3 "Related Organizations" provides guidance on bank holding companies, subsidiaries, and other affiliates. This guidance includes a discussion of Federal Reserve Act (FRA) Section 23A and Section 23B, which regulate transactions between banks and their affiliates. However, Section 4.3 "Related Organizations" has not been revised since August 1999, before the passage of GLBA in November 1999. The Supplemental ED Module, "Related Organizations," provides model examination procedures applicable to bank holding companies, subsidiaries, and other affiliates. Guidance includes consideration of certain control and performance objectives (i.e., standards) and associated risks. Specific guidance is given to topical areas such as, "Evaluation of Affiliate Operations," and "Compliance with Sections 23A and 23B, Part 362, and Other Applicable Regulations." The "Related Organizations" ED Module was revised in October 2000 but does not address certain key aspects of GLBA. For example, topics in Section 4.3 and the Supplemental ED Module that are affected by GLBA and are not updated include: bank holding companies (GLBA authorizes a new type of holding company, the financial holding company); limited purpose banks; affiliates, including transactions between banks and their affiliates; subsidiaries (GLBA authorizes a new type of subsidiary, the financial subsidiary); and examination authority. (Note: Limited purpose banks – also known as nonbank banks or CEBA banks, after the Competitive Equality Banking Act of 1987 – are banks that either make commercial loans or accept demand deposits, but not both, and are insured by the FDIC. Companies that own them are not treated as bank holding companies as long as they comply with certain restrictions.) Some of these topics have been addressed in RD Memos (see Appendix V). However, without updated guidance on "Related Organizations" examination staff do not have readily available and detailed guidance and a risk exists that bank examinations might not consider GLBA’s effects in these areas. In addition to general topical areas in "Related Organizations" that
are affected by GLBA and should be updated, we identified certain related
GLBA sections for which updated guidance is not complete:
The DOS practice of making comprehensive, as opposed to piecemeal, revisions to the Manual of Examination Policies has affected the timing of the Section 4.3 revision. According to DOS staff members, they do not consider Section 4.3 to warrant priority over other work. The Supplemental ED Module on related organizations has not been revised because DOS staff wants to revise Section 4.3 first. DOS Examination Guidance on Bank Recordkeeping Requirements DOS is awaiting final regulations before issuing guidance on GLBA Section 204. Information Sharing. Section 204 requires federal banking regulatory agencies, after consultation with the SEC, to establish recordkeeping requirements for banks relying on the exceptions from the definitions of broker and dealer contained in Section 201. Definition of Broker, and Section 202. Definition of Dealer. These recordkeeping requirements must be sufficient to demonstrate compliance with the terms of the exceptions. The resultant records are to be made available to the SEC upon request. The SEC published interim final rules for Section 201 and Section 202, effective May 11, 2001, in response to the legislatively imposed implementation date of May 12, 2001. The SEC is not enforcing the interim final rules and plans to reissue proposed rules for public comment. The eventual implementation date for final rules is uncertain. The FDIC and other banking regulatory agencies are coordinating with the SEC to issue regulations for Section 204. Information Sharing, at or near the time when the SEC issues final regulations for Section 201 and Section 202. DOS cannot issue detailed guidance on Section 204 until final regulations are issued. Because banks have not been asked by the SEC to comply with Section 201 and Section 202 until final regulations are issued, the lack of DOS guidance has no effect. Recommendation We recommend that the Director, DOS:
DOS INTERNAL DATABASES DOS headquarters has not been identifying banks that are directly or indirectly engaged in GLBA-affected activities. Several internal databases used by DOS to describe bank and holding company structure information do not identify GLBA-related entities such as financial holding companies and financial subsidiaries. The DOS databases for bank and holding company structure information also do not include nonbank affiliates such as insurance companies and securities firms. Absent this data, examiners may not be able to fully assess the overall extent of GLBA-related activity, identify potential risks related to transactions between banks and their financial services affiliates, and, consistent with the premise of functional regulation, coordinate with primary regulators overseeing financial activities corresponding to their areas of expertise. The bank recordkeeping requirements in Section 204. Information Sharing, could identify banks engaged in securities-related activities that are exempted from SEC oversight. This information would be of help in examinations and for coordinating with the SEC. The impact of GLBA Section 204. Information Sharing, on DOS information systems should be planned for. Without planning, delays in coordination with other FDIC Divisions and in obtaining the necessary budget authorization could result. Case Administration System, ViSION, and SIMS Databases Should Be Revised to Add Fields for Financial Holding Companies As part of our audit procedures, we reviewed the Case Administration System, Virtual Supervisory Information On the Net (ViSION), and Structure Information Management System (SIMS) databases maintained and used in-house by DOS to determine whether they identify certain GLBA newly-authorized entities:
Our review determined that the Case Administration System and ViSION do not have fields to identify financial holding companies, financial subsidiaries, or separately identifiable departments. SIMS does not have a field to identify financial holding companies. (Because it is intended to identify a bank’s branch system, SIMS does not otherwise identify bank internal structure or subsidiaries.) As of December 31, 2001, bank holding companies of 480 of 4,971 state nonmember banks had elected to become financial holding companies. As of December 31, 2001, there was one financial subsidiary and one separately identifiable department. In conjunction with other revisions to the software programs, DOS internal databases should be revised to add fields for financial holding companies. The databases should be revised to identify financial subsidiaries and separately identifiable departments depending on whether and when they become more numerous. Our review of DOS databases also included the ViSION Application Tracking System (ViSION AT). FDIC Regulations Part 362.E. requires banks to notify the FDIC if they start or acquire a financial subsidiary. DOS should keep records of these notifications in ViSION AT. We determined that ViSION AT does not have a field for recording bank notifications of financial subsidiaries and that, for the time being, any such notices received are to be entered into another ViSION AT field intended for other purposes. DOS plans to add a field for financial subsidiary notifications to ViSION AT as part of a more comprehensive revision. Changes to Information Systems Based on Rules and Regulations for Section 204. Information Sharing, Should Be Anticipated After the SEC promulgates final rules for GLBA Section 201. Definition of Broker and Section 202. Definition of Dealer, both of which replace the broad exemption banks had from SEC regulation with more limited exemptions, the FDIC will issue rules for Section 204. Information Sharing, which requires federal banking agencies to establish recordkeeping requirements for banks relying on the limited exemptions contained in Section 201 and Section 202. If this information is not contained in DOS’s internal databases, its ability to identify banks engaged in certain types of securities-related activities will be impacted. Early analysis of GLBA Section 204’s impact on DOS information systems is important because of the time requirements for coordinating with the Division of Information Resources Management and the need to budget project funds in order to accomplish system modifications. Recommendations The Director, DOS, should:
CORPORATION COMMENTS AND OIG EVALUATION On July 22, 2002, the Director of DSC provided a written response to the draft report. The response is presented in Appendix VI to this report. We also had subsequent discussions with DSC staff to clarify aspects of the written response. In addition, because portions of the report mentioned activities of the Securities and Exchange Commission (SEC), we provided a copy of the draft to the SEC for review. SEC’s response is presented in Appendix VII and the Commission had no comments. Prior to responding to each of the report’s four recommendations, DSC stated in its response, "We anticipate that your final report will clarify that the FDIC is in compliance with all portions of GLBA that required action by the FDIC such as rulemaking or establishing procedures and that the exceptions noted in your report are considered technical in nature and should not impact the safety and soundness examination of any institution." As described in Appendix I, our audit objectives, scope, and methodology do not provide for an overall conclusion on whether the FDIC is in compliance with all portions of GLBA. The audit objectives addressed DOS’s coordination with other regulatory agencies, updates of policies and procedures, and identification of banks engaged in GLBA activities. The audit procedures were limited to GLBA Titles I, II, and III, Subtitle A. Overall assessments of whether the reported exceptions are "technical in nature" and might "impact the safety and soundness examination of any institution" are also beyond the scope of this audit. However, throughout the report we acknowledge DOS’s many accomplishments in implementing GLBA provisions. DSC concurred with each of our four recommendations. A summary of each recommendation and DSC’s comments follows: Recommendation 1: In conjunction with the Legal Division and the SEC, develop procedures for information sharing consistent with GLBA Section 115. Examination of Investment Companies, Section 217. Removal of the Exclusion from the Definition of Investment Adviser for Banks that Advise Investment Companies, Section 220. Interagency Consultation, and Section 222. Statutory Disqualification for Bank Wrongdoing. DSC management concurred with the recommendation. The FDIC has actively attempted to establish a revised Memorandum of Understanding (MOU) with the SEC but the SEC has devoted its resources elsewhere and is formulating targeted MOUs where necessary. In DSC’s opinion, the cited sections are "self-executing" and do not mandate any action or are under the jurisdiction of the SEC. DSC’s view is that the information sharing requirements and accompanying procedures have been addressed in great detail in the revised Trust Manual. According to DSC, there have been no instances where the revised trust examination procedures have been shown to be inadequate. DSC’s effort to revise the existing 1987 MOU would suggest their belief that an update is necessary. The value of the MOU is to establish procedures for the exchange of information between the SEC and FDIC. The information sharing requirements have been addressed in the revised Trust Manual but the procedures should be established and explained in an agreement or other guidance to the staff. Also, as stated in the audit report, some of the affected activities might occur outside of a bank’s trust department. In subsequent discussions, DSC staff stated that they are constrained from taking further action on this recommendation pending further action by the SEC. However, there might be alternative actions available, such as DSC issuing staff guidance on information sharing procedures unilaterally or elevating the issue to a higher level of management within the FDIC for resolution. DSC management should reconsider its response and reply within 30 days of the issuance of this report. This recommendation is unresolved, undispositioned, and open. Recommendation 2: Expedite comprehensive revisions of Manual of Examination Policies Section 4.3 "Related Organizations" and the Supplemental ED Module, "Related Organizations," to address relevant sections and provisions of GLBA. DSC management concurred with the recommendation. According to DSC, most of the items cited under this finding have already been addressed in revisions to DSC’s policies and procedures. Each item is specifically addressed as follows:
DSC management should reconsider its response and reply within 30 days of the issuance of this report. The reply should provide a timeframe for when issues related to FRB proposed Regulation W and FRA Section 23A and Section 23B will be settled. If the timeframe is unknown or uncertain, then issuance of GLBA-related guidance in the supplemental ED module on "Related Organizations" should be considered. The reply should address when revised Section 4.3 "Related Organizations" will be included in the Manual of Examination Policies on DSC’s website. DSC should address in the reply its reconsideration of whether GLBA’s authorization of "companies that are not bank holding companies or foreign banks" to become financial holding companies and related restrictions pertaining to cross marketing products and covered transactions with depository institutions should be described in the manual. Finally, the reply should address management’s reconsideration of whether guidance on financial subsidiaries could cite the exceptions and special provisions in GLBA Section 121(b). This recommendation is unresolved, undispositioned, and open. Recommendation 3: In conjunction with other revisions to the software programs, revise the Case Administration System, ViSION, and SIMS databases to add fields for financial holding companies. DSC management concurred with the recommendation. DSC stated that the Case Administration System is being converted to become the Case Administration module in ViSION. The new Case Administration module in ViSION will identify information about financial holding company operations in the fourth quarter of 2002. On June 30, 2002, SIMS was transferred to the Division of Insurance and Research. A modification to SIMS that will, among other things, identify financial holding companies, is planned for the fourth quarter of 2002. This recommendation is resolved, undispositioned, and open. Recommendation 4: Based on rules and regulations for Section 204. Information Sharing, plan for changes to information systems in order to identify banks engaged in activities exempted from SEC regulation. DSC management concurred with the recommendation. DSC states that changes to information systems for Section 204. Information Sharing will be included in the Specialty Examination Tracking System which is planned for revision in 2003. However, in subsequent discussions DSC said the changes cannot be made until the SEC issues final regulations for Section 201. Definition of Broker and Section 202. Definition of Dealer and the date of those final regulations is uncertain. Because of the time requirements for coordinating with the Division of Information Resources Management and the need to budget project funds in order to accomplish system modifications, DSC management should reconsider its response and reply within 30 days of the issuance of this report. In its reply, management should address whether the identification of individual depository institution exemptions from broker and dealer requirements, as provided for in §201 and §202, could be achieved based upon a reading of the law and absent final SEC regulations. This recommendation is unresolved, undispositioned, and open. APPENDIX I OBJECTIVES, SCOPE, AND METHODOLOGY The audit addressed DOS implementation of GLBA provisions that authorize new affiliations among banks, securities firms, insurance companies, and other financial services providers, or that modify regulatory agency authorities. Of GLBA’s seven titles, we focused on the provisions of three that we determined were most relevant: Title I – Facilitating Affiliation Among Banks, Securities Firms, and Insurance Companies; Title II – Functional Regulation; and Title III – Insurance, Subtitle A – State Regulation of Insurance. The audit objectives were to determine whether: (1) DOS has established coordination arrangements for GLBA activities with other regulatory agencies; (2) DOS policies and procedures have been updated to address the restrictions and safeguards in GLBA; and (3) DOS is identifying banks that are directly or indirectly engaged in GLBA activities. The audit focused on DOS headquarters and did not extend to regional office and examiner activities. We reviewed GLBA to identify: financial activities and affiliations authorized by the legislation; requirements or qualifications to engage in the financial activities; limitations on transactions and other relations between state nonmember banks and their holding companies, affiliates and subsidiaries; authorities specifically granted to the FDIC to examine and regulate; and provisions requiring the FDIC to coordinate with other regulatory agencies. We assessed GLBA sections meeting any of these criteria to determine whether DOS should address them and then reviewed applicable DOS guidance, including RD Memos, ED Modules, the Manual of Examination Policies, and the Trust Examination Manual. We analyzed databases used by DOS for bank and holding company structure information to determine if they identify GLBA-authorized entities (i.e. financial holding companies, financial subsidiaries, and ‘separately identifiable departments’). We reviewed the Case Administration System, Virtual Supervisory Information On the Net (ViSION), and Structure Information Management System (SIMS). We also analyzed ViSION Application Tracking System (ViSION AT) which, among other things, is to record bank notifications of starting or acquiring financial subsidiaries. We identified Consolidated Reports of Condition and Income (Call Report) schedules providing evidence of GLBA-related activities and then obtained Call Report data to assess the extent of such activity. We reviewed various Federal Reserve System regulatory reports and obtained Federal Reserve System data on bank holding companies to determine how many state nonmember bank holding companies have elected to become financial holding companies. We reviewed articles and speeches concerning GLBA and its effect on the financial services industry. We analyzed relevant FDIC rules and regulations and DOS policies and procedures (both draft and final). We evaluated the "Gramm-Leach-Bliley Act Corporate Project List" maintained by the FDIC Legal Division to monitor the status of FDIC actions addressing sections of the law and interviewed DOS and Legal Division management and staff in Washington. The limited nature of the audit objectives did not require assessing internal management controls. We did not (1) test internal controls, (2) review Government Performance and Results Act reporting, (3) test for fraud or illegal acts, (4) test for compliance with laws and regulations, or (5) determine the reliability of computer-processed data obtained from the FDIC’s computerized systems. Fieldwork was performed from May 2001 through April 2002. The audit was conducted in accordance with generally accepted government auditing standards. APPENDIX II GLBA TABLE OF CONTENTS Public Law 106—102 Nov. 12, 1999 [S. 900] Gramm-Leach- Bliley Act. Inter- governmental relations. 12 USC 1811 note. An Act To enhance competition in the financial services industry by providing a prudential framework for the affiliation of banks, securities firms, insurance companies, and other financial service providers, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE.—This Act may be cited as the "Gramm-Leach-Bliley
Act". Sec. 1. Short title; table of contents. TITLE I—FACILITATING AFFILIATION AMONG BANKS, SECURITIES FIRMS, AND INSURANCE COMPANIES Subtitle A—Affiliations Sec. 101. Glass-Steagall Act repeals. Subtitle B—Streamlining Supervision of Bank Holding Companies Sec. 111. Streamlining bank holding company supervision. Subtitle C—Subsidiaries of National Banks Sec. 121. Subsidiaries of national banks. Subtitle D—Preservation of FTC Authority Sec. 131. Amendment to the Bank Holding Company Act of 1956 to modify
notification and post-approval waiting period for section 3
transactions. PUBLIC LAW 106—102—NOV. 12, 1999 113 STAT. 1339 Sec. 133. Clarification of status of subsidiaries and affiliates. Subtitle E—Natjonal Treatment Sec. 141. Foreign banks that are financial holding companies. Subtitle F—Direct Activities of Banks Sec. 151. Authority of national banks to underwrite certain municipal bonds. Subtitle G—Effective Date Sec. 161. Effective date. TITLE II—FUNCTIONAL REGULATION Subtitle A—Brokers and Dealers Sec. 201. Definition of broker. Subtitle B—Bank Investment Company Activities Sec. 211. Custody of investment company assets by affiliated
bank. Subtitle C—Securities and Exchange Commission Supervision of Investment Bank Holding Companies Sec. 231. Supervision of investment bank holding companies by the Securities and Exchange Commission. Subtitle D—Banks and Bank Holding Companies Sec. 241. Consultation. TITLE III—INSURANCE Subtitle A—State Regulation of Insurance Sec. 301. Functional regulation of insurance. Subtitle B—Redomestication of Mutual Insurers Sec. 311. General application. 113 STAT. 1340 PUBLIC LAW 106—102—NOV. 12, 1999 Sec. 315. Definitions. Subtitle C—National Association of Registered Agents and Brokers Sec. 321. State flexibility in multistate licensing reforms. Subtitle D—Rental Car Agency Insurance Activities Sec. 341. Standard of regulation for motor vehicle rentals. TITLE IV—UNITAJW SAVINGS AND LOAN HOLDING COMPANIES Sec. 401. Prevention of creation of new S&L holding companies with commercial affiliates. TITLE V—PRIVACY Subtitle A—Disclosure of Nonpublic Personal Information Sec. 501. Protection of nonpublic personal information. Subtitle B—Fraudulent Access to Financial Information Sec. 521. Privacy protection for customer information of financial
institutions. TITLE VI—FEDERAL HOME LOAN BANK SYSTEM MODERNIZATION Sec. 601. Short title. TITLE VII—OTHER PROVISIONS Subtitle A—ATM Fee Reform Sec. 701. Short title. PUBLIC LAW 106—102—NOV. 12, 1999 113 STAT. 1341 Subtitle B—Community Reinvestment Sec. 711. CRA sunshine requirements. Subtitle C—Other Regulatory Improvements Sec. 721. Expanded small bank access to S corporation
treatment. APPENDIX III STATE NONMEMBER BANK NONINTEREST INCOME Consolidated Reports of Condition and Income (Call Report) Schedule RI – Income Statement, line item 5. Noninterest Income, includes various income-producing activities that might be affected by GLBA. Call Report data for the quarter ended December 31, 2001 identified the following numbers of state nonmember banks reporting these various types of noninterest income: Table: State Nonmember Banks Reporting Various Types of Noninterest Income
GLBA sections that might affect these activities are listed under "Relevant GLBA Sections." The titles of the relevant GLBA sections are: Section 121. Subsidiaries of National Banks For certain GLBA sections, having an effect on bank activity is probable. Sections 201 and 202 are relevant because they relate to all bank securities activities – specifically, whether banks must register with the SEC as brokers or dealers for such activities, with a resultant determination of regulatory authority. Section 204 establishes record-keeping requirements in support of bank exemptions from having to register with the SEC as brokers or dealers. Section 301 provides that states (as opposed to the banking agencies) are the functional regulators of insurance. Section 305 establishes insurance customer protections. Section 307 requires that banking agencies and state insurance regulators share supervisory information concerning bank insurance activities. Sections 201, 202, 204, 301, 305 and 307 do not authorize new activities but relate to most, if not all, state nonmember bank security and insurance activities. Due to its nondescript nature, it could not be determined whether "Other Noninterest Income" might or might not be affected by GLBA. However, it is worth noting that 4,908 or 99 percent of state nonmember banks reported $8.5 billion in revenues under this category. The data show that substantial numbers of state nonmember banks are involved in financial activities affected by GLBA. This activity is both ‘in-house’ and includes subsidiaries. GLBA’s effect on financial holding companies, bank holding companies, and other bank affiliates is not included. APPENDIX IV STATUS OF ITEMS ON THE FDIC "GLBA CORPORATE PROJECT LIST" (as of May 2, 2002) Table 1: Title I - Facilitating Affiliation Among Banks, Securities Firms, and Insurance Companies
Table 2: Title II - Functional Regulation
Table 3: Title III - Insurance
Table 4: Title IV - Unitary Savings and Loan Holding Companies
Table 5: Title V - Privacy
Table 6: Title VI - Federal Home Loan Bank System Modernization
Table 7: Title VII - Other Provisions
Table 8: Total Count of Items in Tables 1 Through 7 Regarding the Status of Items on the FDIC "GLBA Corporate Project List"
APPENDIX V DOS GUIDANCE ON GLBA SECTIONS THAT REQUIRE CHANGES TO EXAMINATION POLICIES AND PROCEDURES (as of November 30, 2001) We identified the following GLBA Sections as requiring changes or additions to DOS examination policies and procedures. (Note: Only GLBA sections requiring DOS guidance for examiners are included in this analysis. Additional GLBA sections were included in the audit procedures.) The date the guidance was issued is listed under the type of guidance (i.e., Regional Directors Memorandum (RD Memo), Examination Documentation Module (ED Module), Manual of Examination Policies (Exam Manual), and Trust Examination Manual (Trust Manual)). This chart is intended to show guidance that has been issued, not what remains to be done. Not all columns are applicable for each GLBA section listed. Table 1: Title I – Facilitating Affiliation Among Banks, Securities Firms, and Insurance Companies
Table 2: Title II – Functional Regulation
Table 3: Title III – Insurance, Subtitle A – State Regulation of Insurance
APPENDIX VI CORPORATION COMMENTS July 22, 2002 MEMORANDUM TO: Stephen M. Beard, Deputy Assistant Inspector General for Audits FROM: Michael J. Zamorski [Electronically produced version; original signed by Michael J. Zamorski], Director, Division of Supervision and Consumer Protection SUBJECT: Draft Report Entitled Division of Supervision Implementation of Gramm-Leach-Bliley Act ("GLBA") Provisions (Assignment Number 00-8 13) Thank you for the opportunity to respond to the draft report entitled Division of Supervision Implementation of Gramm-Leach-Bliley Act Provisions ("draft report"). We anticipate that your final report will clarify that the FDIC is in compliance with all portions of GLBA that required action by the FDIC such as rulemaking or establishing procedures and that the exceptions noted in your report are considered technical in nature and should not impact the safety and soundness examination of any institution. Following are your four recommendations along with our position on each and proposed plans of action, if appropriate. Recommendation - The Director, DOS (now included in the Division of Supervision and Consumer Protection, "DSC") should:
APPENDIX VII SECURITIES AND EXCHANGE COMMISSION COMMENTS [Description of image: Seal of the U.S. Securities and Exchange Commission] UNITED STATES July 16, 2002 Stephen M. Beard Dear Mr. Beard: Thank you for the advance draft report of the FDIC Inspector General entitled, "Division of Supervision Implementation of Gramm-Leach-Bliley Act Provisions" to the Federal Deposit.Insurance Corporation. We have no comments on the draft report. Very truly yours, Lori A. Richards [Electronically produced version; original signed by
Lori A. Richards] |
Last Updated 08/27/2002 |
|