 |
 |
| ||||
 Federal Deposit Insurance Corporation 801 17th Street, NW, Washington, DC 20434 |
Office of Inspector General |
To Members of the Congress and the This is my eighteenth and final semiannual report to the Congress of the United States. In December I plan to retire from federal service after 401/2 years. It has been a privilege and an honor during the past 81/2 years to serve as Inspector General (IG) for the Federal Deposit Insurance Corporation (FDIC) under both Presidents Clinton and Bush. Since 1996, my office has undergone many changes as we strived to be one of the best IG offices in the government. I am extremely proud of the many contributions and accomplishments made by the professional women and men in my office. As described in this report and in the other 17 semiannual reports that I have issued, their work has provided value and has had a positive impact on the Corporation. I would like to thank each of the FDIC Office of Inspector General (OIG) employees—past and present—for their support and efforts. I especially want to thank my Executive team whose help, dedicated work, and support made this office what it is today. |
 |
I also would like to acknowledge the four FDIC Chairmen—Ricki Helfer, Skip Hove, Donna Tanoue, and Donald Powell—with whom I have worked during my tenure at the FDIC. Their support and understanding of the IG mission was critical to our success. In addition, I want to especially thank Director Joe Neely (1996 -1998) and Vice Chairman John Reich (2001 to present), who served as Audit Committee Chairmen and who were instrumental in ensuring that appropriate attention was given to our reports. Vice Chairman Reich has been extremely supportive in helping to ensure that my office became more effective within the Corporation, and I am extremely grateful for his efforts on our behalf.
Finally, I want to acknowledge and thank the Office of Management and Budget, my Congressional appropriators, and the House Financial Services and the Senate Banking Committees for their support over the years. Their support has been critical to ensuring that the IG function works as the Congress intended. I have great respect for all of my colleagues in the President’s Council on Integrity and Efficiency and the Executive Council on Integrity and Efficiency and their commitment to the IG mission.
I am confident that my Executive team, under the leadership of my Deputy Inspector General, Patricia Black, will effectively carry on the mission of the OIG at the Corporation until the President selects my successor. It has been my privilege and pleasure to have been a public servant for our federal government. God Bless America!
Gaston L. Gianni, Jr.
Inspector General
November 8, 2004
United States citizens have recently cast their votes for president and for many other state and local government officials who will lead our Nation. Election Day reminds us of the many freedoms we enjoy and the opportunity afforded voters to shape the future of our country and the world. As public servants, we in the Federal Deposit Insurance Corporation (FDIC) Office of Inspector General (OIG) also feel especially privileged to serve our country by helping to achieve the FDIC mission—maintaining stability and public confidence in the nation’s financial system.
The Corporation will carry out its principal business lines—insuring deposits, examining and supervising financial institutions, and managing receiverships—in an atmosphere of constant change over the coming months. The financial services industry is highly dynamic, and new technologies, financial services, and products are introduced every day. Consolidation in the industry can result in much larger institutions that pose unique supervisory challenges. The Corporation’s operations are also marked by change. The FDIC is refining its internal processes to keep pace with the industry, introducing a New Financial Environment to better meet financial management and information needs, guarding against information security risks, responding to Congressional legislation and concerns regarding anti-money laundering and terrorist financing, engaging contractors to provide needed services, and building a new work site for many FDIC employees. At the same time, the Corporation will be carrying out additional downsizing of up to 12 percent of its 5,300 employees through buyouts, retirements, and reductions in force; cross-training many others; and hoping for Congressional approval of the proposed FDIC Workforce 21 Act of 2004 which would grant the FDIC more personnel flexibility. FDIC people, processes, property, and products will all be greatly impacted, and an environment in such flux is highly vulnerable to both known and unforeseen risk. For the Corporation to be successful during this time of critical change, it will need to devote careful attention to ensuring that the risks are managed and minimized.
In that context, I believe that the OIG has a vital, independent role to play in ensuring that controls are in place and operating to mitigate not only existing risks but new ones as well. I further believe that the working relationship principles outlined by the federal Inspector General community and the Office of Management and Budget and articulated on the inside front cover of this report will continue to serve the FDIC and the OIG well as we carry out our respective responsibilities amidst this changing environment.
Those principles are being embraced at the FDIC. The OIG and the Corporation engage in open communications at all levels and maintain personal and professional respect for one another. We understand the mission and priorities of the Corporation, align our strategic plan and goals with those of the Corporation, and take advantage of every opportunity to communicate the OIG mission and vision to FDIC management and staff. Because of the nature of our audits and investigations, we may take positions and express views that others in the Corporation do not share. However, we duly consider the Corporation’s point of view and are careful to ensure that our work is thorough, objective, and fair, and that our audits and evaluations meet Generally Accepted Government Auditing Standards. We engage the Corporation in frequent dialogue. For example, during the reporting period, we coordinated with FDIC management as we developed our Fiscal Year 2005 Assignment Plan and the management and performance challenges that drive much of our work. We also participated at "Getting to Green" meetings with management to address Federal Information Security Management Act related issues and partnered with the Corporation on investigative activities targeting financial institution fraud, concealment of assets, consumer protection, and employee integrity issues.
In line with the principles, the OIG is also very focused on human capital and the knowledge and skills the OIG needs to add utmost value to FDIC programs and operations. Our highly qualified staff meets rigorous professional training standards, and as we hire new staff, we seek to maintain a workforce with the proper expertise and skills to carry out the Inspector General mission. At an Emerging Issues in Banking symposium that we recently cosponsored with the Department of the Treasury and Federal Reserve OIGs, officials from several of the FDIC’s major divisions shared their perspectives with us—a valuable source of knowledge on corporate issues and priorities.
Feedback is another important guiding principle—both formal and informal. Such feedback occurs in a number of ways. We meet regularly with the Chairman,Vice Chairman, Chief Operating Officer, Chief Financial Officer, Chief Information Officer,Division and Office Directors, and engage in dialogue at every operating level. Meetings of the Audit Committee provide us an opportunity to present report findings and recommendations and respond to Audit Committee members’ questions about our work. We have also recently completed a sixth client survey to solicit feedback from corporate management on various aspects of OIG communications, processes, and products. The feedback provided by the Corporation, much of which is captured in our fiscal year 2004 performance report and included in this semiannual report, was constructive and will help guide our efforts going forward.
While I have spoken of our office as a whole and how we espouse principles to ensure successful working relationships with all others in the Corporation, I also wish to recognize some of the individuals in the OIG whose success has been especially commended during the reporting period. Samuel Holland, our Assistant Inspector General for Investigations was named as a finalist for the Service to America Medal in the Justice and Law Enforcement category. The Service to America program is sponsored by the Atlantic Media Company and the Partnership for Public Service and recognizes the outstanding accomplishments of America’s public servants. Mr. Holland was nominated for his pioneering efforts in fighting white-collar crime in the nation’s financial system. One of our Special Agents, J. Kenneth Meyd, was also recognized by the District of Connecticut’s U.S. Attorney’s Office for his work on a criminal restitution case involving an individual who concealed assets from the FDIC.
Three teams of individuals also received Awards for Excellence at the annual awards ceremony of the President’s Council on Integrity and Efficiency and the Executive Council on Integrity and Efficiency this month. First, individuals responsible for the audit of Supervisory Actions Taken for Bank Secrecy Act Violations were honored for recommending improvements to follow-up of Bank Secrecy Act violations at FDIC-supervised institutions. Members of the joint investigative/prosecutorial team responsible for investigating the failure of Hamilton Bank, N.A. were also acknowledged for their efforts leading to the indictment of those alleged to be responsible for the bank’s failure. Third, an interagency OIG team led by Robert L. McGregor, Assistant Inspector General for Quality Assurance and Oversight, received recognition for updating the Quality Standards for Offices of Inspector General, known as the "Silver Book," in honor of the 25th anniversary of the passage of the Inspector General Act of 1978. Also of note during the reporting period, Rex Simmons, our Assistant Inspector General for Management and Congressional Relations, accepted a Training Recognition Award from the U.S. Department of Agriculture Graduate School as runner-up for the W. Edwards Deming Outstanding Training Award. This award acknowledged the OIG’s enduring efforts to identify core competencies for staff that are aligned with OIG and corporate strategic goals and link training investments to core competencies and identified skill gaps. We are proud of these accomplishments.
In closing, the OIG is committed to continuing to promote effective working relationships with the FDIC and helping the Corporation accomplish its mission in the very challenging months ahead. We appreciate and count on the support of all OIG staff, the Corporation, and the Congress, as we serve under the newly elected Administration and work at being the best OIG in government.
Management and Performance Challenges
The Management and Performance Challenges section of our report presents OIG results of audits, evaluations, and other reviews carried out during the reporting period in the context of the OIG’s view of the most significant management and performance challenges currently facing the Corporation . We identified the following 10 management and performance challenges, and, in the spirit of the Reports Consolidation Act of 2000, we presented our assessment of them to the Chief Financial Officer of the FDIC in December 2003. The Act calls for these challenges to be presented in the FDIC’s consolidated performance and accountability report. The FDIC included such reporting as part of its 2003 Annual Report. Our work has been and continues to be largely designed to address these challenges and thereby help ensure the FDIC’s successful accomplishment of its mission.
1. Adequacy of Corporate Governance in Insured Depository Institutions
2. Protection of Consumer Interests
3. Management and Analysis of Risks to the Insurance Funds
4. Effectiveness of Resolution and Receivership Activities
5. Management of Human Capital
6. Management and Security of Information Technology Resources
7. Security of Critical Infrastructure
8. Management of Major Projects
9. Assessment of Corporate Performance
10. Cost Containment and Procurement Integrity
OIG work conducted to address issues in these areas during the current reporting period includes 31 audit and evaluation reviews containing questioned costs and funds put to better use of nearly $51.2 million and 86 nonmonetary recommendations; comments and input to the Corporation’s draft policies in significant operational areas; participation at meetings, symposia, conferences, and other forums to jointly address issues of concern to the Corporation and the OIG; and assistance provided to the Corporation in such areas as concealment of assets cases and participation in the Federal Information Security Management Act "Getting to Green" initiative.
Investigations
In the Investigations section of our report, we feature the results of work performed by OIG agents in Washington, D.C.; Atlanta; Dallas; and Chicago who conduct investigations of alleged criminal or otherwise prohibited activities impacting the FDIC and its programs. In conducting investigations, the OIG works closely with U.S. Attorneys’ Offices throughout the country in attempting to bring to justice individuals who have defrauded the FDIC. The legal skills and outstanding direction provided by Assistant U.S. Attorneys with whom we work are critical to our success. The results we are reporting for the last 6 months reflect the efforts of U.S. Attorneys’ Offices throughout the United States. Our write-ups also reflect our partnering with the Federal Bureau of Investigation, the Internal Revenue Service, and other law enforcement agencies in conducting investigations of joint interest. Additionally, we acknowledge the invaluable assistance of the FDIC’s Divisions and Offices with whom we work closely to bring about successful investigations.
Investigative work during the period led to indictments or criminal charges against 9 individuals and convictions of 15 defendants. Criminal charges remained pending against 33 individuals as of the end of the reporting period. Fines, restitution, and recoveries resulting from our cases totaled about $38.6 million. This section of our report also includes an update of the work of our Electronic Crimes Team, acknowledges special recognition given to our Assistant Inspector General for Investigations and one of our Special Agents, and features Special Olympic activities of some Office of Investigations staff.
OIG Organization
In the Organization section of our report, we note many significant activities and initiatives that the FDIC OIG has pursued over the past 6 months in furtherance of our four main strategic goals and corresponding objectives. These activities complement and support the audit, evaluation, and investigative work discussed in the earlier sections of our semiannual report. Activities of OIG Counsel and cumulative OIG results covering the past five reporting periods are also shown in this section.
Statistical Tables Required Under the Inspector General Act
The statistical tables required under the Inspector General Act, as amended, are included here.
Other Material
We offer congratulations to President’s Council on Integrity and Efficiency and Executive Council on Integrity and Efficiency award winners and bid farewell to several FDIC OIG retirees in the back section of our report.
We also feature an Emerging Issues Symposium sponsored jointly by the Department of the Treasury, Federal Reserve, and FDIC Offices of Inspector General on the inside back cover of our report.
OIG’s Fiscal Year 2004 Performance Report
We are including our performance report for fiscal year 2004 as a separate but integral component of our Semiannual Report to the Congress. Our performance report summarizes our progress against our 41 annual performance goals for the fiscal year. We met or substantially met 31 of 41 of our goals under four categories: OIG Products Add Value and Achieve Significant Impact, Communication Between the OIG and Stakeholders Is Effective, Align Human Resources to Support the OIG Mission, and Resources Are Effectively Managed. We hope that by presenting this report along with our semiannual report, the results of our work will be transparent, and the Congress and other readers will have a full understanding of our overall performance and accountability. (Our Performance Report directly follows the main text of our semiannual report.)
 |
The Office of Audits issues 31 reports containing questioned costs of $110,915 and funds put to better use of $51,084,587. |
|
OIG reports include 86 nonmonetary recommendations to improve corporate operations and activities. Among these are recommendations to improve the effectiveness of information technology security controls, strengthen the supervisory information technology examination process, enhance the quality of supervision of industrial loan companies, improve documentation of certain decisions and processes, and better allocate and contain costs. |
|
OIG investigations result in 9 indictments/informations; 15 convictions; and approximately $38.6 million in total fines, restitution, and other monetary recoveries. |
|
The OIG aggressively pursues its strategic goals and related objectives in furtherance of the OIG mission. Numerous activities and initiatives are carried out to add value and achieve impact; communicate effectively with the Chairman, the Congress, OIG employees and other stakeholders; align our human capital with the OIG mission; and effectively manage OIG resources. |
|
The OIG publishes its Performance Report for Fiscal Year 2004, presenting the OIG’s progress in accomplishing 41 goals for FY 2004. We report that we met or substantially met 31 of 41 goals, or 76 percent. |
|
A federal grand jury in Miami, Florida, returns a 42-count indictment for conspiracy, wire fraud, securities fraud, false filings with the Securities and Exchange Commission, false statements to accountants, obstruction of an examination of a financial institution, and making false statements to the Office of the Comptroller of the Currency against three former senior executive officers of Hamilton Bancorp and Hamilton Bank, N.A. The FDIC OIG’s Office of Investigations, Counsel to the Inspector General, members of the Treasury OIG, and U.S. Attorney’s Office of the Southern District of Florida are responsible for working this case. Named in the indictment are the following: the former Chairman of the Board and Chief Executive Officer; the former President and Director; and the former Senior Vice President and Chief Financial Officer. The former Chairman of the Board and Chief Executive Officer also was charged with insider trading. |
|
Assistant Inspector General for Investigations, Samuel Holland, is named a finalist for the Service to America Medal. Mr. Holland was recognized in the Justice and Law Enforcement category of the program. This medal program is cosponsored by the Atlantic Media Company and the Partnership for Public Service and recognizes the outstanding accomplishments of America’s public servants. Mr. Holland was nominated for his pioneering efforts in holding financial industry executives accountable and deterring fraudulent activity that undermines public confidence in the nation’s financial system. |
|
The OIG works closely with the Division of Information Resources Management, the Division of Administration, and the Office of Enterprise Risk Management throughout the reporting period on a "Getting to Green" initiative on the OIG’s annual Federal Information Security Management Act of 2002 evaluation scorecard, designed to ensure that management’s establishment and implementation of information technology security controls provide reasonable assurance that the Corporation’s information technology assets are protected. Meetings address various corporate information security issues, such as new and emerging security requirements being developed by the National Institute of Standards and Technology. Additional getting- to-green meetings are planned beginning in November 2004. |
|
The OIG issues its 2004 report on the Federal Information Security Management Act, concluding that the Corporation had established and implemented management controls that provided limited assurance of adequate security over its information resources. As a result of focused efforts over the past several years, the FDIC has made considerable progress in improving its information security controls and practices. Notably, this is the first annual security evaluation wherein the OIG identified no significant deficiencies as defined by the Office of Management and Budget that warrant consideration as a potential material weakness. However, continued management attention was needed in several key security control areas. |
|
The Office of Audits receives an unqualified opinion on a peer review of the system of quality control for the audit function of the FDIC OIG. According to the Department of Energy OIG, the system of quality control for the audit function in effect for the year ended March 31, 2004 was designed in accordance with quality standards established by the President’s Council on Integrity and Efficiency and provided the OIG with reasonable assurance of material compliance with professional auditing standards in the conduct of the FDIC OIG’s audits. |
|
The OIG issues the Office of Audits Assignment Plan—Fiscal Year 2005 presenting 53 audit and evaluation assignments that the OIG plans to pursue. Each assignment is linked to risk-based management and performance challenges that the OIG has identified. The OIG received a number of constructive comments and suggestions from the Corporation that were considered and addressed. Cooperative efforts resulted in a plan that provides comprehensive coverage of the Corporation’s key risk areas. |
|
The OIG responds to questions posed by Honorable Sue W. Kelly, Chairwoman of the Subcommittee on Oversight and Investigations, Committee on Financial Services, U.S. House of Representatives. These questions were sent to the OIG subsequent to IG Gianni’s March 4, 2004 testimony at the hearing on "Oversight of the Federal Deposit Insurance Corporation." The Chairwoman’s questions addressed matters related to safety and soundness, downsizing and human capital, and information security. |
|
The Inspector General testifies at a hearing on Bank Secrecy Act (BSA) Compliance and Enforcement before the Senate Committee on Banking, Housing, and Urban Affairs. IG Gianni presents a historical perspective on the BSA, discusses the BSA-related work the FDIC OIG has conducted over the past several years, and offers views on the challenges that the Congress and the financial regulators face going forward in anti-terrorist and anti-money laundering activities. The IG and other OIG management representatives later meet with Committee staff to discuss assignments planned for 2005 and ongoing and completed OIG work. |
|
The OIG provides a copy of our audit report entitled Supervisory Actions Taken for Bank Secrecy Act Violations to the Honorable Sue Kelly, Chairwoman, Subcommittee on Oversight and Investigations, Committee on Financial Services, U.S. House of Representatives. The OIG initiated that audit as a result of discussions with staff of the Subcommittee. The report presents the results of an audit of the process established by the Division of Supervision and Consumer Protection for ensuring that corrective actions are taken by bank management to address violations of BSA. |
|
The OIG receives a Training Recognition Award as a runner-up for the W. Edwards Deming Outstanding Training Award from the U.S. Department of Agriculture Graduate School. The OIG has worked over a 2-year period to identify core competencies for its staff that are aligned with OIG and corporate strategic goals and to link training investments to the core competencies and identified skill gaps. The W. Edwards Deming Outstanding Training Award recognizes a federal government organization or civilian branch of the military that has completed an innovative and impressive employee development and training initiative with measurable results. |
|
The OIG's proposed fiscal year 2005 budget is awaiting Congressional approval. The proposed budget of $29.9 million was included in the President's budget, which was transmitted to the Congress in February 2004. The budget will support an authorized staffing level of 160, a further reduction of 8 authorized staff (5 percent) from fiscal year 2004. Fiscal year 2005 will become the 9th consecutive year OIG budgets have decreased after adjusting for inflation. |
|
The OIG completes the conduct of both an Employee Survey and a Client Survey and issues the results of each. These survey instruments are designed to assist the FDIC OIG as it works to be the best OIG in government. |
|
OIG Counsel’s Office provides advice and counsel on a number of issues, including applicability of the Sarbanes-Oxley Act to FDIC-insured institutions, BSA compliance, and supervision of limited-charter institutions. Counsel was involved in 24 litigation matters, 23 of which are awaiting further action by the parties or rulings by the court. |
|
The OIG reviews and comments on 2 proposed formal FDIC regulations, responds to 6 requests and 1 appeal under the Freedom of Information Act, and completes 29 policy analyses on proposed FDIC directives or proposed revisions to directives and FDIC manuals. |
|
The OIG responds in a timely manner to 68 Hotline allegations, issues 2 reports based on previous allegations, and refers 14 allegations for further review. |
|
The OIG coordinates with and assists management on a number of initiatives, including serving in an advisory capacity on the Audit Committee’s Information Technology Security Subcommittee and the Chief Information Officer Council; Office of Investigations and Office of Audits Executives’ participation at the Division of Supervision and Consumer Protection regional office and other meetings; Office of Investigations’ Electronic Crimes Team’s coordination with the Division of Information Resources Management (DIRM), Division of Resolutions and Receiverships, and the Legal Division; and Office of Audits’ coordination with the Corporation on "Getting to Green" on the Federal Information Security Management Act of 2002 and DIRM Transformation projects. |
|
The Office of Investigations coordinates with DIRM and agency officials to establish appropriate processes in addressing cyber crimes, including computer intrusion, phishing and spoofing schemes, as well as investigations of computer misuse by FDIC employees and contractors. |
|
OIG Special Agent J. Kenneth Meyd is acknowledged by the U.S. Attorney’s Office, District of Connecticut, at an annual awards presentation in New Haven, Connecticut. The ceremony recognized a select number of significant prosecutions adjudicated during the past year and honored those who had contributed to the success of these prosecutions. Special Agent Meyd was commended for his great efforts and skillful detective work in proving that a Hartford, Connecticut, businessman owed the FDIC $2.7 million in criminal restitution and had hidden his assets from the U.S. Probation Office and the FDIC. |
|
As Vice Chair of the President’s Council on Integrity and Efficiency, the Inspector General oversees a number of initiatives, including publication of the Fiscal Year 2003 Progress Report to the President and issuance of a protocol entitled Working Relationship Principles for Agencies and Offices of Inspector General. Along with several colleagues in the IG community, IG Gianni testifies before the Subcommittee on Government Efficiency and Financial Management, House Committee on Government Reform, regarding Proposed Legislation Affecting the Inspector General Community—"Improving Government Accountability Act," (H.R. 3457)—legislation introduced by Representative Jim Cooper. The IG also participates as a presenter at numerous professional conferences and other forums, and shares information and best practices with respect to ensuring integrity and transparency with delegations of foreign visitors from Brazil, the Russian Federation, Indonesia, and Jamaica. |
|
In the spirit of the Reports Consolidation Act of 2000, and to provide useful perspective for readers, we present a large body of our work in the context of "the most serious management and performance challenges" facing the Corporation. In December 2003 we updated our assessment of these challenges and provided them to the Corporation. The 10 challenges we have identified are listed below in priority order and fall under two categories. The first category, which includes challenges 1 through 4, relates to rather broad corporate and industry issues, and the second category, which includes challenges 5 through 10, relates to more specific operational issues at the FDIC. We identified the following challenges, and the Corporation included them in its 2003 Annual Report:
|
We will continue to pursue audits, evaluations, investigations, and other reviews that address the management and performance challenges we identified. Our work during the reporting period can be linked directly to these challenges and is presented as such in the sections that follow. We will be updating our identification of the management and performance challenges by year-end 2004 and will continue to work with corporate officials to successfully address all challenges identified.
1. Adequacy of Corporate Governance in Insured Depository Institutions
Corporate governance is generally defined as the fulfillment of the broad stewardship responsibilities entrusted to the Board of Directors, Officers, and external and internal auditors of a corporation. A number of well-publicized announcements of business failures, including financial institution failures, have raised questions about the credibility of accounting practices and oversight in the United States. Such events have increased public concern regarding the adequacy of corporate governance and, in part, prompted passage of the Sarbanes-Oxley Act of 2002. The public’s confidence in the nation’s financial system can be shaken by deficiencies in the adequacy of corporate governance in insured depository institutions. For example, the failure of senior management, boards of directors, and auditors to effectively conduct their duties has contributed to certain financial institution failures. In some cases, board members and senior management engaged in high-risk activities without proper risk management processes, did not maintain adequate loan policies and procedures, and circumvented or disregarded various laws and banking regulations. In other cases, independent public accounting firms rendered clean opinions on the institutions’ financial statements when, in fact, the statements were materially misstated.
To the extent that financial reporting is not reliable, the regulatory processes and FDIC mission achievement (that is, ensuring the safety and soundness of the nation’s financial system) can be adversely affected. For example, essential research and analysis used to achieve the supervision and insurance missions of the Corporation can be complicated and potentially compromised by poor quality financial reports and audits. The insurance funds could be affected by financial institution and other business failures involving financial reporting problems. In the worst case, illegal and otherwise improper activity by management of financial institutions or their boards of directors can be concealed, resulting in potential significant losses to the FDIC insurance funds.
The FDIC has initiated various measures designed to mitigate the risk posed by these concerns, such as reviewing the bank’s board activities and ethics policies and practices and reviewing auditor independence requirements. In addition, the FDIC reviews the financial disclosure and reporting obligations of publicly traded state non-member institutions. The FDIC also reviews their compliance with Securities and Exchange Commission regulations and the Federal Financial Institutions Examination Council-approved and recommended policies to help ensure accurate and reliable financial reporting through an effective external auditing program and on-site FDIC examination.
The Corporation issued comprehensive guidance in March 2003, describing significant provisions of the Sarbanes-Oxley Act and related rules of implementation adopted by the Securities and Exchange Commission. Other corporate governance initiatives include the FDIC’s issuing Financial Institution Letters, allowing bank directors to participate in regular meetings between examiners and bank officers, maintaining a "Directors’ Corner" on the FDIC Web site, and the expansion of the Corporation’s "Directors’ College" program. While the FDIC has taken significant strides, corporate governance issues remain a key concern.
Also, pursuant to the Economic Growth and Regulatory Paperwork Reduction Act of 1996, the FDIC, along with the other members of the Federal Financial Institutions Examination Council, is engaged in reviewing regulations in order to identify outdated or otherwise unnecessary regulatory requirements imposed on insured depository institutions. The OIG supports prudent opportunities to reduce regulatory burdens on insured depository institutions along with consideration to the impact on the FDIC’s ability to adequately supervise the institutions.
OIG Audit and Investigative Work Addresses Corporate Governance Issues
Division of Supervision and Consumer Protection’s Assessment of Bank Management
The Division of Supervision and Consumer Protection (DSC) examiners’ assessment of management is a key factor in determining an
institution’s safety and soundness composite rating. During the reporting period, we conducted an audit of the process that the FDIC uses to assess bank management and controls during examinations of FDIC-supervised financial institutions. We concluded that the process is adequate. However, based on our review of six open banks with high-risk composite ratings, we found opportunities for improvement pertaining to banks that have a dominant official with significant influence in bank operations.
Specifically, examiner guidance could be strengthened with respect to evaluating the risks posed by dominant officials and for assessing and recommending mitigating controls when that type of corporate structure exists at a financial institution. Failure to appropriately evaluate and assess such risks increases the opportunity for fraud or mismanagement to go undetected and uncorrected and could, as evidenced by prior OIG reports, ultimately cause an institution to fail.
We concluded that within the frame work of the existing examination procedures, the risks of a dominant official should be considered as a part of the pre-examination planning process to the extent that this risk is observed at the senior corporate level. Due to the complexity of corporate governance oversight and the increased level of inherent risk at financial institutions dominated by one official, a comprehensive and consolidated set of instructions is needed to facilitate the supervisory review process regarding a dominant official. We made two recommendations to address these concerns, and the corrective actions that management proposed were responsive. (Report No. 04-033, September 8, 2004.)
FDIC’s Implementation of the Sarbanes-Oxley Act of 2002
We also conducted an audit to examine the FDIC’s issuance of implementing guidance to financial institutions and examiners for applicable provisions of the Sarbanes-Oxley Act. We concluded that the FDIC took adequate steps to issue implementing guidance for applicable provisions of the Act both to FDIC-supervised institutions and to FDIC examiners. In addition, the Act did not have a major impact on FDIC-supervised financial institutions because of pre-existing audit committee and internal control reporting requirements imposed by the Federal Deposit Insurance Corporation Improvement Act of 1991.
We did not make recommendations in this report. We may conduct further work related to examiner assessment of institution compliance with the Sarbanes-Oxley Act in a subsequent audit. (Report No. 04-042, September 29, 2004.)
Our investigative work also addresses corporate governance issues. In a number of cases, financial institution fraud is a principal contributing factor to an institution’s failure. Unfortunately, the principals of some of these institutions—that is, those most expected to ensure safe and sound corporate governance—are at times the parties perpetrating the fraud. Our Office of Investigations plays a critical role in investigating such activity. (See the Investigations section of this report for specific examples of bank fraud cases involving corporate governance weaknesses.)
 |
|
Strategies for Enhancing Corporate Governance While several of our audits this reporting period focused on issues relating to external governance, we also completed an audit to present information to the Corporation on strategies for enhancing its internal corporate governance. Reforms such as the Sarbanes-Oxley Act of 2002 are challenging the way organizations conduct business. For example, audit committees representing an organization’s board of directors and shareholders are expected to be more involved than before in understanding the entity’s business, monitoring financial reporting issues, and being aware of financial risks. Also, as a result of the Sarbanes-Oxley Act, management must evaluate its internal control structure over financial reporting and report on its effectiveness. Several practices have emerged to assist organizations in meeting these challenges. One practice that has emerged in managing risk is enterprise risk management (ERM). ERM enables management to evaluate risk from a corporate-wide perspective. Also, regarding internal control over financial reporting, an internal control maturity framework has been developed to assist organizations in evaluating their internal control over financial reporting. The FDIC currently has structures either in place or in development that address these emerging business practices. For example, the FDIC has a Board of Directors with an Audit Committee that monitors the Corporation’s financial reporting responsibilities and internal control programs and an Office of Enterprise Risk Management that monitors risks. The intent of our work was to synthesize information and provide a prospective focus that may be useful in further enhancing key elements of the FDIC’s corporate governance structure – the Audit Committee, risk management, and internal control over financial reporting. Our report presents strategies for enhancing corporate governance and discusses challenges faced by other organizations and the ways in which they have resolved challenges while implementing an ERM program. (Strategies for Enhancing Corporate Governance, Report No. 04-032, September 3, 2004) |
2. Protection of Consumer Interests
The FDIC’s mission is to maintain public confidence in the nation’s financial system. The availability of deposit insurance to protect consumer interests is a very visible way in which the FDIC accomplishes this mission. Additionally, as a regulator, the FDIC oversees a variety of statutory and regulatory requirements aimed at protecting consumers from unfair and unscrupulous banking practices. The FDIC, together with other primary federal regulators, has responsibility to help ensure bank compliance with statutory and regulatory requirements related to consumer protection, civil rights, and community reinvestment. Some of the more prominent laws and regulations related to this area include the Truth in Lending Act, Fair Credit Reporting Act, Real Estate Settlement Procedures Act, Fair Housing Act, Home Mortgage Disclosure Act, Equal Credit Opportunity Act, Community Reinvestment Act, and Gramm-Leach-Bliley Act. In December 2003, the President signed the Fair and Accurate Credit and Transactions Act of 2003 to expand access to credit and other financial services for all citizens, enhance the accuracy of consumers’ financial information, and help fight identity theft.
The Corporation accomplishes its mission related to fair lending and other consumer protection laws and regulations by conducting compliance examinations, taking enforcement actions to address compliance violations, encouraging public involvement in the community reinvestment process, assisting financial institutions with fair lending and consumer compliance through education and guidance, and providing assistance to various parties within and outside of the FDIC.
The FDIC’s examination and evaluation programs must assess how well the institutions under its supervision manage compliance with consumer protection and fair lending laws and regulations and meet the credit needs of their communities, including low- and moderate-income neighborhoods. A challenge for the Corporation is risk focusing compliance examinations while still protecting consumers’ interests. The FDIC must also work to issue regulations that implement federal consumer protection statutes both on its own initiative and together with the other federal financial institution regulatory agencies. A challenge in this area is ensuring compliance with out undue regulatory burden.
The Corporation’s community affairs program provides technical assistance to help banks meet their responsibilities under the Community Reinvestment Act. One of the FDIC’s principal areas of emphasis is financial literacy, aimed specifically at low- and moderate-income individuals who may not have had previous banking relationships. The Corporation’s "Money Smart" initiative has been a key outreach effort. The FDIC must also continue efforts to maintain a Consumer Affairs program by investigating consumer complaints about FDIC-supervised institutions, answering consumer inquiries regarding consumer protection laws and banking practices, and providing data to assist the examination function.
The continued expansion of electronic banking presents a challenge for ensuring consumers are protected. The number of reported instances of identity theft has also ballooned in recent years. The Corporation will need to remain vigilant in conducting comprehensive, risk-based compliance examinations, analyzing and responding appropriately to consumer complaints, and educating individuals on money management topics, including identity protection.
The Corporation’s deposit insurance program promotes public understanding of the federal deposit insurance system and seeks to ensure that depositors and bankers have ready access to information about the rules for FDIC insurance coverage. Informing bankers and depositors about the rules for deposit insurance coverage helps foster public confidence in the banking system.
OIG Efforts to Address Consumer Protection Issues
Supervision Appeals Review Committee Decision Regarding the Appeal of a Fair Lending Violation
One of our audits during the reporting period resulted from a Hotline complaint and examined the FDIC’s Supervision Appeals Review Committee’s (SARC) decision regarding a financial institution’s appeal of a fair lending violation. Appeals denied at the FDIC division level are reviewed by the SARC, which, at the time of the audit, consisted of the FDIC’s Vice Chairman, Ombudsman, General Counsel, the Director of DSC, and the Director of the Division of Insurance and Research.
We found no evidence that the SARC acted outside of its delegated authority. We also found that the SARC considered all relevant facts and that the SARC and DSC followed applicable requirements and procedures in the appeal case. We did not make recommendations in our report and received no comments from the SARC chairman or other members of the committee. (Report No. 04-036, September 20, 2004.)
The OIG’s involvement with consumer protection matters includes our investigative cases regarding misrepresentations of FDIC insurance or affiliation to unsuspecting consumers. Additionally, our Office of Investigations’ Electronic Crimes Team has been involved in investigating emerging e-mail "phishing" identity theft schemes that have used the FDIC’s name in an attempt to obtain personal data from unsuspecting consumers who receive the e-mails. Our investigations have also uncovered multiple schemes to defraud depositors by offering them misleading rates of returns on deposits. These abuses are effected through the misuse of the FDIC’s name, logo, abbreviation, or other indicators suggesting that the products are fully insured deposits. Such misrepresentations induce the targets of schemes to invest on the strength of FDIC insurance while misleading them as to the true nature of the investments being offered. (See the Investigations section of this semiannual report.)
Our experience with such cases prompted us on March 4, 2003, to submit to the House Financial Services Committee Chairman, Michael Oxley, a legislative proposal to prevent misuse of the Corporation’s guarantee of insurance. This proposal was incorporated in H.R. 1375: Financial Services Regulatory Relief Act of 2003. On March 24, 2004, H.R. 1375 was passed by the House of Representatives and referred to the U.S. Senate. Section 615 of H.R. 1375, as we suggested, would provide the FDIC with enforcement tools to limit misrepresentations regarding FDIC deposit insurance coverage. We appreciate Congressional support of this proposal.
3. Management and Analysis of Risks to the Insurance Funds
The FDIC seeks to ensure that failed financial institutions are and continue to be resolved within the amounts available in the insurance funds and without recourse to the U.S. Treasury for additional funds. Achieving this goal is a significant challenge because the insurance funds generally average just over 1.25 percent of insured deposits, and the FDIC supervises only a portion of the insured institutions. In fact, the preponderance of insured institution assets are in institutions supervised by other federal regulators. Therefore, the FDIC has established strategic relationships with the other regulators surrounding their shared responsibility of helping to ensure the safety and soundness of the nation’s financial system. The FDIC engages in an ongoing process of proactively identifying risks to the deposit insurance funds and adjusting the risk-based deposit insurance premiums charged to the institutions. One of the key tools used by the FDIC is its safety and soundness examination process which, when combined with off-site monitoring and extensive industry risk analysis, generally provides an early warning and corrective action process for emerging risks to the funds. The Risk Analysis Center, managed and staffed by the DSC, Division of Insurance and Research, and Division of Resolutions and Receiverships, facilitates and coordinates risk analysis at the FDIC.
Recent trends and events continue to pose risks to the funds. From January 1, 2002 to September 30, 2004, 18 insured financial institutions failed, and the potential exists for additional failures. While some failures may be attributable primarily or in part to economic factors, as previously mentioned, bank mismanagement and apparent fraud have also been factors in the most recent failures. The environment in which financial institutions operate is evolving rapidly, particularly with the acceleration of interstate banking, new banking products and complex asset structures, and electronic banking. The industry’s growing reliance on technologies, particularly the Internet, has changed the risk profile of banking. Continuing threats to the U.S. financial infrastructure have made business continuity planning an essential ingredient to sound risk management programs. The consolidations that may occur among banks, securities firms, insurance companies, and other financial services providers resulting from the Gramm-Leach-Bliley Act pose additional risks to the FDIC’s insurance funds. Limited charter depository institutions may also pose unique risks, as discussed later in this section. Also, institutions face challenges in managing interest rate risks in an environment of historically low interest rates. The Corporation’s supervisory approach, including risk-focused examinations, must operate to identify and mitigate these risks and their real or potential impact on financial institutions to preclude adverse consequences to the insurance funds.
The FDIC employs a number of supervisory approaches, several of which are described below, to identify and mitigate institution risk and faces challenges in ensuring that each meets its intended purpose.
|
|
Risks Related to Money Laundering and Terrorist Financing Emphasis on anti-terrorism efforts has risen significantly in recent years, especially since the events of September 11, 2001. In response to those events, the Congress enacted the United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act), which expands the Department of the Treasury’s authority initially established under the Bank Secrecy Act of 1970 (BSA) to regulate the activities of U.S. financial institutions, particularly their relations with individuals and entities with foreign ties. In turn, this expansion has increased the responsibilities of the bank regulatory agencies for assessing the adequacy of financial institution BSA programs. Specifically, the USA PATRIOT Act expands the BSA beyond its original purpose of deterring and detecting money laundering to also address terrorist financing activities. The reality today is that all institutions are at risk of being used to facilitate criminal activities, including money laundering and terrorist financing. The OIG has previously reported on several assignments related to the USA PATRIOT Act and BSA. We intend to add the challenge of risks related to money laundering and terrorist financing to our assessment of the management and performance challenges facing the Corporation in our upcoming submission of those challenges to the Corporation in December. Future semiannual reports will report the results of OIG work in this area in the context of this new challenge. |
Supervisory Strategies for Large Banks: In 2002, the FDIC initiated the Dedicated Examiner Program for the eight largest banks in the United States. The FDIC is the insurer but not the primary federal regulator for these institutions. Examiners are dedicated to those institutions to participate in targeted reviews and attend management meetings. Also, case managers closely monitor such institutions through the Large Insured Depository Institutions Program’s quarterly analysis and executive summaries. Additionally, case managers consistently remain in communication with their counterparts at the other regulatory agencies, frequently attending pre-examination meetings, post-examination meetings, and exit board meetings.
Maximum Efficiency, Risk-focused, Institution Targeted (MERIT) Examinations Program: This program was introduced in March 2002 and is designed to improve the efficiency and effectiveness of bank examinations by maximizing the use of risk-focused examination procedures in well managed banks in sound financial condition. As of September 30, 2004, over 4,600 of approximately 5,300 FDIC-supervised institutions were MERIT-eligible based on asset size (less than $1 billion) and composite rating (of 1 or 2). DSC has reported that the MERIT program has reduced the average time spent conducting safety and soundness examinations of small, low-risk institutions by well over the 20 percent target in qualifying institutions.
Relationship Manager Program: Still in its early stages, under this approach, commissioned examiners are assigned a portfolio of banks and are designated the "Relationship Manager" or primary point of contact for these banks. As such, relationship managers will conduct comprehensive risk assessments of the banks in their portfolios and in consultation with other experts prepare a risk-focused supervisory plan. Off-site and on-site activities will be conducted as needed throughout the examination cycle rather than the current "point-in-time" approach. The emphasis is on scheduling offsite and on-site reviews during the examination cycle to better leverage external sources of information.
Many other challenges also exist as the Corporation seeks to protect and ensure the continued strength of the insurance funds, as discussed below:
Merging the Insurance Funds: Because of bank mergers and acquisitions, many institutions hold deposits insured by both the Bank Insurance Fund (BIF) and Savings Association Insurance Fund (SAIF), obscuring the difference between the funds. There is ongoing consideration of merging the two insurance funds with the perceived outcome being that the merged fund would not only be stronger and better diversified but would also eliminate the concern about a deposit insurance premium disparity between the BIF and the SAIF. The prospect of different premium rates for identical deposit insurance coverage would be eliminated. Also, insured institutions would no longer have to track their BIF and SAIF deposits separately, resulting in cost savings for the industry. Assessments in the merged fund would be based on the risk that institutions pose to that fund.
The Corporation has worked hard to bring about deposit insurance reform, and the OIG supports the FDIC’s continued work with the banking community and the Congress in the interest of eventual passage of reform legislation.
| ||||||
|
Inspector General Testifies on Bank Secrecy Act On June 3, 2004, the Inspector General (IG) testified before the Senate Committee on Banking, Housing, and Urban Affairs, on Bank Secrecy Act (BSA) Compliance and Enforcement. The IG gave some historical perspective, discussed BSA-related work that the FDIC OIG has done over the past several years, and offered views on the challenges that the Congress and the financial regulators face going forward in this critical area. The FDIC Chairman’s testimony on that day indicated that the FDIC had conducted almost 11,000 BSA examinations since 2000. Over the past several years, in line with responsibilities under the Inspector General Act, the FDIC OIG conducted three audits that address the FDIC’s efforts to design and implement a supervisory program to examine institutions’ compliance with provisions of the BSA and the more recently enacted USA PATRIOT Act. Overall, these audits identified that the Corporation had taken steps to implement a riskfocused examination program for BSA. However, improvements were needed to ensure that institutions were fully complying with, and the FDIC was effectively enforcing provisions of, the Act. The IG reported that the Corporation had corrective action completed or ongoing to address all of the OIG’s recommended improvements. Of particular importance, the audit results in our report entitled Supervisory Actions Taken for Bank Secrecy Act Violations raised concerns related to four general areas:
The IG closed his testimony by suggesting that in light of the knowledge we have gained since 9/11 and more recent terrorist threats, there are key questions that the FDIC should consider, in conjunction with the Treasury Department and the other financial regulators, as it looks to improve its BSA program.
The OIG is prepared to assist in addressing these issues and has additional audits underway and planned in this area to help ensure that financial institutions, through efficient and effective supervision by the FDIC, will remain vigilant in implementing BSA programs that assist in preventing money laundering and terrorism. (Hearing on Bank Secrecy Act Compliance and Enforcement, Statement of Gaston L. Gianni, Jr., June 3, 2004) |
The Designated Reserve Ratio: If the BIF ratio is below 1.25 percent, in accordance with the Federal Deposit Insurance Act, the FDIC Board of Directors must charge the banks premiums that are sufficient to restore the ratio to the statutorily mandated designated reserve ratio within 1 year. As of March 31, 2002, the BIF reserve ratio was at 1.23 percent, the first time since 1995 that the ratio had fallen below 1.25 percent. By June 30, 2002, the BIF reserve ratio was at 1.25 percent, precisely at the minimum mandated level. According to the Corporation’s Letter to Stakeholders, the BIF ratio reported for 2nd Quarter 2004 was 1.31 percent. The Corporation must maintain or exceed the designated reserve ratio, as required by statute.
Setting Deposit Insurance Premiums: Insurance premiums are generally assessed based on the funding requirements of the insurance funds. Because the reserve ratio may not fall below the statutory designated reserve ratio of 1.25 percent, this approach has the impact of assessing premiums during economic downturns when banks are failing and are likely not in the best position to afford the premiums. Also, numerous institutions have benefited from being able to sharply increase insured deposits without contributions to the insurance funds commensurate with this increased risk. This situation can occur because the designated reserve ratio is not breached, thereby triggering across-the-board premiums. Current deposit insurance reform proposals include provisions for risk-based premiums to be assessed on a more frequently scheduled basis than would occur using the existing approach. Risk-based premiums can provide the ability to better match premiums charged to institutions with related risk to the insurance funds.
Adoption of the Proposed Basel Committee II Capital Accord: Adoption of the accord poses a potential major impact to the insurance funds due to the prospect of lower minimum capital requirements for some of the largest, most complex institutions. The initial Basel Capital Accord only took credit risks into account; Basel II will require that banks evaluate and measure other forms of risk, including operational risk. Banks will have to make capital provisions to effectively act as a contingency fund, to cover the direct and indirect losses that emergent operational risks could cause. The failure of at-risk institutions to fully adhere to this proposed contingency funding mechanism in place of higher minimum capital requirements constitutes a threat of increased insurance losses to the funds. Adoption of the accord may pose challenges for the Corporation by requiring new skill sets to address Basel II issues.
FDIC’s Information Technology Examinations
One of our audits during the reporting period examined whether the FDIC’s information technology (IT) examinations provide reasonable assurance that IT risks are being addressed by the risk management programs in FDIC-supervised financial institutions. We focused our audit work primarily on institutions with more than $1 billion in assets which generally had more complex IT architectures.
We concluded that the Corporation’s IT examination program does provide such assurance. We did, however, identify opportunities for improving the quality of the IT examination process. Specifically, the FDIC did not have a review process in place to determine whether appropriate examination procedures are applied and that findings and conclusions are adequately supported. The FDIC has a quality review process in place for its safety and soundness examinations but generally has not conducted similar quality reviews for IT examinations. We recommended that the FDIC improve the quality, efficiency, and effectiveness of its IT examinations by instituting a standardized quality review of all phases of the IT examination process and supporting documentation prior to issuance of IT examination results.
DSC generally concurred with the report’s findings and agreed that the IT review process could be enhanced. DSC provided an action plan that would enhance DSC’s quality review process from the field office and field territory levels. We consider the recommendation resolved. (Report No. 04-022, June 15, 2004.)
The Division of Supervision and Consumer Protection’s Approach for Supervising Limited-Charter Depository Institutions
We completed an evaluation of the FDIC’s supervisory approach for examining limited-charter depository institutions, which include industrial loan companies (ILCs). ILCs are state-chartered, FDIC-supervised financial institutions that may be owned by commercial firms that are not regulated by a federal banking agency. We performed this evaluation because there has been much debate among the banking regulators and with the Congress regarding whether ILCs pose safety and soundness risks. The objectives of our review
were to evaluate: (1) whether ILCs pose greater risks to the insurance fund than other financial institutions, and (2) DSC’s supervisory approach in determining and mitigating material risks posed to ILCs by parent companies.
The Corporation contends that ILCs are no riskier than traditional banks and the risks lie within business line, not the charter type. Most ILC parent companies are subject to varying degrees of federal regulation. Many are subject to consolidated supervision by the Office of Thrift Supervision (OTS), the Securities and Exchange Commission, or the Federal Reserve Board. The FDIC has stated it has sufficient legislative authority to supervise ILCs and their parents. However, differences exist in the scope of authority granted to the FDIC, the Federal Reserve Board, and OTS relating to holding company supervision. We concluded that ILCs may pose additional risks to the deposit insurance fund because ILC parent holding companies are not always subject to the scope of consolidated supervision, consolidated capital requirements, or enforcement actions imposed on parent organizations subject to the Bank Holding Company Act or the Home Owners’ Loan Act. However, the FDIC has established controls to help mitigate these added risks through its deposit insurance application process, routine examination of ILCs and affiliates, and offsite monitoring program.
Nevertheless, we identified opportunities to: strengthen DSC’s insurance application process; better define and clarify guidance for determining the parent company’s source of financial and managerial strength to the ILC; enhance examination policies and procedures for assessing the impact of ILC-parent relationships; and develop a more formal examination program for ILC parent companies that generally relies on the primary federal regulator when applicable and addresses those parent companies that are not supervised by a federal regulator.
Our report contained eight recommendations for strengthening the quality of DSC’s program for supervising ILCs. The Corporation generally agreed with our recommendations, which we consider resolved. (Report No. EVAL-04-048, September 30, 2004.)
Division of Supervision and Consumer Protection’s Regional Office Structure
We conducted an audit of DSC’s regional office structure to assess the structure in light of changes that have occurred since the 1980s at the FDIC and in the banking industry it regulates.
In our view, industry, technology, and security changes along with changes in DSC’s approach to its supervisory responsibilities warrant reconsideration of the current geographic and organizational structure of the regional offices. We therefore recommended that the Director, DSC, initiate an independent analysis of DSC’s regional office structure to determine the optimal means to effectively manage the division’s organizational structure and its resources.
DSC agreed to evaluate its regional structure as part of its annual workforce planning and budgeting efforts. This corrective action is responsive to our recommendation. (Report No. 04-040, September 28, 2004.)
4. Effectiveness of Resolution and Receivership Activities
One of the FDIC’s corporate responsibilities is planning and efficiently handling the franchise marketing of failing FDIC-insured institutions and providing prompt, responsive, and efficient resolution of failed financial institutions. These activities maintain confidence and stability in our financial system. Notably, since the FDIC’s inception over 70 years ago, no depositor has ever experienced a loss of insured deposits at an FDIC-insured institution due to a failure. According to the Corporation’s Letter to Stakeholders for the 3rd Quarter 2004, the FDIC is managing over $603 million in assets in liquidation in 35 BIF and SAIF receiverships. The Asset Servicing Technology Enhancement Project is a key initiative to implement an integrated solution to meet the FDIC’s current and future asset servicing responsibilities based on industry standards, best practices, and available technology.
The FDIC has outlined primary goals for three business lines that are relevant to the three major phases of its work: Pre-Closing, Closing, and Post-Closing of failing or failed institutions. Each is accompanied by significant challenges:
Deposit Insurance: The FDIC must provide customers of failed financial institutions with timely access to their insured funds and financial services. A significant challenge in this area is to ensure that FDIC deposit insurance claims and payment processes are prepared to handle large institution failures.
Resolutions: As the FDIC seeks to resolve failed institutions in the least costly manner, its challenges include ensuring the efficiency of contingency planning for institution failures and effective internal FDIC communication and coordination as well as communication with the other primary federal regulators. Such steps help ensure timely access to records and optimal resolution strategies.
Receivership Management: The FDIC’s goal is to manage receiverships to maximize net return toward an orderly and timely termination and provide customers of failed institutions and the public with timely and responsive information. Related challenges include ensuring the efficiency of the receivership termination process, effective claims processing, continual assessment of recovery strategies, sound investigative activities, collection of restitution orders, and accurate charging of receiverships for services performed under the Receivership Management Program.
Our work in the receiverships and resolutions area included the following reports:
Retention Strategies for Failed Insured Depository Institution Employees
The objective of this audit was to determine whether the Division of Resolutions and Receiverships’ (DRR) decisions for retaining and paying former institution employees to assist in the process of liquidating receiverships were reasonable and adequately supported.
DRR’s decisions to retain and pay former institution employees to assist in the operations of its receiverships appeared justified given the specific circumstances of the closed institutions. Also, retention decisions were adequately communicated to, and approved by, appropriate FDIC management officials. However, DRR could have better documented the basis for the retention decisions. We also concluded that the FDIC can better protect against the misuse of sensitive financial and customer information by former institution employees retained to assist in liquidating receiverships.
We made four recommendations to address our concerns with documenting decisions, securing sensitive financial and customer information, and conducting background checks of retained employees. The Director, DRR, agreed with our recommendations and expects significant progress and results in the areas discussed in the report by the end of 2004. (Report No. 04-030, August 20, 2004.)
Proceeds from Terminated Securitizations
Securitization is the process by which assets with generally predictable cash flows are packaged into interest-bearing securities with marketable investment characteristics. The most common securitized product is the mortgage-backed security.
We conducted an audit to determine whether funds from terminated securitization transactions had been properly reported and credited to the FDIC by third parties, which include the mortgage-backed securities master servicer and a trustee appointed to the trust created for each securitization. The reserve fund releases and residual distributions from the four terminated securitization transactions we reviewed totaled $341,578,536 and $241,120,162, respectively. We concluded that DRR had an adequate management control process to ensure that all proceeds from the terminated securitizations were properly reported and credited to the FDIC by third parties. (Report No. 04-034, September 13, 2004.)
Cases Involving Concealment of Assets
As referenced earlier, the OIG’s Office of Investigations coordinates closely with the FDIC’s DRR and with the Legal Division regarding ongoing investigations involving fraud at failed institutions, fraud by FDIC debtors, and fraud in the sale or management of FDIC assets. In particular, investigators coordinate closely with the Corporation to address issues arising in connection with the prosecution of individuals who have illegally concealed assets in an attempt to avoid payment of criminal restitution to the FDIC. As of September 30, 2004, the FDIC was owed approximately $1.7 billion in criminal restitution. In most cases, the individuals subject to restitution orders do not have the means to pay. We focus our investigations on those individuals who do have the means to pay but hide their assets from and/or lie about their ability to pay. The Investigations Section of this report highlights the efforts of one of our Special Agents working on asset concealment cases.
5. Management of Human Capital
Human capital issues pose significant elements of risk that interweave all the management and performance challenges facing the FDIC. Human capital management requires committed, sustained, and inspired leadership and persistent attention. In the last 15 years, the FDIC has dealt with dramatic swings in its staffing levels in response to the banking and thrift crisis of the late 1980s and early 1990s and subsequent period of recovery. The FDIC, like other organizations, continues to be affected by changing technology, market conditions, initiatives designed to improve its business processes, an aging workforce, and by the unknown. Such events impact staffing levels and required skills mix going forward just as they would any other organization.
Since 2002, the FDIC has been working to create a flexible permanent workforce that is poised to respond to sudden changes in the financial sector. As part of the 2005 corporate planning and budget process, senior executives concluded that the FDIC’s future workforce will be smaller with a somewhat different mix of skills. Recently, FDIC executives announced initiatives focused on workforce planning, human resources flexibilities, and the establishment of a Corporate Employee Program.
In August 2004, the FDIC’s Chief Operating Officer announced a Workforce Planning for the Future initiative that requires the FDIC’s three business line divisions to: (1) review future workload assumptions; (2) analyze existing skill sets, identify needed skill sets, and design strategies for closing any gaps; and (3) develop succession management plans. The initiative also established vacancy management goals for carefully reviewing each vacancy within the Corporation to determine whether and how vacancies should be filled.
On September 1, 2004, the FDIC sent a legislative proposal, known as the FDIC Workforce 21 Act of 2004, to the Congress that would provide the Corporation with greater flexibility in the human resources area. The proposal seeks to build upon human capital flexibilities related to streamlined hiring authority, term appointments, reemployment of retired annuitants in exigent circumstances, employment of experts and consultants, and reduction-in-force and early retirement authority.
The Chief Operating Officer has also announced a Corporate Employee Program. The Program’s objectives address risks related to industry consolidation and complexity and will position the Corporation to more successfully respond to rapid changes in individual institutions or the entire financial industry. The program will provide cross-training programs and cross-divisional mobility to provide individual job enhancement and to serve organizational needs as events require. Amid these initiatives, the Corporation will need to confer with the National Treasury Employees Union, when appropriate, in negotiating matters affecting bargaining unit employees.
The FDIC has stated that over the next 10 years, it is likely that almost 1,600 employees or 30 percent of the FDIC’s current workforce will retire. Other employees will leave the FDIC for non-retirement reasons. The Corporation must carefully plan its Corporate University training programs, continue to work to identify an appropriate skills mix, correct any existing skills imbalances, fill key vacancies in a timely manner, engage in careful succession planning, and continue to conserve and replenish the institutional knowledge and expertise that has guided the organization over the past years. A need for additional outsourcing may arise. Hiring and retaining new talent will be important and hiring and retention policies that are fair and inclusive must remain a significant component of the corporate diversity plan. Designing, implementing, and maintaining effective human capital strategies—including developing a coherent human capital blueprint that comprehensively describes the FDIC’s human capital framework and establishes a process for agency leaders to systematically monitor the alignment and success of human resources-related initiatives—are critical priorities and must continue to be the focus of centralized, sustained corporate attention. Our ongoing work in this area includes an evaluation of the effectiveness of DSC’s workforce planning. We are also initiating an evaluation of the Corporate University.
6. Management and Security of Information Technology Resources
Information technology continues to play an increasingly greater role in every aspect of the FDIC mission. As corporate employees carry out the FDIC’s principal business lines of insuring deposits, examining and supervising financial institutions, and managing receiverships, the employees rely on information and corresponding technology as an essential resource. Information and analysis on banking, financial services, and the economy form the basis for the development of public policies and promote public understanding and confidence in the nation’s financial system. IT is a critical resource that must be safeguarded.
Accomplishing IT goals efficiently and effectively requires sound IT planning and investment control processes. The Corporation’s 2004 IT budget is approximately $233 million. The Corporation must constantly evaluate technological advances to ensure that its operations continue to be efficient and cost-effective and that it is properly positioned to carry out its mission, particularly in light of ongoing downsizing. While doing so, the Corporation must continue to respond to the impact of laws and regulations on its operations. The Corporation’s Transformation Project is bringing about significant change in the Division of Information Resources Management (DIRM). Management of IT resources and IT security have been the focus of several laws, such as the Paperwork Reduction Act, the Government Information Security Reform Act, and the Federal Information Security Management Act of 2002 (FISMA). Under FISMA, each agency is required to report on the adequacy and effectiveness of information security policies, procedures, and practices and compliance with information security requirements.
The FDIC has recognized that improvements in its information security program and practices are needed. In its 2003 annual report to the Congress, the FDIC identified information security as a high vulnerability issue within the Corporation. The FDIC also identified improvements in its information security program as a major corporate priority in its 2004 Annual Performance Plan. Senior FDIC managers, including the Vice Chairman of the Board of Directors and the FDIC Audit Committee, have played an active role in strengthening the FDIC’s information security program through oversight of information security initiatives and monitoring of corporate efforts to address security weaknesses. As discussed below in this section, representatives of DIRM, the Division of Administration, and the Office of Enterprise Risk Management have also been working with our office as part of a "Getting to Green" initiative on the OIG’s annual FISMA evaluation scorecard.
Federal Information Security Management Act Evaluation
As required by FISMA, we completed an independent evaluation of the FDIC information security program and practices. FISMA directs
federal agencies to have an annual independent evaluation performed of their information security program and practices and for agencies to report the results of the evaluation to the Office of Management and Budget (OMB). FISMA states that the independent evaluation is to be performed by the agency IG or an independent external auditor as determined by the IG. This is the fourth annual security evaluation that our office has performed pursuant to FISMA and its predecessor legislation, the Government Information Security Reform Act, which expired in November 2002.
|
|
Getting to Green The OIG is working closely with representatives of the FDIC’s Division of Information Resources Management (DIRM), Division of Administration (DOA), and Office of Enterprise Risk Management (OERM) as part of a "Getting to Green" initiative on the OIG’s annual FISMA evaluation scorecard. The OIG assigns one of three assurance levels (reasonable assurance—green, limited assurance—yellow, and minimal/no assurance—red) when assessing the adequacy of security for each management control area that the OIG considers when conducting its FISMA evaluation of the Corporation’s information security program. Representatives of DIRM, DOA, OERM, and the OIG held periodic meetings from November 2003 through April 2004 on various corporate information security issues, such as new and emerging security requirements being developed by the National Institute of Standards and Technology, the Corporation’s progress in addressing reported weaknesses, and next steps and targets. Additional getting-to-green meetings are planned beginning in November 2004, and the OIG is committed to continuing this highly successful working relationship. |
The objective of the evaluation was to determine the effectiveness of the FDIC’s information security program and practices, including its compliance with the requirements of FISMA and related information security policies, procedures, standards, and guidelines. In summary, we concluded that the Corporation had established and implemented management controls that provided limited assurance of adequate security over its information resources. As a result of focused efforts over the past several years, the FDIC has made considerable progress in improving its information security controls and practices. Notably, this is the first annual security evaluation wherein we identified no significant deficiencies as defined by OMB that warrant consideration as a potential material weakness. However, continued management attention was needed in several key security control areas to ensure that appropriate risk-based and cost-effective security controls are designed and in place to secure the FDIC’s information resources and further the Corporation’s security goals and objectives.
We also issued a separate audit report containing responses to specific questions raised by OMB in its August 23, 2004 memorandum, FY 2004 Reporting Instructions for the Federal Information Security Management Act.
Our responses to the OMB questions, together with the independent security evaluation report, satisfy our 2004 FISMA reporting requirements.
Similar to our prior year security evaluations, our FISMA report identified 10 steps that the Corporation can take in the near term to improve its information security program and operations. Generally, the steps focused more on the implementation of the FDIC’s security management controls, whereas the steps contained in our prior year evaluation focused primarily on the establishment of security management controls. In many cases, the FDIC had already begun to address these steps during our evaluation field work. We will continue to work with the Corporation throughout the coming year to ensure that appropriate risk-based and cost-effective IT security controls are in place to secure corporate information resources and further corporate security goals and objectives. (Report No. 04-046, September 30, 2004.)
We also conducted specific work in the following IT areas, much of which contributed to our overall FISMA evaluation:
Enhancements to the FDIC System Development Life Cycle Methodology
We concluded that the FDIC had recently chosen a new system development life cycle methodology that was both risk-based and reflected industry and federal government best practices. We also found that the FDIC had not developed an adequate control framework for system development to ensure that project management practices, performance assessment results, enterprise
architecture alignment, funding decisions and cost-benefit analyses, and certification and accreditation guidance for security requirements were incorporated into development efforts. The report contains four recommendations to improve the system development control framework. The Corporation’s response to this audit addressed the concerns we identified. (Report No. 04-019, April 30, 2004.)
FDIC’s Software Management Program
We concluded that DIRM has implemented several effective controls over its software management program. However, DIRM could
strengthen the program by completing efforts underway to develop policies and procedures, designate program responsibility, and establish a consolidated inventory system. Our report made three recommendations to address control weaknesses. The Corporation’s response addressed the concerns discussed in our report. (Report No. EVAL-04-020, June 8, 2004.)
FDIC’s Virtual Supervisory Information on the Net Application
We conducted an audit of the FDIC’s Virtual Supervisory Information on the Net (ViSION) application to determine whether the application controls over operational components were adequate. ViSION was designed to accept and provide information from and for the FDIC and other federal and state regulators in support of day-to-day operations. ViSION contains information on all insured depository institutions. Users rely on ViSION as a central repository for compiling, reviewing, analyzing, and managing financial, examination, and other data on financial institutions.
We recommended that the Corporation develop, update, and implement key management and operational controls to protect the confidentiality, integrity, and availability of the information contained in the ViSION application. The Corporation’s response adequately addressed our recommendations. (Report No. 04-027, July 30, 2004.)
FDIC’s Capital Investment Management Review Process for Information Technology Investments
One of our evaluations this reporting period focused on the FDIC’s capital planning and investment management (CPIM) process. Our
objective was to determine whether the FDIC’s Capital Investment Review Committee (CIRC) is implementing an efficient and effective review process that supports budgeting for the FDIC’s IT capital investments and ensures the regular monitoring and proper management of these investments once they are funded.
The CIRC was established in September 2002; therefore, measuring the overall effectiveness of the CIRC was difficult. Nonetheless, we found that the program activities the FDIC has undertaken since 2002 aligned with the processes the U.S. Government Accountability Office (GAO) considers necessary to build a successful IT capital investment process. Specifically, the FDIC’s efforts have encompassed a broad range of activities, including ongoing work to develop:
an IT governance structure, including the establishment of the Chief Information Officer Council in February 2004; a systematic, quarterly management oversight process for individual capital investment projects and the overall portfolio; and corporate tools and guidance for project managers.These activities align with the processes associated with the second and third stages of maturity in GAO’s five-tiered model. However, work remains to achieve a mature, repeatable process, and the FDIC has many efforts underway or planned to reach that goal.
We made 11 recommendations to the Chief Financial Officer and Chief Information Officer, the CIRC Co-Chairs, to take actions in 3 general areas to help ensure continued maturation of the CPIM process: (1) Strengthen the IT investment management governance structure, (2) Strengthen CPIM-related procedures, and (3) Create a CPIM plan.
Management did not concur with 2 of our 11 recommendations. With respect to one of those recommendations, we requested that management reconsider its position and clarify requirements for validating quarterly project assessments by independent qualified personnel when management updates the FDIC Capital Investment Policy in June 2005. For the other outstanding recommendation, we agreed with management that further action was not required. (Report No. 04-039, September 23, 2004.)
Audits by IBM
We engaged International Business Machines Business Consulting Services (IBM), an independent professional services firm, to support our efforts to satisfy reporting requirements related to FISMA. IBM issued the following three reports during the reporting period:
FDIC’s IT Security Risk Management Program—Overall Program Policies and Procedures and the Risk Assessment Process: IBM concluded that the FDIC had made progress since August 2003 in implementing the risk management program. However, policies and procedures for the overall program and the risk assessment process could be strengthened.
IBM made three recommendations to the Director, DIRM, to improve the policies and procedures for managing IT risk and the Director agreed. (Report No. 04-028, July 30, 2004.)
FDIC’s Mainframe Security: IBM concluded that the FDIC has established and implemented management, operational, and technical controls that provide reasonable assurance of adequate mainframe security. IBM also found that the FDIC has made progress in its efforts to strengthen mainframe security, update security policies and procedures, and increase employee security awareness.
Further, DIRM has completed the required certification activities in preparation for system accreditation. These activities include completing a mainframe security plan; conducting a risk assessment and preparing the final risk assessment report; performing a self-assessment of mainframe management, operational, and technical controls; and completing a Plan of Actions and Milestones.
IBM did find one aspect of mainframe security that could be improved. DIRM management concurred with IBM’s related recommendation. (Report No. 04-037, September 30, 2004.)
FDIC’s IT Contingency Planning: IBM’s audit focused on the adequacy of the FDIC’s policies, procedures, and tools for contingency planning. IBM concluded that the FDIC had made progress since the OIG’s 2003 FISMA evaluation. However, improvements are needed to ensure that FDIC data can be restored in a timely manner.
IBM made three recommendations to improve the FDIC’s contingency planning program. DIRM agreed to take corrective actions that adequately address the three recommendations. (Report No. 04-038, September 22, 2004.)
7. Security of Critical Infrastructure
The adequate security of our nation’s critical infrastructures has been at the forefront of the federal government’s agenda for many years. Specifically, the President’s Commission on Critical Infrastructure Protection (established in July 1996) was tasked to formulate a comprehensive national strategy for protecting the nation’s critical infrastructure from physical and "cyber" threats. Included among the limited number of systems whose incapacity or destruction were deemed to have a debilitating impact on the defense or economic security of the nation was the banking and finance system. With the increased consolidation and connectivity of the banking industry in the years since 1996, and with the new awareness of the nation’s vulnerabilities to terrorist attacks since September 11, 2001, the security of the critical infrastructure in the banking industry is even more important.
On December 17, 2003, the President signed Homeland Security Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization and Protection. HSPD–7 established a national policy for federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist acts. On June 17, 2004, OMB issued Memorandum M04-15, Development of the HSPD-7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources. The memorandum provides guidance regarding the format and content of critical infrastructure protection plans that federal agencies are required to submit to the OMB. Although the FDIC has determined that it does not maintain critical infrastructure or key resources as intended by HSPD–7, the FDIC is required to report to OMB on its ability to ensure the continuity of its business operations in the event of a physical or cyber attack.
The intent of HSPD–7 is to ensure that the federal government maintains the capability to deliver services essential to the nation’s security and economy and to the health and safety of its citizens in the event of a cyber- or physical-based disruption. Much of the nation’s critical infrastructure historically has been physically and logically separate systems that had little interdependence. However, as a result of technology, the infrastructure has increasingly become automated and interconnected. These same advances have created new vulnerabilities to equipment failures, human error, natural disasters, terrorism, and cyber attacks.
To effectively protect critical infrastructure, the FDIC’s challenge is to implement measures to mitigate risks, plan for and manage emergencies through effective contingency and continuity planning, coordinate protective measures with other agencies, determine resource and organization requirements, and engage in education and awareness activities. The FDIC will need to continue to work with the Department of Homeland Security and the Finance and Banking Information Infrastructure Committee, created by Executive Order 23231 and chaired by the Department of the Treasury, on efforts to improve security of the critical infrastructure of the nation’s financial system. To address this risk, the FDIC is sponsoring 24 outreach conferences for the Financial and Banking Information Infrastructure Committee and Financial Services Sector Coordinating Council through 2005, which will address protecting the financial sector. The Corporation will also need to be attentive to the new requirements of HSPD-7.
Implementation of Physical Security Policies
During the reporting period we performed a follow-up to two prior OIG evaluations to assess the FDIC physical security program and implementation of physical security at the FDIC’s Washington, D.C., metropolitan area facilities and regional and field offices.
We concluded that the FDIC had implemented the OIG-recommended improvements to security policies for FDIC-owned and leased space in the Washington, D.C., and Virginia Square locations and in the regional and field offices. However, we also found that the Division of Administration (DOA) could further improve the vulnerability assessment process for some of its offices, and we made a recommendation to that effect. The Director, DOA, concurred with our recommendation and agreed to take responsive action. (Report No. 04-021, June 15, 2004.)
FDIC’s Business Continuity Plan
We completed an evaluation of the FDIC’s Business Continuity Plan (BCP) during the reporting period to determine whether the FDIC’s plan addresses key elements of business continuity planning. An FDIC Audit Committee member had asked our office to assess the FDIC’s BCP against the key elements.
We found that the FDIC’s BCP addresses the critical business functions of key FDIC divisions and offices. Also, actions are underway to review and update a business impact analysis and to identify the resources necessary to sustain essential functions in the event of disruptions. However, the FDIC could improve the quality of its BCP in a number of key areas to help ensure its success. As a result, we made 10 recommendations to strengthen the quality of the FDIC’s BCP, with which the Corporation agreed. (Report No. EVAL-04-029, August 9, 2004.)
8. Management of Major Projects
Project management is the defining, planning, scheduling, and controlling of the tasks that must be completed to reach a goal and the allocation of the resources to perform those tasks. The FDIC has engaged in several multi-million dollar projects, such as the New Financial Environment (NFE), Central Data Repository, and Virginia Square Phase II Construction. Without effective project management, the FDIC runs the risk that corporate requirements and user needs may not be met in a timely, cost-effective manner. We have done several reviews of these projects and identified the need for improved defining, planning, scheduling, and controlling of resources and tasks to reach goals and milestones. The Corporation included a project management initiative in its 2004 performance goals and established a Program Management Office to address the risks and challenges that these kinds of projects pose.
In September 2002, the FDIC executed a multiyear contract to replace its core financial systems and applications with a commercial-off-the-shelf software package. NFE is a major corporate initiative to enhance the FDIC’s ability to meet current and future financial management and information needs. At the time the Board case was approved, the FDIC estimated the total lifecycle cost of NFE, including FDIC staff time, to be approximately $62.5 million over 8 years. NFE offers the FDIC significant benefits and presents significant challenges. These challenges will test the Corporation’s ability to (1) maintain unqualified opinions on the FDIC’s annual financial statements through the system implementation and associated business process reengineering; (2) manage contractor resources, schedules, and costs; and (3) coordinate with planned and ongoing system development projects related to NFE. We have reported on several NFE matters in the past and are currently auditing the Corporation’s ongoing NFE efforts.
The Call Report Processing Modernization project is a collaborative effort by the FDIC, the Federal Reserve Board, and the Office of the Comptroller of the Currency to improve the processes and systems used to collect, validate, store, and distribute Call Report information. The project resulted in a Central Data Repository approach to managing bank Call Report Information. We are monitoring the Corporation’s progress on this project.
In March 2002, the Board of Directors approved construction of a new nine-story building at the FDIC’s Virginia Square in Northern Virginia. Known as Virginia Square Phase II, the building will house FDIC staffers (about 1,100) for the most part now working in leased space. The expansion will cost approximately $111 million. The building is expected to be finished by early 2006. Completing construction activities and moving staff from leased to owned space within the planned time and cost budgets presents considerable challenges for FDIC management.
The Corporation must ensure that employees from all divisions and offices properly safeguard the BIF and SAIF. It is critically important that budgets for the major projects discussed above and all others be established and closely monitored to prevent significant cost overruns.
Control Framework for the Virginia Square Phase II Project
We continued our audit coverage of the Virginia Square Phase II project for the construction of a second office building and a special-purpose facility to be completed at Virginia Square. Our audit objective was to determine whether the control framework for the project was adequate to minimize the risk that financial and time budgets may not be met.
We concluded that the FDIC established an adequate control framework for the Virginia Square Phase II construction project that, if consistently and effectively implemented, should ensure that the project will be completed on time and within budget. However, we also found that the FDIC withheld less than the contract entitled the FDIC to retain on progress payments to the general contractor. We recommended that the Director, DOA, emphasize that contractor invoices be reviewed for compliance with all contract terms, including retainage provisions, and that discrepancies be documented and resolved before payment. The Corporation took prompt action in response to our recommendation. (Report No. 04-018, April 22, 2004.)
9. Assessment of Corporate Performance
Assessing corporate performance is a key challenge because good intentions and good beginnings are not the measure of success. What matters in the end is completion: performance and results. To that end, the Government Performance and Results Act (Results Act) of 1993 was enacted. This Act requires most federal agencies, including the FDIC, to prepare a strategic plan that broadly defines each agency’s mission, vision, and strategic goals and objectives; an annual performance plan that translates the vision and goals of the strategic plan into measurable annual goals; and an annual performance report that compares actual results against planned goals.
The current Administration has raised the bar further in this area. Specifically, OMB is using an Executive Branch Management Scorecard to track how well departments and agencies are executing the management initiatives, and where they stand at a given point in time against the overall standards for success. OMB has also introduced the Program Assessment Rating Tool to evaluate program performance, determine the causes for strong or weak performance, and take action to remedy deficiencies and achieve better results.
The Corporation’s strategic plan and annual performance plan lay out the agency’s mission and vision and articulate goals and objectives for the FDIC’s three major program areas: Insurance, Supervision, and Receivership Management. Through its annual performance report, the FDIC is accountable for reporting actual performance and achieving its strategic goals. In addition to the Corporation’s strategic and annual goals and objectives established under the Results Act, the Chairman maintains a comprehensive set of objectives used for internal management which are summarized in terms of Stability, Sound Policy, and Stewardship.
The Corporation has made significant progress in implementing the Results Act. Over the years, it has developed more outcome-oriented performance measures, better linked performance goals and budgetary resources, and improved processes for verifying and validating reported performance. While the FDIC is not included on the Management Scorecard nor required to submit a Program Assessment Rating Tool to the OMB, some of the Corporation’s divisions have begun using a "scorecard" approach to monitoring and evaluating performance, and we support the use of these tools.
The OIG has played an active role in evaluating the Corporation’s efforts in this area. We have conducted reviews of the processes used for verifying and validating data and evaluated the Corporation’s budget and planning process. As part of the Corporation’s overall planning process, we provide input and our perspective annually on the FDIC’s strategic goals and objectives. In doing so, we have pointed to the need to better align the strategic and annual planning process under the Results Act with the separate process used to develop detailed annual corporate performance objectives and initiatives designed to accomplish the Chairman’s priorities.
During the reporting period, we updated an earlier analysis of the linkage between the Corporation’s two separate performance measurement processes. We compared (1) the FDIC’s 2004 Corporate Performance Objectives (i.e., Chairman’s) to (2) the 2004 Results Act Annual Performance Plan. The analysis continues to reflect that the two separate plans are not well integrated. OIG advisory comments on the Corporation’s 2002, 2003, and 2004 Results Act plans have suggested that the Corporation take additional steps to better link the two systems.
Strong internal control and risk management practices can help an organization achieve strategic and annual goals. Internally, the Corporation is currently operating under an internal control policy that predates many developments toward proactive risk management. Since the Corporation issued its internal control policy in February 1998, GAO has issued Standards for Internal Control in the Federal Government (GAO/AIMD-00-21.3.1, November 1999), which discusses five components of internal control and provides an overall framework for identifying and addressing major performance challenges and areas of greatest risk for fraud, waste, abuse, and mismanagement. Also, as mentioned earlier in this semiannual report, many organizations in the insurance industry and other organizations are using an Enterprise Risk Management approach to managing not only financial risks, but all business and compliance risks. The Committee of Sponsoring Organizations of the Treadway Commission has issued a document that explains essential concepts and the interrelationship between enterprise risk management and internal control. The Corporation’s Office of Enterprise Risk Management can play a role in risk management activities that help the Corporation achieve its goals.
10. Cost Containment and Procurement Integrity
Stewardship of resources has been a focus of the FDIC’s current Chairman. As steward for the insurance funds, the Chairman has embarked on a campaign to identify and implement measures to contain and reduce costs, either through more careful spending or assessing and making changes to business processes to increase efficiency.
A key challenge to containing costs relates to the contracting area. To achieve success in this area, the FDIC must ensure that its acquisition framework—that is, its policies, procedures, and internal controls—is marked by sound planning; consistent use of competition; fairness; well-structured contracts designed to produce cost-effective, quality performance from contractors; and vigilant contract management to ensure successful oversight management activities. The Corporation has taken a number of steps to strengthen controls and oversight of contracts.
However, as the Corporation downsizes and continues to contract for services, it needs to remain vigilant. We have a contract audit program that looks at the reasonableness and support for billings on significant Corporation contracts and, as needed, evaluates contract award processes. Our work in the cost containment and procurement integrity area during the reporting period included the following:
Acquisition Planning and Execution Strategy
We concluded that the FDIC’s acquisition planning process did not always result in efficient, effective, economical, and timely procurements.
We made seven recommendations to the Director, DOA, to revise certain aspects of the Acquisition Policy Manual, establish additional procedures to document the disposition of Legal Division comments, modify certain contracts, and enhance certain oversight activities of contracting officers. The Director, DOA, provided a written response to the draft report, and through subsequent discussions, all recommendations are now resolved. (Report No. 04-043, September 29, 2004.)
FDIC’s Allocation of Records Storage Costs
We conducted an audit of the FDIC’s allocation of records storage costs and determined that records storage costs were not correctly charged to the appropriate insurance and resolution funds. Specifically, from January 1996 through July 2004, the FDIC charged about $35 million in records storage costs to the BIF and SAIF that should have been charged to the Federal Savings and Loan Insurance Corporation Resolution Fund (FRF). Although the records stored by the FDIC are associated with activities that can be attributed directly to a specific fund, the FDIC allocates the expenses indirectly to the funds as corporate common services costs. As a result, the BIF and SAIF have been charged $35 million in incorrect records storage costs and could absorb an additional $11 million over the next 3 years. We identified the $46 million related to inappropriate allocation of storage costs as funds put to better use.
We recommended that the Director, Division of Finance (DOF), adjust the fund balances for the BIF, SAIF, and FRF; charge the funds appropriately for future records storage costs; and determine whether prior-year adjustments should be made to the funds’ financial statements due to the magnitude of the reallocation of records storage costs to the FRF.
The Corporation disagreed with our finding and recommendations. The Director, DOF, stated that the current allocation methodology provides a reasonable, efficient, and consistent basis for allocating costs to the funds. We requested DOF to reconsider its position and provide a subsequent response. (Report No. 04-044, September 29, 2004.)
Records Management and Storage
We concluded that the FDIC’s contract with Iron Mountain Records Management, Inc. for records storage could be more cost-effective. We reported that the FDIC could avoid costs of $5.6 to $6 million by moving records from climate-controlled
storage, renegotiating certain contract terms, and obtaining permission to destroy thrift records not associated with goodwill litigation. Additionally, the FDIC could improve oversight of the contractor by verifying the application of rounding factors
used to determine billable container size and reconciling actual and recorded container displacement during quarterly physical inspections.
We made nine recommendations to the Director, DOA, to make the FDIC’s contract with Iron Mountain more cost-effective and to improve contract oversight. We also recommended that the General Counsel and DOA expedite efforts related to the destruction of records for thrifts not involved in the goodwill litigation.
The Director, DOA, did not agree with four of our recommendations, and we asked DOA to reconsider its responses and provide additional comments. DOA also disagreed with all but $602,438 of our identified cost avoidances. The General Counsel agreed to take responsive action.
Based on our review, we are reporting a range of $5,151,822 to $5,573,881 for funds put to better use in this Semiannual Report to the Congress. This range has been adjusted to reflect our acceptance of DOA’s lower estimate of savings for moving microforms to general storage space. (Report No. 04-045, September 30, 2004.)
Pre-award and Post-award Contract Audits
We issued the results of one pre-award audit during the reporting period, in which we reported that two proposals related to an asset servicing strategy were reasonable and adequately supported.
We also issued one post-award contract audit report during the reporting period. The objectives of post-award audits are to determine whether amounts charged to FDIC contracts are allowable, allocable, and reasonable. We reported a total of $110,915 in questioned costs as a result of the post-award audit. As of the end of the reporting period, a management decision was pending for the amount identified as a monetary benefit.
The Office of Investigations (OI) is responsible for carrying out the investigative mission of the OIG. Staffed with agents in Washington, D.C.; Atlanta; Dallas; and Chicago; OI conducts investigations of alleged criminal or otherwise prohibited activities that may harm or threaten to harm the operations or integrity of the FDIC and its programs. In addition to its headquarters and field sites, OI operates an Electronic Crimes Team and laboratory in Washington, D.C. The Electronic Crimes Team is responsible for conducting computer-related investigations impacting the FDIC, including employee cases involving computer abusers and providing computer forensic support to OI investigations nationwide. OI also manages the OIG Hotline for employees, contractors, and others to report allegations of fraud, waste, abuse, and mismanagement via a toll-free number or email. During the reporting period, the Hotline received 68 allegations, a number of which included reports of "phishing" schemes as discussed in this report. Two reports that were based on Hotline allegations were issued by the Office of Audits during the reporting period. Fourteen allegations were referred for further action.
| ||||||||||||||||||||||||||||
OI Cases Target High-Risk Areas
OI concentrates its investigative efforts on those cases of most significance or potential impact to the FDIC and its programs. OI’s goal, in part, is to bring a halt to the fraudulent conduct under investigation, protect the FDIC and other victims from further harm, and assist the FDIC in recovery of its losses. Another consideration in dedicating resources to these cases is the need to pursue appropriate criminal penalties not only to punish the offender but to deter others from participating in similar crimes.
Currently, the majority of OI’s caseload is comprised of investigations involving major financial institution fraud. OI’s work in this area targets schemes that resulted in significant losses or vulnerabilities for the institution(s), and/or involves institution officers or insiders, multiple subjects and institutions, obstruction of bank examiners, and/or misrepresentation of FDIC insurance or affiliation. It also includes investigations of fraud resulting in institution failures. Cases in this area are highly complex and resource-intensive, often requiring teams of agents and years to complete. Despite the resource demands, the OIG’s commitment to these investigations is imperative, in light of their significance and potential impact to the FDIC and the banking industry. Additionally, from a cost-benefit perspective, these cases have brought results that make our investment in them well worth the effort, as illustrated in some of the cases reported for this period. Our investigations of major financial institution fraud schemes have brought increased returns measured by successful prosecutions resulting in incarceration, court-ordered fines, restitution to victims, and administrative actions.
 [ D ]
|
In addition to pursuing financial institution-related cases, the OIG commits significant resources to investigations that target fraud by FDIC debtors seeking to conceal their assets from the FDIC. These cases, which include investigations of individuals who fraudulently attempt to avoid payment of court-ordered restitution to the FDIC, made up 23 percent of our caseload as of September 30, 2004. These cases are of significance to the FDIC, which was owed approximately $1.7 billion in criminal restitution as of September 30, 2004. In most instances, the individuals subject to these restitution orders do not have the means to pay. The focus of OIG investigations in this area is on those individuals who do have the means to pay, but hide their assets from and/or lie about their ability to pay. OI works closely with the Division of Resolutions and Receiverships (DRR) and the Legal Division in aggressively pursuing investigations of these individuals. A partnership approach and commitment to these cases is critical to successfully prosecute those who continue to defraud the FDIC, and to ensure that the FDIC, as the victim, recovers as much of its loss as possible. Although currently only about 7 percent of our caseload, the OIG must be prepared to commit resources when necessary to investigations of criminal or serious misconduct on the part of FDIC employees. These are among the most sensitive of OIG cases and are critical to ensure the integrity of, and public confidence in, FDIC operations. |
Partnering for SuccessThe OIG works closely with U.S. Attorneys’ Offices throughout the country in attempting to bring to justice individuals who have defrauded the FDIC. The prosecutorial skills and outstanding direction provided by Assistant U.S. Attorneys with whom we work are critical to our success. The results we are reporting for the last 6 months reflect the efforts of U.S. Attorneys’ Offices in the Southern District of Florida,Western District of Missouri, District of Minnesota,Western District of Louisiana, Northern District of Ohio (Western Division), Eastern District of Texas, Southern District of Iowa, Northern District of Mississippi, Northern District of Georgia, Western District of Oklahoma, Eastern District of Michigan, Northern District of Illinois, Southern District of New York, and the Northern District of Texas. In addition to local U.S. Attorneys’ Offices, the OIG worked with Trial Attorneys from the Fraud Section of the U.S. Department of Justice and State prosecutors from the State of Missouri. Support and cooperation among other law enforcement agencies is also a key ingredient for success in the investigative community. We frequently "partner" with the Federal Bureau of Investigation (FBI), the Internal Revenue Service Criminal Investigation (IRSCI), and other law enforcement agencies in conducting investigations of joint interest. Also vital to our success is our partnership with FDIC program offices. We coordinate closely with the FDIC’s Division of Supervision and Consumer Protection (DSC) in investigating fraud at financial institutions, and with DRR and the Legal Division in investigations involving failed institutions and fraud by FDIC debtors. Our Electronic Crimes Team coordinates closely with DIRM. The successes highlighted for the period would not have been possible without the collaboration of these offices. In addition to carrying out its direct investigative responsibilities, the OIG is committed to providing training and sharing information with FDIC components and other regulators based on "lessons learned" regarding red flags and fraud schemes identified through OIG investigations. OI agents provide training and frequently give presentations to FDIC staff during regional and field meetings. OI is also called upon by the Federal Financial Institutions Examination Council, state banking regulatory agencies, and law enforcement agencies to present case studies. Over the last 6 months, OI opened 24 new cases and closed 25 cases, leaving 111 cases underway at the end of the period. Our work during the period led to indictments or criminal charges against 9 individuals and convictions of 15 defendants. Criminal charges remained pending against 30 individuals as of the end of the reporting period. Fines, restitutions, and recoveries resulting from OI cases totaled almost $38.6 million. The following are highlights of some of the results from our investigative activity over the last 6 months. |
|
Fraud Arising at or Impacting Financial Institutions
Former Hamilton Bank Senior Executives Indicted for Defrauding Investors and Bank and Securities
Regulators
On June 22, 2004, a federal grand jury in Miami, Florida, returned a 42-count indictment for conspiracy, wire fraud, securities
fraud, false filings with the Securities and Exchange Commission, false statements to accountants, obstruction of an examination of a financial institution, and making false statements to the Office of the Comptroller of the Currency (OCC) against three former senior executive officers of Hamilton Bancorp and Hamilton Bank, N.A. (Hamilton Bank).
|
Named in the indictment are the following: the former Chairman of the Board and Chief Executive Officer (CEO); the former President and Director; and the former Senior Vice President and Chief Financial Officer. The former Chairman of the Board and CEO also was charged with insider trading. The indictment alleges that, in 1998 and 1999, the defendants fraudulently inflated the reported results of operations and financial condition of Hamilton Bancorp and defrauded the investing public and the bank and securities regulators, so that the accused would unjustly enrich and benefit themselves through higher salaries, bonuses, and stock options, and would facilitate an upcoming registered securities offering to the investing public. The former Chairman of the Board and CEO made nearly $2 million in bonuses, and the former President and Director and the former Senior Vice President and Chief Financial Officer each made more than $100,000 in bonuses while the fraud was concealed. The indictment further alleges that the defendants participated in a fraudulent scheme whereby they falsely inflated the results of operations and financial condition of Hamilton Bancorp in Securities and Exchange Commission filings; obstructed the OCC’s examination of Hamilton Bank; and lied to the investing public, the bank and securities regulators, and their accountants regarding the true financial health of Hamilton Bancorp and Hamilton Bank. The indictment charges that, in 1998 and 1999, the three defendants engaged in swap transactions (or "adjusted price trades") to hide Hamilton Bank’s losses, including more than $22 million in losses in 1998, and falsely accounted for the transactions to make it appear that no losses had been incurred. While the defendants falsely reported the nature of the swap transactions to the investing public and the regulators, the indictment revealed recorded conversations in which the defendants openly discussed the transactions as swaps. In addition, the indictment charges that while the fraud was concealed, the former chairman of the board and CEO engaged in illegal insider trading in Hamilton Bancorp’s stock through the use of trust accounts. During 1998,Hamilton Bancorp had a market capitalization of more than $300 million. |
 
|
If convicted of wire fraud, the defendants face a statutory maximum term of imprisonment of 30 years and a fine of up to $1 million for each wire fraud count. If convicted of securities fraud, the defendants face a statutory maximum term of 10 years’ imprisonment and a fine of $1 million for each such count. If convicted of conspiracy, obstruction of an examination of a financial institution, or making a false statement, the defendants face a statutory maximum term of 5 years’ imprisonment and a fine of up to $250,000 for each such count.
This case is being investigated by the FDIC OIG and Treasury OIG. The case is being prosecuted by the U.S. Attorney’s Office for the Southern District of Florida.
|
Guilty Verdicts Returned Following Investigation into Failure of Sinclair National Bank The jury found the defendant guilty of conspiracy to submit a false statement and making a material false statement to the OCC. In December 1999, the defendant and her ex-husband made an application to the OCC for the purchase of Northwest National Bank. The defendant and her ex-husband failed to list substantial assets and liabilities on their application to the OCC. The OCC relied on the fraudulent misrepresentations and approved the change of control application. After they acquired Northwest National Bank, the bank’s name was changed to SNB. |
|
The former CEO of Stevens Financial Group was found guilty of conspiring to commit bank fraud. Through his company, Stevens Financial Group, he sold over $15 million worth of sub-prime loans to SNB. He was found guilty of conspiracy with the defendant’s ex-husband to defraud SNB in the purchase of these sub-prime loans.
On September 7, 2001, after only 18 months under new ownership, the OCC closed SNB, and the FDIC was named receiver. SNB’s failure caused a loss of approximately $4.5 million to the Bank Insurance Fund.
On September 24, 2004, after a 2-week trial in a State Court in Harrisonville, Missouri, a jury also found the former CEO of Stevens Financial Group guilty on five felony counts of making false and misleading statements to the Missouri Division of Securities. Stevens was found not guilty on six counts of Missouri securities fraud.
The State Court convictions arose from the fraudulent submission of documents to the State of Missouri Secretary of State’s Office by the former Stevens Financial Group CEO. These fraudulent documents were used to artificially inflate the true net worth of the company. In order to accumulate cash, the defendant sold "time certificates" that raised approximately $100 million from investors in Missouri. The sales of the securities were structured to avoid federal securities regulations as enforced by the Securities and Exchange Commission. Consequently, the securities were sold only within the State of Missouri, and some of the funds raised from this scheme furnished the money used by one of the former owners to purchase SNB. The loans that secured these securities were also utilized in the fraudulent activity involving SNB.
The State case was investigated by the FDIC OIG, Missouri Secretary of State’s Office, and the FBI. The case was prosecuted by the Missouri Attorney General’s Office.
The federal case was brought to trial by the Department of Justice, Main Justice Attorneys from the Fraud Section. The case was investigated by the FDIC OIG, Treasury OIG, FBI, and IRS-CI.
Accountant Pleads Guilty to Bank Fraud
On May 17, 2004, a certified public accountant of North Mankato, Minnesota, pleaded guilty to bank fraud, mail fraud, and two counts of theft from employee pension plans. The losses attributed to the defendant’s schemes totaled over $3 million. On August 28, 2004, prior to sentencing, the defendant died.
The indictment that led to the defendant’s eventual guilty plea charged him with 26 counts of mail fraud, bank fraud, making false statements, counterfeiting a security, pension plan theft, falsification of pension plan records, and bankruptcy fraud in connection with a $7 million Ponzi scheme and a $1.6 million bank fraud scheme.
The defendant’s actions resulted in more than $1 million in losses for individuals and businesses and more than $980,000 in losses for three financial institutions. Those institutions include Northern Star Bank in Mankato, of which he was a founder; Merchants State Bank of Lewisville, which the indictment claims was forced to sell its assets to Farmers State Bank of Madelia because of the defendant’s unpaid loans; and Americana Community Bank in Chanhassen.
The defendant started the Ponzi scheme sometime before January 1, 1999, by enticing individuals and organizations to invest millions of dollars with him by promising their investments would be safe and claiming they would receive a high rate of return. According to the indictment, the defendant invested only about 30 percent of the money he received from the investors. The majority of the funds were used by the defendant for his personal benefit in order to pay personal lines of credit and to make lulling payments to other investors. The defendant lulled investors into believing their investment funds had been invested by making payments to the defrauded investors from funds obtained from other investors and by providing the defrauded investors with statements that purported to show the status of their account and the purported rate of return the investor obtained.
In addition to defrauding investors, the defendant also fraudulently obtained more than $1.6 million from financial institutions, including Northern Star Bank, where he was a director and officer. He misstated his assets and liabilities and substantially overstated his net worth in order to obtain loans, which he used to further his Ponzi scheme. Financial institutions suffered losses in excess of $980,000.
The defendant also pleaded guilty to stealing from two pension plans. He admitted to stealing approximately $100,000 from Catalytic Combustion Corporation, of Bloomer, Wisconsin, in which he was a 40 percent minority shareholder and chief financial officer, and approximately $750,000 from a Mankato architectural firm.
This case was investigated jointly by the FDIC OIG, the FBI, and the U.S. Department of Labor’s Employee Benefits Security Administration, and was prosecuted by the U.S. Attorney’s Office for the District of Minnesota.
Former President of Farmers Bank & Trust Sentenced for Bank Fraud
On April 7, 2004, the former president of Farmers Bank & Trust, Cheneyville, Louisiana, was sentenced in the U.S. District Court for the Western District of Louisiana to 78 months in prison and 5 years’ supervised release; he was also ordered to pay restitution in the amount of $12,970,555 to the FDIC.
The sentence was a result of the defendant’s guilty plea to one count of making false statements to a financial institution and one count of making false entries in the books and records of a financial institution. The defendant was indicted in August 2003 and charged with defrauding the Farmers Bank & Trust.
In his guilty plea, the defendant admitted that he defrauded the bank by making false entries and statements on at least 24 loans and financial statements. He also admitted to forging documentation that falsely represented that these loans were secured by Farm Service Agency guarantees. In addition, he made false entries into records of the bank that misrepresented borrowers’ total indebtedness to the bank. To prevent this bank fraud and other illegal practices from being detected by an audit conducted by the Louisiana Office of Financial Institutions and the FDIC, the defendant made additional false entries in the bank’s records. He also falsely applied a portion of all of a borrower’s indebtedness to nominee loans. These and other actions were taken to conceal both the borrowers’ total indebtedness and payment delinquencies from the bank board, the FDIC, and the state bank examiner.
As a result of the defendant’s actions, the bank suffered a loss of over $6 million. On December 17, 2002, Farmers Bank & Trust was closed by bank regulators.
This case was investigated jointly by the FDIC OIG and the FBI, and is being prosecuted by the U.S. Attorney’s Office for the Western District of Louisiana.
Two Former Car Dealers Ordered to Pay $16 Million in Restitution to the FDIC
During this reporting period, two former car dealers from Ohio were sentenced for their role in a check-kiting scheme that preceded the failure of Oakwood Deposit Bank Company (Oakwood), Oakwood, Ohio. On September 10, 2004, one of the former car dealers was sentenced to 78 months’ incarceration with 3 years’ supervised release and ordered to pay more than $8 million in restitution to the FDIC. Following a 3-day trial in May 2004, the defendant was convicted of conspiracy to commit bank fraud
and bank fraud.
On August 23, 2004, the second former car dealer was sentenced to 60 months’ incarceration with 3 years’ supervised release and was ordered to pay more than $8 million in restitution to the FDIC. His sentence was the result of his December 2003 guilty plea to conspiracy to commit bank fraud and bank fraud.
The two former car dealers were earlier indicted for conspiracy and bank fraud. The charges arose as a result of the check-kiting scheme in which they engaged during calendar year 2001. A check-kite is a fraudulent scheme in which a bank customer uses the time it takes to clear checks to create artificially high balances of nonexistent funds through a systemic exchange of checks among accounts when, in reality, actual funds do not exist. The indictment charged that the defendants kited checks between accounts maintained by one of the defendants at Liberty National Bank and the other defendant at the now defunct Oakwood. Losses to Oakwood due to the kite were in excess of $11 million.
It was the initial investigation into the check-kite that led to the confession by Oakwood’s former president of embezzling over $40 million resulting in the subsequent failure of the 99-year old Oakwood Deposit Bank Company. Oakwood’s former president pleaded guilty to embezzlement and money laundering in May 2003 and is currently serving a 14-year jail term.
The kite investigation was conducted jointly by the FDIC OIG and the FBI. Prosecution was handled by the U.S. Attorney’s Office for the Northern District of Ohio (Western Division).
Former Used Car Salesman Ordered to Pay $3.7 Million after Pleading Guilty to Bank Fraud
On August 18, 2004, a former used car salesman doing business as McDorman Motors in Vidor, Texas, was sentenced in the U.S. District Court for the Eastern District of Texas to 33 months’ imprisonment and ordered to pay $3.37 million in restitution to Mauriceville National Bank, Mauriceville, Texas, and $350,000 in restitution to SouthTrust Bank, Beaumont, Texas. The sentencing
followed his prior plea agreement in April 2004 to a one-count information charging him with bank fraud while selling used cars at
several area locations.
According to the plea agreement, the defendant acknowledged that his participation in a checkkiting scheme had caused over $3.37 million in losses to Mauriceville National Bank. He also defrauded SouthTrust Bank, with whom he had a line of credit and a wholesale floor plan agreement. Our investigation determined that he sold or otherwise disposed of vehicles without accounting to the bank for the proceeds, assignments, and endorsements resulting from the disposition of the vehicles. The defendant’s fraudulent scheme caused a loss to SouthTrust Bank of approximately $350,000, which he then converted to his personal benefit.
The defendant’s plea agreement was negotiated by the U.S. Attorney’s Office in connection with our ongoing investigation into a scheme to defraud multiple FDIC-insured institutions.
The case is being investigated jointly by the FDIC OIG and the FBI, and is being prosecuted by the U.S. Attorney’s Office for the Eastern District of Texas.
Commercial Contractor Sentenced for Conspiring to Commit Bank Fraud
On August 17, 2004, a commercial contractor was sentenced in the District of Minnesota to serve 24 months in prison, followed by
36 months of supervised release after earlier pleading guilty to conspiracy to commit bank fraud. The defendant was also ordered to pay $670,930 in restitution to the FDIC.
The defendant was a commercial contractor whose company, Riverwoods Development Corporation, was a customer of the former Town & Country Bank of Almelund, Almelund, Minnesota. On April 8, 2003, a federal grand jury indicted the defendant and the bank’s former president on eight counts relating to bank fraud, money laundering, making false entries in the bank’s records, and conspiracy. On August 11, 2003, the federal grand jury returned
a superceding indictment that added two counts of false bank entries and one count of money laundering.
Specifically, the indictment alleged that the defendants acted in close association with each other to:
Use the bank as a private source of money, Make loans that exceeded legal lending limits, Improperly use overdrawn accounts as a temporary extension of credit, Conceal the true purpose of the loans by using nominee borrowers, Forge signatures, Prepare false loan documents, and Falsely report loans as being repaid.
The above acts resulted in the failure of the bank in July 2000 when the State of Minnesota declared the bank insolvent and appointed the FDIC as receiver. The failure of Town & Country resulted in an estimated loss of $3.4 million to the FDIC Bank Insurance Fund.
A third subject, the former bookkeeper of Riverwoods Development Corporation, was sentenced on August 11, 2004, after earlier pleading guilty to bank fraud for his role in the scheme. He was sentenced to 5 years’ probation and ordered to pay $41,187 in restitution to the FDIC. The former bookkeeper received a downward departure from the federal sentencing guidelines as a result of his cooperation with federal law enforcement in the investigation, which helped lead to the guilty pleas of the commercial contractor and the bank’s former president.
This case was investigated by the FDIC OIG, the FBI, and the IRS-CI, and was prosecuted by the U.S. Attorney’s Office for the District of Minnesota.
|
Former Hawkeye State Bank Officer Pleads Guilty to $4.9 Million Embezzlement As a result of the investigation, the defendant paid over $508,000 in restitution to Hawkeye State Bank. The funds included the proceeds from the sale of a lakefront vacation property in Lake of the Ozarks, Missouri, as well as proceeds from the sale of jet skis for $10,000. The bill of information specifically charged the activity of May 20, 2002, in which the defendant deposited a $525,000 cashier’s check from a fraudulent loan into his personal savings account. On or about June 7, 2002, a cashier’s check drawn on the defendant’s account was used to purchase the vacation property and was the basis for the money laundering charge. The prosecution of the defendant was handled by the U.S.Attorney’s Office for the Southern District of Iowa and was based upon an investigation conducted jointly by the FDIC OIG and the FBI. |
|
Judicial Action Taken Against Two Customers of the Failed Bank of Falkner
As part of an ongoing investigation into the September 2000 failure of the Bank of Falkner (Falkner), Falkner,Mississippi, a Corinth, Mississippi, businessman was indicted in the U.S. District Court for the Northern District of Mississippi on June 24, 2004.
The indictment charged the defendant with 19 counts of making payments to the former Falkner CEO in exchange for a loan to purchase a large parcel of land in Alcorn County, Mississippi. According to the terms of their agreement, the defendant paid the former CEO one-half of the proceeds from the sale of any tract of the subject parcel; the 19 payments totaled $224,500. All but one of the payments were deposited into the bank account of the former CEO’s wife. The alleged illegal activity occurred between October 1996 and August 2000. This defendant was the fourth person charged to date in the case.
Also during this reporting period, on June 17, 2004, the owner of Blackton Equipment Company (Blackton), Walnut, Mississippi, pleaded guilty to the indictment filed against him in the U. S. District Court for the Northern District of Mississippi in April 2004. The indictment charged the defendant with one count of causing false entries to be made in the books and records of Falkner. The owner of Blackton was arrested by agents of the FDIC OIG and FBI on May 6, 2004. The indictment to which this defendant pleaded guilty alleged that he, aided and abetted by the former Falkner CEO, received a nominee loan in the name of one of his employees after the former CEO had been prohibited by FDIC examiners from advancing any more money to the defendant or his business. The defendant received advances totaling $86,531 on the loan.
As we previously reported, Falkner’s former CEO was sentenced following his plea of guilty in October 2002 to two counts of making false entries in the books and records of the bank with the "intent to deceive the FDIC and its agents and examiners" and one count of money laundering. One of the counts was based on a scheme through which he issued $4,824,660 in nominee loans to certain bank customers who were above their legal lending limits. Another count involved a scheme where he caused a bank employee to record advances of $3,642,686 on existing loans and to misapply those advances to other customers’ accounts in order to conceal overdrafts from the FDIC examiners. The money laundering charge to which he pleaded guilty was based on his helping a bank customer disguise the nature, location, source, and ownership of $1,709,497 another customer had on deposit with the bank.
The prosecution of this investigation is being handled by the U.S. Attorney’s Office for the Northern District of Mississippi and was based on an investigation conducted jointly by the FDIC OIG and the FBI; this investigation was initiated to examine the circumstances leading to the bank’s failure in September 2000.
Former Loan Officer Sentenced for Misapplication of Bank Funds and False Statements and Barred from Working in an FDIC-Insured Institution
On April 30, 2004, a former loan officer of Citizens First Bank, Rome, Georgia, was sentenced in the Northern District of Georgia to 37 months’ incarceration with 5 years of supervised release and was ordered to pay $595,934 in restitution to Citizens First Bank. The prosecutor also made it clear on the record that the defendant would be barred from working in an FDIC-insured institution and that the defendant would agree to execute any documents addressing that issue.
As previously reported, the defendant pleaded guilty on February 6, 2004, to a two-count information charging him with misapplication of bank funds and false statements. In late 1999, while serving as a loan officer at Citizens First Bank, the defendant misapplied approximately $300,000 in funds from the line of credit of a bank customer to the operating account of another bank customer. During the same period, he made a false entry into the records of Citizens First Bank by creating a fictitious customer and a related $800,000 line of credit. The defendant continued his scheme of misapplying funds from other customer accounts as well as from fictitious accounts to a specific bank customer and at one point exposed the bank to over $7 million in uncollateralized outstanding loans. Eventually the customer, who claimed no knowledge of the defendant’s unauthorized actions, worked with bank officials to collateralize or otherwise pay off his outstanding debt. The defendant made other unauthorized loans that ultimately caused a loss to the bank, resulting in the ordered restitution.
The investigation was conducted jointly by the FDIC OIG and the FBI, and was prosecuted by the U.S. Attorney’s Office for the Northern District of Georgia.
Bank Customer at First State Bank of Harrah Sentenced for Bank Fraud
On September 9, 2004, a bank customer at the First State Bank of Harrah (FSBH), Harrah, Oklahoma, was sentenced in the United States District Court for the Western District of Oklahoma. He was sentenced to 30 months’ incarceration with 3 years’ supervised release. Restitution has not yet been ordered for the defendant.
As previously reported, a jury found the defendant guilty in December 2003 on all counts of an indictment charging him with aiding and abetting, conspiracy, and bank fraud against FSBH.
The indictment charged that from September 1997 through December 1998 the defendant conspired with a former executive vice president of FSBH to defraud FSBH by creating a series of fraudulent nominee loans. The defendant recruited nominee borrowers to obtain loans. The loan proceeds from this scheme totaled $800,000 and were intended to benefit the defendant.
In August 2002, the former executive vice president of FSBH, who participated in the scheme, was sentenced in the U.S. District Court for the Western District of Oklahoma to 5 years’ probation, 180 days’ home incarceration, 208 hours of community service, and was ordered to pay restitution in the amount of $3,529,500.
The investigation of the activities involving FSBH was conducted jointly by the FDIC OIG and the FBI. The case was prosecuted by the U.S. Attorney’s Office,Western District of Oklahoma.
Fraud by FDIC Debtors
Owner of Company that Owed Over $3 Million to the Former First New York Bank for Business Pleads Guilty to Conspiracy to Commit Bank Fraud
On April 21, 2004, one of the owners of a company that had borrowed over $5 million from the now-defunct First New York Bank for Business (First New York) pleaded guilty to conspiracy to commit bank fraud in relation to his actions to divert money from the former First New York and the FDIC as Receiver for First New York. The defendant’s brother, who was a co-owner of the company, had also agreed to plead guilty in the case but passed away prior to entering his plea. The two brothers had previously been indicted by a federal grand jury in the Southern District of New York on charges of defrauding and conspiring to defraud the former First New York. The FDIC was appointed to act as the receiver for the First New York following its closure by the State of New York Banking Department in November 1992.
As alleged in the indictment, beginning in March 1990 the defendants entered into a series of loan agreements, guarantees, and promissory notes on behalf of their company with First New York. In 1992, the defendants acknowledged they had defaulted on the loans and entered into repayment agreements with First New York in which, among other things, they agreed to repay the loans by granting First New York the right to clear all payments made by the company’s customers. The defendants also agreed to direct all present and future customers to make their payments directly to First New York.
However, unbeknownst to First New York, between July 1992 and August 1995, the defendants deposited accounts-receivable payments owed to First New York pursuant to the agreements into an account they had set up at another bank. The indictment also alleged that, in furtherance of their scheme, they formed a series of shell companies, which they used to falsely hide business activities between the company and its customers, thereby circumventing the repayment agreement with First New York.
The OIG initiated this investigation based on a referral from the FDIC Legal Division, which became aware of questionable transfers during the discovery phase of civil litigation with the company over its debt.
Misrepresentations Regarding FDIC Insurance or Affiliation
San Clemente Securities, Inc. Brokers Plead Guilty
During this semiannual reporting period, three former San Clemente Securities, Inc. (SCS) brokers pleaded guilty in the U.S. District Court for the Northern District of Texas, Dallas, Texas.
Two of the former SCS brokers each pleaded guilty to one count of misprision of a felony for their knowledge and concealment of the alleged felonies committed by the other parties indicted in this on-going investigation. In August 2003, an 80-count superseding indictment was returned against the two defendants and against the two co-owners of SCS and United Custodial Corporation (UCC), located in San Clemente, California. The 80-count superseding indictment charged all defendants with conspiracy, false bank entries, false statements, mail fraud, wire fraud, bank fraud, securities fraud, and investment advisor fraud.
As alleged in the indictment, the defendants schemed to defraud various financial institutions and individual investors by inducing them to enter into investment contracts in order to purchase certificates of deposit (CDs) and other securities issued by the Federal Home Loan Mortgage Corporation and the Federal National Mortgage Association, which would be held and managed for investors by UCC.
As part of their scheme, the defendants falsely and fraudulently failed to advise investors that SCS and UCC would subtract undisclosed fees and commissions from the amount invested. The defendants also made false representations regarding FDIC insurance coverage of the CDs. The investment confirmations and statements sent to investors were false and intentionally misleading, and money paid to investors when they liquidated an investment prior to maturity was actually money funded by another investment or by other persons. The investors had no ownership in any investment which would be purchased in UCC’s name. In addition, in 1997, SCS, along with its co-owners, had been banned by the National Credit Union Administration from doing business with federally insured credit unions because of their deceptive practices.
On May 3, 2004, the third former SCS broker pleaded guilty to aiding and abetting the obstruction of an examination of a financial institution. This defendant had been indicted in March 2004, along with the two co-owners of SCS and UCC and the former president of Heritage Savings Bank (Heritage), Terrell, Texas.
During July and August of 1998, the Office of Thrift Supervision (OTS) conducted an examination of Terrell Federal Savings and Loan, the name of which was later changed to Heritage. During the examination, the former president was asked by the OTS to confirm liquidation values of the nine zero-coupon CDs he had purchased from the defendant through SCS. The defendant prepared a spread-sheet purporting to represent present liquidation values for the CDs. The defendant admitted he knew the values represented on the spread-sheet did not disclose or reflect the amounts of premiums that had been deducted by SCS from the amounts paid for the assets by Heritage. The defendant admitted that he was aware that the former president intended to communicate the stated values he was provided to the OTS.
Sentencing for the three former SCS brokers has been delayed pending their cooperation with the prosecution of the co-owners of SCS and UCC.
The case is being investigated by the FDIC OIG and the FBI and is being prosecuted by the U.S. Attorney’s Office for the Northern District of Texas. The investigation was initiated based on a referral from DSC.
Employee Activities
Former DSC Examiner Sentenced
On September 10, 2004, a former DSC examiner was sentenced to 5 years’ supervised release and was ordered to pay restitution in the amount of $24,775. The restitution will be paid directly to the Homecomings Financial Mortgage Company, Minneapolis, Minnesota. The sentencing followed the defendant’s plea of guilty in June 2004 to a one-count bill of information charging her with wire fraud. The defendant filed a false application for a home mortgage, in which she overstated her assets and income and failed to reveal a federal and state tax liability of approximately $150,000 on her application. The mortgage company, not an insured institution, subsequently foreclosed on the property at a loss of $40,000.
The defendant was a certified bank examiner for 13 years with the FDIC in Albany, Georgia, and resigned from her position in June 2004.
The case was investigated as a result of information provided by the FDIC’s DSC. The case was prosecuted by the U.S. Attorney’s Office for the Middle District of Georgia.
FDIC Employee Receives 30-Day Suspension for Inappropriate Use of Computer
Based on a referral from the FDIC, the Electronic Crimes Team conducted an investigation into allegations that an FDIC employee had utilized his FDIC laptop computer to access and download pornographic images, including possible child pornographic images. The Electronic Crimes Team’s analysis of the employee’s computer hard drive confirmed that the employee had downloaded numerous pornographic images. None of the images were found to constitute child pornography. Analysis of the employee’s Internet history files indicated that the employee had made extensive visits to sexually oriented Web sites. Based on the results of the investigation, the FDIC suspended the employee for 30 days.
|
|
Electronic Crimes Team Joins Other Law Enforcement Groups The OIG Electronic Crimes Team investigates unauthorized computer intrusions and computer-related fraud impacting FDIC operations and provides computer forensic support to OIG investigations nationwide. During the reporting period, the Electronic Crimes Team dedicated substantial resources to a multi-agency task force comprised of FBI, U.S. Secret Service, the U.S. Postal Inspection Service, and foreign law enforcement. The task force is investigating a global identity theft case involving an electronic scheme known as phishing. "Phishing" is pronounced "fishing" as in "fishing for your credit card information." The term is a slang combination of "phony" and "fishing." Phishing involves sending an e-mail to a user and falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where the user is asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and has been set up only to steal the user’s information. Phishing schemes often use a technique known as "spoofing" to fool the recipients of the message into believing that the message came from a legitimate source. Internet protocol spoofing involves trickery to make a message appear as if it came from an authorized internet protocol address. E-mail spoofing is forging an e-mail header to make it appear as if it came from somewhere or someone other than the actual source. The OIG’s Electronic Crimes Team investigation into what has become a global identity theft case was initiated after the FDIC’s external Web site was "spoofed" and the FDIC name was fraudulently used in the e-mail above, designed to trick recipients into providing their personal data. The Electronic Crimes Team is continuing to work with the joint task force in attempting to identify and bring to justice those responsible for this and other related phishing scams that continue to victimize innocent individuals. |
[ D ]
Other Highlights
OIG Special Agents of the Electronic Crimes Team Travel to the United Kingdom to Assist the National Hi-Tech Crime Unit The following photo is taken from the 16th floor terrace outside NHTCU headquarters in London, England. The Millennium Dome can be seen in the background. |
|
Assistant Inspector General for Investigations Participates in Institute of Internal Auditors Conference |
|
Office of Investigations’ Peer Review Activities
The FDIC OIG was among 25 Offices of Inspector General that were granted statutory law enforcement authority with the passage of the Homeland Security Act of 2002. The OIGs granted law enforcement authority under that Act are required to participate in a peer review program in which the investigative operations of the covered OIGs are subject to periodic qualitative assessment reviews of one another. The overall objective of these reviews is to determine whether internal control systems are in place and operating effectively to provide reasonable assurance that professional investigative standards are being followed. Following a schedule provided by the President’s Council on Integrity and Efficiency, staff from OI’s Special Inquiries and Oversight Group conducted
its first quality assessment review this period with a review of the General Services Administration’s (GSA) Office of Investigations. The results of the review were reported to the Inspector General of GSA and the Attorney General. The FDIC OIG is
scheduled for review by the Treasury OIG in the second quarter of fiscal year 2006.
OIG Special Agent Honored at U.S. Attorney’s Office Awards Ceremony |
|
Samuel Holland Named Service to America Medal Finalist OIG Special Agents Participate in 19th Annual Law Enforcement Torch Run 
|
|
Our office continued to aggressively pursue our four main OIG goals and related objectives during the reporting period. These goals and objectives form the blueprint for our work. While the audit, evaluation, and investigative work described in the earlier sections of this report drives our organization and contributes very fundamentally to the accomplishment of our goals, a number of other activities and initiatives complement and support these efforts and enhance the achievement of our goals. Some examples follow.
Value and Impact: OIG products will add value by achieving significant impact related to addressing issues of importance to the Chairman, the Congress, and the public. This goal means that we contribute to ensuring the protection of insured depositors, safety and soundness of FDIC-supervised institutions, protection of consumer rights, achievement of recovery to creditors of receiverships, and effective management of agency resources. Efforts in support of this goal and related objectives include the following:
|
Issued 31 audit and evaluation reports containing $52.1 million in potential monetary benefits and 86 nonmonetary recommendations. As discussed earlier in this report, these reports address the management and performance challenges facing the Corporation. We brought these reports before the FDIC Audit Committee to keep members informed of OIG results and recommended actions. |
|
Conducted investigations that resulted in 9 indictments/informations; 15 convictions; and approximately $38.6 million in total fines, restitution, and other monetary recoveries. |
|
Performed 29 policy analyses on proposed FDIC directives or proposed revisions to directives. We raised two policy issues regarding security of leased space and the disposition of corporate-owned property, and the FDIC accepted our suggestions. We also offered suggestions to strengthen or clarify all the draft policies. |
|
Testified at a hearing on Bank Secrecy Act (BSA) Compliance and Enforcement before the Senate Committee on Banking,Housing, and Urban Affairs. IG Gianni presented a historical perspective on the BSA and discussed the BSA-related work the FDIC OIG has conducted over the past several years. He offered views on the challenges that the Congress and the financial regulators face going forward in anti-terrorist and anti-money laundering activities. |
|
Participated in an advisory capacity at meetings of the Audit Committee’s Information Technology Security Subcommittee, Chief Information Officer Council, and the Division of Information Resources Management (DIRM) Transformation Advisory Group. |
|
Provided a copy of our audit report entitled Supervisory Actions Taken for Bank Secrecy Act Violations to the Honorable Sue Kelly, Chairwoman, Subcommittee on Oversight and Investigations, Committee on Financial Services, U.S. House of Representatives. We initiated our audit as a result of discussions with Subcommittee staff. The report presents the results of our audit of the process established by the Division of Supervision and Consumer Protection (DSC) for ensuring that corrective actions are taken by bank management to address violations of the BSA of 1970. |
|
Provided a copy of our audit report entitled Participated in a panel at the Office of Enterprise Risk Management conference, The Art of Project Management. One of our Deputy Assistant Inspectors General for Audits shared our office’s perspective on themes and issues we have identified in evaluating key corporate projects. He also commented on the progress we have seen in the Corporation’s establishment of control structures for monitoring the cost, schedule, and outcomes of such projects. |
|
Met with staff from the Senate Banking, Housing, and Urban Affairs Committee to discuss the OIG’s Assignment Plan for 2005 and ongoing and recently completed work. The Congressional staff members expressed particular interest in the BSA and related anti-money laundering and anti-terrorist financing activities. We discussed our completed work related to BSA and the USA PATRIOT Act. The Committee also inquired about the relationship between the Sarbanes-Oxley Act and other statutory and regulatory requirements related to BSA. |
|
Issued our Office of Audits Assignment Plan—Fiscal Year 2005 presenting 53 audit and evaluation assignments that the OIG plans to pursue. Each assignment is linked to risk-based management and performance challenges that the OIG has identified. We received a number of constructive comments and suggestions for the plan from FDIC management that we considered and addressed. Our cooperative efforts have resulted in a plan that provides comprehensive coverage of the Corporation’s key risk areas. |
|
Coordinated with DIRM and agency officials to establish appropriate processes in addressing cyber crimes, including computer intrusion, phishing and spoofing schemes, as well as investigations of computer misuse by FDIC employees and contractors. |
|
Entered into a joint memorandum of understanding with the Division of Resolutions and Receiverships and the Legal Division regarding post-indictment inter-agency communications. |
|
Worked with FDIC officials on developing procedures for preserving electronic media at bank closings. |
|
Attended and provided feedback to pilot programs of the Corporate University. |
|
Met with members of the FDIC’s Labor and Employee Relations section to discuss emerging personnel issues. |
|
Briefed Office of Management and Budget (OMB) representatives on BSA and USA PATRIOT Act roles and responsibilities, related regulatory requirements, and prior OIG audits and Congressional testimony. The OMB representatives were interested in interaction between the FDIC and the Department of the Treasury’s Financial Crimes Enforcement Network on violations identified in the course of examinations. |
|
Provided written comments to the Appraisal Standards Board related to proposed revisions to the Uniform Standards of Professional Appraisal Practice. |
|
Made presentations on government auditing standards to three different organizations. Ross Simms from our Office of Audits spoke at the Maryland Association of Certified Public Accountants’ Government and Not-for-Profit Conference. He also co-presented sessions with the U.S. Government Accountability Office (GAO) for the Department of Interior OIG and for the American Institute of Certified Public Accountants’National Governmental Accounting and Auditing Update conference. |
|
Testified before the Subcommittee on Government Efficiency and Financial Management, House Committee on Government Reform, regarding Proposed Legislation Affecting the Inspector General Community—"Improving Government Accountability Act," (H.R. 3457)—introduced by Representative Jim Cooper. IG Gianni and several colleagues from the IG community discussed IG functionality and independence and the importance of the IG Act in improving the efficiency and effectiveness of federal operations and eliminating fraud, waste, and abuse in federal programs. The remarks reflected the group’s understanding of the views of the majority of the federal IGs who comprise the President’s Council on Integrity and Efficiency (PCIE) and the Executive Council on Integrity and Efficiency (ECIE). |
|
Provided a draft memorandum describing the work that the OIG has performed since January 1, 2003 relating to the FDIC’s ability to respond to, and recover from, a major disruption in its business operations. OMB requested that federal agencies prepare and submit plans for protecting the physical and cyber-based critical infrastructures for which they have responsibility by July 31, 2004. These plans are required by Homeland Security Presidential Directive (HSPD)-7. Although the FDIC has determined that it does not maintain critical infrastructure or key resources within the meaning of HSPD-7, it is required to report to the OMB on its ability to ensure the continuity of its business operations in the event of a physical or cyber attack. Part of this requirement includes a description of the processes for ensuring independent oversight of critical assets and operations, including whether reviews by GAO or OIG have been performed. |
|
Participated in a panel at the 2004 Conference on Fraud & Ethics sponsored by the Institute of Internal Auditors in Chicago. Assistant Inspector General for Investigations Sam Holland was a panel member addressing the topic of "Government Auditing: An Investigative Approach." Mr. Holland addressed approaches to investigating fraud and the impact of recent legislation on the investigative process. |
|
Reviewed and commented on the Corporation’s new security awareness Web site, at the request of DIRM. |
|
Coordinated with management during the OIG’s updated assessment of the most significant management and performance challenges facing the Corporation for 2005. |
|
Met with DSC and the Legal Division to discuss OIG comments on a proposed directive for post-failure analysis memoranda. |
|
Attended the Federal Savings and Loan Insurance Corporation Resolution Fund Dissolution Task Force meetings to explore possible options for dissolving the fund. |
| Communication and Outreach: Communications between the OIG and the Chairman, the Congress, employees, and other stakeholders will be effective. We seek to foster effective agency relations and communications, congressional relations and communications, OIG employee relations and communications, and relations and communications with other OIG stakeholders. Efforts in support of this goal and related objectives include the following: | |
|
Sent a summary of OIG actions taken to address our Fifth Annual Client Survey to FDIC Executives to share our progress with
them. Summarized the actions under the following six areas of concern:
|
|
Communicated/coordinated with FDIC management and other stakeholders in April/June during development of FY 2005 Assignment Plan. |
|
Visited DSC offices to meet with management and discuss investigative cases and issues of mutual concern. |
|
Participated in quarterly meetings with other OIGs to share common human resource issues and topics. |
|
Provided a demonstration of our Investigative Data System timekeeping functions to U.S. Agency for International Development OIG. |
|
Provided advice to the Department of Commerce OIG based on the implementation of our Training and Professional Development System. |
|
Provided advice to the General Services Administration OIG regarding its consideration of implementing Teammate automated work papers through Citrix servers. |
|
Participated on the PCIE awards selection committee to acknowledge particularly noteworthy accomplishments of members of the IG community and those with whom they partner in carrying out the OIG mission. |
|
Made a presentation to the PCIE Legislative Committee concerning potential amendments to the IG Act of 1978. |
|
Attended a program for the Fellows of the Ethics Resource Center (ERC). IG Gianni visited the ERC, a nonprofit, nonpartisan educational organization that assists individuals and organizations to act with integrity. The ERC seeks to strengthen ethical leadership worldwide by providing expertise and services through research, education, and partnerships. The fellows attending the program also shared the results of current research projects they were conducting in their own institutions. |
|
Provided responses to questions posed by Honorable Sue W. Kelly, Chairwoman of the Subcommittee on Oversight and Investigations, Committee on Financial Services, U.S. House of Representatives. These questions were sent to us subsequent to IG Gianni’s March 4, 2004 testimony at the hearing on "Oversight of the Federal Deposit Insurance Corporation." The Chairwoman’s questions addressed matters related to safety and soundness, downsizing and human capital, and information security. |
|
Attended the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) Bankers Outreach Meeting in Seattle. IG Gianni participated at all of the sessions at the meeting, which provided an excellent opportunity to hear first-hand the various concerns of the bankers in attendance and the states’ views on EGRPRA-related issues. The IG also accompanied the FDIC Vice Chairman to the Seattle field office for the Vice Chairman’s session with staff there. |
|
Attended the DSC Dallas and DSC San Francisco Regional Training conferences. By attending, we are provided useful perspectives and a greater understanding of issues confronting regional banks and the FDIC’s supervisory responsibilities with respect to those banks.We also appreciate the opportunity to make presentations on our audit and investigative work addressing DSC programs and operations at such forums. |
|
Sponsored the annual conference of the Federal Audit Executive Council (FAEC) in Williamsburg,Virginia. Assistant Inspector General for Audits Russell Rau and Deputy Assistant Inspector General for Audits Sharon Smith spearheaded the conference planning and sessions. The FAEC is a working group of the PCIE and ECIE and is comprised of the heads of federal audit organizations. The conference covered such topics as financial reporting, enterprise risk management, the Federal Information Security Management Act (FISMA), contracting issues, Sarbanes-Oxley Act, Government Auditing Standards update, and human capital. This forum helps ensure that federal audit organizations keep current with auditing standards, practices, priorities, and issues of concern. |
|
Participated in two forums related to information technology (IT) security. In his capacity as Chairman of the FAEC IT Security Committee, Assistant Inspector General for Audits Russell Rau gave a presentation to the PCIE IT Roundtable. Topics covered at that meeting included Enterprise Architecture, IT Capital Planning and Investment Control, Certification and Accreditation, Contractor Security, and the activities of the FAEC’s IT Security Committee. He also chaired a meeting of the IT Security Committee, where the group focused on FY 2004 draft OMB guidance for work under FISMA and the related criteria driving that work. |
|
Met with GAO Advisory Committee on Yellow Book Changes. |
|
Coordinated with GAO and the Treasury and Federal Reserve OIGs on work related to BSA. |
|
Developed informational brochure to explain the role, mission, and processes of the OIG’s Office of Audits: Get to Know Us. |
|
Attended PCIE Roundtable meeting on the Government Performance and Results Act and Program Assessment Rating Tool. |
|
Held multiple meetings with other federal regulatory OIGs on FISMA and improvements to the FISMA process. |
|
Hosted the following individuals or delegations of government officials:
|
|
Spoke at and/or participated in a number of professional meetings and conferences, including meetings of the Association of Inspectors General; the Association of Government Accountants’ 53rd Annual Professional Development Conference and Exposition: Technology: Powering the Accountability Age; the Intergovernmental Audit Forum’s 15th BiennialForum of Government Auditors: Taking Accountability to New Heights; and a meeting of the Greater Washington Society of Certified Public Accountants. |
|
Moderated a panel discussion at the Association of Government Accountants’ 53rd Annual Professional Development Conference and Exposition on the topic of Performing IT Security Audits: What’s Next? The IG moderated, and Mark Mulholland, Director, Information Assurance Audits, who has played a key role in our FISMA work participated on the panel to offer lessons learned on what it takes to successfully accomplish the requirements of the Act and what challenges lie ahead in conducting these annual audits. |
|
Continued ongoing meetings between the Executives of the OIG and the FDIC’s Division and Office Heads in both headquarters and regional offices to foster and sustain successful cooperation and communication in all aspects of our audit, evaluation, and investigative activities. The Office of Investigations continued presentations in lessons learned/red flags based on its experience with failed institutions. |
|
Participated in monthly meetings of the Interagency Bank Fraud Working Group. |
|
Coordinated with IGs, Assistant Inspectors General for Audits, and Assistant Inspectors General for Investigations of federal financial institution regulatory agencies. |
|
Coordinated with the Corporation’s Office of Legislative Affairs with respect to the FDIC Chairman’s and IG’s testimony before the Senate Committee on Banking, Housing, and Urban Affairs on BSA. Coordinated with GAO regarding its statement at the hearing as well. |
|
Completed an external peer review of the investigative operations of the General Services Administration OIG. |
|
Provided weekly highlights reports to the FDIC Chairman to keep him informed of significant OIG events. |
|
Focused multiple efforts on OIG employees: planned a diversity activity, held meetings of the IG’s Employee Advisory Group to provide feedback to the IG on the working conditions and business processes of the office, and worked with a consultant on finalizing and issuing the results of an OIG employee survey. |
|
Conducted the OIG’s sixth client survey to solicit feedback from corporate management, issued the results of the survey for all OIG staff, informed the Chairman and Vice Chairman of results, and plan to share results and related action steps with FDIC senior management officials at an Operating Committee meeting. |
| Human Capital: The OIG will align its human resources to support tmission. Wesion.We aim to enhance our workforce analysis and planning, competency investments, leadership development, and the development of a results-oriented, highperformance culture. Efforts in support of this goal and related objectives include the following: | |
|
The OIG was presented with a Training Recognition Award as a runner-up for the W. Edwards Deming Outstanding Training
Award at the U.S. Department of Agriculture Graduate School’s Annual Faculty Reception. Dr. Jerry Ice, Executive Director of the Graduate School presented the award. The OIG has worked over a 2-year period to identify core competencies for its staff that are aligned with OIG and corporate strategic goals and to link training investments to the core competencies and identified skill gaps.
The Graduate School presents the W. Edwards Deming Outstanding Training Award to a federal government organization or civilian branch of the military that has completed an innovative and impressive employee development and training initiative with measurable results. The award recognizes an overall training effort that had a significant impact within an agency or a particular training initiative that has benefited an organization. The OIG was proud to be named a runner-up. |
|
Developed a strategy for enhancing feedback mechanisms in the OIG and a Web site with related information. |
|
Continued to gather information from other government agencies with mentoring programs and developed an OIG mentoring program proposal. |
|
Continued to expand skill sets, knowledge, and expertise of the FDIC OIG through hiring efforts that supplement our audit and investigative workforce in headquarters and regional offices. |
|
Hired Scholarship for Service student to assist with IT-related assignments in the Office of Audits. |
|
Sponsored participation of two OIG employees in leadership training held for the PCIE by the Federal Executive Institute in Charlottesville, Virginia. |
|
Published for FDIC OIG employees the OIG’s first comprehensive Employee Survey Report. The survey collected information on how employees who work for the OIG view and appraise their work and workplace. The Exceed Corporation conducted the survey for the OIG. All OIG employees had opportunity to take the survey and 90 percent completed it, considered an excellent overall response rate. The survey was designed to provide information comparable to certain major benchmark surveys of other government employees and baseline information for future FDIC OIG employee surveys. |
| Productivity: The OIG will effectively manaresources. Werces.We have taken steps to contain OIG costs and undertook several initiatives to ensure that our processes are efficient and that our products meet quality standards. Efforts in support of this goal and related objectives include the following: | |
|
Awaiting Congressional approval of FY 2005 OIG budget of $29.9 million. The budget will support an authorized staffing level of 160, a further reduction of 8 authorized staff from FY 2004. FY 2005 will become the ninth consecutive year OIG budgets have decreased after adjusting for inflation. |
|
The Office of Audits received an unqualified opinion on its system of quality controls based on a peer review conducted by the Department of Energy OIG. The review determined that the Office of Audits’ system was properly designed and provided reasonable assurance of adherence to professional standards in the conduct of OIG audits. Generally Accepted Government Auditing Standards require audit organizations to undergo an independent peer review of their auditing practices at least once every 3 years. |
|
Completed developing an executive information system (OIG Dashboard) to improve the efficiency of OIG management oversight of internal operations. The Dashboard provides timely information on key OIG performance measures, the budget and monthly spending reports, staffing, and annual performance goals. |
|
Completed a memorandum setting forth challenges and strategies to ensure efficient and secure use of OIG IT resources for fiscal years 2005 through 2007. |
|
Continued a major records management effort wherein large quantities of the OIG’s audit and evaluation-related paper files were replaced with electronic files in the interest of streamlining records and facilitating record storage. |
|
Completed internal quality control reviews of one audit/evaluation directorate, another of reports of all directorates, and a third analyzing trends for purposes of established assignment baselines. All significant matters have been resolved. |
| |||||||||||||||||||||||||||
[ D ]
Points of Contact |
||
| Title | Name | Telephone Number |
|---|---|---|
| Inspector General | Gaston L.Gianni, Jr. | 202-416-2026 |
| Deputy Inspector General | Patricia M. Black | 202-416-2474 |
| Counsel to the Inspector General | Fred Gibson | 202-416-2917 |
| Assistant Inspector General for Audits | Russell Rau | 202 416-2543 |
| Deputy Asst. Inspector General for Audits | Stephen Beard | 202-416-4217 |
| Deputy Asst. Inspector General for Audits | Sharon Smith | 202-416-2430 |
| Assistant Inspector General for Investigations | Samuel Holland | 202-416-2912 |
|
Assistant Inspector General for
Management and Congressional Relations |
Rex Simmons | 202-416-2483 |
|
Assistant Inspector General for
Quality Assurance and Oversight |
Robert McGregor | 202-416-2501 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||
[ D ]
[ D ]
[ D ]
Index of Reporting Requirements—Inspector General Act of 1978, as amended |
| Reporting Requirement |
|---|
| Section 4(a)(2): Review of legislation and regulations |
| Section 5(a)(1): Significant problems, abuses, and deficiencies |
| Section 5(a)(2): Recommendations with respect to significant problems, abuses, and deficiencies |
| Section 5(a)(3): Recommendations described in previous semiannual reports on which corrective action has not been completed |
| Section 5(a)(4): Matters referred to prosecutive authorities |
| Section 5(a)(5) and 6(b)(2): Summary of instances where requested information was refused |
| Section 5(a)(6): Listing of audit reports |
| Section 5(a)(7): Summary of particularly significant reports |
| Section 5(a)(8): Statistical table showing the total number of audit reports and the total dollar value of questioned costs |
| Section 5(a)(9): Statistical table showing the total number of audit reports and the total dollar value of recommendations that funds be put to better use |
| Section 5(a)(10): Audit recommendations more than 6 months old for which no management decision has been made |
| Section 5(a)(11): Significant revised management decisions during the current reporting period |
| Section 5(a)(12): Significant management decisions with which the OIG disagreed |
Reader’s Guide to Inspector General Act Reporting Terms
What Happens When Auditors Identify Monetary Benefits?
Our experience has found that the reporting terminology outlined in the Inspector General Act of 1978, as amended, often confuses people. To lessen such confusion and place these terms in proper context, we present the following discussion:
The Inspector General Act defines the terminology and establishes the reporting requirements for the identification and disposition of questioned costs in audit reports. To understand how this process works, it is helpful to know the key terms and how they relate to each other.
The first step in the process is when the audit report identifying questioned costs1 is issued to FDIC management. Auditors question costs because of an alleged violation of a provision of a law, regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds. In addition, a questioned cost may be a finding in which, at the time of the audit, a cost is not supported by adequate documentation; or, a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable.
The next step in the process is for FDIC management to make a decision about the questioned costs. The Inspector General Act describes a "management decision" as the final decision issued by management after evaluation of the finding(s) and recommendation(s) included in an audit report, including actions deemed to be necessary. In the case of questioned costs, this management decision must specifically address the questioned costs by either disallowing or not disallowing these costs. A"disallowed cost," according to the Inspector General Act, is a questioned cost that management, in a management decision, has sustained or agreed should not be charged to the government.
Once management has disallowed a cost and, in effect, sustained the auditor’s questioned costs, the last step in the process takes place which culminates in the "final action." As defined in the Inspector General Act, final action is the completion of all actions that management has determined, via the management decision process, are necessary to resolve the findings and recommendations included in an audit report. In the case of disallowed costs, management will typically evaluate factors beyond the conditions in the audit report, such as qualitative judgments of value received or the cost to litigate, and decide whether it is in the Corporation’s best interest to pursue recovery of the disallowed costs. The Corporation is responsible for reporting the disposition of the disallowed costs, the amounts recovered, and amounts not recovered.
Except for a few key differences, the process for reports with recommendations that funds be put to better use is generally the same as the process for reports with questioned costs. The audit report recommends an action that will result in funds to be used more efficiently rather than identifying amounts that may need to be eventually recovered. Consequently, the management decisions and final actions address the implementation of the recommended actions and not the disallowance or recovery of costs.
1 It is important to note that the OIG does not always expect 100 percent recovery of all costs questioned.
Reader’s Guide to Inspector General Act Reporting Terms
This table shows the corrective actions management has agreed to implement but has not completed, along with associated monetary amounts. In some cases, these corrective actions are different from the initial recommendations made in the audit reports. However, the OIG has agreed that the planned actions meet the intent of the initial recommendations. The information in this table is based on (1) information supplied by the FDIC’s Office of Enterprise Risk Management (OERM) and (2) the OIG’s determination of closed recommendations for reports issued after March 31, 2002. These 13 recommendations from 8 reports involve improvements in operations and programs. OERM has categorized the status of these recommendations as follows:
Management Action in Process: (13 recommendations from 8 reports)
Management is in the process of implementing the corrective action plan, which may include modifications to policies, procedures, systems or controls; issues involving monetary collection; and settlement negotiations in process.
Table I: Significant Recommendations From Previous Semiannual Reports on Which Corrective Actions Have Not Been Completed | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The OIG has requested additional information to evaluate management’s actions in response to OIG recommendations. Also, additional audit work is being conducted in this area.
The OIG has not evaluated management’s actions in response to OIG recommendations.
Table II: Audit Reports Issued by Subject Area | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Table III: Audit Reports Issued with Questioned Costs | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Table IV: Audit Reports Issued with Recommendations for Better Use of Funds | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
During this reporting period, there were no recommendations without management decisions.
|
During this reporting period, there were no significant revised management decisions.
|
During this reporting period, there were no significant management decisions with which the OIG disagreed.
|
|
During this reporting period, there were no instances where information was refused.
 |
We are proud of the following three teams of individuals from the FDIC OIG who received the President’s Council on Integrity and Efficiency (PCIE) and Executive Council on Integrity and Efficiency (ECIE) Awards for Excellence, bestowed annually by the Inspector General community. The following teams received awards on October 27, 2004: |  |
|
Members of the joint investigative/prosecutorial team investigating the failure of Hamilton Bank, N.A., for their efforts leading to the indictment of individuals alleged to be responsible for the bank’s failure:
This award also recognized team members from the Department of the Treasury OIG and the U.S. Attorney’s Office of the Southern District of Florida. |
The team responsible for outstanding work performed on the audit of Supervisory Actions Taken for Bank Secrecy Act Violations:
|
 |
 |
Members of the joint PCIE and ECIE team responsible for updating the Quality Standards for Federal Offices of Inspector General, known as the "Silver Book" in honor of the 25th anniversary of the passage of the Inspector General Act of 1978:
Joining the FDIC OIG staff on this project were representatives from the Offices of Inspector General at the Small Business Administration, National Labor Relations Board, Department of Defense, Department of Education, Department of Health and Human Services, and Department of Transportation. |
|
|
Monte Galvin Landis In July 2004, Ms. Monte Galvin Landis retired after more than 23 years of federal service. Her career included service for the U.S. Army, the General Services Administration, Department of Housing and Urban Development, and finally the Resolution Trust Corporation (RTC) and the FDIC. Some of the highlights of her work at the FDIC OIG included efforts on Y2K-related audits and serving on three teams doing audit work in accordance with the Government Information Security Reform Act and the Federal Information Security Management Act of 2002. Throughout her tenure at the RTC and FDIC, she displayed sincere concern for her colleagues and a commitment to the mission of the OIG. Ms. Landis received the Corporation’s Nancy K. Rector Award for Public Service in March 2003 at the FDIC’s Annual Awards Ceremony. This award recognized her admirable volunteer involvement with Habitat for Humanity.
|
Kay Atkins-Gipson Ms. Kay Atkins-Gipson, a Special Agent in the OIG’s Dallas office retired from federal service in July 2004 after a distinguished 21-year career in federal law enforcement. She worked in the RTC OIG, and was an invaluable member of the FDIC OIG. Prior to joining the RTC, she served at the Federal Bureau of Investigation and the Defense Criminal Investigative Service. Her efforts in each of these organizations were deservedly praised by her colleagues throughout the OIG and in the law enforcement community. While at the FDIC OIG, she distinguished herself by conducting many highly sensitive investigations that were entrusted to her because of her skills as an investigator and ability to effectively deal with highly charged and complex situations. Her contributions to concealment of asset cases and alleged bank fraud cases are examples of her commitment to the FDIC OIG mission.
|
| Term | |
|---|---|
| BCP | Business Continuity Plan |
| BIF | Bank Insurance Fund |
| BSA | Bank Secrecy Act |
| CDs | Certificates of Deposit |
| CEO | Chief Executive Officer |
| CIRC | Capital Investment Review Committee |
| CPIM | capital planning and investment management |
| DIRM | Division of Information Resources Management |
| DOA | Division of Administration |
| DOF | Division of Finance |
| DRR | Division of Resolutions and Receiverships |
| DSC | Division of Supervision and Consumer Protection |
| ECIE | Executive Council on Integrity and Efficiency |
| EGRPRA | Economic Growth and Regulatory Paperwork Reduction Act |
| ERC | Ethics Resource Center |
| ERM | Enterprise Risk Management |
| FAEC | Federal Audit Executive Council |
| FBI | Federal Bureau of Investigation |
| FDIC | Federal Deposit Insurance Corporation |
| FISMA | Federal Information Security Management Act of 2002 |
| FRF | Federal Savings and Loan Insurance Corporation Resolution Fund |
| FSBH | First State Bank of Harrah |
| GAO | Government Accountability Office |
| HSPD | Homeland Security Presidential Directive |
| IBM | International Business Machines |
| IG | Inspector General |
| ILC | industrial loan company |
| IRS-CI | Internal Revenue Service Criminal Investigation |
| IT | Information Technology |
| MERIT | Maximum Efficiency, Risk-Focused, Institution Targeted Examinations Program |
| NFE | New Financial Environment |
| NHTCU | National Hi-Tech Crime Unit |
| OCC | Office of the Comptroller of the Currency |
| OERM | Office of Enterprise Risk Management |
| OI | Office of Investigations |
| OIG | Office of Inspector General |
| OMB | Office of Management and Budget |
| OTS | Office of Thrift Supervision |
| PCIE | President’s Council on Integrity and Efficiency |
| Results Act | Government Performance and Results Act |
| RTC | Resolution Trust Corporation |
| SAIF | Savings Association Insurance Fund |
| SARC | Supervision Appeals Review Committee |
| SCS | San Clemente Securities, Inc. |
| SNB | Sinclair National Bank |
| UCC | United Custodial Corporation |
| USA PATRIOT ACT | United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 |
| ViSION | Virtual Supervisory Information on the Net |
[ NOTE:This report has been physically divided into two sections in order to maintain download performance ]
Link to Section II of the OIG's Semiannual Report to the Congress (contains FY 2004 Perfromance Report)