President George W. Bush acknowledges the work of federal Offices of Inspector General on the occasion of the 25th Anniversary of the Inspector General Act.
	Pictured left to right: FDIC IG Gaston L. Gianni, Jr., President George W. Bush, Federal Reserve Board IG Barry R. Snyder, and Office of Management and Budget Deputy Director for Management Clay Johnson, III.

FDIC Chairman Donald E. Powell's congratulatory letter to the FDIC Office of Inspector General

Mr. Gaston Gianni Inspector General Federal Deposit Insurance Corporation 801 - 17th Street, N.W. Washington, D.C. 20429 Dear Gaston: I wish you congratulations on the twenty-fifth anniversary of the Inspector General (IG) Act. The path to this milestone has contained many challenges, and the Office of Inspector General has met them with competence and professionalism. For 70 years, the Federal Deposit Insurance Corporation has served as a stabilizing force for the American economy - keeping banks strong and hard-working citizens' money safe. Since the IG came to the FDIC fifteen years ago, you have worked diligently to ensure that we take that job very seriously and that the FDIC remained free of the "three evils:" waste, fraud, and abuse. I believe that the ideal relationship between the FDIC and the OIG is embodied in your four "CORE" values-Communication, Objectivity, Responsibility, and Excellence. I look forward to continuing to work with you and your staff as we carry out the vital work of the FDIC by maintaining stability and public confidence in the nation's financial system.

Inspector General's Statement

As I write this semiannual report statement, the Inspector General (IG) community is celebrating the 25th anniversary of the IG Act, signed into law by President Jimmy Carter on October 12, 1978. Our commemoration of this event has included a meeting of the federal Inspectors General with President Bush; a Congressional oversight hearing of the Subcommittee on Government Efficiency and Financial Management, Committee on Government Reform, U.S. House of Representatives; Congressional resolutions acknowledging IG contributions to good government; reissuance of the Quality Standards for Federal Offices of Inspector General, now known as the “Silver Book;” media coverage explaining the role and impact of federal Offices of Inspector General (OIG); and an annual awards ceremony honoring the significant work of some of the more than 11,000 employees in the federal IG community. I am especially proud that FDIC OIG employees received six awards this year.

In keeping with the spirit of the anniversary, all FDIC OIG staff had an opportunity to recommit to the mission of the OIG at the FDIC during an office-wide conference held this month. Our conference focused on the FDIC OIG’s mission, vision, and core values. We seek to help the FDIC ensure stability and public confidence in the nation’s financial system. We want to be viewed as a valuable part of the Corporation and to be one of the best OIGs in government. Our CORE values embrace Communication, Objectivity, Responsibility, and Excellence. In pursuit of our mission, vision, and values, we designed several sessions at the conference so that our staff could publicly articulate and appreciate how their public service contributes to accomplishing our strategic goals in 4 areas—value and impact, communication and outreach, human capital, and productivity. Organization-wide, we are focusing on the steps necessary for us to become a high-performance organization, and the celebration of the 25th anniversary of the IG Act is a powerful inspiration to us during this journey.

During the reporting period, we achieved significant results in areas of corporate management and performance challenges. Our Material Loss Review of the Failure of Southern Pacific Bank and our 2003 Federal Information Security Management Act (FISMA) evaluation are but two examples of important work products issued during the past 6 months. The material loss review concluded that Southern Pacific Bank failed because of ineffective corporate governance at the institution, leading to a potential loss to the insurance funds of about $91 million. Our report raised an issue related to oversight of parent holding companies of industrial loan companies—one that we plan to pursue in future work. Our FISMA evaluation concluded that the Corporation has only limited assurance of adequate security of its information resources. The report highlights 10 key areas where the Corporation needs to focus attention to address information security weaknesses.

In connection with our FISMA work, I am compelled to reiterate a matter of increasing concern, a fundamental organizational weakness that surfaced once again this year: the Corporation’s lack of a Chief Information Officer. This position has remained vacant for more than 2 years, during which time the Corporation has spent millions of dollars for information technology (IT) projects. During this same timeframe, a number of critical IT issues have faced the Corporation, as evidenced by the results of our FISMA and other IT-security related reviews. Over the past 2 years, the Corporation has attempted, unsuccessfully, to fill this position three times, while other federal agencies have been able to fill similar positions. Further, we are in the midst of an IT revolution that offers organizations boundless opportunities to improve their efficiency and effectiveness. To better ensure that the Corporation can address its critical IT issues and is fully positioned to leverage its IT potential, it must provide permanent IT leadership and direction by filling its Chief Information Officer position.*

Another leadership vacancy at the FDIC that I have addressed in past semiannual reports is the vacant Director position on the FDIC Board. The President has sent forward the name of a candidate, and the Senate has held his confirmation hearing; however, he has not yet been confirmed. As I have expressed on many previous occasions, the vital balance implicit in the Board structure can only be maintained when the Board is operating at full strength. We therefore again urge the Congress to take timely action to fill this vacancy.*

With respect to our investigative efforts during the reporting period, we continue to report many successes in our cases of major fraud at financial institutions and concealment of assets cases where FDIC debtors fraudulently attempt to avoid payment of restitution that has been ordered. This period we are reporting 30 indictments/ informations; 8 convictions; and fines, restitution, and monetary recoveries of $68.1 million. In keeping with our efforts to become more high-performing, our internal OIG activities during the past 6 months have focused on implementation of key aspects of our Human Capital Strategic Plan—our business knowledge inventory system and our key competencies project.

Transparency and accountability are basic precepts of good governance. In that spirit, we are including our Fiscal Year 2003 Performance Report as an integral part of this semiannual report. As stated previously, we are committed to pursuing continual improvement in our overall performance. We met or substantially met 79 percent of our goals. Twenty-one percent were not achieved. We cannot attain our goals and become a high-performance organization without the support of many others, among those the Congress, the IG community, federal law enforcement officials, and most especially FDIC management. We will continue to work with these groups in a spirit of partnership as we focus on all areas of our performance in the coming months.

In closing, our office was saddened by the recent deaths of two former colleagues—David Loewenstein and Edward Sobota. We value their past contributions to the FDIC and OIG missions, will long remember them, and extend sincere sympathy to their families.

Gaston L. Gianni, Jr. [Electronically produced version; original signed by Gaston L. Gianni],
Inspector General
October 31, 2003

Table of Contents

Overview

Management and Performance Challenges

• Adequacy of Corporate Governance in Insured Depository Institutions
• Protection of Consumer Interests
• Management and Analysis of Risks to the Insurance Funds
• Effectiveness of Resolution and Receivership Activities
• Management and Security of Information Technology Resources
• Security of Critical Infrastructure
• Assessment of Corporate Performance
• Transition to a New Financial Environment
• Organizational Leadership and Management of Human Capital
• Cost Containment and Procurement Integrity

OIG work conducted to address these areas during the current reporting period includes 20 audit and evaluation reviews containing both monetary and nonmonetary recommendations; comments and input to the Corporation’s draft policies in significant operational areas; participation at meetings, symposia, conferences, and other forums to jointly address issues of concern to the Corporation and the OIG; and assistance provided to the Corporation in such areas as developing input for a “Why Banks Fail” symposium, and participation on the FDIC Audit Committee’s Information Technology Subcommittee. (See pages 11- 28.)

Investigations

Investigative work during the period led to indictments or criminal charges against 30 individuals and convictions of 8 defendants. Criminal charges remained pending against 33 individuals as of the end of the reporting period. Fines, restitutions, and recoveries stemming from our cases totaled almost $68.1 million. This section of our report also includes an update on a legislative proposal we have put forth to the Congress to enhance enforcement authority for misrepresentations regarding FDIC insurance. It also discusses our Electronic Crimes Team and acknowledges awards given to one of our Special Agents and to an Assistant U.S. Attorney with whom we have worked on many high-profile criminal restitution cases. (See pages 29- 44.)

OIG Organization

OIG’s Fiscal Year 2003 Performance Report

Appendix

Highlights

• OIG reports include 103 nonmonetary recommendations to improve corporate operations and activities. Among these are recommendations to strengthen the examination and supervision processes in key risk areas, improve the effectiveness of information technology security measures, develop additional policy for resolving large securitized credit card portfolios, establish benchmarks for the accuracy of insurance determinations, strengthen management of the New Financial Environment project, and enhance business continuity planning at FDIC supervised institutions.
  
  
• OIG investigations result in 30 indictments/ informations; 8 convictions; and approximately $68.1 million in total fines, restitution, and other monetary recoveries. Approximately $66.3 million of that amount represents court-ordered restitution and is an amount that has not yet been collected.
  
  
• The Office of Audits issues its Assignment Plan for fiscal year 2004, focusing its work on the Corporation’s principal business lines. Audits and evaluations will be conducted by five Directorates in the Office of Audits: Supervision and Insurance; Resolution, Receivership, and Legal Services; Information Assurance; Resources Management; and Corporate Evaluations.
  
  
• The OIG continues to implement its Human Capital Strategic Plan for 2002-2006, focusing on completion of the Business Knowledge Inventory and Key Competencies projects.
  
  
• The OIG sponsors a Federal Information Security Management Act (FISMA) meeting, bringing together representatives of 44 federal agencies to share information, ideas, and best practices related to implementation of FISMA governmentwide.
  
  
• OIG counsel provides advice and counsel on a number of issues, including closed bank matters and bank supervision, and review of the USA PATRIOT Act and the E-Government Act. Counsel is involved in 24 litigation matters that are awaiting further action by the parties or rulings by the court or other adjudicatory bodies.
  
  
• The OIG reviews and comments on 1 proposed formal regulation, 1 legislative proposal, and 51 proposed FDIC policies and directives and responds to 5 requests under the Freedom of Information Act. Substantive comments are provided to the Corporation related to proposed policies on various aspects of information technology security, physical security, human resources, and receivership management.
  
  
• The OIG reports the results of its Material Loss Review of the Failure of Southern Pacific Bank, an institution that failed and may cause losses to the insurance funds of approximately $91 million. The OIG identifies weak corporate governance at the institution as the principal cause of failure and makes six recommendations to improve the bank supervision process and promote the safety and soundness of FDIC-supervised institutions.
  
  
• The OIG’s FISMA report concludes that the Corporation had established and implemented management controls that provided limited assurance of adequate security over its information resources.
  
  
• The OIG coordinates with and assists management on a number of initiatives, including Office of Investigations and Office of Audits Executives’ participation at the Division of Supervision and Consumer Protection Field Office Supervisor meetings, making presentations at the FDIC/Department of Justice Bank Fraud Conference, and helping an FDIC team develop a paper on the "Root Causes of Bank Failures from 1997 to the Present."
  
  
• The OIG accomplishes a number of internal office initiatives, including issuance of the Office of Audits’ Assignment Plan for Fiscal Year 2004, completion of the OIG’s Business Knowledge Inventory System and Key Competencies projects, participating in numerous interagency working groups, and implementing the Office of Audits’ new computer lab.
  
  
• OIG staff are among those honored at the President’s Council on Integrity and Efficiency and the Executive Council on Integrity and Efficiency’s Annual Awards Ceremony. Staff are recognized for audit and investigation accomplishments, outstanding administrative support, and noteworthy publishing efforts.
  
  
• OIG Special Agent receives an award from the U.S. Attorney for the Southern District of Iowa for exemplary work in the investigation and prosecution relating to the failure of Hartford- Carlisle Savings Bank, Carlisle, Iowa. This case involved the largest dollar loss as a result of a bank failure or fraud in the history of the State of Iowa and the Southern District of Iowa.
  
  
• As Vice Chair of the President’s Council on Integrity and Efficiency, the Inspector General leads the Inspector General community’s activities, participates as a presenter at numerous professional conferences and other forums, and shares information and best practices with delegations of foreign visitors from such places as the Dominican Republic, Thailand, and Poland.
  
  
• An OIG proposal forwarded to Representative Michael G. Oxley is incorporated in HR 1375 "Financial Services Regulatory Relief Act of 2003", approved by the House Financial Services Committee in May 2003. The proposal would provide the FDIC with enforcement tools to limit misrepresentations regarding FDIC deposit insurance coverage. HR 1375 is pending in the House Rules Committee.

Management and Performance Challenges

In many prior semiannual reports, we identified our view of the most significant issues facing the Corporation as it carried out its mission. Over the past 7 years, we have reported our work in the context of these major issues in our semiannual reports, largely in response to the request of various congressional Committees that OIGs identify these issues across the government. During the previous reporting period, we again considered these issues, but in a slightly different context. To explain—in the spirit of the Reports Consolidation Act of 2000, in February 2003, we provided the Chief Financial Officer (CFO) of the FDIC the OIG’s assessment of “the most significant management and performance challenges” facing the Corporation. The Act called for these challenges to be included in the FDIC’s 2002 consolidated performance and accountability report. The Corporation did include a listing of the challenges in its Annual Report for 2002. The Annual Report combines the Chief Financial Officers Act Report and the Program Performance Report required by the Government Performance and Results Act. Our Annual Assignment Plan for fiscal year 2004 is also designed to address these challenges.

• Adequacy of Corporate Governance in Insured Depository Institutions
  
  
• Protection of Consumer Interests
  
  
• Management and Analysis of Risks to the Insurance Funds
  
  
• Effectiveness of Resolution and Receivership Activities
  
  
• Management and Security of Information Technology Resources
  
  
• Security of Critical Infrastructure
  
  
• Assessment of Corporate Performance
  
  
• Transition to a New Financial Environment
  
  
• Organizational Leadership and Management of Human Capital
  
  
• Cost Containment and Procurement Integrity

For the current reporting period, we continue to present our work in the context of these challenges. The Corporation has had a number of actions underway to address each of the areas, and we have encouraged continued attention to all of these challenges as we conduct our work.

We also note that a number of issues in our work during the reporting period—some complete, some still ongoing—relate to effective management of key, critical, high-dollar projects. Examples include our work on the New Financial Environment, Central Data Repository, and Virginia Square II Construction projects. We plan to continue and perhaps expand our work examining the Corporation’s preparedness to manage these and other such projects going forward to help ensure the Corporation’s success in accomplishing project goals.

We will continue to pursue audits, evaluations, investigations, and other reviews that address the management and performance challenges we identified. Our work during the reporting period can be linked directly to these challenges and is presented as such in the sections that follow. We will be updating our identification of the Management and Performance Challenges by year-end 2003 and will continue to work with corporate officials to successfully address all challenges identified.

Adequacy of Corporate Governance in
Insured Depository Institutions

The Corporation has initiated various measures designed to mitigate the risk posed by these concerns, such as reviewing the bank’s board activities and ethics policies and practices and reviewing auditor independence requirements. In addition, the FDIC reviews the financial disclosure and reporting obligations of publicly traded state non-member institutions. The FDIC also reviews their compliance with Securities and Exchange Commission regulations and the Federal Financial Institutions Examination Council-approved and recommended policies to help ensure accurate and reliable financial reporting through an effective external auditing program. Other corporate governance initiatives include the FDIC’s issuing Financial Institution letters, allowing bank directors to participate in regular meetings between examiners and bank officers, maintaining a “Directors’ Corner” on the FDIC Web site, and the expansion of the Corporation’s “Directors’ College” program. The adequacy of corporate governance will continue to require the FDIC’s vigilant attention.

During the reporting period, our work on the Material Loss Review of the Failure of Southern Pacific Bank attested to the significance of the issue of corporate governance. This work is discussed in the section of this semiannual report entitled Management and Analysis of Risks to the Insurance Funds.

Protection of Consumer Interests

The Corporation accomplishes its mission related to fair lending and other consumer protection laws and regulations by conducting compliance examinations, taking enforcement actions to address unsafe or unsound banking practices and compliance violations, encouraging public involvement in the compliance process, assisting financial institutions with fair lending and consumer compliance through education and guidance, and providing assistance to various parties within and outside of the FDIC.

The FDIC’s examination and evaluation programs must assess how well the institutions under its supervision manage compliance with consumer protection and fair lending laws and regulations and meet the credit needs of their communities, including low- and moderate-income neighborhoods. The FDIC must also work to issue regulations that implement federal consumer protection statutes both on its own initiative and together with the other federal financial institution regulatory agencies. One important focus is the GLBA, because the Corporation must ensure it has a quality program to examine institution compliance with privacy and other provisions of the Act.

The Corporation’s community affairs program provides technical assistance to help banks meet their responsibilities under the Community Reinvestment Act. The current emphasis is on financial literacy, aimed specifically at low- and moderate-income people who may not have had banking relationships. The Corporation’s “Money Smart” initiative is a key outreach effort. The FDIC must also continue efforts to maintain a Consumer Affairs program by investigating consumer complaints about FDIC-supervised institutions and answering consumer inquiries regarding consumer protection and fair lending laws and banking practices, and providing data to assist the examination function.

What Progress Has the FDIC Made in Examining
Financial Institution Compliance with GLBA Privacy Provisions?
Congress enacted several privacy provisions in the GLBA in response to concerns about the growing inability of consumers to control access to their personal financial information, namely GLBA, Title V— Privacy, Subtitles A and B. These privacy provisions created new requirements for various federal and state regulatory agencies and financial institutions. Congress continues to emphasize the importance of consumer privacy as demonstrated by recent hearings covering the topics of identity theft and obligations regarding disclosures of personal information. (the U.S. Senate Committee on Banking, Housing, and Urban Affairs conducted hearings in June 2003: “The Growing Problems of Identity Theft and Its Relationship to the Fair Credit Reporting Act” (June 19, 2003); and “Affiliate Sharing Practices and Their Relationship to the Fair Credit Reporting Act” (June 26, 2003).

We conducted an evaluation to determine whether the FDIC has made reasonable progress in implementing the GLBA Title V privacy provisions. We determined that, overall, the FDIC has made reasonable progress in implementing Title V provisions relating to safeguarding customer information and privacy notice requirements. The Division of Supervision and Consumer Protection (DSC) assesses a financial institution’s compliance (1) with standards for safeguarding customer information through information technology examinations and (2) with privacy notice requirements through compliance examinations. The GLBA Title V provisions related to Fair Credit Reporting Act-affiliate information sharing have not yet been fully implemented but are being addressed through proposed interagency regulations still in process. Notwithstanding the progress made, we determined that the FDIC could take additional steps to help ensure full implementation of the GLBA Title V privacy provisions, and we made two recommendations to that effect.

As for GLBA Title V provisions related to fraudulent access to financial information, the Corporation had made modest progress in implementing provisions. The FDIC issued guidance on identity theft and pretext calling to financial institutions, but DSC has not established specific examination procedures to determine financial institutions’ compliance with the guidance. We therefore recommended that DSC standardize its guidance related to reporting the results of evaluating a financial institution’s compliance with the standards for safeguarding customer information.

DSC was responsive to our recommendations and is taking steps to address them.

Management and Analysis of Risks
to the Insurance Funds

Recent trends and events continue to pose risks to the funds. From January 1, 2002 to September 30, 2003, 13 insured financial institutions failed, and the potential exists for additional failures. While some failures may be attributable primarily or in part to economic factors, bank mismanagement and fraud have also been key factors in the most recent failures. The environment in which financial institutions operate is evolving rapidly, particularly with the acceleration of interstate banking, new banking products and complex asset structures, and electronic banking. The industry’s growing reliance on technologies, particularly the Internet, has changed the risk profile of banking. The consolidations that may occur among banks, securities firms, insurance companies, and other financial services providers resulting from the GLBA pose additional risks to the FDIC’s insurance funds. The Corporation’s supervisory approach must operate to identify and mitigate these risks and their real or potential impact on financial institutions to preclude adverse consequences to the insurance funds.

Another risk to the insurance funds results from bank mergers that have created “megabanks,” or “large banks,” which are defined as institutions with assets of over $25 billion. For many of these institutions, the FDIC is the insurer but is not the primary federal regulator. Megabanks offering new or expanded services also present challenges to the FDIC. For example, the failure of a megabank, along with the potential closing of closely affiliated smaller institutions, could result in losses to the deposit insurance funds that require significant increases in premium assessments from an institution.

Further, because of bank mergers and acquisitions, many institutions hold both Bank Insurance Fund (BIF) and Savings Association Insurance Fund (SAIF) insured deposits, obscuring the difference between the funds. There is ongoing consideration of merging the two insurance funds with the perceived outcome being that the merged fund would not only be stronger and better diversified but would also eliminate the concern about a deposit insurance premium disparity between the BIF and the SAIF. Assessments in the merged fund would be based on the risk that institutions pose to that fund. The prospect of different premium rates for identical deposit insurance coverage would be eliminated. Also, insured institutions would no longer have to track their BIF and SAIF deposits separately, resulting in cost savings for the industry. The Corporation has worked hard to bring about deposit insurance reform, and the OIG supports the FDIC’s continued work with the banking community and the Congress in the interest of eventual passage of reform legislation.

Another risk to the insurance funds relates to the designated reserve ratio. As of March 31, 2002, the BIF reserve ratio was at 1.23 percent, the first time since 1995 that the ratio had fallen below the statutorily mandated designated reserve ratio of 1.25 percent for the deposit insurance funds. (If the BIF ratio is below 1.25 percent, in accordance with the Federal Deposit Insurance (FDI) Act, the FDIC Board of Directors must charge premiums to banks that are sufficient to restore the ratio to the designated reserve ratio within 1 year. The Corporation must maintain or exceed the designated reserve ratio, as required by statute.) By June 30, 2002, the BIF reserve ratio was at 1.25 percent, the mandated reserve ratio. As of March 31, 2003, the BIF ratio was at 1.28 percent, and as of June 30, 2003, it was at 1.29 percent.

The process for setting deposit insurance premiums, which is closely related to the above discussion of the designated reserve ratio, represents yet another significant risk to the insurance funds. Insurance premiums are generally assessed based on the funding requirements of the insurance funds. This approach has the impact of assessing premiums during economic downturns when banks are failing and are likely not in the best position to afford the premiums. Also, numerous institutions have benefited from being able to sharply increase insured deposits without contributions to the insurance funds commensurate with this increased risk. This situation can occur because the designated reserve ratio is not breached, thereby triggering across-the- board premiums. Current deposit insurance reform proposals include provisions for risk-based premiums to be assessed on a more regularly scheduled basis than would occur using the existing approach. Risk-based premiums can provide the ability to better match premiums charged to institutions with related risk to the insurance funds.

Why Did Southern Pacific Bank Fail and How Adequate Was the FDIC’s Supervision?
We issued our report entitled Material Loss Review of the Failure of the Southern Pacific Bank, Torrance, California during the reporting period. As mandated by the FDI Act, we conduct such reviews to: (1) ascertain why the bank’s problems resulted in a material loss to the insurance fund and (2) assess the FDIC’s supervision of the bank, including implementation of the Prompt Corrective Action (PCA) requirements of section 38 of the FDI Act.

We concluded that Southern Pacific Bank (SPB) failed because of ineffective corporate governance, leading to a material loss to the BIF. The individual who served both as the Chairman and President of the bank’s holding company and as the Chairman and interim President of SPB dominated the operations of the bank. Under these circumstances, bank management pursued a strategy of high-growth, high-risk commercial lending without proper risk management processes. Additionally, SPB’s external auditor did not assure adequate disclosure of SPB’s financial condition, results of operations, and internal control weaknesses. As a result, the bank experienced significant losses in its commercial loan portfolio. Furthermore, the downturn in the telecommunications and technology sectors in the early 2000s and the impact of the September 11th terrorist attacks on the airline industry exacerbated the deterioration in the bank’s portfolio.

With respect to the supervision of SPB, the FDIC and state examiners conducted annual examinations, consistently identifying and reporting deficiencies and taking various informal and formal enforcement actions, but these actions were of limited effect in reducing the risk of a material loss to the insurance fund. In particular, examiner guidance is needed for assessing the capital requirements and provision for losses associated with high-risk commercial loans. The FDIC implemented the PCA provisions of section 38 of the FDI Act. However, PCA was not fully effective due to the inadequate provision for loan losses that overstated SPB’s income and capital for several years and to the bank’s failure to execute its approved capital plan.

It is of interest to note that of the 10 material loss reviews we have conducted, this is the second involving industrial loan companies–the 1999 failure of Pacific Thrift and Loan was the other. In the case of SPB, its parent holding company was not subject to the regulatory oversight provided under the Bank Holding Company Act (BHCA). However, the FDIC was authorized by law to examine any affiliate of SPB, including its parent company, to determine the relationship between SPB and its parent/affiliate and the effect of such a relationship on the bank. Our report contrasts the oversight and authority provided under the BHCA with that which is available by statute to the FDIC for parent holding companies of industrial loan companies. We may also conduct an audit specifically focusing on non-bank bank holding companies and the potential risks, if any, that may result from the reduced level of federal oversight for holding companies not covered by the BHCA.

We made six recommendations designed to improve the bank supervision process and promote the safety and soundness of FDIC-supervised institutions. FDIC management concurred with all six recommendations.

Have Adequate Procedures Been Implemented to Examine Financial Institution Compliance with the USA PATRIOT Act?
Similar to work discussed earlier relating to the FDIC’s implementation of GLBA provisions during examinations, we issued a final report on our audit of the Corporation’s implementation of the USA PATRIOT Act. Under the PATRIOT Act, the Secretary of the Treasury continues efforts to combat the corruption of U.S. financial institutions for money laundering purposes.

Our overall objective was to determine whether the FDIC had developed and implemented adequate procedures to examine financial institutions’ compliance with the PATRIOT Act. The PATRIOT Act has 10 titles relating to the prevention of money laundering and financing of terrorism. Our audit covered Title III: International Money Laundering Abatement and Anti-terrorist Financing Act of 2001. We concluded that DSC’s existing Bank Secrecy Act examination procedures cover PATRIOT Act, Title III requirements to some degree. In addition, DSC had advised FDIC-regulated institutions of the new requirements in cases in which the Treasury Department had issued final rules implementing the Title III provisions. However, DSC had not issued guidance to its examiners for those provisions requiring new or revised examination procedures because DSC was either coordinating the issuance of uniform procedures with an interagency steering committee or waiting for the Treasury Department to issue final rules. This delay in issuing examination guidance was of particular concern when the Treasury Department had issued final rules for Title III provisions addressing money laundering deterrents and verification of customer identification.

We recommended that DSC (1) issue interim examination procedures for those sections for which the Treasury Department has already issued final rules and (2) work with the FDIC-Federal Reserve System – Conference of State Bank Supervisors Steering Committee For Risk Focused Examination Procedures and Supporting Software to issue examination guidelines concurrently with the Treasury Department’s issuance of final rules for institutions’ implementation of Title III provisions.

DSC management concurred with our recommendations. In addition, DSC issued interim guidance, effective August 15, 2003, to its examiners and the FDIC-regulated institutions addressing four of the eight Title III sections applicable to the FDIC’s examination procedures. The FDIC is also continuing its efforts to coordinate issuance of examination guidance with the interagency steering committee for risk-focused examination procedures.

What Role Do Prompt Corrective Action Provisions Play in Reducing Losses to the Deposit Insurance Funds?
We issued a follow-up report to an earlier report entitled The Effectiveness of Prompt Corrective Action Provisions in Preventing or Reducing Losses to the Deposit Insurance Funds, dated March 26, 2002. Our follow-up work determined that the FDIC generally used PCA directives as part of the supervisory process, in conjunction with other supervisory actions, once institutions’ capital levels reached designated thresholds. The FDIC’s use of PCA directives served to prevent or reduce losses to the deposit insurance funds. However, we concluded that changes to reporting requirements could be made to improve the FDIC’s ability to detect capital deficiencies to mitigate the fact that current Call Reports (i.e., an institution’s quarterly Consolidated Report of Condition and Income that contains a balance sheet, income statement, and other financial schedules containing information about the institution) do not take into account the risks related to sub-prime loans. Further, we concluded that changes to non-capital related provisions of section 38 and 39 of the FDI Act could be made to improve their effectiveness. The report contains six options for consideration intended to improve the effectiveness of PCA provisions. The Corporation generally agreed with our observations regarding the use and effectiveness of PCA provisions, but does not believe that additional changes are needed.

Effectiveness of Resolution and Receivership Activities

The FDIC has outlined primary goals for four business lines (listed below) that are relevant to the three major phases of the Division of Resolutions and Receiverships’ (DRR) work: Pre-Closing, Closing, and Post-Closing of failing or failed institutions. Each is accompanied by significant challenges:

1. Deposit Insurance. The FDIC must provide customers of failed financial institutions with timely access to their insured funds and financial services. A significant challenge in this area is to ensure that FDIC deposit insurance claims and payment processes are prepared to handle large institution failures.
   
   
2. Resolutions. As the FDIC seeks to resolve failed institutions in the least costly manner, its challenges include improving the efficiency of contingency planning for institution failures and improving internal FDIC communication and coordination as well as communication with the other primary federal regulators. These improvements will help ensure timely access to records and optimal resolution strategies.
   
   
3. Receivership Management. The FDIC’s goal is to manage receiverships to maximize net return toward an orderly and timely termination and provide customers of failed institutions and the public with timely and responsive information. Related challenges include improving the efficiency of the receivership termination process, improving claims processing, continual assessment of recovery strategies, improving investigative activities, and charging receiverships for services (such as service costing) performed under the Receivership Management Program.
   
   
4. Employees. FDIC employees need to possess the resources, skills, and tools to perform the mission of DRR. One related challenge is to ensure that DRR personnel have sufficient legal support for decision-making.

Does the Division of Resolutions and Receiverships Have Effective Guidance for Resolving and Managing Credit Card Portfolios?
We conducted an audit of DRR’s resolution and management of credit card portfolios acquired from failing insured depository institutions. Credit cards are income-producing assets to the institutions that issue them and consist of receivables from the credit card holders net of allowance for uncollectible amounts. When an insured depository institution fails, the FDIC is appointed receiver and assumes responsibility to maximize returns to the receivership. In doing so, the FDIC is able to limit losses to its deposit insurance funds. To carry out this responsibility, the FDIC liquidates failed institution assets, including the bank’s interest in credit card portfolios.

Our work focused on whether DRR developed and applied effective guidance for the potential and actual resolution and management of credit card portfolios. We concluded that DRR adequately resolved and managed smaller credit card portfolios that did not involve securitized credit cards. (In a credit card securitization, a financial institution sells its credit card receivables to a special purpose trust that pays for the receivables by selling securities to the public.) However, DRR’s procedures for resolving large securitized credit card portfolios needed improvement. Specifically, DRR was not fully prepared to value and resolve the FDIC’s interest in the large NextBank securitized credit card portfolio. As a result, DRR incurred significant obligations with limited assurance, at the time of closing, of maximizing returns to the BIF after pay-off of insured depositors. Additionally, we reported that DRR’s financial advisor was paid for reports it did not complete, and DRR did not have the benefit of information and analysis that those reports would have contained. DRR indicated that the contractor met DRR’s needs and helped the Division make appropriate decisions regarding NextBank’s resolution strategies. DRR modified the statement of work to reflect added deliverables. The Corporation agreed to take action in response to the two recommendations we made in this report.

Are the Corporation’s Asset Valuations Resulting in Accurate Valuations for “Unique” Assets?
We audited DRR’s asset valuation process used in the resolution of two failed FDIC-insured institutions— Hamilton Bank, N.A. of Miami, Florida and Southern Pacific Bank of Torrance, California—to determine whether DRR’s asset valuation review process resulted in accurate asset valuations for these closings. Accurate asset valuations are important because this information is used to determine the appropriate resolution structures to offer to potential bidders and is part of the FDIC’s least-cost test for the resolution of an institution. We focused on whether DRR’s asset valuation process resulted in reasonably accurate valuations for unique assets at these specific closings. Unique assets in these closings included international-trade loans and commercial loans involving the telecommunications, technology, entertainment, and airlines industries. The FDIC engaged outside contractors to value these unique assets.

DRR’s asset valuation review process resulted in reasonably accurate estimates of the value of the traditional assets sold for both of the FDIC-insured depository institutions. However, the actual net sales proceeds for the two institutions’ unique assets varied substantially from the asset valuations. The risk to the FDIC is that an inaccurate valuation may adversely impact the selection of the least costly resolution strategy. Further, if estimates of asset valuations are significantly understated, the FDIC faces the possibility that it may accept bids for assets that are too low and, thus, negatively impact the deposit insurance funds.

DRR personnel generally complied with the Resolution Policy Manual in conducting their asset valuation reviews, and the FDIC’s asset valuation contractors provided all required valuation deliverables.

We recommended that DRR require its Receivership Status Report and Action Plan or Quarterly Update to include discussion of significant variances between asset valuations and actual sales proceeds and also include an initiative to review best practices regarding the valuation of unique assets in DRR’s 2004 Strategic Plan. DRR concurred with both recommendations. In responding to our report, DRR also stated its strong view that ultimately it is competition among the bidders in an open, competitive marketing effort that most accurately determines the value of an institution’s assets.

How Accurate Are the Corporation’s Deposit Insurance Determinations?
Deposit insurance is a fundamental part of the FDIC commitment to maintain stability and public confidence in the U.S. financial system. DRR’s Receivership Operations Branch is responsible for ensuring that bank customers have timely access to their insured deposits at failed insured depository institutions either by facilitating the transfer of their insured deposits to an assuming institution or by paying insured depositors directly.

We conducted an audit during the reporting period to determine whether DRR is accurately making deposit insurance determinations. That is, we determined whether DRR appropriately grouped depositors’ accounts by ownership category and accurately determined insured amounts in accordance with the FDIC’s rules and regulations. The scope of our audit included testing actual insurance determinations for a sample of accounts for 10 of the 11 insured depository institutions that failed in calendar year 2002.

We concluded that, overall, DRR is accurately making insurance determinations and provides depositors access to their insured deposits in accordance with the FDIC’s deposit insurance rules and regulations.

We did, however, identify a total of nine cases for which the insurance determinations made by DRR were either inaccurate or potentially inaccurate. All but one of the exceptions were attributable to human error, and most errors occurred during the manual phase of the grouping process. Statistical analysis and projections also showed that there is a greater risk that exceptions would occur at larger institutions where DRR staff are handling large amounts of data and working longer hours.

DRR agreed with our analysis and took actions to address the exceptions. We recommended that the Director, DRR, establish a process to routinely test the accuracy of insurance determinations and evaluate the test results in relationship to DRR-established benchmarks as part of the claims process redesign. DRR agreed with this recommendation.

Management and Security of Information
Technology Resources

Accomplishing IT goals efficiently and effectively requires sound IT planning and investment control processes. The Corporation’s 2003 IT budget is approximately $175.1 million. The Corporation must constantly evaluate technological advances to ensure that its operations continue to be efficient and cost-effective and that it is properly positioned to carry out its mission. While doing so, the Corporation must continue to respond to the impact of laws and regulations on its operations. Management of IT resources and IT security have been the focus of several laws, such as the Paperwork Reduction Act, the Government Information Security Reform Act (GISRA), and more recently, the Federal Information Security Management Act (FISMA) of 2002. Similar to the requirements of GISRA, under FISMA, each agency is required to report on the adequacy and effectiveness of information security policies, procedures, and practices and compliance with information security requirements.

The Corporation has worked to implement many sound information system security controls but has not yet fully integrated these controls into an entity-wide program. Additionally, continued attention is needed in efforts to identify sensitive data, plan for and fund essential security measures, incorporate security requirements in FDIC contracts, enhance software configuration management, and measure the overall performance of the information security program. Frequently, security improvements at the FDIC have been the result of a reaction to specific audit and review findings, rather than the result of a comprehensive program that provided continuous and proactive identification, correction, and prevention of security problems. The OIG acknowledges that the Corporation is working to appoint a permanent Chief Information Officer (the position has been vacant since September 2001) to strengthen accountability and authority in the FDIC’s information security program and to ensure that other key positions in the Division of Information Resources Management (DIRM) are filled permanently. However, after three attempts to fill the Chief Information Officer position, the position remains vacant, and this long-term vacancy poses a risk to the Corporation. (See update in IG Statement, page 2.)

Although the FDIC made progress in addressing the security weaknesses identified in our 2001 Security Act evaluation, new information security weaknesses were identified during our 2002 evaluation and during the FDIC’s internal evaluation completed on January 10, 2003. As discussed below, our FISMA report for 2003 again reports that the Corporation continues to have only limited assurance of adequate security of its information resources. Thus, management and security of IT resources continue to warrant management attention.

How Effective Is the Corporation’s Information Technology Security Program? Can It Be Strengthened?
In our Independent Evaluation of the FDIC’s Information Security Program—2003, we concluded that the Corporation had established and implemented management controls that provided limited assurance of adequate security over its information resources. As a result of focused efforts over the past 2 years, the FDIC made significant progress in addressing the information security control weaknesses described in our 2001 and 2002 security evaluation reports and the weaknesses identified in more recent audits and reviews. However, we reported that continued management attention is needed in several key management control areas, including security responsibilities and authorities, contractor and outside agency security, information security risk management, and capital planning and investment control. Notably, the FDIC has made progress in all areas of significant risk compared to last year. Still, the area of contractor and outside agency security was noted as an area that should be considered for reporting as a potential material weakness in accordance with the provisions of the Federal Managers’ Financial Integrity Act of 1982. (See also next write-up on contractor security.)

In addition, this year we performed more in-depth evaluation work in the areas of Incident Response, Information Security Risk Management, and Security Oversight than in prior-year security evaluations. Much of this expanded work was in response to new and emerging information security requirements mandated by the FISMA. Based on this expanded work, our control assurance ratings for Incident Response and Information Security Risk Management declined as compared to our 2002 security evaluation results. It should be noted that this decline in assurance ratings was the result of expanded evaluation work rather than a weakening of management controls following our 2002 security evaluation.

Our evaluation report identifies steps, in priority order, that the Corporation can take in the near term to improve its information security program and operations (see listing on next page). We would point out that the recommended action of appointing a permanent Chief Information Officer and filling other key DIRM positions, including the Acting Director position, appears on the list of steps for the second consecutive year. These steps are intended to assist the Corporation in furthering its efforts to develop and implement information security management controls that provide reasonable assurance of adequate security for its information resources. The FDIC was working during the evaluation to address most of the steps we identified. We will continue to work with the Corporation throughout the coming year to ensure that appropriate risk-based and cost-effective IT security controls are in place to secure corporate information resources and further corporate security goals and objectives.

Has the Corporation Made Progress in Strengthening Information Security Management of FDIC Contractors?
Management of FDIC contractors with access to sensitive information resources is a risk area for the Corporation. We recently issued a follow-up report to an audit of information security management of FDIC contractors that we conducted a year ago. As with other IT areas, we determined that the Corporation made progress in developing contractor information security policies and procedures for acquisition planning, contract security provisions, and contractor oversight. However, we determined that more improvements need to be implemented, and the FDIC has minimal to no assurance that adequate security has been achieved. For instance, we identified numerous vulnerabilities in network security and a lack of documented security plans at contractor sites.

Further, the Corporation needs to include security provisions in existing contracts where it is cost-beneficial to do so. As a result, a high level of risk remains that contractors are not providing adequate security to protect against misuse or unauthorized access to the Corporation’s data.

How Effective Is the Corporation’s Control Environment for Managing Information Technology Assets?
DIRM is responsible for keeping an accurate inventory of IT assets, including computer, wide and local area network, and telecommunication equipment and software. DIRM must maintain current and accurate records for the receipt, transfer, disposal, and adjustment of IT equipment as well as the ability to determine the status of IT assets at any given time.

DIRM had previously conducted a self-assessment that identified needed enhancements to the IT Asset Management Program. During the reporting period, we conducted a more comprehensive review of the program, including evaluating the accuracy and reliability of the Information Technology Asset Management System (ITAMS). We concluded that DIRM’s program for managing IT assets was not adequate. Specifically, a weak control environment and weak control activities related to ITAMS resulted in:

• Missing assets, including more than 200 computers, some of which could contain sensitive information;
  
  
• Incomplete data in ITAMS on reported assets, such as purchase price and warranty provisions;
  
  
• Outdated and inaccurate custodial records that reflected PC and laptop assignments to 129 employees who had left the Corporation;
  
  
• Existing assets not recorded in ITAMS, including over 700 telecommunication items and mainframe and mid-range equipment and software that were tracked through separate, non-integrated systems;
  
  
• Weaknesses in management of IT equipment while equipment was assigned to a warehouse; and
  
  
• Weak system access controls that created the potential for ITAMS records to be altered without an appropriate audit trail for the transaction.

The overarching cause of these conditions was a lack of management commitment to a strong internal control environment and control activities.

During 2003, DIRM has worked aggressively to improve the program by defining what assets should be tracked, improving initial receipt and recording of assets into ITAMS, and conducting a 100 percent inventory of equipment recorded in ITAMS. Nevertheless, at the time we concluded our review, ITAMS remained unreliable and incomplete. Further, we reported that, viewed collectively, the conditions we found constitute a potential material internal control weakness and could result in a loss or misuse of equipment, unwarranted or unsupported procurement actions, and unauthorized access to sensitive information.

Our report contained 10 recommendations to improve controls over the IT asset management program. Management’s comments on our report were responsive to the recommendations. Management did not agree with our characterization of the IT asset management problems as a potential material internal control weakness at the time we issued our report. Management provided us a memorandum subsequent to issuance of our report that discussed actions taken and planned to address program weaknesses within the ITAM program and its position on whether the OIG’s findings constitute a potential material weakness for the Corporation. In that memorandum, DIRM committed to completing the corrective actions necessary to implement adequate internal control over its ITAM program by December 31, 2003. We, in turn, communicated to DIRM that if its planned actions are implemented and effective, we would agree that the ITAM program would not warrant a material weakness designation in the Corporation’s 2003 Annual Report.

Three Reviews Focus on Various IT Security Risk Areas
The OIG engaged International Business Machines (IBM), an independent professional services firm, to perform work in support of our FISMA-related reporting. IBM conducted the following three reviews in the information security area:

Trusted Information Systems Review: Public Key Infrastructure (PKI) is a technical architecture used to authenticate digital identities. IBM conducted a review to (1) evaluate the controls, policies, and procedures surrounding the FDIC’s PKI; (2) analyze and test the FDIC’s connectivity with third-party organizations such as contractors; and (3) evaluate the FDIC’s controls over sensitive data. During the review, IBM noted that the FDIC has implemented a number of good security practices. However, IBM identified needed improvements in PKI operations, contractor-connected systems, and protection of data provided to third parties.

IBM recommended that the Corporation take a number of actions to improve network integrity, performance, and controls, and management agreed to take responsive action.

Remote Access Systems Review: IBM’s report on remote access systems notes that the FDIC has implemented a number of good security practices regarding remote connectivity. However, IBM identified several opportunities to further strengthen remote access controls to the FDIC network. The report contains four findings and seven recommendations, and management’s comments on the report were responsive to concerns identified.

Security Patch Management Review. This review evaluated the policies and procedures for implementing security patches in the FDIC’s networked environment. IBM concluded that additional work was needed to strengthen the security patch management program. IBM made 10 recommendations. DIRM management concurred with seven of the recommendations and partially concurred with the remaining three recommendations. For the three recommendations, DIRM proposed alternative corrective actions that are responsive to the conditions discussed in the report.

Security of Critical Infrastructure

On May 22, 1998, Presidential Decision Directive (PDD) 63 Title 5 was signed. The directive called for a national effort to ensure the security of the nation’s critical infrastructures. PDD 63 defined the critical infrastructure as the “physical and cyber-based systems essential to the minimum operations of the economy and government.” The President declared that securing our critical infrastructure is essential to our economic and national security and issued two Executive Orders (EO 13228, The Office of Homeland Security and the Homeland Security Council, and EO 23231, Critical Infrastructure Protection in the Information Age) to improve the federal government’s critical infrastructure protection program in the context of PDD 63.

The intent of PDD 63 is to ensure that the federal government maintains the capability to deliver services essential to the nation’s security and economy and to the health and safety of its citizens in the event of a cyber- or physical-based disruption. Much of the nation’s critical infrastructure historically has been physically and logically separate systems that had little interdependence. However, as a result of technology, the infrastructure has increasingly become automated and interconnected. These same advances have created new vulnerabilities to equipment failures, human error, natural disasters, terrorism, and cyber-attacks.

To effectively protect critical infrastructure, the FDIC’s challenge in this area is to implement measures to mitigate risks, plan for and manage emergencies through effective contingency and continuity planning, coordinate protective measures with other agencies, determine resource and organization requirements, and engage in education and awareness activities. The FDIC will need to continue to work with the Department of Homeland Security and the Finance and Banking Information Infrastructure Committee, created by Executive Order 23231 and chaired by the Department of the Treasury, on efforts to improve security of the critical infrastructure of the nation’s financial system.

What Progress Has the Corporation Made in Implementing Its Information Security Strategic Plan?
During the reporting period, we completed an audit that evaluated the adequacy of the FDIC’s implementation activities for protecting its critical cyber-based infrastructure. The audit was performed as part of a review by the President’s Council on Integrity and Efficiency, and the Executive Council on Integrity and Efficiency.

We determined that the FDIC’s Information Security Strategic Plan needed improvement. Specifically, the FDIC had not fully implemented a number of important activities for protecting its cyber-based infrastructures. A substantial number of action items contained in the Corporation’s Tactical Plan remained to be completed, and, in a number of cases, planned milestones were being missed. These gaps in coverage limited the FDIC’s assurance that it was adequately protected against computer-based attacks on its critical infrastructures. At the time we completed our review, the FDIC was taking steps to increase the attention, visibility, and urgency for improved security over its critical infrastructure and was conducting a comprehensive IT review. We made one recommendation in this report related to including human capital initiatives in the Tactical Plan. Management agreed to take responsive action.

Is the Corporation’s Approach to Assessing Business Continuity Planning at FDIC-Supervised Institutions Adequate?
Business continuity plans are comprehensive, written plans developed to maintain or resume operations in the event of a disruption. During the reporting period, we conducted an evaluation to determine the adequacy of DSC’s approach to assessing business continuity planning at FDIC-supervised institutions. Given such events as major power outages and storm damage that severely disrupted banking and other operations, the area of business continuity planning has received considerable attention from the Congress.

We concluded that DSC has actively promoted sound business continuity planning practices in financial institutions and developed examination programs for assessing financial institutions’ business continuity planning efforts. However, we also concluded that DSC’s examination work programs focus largely on disaster recovery planning, an IT function, as opposed to enterprise-wide business continuity planning, which addresses overall business concerns, such as employees, management succession, and backup sites. We recommended that the Director, DSC, incorporate the enterprise-wide aspects of business continuity planning in its supervisory approach to examinations of FDIC-supervised institutions. DSC agreed with our finding and recommendation.

Transition to a New Financial Environment

NFE offers the FDIC significant benefits and presents significant challenges. These challenges will test the Corporation’s ability to (1) maintain unqualified opinions on the FDIC’s annual financial statements through the system implementation and associated business process reengineering; (2) manage contractor resources, schedules, and costs; and (3) coordinate with planned and ongoing system development projects related to NFE. Overall, the FDIC needs to ensure that the NFE project team successfully implements modern and reliable systems that improve financial business processes and support current and future financial management and information needs. At the same time, the team must work to control costs for the new environment to the maximum extent possible.

Are Scope Management Controls in Place to Keep the New Financial Environment Project On Track?
One of our audits this reporting period focused on determining whether the FDIC had implemented adequate controls for ensuring that the scope of the NFE project was effectively managed and that any cost or schedule adjustments resulting from project scope changes were properly evaluated and controlled.

We concluded that key scope management deliverables for the NFE project are significantly behind schedule. Improvements in project oversight could have minimized the impact of issues affecting the project deliverable schedule. Additionally, FDIC management did not adopt adequate time management practices to maximize project progress. As a result, the project is less likely to be deployed on schedule, which could increase the FDIC’s contracting costs and defer the benefits anticipated from an integrated financial system.

We recommended that the CFO, in conjunction with the Director, Division of Finance, conduct a senior management review of the NFE project to establish metrics for measuring progress and project re-evaluation criteria if measures are not achieved. We also recommended that the CFO and Director, Division of Finance, direct the NFE Steering Committee to take a number of steps to more clearly define the project’s scope, avoid project delays, and better manage changes to the project schedule. The Corporation’s response to our report addressed the concerns we identified.

Assessment of Corporate Performance

The Corporation’s strategic plan and annual performance plan lay out the agency’s mission and vision and articulate goals and objectives for the FDIC’s three major program areas: Insurance, Supervision, and Receivership Management. The plans focus on four strategic goals that define desired outcomes identified for each program area: (1) Insured Depositors Are Protected from Loss Without Recourse to Taxpayer Funding, (2) FDIC-Supervised Institutions Are Safe and Sound, (3) Consumers’ Rights Are Protected and FDIC-Supervised Institutions Invest in Their Communities, and (4) Recovery to Creditors of Receiverships Is Achieved. Through its annual performance report, the FDIC is accountable for reporting actual performance and achieving these strategic goals.

The Corporation has made significant progress in implementing the Results Act and needs to continue to address the challenges of developing more outcome-oriented performance measures, linking performance goals and budgetary resources, implementing processes to verify and validate reported performance data, and addressing crosscutting issues and programs that affect other federal financial institution regulatory agencies.

Organizational Leadership and Management of Human Capital

In light of the downsizing, the Corporation continues to identify an appropriate skills mix to carry out its mission and must seek to correct any existing skills imbalances. To do so, the Corporation continues to offer solicitations of interest, reassignments, retraining, and outplacement assistance. A large number of FDIC employees will be eligible to retire within the next several years. As the Corporation adjusts to a smaller workforce, it must continue to ensure the readiness of its staff to carry out the corporate mission. The FDIC’s new Corporate University is an initiative that should help prepare the workforce for challenges ahead.

The Corporation is also challenged to fill key vacancies in a timely manner, engage in careful succession planning, and continue to conserve and replenish the institutional knowledge and expertise that has guided the organization in the past. Additional outsourcing needs may arise, and hiring and retaining new talent will be important. Hiring and retention policies that are fair and inclusive must remain a significant component of the corporate diversity plan. Designing, implementing, and maintaining effective human capital strategies are critical priorities and must be the focus of centralized, sustained corporate attention.

A significant element of this performance and management challenge relates to organizational leadership at the FDIC Board of Directors level, specifically, with respect to the current make-up of the Board. The Board is a body whose strong leadership is vital to the success of the agency and to the banking and financial services industry. The Board is composed of five directors, including the FDIC Chairman, two other FDIC directors, the Comptroller of the Currency, and the Director of the Office of Thrift Supervision. To ensure that the balance between various interests implicit in the Board’s structure is preserved, the Board should operate at full strength. However, the Board has been operating with an FDIC Director vacancy since September 1998. Although the President has nominated someone for this position, the candidate has not yet been confirmed. Accordingly, the OIG has urged the Congress that vacancies on the Board be filled as promptly as practicable in order to afford the FDIC the balanced governance and sustained leadership essential to the agency’s continued success. As referenced earlier in the Management and Security of IT Resources section of this report, the long-standing vacancy of the position of Chief Information Officer has been of major concern to the OIG as well. (See updates in IG Statement, page 2.)

Also, DIRM initiated a priority project called the Comprehensive Information Technology Program Review. One aspect of this effort is an assessment of human capital needs and a plan to identify and address any shortfalls in staff resources or skills mix for the IT security program. The human capital staffing plan and its inclusion in the System Security Management Tactical Plan are targeted for completion in January 2004. Until an assessment is performed, and a human capital plan developed and tracked, the FDIC is at risk of not having the appropriate staffing resources to manage the IT security program.

Cost Containment and Procurement Integrity

A key challenge to containing costs relates to the contracting area. To assist the Corporation in accomplishing its mission, contractors provide services in such areas as information technology, legal matters, loan servicing, and asset management. To achieve success in this area, the FDIC must ensure that its acquisition framework—that is, its policies, procedures, and internal controls—is marked by sound planning; consistent use of competition; fairness; well-structured contracts designed to produce cost-effective, quality performance from contractors; and vigilant contract management to ensure successful project management activities.

The Corporation has taken a number of steps to strengthen internal control and effective oversight. However, our work in this area continues to show that further improvements are necessary to reduce risks such as the consideration of contractor security in acquisition planning, incorporation of information security requirements in FDIC contracts, and oversight of contractor security practices. Other possible risks include corporate receipt of billings for such items as unauthorized subcontractors, unallowable subcontractor markups, incorrect timesheets, billings for unreasonable project management hours, conflicts of interest, and unauthorized labor categories. The combination of increased reliance on contractor support and continuing reductions in the FDIC workforce presents a considerable risk to the effectiveness of project management activities. Additionally, large-scale procurements, such as Virginia Square Phase II (a $111 million construction project to house FDIC staff who now primarily work in leased space in the District of Columbia), NFE, and the Central Data Repository project necessitate continued emphasis on contractor oversight and overall project management activities.

How Reasonable Are the FDIC’s Contract Terms with ARAMARK Services, Inc., and Are Controls Effective in Managing and Controlling Costs?
The FDIC has a contract with ARAMARK Services, Inc., of Philadelphia, Pennsylvania, to provide food services at the FDIC’s offices located at Virginia Square, in Arlington, Virginia, and at the FDIC’s Headquarters Building in Washington, D.C. ARAMARK is also responsible for the operations of a Student Residence Center that provides lodging accommodations for FDIC staff and visitors who travel to the Washington, D.C. metropolitan area.

We conducted a review to determine whether specific terms of the ARAMARK contract were reasonable, oversight management by the FDIC and ARAMARK was adequate, and opportunities existed for ARAMARK to improve controls over operations and reduce operating costs at the FDIC’s cafeterias and Student Residence Center.

Our review determined that certain terms in the FDIC’s ARAMARK contract are not reasonable and limit the FDIC’s ability to manage and control the costs of operating the cafeterias and the Student Residence Center. Additionally, the FDIC did not always effectively oversee the contractor’s performance to ensure compliance with all contract terms and conditions. We reported that the FDIC could save $1.5 million over the next 3 years by modifying the terms of the contract and providing better contractor oversight. The FDIC could also have avoided costs of $345,543 had it better structured the terms of the contract dealing with fixed fees. The FDIC also needed to collect tuition fees for non- FDIC employees who had attended FDIC courses at Virginia Square and improve controls over tuition collection for such individuals. Finally, the FDIC did not fully enforce the contractor security provisions, thus posing a security risk to FDIC personnel and facilities.

In responding to our report, management did not concur with certain findings or associated potential monetary benefits. We have adjusted the amount of potential monetary benefits we are reporting in this semiannual report from $1.5 million to $1.2 million to reflect the nonconcurrences and our acceptance of them with the exception of one recommendation related to reducing fixed fees to ARAMARK based on occupancy levels at the Student Residence Center. We have asked FDIC management to reconsider its position on that recommendation and to provide us a subsequent response.

The OIG’s Post-award Contract Reviews
We issued three post-award contract review reports during the reporting period. The objectives of the post-award reviews are to determine whether amounts charged to FDIC contracts are allowable, allocable, and reasonable. We reported a total of $85,116 in monetary benefits as a result of the post-award audits. Management agreed with $39,825, disagreed with $35,916, and management decisions were pending for the remainder of the total amount identified as monetary benefits.

Investigations :
Making an Impact

The Office of Investigations (OI) is responsible for carrying out the investigative mission of the OIG. Staffed with agents in Washington, D.C.; Atlanta; Dallas; and Chicago, OI conducts investigations of alleged criminal or otherwise prohibited activities that may harm or threaten to harm the operations or integrity of the FDIC and its programs. In addition to its two regional offices, based in Atlanta and Dallas, OI operates an Electronic Crimes Team (ECT) and laboratory in Washington, D.C. The ECT is responsible for conducting computer-related investigations impacting the FDIC and providing computer forensic support to OI investigations nationwide. OI also manages the OIG Hotline for employees, contractors, and others to report allegations of fraud, waste, abuse, and mismanagement via a toll-free number or e-mail.

OI concentrates its investigative efforts on those cases of most significance or potential impact to the FDIC and its programs. Our goal, in part, is to bring a halt to the fraudulent conduct under investigation, protect the FDIC and other victims from further harm, and assist the FDIC in recovery of its losses. Another consideration in dedicating resources to these cases is the need to pursue appropriate criminal penalties not only to punish the offender but to deter others from participating in similar crimes.

Currently, the majority of OI’s caseload is comprised of investigations involving major financial institution fraud. OI’s work in this area targets schemes that resulted in significant losses or vulnerabilities for the institution( s) and/or involves institution officers or insiders, multiple subjects and institutions, obstruction of bank examiners, and/or misrepresentation of FDIC insurance or affiliation. It also includes investigations of fraud resulting in institution failures. Cases in this area are highly complex and resource intensive, often requiring teams of agents and years to complete. Despite the resource demands, the OIG’s commitment to these investigations is imperative, in light of their significance and potential impact to the FDIC and the banking industry. Additionally, from a cost-benefit perspective, these cases have brought results that seem to make our investment in them well worth the effort, as illustrated in some of the cases reported for this period. Although it is impossible to put a price tag on the benefit derived from bringing criminals in these cases to justice, our investigations of major financial institution fraud schemes have brought increased returns measured by successful prosecutions resulting in incarceration, court-ordered fines, restitution to victims, and administrative actions.

In addition to pursuing financial institution-related cases, the OIG commits significant resources to investigations that target fraud by FDIC debtors seeking to conceal their assets from the FDIC. These cases, which include investigations of individuals who fraudulently attempt to avoid payment of court-ordered restitution to the FDIC, made up 28 percent of our caseload as of September 30, 2003. These cases are of great significance to the FDIC, which was owed approximately $1.7 billion in criminal restitution as of September 2003. In most instances, the convicts subject to these restitution orders do not have the means to pay. The focus of OIG investigations in this area is on those individuals who do have the means to pay but hide their assets and/or lie about their ability to pay. We work closely with the Division of Resolutions and Receiverships (DRR) and the Legal Division in aggressively pursuing investigations of these individuals, to ensure that they are brought to justice and that the FDIC, as the victim, recovers as much of its loss as possible.

Joint Efforts

Support and cooperation among other law enforcement agencies is also a key ingredient for success in the investigative community. We frequently “partner” with the Federal Bureau of Investigation (FBI), the Internal Revenue Service Criminal Investigation (IRS-CI), and other law enforcement agencies in conducting investigations of joint interest.

Also vital to our success is our partnership with FDIC program offices. We coordinate closely with the FDIC’s Division of Supervision and Consumer Protection (DSC) in investigating fraud at financial institutions, and with DRR and the Legal Division in investigations involving failed institutions and fraud by FDIC debtors. Our ECT coordinates closely with the Division of Information Resources Management in carrying out its mission. The successes highlighted for the period would not have been possible without the collaboration of these offices.

In addition to carrying out its direct investigative responsibilities, the OIG is committed to providing training and sharing information with FDIC components and other regulators based on “lessons learned” regarding red flags and fraud schemes identified through OIG investigations. OI agents provide regular training during FDIC Commissioned Examiner Seminars, and frequently give presentations to FDIC staff during regional and field meetings. We are also called upon by the Federal Financial Institutions Examination Council, state banking regulatory agencies, and law enforcement agencies to present case studies. During the reporting period, OI participated on the FDIC team that developed a paper on the “Root Causes of Bank Failures from 1997 to the Present,” to be presented during an FDIC-sponsored symposium exploring why banks fail.

Results

The following are highlights of some of the results from our investigative activity over the last 6 months:

Fraud Arising at or Impacting Financial Institutions
Former President of Oakwood Deposit Bank Company Sentenced After Pleading Guilty To Bank
Embezzlement and Money Laundering
Our investigation into the failure of Oakwood Deposit Bank Company led this period to the conviction of the bank’s former president and Chief Executive Officer. After pleading guilty in May 2003 to bank embezzlement and money laundering, the former bank president was sentenced in September 2003 for his role in the fraud scheme that caused the failure of the 99 year-old bank. The defendant was sentenced to 14 years’ imprisonment to be followed by 5 years’ supervised release; he also received a special assessment of $200 and was ordered to pay $48,718,405 in restitution.

As part of his plea, the defendant forfeited any and all of his interest in property controlled by Stardancer Casinos Inc. and its subsidiaries, as he was an investor and part owner of Stardancer. In late 1998, the defendant began investing embezzled bank funds into Stardancer Casinos Inc., a casino gambling operation originally headquartered near Myrtle Beach, South Carolina. Over the course of the next 3 years, the defendant embezzled over $43 million to purchase casino vessels and fund the operations of the casino business. At various times, the business operated ports in Myrtle Beach, South Carolina, and in Jacksonville, Miami, Madeira Beach, Tarpon Springs, and Port Richey, Florida. He forfeited bank accounts relating to Stardancer and two other companies identified in the investigation. He also forfeited real estate and investments in Florida, Ohio, Texas, and South Carolina, his interest in any of the Stardancer vessels and equipment, $520,450 in currency seized by the government, and any substitute properties owned by him but not identified in the investigation as the proceeds of criminal activities.

As a part of this ongoing investigation, agents from the FDIC OIG, the IRS-Criminal Investigation, and the FBI earlier executed seizure warrants on four Stardancer casino vessels, two Stardancer taxi vessels, and nine Stardancer bank accounts. In addition, the agents executed 11 search warrants on two Stardancer corporate offices, three Stardancer ticket offices, one Stardancer security office, two Stardancer casino vessels, two mini-storage facilities (1 warrant) and the Stardancer CEO’s residence (2 warrants). Fourteen FDIC OIG agents and 37 additional agents from the FBI and IRS-CI participated in the multi-agency operation. The vessels and seized slot machines were maintained by a contractor until they were sold at a Treasury Department auction on May 9, 2003, for a total of approximately $2.2 million.

The FDIC closed Oakwood Deposit Bank Company on February 1, 2002, after the discovery of information indicating irregularities in the amount of deposits reported in the records of the bank. According to his plea agreement, the defendant began embezzling funds from the bank in 1993 with a loan to a family member. He admitted to altering bank records and creating paperwork in order to conceal the embezzlement, which resulted in losses to the bank of approximately $48,718,405 and led to the bank’s insolvency.

In addition, the bank suffered other losses as a result of a check-kiting scheme. On August 6, 2003, two former car dealers from Ohio were indicted by a federal grand jury in the Northern District of Ohio, Toledo, Ohio, for conspiracy and bank fraud relating to those losses.

As alleged in the indictment, the charges arose from a check-kiting scheme the defendants allegedly engaged in during calendar year 2001. A check-kite is a fraudulent scheme in which a bank customer utilizes the time it takes to clear checks to create artificially high balances of non-existent funds through a systemic exchange of checks among accounts when, in reality, actual funds do not exist. The indictment alleges that the defendants kited checks between accounts maintained by them at the now defunct Oakwood Deposit Bank Company. Losses on the check-kiting scheme are currently estimated to be over $11 million.

The check-kiting scheme is being investigated by the FDIC OIG and the FBI. Prosecution of the case is being handled by the U.S. Attorney’s Office for the Northern District of Ohio, Toledo, Ohio. The investigation of the defendant’s activities in the failure of Oakwood Deposit Bank Company is being conducted jointly by agents of the FDIC OIG, IRS-CI, and the FBI. Prosecution of the case is being handled by the U.S. Attorney’s Office for the Northern District of Ohio, Toledo, Ohio. The U.S. Attorney’s Office for the Middle District of Florida assisted in the preparation of the Stardancer warrants.

Sinclair National Bank
Task Force Investigation Into the Failure of Sinclair National Bank Leads to Indictment
of Multiple Defendants, Including the Former Bank Owners
On September 17, 2003, the former owner and director of Sinclair National Bank, Gravette, Arkansas, was indicted in the U.S. District Court for the Western District of Missouri on one count of conspiracy and two counts of false statements to the Office of the Comptroller of the Currency (OCC).

The indictment alleges that the former owner and director conspired with other un-named co-conspirators to fraudulently obtain control of Northwest National Bank in Gravette, Arkansas, which was later renamed Sinclair National Bank. As alleged in the indictment, the subject and her co-conspirators used Sinclair National Bank to enrich themselves by using the bank to buy debt from Sinclair Financial Group, a company previously owned by the subject and her former husband. The indictment also alleges that the defendant and others failed to report to the OCC in their application to purchase Sinclair National Bank that the defendant was owed $5 million from an individual that Sinclair National Bank was going to have a business relationship with. The OCC had relied on the information that the defendant provided to approve their application.

The defendant and her former husband owned Sinclair National Bank for approximately 18 months before the institution was closed by the OCC in September 2001, at an estimated $4.4 million loss to the Bank Insurance Fund.

The defendant, with her former husband had owned Sinclair Financial Group until they sold their interest in the company in October 1999, at which time the company was renamed Stevens Financial Group. In March 2001, Stevens Financial Group claimed bankruptcy. At the time of the bankruptcy, Stevens Financial Group defaulted on approximately $60 million in debt that was owed to over 3,000 Missouri investors.

In connection with the ongoing investigation, on September 11, 2003, a grand jury in the Circuit Court of Greene County, Springfield, Missouri, indicted the defendant’s former husband and others on 24 counts of securities fraud. Also named in the indictment were:

• A former accountant for Stevens Financial Group and Sinclair National Bank, on 24 counts of securities fraud, 3 counts of providing false or misleading statements and 2 counts of perjury.
  
  
• The former Stevens Financial Group operations manager, on 24 counts of securities fraud and 6 counts of providing false or misleading statements.
  
  
• An attorney for Stevens Financial Group, on 4 counts of securities fraud and 1 count of providing false or misleading statements.
  
  
• The former owner of Stevens Financial Group, on 24 counts of securities fraud and 6 counts of making false or misleading statements.

The securities fraud charges include allegations that the defendants misrepresented the true financial condition of Stevens Financial Group and Sinclair Financial Group by inflating the assets, net worth, and profitability.

Earlier in the case, the former in-house counsel for the Sinclair National Bank and for the now defunct Stevens Financial Group was charged and pleaded guilty in the U. S. District Court for the Western District of Missouri to one count of obstructing the OCC in its examination of the former Sinclair National Bank. He also pleaded guilty on April 24, 2003, in the Circuit Court of Greene County, Missouri, to a two-count felony complaint charging him with making false or misleading statements to securities investigators of the State of Missouri. As part of the plea agreement, the defendant agreed not to practice law before his sentencing and to surrender his law license when he is sentenced. The agreement also requires that the defendant help state and federal investigators in their ongoing investigations of officers of Stevens Financial Group. In return, the Missouri Attorney General’s Office agreed not to file additional charges against the defendant relating to the investigation of Stevens Financial Group unless he refuses to testify or is discovered telling a lie in the case.

The Department of Justice, Fraud Section, Washington, D.C., assembled a task force at the Kansas City FDIC Regional Office with personnel from the FDIC OIG, FBI, and Treasury OIG to investigate Sinclair National Bank and Sinclair Financial Group allegations. With assistance from the task force, the State of Missouri’s Attorney General’s Office and Missouri Secretary of State’s Office is prosecuting the case at the state level.

Former BestBank Executives and Two Owners of Century Financial Services Indicted for Fraud
On May 22, 2003, a federal grand jury in the District of Colorado returned a 95-count indictment charging five individuals and two corporations with bank fraud, false bank reports, wire fraud, money laundering, conspiracy, securities fraud, tax evasion, failure to file a tax return, and continuing to commit a financial crime, in connection with the failure of BestBank, Boulder, Colorado.

Named in the indictment from BestBank are the following: the former owner, Chief Executive Officer, and Chairman of the Board of Directors; the former President and Director; and the former Chief Financial Officer and Director. Also named in the indictment are the two owners and operators of Century Financial Services, Inc., and Century Financial Group, Inc., of Oakland Park, Florida, from this point on identified as Century Financial. All subjects have been arrested and arraigned on the charges alleged in the indictment.

The indictment alleges that from 1994 through July 1998, the defendants engaged in a business operation that made more than 500,000 BestBank credit card loans to sub-prime borrowers. In July 1998, the Colorado State Banking Commissioner and the FDIC determined that the value of the sub-prime credit card loans maintained as an asset on the books of BestBank was overstated because delinquent loans were fraudulently made to appear non-delinquent. BestBank’s liability to its depositors exceeded the value of its other assets, thereby making it insolvent.

When BestBank failed in July 1998, its largest asset was the portfolio of sub-prime credit card accounts with a reported value of more than $200 million. Sub-prime credit card borrowers are defined as high-risk borrowers with poor credit histories. The credit card accounts were funded by BestBank using money from depositors. BestBank attracted depositors by offering above-market interest rates.

[ Brochures advertising travel club memberships were targeted at subprime ]

According to the indictment, BestBank entered into agreements with Century Financial to market BestBank credit cards to sub-prime borrowers. Century Financial sold $498 travel club memberships, marketed first through Universal Tour Travel Club and later through All Around Travel Club. In almost every instance, those who signed up for the travel club did not pay cash for their membership. Instead, BestBank and Century Financial offered to finance a travel club membership for sub-prime borrowers using a newly issued BestBank VISA credit card. The credit limit for the sub-prime borrowers as provided by the bank was $600. BestBank also charged fees, which immediately brought the borrowers close to the credit limit. Less than half of those who signed up for the travel club received their membership materials.

The indictment further alleges that the defendants carried out a fraudulent scheme in several ways. Most people did not pay the mandatory $20 service fee required before the account was funded. Over 50 percent of the sub-prime borrowers’ accounts were non-performing.

BestBank and Century Financial, in many instances, did not send the sub-prime borrowers their credit card or monthly statements. The indictment further alleges that the two owners of Century Financial fraudulently concealed the sub-prime borrowers’ non-performance and delinquency rates by reporting non-performing accounts as performing. Allegedly, the two defendants paid $20 to some accounts so they would appear to be performing when, in fact, they were not.

The former owner, chief executive officer and chairman of the board of directors and the former president and director of BestBank, and the two owners of Century Financial each received more than $5 million during the course of the alleged fraudulent scheme. The indictment includes an asset forfeiture count, which seeks $100 million to compensate victims for the loss as a result of the bank’s failure.

BestBank was an FDIC-regulated institution that was closed on July 23, 1998, by the Colorado State Banking Commission and the FDIC, making it one of the largest bank failures in the United States in the last 10 years. Depositors’ losses exceeded $200 million. The FDIC’s Bank Insurance Fund covered all depositors’ losses except for $27 million of deposits which exceeded the $100,000 per-account insurance limit.

The case is being investigated by the FDIC OIG, FBI, and IRS-CI and is being prosecuted by the U.S. Attorney’s Office for the District of Colorado and the U.S. Department of Justice.

Former Branch Manager of Security Bank Arrested on Bank Fraud Charges
On July 24, 2003, the former branch manager of Security Bank, Madison, South Dakota, was indicted in the District of South Dakota on 1 count of bank fraud and 11 counts of false entries. The indictment remained sealed until August 7, 2003, when the defendant was arrested and arraigned before the U.S. Magistrate in Sioux Falls, South Dakota. The defendant entered a plea of not guilty. He was released without bond, and a trial date has not been set.

The indictment alleges that from May 1999 until August 2002, he made nominee loans and created fraudulent supporting loan documents in the names of unknowing bank customers. The defendant allegedly used the proceeds from the nominee loans to conceal the poor loan quality, past due status, and over advances to another bank customer. He also allegedly manipulated the bank’s computer system to make loans look as if they were paying on time. Losses from the defendant’s scheme total approximately $906,000.

The case is being investigated by the FDIC OIG and the FBI. The case is being prosecuted by the U.S. Attorney’s Office for the District of South Dakota.

Bank Customer and His Associate Indicted and Arrested on Charges of Aiding and Abetting, Conspiracy, and Bank Fraud Against First State Bank of Harrah, Oklahoma
On May 8, 2003, a customer of First State Bank of Harrah (FSBH), Harrah, Oklahoma, and his business associate were indicted in the United States District Court for the Western District of Oklahoma on aiding and abetting, conspiracy, and bank fraud against the FSBH.

The indictment charges that from September 1997 through December 1998 the FSBH customer, who was in the construction business, conspired with his business associate, and a former executive vice president of FSBH, to defraud FSBH by creating a series of 11 fraudulent nominee loans. The FSBH customer recruited nominee borrowers, including his business associate, in order to obtain loans. A nominee borrower is a person or entity whose name is used for the purpose of obtaining a bank loan when the proceeds are actually used for the benefit of another. The loan proceeds from this scheme totaled $800,000 and were intended to benefit the bank customer.

On May 9, 2003, the bank customer and his associate were arrested by Special Agents of the FDIC OIG and FBI. Oklahoma City police officers also assisted with the arrests.

As reported in our last semiannual report, the former executive vice president of FSBH pleaded guilty to conspiracy to commit bank fraud for his participation in the loan fraud scheme and was sentenced to 5 years’ probation and 6 months’ home confinement.

The investigation of the activities involving FSBH is being conducted jointly by the FDIC OIG and the FBI, and the case is being prosecuted by the U.S. Attorney’s Office, Oklahoma City, Oklahoma.

Former Bank President and Bookkeeper of Town & Country Bank Plead Guilty to Bank Fraud
On September 18, 2003, the former president and chairman of the board of Town & Country Bank pleaded guilty to 1 count of conspiracy to commit bank fraud and 1 count of money laundering of an 11-count superseding indictment returned against him by the federal grand jury in the District of Minnesota on August 11, 2003. The 11-count superseding indictment charged him with bank fraud, money laundering, false bank entries, and conspiracy.

The superseding indictment alleges that the defendant and others executed a scheme to defraud the former Town & Country Bank of Almelund (Minnesota). Specifically, the indictment alleges that the defendant manipulated over 20 false lines of credit that resulted in the failure of the bank in July 2000, when the State of Minnesota declared the bank insolvent and appointed the FDIC as the receiver. The failure of Town & Country resulted in a loss of $1.4 million to the FDIC Bank Insurance Fund.

The investigation continues against a commercial contractor whose company, Riverwoods Development Corporation, was a customer of the bank. On April 8, 2003, a federal grand jury originally indicted the former president and the customer together on eight counts relating to bank fraud, money laundering, making false entries in the bank’s records, and conspiracy. On August 11, 2003, the federal grand jury returned a superceding indictment that added two counts of false bank entries and one count of money laundering. The indictment included a forfeiture charge seeking to recoup $1,174,740 in proceeds from the alleged loan fraud scheme by the subjects, and any other proceeds or property not specifically traced in the indictment. In addition, on September 11, 2003, the former bookkeeper of Riverwoods Development Corporation pleaded guilty to one count of bank fraud of a four-count superseding indictment returned against him by the federal grand jury in the District of Minnesota on August 11, 2003. The four-count superseding indictment charged him with bank fraud, money laundering, false bank entries, and perjury. The perjury count related to the bookkeeper’s 1999 bankruptcy filing whereby he claimed fraudulent loans from Town & Country Bank as his liabilities.

The superseding indictment alleges that the bookkeeper and others executed a scheme to defraud the former Town & Country Bank. Specifically, the indictment alleges that the bookkeeper received $41,000 for signing 10 false loans obtained from the bank between March 1997 and June 1999 and that had a total face value of $371,000. When the bank failed, the FDIC charged off $267,000 in principal loss that was outstanding on the loans.

As part of his plea agreement, the bookkeeper has also agreed to cooperate fully with federal law enforcement in the continuing investigation against the other defendants in this case.

This case is being investigated jointly by the FDIC OIG, FBI, and IRS-CI and is being prosecuted by the U.S. Attorney’s Office for the District of Minnesota.

Owners of Construction Company Sentenced on Charges of Defrauding Community Bank of Blountsville, Alabama
On May 6, 2003, the two owners of Morgan City Construction Company were sentenced in the U.S. District Court of Northern Alabama. The defendants were sentenced to 18 months’ incarceration and ordered to pay restitution in the amount of $178,500.

As previously reported, a jury in the U.S. District Court for the Northern District of Alabama returned guilty verdicts on all three counts of an indictment charging the defendants and their company, Morgan City Construction, with bank fraud and conspiracy to commit bank fraud.

At trial, the government presented evidence showing that between December 1997 and July 2000 the couple used Morgan City Construction, which they own and operate, to submit invoices for construction work purportedly performed for Community Bank, an FDIC-regulated bank located in Blountsville, Alabama. Prosecutors alleged during the trial that some of the invoices were for work never performed and that other invoices were for personal construction work performed for the bank’s chief executive officer, his relatives, and the bank’s vice president of construction and maintenance. Evidence was also presented to show that the records of the bank were falsified to reflect that the work was completed at the bank’s facilities.

The charges against the defendants included a forfeiture claim seeking any property derived from the fraud scheme. Although the government alleged that the couple received a total of approximately $1.7 million as a result of the fraud scheme, the jury decided in separate deliberations that they only netted $178,500 in illicit proceeds.

On May 20, 2003, the FDIC and seven members of the Board of Directors of Community Bank executed a Stipulation and Consent to the Issuance of an Order to Pay (Consent Agreement). Each member agreed to pay $10,000 in civil money penalties. The penalties were assessed by the FDIC against the Board Members and were based on the seriousness of violations of law and regulations; breaches of fiduciary duty; and unsafe and unsound banking practices uncovered by the FDIC.

Also on May 20, 2003, the FDIC issued a Notice of Intention to Prohibit from Further Participation, a Notice of Assessment of Civil Money Penalties, and a Notice of Charges for Restitution against a former Chairman of the Board, an Executive Vice President, and a Director of Community Bank.

This investigation of Community Bank was conducted by agents from the FDIC OIG and FBI. Prosecution of the case was handled by trial attorneys from the Department of Justice, Washington, D.C.

Former Officials of Jasper State Bank Sentenced in Fraud Scheme
On July 24, 2003, the former director and executive vice president of Jasper State Bank, Jasper, Minnesota, and the former head teller of the bank were sentenced in the U.S. District Court for the District of Minnesota. The former director and executive vice president was sentenced to 41 months’ incarceration with 5 years’ supervised release and was ordered to pay $993,827 in restitution. The former head teller was sentenced to 1 month in county jail, 5 months of home detention, and 5 years’ supervised release, and was ordered to pay $84,494 in restitution.

As reported in our last semiannual report, in March 2003, the two former officials of Jasper State Bank pleaded guilty in the U.S. District Court for the District of Minnesota to criminal charges relating to the alleged bank fraud scheme. Specifically, the former director and executive vice president of the bank pleaded guilty to bank fraud, misapplication of funds, and making false entries in the bank’s records; the former head teller pleaded guilty to one count of bank fraud. Both defendants had previously been indicted on similar charges in January 2003.

The former executive vice president of the bank and his brother-in-law were each 50-percent owners of the bank. As the executive vice president, he had extensive authority, served as a loan officer, and had unrestricted access to the bank’s computer system. When entering his guilty plea, he admitted that between July 2000 and March 2002, he misapplied funds belonging to the bank by granting over $800,000 in loans to nominee borrowers to disguise the true beneficiary of the loan proceeds. He also admitted that he made false entries in the books and records of the bank to conceal the loans, altered supporting loan documents, directed the manipulation of records pertaining to delinquent loans, and engaged in the falsification of vehicle inventory reports.

The former head teller admitted to aiding and abetting the executive vice president by making false entries in the records of the bank. Specifically, she admitted to falsifying records to make delinquent loan accounts appear current and to routinely falsifying inventory reports that were submitted to obtain loans from the bank by a company of which she was a part owner.

Jasper State Bank is a $23 million bank in rural Minnesota. The bank incurred total losses of approximately $2.7 million as a result of the loans originated by the defendants, well in excess of the $2.4 million in the bank’s capital and reserves, thus causing it to become insolvent. The bank was saved from failure by the injection of $3 million in capital from two investors.

On July 11, 2003, the former executive vice president stipulated to an action under Section 8(e) of the Federal Deposit Insurance Act, which provides for a lifetime ban from banking. The executive vice president was not assessed any Civil Money Penalty because the criminal restitution in his case exceeded $900,000 and he has no assets.

The investigation that led to the prosecutions was conducted jointly by agents from the FDIC OIG and the FBI. The case is being prosecuted by the U.S. Attorney’s Office for the District of Minnesota.

Management and Sale of FDIC-Owned Assets
Contractors Sentenced for Conspiracy and Submitting False Statements to the FDIC
During this semiannual reporting period, two contractors involved with an FDIC-owned property were sentenced in the U.S. District Court for the Middle District of Florida. One of the contractors was sentenced in August 2003 to 1 year and 1 day in prison and 2 years of probation; he was also fined $3,000 and ordered to pay a special assessment of $100. His associate was sentenced to 2 years’ probation and fined $3,000; in addition, she was ordered to pay a special assessment of $100 in February 2003. As part of their sentencing, they were ordered to forfeit $98,624 and pay $98,624 in restitution. The forfeiture and restitution amounts were satisfied prior to sentencing.

As we described in our last semiannual report, on February 11 and 14, 2003, the two defendants pleaded guilty in the U.S. District Court for the Middle District of Florida. Both defendants pleaded guilty to one count of a four-count indictment that had been returned by a federal grand jury in April 2001; this indictment charged them with conspiracy and making false statements to the FDIC.

The indictment against the two individuals charged them with submitting three false invoices as well as bogus support documentation to the FDIC on behalf of Golden Ocala Golf Course Partners. These documents purported that Golden Ocala Golf Course Partners paid a nonexistent company $240,000 for environmental remediation work that was actually performed by other companies at a total cost of $51,376. Based on this false documentation, the FDIC reimbursed the partnership $150,000 for expenses.

The prosecution of these two individuals was handled by the Middle District of Florida. The investigation was initiated by the Department of Justice and the FDIC OIG and was based upon allegations contained in a civil complaint filed by a private citizen under the False Claims Act. In September 2000, one of the partners entered into an agreement whereby he agreed to pay the government $300,000 to settle the civil complaint.

Misrepresentation Regarding FDIC-Affiliation
Securities Dealer Sentenced to 6 Years in Prison for Selling of Unregistered Securities, Fraud, and Theft
On May 23, 2003, a securities dealer was sentenced in the Riverside County U.S. 67th District Court, Riverside, California, to serve 6 years’ imprisonment and ordered to pay $20,000 in fines. The sentencing was based on his entry of a plea of guilty in October 2002 to an amended complaint charging him with selling unregistered securities, fraud, and theft.

As we previously reported, the subject was arrested on similar charges by agents of the FDIC OIG and the Riverside County (California) District Attorney’s Office on October 7, 2002. The subject, doing business as Jeffco Financial Services, was licensed to sell securities through San Clemente Services, Inc., another company involved in the sale of brokered certificates of deposit (CDs). Relying on information they were provided regarding FDIC insurance coverage, investment yields, fees, and commissions, investors purchased approximately 1,241 CDs totaling $67,390,735 from Jeffco Financial Services. The felony complaint to which the subject pleaded guilty lists the names of 59 individuals or entities to whom he offered or sold unregistered securities which are described in the complaint as “investment contracts in the form of interests in custodialized CDs.” He also pleaded guilty to making misrepresentations regarding “annual average yield,” theft of property exceeding $2.5 million in value, and participating in a pattern of felony conduct involving the taking of more than $500,000.

OIG’s investigation of misrepresentation of FDIC insurance coverage leads to 6-year sentence for securities dealer.

The FDIC OIG investigation was initiated based on a referral by DSC of information obtained during the examination of a bank indicating irregularities in deposits the bank had placed with San Clemente Services. The prosecution of the case was handled by the Riverside County District Attorney’s Office.

Superseding Indictment Adds 80 Additional Charges to Broker Dealers
On August 21, 2003, a federal grand jury for the Northern District of Texas, Dallas, Texas, returned an 80-count superseding indictment against two co-owners of San Clemente Securities, Inc. (SCS) and United Custodial Corporation (UCC), located in San Clemente, California, and two brokers at SCS. The 80-count superseding indictment charges all defendants with conspiracy, false bank entries, false statements, mail fraud, wire fraud, bank fraud, securities fraud, and investment advisor fraud.

As alleged in the indictment, the defendants schemed to defraud various financial institutions and individual investors by inducing them to enter into investment contracts to purchase CDs and other securities issued by the Federal Home Loan Mortgage Corporation and the Federal National Mortgage Association, which would be held and managed for investors by UCC.

As part of their scheme, the defendants falsely and fraudulently failed to advise investors that SCS and UCC would subtract undisclosed fees and commissions of the amount invested. They also made false representations regarding FDIC insurance coverage of the CDs. The investment confirmations and statements they sent to investors were false and intentionally misleading, and money paid to investors when they liquidated an investment prior to maturity was actually money invested by another investment or by other persons. The investors had no ownership in any investment that would be purchased in UCC’s name, and in 1997, SCS, along with its co-owners, had been banned by the National Credit Union Association from doing business with federally insured credit unions because of their deceptive practices.

Fraudulent advertisement to interest investors in purchasing CDs and other securities

The case is being investigated by the FDIC OIG and the FBI. The case is being prosecuted by the U.S. Attorney’s Office for the Northern District of Texas. The investigation was initiated based on a referral from DSC.

Note of appreciation sent to OIG special agent who worked to uncover fraudulent schemes.(Note certain names deleted)

Restitution and Other Debt Owed the FDIC
Judge Rules Seized Artwork the Property of Former Massachusetts Developer
On June 10, 2003, the United States District Court, District of New Jersey, entered a final judgment in favor of the United States and declared that a former Massachusetts developer was the owner of approximately 42 pieces of artwork seized by the OIG during its investigation into her alleged concealment of assets from the FDIC. Barring a successful appeal, the judgment clears the way for the government to sell the artwork and apply the proceeds toward payment of an outstanding restitution order.

The former Massachusetts developer was sentenced in 1995 to serve 24 months in prison and ordered to pay the FDIC $10.9 million in restitution for defrauding the former Bank of New England. Upon her release from prison, she was placed on probation and made some restitution payments in the range of $100 - $300 per month. The OIG initiated its investigation based on information that the former developer was concealing her true residence to the U.S. Probation Office and had falsely reported she had no assets.

Our investigation developed substantial evidence that indicated her claims of indigence were false and that she fraudulently concealed assets in an effort to avoid payment of criminal restitution to FDIC. Among those assets were expensive works of art, which we found housed in a storage facility she had rented under an assumed name. The OIG earlier obtained an order to seize the artwork to offset her outstanding restitution. Throughout the investigation, she maintained the artwork was not hers but belonged to her late husband or her daughter and, therefore, was not subject to the restitution order.

FDIC Debtor and Girlfriend Plead Guilty to Felony Charges
On September 9, 2003, a Hartford businessman pleaded guilty in United States District Court, District of Connecticut, to making a false statement. As previously reported, the defendant and his girlfriend were indicted after our investigation developed evidence that they had participated in a scheme to fraudulently conceal assets from the FDIC. The defendant already owed the FDIC $2.7 million in restitution (as a result of a 1996 bank fraud conviction). During the plea hearing, he admitted that on December 8, 2000, he made a false statement concerning his ownership of a $100,000 U.S. Treasury Bond. He also acknowledged that in a response to an interrogatory sent to him by the United States Attorney’s Office, he represented that he did not possess or have any interest in any bonds when, in truth, he maintained an account with a brokerage firm in which the bond, with a cash value of approximately $70,000, was held. The defendant also made significant income through his various business endeavors such as a used-car business, yacht brokerage, and real estate transactions, all of which he failed to disclose to the U.S. Probation Office.

The defendant’s girlfriend pleaded guilty to assisting him in the attempted concealment of assets from the FDIC. She admitted that she knew the defendant owed $2.7 million in restitution and that she assisted him in later concealing his assets by permitting him to buy and sell real estate in her name. She filled out false loan applications in order to enable her to borrow monies to purchase four properties in Connecticut and Florida. Although the scheme made it appear as if she were making the payments to purchase and improve these properties, the defendant was actually providing the monies by reimbursing his girlfriend for her expenditures.

The investigation of this case was conducted by the FDIC OIG, and the prosecution was handled by the United States Attorney’s Office, District of Connecticut.

FDIC Debtor Sentenced and Pays $500,000 to FDIC
On August 1, 2003, an FDIC debtor from Lubbock, Texas, pleaded guilty in the U.S. District Court for the Northern District of Texas, to making a false statement to the government following an OIG investigation that determined he made misrepresentations during a deposition taken by the FDIC for the purpose of settling a $1.8 million debt he owed the FDIC from an outstanding criminal restitution order. The defendant was sentenced to a period of 1 year probation and, as required under the plea agreement, immediately paid the FDIC $500,000 in settlement of the restitution order.

Our investigation found that the debtor made several false representations in the deposition including his failure to disclose income from oil wells and his interests in other investments including ranching and farm operations. He was also asked to disclose in the deposition whether he had provided any financial statements to any entity in the past 5 years. He failed to disclose three recent financial statements that he had provided to First Southwest Bank to obtain several loans. The FDIC had previously approved a settlement of $180,000, but the Department of Justice put a hold on it pending the results our criminal investigation.

The plea agreement was coordinated with the FDIC Legal Division and DRR.

OIG Assists Federal Reserve OIG in Bomb-Dog Trainer Case The Federal Reserve Board OIG conducted an investigation into a contractor that provided the U.S. Government with bomb-sniffing dogs. At the request of the Federal Reserve OIG, our Electronic Crimes Team assisted in the investigation by examining some 250 pieces of computer evidence seized from search warrants executed at the defendant’s home and business in July 2002. The Electronic Crimes Team’s examination revealed that the defendant had used his computer in order to generate numerous false documents pertaining to his company’s dog handler certifications, including his own certification as an instructor, and to produce test results of the canines’ abilities to detect explosives.

Sentencing Update
Former President of Hartford-Carlisle Savings Sentenced for Bank Fraud
On May 1, 2003, the former president of the now defunct Hartford-Carlisle Savings Bank (HCSB), Carlisle, Iowa, was sentenced in U.S. District Court for the Southern District of Iowa. He was sentenced to 120 months’ incarceration and 5 years’ probation; he was also ordered to pay restitution to the FDIC in the amount of $15,612,610 and a special assessment of $1,500.

On September 4, 2002, the defendant pleaded guilty to making false entries in the records of HCSB in two instances by overstating the value of assets on financial statements submitted in connection with loan applications, and in two other instances by misrepresenting the purpose of loans. He also pleaded guilty to 4 counts of making false statements. Two of those instances involved the submission of Call Reports to the FDIC; these reports failed to disclose HCSB had made loans to its executive officers. In the third false statement count, he pleaded guilty to creating a fraudulent HCSB cashier’s check and a related deposit ticket, both of which he provided to FDIC examiners and purported to be true documents. In the fourth instance, he pleaded guilty to submitting a false financial statement to another FDIC-insured financial institution in connection with an outstanding loan, by understating the true amount and value of his debts and liabilities. In exchange for his guilty plea, the government agreed to drop the remaining charges pending against him as a result of a 34-count indictment returned in November 2001; this indictment charged him and his two brothers with various bank fraud-related activities.

As a result of continuing plea negotiations with the U.S. Attorney’s Office for the Southern District of Iowa, on September 11, 2002, the defendant pleaded guilty to seven additional counts of bank fraud, including making or causing to be made false statements to the Federal Reserve Bank in connection with an application to acquire the stock of HCSB.

As part of the plea negotiations with the government, the defendant will also forfeit a 60-acre farm; his residence in Carlisle, Iowa; a cabin at Clear Lake, Iowa; a condominium in Keystone, Colorado; $272,265 in cash; Worldquest Networks securities; a home entertainment system purchased for approximately $85,000; and a 1999 Cobalt boat purchased for approximately $40,000.

As we previously reported, the defendant’s two brothers, both of whom were former board members of the HCSB, were convicted and sentenced. One of the brothers was sentenced to 5 days’ incarceration and 5 years’ probation; he was also ordered to pay restitution to the FDIC in the amount of $201,441. The other brother was sentenced to 4 days’ incarceration and 5 years’ probation; he was also ordered to pay restitution to the FDIC in the amount of $226,614.

HCSB was an FDIC-regulated institution that was closed on January 14, 2000, by the Iowa Division of Banking. Subsequently, the FDIC OIG and the FBI conducted a joint investigation regarding suspected illegal activities. The U.S. Attorney’s Office for the Southern District of Iowa has handled prosecution of this case.

Other Highlights
OIG Special Agent Receives Award from the U.S. Attorney for the Southern District of Iowa
FDIC Special Agent Laurie West and FBI Special Agent Randy VanGent were presented with plaques from the United States Attorney, Southern District of Iowa, for their exemplary work in the investigation and prosecution relating to the failure of Hartford-Carlisle Savings Bank, Carlisle, Iowa. The U.S. Attorney pointed out that this case involved the largest dollar loss as a result of a bank failure or fraud in the history of the State of Iowa and the Southern District of Iowa. He also expressed his gratitude for the swiftness of an investigation and prosecution of this magnitude.

The inscription on the plaques to Special Agents West and VanGent reads as follows:

Electronic Crimes Team As computers continue to become a major part of the business operational environment, the risk of electronic- related fraud has increased. The OIG is committed to meet the needs of the FDIC and the banking community to combat electronic fraud. As a result, the OIG established an Electronic Crimes Team (ECT) and computer forensic laboratory, housed in Washington, D.C., to investigate unauthorized computer intrusions, computer-related fraud impacting FDIC operations, and to provide computer forensic support to OIG investigations. The ECT is staffed with a Special Agent in Charge, four special agents, and a forensic computer specialist, all of whom have been fully trained as Seized Computer Evidence Recovery Specialists. The ECT coordinates with DIRM and affected FDIC program offices in investigating computer-related crimes. In providing computer forensic support to OIG investigations, the ECT prepares search warrants for electronic media, provides on-site support for serving such warrants, conducts laboratory analysis of the evidentiary content of electronic media seized during criminal investigations, and provides technical advice when computer media are used to perpetrate traditional crimes. The ECT also attends all bank closings where fraud is suspected, and images computer data for evidentiary purposes in resultant criminal prosecutions. The ECT also shares copies of the imaged files with FDIC for its use in resolving the institution and pursuing bond claims. The ECT has also been assisting DRR/Legal as they research the feasibility of creating imaging capability of their own. OIG ECT agents receive intensive training on how to search, seize, and analyze computer systems and evidence encountered during the course of an investigation and during execution of search warrants. The ECT has made training presentations to FDIC staff at various conferences and meetings to make them aware of the ECT capabilities and to outline procedures that should be followed to preserve computer evidence. The ECT also worked with DRR in developing guidelines to be followed at bank closings for the purpose of preserving evidence. The ECT attends meetings with closing team members in advance of scheduled bank closings, to review the bank’s computer configuration and reach agreement on how to proceed with securing data at the closing.

OIG Organization :
Making an Impact

Focusing on the value of our people and the performance capacity of the OIG are top priorities in our organization. Strengthening our workforce capabilities will be particularly important in the next several years to position us for the future. Our intent is to ensure that the OIG will have the expertise necessary to carry out our strategic and performance plans and successfully conduct work related to the OIG-identified Management and Performance Challenges facing the Corporation.

We focused heavily on our human capital efforts this reporting period. We completed two important initiatives under our Human Capital Strategic Plan that form the foundation for future human capital related efforts: the Business Knowledge Inventory System and the OIG Competencies Project. Through these efforts we have: prepared inventories of existing and needed workforce knowledge, identified competencies needed for every OIG position, and integrated the competencies with performance management criteria in the Performance Management Program. Other human capital projects are underway that build upon these efforts, including: aligning the competencies with OIG position descriptions and developing strategies to close the identified workforce knowledge gaps. Of note, the OIG has added several former bank examiners to its audit staff over the past several months. Future projects will develop guidance for leadership development and training to complement our leadership competency.

As discussed previously, earlier this year the OIG identified the most significant Management and Performance Challenges facing the FDIC. We have continued to demonstrate our commitment to adding value to the Corporation by designing our core mission activities of audits, evaluations, and investigations, and other reviews to directly relate to these challenges. Details of our audit, evaluations, and investigations during this reporting period are presented along these lines earlier in this report. As a whole, this work shows increased alignment with the FDIC’s Management and Performance Challenges and our strategic goals and mission. Our 2003 Performance Report also shows our progress in creating this alignment and in meeting our strategic goals.

To help us fulfill our commitment to adding value we are focused on communications with our stakeholders. In this spirit, we recently completed the fifth external customer survey regarding satisfaction with OIG products, processes, and services. We also continue to summarize significant OIG activities and accomplishments in a Weekly Highlights Report to the Chairman; perform reviews of proposed policies, regulations, and legislation; and participate in important corporate and industry initiatives. During this period our Office of Audits issued its Fiscal Year 2004 Assignment Plan. Communication with corporate management during the development of the plan ensured comprehensive coverage of the Corporation’s management and performance challenges. Further, we continued to work with the Corporation in the drafting stages of policy development and other initiatives, providing significant input into such critical areas as information security, the new enterprise architecture, and physical security.

OIG Interns The OIG welcomed two interns to the office over the summer, Nicole Arbeiter and Michael Green. Originally from New York, Ms. Arbeiter is a senior at the University of Maryland where she is studying Finance. Ms. Arbeiter worked in the OIG’s Office of Management and Congressional Relations. Her res- ponsibilities included assisting with the OIG conference planned for October, updating the Policies and Procedures Manual, and helping with Internet postings of OIG products. Mr. Green is from Potomac, Maryland, and is a senior at Tufts University. A History major and a Communications and Media Studies minor, Mr. Green helped with a number of important projects and publication efforts in the immediate office of the Inspector General related to Inspector General community activities government-wide and various internal OIG communication initiatives.

Scholarship for Service Student Joins the OIG Daniel Craven joined the OIG as a Scholarship for Service student. Mr. Craven is studying at the Naval Post Graduate School in Monterey, California. He has assisted the Office of Audits in the justification, configuration, and implementation of its new Computer Lab.

OIG Completes Two Key Initiatives of Human Capital Strategic Plan

The OIG’s Business Knowledge Inventory System was developed to create a data-base of the collective business knowledge of all OIG employees and determine where our office may have gaps between the knowledge we need to perform our current and future audit, evaluation, and investigation work and the knowledge we collectively possess. We initiated this effort during the previous reporting period. During the current reporting period the OIG completed the survey, and summary data were prepared detailing the knowledge, education, and certifications of OIG staff. This information provides office heads and supervisors with a basis to determine the strengths and potential knowledge/skill weaknesses in the workforce and create business strategies to close knowledge gaps for conducting our future work. In addition, individuals can use the survey to develop their own career development plans and work with their supervisors to target training and professional development to those areas where the OIG has the greatest needs to increase knowledge and skills.

The purpose of our Key Competencies Project is to identify the behaviors and skills needed by OIG staff members to contribute successfully to the overall mission and goals of the OIG. The core competencies can be used for: performance management; selection and promotions; individual training and development; organizational development; and position descriptions. The OIG contracted with an outside firm to help with this initiative. A core competency model was developed, refined, and validated by surveying all OIG employees to ascertain the job-relatedness and importance of the competencies and associated performance criteria to their particular positions. The model identified six competencies and associated performance criteria for all OIG staff and supervisors. (See next page.) Based on the results of the validation survey, OIG executives approved the use of the core competencies for the 2003-2004 cycle of the Performance Management Program, and OIG supervisors were trained on using the competencies and performance criteria in the Performance Management Program. In addition, a detailed presentation to all staff about the development of the key competencies and how they will be used was prepared for an OIG-wide conference. We plan to integrate the competencies and performance criteria into OIG position descriptions to ensure consistency with the validated model.

OIG Policy Reviews Aim to Assist FDIC Program Officials

During this period, the OIG reviewed 51 policies that were proposed by FDIC operating divisions and offices. We provided the Corporation with 11 policy issues and suggestions aimed at strengthening and increasing the effectiveness of the policies. Seven of the 11 policy suggestions were resolved in subsequent or final drafts of the policies. The other four policy suggestions relate to pending policies. The suggestions related to such diverse corporate areas as physical security, human resources, the receivership management program, and many aspects of information technology security. We also provided extensive advisory comments and editorial suggestions to help clarify the policies, which were also generally included. During the reporting period we focused on developing a more useful format for reporting the policy suggestions to the Corporation and worked to create a means on our internal OIG Web site to make these analyses available to all OIG staff. The revised format separates significant policy issues and suggestions from other, more editorial suggestions designed to improve clarity.

OIG Key Competencies Six competencies were developed that we believe all OIG staff need to contribute successfully to the OIG mission and goals. These competencies form the basis for performance expectations of every OIG employee, including executives. Achieves Results. Assumes responsibility and accountability for achieving results in support of the FDIC and OIG missions and goals. Communicates Effectively. Effectively communicates orally and in writing to promote mutual understanding, effective decision-making, and information gathering. Demonstrates Teamwork. Builds and maintains inclusive, responsive, and constructive working relationships based on mutual respect and a shared commitment to the OIG’s mission, values, and goals. Exhibits Technical Competence. Demonstrates the technical knowledge, skills, and abilities necessary to effectively carry out the duties and responsibilities of his or her position. Demonstrates Responsibility and Self-development. Takes personal initiative to improve individual and organizational performance and promote the OIG’s values and goals, while exhibiting high standards of professional and ethical behavior and integrity. Leads Effectively (supervisors only). Creates and maintains a high-performance climate where all employees are challenged and encouraged to achieve excellence. Each of these competencies has been further defined with subsidiary criteria describing the types of performance behaviors included under the competency. We believe full integration of these core competencies into the OIG’s human capital system will help foster a greater results-oriented, high-performance culture and enhance accomplishment of OIG strategic goals and objectives.

Revised Quality Standards for Federal Offices of Inspector General
The Assistant Inspector General for Quality Assurance and Oversight served as Chairman of the President’s Council on Integrity and Efficiency committee to update the Quality Standards for Federal Offices of Inspector General. These standards, which have not been updated since 1986, were updated during the 25th anniversary year of the enactment of the Inspector General Act of 1978, as amended. Building on and incorporating the Inspector General Act and other related laws and standards, these updated quality standards for federal IGs encompass the broad range of OIG activities and functions and address: ethics, independence, and confidentiality; professional standards for audits, inspections, evaluations, and investigations; internal control standards and activities; internal and external quality assurance programs, including peer reviews; strategic and annual planning and coordination; communicating results of OIG activities; managing human capital; reviewing
legislation and regulations; and receiving and reviewing allegations. Of particular note, these standards incorporate recent revisions of the Government Auditing Standards (issued by the Comptroller General of the United States) with which Inspectors General are mandated to comply under the Inspector General Act. The recent revisions made significant improvements to the independence standard applicable to audit work. Consistent with these quality standards, the OIG plans to develop a quality assurance framework that will provide a comprehensive documentation of the mechanisms the FDIC OIG has in place to ensure that OIG work meets the highest level of quality and provides the highest value to the FDIC and the Congress.

OIG Internal Activities

• Issued the OIG’s FY 2003 Performance Report.
  
  
• Issued the OIG’s Strategic Plan (2004-2008) and FY 2004 Performance Plan, which reflects an updated strategic framework with improved linkages to the FDIC Strategic Plan, the OIG Human Capital Strategic Plan, the OIG Office of Audits’ Assignment Plan, and the OIG-identified management and performance challenges facing the FDIC.
  
  
• Completed the fifth external customer survey regarding satisfaction with OIG products, processes, and services.
  
  
• The Assistant Inspector General for Quality Assurance and Oversight served as Chairman of the President’s Council on Integrity and Efficiency (PCIE) committee to update the Quality Standards for Federal Offices of Inspector General.
  
  
• Initiated a peer review of the Department of Commerce’s OIG.
  
  
• Provided presentations on the PCIE and the Executive Council on Integrity and Efficiency peer review process to Inspector General Auditor Training Institute participants attending training courses on the new U.S. General Accounting Office’s Government Auditing Standards.
  
  
• Continued participation in inter-agency Government Performance and Results Act (Results Act) interest groups sponsored by the President’s Council on Integrity and Efficiency, the National Academy of Public Administration, and the U.S. Office of Personnel Management to share ideas and best practices on Results Act implementation.
  
  
• Hosted an interagency symposium on the Federal Information Security Management Act of 2002 (FISMA). Representatives of 44 federal agencies attended the symposium to share information, ideas, and best practices related to implementing FISMA.
  
  
• Participated at the Institute of Internal Auditors’ international conference and Association of Government Accountants’ Professional Development Conference.
  
  
• Attended the Institute of Internal Auditors’ Financial Services Conference to share information and insights into the most critical issues facing financial services professionals.
  
  
• Attended the Federal Audit Executive Council conference which provides an opportunity for heads of audit organizations across government to discuss issues of mutual interest, strategies, and best practices.
  
  
• Presented the Federal Inspector General Peer Review Process to the Maryland Association of Certified Public Accountants’ Annual Government and Not-for-Profit Conference.
  
  
• Hosted visitors from Thailand’s Office of the Auditor General, Poland’s Ministry of Finance, and the Assistant to the President of the Dominican Republic. The Inspector General briefed them on the Corporation’s mission; the role of the federal Inspector General community in ensuring economy, efficiency, effectiveness and integrity in government programs and operations; and the FDIC OIG in particular.
  
  
• An OIG Special Agent received a special award for exemplary work in investigation and prosecution related to the failed Hartford-Carlisle Savings Bank, a case involving the largest dollar loss as a result of a bank failure/fraud in the history of the state of Iowa.
  
  
• Launched a Web site focusing on Information Security within the OIG which is designed to provide information security-related contacts, issues, documentation, tips, and links for all OIG staff.
  
  
• Two interns worked in the Office of Management and Congressional Relations and the immediate OIG. A Scholarship for Service Student was also brought in to work in the Office of Audits’ Information Assurance Group.
  
  
• Issued informational brochures on the OIG and Office of Investigations to inform others of our mission and work.
  
  
• Established Office of Audits’ (OA) Computer Lab to facilitate OA’s security reviews and enhance data analysis capabilities.

Coordination with and Assistance to FDIC Management

• Coordinated the preparation and revision of management control plans and risk assessments for the OIG’s accountability units under the Corporation’s Internal Control and Risk Management Program.
  
  
• Provided OIG Weekly Highlights Report to the Chairman summarizing significant OIG activities.
  
  
• Participated in FDIC’s Information Technology Security Meeting. The purpose of the meeting was to determine the best way for the Corporation to continue to oversee and monitor the FDIC’s Information Technology (IT) Security Plan. The meeting provided a beneficial forum to discuss IT security matters and the need for continued FDIC senior management attention.
  
  
• Participated and made presentations at the FDIC/Department of Justice Bank Fraud Conference.
  
  
• Provided substantive suggestions on FDIC draft policies related to IT security, physical security, human resources, and the receivership management program.
  
  
• Participated in the Division of Resolutions and Receiverships’ fraud conference.
  
  
• Gave presentations at DSC’s Commissioned Examiner Seminars to foster a better understanding of OIG work.
  
  
• Continued focused outreach efforts to meet periodically with and update senior corporate management on OIG audits, evaluations, and investigations.
  
  
• Participated in an advisory capacity on the Information Technology Subcommittee of the Audit Committee.
  
  
• Participated on a corporate team developing a presentation for the FDIC’s October 2003 Symposium on “Why Banks Fail.”

Organization Chart