Congratulations
Inspector General's Statement As I write this semiannual report statement, the Inspector General (IG) community is celebrating the 25th anniversary of the IG Act, signed into law by President Jimmy Carter on October 12, 1978. Our commemoration of this event has included a meeting of the federal Inspectors General with President Bush; a Congressional oversight hearing of the Subcommittee on Government Efficiency and Financial Management, Committee on Government Reform, U.S. House of Representatives; Congressional resolutions acknowledging IG contributions to good government; reissuance of the Quality Standards for Federal Offices of Inspector General, now known as the “Silver Book;” media coverage explaining the role and impact of federal Offices of Inspector General (OIG); and an annual awards ceremony honoring the significant work of some of the more than 11,000 employees in the federal IG community. I am especially proud that FDIC OIG employees received six awards this year. In keeping with the spirit of the anniversary, all FDIC OIG staff had an opportunity to recommit to the mission of the OIG at the FDIC during an office-wide conference held this month. Our conference focused on the FDIC OIG’s mission, vision, and core values. We seek to help the FDIC ensure stability and public confidence in the nation’s financial system. We want to be viewed as a valuable part of the Corporation and to be one of the best OIGs in government. Our CORE values embrace Communication, Objectivity, Responsibility, and Excellence. In pursuit of our mission, vision, and values, we designed several sessions at the conference so that our staff could publicly articulate and appreciate how their public service contributes to accomplishing our strategic goals in 4 areas—value and impact, communication and outreach, human capital, and productivity. Organization-wide, we are focusing on the steps necessary for us to become a high-performance organization, and the celebration of the 25th anniversary of the IG Act is a powerful inspiration to us during this journey. During the reporting period, we achieved significant results in areas of corporate management and performance challenges. Our Material Loss Review of the Failure of Southern Pacific Bank and our 2003 Federal Information Security Management Act (FISMA) evaluation are but two examples of important work products issued during the past 6 months. The material loss review concluded that Southern Pacific Bank failed because of ineffective corporate governance at the institution, leading to a potential loss to the insurance funds of about $91 million. Our report raised an issue related to oversight of parent holding companies of industrial loan companies—one that we plan to pursue in future work. Our FISMA evaluation concluded that the Corporation has only limited assurance of adequate security of its information resources. The report highlights 10 key areas where the Corporation needs to focus attention to address information security weaknesses. In connection with our FISMA work, I am compelled to reiterate a matter of increasing concern, a fundamental organizational weakness that surfaced once again this year: the Corporation’s lack of a Chief Information Officer. This position has remained vacant for more than 2 years, during which time the Corporation has spent millions of dollars for information technology (IT) projects. During this same timeframe, a number of critical IT issues have faced the Corporation, as evidenced by the results of our FISMA and other IT-security related reviews. Over the past 2 years, the Corporation has attempted, unsuccessfully, to fill this position three times, while other federal agencies have been able to fill similar positions. Further, we are in the midst of an IT revolution that offers organizations boundless opportunities to improve their efficiency and effectiveness. To better ensure that the Corporation can address its critical IT issues and is fully positioned to leverage its IT potential, it must provide permanent IT leadership and direction by filling its Chief Information Officer position.* Another leadership vacancy at the FDIC that I have addressed in past semiannual reports is the vacant Director position on the FDIC Board. The President has sent forward the name of a candidate, and the Senate has held his confirmation hearing; however, he has not yet been confirmed. As I have expressed on many previous occasions, the vital balance implicit in the Board structure can only be maintained when the Board is operating at full strength. We therefore again urge the Congress to take timely action to fill this vacancy.* With respect to our investigative efforts during the reporting period, we continue to report many successes in our cases of major fraud at financial institutions and concealment of assets cases where FDIC debtors fraudulently attempt to avoid payment of restitution that has been ordered. This period we are reporting 30 indictments/ informations; 8 convictions; and fines, restitution, and monetary recoveries of $68.1 million. In keeping with our efforts to become more high-performing, our internal OIG activities during the past 6 months have focused on implementation of key aspects of our Human Capital Strategic Plan—our business knowledge inventory system and our key competencies project. Transparency and accountability are basic precepts of good governance. In that spirit, we are including our Fiscal Year 2003 Performance Report as an integral part of this semiannual report. As stated previously, we are committed to pursuing continual improvement in our overall performance. We met or substantially met 79 percent of our goals. Twenty-one percent were not achieved. We cannot attain our goals and become a high-performance organization without the support of many others, among those the Congress, the IG community, federal law enforcement officials, and most especially FDIC management. We will continue to work with these groups in a spirit of partnership as we focus on all areas of our performance in the coming months. In closing, our office was saddened by the recent deaths of two former colleagues—David Loewenstein and Edward Sobota. We value their past contributions to the FDIC and OIG missions, will long remember them, and extend sincere sympathy to their families. Gaston L. Gianni, Jr. [Electronically produced version; original signed by Gaston L. Gianni], Table of Contents Management and Performance Challenges The Management and Performance Challenges section of our report presents OIG results of audits, evaluations, and other reviews carried out during the reporting period in the context of the OIG’s view of the most significant management and performance challenges currently facing the Corporation. We identified the following 10 management and performance challenges and, in the spirit of the Reports Consolidation Act of 2000, we presented our assessment of them to the Chief Financial Officer of the FDIC in February 2003. The Act calls for these challenges to be presented in the FDIC’s consolidated performance and accountability report. The FDIC includes such reporting as part of its Annual Report. Our work has been and continues to be largely designed to address these challenges and thereby help ensure the FDIC’s successful accomplishment of its mission.
OIG work conducted to address these areas during the current reporting period includes 20 audit and evaluation reviews containing both monetary and nonmonetary recommendations; comments and input to the Corporation’s draft policies in significant operational areas; participation at meetings, symposia, conferences, and other forums to jointly address issues of concern to the Corporation and the OIG; and assistance provided to the Corporation in such areas as developing input for a “Why Banks Fail” symposium, and participation on the FDIC Audit Committee’s Information Technology Subcommittee. (See pages 11- 28.) Investigations In the Investigations section of our report, we feature the results of work performed by OIG agents in Washington, D.C.; Atlanta; Dallas; and Chicago who conduct investigations of alleged criminal or otherwise prohibited activities impacting the FDIC and its programs. In conducting investigations, the OIG works closely with U.S. Attorneys’ Offices throughout the country in attempting to bring to justice individuals who have defrauded the FDIC. The legal skills and outstanding direction provided by Assistant United States Attorneys with whom we work are critical to our success. The results we are reporting for the last 6 months reflect the efforts of U.S. Attorneys’ Offices throughout the United States. Our write-ups also reflect our partnering with the Federal Bureau of Investigation, the Internal Revenue Service, Secret Service, and other law enforcement agencies in conducting investigations of joint interest. Additionally, we acknowledge the invaluable assistance of the FDIC’s Divisions and Offices with whom we work closely to bring about successful investigations. Investigative work during the period led to indictments or criminal charges against 30 individuals and convictions of 8 defendants. Criminal charges remained pending against 33 individuals as of the end of the reporting period. Fines, restitutions, and recoveries stemming from our cases totaled almost $68.1 million. This section of our report also includes an update on a legislative proposal we have put forth to the Congress to enhance enforcement authority for misrepresentations regarding FDIC insurance. It also discusses our Electronic Crimes Team and acknowledges awards given to one of our Special Agents and to an Assistant U.S. Attorney with whom we have worked on many high-profile criminal restitution cases. (See pages 29- 44.) OIG Organization In the Organization section of our report, we note some of the significant internal activities that the FDIC OIG has recently pursued. Chief among these are efforts in furtherance of our Human Capital Strategic Plan related to competencies and the business knowledge and skills needed by OIG staff to provide maximum value to the Corporation. We highlight our work related to commenting on draft FDIC policies. Activities of OIG Counsel and cumulative OIG results covering the past five reporting periods are also shown in this section. (See pages 45-54.) OIG’s Fiscal Year 2003 Performance Report We are including our performance report for fiscal year 2003 as a separate but integral component of our Semiannual Report to the Congress. Our performance report summarizes our progress against our 34 annual performance goals for the fiscal year. These goals fell under four categories: OIG Products Add Value and Achieve Significant Impact, Communication Between the OIG and Stakeholders Is Effective, Align Human Resources to Support the OIG Mission, and Resources Are Effectively Managed. It is our hope that by presenting this report along with our semiannual report, our results will be transparent, and the Congress and other readers will have a more complete picture of our overall performance and accountability. (See pages 55-83.) Appendix The Appendix of our report contains much of the statistical information required under the Inspector General Act, as amended. Additionally, the back section of our report features news of retirements and some recent, noteworthy accomplishments of award-winning FDIC OIG staff. Sadly, we also include obituaries of two former colleagues. (See pages 86-97.) The Office of Audits issues 20 reports containing total questioned costs of $117,116 and funds put to better use of $1,175,321.
Management and Performance Challenges
In many prior semiannual reports, we identified our view of the most significant issues facing the Corporation as it carried out its mission. Over the past 7 years, we have reported our work in the context of these major issues in our semiannual reports, largely in response to the request of various congressional Committees that OIGs identify these issues across the government. During the previous reporting period, we again considered these issues, but in a slightly different context. To explain—in the spirit of the Reports Consolidation Act of 2000, in February 2003, we provided the Chief Financial Officer (CFO) of the FDIC the OIG’s assessment of “the most significant management and performance challenges” facing the Corporation. The Act called for these challenges to be included in the FDIC’s 2002 consolidated performance and accountability report. The Corporation did include a listing of the challenges in its Annual Report for 2002. The Annual Report combines the Chief Financial Officers Act Report and the Program Performance Report required by the Government Performance and Results Act. Our Annual Assignment Plan for fiscal year 2004 is also designed to address these challenges. We identified the following management and performance challenges challenges:
For the current reporting period, we continue to present our work in the context of these challenges. The Corporation has had a number of actions underway to address each of the areas, and we have encouraged continued attention to all of these challenges as we conduct our work. We also note that a number of issues in our work during the reporting period—some complete, some still ongoing—relate to effective management of key, critical, high-dollar projects. Examples include our work on the New Financial Environment, Central Data Repository, and Virginia Square II Construction projects. We plan to continue and perhaps expand our work examining the Corporation’s preparedness to manage these and other such projects going forward to help ensure the Corporation’s success in accomplishing project goals. We will continue to pursue audits, evaluations, investigations, and other reviews that address the management and performance challenges we identified. Our work during the reporting period can be linked directly to these challenges and is presented as such in the sections that follow. We will be updating our identification of the Management and Performance Challenges by year-end 2003 and will continue to work with corporate officials to successfully address all challenges identified.
Adequacy of Corporate Governance in A number of well-publicized announcements of business failures, including financial institution failures, have raised questions about the credibility of accounting practices and oversight in the United States. These events have increased public concern regarding the adequacy of corporate governance and, in part, prompted passage of the Sarbanes-Oxley Act of 2002. The public’s confidence in the nation’s financial system can be shaken by deficiencies in the adequacy of corporate governance in insured depository institutions. For example, the failure of senior management, boards of directors, and auditors to effectively conduct their duties has contributed to some recent financial institution failures. In certain cases, board members and senior management engaged in high-risk activities without proper risk management processes, did not maintain adequate loan policies and procedures, and circumvented or disregarded various laws and banking regulations. In other cases, independent public accounting firms rendered unqualified opinions on the institutions’ financial statements when, in fact, the statements were materially misstated. To the extent that financial reporting is not reliable, the regulatory processes and FDIC mission achievement (that is, ensuring the safety and soundness of the nation’s financial system) can be adversely affected. For example, essential research and analysis used to achieve the supervision and insurance missions of the Corporation can be complicated and potentially compromised by poor quality financial reports and audits. The insurance funds could be affected by financial institution and other business failures involving financial reporting problems. In the worst case, illegal and otherwise improper activity by management of financial institutions or their boards of directors can be concealed, resulting in potential significant losses to the FDIC insurance funds. The Corporation has initiated various measures designed to mitigate the risk posed by these concerns, such as reviewing the bank’s board activities and ethics policies and practices and reviewing auditor independence requirements. In addition, the FDIC reviews the financial disclosure and reporting obligations of publicly traded state non-member institutions. The FDIC also reviews their compliance with Securities and Exchange Commission regulations and the Federal Financial Institutions Examination Council-approved and recommended policies to help ensure accurate and reliable financial reporting through an effective external auditing program. Other corporate governance initiatives include the FDIC’s issuing Financial Institution letters, allowing bank directors to participate in regular meetings between examiners and bank officers, maintaining a “Directors’ Corner” on the FDIC Web site, and the expansion of the Corporation’s “Directors’ College” program. The adequacy of corporate governance will continue to require the FDIC’s vigilant attention. During the reporting period, our work on the Material Loss Review of the Failure of Southern Pacific Bank attested to the significance of the issue of corporate governance. This work is discussed in the section of this semiannual report entitled Management and Analysis of Risks to the Insurance Funds. Protection of Consumer Interests The FDIC is legislatively mandated to enforce various statutes and regulations regarding consumer protection and civil rights with respect to state-chartered, nonmember banks and to encourage community investment initiatives by these institutions. Some of the more prominent laws and regulations related to this area include the Truth in Lending Act, Fair Credit Reporting Act, Real Estate Settlement Procedures Act, Fair Housing Act, Home Mortgage Disclosure Act, Equal Credit Opportunity Act, Community Reinvestment Act of 1977, and Gramm-Leach-Bliley Act (GLBA). The Corporation accomplishes its mission related to fair lending and other consumer protection laws and regulations by conducting compliance examinations, taking enforcement actions to address unsafe or unsound banking practices and compliance violations, encouraging public involvement in the compliance process, assisting financial institutions with fair lending and consumer compliance through education and guidance, and providing assistance to various parties within and outside of the FDIC. The FDIC’s examination and evaluation programs must assess how well the institutions under its supervision manage compliance with consumer protection and fair lending laws and regulations and meet the credit needs of their communities, including low- and moderate-income neighborhoods. The FDIC must also work to issue regulations that implement federal consumer protection statutes both on its own initiative and together with the other federal financial institution regulatory agencies. One important focus is the GLBA, because the Corporation must ensure it has a quality program to examine institution compliance with privacy and other provisions of the Act. The Corporation’s community affairs program provides technical assistance to help banks meet their responsibilities under the Community Reinvestment Act. The current emphasis is on financial literacy, aimed specifically at low- and moderate-income people who may not have had banking relationships. The Corporation’s “Money Smart” initiative is a key outreach effort. The FDIC must also continue efforts to maintain a Consumer Affairs program by investigating consumer complaints about FDIC-supervised institutions and answering consumer inquiries regarding consumer protection and fair lending laws and banking practices, and providing data to assist the examination function.
What Progress Has the FDIC Made in Examining We conducted an evaluation to determine whether the FDIC has made reasonable progress in implementing the GLBA Title V privacy provisions. We determined that, overall, the FDIC has made reasonable progress in implementing Title V provisions relating to safeguarding customer information and privacy notice requirements. The Division of Supervision and Consumer Protection (DSC) assesses a financial institution’s compliance (1) with standards for safeguarding customer information through information technology examinations and (2) with privacy notice requirements through compliance examinations. The GLBA Title V provisions related to Fair Credit Reporting Act-affiliate information sharing have not yet been fully implemented but are being addressed through proposed interagency regulations still in process. Notwithstanding the progress made, we determined that the FDIC could take additional steps to help ensure full implementation of the GLBA Title V privacy provisions, and we made two recommendations to that effect. As for GLBA Title V provisions related to fraudulent access to financial information, the Corporation had made modest progress in implementing provisions. The FDIC issued guidance on identity theft and pretext calling to financial institutions, but DSC has not established specific examination procedures to determine financial institutions’ compliance with the guidance. We therefore recommended that DSC standardize its guidance related to reporting the results of evaluating a financial institution’s compliance with the standards for safeguarding customer information. DSC was responsive to our recommendations and is taking steps to address them.
Management and Analysis of Risks A primary goal of the FDIC under its insurance program is to ensure that its deposit insurance funds do not require augmentation by the U.S. Treasury. Achieving this goal is a considerable challenge given that the FDIC supervises only a portion of the insured depository institutions. The identification of risks to non-FDIC supervised institutions requires effective communication and coordination with the other federal banking agencies. The FDIC engages in an ongoing process of proactively identifying risks to the deposit insurance funds and adjusting the risk-based deposit insurance premiums charged to the institutions. Recent trends and events continue to pose risks to the funds. From January 1, 2002 to September 30, 2003, 13 insured financial institutions failed, and the potential exists for additional failures. While some failures may be attributable primarily or in part to economic factors, bank mismanagement and fraud have also been key factors in the most recent failures. The environment in which financial institutions operate is evolving rapidly, particularly with the acceleration of interstate banking, new banking products and complex asset structures, and electronic banking. The industry’s growing reliance on technologies, particularly the Internet, has changed the risk profile of banking. The consolidations that may occur among banks, securities firms, insurance companies, and other financial services providers resulting from the GLBA pose additional risks to the FDIC’s insurance funds. The Corporation’s supervisory approach must operate to identify and mitigate these risks and their real or potential impact on financial institutions to preclude adverse consequences to the insurance funds. Another risk to the insurance funds results from bank mergers that have created “megabanks,” or “large banks,” which are defined as institutions with assets of over $25 billion. For many of these institutions, the FDIC is the insurer but is not the primary federal regulator. Megabanks offering new or expanded services also present challenges to the FDIC. For example, the failure of a megabank, along with the potential closing of closely affiliated smaller institutions, could result in losses to the deposit insurance funds that require significant increases in premium assessments from an institution. Further, because of bank mergers and acquisitions, many institutions hold both Bank Insurance Fund (BIF) and Savings Association Insurance Fund (SAIF) insured deposits, obscuring the difference between the funds. There is ongoing consideration of merging the two insurance funds with the perceived outcome being that the merged fund would not only be stronger and better diversified but would also eliminate the concern about a deposit insurance premium disparity between the BIF and the SAIF. Assessments in the merged fund would be based on the risk that institutions pose to that fund. The prospect of different premium rates for identical deposit insurance coverage would be eliminated. Also, insured institutions would no longer have to track their BIF and SAIF deposits separately, resulting in cost savings for the industry. The Corporation has worked hard to bring about deposit insurance reform, and the OIG supports the FDIC’s continued work with the banking community and the Congress in the interest of eventual passage of reform legislation. Another risk to the insurance funds relates to the designated reserve ratio. As of March 31, 2002, the BIF reserve ratio was at 1.23 percent, the first time since 1995 that the ratio had fallen below the statutorily mandated designated reserve ratio of 1.25 percent for the deposit insurance funds. (If the BIF ratio is below 1.25 percent, in accordance with the Federal Deposit Insurance (FDI) Act, the FDIC Board of Directors must charge premiums to banks that are sufficient to restore the ratio to the designated reserve ratio within 1 year. The Corporation must maintain or exceed the designated reserve ratio, as required by statute.) By June 30, 2002, the BIF reserve ratio was at 1.25 percent, the mandated reserve ratio. As of March 31, 2003, the BIF ratio was at 1.28 percent, and as of June 30, 2003, it was at 1.29 percent. The process for setting deposit insurance premiums, which is closely related to the above discussion of the designated reserve ratio, represents yet another significant risk to the insurance funds. Insurance premiums are generally assessed based on the funding requirements of the insurance funds. This approach has the impact of assessing premiums during economic downturns when banks are failing and are likely not in the best position to afford the premiums. Also, numerous institutions have benefited from being able to sharply increase insured deposits without contributions to the insurance funds commensurate with this increased risk. This situation can occur because the designated reserve ratio is not breached, thereby triggering across-the- board premiums. Current deposit insurance reform proposals include provisions for risk-based premiums to be assessed on a more regularly scheduled basis than would occur using the existing approach. Risk-based premiums can provide the ability to better match premiums charged to institutions with related risk to the insurance funds. Why Did Southern Pacific Bank Fail and How
Adequate Was the FDIC’s Supervision? We concluded that Southern Pacific Bank (SPB) failed because of ineffective corporate governance, leading to a material loss to the BIF. The individual who served both as the Chairman and President of the bank’s holding company and as the Chairman and interim President of SPB dominated the operations of the bank. Under these circumstances, bank management pursued a strategy of high-growth, high-risk commercial lending without proper risk management processes. Additionally, SPB’s external auditor did not assure adequate disclosure of SPB’s financial condition, results of operations, and internal control weaknesses. As a result, the bank experienced significant losses in its commercial loan portfolio. Furthermore, the downturn in the telecommunications and technology sectors in the early 2000s and the impact of the September 11th terrorist attacks on the airline industry exacerbated the deterioration in the bank’s portfolio. With respect to the supervision of SPB, the FDIC and state examiners conducted annual examinations, consistently identifying and reporting deficiencies and taking various informal and formal enforcement actions, but these actions were of limited effect in reducing the risk of a material loss to the insurance fund. In particular, examiner guidance is needed for assessing the capital requirements and provision for losses associated with high-risk commercial loans. The FDIC implemented the PCA provisions of section 38 of the FDI Act. However, PCA was not fully effective due to the inadequate provision for loan losses that overstated SPB’s income and capital for several years and to the bank’s failure to execute its approved capital plan. It is of interest to note that of the 10 material loss reviews we have conducted, this is the second involving industrial loan companies–the 1999 failure of Pacific Thrift and Loan was the other. In the case of SPB, its parent holding company was not subject to the regulatory oversight provided under the Bank Holding Company Act (BHCA). However, the FDIC was authorized by law to examine any affiliate of SPB, including its parent company, to determine the relationship between SPB and its parent/affiliate and the effect of such a relationship on the bank. Our report contrasts the oversight and authority provided under the BHCA with that which is available by statute to the FDIC for parent holding companies of industrial loan companies. We may also conduct an audit specifically focusing on non-bank bank holding companies and the potential risks, if any, that may result from the reduced level of federal oversight for holding companies not covered by the BHCA. We made six recommendations designed to improve the bank supervision process and promote the safety and soundness of FDIC-supervised institutions. FDIC management concurred with all six recommendations. Have Adequate Procedures Been Implemented to
Examine Financial Institution Compliance with
the USA PATRIOT Act? Our overall objective was to determine whether the FDIC had developed and implemented adequate procedures to examine financial institutions’ compliance with the PATRIOT Act. The PATRIOT Act has 10 titles relating to the prevention of money laundering and financing of terrorism. Our audit covered Title III: International Money Laundering Abatement and Anti-terrorist Financing Act of 2001. We concluded that DSC’s existing Bank Secrecy Act examination procedures cover PATRIOT Act, Title III requirements to some degree. In addition, DSC had advised FDIC-regulated institutions of the new requirements in cases in which the Treasury Department had issued final rules implementing the Title III provisions. However, DSC had not issued guidance to its examiners for those provisions requiring new or revised examination procedures because DSC was either coordinating the issuance of uniform procedures with an interagency steering committee or waiting for the Treasury Department to issue final rules. This delay in issuing examination guidance was of particular concern when the Treasury Department had issued final rules for Title III provisions addressing money laundering deterrents and verification of customer identification. We recommended that DSC (1) issue interim examination procedures for those sections for which the Treasury Department has already issued final rules and (2) work with the FDIC-Federal Reserve System – Conference of State Bank Supervisors Steering Committee For Risk Focused Examination Procedures and Supporting Software to issue examination guidelines concurrently with the Treasury Department’s issuance of final rules for institutions’ implementation of Title III provisions. DSC management concurred with our recommendations. In addition, DSC issued interim guidance, effective August 15, 2003, to its examiners and the FDIC-regulated institutions addressing four of the eight Title III sections applicable to the FDIC’s examination procedures. The FDIC is also continuing its efforts to coordinate issuance of examination guidance with the interagency steering committee for risk-focused examination procedures. What Role Do Prompt Corrective Action
Provisions Play in Reducing Losses to the Deposit
Insurance Funds? Effectiveness of Resolution and Receivership Activities One of the FDIC’s corporate responsibilities is planning and efficiently handling the franchise marketing of failing FDIC-insured institutions and providing prompt, responsive, and efficient resolution of failed financial institutions. These activities maintain confidence and stability in our financial system. The FDIC has outlined primary goals for four business lines (listed below) that are relevant to the three major phases of the Division of Resolutions and Receiverships’ (DRR) work: Pre-Closing, Closing, and Post-Closing of failing or failed institutions. Each is accompanied by significant challenges:
Does the Division of Resolutions and
Receiverships Have Effective Guidance for
Resolving and Managing Credit Card Portfolios? Our work focused on whether DRR developed and applied effective guidance for the potential and actual resolution and management of credit card portfolios. We concluded that DRR adequately resolved and managed smaller credit card portfolios that did not involve securitized credit cards. (In a credit card securitization, a financial institution sells its credit card receivables to a special purpose trust that pays for the receivables by selling securities to the public.) However, DRR’s procedures for resolving large securitized credit card portfolios needed improvement. Specifically, DRR was not fully prepared to value and resolve the FDIC’s interest in the large NextBank securitized credit card portfolio. As a result, DRR incurred significant obligations with limited assurance, at the time of closing, of maximizing returns to the BIF after pay-off of insured depositors. Additionally, we reported that DRR’s financial advisor was paid for reports it did not complete, and DRR did not have the benefit of information and analysis that those reports would have contained. DRR indicated that the contractor met DRR’s needs and helped the Division make appropriate decisions regarding NextBank’s resolution strategies. DRR modified the statement of work to reflect added deliverables. The Corporation agreed to take action in response to the two recommendations we made in this report. Are the Corporation’s Asset Valuations Resulting
in Accurate Valuations for “Unique” Assets? DRR’s asset valuation review process resulted in reasonably accurate estimates of the value of the traditional assets sold for both of the FDIC-insured depository institutions. However, the actual net sales proceeds for the two institutions’ unique assets varied substantially from the asset valuations. The risk to the FDIC is that an inaccurate valuation may adversely impact the selection of the least costly resolution strategy. Further, if estimates of asset valuations are significantly understated, the FDIC faces the possibility that it may accept bids for assets that are too low and, thus, negatively impact the deposit insurance funds. DRR personnel generally complied with the Resolution Policy Manual in conducting their asset valuation reviews, and the FDIC’s asset valuation contractors provided all required valuation deliverables. We recommended that DRR require its Receivership Status Report and Action Plan or Quarterly Update to include discussion of significant variances between asset valuations and actual sales proceeds and also include an initiative to review best practices regarding the valuation of unique assets in DRR’s 2004 Strategic Plan. DRR concurred with both recommendations. In responding to our report, DRR also stated its strong view that ultimately it is competition among the bidders in an open, competitive marketing effort that most accurately determines the value of an institution’s assets. How Accurate Are the Corporation’s Deposit
Insurance Determinations? We conducted an audit during the reporting period to determine whether DRR is accurately making deposit insurance determinations. That is, we determined whether DRR appropriately grouped depositors’ accounts by ownership category and accurately determined insured amounts in accordance with the FDIC’s rules and regulations. The scope of our audit included testing actual insurance determinations for a sample of accounts for 10 of the 11 insured depository institutions that failed in calendar year 2002. We concluded that, overall, DRR is accurately making insurance determinations and provides depositors access to their insured deposits in accordance with the FDIC’s deposit insurance rules and regulations. We did, however, identify a total of nine cases for which the insurance determinations made by DRR were either inaccurate or potentially inaccurate. All but one of the exceptions were attributable to human error, and most errors occurred during the manual phase of the grouping process. Statistical analysis and projections also showed that there is a greater risk that exceptions would occur at larger institutions where DRR staff are handling large amounts of data and working longer hours. DRR agreed with our analysis and took actions to address the exceptions. We recommended that the Director, DRR, establish a process to routinely test the accuracy of insurance determinations and evaluate the test results in relationship to DRR-established benchmarks as part of the claims process redesign. DRR agreed with this recommendation.
Management and Security of
Information Information technology (IT) continues to play an increasingly greater role in every aspect of the FDIC mission. As corporate employees carry out the FDIC’s principal business lines of insuring deposits, examining and supervising financial institutions, and managing receiverships, the employees rely on information and corresponding technology as an essential resource. Information and analysis on banking, financial services, and the economy form the basis for the development of public policies and promote public understanding and confidence in the nation’s financial system. IT is a critical resource that must be safeguarded. Accomplishing IT goals efficiently and effectively requires sound IT planning and investment control processes. The Corporation’s 2003 IT budget is approximately $175.1 million. The Corporation must constantly evaluate technological advances to ensure that its operations continue to be efficient and cost-effective and that it is properly positioned to carry out its mission. While doing so, the Corporation must continue to respond to the impact of laws and regulations on its operations. Management of IT resources and IT security have been the focus of several laws, such as the Paperwork Reduction Act, the Government Information Security Reform Act (GISRA), and more recently, the Federal Information Security Management Act (FISMA) of 2002. Similar to the requirements of GISRA, under FISMA, each agency is required to report on the adequacy and effectiveness of information security policies, procedures, and practices and compliance with information security requirements. The Corporation has worked to implement many sound information system security controls but has not yet fully integrated these controls into an entity-wide program. Additionally, continued attention is needed in efforts to identify sensitive data, plan for and fund essential security measures, incorporate security requirements in FDIC contracts, enhance software configuration management, and measure the overall performance of the information security program. Frequently, security improvements at the FDIC have been the result of a reaction to specific audit and review findings, rather than the result of a comprehensive program that provided continuous and proactive identification, correction, and prevention of security problems. The OIG acknowledges that the Corporation is working to appoint a permanent Chief Information Officer (the position has been vacant since September 2001) to strengthen accountability and authority in the FDIC’s information security program and to ensure that other key positions in the Division of Information Resources Management (DIRM) are filled permanently. However, after three attempts to fill the Chief Information Officer position, the position remains vacant, and this long-term vacancy poses a risk to the Corporation. (See update in IG Statement, page 2.) Although the FDIC made progress in addressing the security weaknesses identified in our 2001 Security Act evaluation, new information security weaknesses were identified during our 2002 evaluation and during the FDIC’s internal evaluation completed on January 10, 2003. As discussed below, our FISMA report for 2003 again reports that the Corporation continues to have only limited assurance of adequate security of its information resources. Thus, management and security of IT resources continue to warrant management attention. How Effective Is the Corporation’s Information
Technology Security Program? Can It Be
Strengthened? In addition, this year we performed more in-depth evaluation work in the areas of Incident Response, Information Security Risk Management, and Security Oversight than in prior-year security evaluations. Much of this expanded work was in response to new and emerging information security requirements mandated by the FISMA. Based on this expanded work, our control assurance ratings for Incident Response and Information Security Risk Management declined as compared to our 2002 security evaluation results. It should be noted that this decline in assurance ratings was the result of expanded evaluation work rather than a weakening of management controls following our 2002 security evaluation. Our evaluation report identifies steps, in priority order, that the Corporation can take in the near term to improve its information security program and operations (see listing on next page). We would point out that the recommended action of appointing a permanent Chief Information Officer and filling other key DIRM positions, including the Acting Director position, appears on the list of steps for the second consecutive year. These steps are intended to assist the Corporation in furthering its efforts to develop and implement information security management controls that provide reasonable assurance of adequate security for its information resources. The FDIC was working during the evaluation to address most of the steps we identified. We will continue to work with the Corporation throughout the coming year to ensure that appropriate risk-based and cost-effective IT security controls are in place to secure corporate information resources and further corporate security goals and objectives. Has the Corporation Made Progress in
Strengthening Information Security Management
of FDIC Contractors?
Further, the Corporation needs to include security provisions in existing contracts where it is cost-beneficial to do so. As a result, a high level of risk remains that contractors are not providing adequate security to protect against misuse or unauthorized access to the Corporation’s data. How Effective Is the Corporation’s Control
Environment for Managing Information
Technology Assets? DIRM had previously conducted a self-assessment that identified needed enhancements to the IT Asset Management Program. During the reporting period, we conducted a more comprehensive review of the program, including evaluating the accuracy and reliability of the Information Technology Asset Management System (ITAMS). We concluded that DIRM’s program for managing IT assets was not adequate. Specifically, a weak control environment and weak control activities related to ITAMS resulted in:
The overarching cause of these conditions was a lack of management commitment to a strong internal control environment and control activities. During 2003, DIRM has worked aggressively to improve the program by defining what assets should be tracked, improving initial receipt and recording of assets into ITAMS, and conducting a 100 percent inventory of equipment recorded in ITAMS. Nevertheless, at the time we concluded our review, ITAMS remained unreliable and incomplete. Further, we reported that, viewed collectively, the conditions we found constitute a potential material internal control weakness and could result in a loss or misuse of equipment, unwarranted or unsupported procurement actions, and unauthorized access to sensitive information. Our report contained 10 recommendations to improve controls over the IT asset management program. Management’s comments on our report were responsive to the recommendations. Management did not agree with our characterization of the IT asset management problems as a potential material internal control weakness at the time we issued our report. Management provided us a memorandum subsequent to issuance of our report that discussed actions taken and planned to address program weaknesses within the ITAM program and its position on whether the OIG’s findings constitute a potential material weakness for the Corporation. In that memorandum, DIRM committed to completing the corrective actions necessary to implement adequate internal control over its ITAM program by December 31, 2003. We, in turn, communicated to DIRM that if its planned actions are implemented and effective, we would agree that the ITAM program would not warrant a material weakness designation in the Corporation’s 2003 Annual Report. Three Reviews Focus on Various IT Security Risk
Areas Trusted Information Systems Review: Public Key Infrastructure (PKI) is a technical architecture used to authenticate digital identities. IBM conducted a review to (1) evaluate the controls, policies, and procedures surrounding the FDIC’s PKI; (2) analyze and test the FDIC’s connectivity with third-party organizations such as contractors; and (3) evaluate the FDIC’s controls over sensitive data. During the review, IBM noted that the FDIC has implemented a number of good security practices. However, IBM identified needed improvements in PKI operations, contractor-connected systems, and protection of data provided to third parties. IBM recommended that the Corporation take a number of actions to improve network integrity, performance, and controls, and management agreed to take responsive action. Remote Access Systems Review: IBM’s report on remote access systems notes that the FDIC has implemented a number of good security practices regarding remote connectivity. However, IBM identified several opportunities to further strengthen remote access controls to the FDIC network. The report contains four findings and seven recommendations, and management’s comments on the report were responsive to concerns identified. Security Patch Management Review. This review evaluated the policies and procedures for implementing security patches in the FDIC’s networked environment. IBM concluded that additional work was needed to strengthen the security patch management program. IBM made 10 recommendations. DIRM management concurred with seven of the recommendations and partially concurred with the remaining three recommendations. For the three recommendations, DIRM proposed alternative corrective actions that are responsive to the conditions discussed in the report.
Security of Critical Infrastructure The adequate security of our nation’s critical infrastructures has been at the forefront of the federal government’s agenda for many years. Specifically, the President’s Commission on Critical Infrastructure Protection (established in July 1996) was tasked to formulate a comprehensive national strategy for protecting the nation’s critical infrastructure from physical and “cyber” threats. Included among the limited number of systems whose incapacity or destruction were deemed to have a debilitating impact on the defense or economic security of the nation was the banking and finance system. With the increased consolidation and connectivity of the banking industry in the years since 1996, and with the new awareness of the nation’s vulnerabilities to terrorist attacks since September 11, 2001, the security of the critical infrastructure in the banking industry is even more important. On May 22, 1998, Presidential Decision Directive (PDD) 63 Title 5 was signed. The directive called for a national effort to ensure the security of the nation’s critical infrastructures. PDD 63 defined the critical infrastructure as the “physical and cyber-based systems essential to the minimum operations of the economy and government.” The President declared that securing our critical infrastructure is essential to our economic and national security and issued two Executive Orders (EO 13228, The Office of Homeland Security and the Homeland Security Council, and EO 23231, Critical Infrastructure Protection in the Information Age) to improve the federal government’s critical infrastructure protection program in the context of PDD 63. The intent of PDD 63 is to ensure that the federal government maintains the capability to deliver services essential to the nation’s security and economy and to the health and safety of its citizens in the event of a cyber- or physical-based disruption. Much of the nation’s critical infrastructure historically has been physically and logically separate systems that had little interdependence. However, as a result of technology, the infrastructure has increasingly become automated and interconnected. These same advances have created new vulnerabilities to equipment failures, human error, natural disasters, terrorism, and cyber-attacks. To effectively protect critical infrastructure, the FDIC’s challenge in this area is to implement measures to mitigate risks, plan for and manage emergencies through effective contingency and continuity planning, coordinate protective measures with other agencies, determine resource and organization requirements, and engage in education and awareness activities. The FDIC will need to continue to work with the Department of Homeland Security and the Finance and Banking Information Infrastructure Committee, created by Executive Order 23231 and chaired by the Department of the Treasury, on efforts to improve security of the critical infrastructure of the nation’s financial system. What Progress Has the Corporation Made in
Implementing Its Information Security Strategic
Plan? We determined that the FDIC’s Information Security Strategic Plan needed improvement. Specifically, the FDIC had not fully implemented a number of important activities for protecting its cyber-based infrastructures. A substantial number of action items contained in the Corporation’s Tactical Plan remained to be completed, and, in a number of cases, planned milestones were being missed. These gaps in coverage limited the FDIC’s assurance that it was adequately protected against computer-based attacks on its critical infrastructures. At the time we completed our review, the FDIC was taking steps to increase the attention, visibility, and urgency for improved security over its critical infrastructure and was conducting a comprehensive IT review. We made one recommendation in this report related to including human capital initiatives in the Tactical Plan. Management agreed to take responsive action. Is the Corporation’s Approach to Assessing
Business Continuity Planning at FDIC-Supervised
Institutions Adequate? We concluded that DSC has actively promoted sound business continuity planning practices in financial institutions and developed examination programs for assessing financial institutions’ business continuity planning efforts. However, we also concluded that DSC’s examination work programs focus largely on disaster recovery planning, an IT function, as opposed to enterprise-wide business continuity planning, which addresses overall business concerns, such as employees, management succession, and backup sites. We recommended that the Director, DSC, incorporate the enterprise-wide aspects of business continuity planning in its supervisory approach to examinations of FDIC-supervised institutions. DSC agreed with our finding and recommendation. Transition to a New Financial Environment On September 30, 2002, the FDIC executed a multiyear contract to replace its core financial systems and applications with a commercial-off-the-shelf software package. The FDIC Board had previously approved contract expenditure authority for the New Financial Environment (NFE) project totaling approximately $28.8 million. NFE is a major corporate initiative to enhance the FDIC’s ability to meet current and future financial management and information needs. At the time the Board case was approved, the FDIC estimated the total life-cycle cost of NFE, including FDIC staff time, to be approximately $62.5 million over 8 years. NFE offers the FDIC significant benefits and presents significant challenges. These challenges will test the Corporation’s ability to (1) maintain unqualified opinions on the FDIC’s annual financial statements through the system implementation and associated business process reengineering; (2) manage contractor resources, schedules, and costs; and (3) coordinate with planned and ongoing system development projects related to NFE. Overall, the FDIC needs to ensure that the NFE project team successfully implements modern and reliable systems that improve financial business processes and support current and future financial management and information needs. At the same time, the team must work to control costs for the new environment to the maximum extent possible. Are Scope Management Controls in Place to Keep
the New Financial Environment Project On
Track? We concluded that key scope management deliverables for the NFE project are significantly behind schedule. Improvements in project oversight could have minimized the impact of issues affecting the project deliverable schedule. Additionally, FDIC management did not adopt adequate time management practices to maximize project progress. As a result, the project is less likely to be deployed on schedule, which could increase the FDIC’s contracting costs and defer the benefits anticipated from an integrated financial system. We recommended that the CFO, in conjunction with the Director, Division of Finance, conduct a senior management review of the NFE project to establish metrics for measuring progress and project re-evaluation criteria if measures are not achieved. We also recommended that the CFO and Director, Division of Finance, direct the NFE Steering Committee to take a number of steps to more clearly define the project’s scope, avoid project delays, and better manage changes to the project schedule. The Corporation’s response to our report addressed the concerns we identified. Assessment of Corporate Performance The Government Performance and Results Act (Results Act) of 1993 was enacted to improve the efficiency, effectiveness, and accountability of federal programs by establishing a system for setting goals, measuring performance, and reporting on accomplishments. The Results Act requires most federal agencies, including the FDIC, to prepare a strategic plan that broadly defines each agency’s mission, vision, and strategic goals and objectives; an annual performance plan that translates the vision and goals of the strategic plan into measurable annual goals; and an annual performance report that compares actual results against planned goals. The Corporation’s strategic plan and annual performance plan lay out the agency’s mission and vision and articulate goals and objectives for the FDIC’s three major program areas: Insurance, Supervision, and Receivership Management. The plans focus on four strategic goals that define desired outcomes identified for each program area: (1) Insured Depositors Are Protected from Loss Without Recourse to Taxpayer Funding, (2) FDIC-Supervised Institutions Are Safe and Sound, (3) Consumers’ Rights Are Protected and FDIC-Supervised Institutions Invest in Their Communities, and (4) Recovery to Creditors of Receiverships Is Achieved. Through its annual performance report, the FDIC is accountable for reporting actual performance and achieving these strategic goals. The Corporation has made significant progress in implementing the Results Act and needs to continue to address the challenges of developing more outcome-oriented performance measures, linking performance goals and budgetary resources, implementing processes to verify and validate reported performance data, and addressing crosscutting issues and programs that affect other federal financial institution regulatory agencies. Organizational Leadership and Management of Human Capital The FDIC has experienced significant downsizing for the past 10 years as the workload from the banking and thrift crises of the late l980s and 1990s has been accomplished. A number of division mergers and reorganizations took place, and the Corporation concluded major 2002 buyout/retirement incentive programs. Those incentive programs achieved a reduction of 699 staff and projected annual savings of $80 million in future operating costs. In total, over the past 10+ years, the workforce (combined from the FDIC and the Resolution Trust Corporation) has decreased from approximately 23,000 in 1992 to approximately 5,300 as of September 20, 2003. In light of the downsizing, the Corporation continues to identify an appropriate skills mix to carry out its mission and must seek to correct any existing skills imbalances. To do so, the Corporation continues to offer solicitations of interest, reassignments, retraining, and outplacement assistance. A large number of FDIC employees will be eligible to retire within the next several years. As the Corporation adjusts to a smaller workforce, it must continue to ensure the readiness of its staff to carry out the corporate mission. The FDIC’s new Corporate University is an initiative that should help prepare the workforce for challenges ahead. The Corporation is also challenged to fill key vacancies in a timely manner, engage in careful succession planning, and continue to conserve and replenish the institutional knowledge and expertise that has guided the organization in the past. Additional outsourcing needs may arise, and hiring and retaining new talent will be important. Hiring and retention policies that are fair and inclusive must remain a significant component of the corporate diversity plan. Designing, implementing, and maintaining effective human capital strategies are critical priorities and must be the focus of centralized, sustained corporate attention. A significant element of this performance and management challenge relates to organizational leadership at the FDIC Board of Directors level, specifically, with respect to the current make-up of the Board. The Board is a body whose strong leadership is vital to the success of the agency and to the banking and financial services industry. The Board is composed of five directors, including the FDIC Chairman, two other FDIC directors, the Comptroller of the Currency, and the Director of the Office of Thrift Supervision. To ensure that the balance between various interests implicit in the Board’s structure is preserved, the Board should operate at full strength. However, the Board has been operating with an FDIC Director vacancy since September 1998. Although the President has nominated someone for this position, the candidate has not yet been confirmed. Accordingly, the OIG has urged the Congress that vacancies on the Board be filled as promptly as practicable in order to afford the FDIC the balanced governance and sustained leadership essential to the agency’s continued success. As referenced earlier in the Management and Security of IT Resources section of this report, the long-standing vacancy of the position of Chief Information Officer has been of major concern to the OIG as well. (See updates in IG Statement, page 2.) Also, DIRM initiated a priority project called the Comprehensive Information Technology Program Review. One aspect of this effort is an assessment of human capital needs and a plan to identify and address any shortfalls in staff resources or skills mix for the IT security program. The human capital staffing plan and its inclusion in the System Security Management Tactical Plan are targeted for completion in January 2004. Until an assessment is performed, and a human capital plan developed and tracked, the FDIC is at risk of not having the appropriate staffing resources to manage the IT security program. Cost Containment and Procurement Integrity As steward for the BIF and SAIF, the FDIC seeks ways to limit the use of those funds. Therefore, the Corporation must continue to identify and implement measures to contain and reduce costs, either through more careful spending or assessing and making changes in business processes to increase efficiency. Many of the efforts described earlier as part of other management and performance challenges (e.g., NFE, corporate downsizing) attest to the Corporation’s ongoing efforts to contain and reduce costs. A key challenge to containing costs relates to the contracting area. To assist the Corporation in accomplishing its mission, contractors provide services in such areas as information technology, legal matters, loan servicing, and asset management. To achieve success in this area, the FDIC must ensure that its acquisition framework—that is, its policies, procedures, and internal controls—is marked by sound planning; consistent use of competition; fairness; well-structured contracts designed to produce cost-effective, quality performance from contractors; and vigilant contract management to ensure successful project management activities. The Corporation has taken a number of steps to strengthen internal control and effective oversight. However, our work in this area continues to show that further improvements are necessary to reduce risks such as the consideration of contractor security in acquisition planning, incorporation of information security requirements in FDIC contracts, and oversight of contractor security practices. Other possible risks include corporate receipt of billings for such items as unauthorized subcontractors, unallowable subcontractor markups, incorrect timesheets, billings for unreasonable project management hours, conflicts of interest, and unauthorized labor categories. The combination of increased reliance on contractor support and continuing reductions in the FDIC workforce presents a considerable risk to the effectiveness of project management activities. Additionally, large-scale procurements, such as Virginia Square Phase II (a $111 million construction project to house FDIC staff who now primarily work in leased space in the District of Columbia), NFE, and the Central Data Repository project necessitate continued emphasis on contractor oversight and overall project management activities. How Reasonable Are the FDIC’s Contract Terms
with ARAMARK Services, Inc., and Are Controls
Effective in Managing and Controlling Costs? We conducted a review to determine whether specific terms of the ARAMARK contract were reasonable, oversight management by the FDIC and ARAMARK was adequate, and opportunities existed for ARAMARK to improve controls over operations and reduce operating costs at the FDIC’s cafeterias and Student Residence Center. Our review determined that certain terms in the FDIC’s ARAMARK contract are not reasonable and limit the FDIC’s ability to manage and control the costs of operating the cafeterias and the Student Residence Center. Additionally, the FDIC did not always effectively oversee the contractor’s performance to ensure compliance with all contract terms and conditions. We reported that the FDIC could save $1.5 million over the next 3 years by modifying the terms of the contract and providing better contractor oversight. The FDIC could also have avoided costs of $345,543 had it better structured the terms of the contract dealing with fixed fees. The FDIC also needed to collect tuition fees for non- FDIC employees who had attended FDIC courses at Virginia Square and improve controls over tuition collection for such individuals. Finally, the FDIC did not fully enforce the contractor security provisions, thus posing a security risk to FDIC personnel and facilities. In responding to our report, management did not concur with certain findings or associated potential monetary benefits. We have adjusted the amount of potential monetary benefits we are reporting in this semiannual report from $1.5 million to $1.2 million to reflect the nonconcurrences and our acceptance of them with the exception of one recommendation related to reducing fixed fees to ARAMARK based on occupancy levels at the Student Residence Center. We have asked FDIC management to reconsider its position on that recommendation and to provide us a subsequent response. The OIG’s Post-award Contract Reviews
Investigations :
The Office of Investigations (OI) is responsible for carrying out the investigative mission of the OIG. Staffed with agents in Washington, D.C.; Atlanta; Dallas; and Chicago, OI conducts investigations of alleged criminal or otherwise prohibited activities that may harm or threaten to harm the operations or integrity of the FDIC and its programs. In addition to its two regional offices, based in Atlanta and Dallas, OI operates an Electronic Crimes Team (ECT) and laboratory in Washington, D.C. The ECT is responsible for conducting computer-related investigations impacting the FDIC and providing computer forensic support to OI investigations nationwide. OI also manages the OIG Hotline for employees, contractors, and others to report allegations of fraud, waste, abuse, and mismanagement via a toll-free number or e-mail. OI concentrates its investigative efforts on those cases of most significance or potential impact to the FDIC and its programs. Our goal, in part, is to bring a halt to the fraudulent conduct under investigation, protect the FDIC and other victims from further harm, and assist the FDIC in recovery of its losses. Another consideration in dedicating resources to these cases is the need to pursue appropriate criminal penalties not only to punish the offender but to deter others from participating in similar crimes. Currently, the majority of OI’s caseload is comprised of investigations involving major financial institution fraud. OI’s work in this area targets schemes that resulted in significant losses or vulnerabilities for the institution( s) and/or involves institution officers or insiders, multiple subjects and institutions, obstruction of bank examiners, and/or misrepresentation of FDIC insurance or affiliation. It also includes investigations of fraud resulting in institution failures. Cases in this area are highly complex and resource intensive, often requiring teams of agents and years to complete. Despite the resource demands, the OIG’s commitment to these investigations is imperative, in light of their significance and potential impact to the FDIC and the banking industry. Additionally, from a cost-benefit perspective, these cases have brought results that seem to make our investment in them well worth the effort, as illustrated in some of the cases reported for this period. Although it is impossible to put a price tag on the benefit derived from bringing criminals in these cases to justice, our investigations of major financial institution fraud schemes have brought increased returns measured by successful prosecutions resulting in incarceration, court-ordered fines, restitution to victims, and administrative actions. In addition to pursuing financial institution-related cases, the OIG commits significant resources to investigations that target fraud by FDIC debtors seeking to conceal their assets from the FDIC. These cases, which include investigations of individuals who fraudulently attempt to avoid payment of court-ordered restitution to the FDIC, made up 28 percent of our caseload as of September 30, 2003. These cases are of great significance to the FDIC, which was owed approximately $1.7 billion in criminal restitution as of September 2003. In most instances, the convicts subject to these restitution orders do not have the means to pay. The focus of OIG investigations in this area is on those individuals who do have the means to pay but hide their assets and/or lie about their ability to pay. We work closely with the Division of Resolutions and Receiverships (DRR) and the Legal Division in aggressively pursuing investigations of these individuals, to ensure that they are brought to justice and that the FDIC, as the victim, recovers as much of its loss as possible. [D]Joint Efforts The OIG works closely with U.S. Attorneys’ Offices throughout the country in attempting to bring to justice individuals who have defrauded the FDIC. The prosecutorial skills and outstanding direction provided by Assistant United States Attorneys with whom we work are critical to our success. The results we are reporting for the last 6 months reflect the efforts of U.S. Attorneys’ Offices in the District of Minnesota, Northern District of Ohio, District of South Dakota, District of Colorado, District of Oklahoma, Northern District of Texas, District of Connecticut, Southern District of Iowa, and Eastern District of Virginia. In addition to local U.S. Attorneys’ Offices, the OIG worked with Trial Attorneys from the Fraud Section of the U.S. Department of Justice as well as State prosecutors from the State of Missouri. Support and cooperation among other law enforcement agencies is also a key ingredient for success in the investigative community. We frequently “partner” with the Federal Bureau of Investigation (FBI), the Internal Revenue Service Criminal Investigation (IRS-CI), and other law enforcement agencies in conducting investigations of joint interest. Also vital to our success is our partnership with FDIC program offices. We coordinate closely with the FDIC’s Division of Supervision and Consumer Protection (DSC) in investigating fraud at financial institutions, and with DRR and the Legal Division in investigations involving failed institutions and fraud by FDIC debtors. Our ECT coordinates closely with the Division of Information Resources Management in carrying out its mission. The successes highlighted for the period would not have been possible without the collaboration of these offices. In addition to carrying out its direct investigative responsibilities, the OIG is committed to providing training and sharing information with FDIC components and other regulators based on “lessons learned” regarding red flags and fraud schemes identified through OIG investigations. OI agents provide regular training during FDIC Commissioned Examiner Seminars, and frequently give presentations to FDIC staff during regional and field meetings. We are also called upon by the Federal Financial Institutions Examination Council, state banking regulatory agencies, and law enforcement agencies to present case studies. During the reporting period, OI participated on the FDIC team that developed a paper on the “Root Causes of Bank Failures from 1997 to the Present,” to be presented during an FDIC-sponsored symposium exploring why banks fail. Results Over the last 6 months, OI opened 25 new cases and closed 17 cases, leaving 110 cases underway at the end of the period. Our work during the period led to indictments or criminal charges against 30 individuals and convictions of 8 defendants. Criminal charges remained pending against 33 individuals as of the end of the reporting period. Fines, restitutions, and recoveries stemming from our cases totaled almost $68,122,208. The following are highlights of some of the results from our investigative activity over the last 6 months: Fraud Arising at or Impacting Financial
Institutions As part of his plea, the defendant forfeited any and all of his interest in property controlled by Stardancer Casinos Inc. and its subsidiaries, as he was an investor and part owner of Stardancer. In late 1998, the defendant began investing embezzled bank funds into Stardancer Casinos Inc., a casino gambling operation originally headquartered near Myrtle Beach, South Carolina. Over the course of the next 3 years, the defendant embezzled over $43 million to purchase casino vessels and fund the operations of the casino business. At various times, the business operated ports in Myrtle Beach, South Carolina, and in Jacksonville, Miami, Madeira Beach, Tarpon Springs, and Port Richey, Florida. He forfeited bank accounts relating to Stardancer and two other companies identified in the investigation. He also forfeited real estate and investments in Florida, Ohio, Texas, and South Carolina, his interest in any of the Stardancer vessels and equipment, $520,450 in currency seized by the government, and any substitute properties owned by him but not identified in the investigation as the proceeds of criminal activities. As a part of this ongoing investigation, agents from the FDIC OIG, the IRS-Criminal Investigation, and the FBI earlier executed seizure warrants on four Stardancer casino vessels, two Stardancer taxi vessels, and nine Stardancer bank accounts. In addition, the agents executed 11 search warrants on two Stardancer corporate offices, three Stardancer ticket offices, one Stardancer security office, two Stardancer casino vessels, two mini-storage facilities (1 warrant) and the Stardancer CEO’s residence (2 warrants). Fourteen FDIC OIG agents and 37 additional agents from the FBI and IRS-CI participated in the multi-agency operation. The vessels and seized slot machines were maintained by a contractor until they were sold at a Treasury Department auction on May 9, 2003, for a total of approximately $2.2 million. The FDIC closed Oakwood Deposit Bank Company on February 1, 2002, after the discovery of information indicating irregularities in the amount of deposits reported in the records of the bank. According to his plea agreement, the defendant began embezzling funds from the bank in 1993 with a loan to a family member. He admitted to altering bank records and creating paperwork in order to conceal the embezzlement, which resulted in losses to the bank of approximately $48,718,405 and led to the bank’s insolvency. In addition, the bank suffered other losses as a result of a check-kiting scheme. On August 6, 2003, two former car dealers from Ohio were indicted by a federal grand jury in the Northern District of Ohio, Toledo, Ohio, for conspiracy and bank fraud relating to those losses. As alleged in the indictment, the charges arose from a check-kiting scheme the defendants allegedly engaged in during calendar year 2001. A check-kite is a fraudulent scheme in which a bank customer utilizes the time it takes to clear checks to create artificially high balances of non-existent funds through a systemic exchange of checks among accounts when, in reality, actual funds do not exist. The indictment alleges that the defendants kited checks between accounts maintained by them at the now defunct Oakwood Deposit Bank Company. Losses on the check-kiting scheme are currently estimated to be over $11 million. The check-kiting scheme is being investigated by the FDIC OIG and the FBI. Prosecution of the case is being handled by the U.S. Attorney’s Office for the Northern District of Ohio, Toledo, Ohio. The investigation of the defendant’s activities in the failure of Oakwood Deposit Bank Company is being conducted jointly by agents of the FDIC OIG, IRS-CI, and the FBI. Prosecution of the case is being handled by the U.S. Attorney’s Office for the Northern District of Ohio, Toledo, Ohio. The U.S. Attorney’s Office for the Middle District of Florida assisted in the preparation of the Stardancer warrants. Sinclair National Bank The indictment alleges that the former owner and director conspired with other un-named co-conspirators to fraudulently obtain control of Northwest National Bank in Gravette, Arkansas, which was later renamed Sinclair National Bank. As alleged in the indictment, the subject and her co-conspirators used Sinclair National Bank to enrich themselves by using the bank to buy debt from Sinclair Financial Group, a company previously owned by the subject and her former husband. The indictment also alleges that the defendant and others failed to report to the OCC in their application to purchase Sinclair National Bank that the defendant was owed $5 million from an individual that Sinclair National Bank was going to have a business relationship with. The OCC had relied on the information that the defendant provided to approve their application. The defendant and her former husband owned Sinclair National Bank for approximately 18 months before the institution was closed by the OCC in September 2001, at an estimated $4.4 million loss to the Bank Insurance Fund. The defendant, with her former husband had owned Sinclair Financial Group until they sold their interest in the company in October 1999, at which time the company was renamed Stevens Financial Group. In March 2001, Stevens Financial Group claimed bankruptcy. At the time of the bankruptcy, Stevens Financial Group defaulted on approximately $60 million in debt that was owed to over 3,000 Missouri investors. In connection with the ongoing investigation, on September 11, 2003, a grand jury in the Circuit Court of Greene County, Springfield, Missouri, indicted the defendant’s former husband and others on 24 counts of securities fraud. Also named in the indictment were:
The securities fraud charges include allegations that the defendants misrepresented the true financial condition of Stevens Financial Group and Sinclair Financial Group by inflating the assets, net worth, and profitability. Earlier in the case, the former in-house counsel for the Sinclair National Bank and for the now defunct Stevens Financial Group was charged and pleaded guilty in the U. S. District Court for the Western District of Missouri to one count of obstructing the OCC in its examination of the former Sinclair National Bank. He also pleaded guilty on April 24, 2003, in the Circuit Court of Greene County, Missouri, to a two-count felony complaint charging him with making false or misleading statements to securities investigators of the State of Missouri. As part of the plea agreement, the defendant agreed not to practice law before his sentencing and to surrender his law license when he is sentenced. The agreement also requires that the defendant help state and federal investigators in their ongoing investigations of officers of Stevens Financial Group. In return, the Missouri Attorney General’s Office agreed not to file additional charges against the defendant relating to the investigation of Stevens Financial Group unless he refuses to testify or is discovered telling a lie in the case. The Department of Justice, Fraud Section, Washington, D.C., assembled a task force at the Kansas City FDIC Regional Office with personnel from the FDIC OIG, FBI, and Treasury OIG to investigate Sinclair National Bank and Sinclair Financial Group allegations. With assistance from the task force, the State of Missouri’s Attorney General’s Office and Missouri Secretary of State’s Office is prosecuting the case at the state level. Former BestBank Executives and Two Owners of
Century Financial Services Indicted for Fraud Named in the indictment from BestBank are the following: the former owner, Chief Executive Officer, and Chairman of the Board of Directors; the former President and Director; and the former Chief Financial Officer and Director. Also named in the indictment are the two owners and operators of Century Financial Services, Inc., and Century Financial Group, Inc., of Oakland Park, Florida, from this point on identified as Century Financial. All subjects have been arrested and arraigned on the charges alleged in the indictment. The indictment alleges that from 1994 through July 1998, the defendants engaged in a business operation that made more than 500,000 BestBank credit card loans to sub-prime borrowers. In July 1998, the Colorado State Banking Commissioner and the FDIC determined that the value of the sub-prime credit card loans maintained as an asset on the books of BestBank was overstated because delinquent loans were fraudulently made to appear non-delinquent. BestBank’s liability to its depositors exceeded the value of its other assets, thereby making it insolvent. When BestBank failed in July 1998, its largest asset was the portfolio of sub-prime credit card accounts with a reported value of more than $200 million. Sub-prime credit card borrowers are defined as high-risk borrowers with poor credit histories. The credit card accounts were funded by BestBank using money from depositors. BestBank attracted depositors by offering above-market interest rates.
According to the indictment, BestBank entered into agreements with Century Financial to market BestBank credit cards to sub-prime borrowers. Century Financial sold $498 travel club memberships, marketed first through Universal Tour Travel Club and later through All Around Travel Club. In almost every instance, those who signed up for the travel club did not pay cash for their membership. Instead, BestBank and Century Financial offered to finance a travel club membership for sub-prime borrowers using a newly issued BestBank VISA credit card. The credit limit for the sub-prime borrowers as provided by the bank was $600. BestBank also charged fees, which immediately brought the borrowers close to the credit limit. Less than half of those who signed up for the travel club received their membership materials. The indictment further alleges that the defendants carried out a fraudulent scheme in several ways. Most people did not pay the mandatory $20 service fee required before the account was funded. Over 50 percent of the sub-prime borrowers’ accounts were non-performing. BestBank and Century Financial, in many instances, did not send the sub-prime borrowers their credit card or monthly statements. The indictment further alleges that the two owners of Century Financial fraudulently concealed the sub-prime borrowers’ non-performance and delinquency rates by reporting non-performing accounts as performing. Allegedly, the two defendants paid $20 to some accounts so they would appear to be performing when, in fact, they were not. The former owner, chief executive officer and chairman of the board of directors and the former president and director of BestBank, and the two owners of Century Financial each received more than $5 million during the course of the alleged fraudulent scheme. The indictment includes an asset forfeiture count, which seeks $100 million to compensate victims for the loss as a result of the bank’s failure. BestBank was an FDIC-regulated institution that was closed on July 23, 1998, by the Colorado State Banking Commission and the FDIC, making it one of the largest bank failures in the United States in the last 10 years. Depositors’ losses exceeded $200 million. The FDIC’s Bank Insurance Fund covered all depositors’ losses except for $27 million of deposits which exceeded the $100,000 per-account insurance limit. The case is being investigated by the FDIC OIG, FBI, and IRS-CI and is being prosecuted by the U.S. Attorney’s Office for the District of Colorado and the U.S. Department of Justice. Former Branch Manager of Security Bank Arrested
on Bank Fraud Charges The indictment alleges that from May 1999 until August 2002, he made nominee loans and created fraudulent supporting loan documents in the names of unknowing bank customers. The defendant allegedly used the proceeds from the nominee loans to conceal the poor loan quality, past due status, and over advances to another bank customer. He also allegedly manipulated the bank’s computer system to make loans look as if they were paying on time. Losses from the defendant’s scheme total approximately $906,000. The case is being investigated by the FDIC OIG and the FBI. The case is being prosecuted by the U.S. Attorney’s Office for the District of South Dakota. Bank Customer and His Associate Indicted and
Arrested on Charges of Aiding and Abetting,
Conspiracy, and Bank Fraud Against First State Bank
of Harrah, Oklahoma The indictment charges that from September 1997 through December 1998 the FSBH customer, who was in the construction business, conspired with his business associate, and a former executive vice president of FSBH, to defraud FSBH by creating a series of 11 fraudulent nominee loans. The FSBH customer recruited nominee borrowers, including his business associate, in order to obtain loans. A nominee borrower is a person or entity whose name is used for the purpose of obtaining a bank loan when the proceeds are actually used for the benefit of another. The loan proceeds from this scheme totaled $800,000 and were intended to benefit the bank customer. On May 9, 2003, the bank customer and his associate were arrested by Special Agents of the FDIC OIG and FBI. Oklahoma City police officers also assisted with the arrests. As reported in our last semiannual report, the former executive vice president of FSBH pleaded guilty to conspiracy to commit bank fraud for his participation in the loan fraud scheme and was sentenced to 5 years’ probation and 6 months’ home confinement. The investigation of the activities involving FSBH is being conducted jointly by the FDIC OIG and the FBI, and the case is being prosecuted by the U.S. Attorney’s Office, Oklahoma City, Oklahoma. Former Bank President and Bookkeeper of Town &
Country Bank Plead Guilty to Bank Fraud The superseding indictment alleges that the defendant and others executed a scheme to defraud the former Town & Country Bank of Almelund (Minnesota). Specifically, the indictment alleges that the defendant manipulated over 20 false lines of credit that resulted in the failure of the bank in July 2000, when the State of Minnesota declared the bank insolvent and appointed the FDIC as the receiver. The failure of Town & Country resulted in a loss of $1.4 million to the FDIC Bank Insurance Fund. The investigation continues against a commercial contractor whose company, Riverwoods Development Corporation, was a customer of the bank. On April 8, 2003, a federal grand jury originally indicted the former president and the customer together on eight counts relating to bank fraud, money laundering, making false entries in the bank’s records, and conspiracy. On August 11, 2003, the federal grand jury returned a superceding indictment that added two counts of false bank entries and one count of money laundering. The indictment included a forfeiture charge seeking to recoup $1,174,740 in proceeds from the alleged loan fraud scheme by the subjects, and any other proceeds or property not specifically traced in the indictment. In addition, on September 11, 2003, the former bookkeeper of Riverwoods Development Corporation pleaded guilty to one count of bank fraud of a four-count superseding indictment returned against him by the federal grand jury in the District of Minnesota on August 11, 2003. The four-count superseding indictment charged him with bank fraud, money laundering, false bank entries, and perjury. The perjury count related to the bookkeeper’s 1999 bankruptcy filing whereby he claimed fraudulent loans from Town & Country Bank as his liabilities. The superseding indictment alleges that the bookkeeper and others executed a scheme to defraud the former Town & Country Bank. Specifically, the indictment alleges that the bookkeeper received $41,000 for signing 10 false loans obtained from the bank between March 1997 and June 1999 and that had a total face value of $371,000. When the bank failed, the FDIC charged off $267,000 in principal loss that was outstanding on the loans. As part of his plea agreement, the bookkeeper has also agreed to cooperate fully with federal law enforcement in the continuing investigation against the other defendants in this case. This case is being investigated jointly by the FDIC OIG, FBI, and IRS-CI and is being prosecuted by the U.S. Attorney’s Office for the District of Minnesota. Owners of Construction Company Sentenced on
Charges of Defrauding Community Bank of Blountsville, Alabama As previously reported, a jury in the U.S. District Court for the Northern District of Alabama returned guilty verdicts on all three counts of an indictment charging the defendants and their company, Morgan City Construction, with bank fraud and conspiracy to commit bank fraud. At trial, the government presented evidence showing that between December 1997 and July 2000 the couple used Morgan City Construction, which they own and operate, to submit invoices for construction work purportedly performed for Community Bank, an FDIC-regulated bank located in Blountsville, Alabama. Prosecutors alleged during the trial that some of the invoices were for work never performed and that other invoices were for personal construction work performed for the bank’s chief executive officer, his relatives, and the bank’s vice president of construction and maintenance. Evidence was also presented to show that the records of the bank were falsified to reflect that the work was completed at the bank’s facilities. The charges against the defendants included a forfeiture claim seeking any property derived from the fraud scheme. Although the government alleged that the couple received a total of approximately $1.7 million as a result of the fraud scheme, the jury decided in separate deliberations that they only netted $178,500 in illicit proceeds. On May 20, 2003, the FDIC and seven members of the Board of Directors of Community Bank executed a Stipulation and Consent to the Issuance of an Order to Pay (Consent Agreement). Each member agreed to pay $10,000 in civil money penalties. The penalties were assessed by the FDIC against the Board Members and were based on the seriousness of violations of law and regulations; breaches of fiduciary duty; and unsafe and unsound banking practices uncovered by the FDIC. Also on May 20, 2003, the FDIC issued a Notice of Intention to Prohibit from Further Participation, a Notice of Assessment of Civil Money Penalties, and a Notice of Charges for Restitution against a former Chairman of the Board, an Executive Vice President, and a Director of Community Bank. This investigation of Community Bank was conducted by agents from the FDIC OIG and FBI. Prosecution of the case was handled by trial attorneys from the Department of Justice, Washington, D.C. Former Officials of Jasper State Bank Sentenced in
Fraud Scheme As reported in our last semiannual report, in March 2003, the two former officials of Jasper State Bank pleaded guilty in the U.S. District Court for the District of Minnesota to criminal charges relating to the alleged bank fraud scheme. Specifically, the former director and executive vice president of the bank pleaded guilty to bank fraud, misapplication of funds, and making false entries in the bank’s records; the former head teller pleaded guilty to one count of bank fraud. Both defendants had previously been indicted on similar charges in January 2003. The former executive vice president of the bank and his brother-in-law were each 50-percent owners of the bank. As the executive vice president, he had extensive authority, served as a loan officer, and had unrestricted access to the bank’s computer system. When entering his guilty plea, he admitted that between July 2000 and March 2002, he misapplied funds belonging to the bank by granting over $800,000 in loans to nominee borrowers to disguise the true beneficiary of the loan proceeds. He also admitted that he made false entries in the books and records of the bank to conceal the loans, altered supporting loan documents, directed the manipulation of records pertaining to delinquent loans, and engaged in the falsification of vehicle inventory reports. The former head teller admitted to aiding and abetting the executive vice president by making false entries in the records of the bank. Specifically, she admitted to falsifying records to make delinquent loan accounts appear current and to routinely falsifying inventory reports that were submitted to obtain loans from the bank by a company of which she was a part owner. Jasper State Bank is a $23 million bank in rural Minnesota. The bank incurred total losses of approximately $2.7 million as a result of the loans originated by the defendants, well in excess of the $2.4 million in the bank’s capital and reserves, thus causing it to become insolvent. The bank was saved from failure by the injection of $3 million in capital from two investors. On July 11, 2003, the former executive vice president stipulated to an action under Section 8(e) of the Federal Deposit Insurance Act, which provides for a lifetime ban from banking. The executive vice president was not assessed any Civil Money Penalty because the criminal restitution in his case exceeded $900,000 and he has no assets. The investigation that led to the prosecutions was conducted jointly by agents from the FDIC OIG and the FBI. The case is being prosecuted by the U.S. Attorney’s Office for the District of Minnesota. Management and Sale of FDIC-Owned Assets As we described in our last semiannual report, on February 11 and 14, 2003, the two defendants pleaded guilty in the U.S. District Court for the Middle District of Florida. Both defendants pleaded guilty to one count of a four-count indictment that had been returned by a federal grand jury in April 2001; this indictment charged them with conspiracy and making false statements to the FDIC. The indictment against the two individuals charged them with submitting three false invoices as well as bogus support documentation to the FDIC on behalf of Golden Ocala Golf Course Partners. These documents purported that Golden Ocala Golf Course Partners paid a nonexistent company $240,000 for environmental remediation work that was actually performed by other companies at a total cost of $51,376. Based on this false documentation, the FDIC reimbursed the partnership $150,000 for expenses. The prosecution of these two individuals was handled by the Middle District of Florida. The investigation was initiated by the Department of Justice and the FDIC OIG and was based upon allegations contained in a civil complaint filed by a private citizen under the False Claims Act. In September 2000, one of the partners entered into an agreement whereby he agreed to pay the government $300,000 to settle the civil complaint. Misrepresentation Regarding FDIC-Affiliation As we previously reported, the subject was arrested on similar charges by agents of the FDIC OIG and the Riverside County (California) District Attorney’s Office on October 7, 2002. The subject, doing business as Jeffco Financial Services, was licensed to sell securities through San Clemente Services, Inc., another company involved in the sale of brokered certificates of deposit (CDs). Relying on information they were provided regarding FDIC insurance coverage, investment yields, fees, and commissions, investors purchased approximately 1,241 CDs totaling $67,390,735 from Jeffco Financial Services. The felony complaint to which the subject pleaded guilty lists the names of 59 individuals or entities to whom he offered or sold unregistered securities which are described in the complaint as “investment contracts in the form of interests in custodialized CDs.” He also pleaded guilty to making misrepresentations regarding “annual average yield,” theft of property exceeding $2.5 million in value, and participating in a pattern of felony conduct involving the taking of more than $500,000. Judge orders broker to serve 6 years
The FDIC OIG investigation was initiated based on a referral by DSC of information obtained during the examination of a bank indicating irregularities in deposits the bank had placed with San Clemente Services. The prosecution of the case was handled by the Riverside County District Attorney’s Office.
Superseding Indictment Adds 80 Additional Charges
to Broker Dealers As alleged in the indictment, the defendants schemed to defraud various financial institutions and individual investors by inducing them to enter into investment contracts to purchase CDs and other securities issued by the Federal Home Loan Mortgage Corporation and the Federal National Mortgage Association, which would be held and managed for investors by UCC. As part of their scheme, the defendants falsely and fraudulently failed to advise investors that SCS and UCC would subtract undisclosed fees and commissions of the amount invested. They also made false representations regarding FDIC insurance coverage of the CDs. The investment confirmations and statements they sent to investors were false and intentionally misleading, and money paid to investors when they liquidated an investment prior to maturity was actually money invested by another investment or by other persons. The investors had no ownership in any investment that would be purchased in UCC’s name, and in 1997, SCS, along with its co-owners, had been banned by the National Credit Union Association from doing business with federally insured credit unions because of their deceptive practices.
The case is being investigated by the FDIC OIG and the FBI. The case is being prosecuted by the U.S. Attorney’s Office for the Northern District of Texas. The investigation was initiated based on a referral from DSC.
Restitution and Other Debt Owed the FDIC The former Massachusetts developer was sentenced in 1995 to serve 24 months in prison and ordered to pay the FDIC $10.9 million in restitution for defrauding the former Bank of New England. Upon her release from prison, she was placed on probation and made some restitution payments in the range of $100 - $300 per month. The OIG initiated its investigation based on information that the former developer was concealing her true residence to the U.S. Probation Office and had falsely reported she had no assets. Our investigation developed substantial evidence that indicated her claims of indigence were false and that she fraudulently concealed assets in an effort to avoid payment of criminal restitution to FDIC. Among those assets were expensive works of art, which we found housed in a storage facility she had rented under an assumed name. The OIG earlier obtained an order to seize the artwork to offset her outstanding restitution. Throughout the investigation, she maintained the artwork was not hers but belonged to her late husband or her daughter and, therefore, was not subject to the restitution order. FDIC Debtor and Girlfriend Plead Guilty to Felony Charges The defendant’s girlfriend pleaded guilty to assisting him in the attempted concealment of assets from the FDIC. She admitted that she knew the defendant owed $2.7 million in restitution and that she assisted him in later concealing his assets by permitting him to buy and sell real estate in her name. She filled out false loan applications in order to enable her to borrow monies to purchase four properties in Connecticut and Florida. Although the scheme made it appear as if she were making the payments to purchase and improve these properties, the defendant was actually providing the monies by reimbursing his girlfriend for her expenditures. The investigation of this case was conducted by the FDIC OIG, and the prosecution was handled by the United States Attorney’s Office, District of Connecticut. FDIC Debtor Sentenced and Pays $500,000 to FDIC Our investigation found that the debtor made several false representations in the deposition including his failure to disclose income from oil wells and his interests in other investments including ranching and farm operations. He was also asked to disclose in the deposition whether he had provided any financial statements to any entity in the past 5 years. He failed to disclose three recent financial statements that he had provided to First Southwest Bank to obtain several loans. The FDIC had previously approved a settlement of $180,000, but the Department of Justice put a hold on it pending the results our criminal investigation. The plea agreement was coordinated with the FDIC Legal Division and DRR.
Sentencing Update On September 4, 2002, the defendant pleaded guilty to making false entries in the records of HCSB in two instances by overstating the value of assets on financial statements submitted in connection with loan applications, and in two other instances by misrepresenting the purpose of loans. He also pleaded guilty to 4 counts of making false statements. Two of those instances involved the submission of Call Reports to the FDIC; these reports failed to disclose HCSB had made loans to its executive officers. In the third false statement count, he pleaded guilty to creating a fraudulent HCSB cashier’s check and a related deposit ticket, both of which he provided to FDIC examiners and purported to be true documents. In the fourth instance, he pleaded guilty to submitting a false financial statement to another FDIC-insured financial institution in connection with an outstanding loan, by understating the true amount and value of his debts and liabilities. In exchange for his guilty plea, the government agreed to drop the remaining charges pending against him as a result of a 34-count indictment returned in November 2001; this indictment charged him and his two brothers with various bank fraud-related activities. As a result of continuing plea negotiations with the U.S. Attorney’s Office for the Southern District of Iowa, on September 11, 2002, the defendant pleaded guilty to seven additional counts of bank fraud, including making or causing to be made false statements to the Federal Reserve Bank in connection with an application to acquire the stock of HCSB. As part of the plea negotiations with the government, the defendant will also forfeit a 60-acre farm; his residence in Carlisle, Iowa; a cabin at Clear Lake, Iowa; a condominium in Keystone, Colorado; $272,265 in cash; Worldquest Networks securities; a home entertainment system purchased for approximately $85,000; and a 1999 Cobalt boat purchased for approximately $40,000. As we previously reported, the defendant’s two brothers, both of whom were former board members of the HCSB, were convicted and sentenced. One of the brothers was sentenced to 5 days’ incarceration and 5 years’ probation; he was also ordered to pay restitution to the FDIC in the amount of $201,441. The other brother was sentenced to 4 days’ incarceration and 5 years’ probation; he was also ordered to pay restitution to the FDIC in the amount of $226,614. HCSB was an FDIC-regulated institution that was closed on January 14, 2000, by the Iowa Division of Banking. Subsequently, the FDIC OIG and the FBI conducted a joint investigation regarding suspected illegal activities. The U.S. Attorney’s Office for the Southern District of Iowa has handled prosecution of this case. Other Highlights The inscription on the plaques to Special Agents West and VanGent reads as follows:
OIG Organization : Focusing on the value of our people and the performance capacity of the OIG are top priorities in our organization. Strengthening our workforce capabilities will be particularly important in the next several years to position us for the future. Our intent is to ensure that the OIG will have the expertise necessary to carry out our strategic and performance plans and successfully conduct work related to the OIG-identified Management and Performance Challenges facing the Corporation. We focused heavily on our human capital efforts this reporting period. We completed two important initiatives under our Human Capital Strategic Plan that form the foundation for future human capital related efforts: the Business Knowledge Inventory System and the OIG Competencies Project. Through these efforts we have: prepared inventories of existing and needed workforce knowledge, identified competencies needed for every OIG position, and integrated the competencies with performance management criteria in the Performance Management Program. Other human capital projects are underway that build upon these efforts, including: aligning the competencies with OIG position descriptions and developing strategies to close the identified workforce knowledge gaps. Of note, the OIG has added several former bank examiners to its audit staff over the past several months. Future projects will develop guidance for leadership development and training to complement our leadership competency. As discussed previously, earlier this year the OIG identified the most significant Management and Performance Challenges facing the FDIC. We have continued to demonstrate our commitment to adding value to the Corporation by designing our core mission activities of audits, evaluations, and investigations, and other reviews to directly relate to these challenges. Details of our audit, evaluations, and investigations during this reporting period are presented along these lines earlier in this report. As a whole, this work shows increased alignment with the FDIC’s Management and Performance Challenges and our strategic goals and mission. Our 2003 Performance Report also shows our progress in creating this alignment and in meeting our strategic goals. To help us fulfill our commitment to adding value we are focused on communications with our stakeholders. In this spirit, we recently completed the fifth external customer survey regarding satisfaction with OIG products, processes, and services. We also continue to summarize significant OIG activities and accomplishments in a Weekly Highlights Report to the Chairman; perform reviews of proposed policies, regulations, and legislation; and participate in important corporate and industry initiatives. During this period our Office of Audits issued its Fiscal Year 2004 Assignment Plan. Communication with corporate management during the development of the plan ensured comprehensive coverage of the Corporation’s management and performance challenges. Further, we continued to work with the Corporation in the drafting stages of policy development and other initiatives, providing significant input into such critical areas as information security, the new enterprise architecture, and physical security.
OIG Completes Two Key Initiatives of Human Capital Strategic Plan Two key efforts under the Human Capital Strategic Plan were substantially completed during this reporting period and will serve as the basis for future important human capital projects. The OIG Business Knowledge Inventory System and the OIG Key Competencies Project together provide valuable information to the OIG on its skills and knowledge and will help to identify where we need to make investments in training, professional development, and recruitment. The OIG’s Business Knowledge Inventory System was developed to create a data-base of the collective business knowledge of all OIG employees and determine where our office may have gaps between the knowledge we need to perform our current and future audit, evaluation, and investigation work and the knowledge we collectively possess. We initiated this effort during the previous reporting period. During the current reporting period the OIG completed the survey, and summary data were prepared detailing the knowledge, education, and certifications of OIG staff. This information provides office heads and supervisors with a basis to determine the strengths and potential knowledge/skill weaknesses in the workforce and create business strategies to close knowledge gaps for conducting our future work. In addition, individuals can use the survey to develop their own career development plans and work with their supervisors to target training and professional development to those areas where the OIG has the greatest needs to increase knowledge and skills. The purpose of our Key Competencies Project is to identify the behaviors and skills needed by OIG staff members to contribute successfully to the overall mission and goals of the OIG. The core competencies can be used for: performance management; selection and promotions; individual training and development; organizational development; and position descriptions. The OIG contracted with an outside firm to help with this initiative. A core competency model was developed, refined, and validated by surveying all OIG employees to ascertain the job-relatedness and importance of the competencies and associated performance criteria to their particular positions. The model identified six competencies and associated performance criteria for all OIG staff and supervisors. (See next page.) Based on the results of the validation survey, OIG executives approved the use of the core competencies for the 2003-2004 cycle of the Performance Management Program, and OIG supervisors were trained on using the competencies and performance criteria in the Performance Management Program. In addition, a detailed presentation to all staff about the development of the key competencies and how they will be used was prepared for an OIG-wide conference. We plan to integrate the competencies and performance criteria into OIG position descriptions to ensure consistency with the validated model. OIG Policy Reviews Aim to Assist FDIC Program Officials One of the purposes that the Congress had in establishing Offices of Inspector General was for these independent units to recommend policies for activities designed to (1) promote economy, efficiency, and effectiveness and (2) prevent and detect fraud, waste, and abuse in government programs and operations. One of the ways that the FDIC OIG carries out this mandate is through its reviews of proposed FDIC policies and procedures. By reviewing policies while they are still in a draft format, the OIG can raise significant policy issues and make suggestions for improving the policies before the policies are put into effect. Additionally, in many cases, proposed policies have been initiated or revised in response to recommendations that have been made in OIG audit and evaluation reports. With our analyses and comments on draft policies and the OIG’s policy-related recommendations, we can assist FDIC program officials in correcting or avoiding problems and deficiencies in the administration of FDIC programs and operations. During this period, the OIG reviewed 51 policies that were proposed by FDIC operating divisions and offices. We provided the Corporation with 11 policy issues and suggestions aimed at strengthening and increasing the effectiveness of the policies. Seven of the 11 policy suggestions were resolved in subsequent or final drafts of the policies. The other four policy suggestions relate to pending policies. The suggestions related to such diverse corporate areas as physical security, human resources, the receivership management program, and many aspects of information technology security. We also provided extensive advisory comments and editorial suggestions to help clarify the policies, which were also generally included. During the reporting period we focused on developing a more useful format for reporting the policy suggestions to the Corporation and worked to create a means on our internal OIG Web site to make these analyses available to all OIG staff. The revised format separates significant policy issues and suggestions from other, more editorial suggestions designed to improve clarity.
OIG Internal Activities
Coordination with and Assistance to FDIC Management
[ Inspector General Gianni meets frequently with foreign delegations interested in the IG concept. The IG is pictured here with visitors from Thailand’s Office of Auditor General (top) and Poland’s Ministry of Finance (bottom). ] Organization Chart [D]
[D] [D] [D]
[ NOTE:This report has been physically divided into two sections in order to maintain download performance ] Link to Section II of the OIG's Semiannual Report to the Congress
|