Skip to content
 

Can You Spell R-I-S-K? New FDIC Compliance Exam Procedures - Mary Beth Guard

Can You Spell R-I-S-K?
New FDIC Compliance Exam Procedures
by BOL Guru Mary Beth Guard

The FDIC announced June 20, 2003 that it is revising the compliance examination process to focus increased attention on an institution's compliance management system. There's a new Financial Institution Letter on the subject, FIL-52-2003, and supplemental materials in the form of two chapters that will be incorporated into the exam manual.

State-chartered nonmember institutions will want to read the entire guidance. Since this may be a harbinger of things to come, institutions with other charters would be well-advised to take a look as well.

We've done a fast read, and here's a quick heads-up:

  • The revised exam procedures will be posted on FDIC's Web site this month.
  • The new approach will be used for exams that have an on-site review beginning on or after June 30, 2003.
  • The first change you'll note is a new request document. They've combined the information and coument requests into one document with items specific to compliance management. The result should be more pre-exam, less time actually on site!
  • Fair lending exams and CRA evaluations will NOT be affected by the new process.
  • The major focus will be on your compliance program, to ensure you are taking the necessary responsibility for complying with consumer protection laws.
  • Whether you need a regular compliance audit or not depends upon your business. You determine whether it can be formal or informal. If it is a formal audit function, there should be a written report describing the scope and sample size, audit findings, and what you need to know to correct problems. The interagency audit policies should be followed.
  • More early attention will be given to both written and informal practices.
  • Transaction testing will be more particularized.
  • There will be a single report format for the report of examination.
  • FDIC says the purposes of the compliance exam are to:
    • assess the quality of an FDIC-supervised institution's compliance management system (see "Compliance Management System") for implementing federal consumer protection statutes and regulations;
    • review compliance with relevant laws and regulations; and
    • initiate effective supervisory action when elements of an institution's compliance management system are deficient or when significant violations of law are found.


  • The exam will blend risk-focused and process-oriented approaches.
  • There are three facets of risk-focusing: l) developing a compliance risk profile for an institution; 2) assessing the quality of an institution's compliance management system; and 3) testing selected transactions based on risk.
  • The evaluation of an institution's compliance management system will be from the top down, looking at management's knowledge and attitude for starters.
  • The evaluation will continue down and include everything from training to monitoring and audit programs.
  • Compliance begins at the top, and FDIC expects the board and management to have a viable system in place to manage compliance risk.
  • There are four stages to the compliance exam: l) pre-exam planning and analysis; 2) on-site examination; 2) reaching conclusions; and 4) communicating findings to institution management.
  • A second chapter provided by FDIC directly addresses a Compliance Management System (beginning on page 4 of this document.
  • A Compliance Management System should have three elements: l) board and management oversight; 2) compliance program; and 3) compliance audit.
  • They discuss in some detail the role of the compliance examiner, the role of management and the board, as well as the role of the compliance officer. There are some gems in there. This was one of my favorites: "To be effective at overseeing compliance and maintaining a strong compliance posture, a compliance officer must be provided with ongoing training, as well as sufficient time and adequate resources to do the job."
  • Compliance policies and procedures should be described in a document and reviewed and updated as the institution's business and regulatory environment change. Goals and objectives and appropriate procedures should be included.
  • Education of staff, management and the board is essential.
  • There are six regularly scheduled reviews in an effective monitoring system
    1. disclosures and calculations for various product offerings;
    2. document filing and retention procedures;
    3. posted notices, marketing literature, and advertising;
    4. various state usury and consumer protection laws and regulations;
    5. third-party service provider operations; and
    6. internal compliance communication systems that provide updates and revisions of the applicable laws and regulations to management and staff.
  • When changes are made that impact compliance, applicable personnel in all affected operating units should be advised of the changes.
  • Procedures should be established for addressing consumer complaints properly.



First published on BankersOnline.com 06/20/03

First published on 06/20/2003

Filed under: 
Compliance
Filed under compliance as: 
Compliance/Compliance Management
CRA
FDIC

Report a problem with this page

Search Topics