my experience is that the OCC has what they deem "critical", and the FDIC and FRB have their own hit lists. joint FDIC/FRB this year, the FRB side was highly focused on IT risk and controls in place, while FDIC was all about compliance risk, fraud, and AML (including pro-active detection).
I have found the FDIC/FRB easier to work with simply that they say "here is what we need" and give you time to gather, then when you pass it to them they schedule time to discuss questions, etc. OCC were known to hover...walk in to your office, hand you a request, then sit and await you to gather the information...then any time they had a question just pop in and ask, never thinking they could wait and ask like 5 questions at one time toward the end of the day...
_________________________
Providing alternative truths since the invention of time