FDIC just left! Wondering what type of audit everyone does on Non-Deposit Investment Products. We have a third party onsite. They have very strict internal controls. I really don't have any concerns about their business dealings, but the FDIC led us to believe they want us to do a "more thorough" audit. Can you share how in-depth you get with third-party NDIP audits? Do you look at their customer files? I know the regulators want you to, but that's a two-edged sword. Let me know, I'd really appreciate it!

Our external compliance auditors constantly stress the importance of internal file reviews on a monthly basis. I have noted in our Policy we'll do an annual file review (which I'm behind on..). They still come back and stress the monthly review. Another point I try to argue is the fact that every new file is reviewed and approved by the Office of Supervisory Jurisdiction (OSJ) Manager who is responsible for the accuracy and completeness of each account. In addition, an additional come-back is the fact that I am not qualified and do not get the continuing education in this area. I am however, tying to work something out with a checklist I've got that basically indicates certain doc's are in file, signed or initialed, etc. because I know the responsibility will fall on my shoulders during the regulatory examination and there-after.

Do you ever get any resistance - privacy issues - looking at their customers' files?

Regarding Privacy - we have a separate authorization form we require the customer to sign (e.g. the customer wants to relay what COD, savings they have with us). In addition, we've added to our Privacy Policy under the restriction on the disclosure of account information heading that "Bank financial information can be released to the Financial Consultant only through execution of the written authorization form."

I mean the other way - our third-party broker is VERY hesitant in letting us know any of their business. They want to protect their customers' privacy. We can't get any information from them. Even when they perform their own internal audits, they will only let me know that they have done them, they won't tell me the scope of their audit - and I know it is very thorough.

Here is FDIC's NDIP Examination Procedures, in PDF format, which includes a section (Pg. 15) on Independent Review. It should give you an idea of what they expect to be included in your review.

FDIC NDIP Exam Procedures

Thanks - I have reviewed those before but my third party broker seemed to think there were no other banks following those guidelines. My examiner didn't get into any great detail so I thought I would put it out here on the threads to see what the real world does.

Seems that when ever the investment company comes in for their own audit I don't know until "after-the-fact". However, they do send a written response to the financial consultant that outlines their review and their findings.

I just recently completed a review of our NDIP program. The OCC is our regulator, however their handbook often refers to the Interagency Statement on Retail Sales of NDIP. Does your written agreement authorize you to monitor the third party and periodically review and verify that the third party and its sales rep's are complying with its agreement with the institution? I would think your third party should be more than willing to allow you to review their files.

Our NDIP program came to be prior to my existence. It was never looked at from an audit or compliance point of view. The examiners were not thrilled, however I was pleased to find all the required elements in place... at least in the agreement. And very delighted with the assistance I received from the third party since I had a whole lot of questions.

Everything is in place as far as the contract/interagency statement is concerned. I have no concerns as an auditor. The problem is that no correspondence whatsoever leaves that office without going through their main office for extreme scrutiny. The fax machine is monitored and every call must be accounted for. They barely let their brokers deal with the customers let alone an "outside" auditor. They try...they are a "big" firm and have a lot of red tape. I'm sure they are looked at very heavily by the SEC. Makes me wonder if it is really necessary for another regulatory agency to review them.

If you would e-mail me at sriley@fnbl.com I would be happy to share my internal audit program regarding NDIP's. We are an OCC regulated national bank which has had the program in place since 1996. We will be changing service providers for NDIP in February 2003 but I expect to follow similar procedures.