FDIC issues new FIL…


FDIC issues new FIL…

…and pretty much confirms what most of us already knew; regulatory scrutiny has increased across the board.  FIL-13-2011 entitled “Reminder on FDIC Examination Findings” was just released March 1st, and in spite of the title,  is not so much a reminder but a response.  Here is the one-line summary:

“Recently, the FDIC has received some criticism that its examination findings have been overly harsh.”

Make no mistake, this is NOT a reminder, this is a response to a flurry of criticism from financial institutions who feel that:

  1. Their examiners are finding fault with policies, procedures and practices that they have not had problems with in past examinations, and
  2. The examiners are less willing to “work with them” to resolve the findings during the examination…before they appear in the exit letter.

I have heard the same criticism from our customers, and I think it is highly significant that the FDIC has seen fit to issue an FIL to address this.  This confirms that the problem is not sporadic, it is endemic, and it is the new normal.

The FIL goes on to describe the procedures by which an institution might formally express their concerns, but in the end there is little the institution can do to change the findings.  My attitude is that there are really only 3 ways to respond to an examiner finding:

  1. Admit that the finding is valid, and commit to making the recommended change(s). The vast majority are handled this way.
  2. Contest the finding.  This is a viable option only if you can demonstrate that you’ve made a different interpretation of the underlying guidance, and as a result of your risk analysis, you’ve come to a different conclusion.  If properly documented, this can be a very effective response.
  3. Refuse the finding.  This is an adversarial position and NOT really recommended, but I see this more often than you would think.

Given the new normal, the second option makes the most sense IF you’ve implemented an effective risk management process, because in the final analysis all examiner findings are about one thing…they believe you’ve accepted too much risk.  I’ve addressed effective risk management in detail here.

One other thing caught my eye in the FIL, because the fact that the FDIC felt necessary to address it indicates that it has become an issue:  “Prohibition Against Retaliation”. Apparently some institutions feel that not only are the examiners more critical, but that they have experienced “…retaliation, abuse, or retribution by an agency examiner…”.  This may be because institutions are choosing the adversarial option.  Even more reason to make sure that if and when you do decide to push back on an examiner finding, you do so in a logical, dispassionate way.  Make a risk-based case that focuses on the residual, or remaining, risk.  The vast majority of findings revolve around the examiner’s belief that you haven’t properly recognized that residual risk, and that as a result, it’s unacceptably high.  If you can demonstrate that you do in fact understand the risks, and have decided to accept them as a business decision, you will eliminate the vast majority of examination findings.

Tom Hinkel
As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.

2 comments

  1. Interesting, sounds like they are saying that this is a new era of examination and expect harsher findings. The list of channels to funnel your complaints through appears to be their way of softening the blow by saying if you still feel we were too hard or unfair you can always file complaints here. Long story short though, expect a tougher exam.

    1. Lots of ways to make your complaints heard, but all of them are through the FDIC. Even the ombudsman is a department of the FDIC. Reminds me of the motivational poster “The beatings will continue until morale improves”!

Write a Comment