In

FDIC Expands Criteria for 18 Month Exam Cycle

More Time

The FDIC released FIL-17-2016 today, which will increase the examination cycle for community banks meeting certain criteria from 12 months to 18 months, thereby potentially decreasing one of the most intrusive events in the bankers life.

The criteria is as follows:

  • Must be less than $1 B in assets
  • Must have a CAMELS composite rating of “1” or “2”
  • Must be well-capitalized
  • Must be well-managed
  • Must not have undergone any change in control during the previous 12 months
  • Must not be under an enforcement order or proceeding.

The 18 month examination cycle was previously not available to any community bank smaller than $500 million in assets, but now any bank smaller than 1 B will qualify, provided they meet the other criteria.

This is good news for already overly-burdened and otherwise healthy institutions, but what concerns me is the definition of “well-managed”. All of the other criteria is objective, and pretty easy to define and establish. But how will the regulators define well-managed? For example, if the institution had a single, non-material, repeat finding in their last exam, could that reflect poorly on management? After all, responsiveness to recommendation from auditors and supervisory authorities is one of the elements that make up the CAMELS management component.

And is it even possible for an institution to rate a composite score of “1” or “2” if it is not well-managed? Here is an extract from the FDIC Uniform Financial Institutions Rating System (UFIRS) relating to management:

  • Composite 2 : Only moderate weaknesses are present and are well within the board of directors’ and management’s capabilities and willingness to correct.
  • Composite 3: Management may lack the ability or willingness to effectively address weaknesses within appropriate time frames.



7 Reasons Why Small Community Banks Should Outsource IT Network Management



7 Reasons Why Small Community Banks Should Outsource IT Network Management



7 Reasons Why Small Community Banks Should Outsource IT Network Management

Based in this I think it’s highly unlikely that a bank could score a “2” and be poorly managed.

Anyway, time will tell how examiners define well-managed, but this is certainly a step in the right direction and should bring much needed relief to many institutions.

Print Friendly, PDF & Email

Article by Tom Hinkel

As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.

Leave your comment