Tag: FIL

04 Mar 2016

FDIC Expands Criteria for 18 Month Exam Cycle

The FDIC released FIL-17-2016 today, which will increase the examination cycle for community banks meeting certain criteria from 12 months to 18 months, thereby potentially decreasing one of the most intrusive events in the bankers life.

The criteria is as follows:

  • Must be less than $1 B in assets
  • Must have a CAMELS composite rating of “1” or “2”
  • Must be well-capitalized
  • Must be well-managed
  • Must not have undergone any change in control during the previous 12 months
  • Must not be under an enforcement order or proceeding.

The 18 month examination cycle was previously not available to any community bank smaller than $500 million in assets, but now any bank smaller than 1 B will qualify, provided they meet the other criteria.

This is good news for already overly-burdened and otherwise healthy institutions, but what concerns me is the definition of “well-managed”. All of the other criteria is objective, and pretty easy to define and establish. But how will the regulators define well-managed? For example, if the institution had a single, non-material, repeat finding in their last exam, could that reflect poorly on management? After all, responsiveness to recommendation from auditors and supervisory authorities is one of the elements that make up the CAMELS management component.

And is it even possible for an institution to rate a composite score of “1” or “2” if it is not well-managed? Here is an extract from the FDIC Uniform Financial Institutions Rating System (UFIRS) relating to management:

  • Composite 2 : Only moderate weaknesses are present and are well within the board of directors’ and management’s capabilities and willingness to correct.
  • Composite 3: Management may lack the ability or willingness to effectively address weaknesses within appropriate time frames.



7 Reasons Why Small Community Banks Should Outsource IT Network Management



7 Reasons Why Small Community Banks Should Outsource IT Network Management



7 Reasons Why Small Community Banks Should Outsource IT Network Management

Based in this I think it’s highly unlikely that a bank could score a “2” and be poorly managed.

Anyway, time will tell how examiners define well-managed, but this is certainly a step in the right direction and should bring much needed relief to many institutions.

20 Mar 2012

FDIC issues FIL addressing proper use of Bank information

Although a quick read of this FIL makes it seem that it only addresses the proper use of confidential information after the institution is placed into receivership, it really has implications for the bank officers, directors and legal counsel of all financial institutions.    I’ll explain that in a moment, but first the FIL makes the following points:

  • Officers and directors have a fiduciary responsibility to act in the best interests of the institution at all times.
  • In the pursuit of that responsibility, access to institution records is essential.
  • If the institution goes into receivership, the receiver (FDIC) becomes the owner of the institutions’ records.
  • Officers and directors of failed or failing institutions who remove FI records in anticipation of litigation or enforcement activity against them may be in breach of their fiduciary duty.

It has been my experience that the vast majority of FIL’s are issued re-actively, instead of pro-actively, so I think it’s safe to assume that the FDIC has actually seen occasions where financial institution records have been removed and used by officers and directors for reasons other than for the benefit of the institution.  So if you are an officer or director, the clear message here is that using FI records to prepare for or defend against litigation is acting in your best interests, NOT the best interests of the institution*.  And legal counsel representing officers and directors must not advise their clients to copy or remove institution records under penalty of civil money penalties, consent orders, or removal and prohibition from the banking industry.

In addition to the “fiduciary responsibility” argument against possessing records, the FDIC also make an argument from confidentiality (GLBA Part 364b , SAR confidentiality, and Fair Credit Reporting regulations), and this has very real implications for all officers and directors regardless of the financial condition of the FI.  Here’s why…how many of your officers and directors receive confidential information?  All of them probably, right?  Board reports, examination reports, loan packages, audit committee minutes, etc.,  all are essential to performing their fiduciary duties.  Now how many of those records go off-site, and how are those records being secured in transit, use, and storage?  Are records stored off-site treated with the same document retention and destruction policies as those stored in-house?  The FDIC may not have the same motivation to go after officers and directors of healthy institutions that they do failed ones, but it is clear they expect records to be treated the same regardless of the physical location.  How are you distributing this information?  We’ve seen an increased interest in institutions using technologies such as iPads and cloud-based portals to distribute director reports, but you must be careful not to let convenience trump security.  Use this FIL as an excuse to review your records safekeeping practices and make sure you (and your officers and directors) are adhering to your data confidentiality, security, retention and destruction policies, wherever the data resides.

 

*The FDIC does recognize that officers and directors may have a legitimate need to access institution records to defend themselves from litigation, but they require that access to be arraigned formally through them, and only after signing confidentiality agreements.

03 Mar 2011

FDIC issues new FIL…

…and pretty much confirms what most of us already knew; regulatory scrutiny has increased across the board.  FIL-13-2011 entitled “Reminder on FDIC Examination Findings” was just released March 1st, and in spite of the title,  is not so much a reminder but a response.  Here is the one-line summary:

“Recently, the FDIC has received some criticism that its examination findings have been overly harsh.”

Make no mistake, this is NOT a reminder, this is a response to a flurry of criticism from financial institutions who feel that:

  1. Their examiners are finding fault with policies, procedures and practices that they have not had problems with in past examinations, and
  2. The examiners are less willing to “work with them” to resolve the findings during the examination…before they appear in the exit letter.

I have heard the same criticism from our customers, and I think it is highly significant that the FDIC has seen fit to issue an FIL to address this.  This confirms that the problem is not sporadic, it is endemic, and it is the new normal.

The FIL goes on to describe the procedures by which an institution might formally express their concerns, but in the end there is little the institution can do to change the findings.  My attitude is that there are really only 3 ways to respond to an examiner finding:

  1. Admit that the finding is valid, and commit to making the recommended change(s). The vast majority are handled this way.
  2. Contest the finding.  This is a viable option only if you can demonstrate that you’ve made a different interpretation of the underlying guidance, and as a result of your risk analysis, you’ve come to a different conclusion.  If properly documented, this can be a very effective response.
  3. Refuse the finding.  This is an adversarial position and NOT really recommended, but I see this more often than you would think.

Given the new normal, the second option makes the most sense IF you’ve implemented an effective risk management process, because in the final analysis all examiner findings are about one thing…they believe you’ve accepted too much risk.  I’ve addressed effective risk management in detail here.

One other thing caught my eye in the FIL, because the fact that the FDIC felt necessary to address it indicates that it has become an issue:  “Prohibition Against Retaliation”. Apparently some institutions feel that not only are the examiners more critical, but that they have experienced “…retaliation, abuse, or retribution by an agency examiner…”.  This may be because institutions are choosing the adversarial option.  Even more reason to make sure that if and when you do decide to push back on an examiner finding, you do so in a logical, dispassionate way.  Make a risk-based case that focuses on the residual, or remaining, risk.  The vast majority of findings revolve around the examiner’s belief that you haven’t properly recognized that residual risk, and that as a result, it’s unacceptably high.  If you can demonstrate that you do in fact understand the risks, and have decided to accept them as a business decision, you will eliminate the vast majority of examination findings.