The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.
ANNUAL REPORT 2017 FEDERAL DEPOSIT INSURANCE CORPORATION THIS PAGE INTENTIONALLY LEFT BLANK ANNUAL REPORT 2017 FEDERAL DEPOSIT INSURANCE CORPORATION ANNUAL REPORT FEDERAL DEPOSIT INSURANCE CORPORATION 550 17th Street NW, Washington, DC 20429 OFFICE OF THE CHAIRMAN February 15, 2018 Dear Sir, In accordance with: ♦♦ the provisions of Section 17(a) of the Federal Deposit Insurance Act, ♦♦ the Chief Financial Officers Act of 1990, Public Law 101-576, ♦♦ the Government Performance and Results Act of 1993 (as amended) and the GPRA Modernization Act of 2010, ♦♦ the provisions of Section 5 (as amended) of the Inspector General Act of 1978, ♦♦ the Reports Consolidation Act of 2000, and ♦♦ the provisions of the Fraud Reduction and Data Analytics Act of 2015, the Federal Deposit Insurance Corporation (FDIC) is pleased to submit its 2017 Annual Report (also referred to as the Performance and Accountability Report), which includes the audited financial statements of the Deposit Insurance Fund and the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund. In accordance with the Reports Consolidation Act of 2000, the FDIC assessed the reliability of the performance data contained in this report. No material inadequacies were found, and the data are considered to be complete and reliable. Based on internal management evaluations, and in conjunction with the results of independent financial statement audits, the FDIC can provide reasonable assurance that the objectives of Section 2 (internal controls) and Section 4 (financial management systems) of the Federal Managers’ Financial Integrity Act of 1982 have been achieved, and that the FDIC has no material weaknesses. We are committed to maintaining effective internal controls corporate-wide in 2018. Sincerely, Martin J. Gruenberg Chairman The President of the United States The President of the United States Senate The Speaker of the United States House of Representatives 2 F E D E R A L D E P O S I T I N S U R A N C E C O R P O R AT I O N 2017 TA B L E O F C O N T E N T S Message from the Chairman...............................................................................................................................5 Message from the Chief Financial Officer........................................................................................................17 FDIC Senior Leaders........................................................................................................................................19 I. Management’s Discussion and Analysis.................................................................................................21 The Year in Review...................................................................................................................................23 Overview..........................................................................................................................................................23 Deposit Insurance.............................................................................................................................................23 Supervision ......................................................................................................................................................24 Supervision Policy.............................................................................................................................................30 Financial Technology........................................................................................................................................32 Community Banking Initiatives........................................................................................................................33 Activities Related to Systemically Important Financial Institutions...................................................................39 Depositor and Consumer Protection................................................................................................................45 Receivership Management................................................................................................................................52 Enhancing the FDIC’s IT Security....................................................................................................................55 Minority and Women Inclusion........................................................................................................................57 International Outreach ....................................................................................................................................59 Effective Management of Strategic Resources....................................................................................................60 II. Performance Results Summary...............................................................................................................63 Summary of 2017 Performance Results by Program..........................................................................................65 Performance Results by Program and Strategic Goal.........................................................................................67 Prior Years’ Performance Results.......................................................................................................................73 III. Financial Highlights.................................................................................................................................83 Deposit Insurance Fund Performance...............................................................................................................85 IV. Budget and Spending...............................................................................................................................89 FDIC Operating Budget...................................................................................................................................91 2017 Budget and Expenditures by Program .....................................................................................................92 Investment Spending........................................................................................................................................93 V. Financial Section......................................................................................................................................95 Deposit Insurance Fund (DIF).........................................................................................................................96 FSLIC Resolution Fund (FRF).......................................................................................................................112 Government Accountability Office Auditor’s Report.......................................................................................120 Management’s Report on Internal Control Over Financial Reporting.............................................................125 Management’s Response to the Auditor’s Report.............................................................................................126 VI. Risk Management and Internal Controls...............................................................................................127 Fraud Reduction and Data Analytics Act of 2015...........................................................................................129 Management Report on Final Actions............................................................................................................130 VII. Appendices.............................................................................................................................................133 A. Key Statistics............................................................................................................................................135 B. More About the FDIC.............................................................................................................................149 C. Implementation of Key Regulations ........................................................................................................158 D. Office of Inspector General’s Assessment of the Management and Performance Challenges Facing the FDIC.....................................................................................................................161 E. Acronyms.................................................................................................................................................198 ANNUAL REPORT 2017 3 INSURING DEPOSITS ♦ EXAMINING AND SUPERVISING INSTITUTIONS ♦ MAKING LARGE AND COMPLEX FINANCIAL INSTITUTIONS RESOLVABLE ♦ MANAGING RECEIVERSHIPS ♦ EDUCATING CONSUMERS In its unique role as deposit insurer of banks and savings associations, and in cooperation with the other state and federal regulatory agencies, the FDIC promotes the safety and soundness of the U.S. financial system and insured depository institutions by identifying, monitoring, and addressing risks to the Deposit Insurance Fund. The FDIC promotes public understanding and the development of sound public policy by providing timely and accurate financial and economic information and analyses. It minimizes disruptive effects from the failure of financial institutions and assures fairness in the sale of financial products and the provision of financial services. The FDIC’s long and continuing tradition of excellence in public service is supported and sustained by a highly skilled and diverse workforce that continuously monitors and responds rapidly and successfully to changes in the financial environment. At the FDIC, we are working together to be the best. 2017 M E S S A G E F RO M T H E C H A I R M A N For 84 years, the FDIC has carried out its mission of maintaining public confidence and stability in the U.S. financial system. The FDIC does this by insuring deposits; supervising and examining financial institutions for safety, soundness, and consumer protection; making large firms resolvable; and managing receiverships when banks fail. At the end of September 2017, the FDIC insured deposits of $7.1 trillion in more than 580 million accounts at 5,738 institutions, supervised 3,669 institutions, and managed 367 active receiverships with total assets of nearly $5 billion. The year 2018 marks a full decade since the start of the financial crisis. Stemming the crisis required unprecedented actions by the U.S. government, including the FDIC, to restore confidence in financial markets and to address the problems of systemically important financial institutions. The FDIC recently published a history, Crisis and Response: An FDIC History 2008–2013, to document the lessons learned during that period. The study is intended to serve as a guidepost for future policymakers who will someday be called upon to respond to the next period of financial instability. One of the most important lessons the book conveys—for regulators and bankers alike—is that we must not become complacent when economic and banking conditions appear strong. It is precisely during these times that the seeds can be sown for the next financial crisis. History shows that surprising and adverse developments in financial markets occur with some frequency. History also shows that the seeds of banking crises are sown by the decisions banks and bank policymakers make when they have maximum confidence that the horizon is clear. It is also worth keeping in mind that the evolution of the global financial system toward greater interconnectedness and complexity may tend to increase the frequency, severity, and speed with which financial crises occur. It would be a mistake to assume a severe downturn or crisis cannot happen again. Over the past decade, the banking system has transitioned from a position of extreme vulnerability to a position of strength. Operating with the stronger cushions of capital and liquidity required by the post-crisis reforms, U.S. banking organizations are experiencing strong earnings growth and are providing support to the U.S. economy. The challenge for the FDIC going forward will be to preserve the hard-earned improvements in the capital and liquidity of U.S. banking institutions and to sustain vigilant supervision of the banking industry, both to continue the strong performance of banks during this post-crisis period and to position the banking system to weather the next, inevitable downturn. Following is an overview of the current economic and financial outlook, the FDIC’s important accomplishments over the past year, as well as the strategic challenges we face. THE CURRENT OUTLOOK After experiencing the most severe financial crisis and economic downturn since the 1930s in 2008–2009, the U.S. economy is now well into its ninth year of recovery. Growth in real gross domestic product MESSAGE FROM THE CHAIRMAN 55 ANNUAL REPORT (GDP) has averaged 2.2 percent in this expansion, and was right around 3 percent in the second and third quarters of 2017. The stock market has reached new highs and real estate prices have been rising. Global economic growth appears to be picking up, with the International Monetary Fund raising its growth forecasts for Japan, China, and Europe. This post-crisis economic expansion is the thirdlongest expansion in U.S. history. In June 2018 it would become the second-longest expansion in our history. Banks have been able to use this period to rebuild their balance sheets and strengthen capital and liquidity. They have achieved steady growth in net income and loan balances and improved credit quality. In 2017 the industry saw a gradual slowdown in the annual rate of loan growth, which appears to be a function of the demand for credit rather than the supply. During the 12 months ended September 30, loan balances at banks increased by $322 billion, down from a $466 billion increase in 2016. Loan growth was strongest at community banks, which posted a 7.3 percent gain versus 3.5 percent for the industry overall. This improvement in the economic outlook is a positive development for banks and bank regulators. We know, however, that economic expansions eventually come to an end. We also know that financial shocks can come from unexpected sources at any time. Following the Savings & Loan crisis of the 1980s and the banking crisis of the late 1980s and early 1990s, we entered a 10-year economic expansion— the longest in U.S. history. Even that period was punctuated by a series of domestic and international crises that tested the effectiveness of risk managers. Banking and economic crises emerged during the 1990s and into the early 2000s in Scandinavia, Mexico, east Asia, Russia, and Argentina. Domestically, severe disruptions were averted in 1998 following the collapse of Long-Term Capital 6 Management that resulted from its use of high-risk arbitrage trading strategies. The 2001 crash in dotcom equity prices was soon followed by the sudden bankruptcies of Enron and WorldCom. Finally, the development that would ultimately trigger the recent financial crisis was the decision by financial institutions in increasing numbers, and of increasing size, to enter the business of originating or securitizing subprime and alternative mortgages. Such experience is a reminder that, despite the good conditions we currently see, there are always challenges that could quickly change the outlook. Even though the current expansion appears more sustainable than the boom that occurred in the years leading up to the 2008 crisis, there are vulnerabilities in the system that merit our attention. One vulnerability relates to the uncertainties associated with the transition of monetary policies— both here and abroad—from a highly expansionary to a more normal posture. Market responses to changes in monetary policy can be hard to predict. Recently, the Board of Governors of the Federal Reserve System has embarked on a gradual reduction in the size of its balance sheet. Thus far, there has been no apparent market reaction. Nonetheless, higher interest rates could pose problems for industry sectors that have become more indebted during this expansion. By many measures, stocks, bonds, and real estate are richly priced. Stock price-to-earnings ratios are at high levels, traditionally a cautionary sign to investors of a potential market correction. Bond maturities have lengthened, making their values more sensitive to a change in interest rates. As measured by capitalization rates, prices for commercial real estate are at high levels relative to the revenues the properties generate, again suggesting greater vulnerability to a correction. Taken together, these circumstances may represent a significant risk for financial market participants. While the banking system is much stronger now than it was entering the crisis, continued vigilance is warranted. MESSAGE FROM THE CHAIRMAN 2017 FOCUSING ON INTEREST-RATE RISK, CREDIT RISK, AND LIQUIDITY RISK cash flow scenario analysis and sensitivity testing, and contingency funding planning. While the financial performance of the banking industry continues to improve, evidence of growing interest-rate risk, credit risk, and liquidity risk merit attention. A prolonged period of low interest rates has resulted in narrow net interest margins, and many banks have responded by investing in longer-term assets, which has increased the mismatch between asset and liability maturities. Further, in conjunction with the Federal Reserve Board and OCC, we issued a series of frequently asked questions to address the applicability of the liquidity coverage ratio rule, which was adopted in 2014 to implement a quantitative liquidity requirement consistent with the standard established by the Basel Committee on Banking Supervision. Examiners have also noted that lending in higherrisk loan categories has been increasing, and that institutions with concentrated portfolios have been growing more rapidly and placing greater reliance on potentially volatile funding sources than the rest of the industry. The FDIC will continue to monitor these trends, as well as the risk-management practices of supervised institutions associated with loan underwriting, credit administration, and portfolio management. In 2016, the FDIC, Federal Reserve Board, and Office of the Comptroller of the Currency (OCC) increased the frequency of examinations of large banks that participate in the Shared National Credit (SNC) program. The most recent report, which reflects examinations conducted in the third quarter of 2016 and first quarter of 2017, noted that credit risk in the portfolio remains elevated due to borrowers that exhibited excessive leverage, as well as distressed loans in the oil and gas sector. During 2017, the FDIC observed instances of liquidity stress at a small number of insured financial institutions and broad trends of reduced balance sheet liquidity among smaller banks. In response, the FDIC co-hosted an interagency community bank teleconference to discuss trends in community bank liquidity and funds management and the importance of sound risk-management practices. The FDIC, Federal Reserve Board, OCC, and Conference of State Bank Supervisors reiterated the importance of a strong cushion of liquid assets and diversified funding, and discussed brokered deposit restrictions, These examples of increasing risk are noteworthy because it is during this phase of the credit cycle that underwriting and investment decisions are made that may lead to losses in the future. Addressing these risks before losses materialize will benefit banks and contribute to the stability and resilience of the industry. We will continue to focus our supervisory attention on these risk areas going forward. ADDRESSING CYBERSECURITY RISK The rapidly evolving nature of cybersecurity risk reinforces the need for regulators, financial institutions, and critical technology service providers to have high-quality controls and clear and tested business continuity plans. The FDIC collaborates with other financial regulators, law enforcement, security agencies, and public-private partnerships to better understand the cybersecurity threats to the financial system, and to identify opportunities to adjust supervisory strategies to increase their effectiveness. The FDIC, Federal Reserve Board, and OCC continue to collaborate to strengthen cybersecurity risk management among the entities we supervise. For example, in 2017, we updated the interagency Cybersecurity Assessment Tool that helps financial institutions determine their cyber risk profile, inherent risks, and level of cybersecurity preparedness. This update addressed feedback from entities that are using the tool. The FDIC monitors cybersecurity issues on a regular basis through on-site bank examinations. In 2016, we introduced the Information Technology Risk Examination Program to enhance our ability to MESSAGE FROM THE CHAIRMAN 7 ANNUAL REPORT identify, assess, and validate information technology and operations risks in financial institutions. We are using information gathered through the program to provide more specific, targeted findings with respect to information technology, which can help financial institutions better prioritize their actions. The FDIC, Federal Reserve Board, and OCC jointly examine the services multiple companies provide to the banking industry. We introduced a new cybersecurity examination work program in 2017 that has improved our risk focus on cybersecurity, among other information technology risks. Additionally, in December, we held a roundtable meeting with some of the most significant service providers to discuss key risk topics, including cybersecurity. In 2017, the FDIC also continued to strengthen its own cybersecurity posture. Our Insider Threat and Counterintelligence Program is in place to safeguard employees, information, operations, and facilities, and we continue to enhance our procedures and programs for securing sensitive information. The FDIC also requires employees to take annual security and privacy training so they are aware of our security standards. This is supplemented by periodic exercises to help ensure employees stay alert to possible outside threats. Information security is a top priority at the FDIC. We will continue to enhance our security controls in light of the changing threat landscape. RESOLUTION OF SYSTEMICALLY IMPORTANT FINANCIAL INSTITUTIONS The FDIC continues to evaluate firm-developed resolutions plans, and to develop its own strategies to facilitate the orderly failure of large, complex, Systemically Important Financial Institutions (SIFIs) without taxpayer support or market breakdowns. 8 Wall Street Reform and Consumer Protection Act, bankruptcy is the statutory first option for resolving a SIFI. To satisfy this requirement, the largest bank holding companies and certain non-bank financial companies are required to prepare resolution plans, also referred to as “living wills.” These living wills must demonstrate that the firm could be resolved under bankruptcy in a rapid and orderly manner that substantially mitigates the risk that its failure would have serious adverse effects on financial stability in the United States. The FDIC and the Federal Reserve Board are charged with jointly reviewing and assessing each firm’s resolution plan. The eight largest U.S. systemically important banking organizations submitted their plans by July 2017. In December, the FDIC and Federal Reserve Board completed their review. We identified no deficiencies, but did identify shortcomings in the plans of four firms. While the agencies agreed these weaknesses did not necessitate immediate plan resubmissions, they are important enough to highlight and have addressed in the firms’ next plan submissions, which are required by July 1, 2019. These results represent the significant progress firms have made to modify their corporate structures so that losses can be borne by investors in an orderly way. However, inherent challenges and uncertainties associated with the resolution of a SIFI remain. Toward that end, the agencies identified four areas in which more work needs to be done by all firms to continue to improve their resolvability: intra-group liquidity; internal loss-absorbing capacity; derivatives; and payment, clearing, and settlement activities. Living Wills Moreover, the resolvability of firms will change as markets change and as firms’ activities, structures, and risk profiles change. We expect the firms to remain vigilant in considering the resolution consequences of their day-to-day management decisions. In 2017, the FDIC remained committed to carrying out the statutory mandate that SIFIs demonstrate a clear path to an orderly failure under bankruptcy at no cost to taxpayers. Under the Dodd-Frank In addition to the eight U.S. firms, in March 2017 the agencies issued guidance to four foreign banking organizations to help them improve their resolution plans and to reflect the significant restructuring that MESSAGE FROM THE CHAIRMAN 2017 they have undertaken to form intermediate holding companies within the United States. The feedback was organized around a number of key vulnerabilities, such as capital, liquidity, and corporate governance mechanisms. These four firms will file their next plans in 2018. Overall, the living will process has proved to be an important means for identifying and implementing measures to enhance SIFIs’ resolvability. Firms have taken significant actions, including restructurings, operational continuity planning, and options for separating assets, business lines, and entities from a failing company. Firms also have improved their management information systems capabilities, financial resource measurement and processes, and resolution planning governance, all of which are key elements for enhancing resolvability. The FDIC and Federal Reserve Board are exploring ways to further improve the resolution planning process. One measure we are considering is extending the cycle for living will submissions to every two years and focusing, on an alternating basis, on key topics and material changes from the prior full plan. In addition, there may be opportunities to reduce the submission requirements for a large number of firms due to their relatively small, simple, and domestically focused banking activities. Orderly Liquidation Authority Given the challenges and uncertainty surrounding any particular failure, Title II of the Dodd-Frank Act provides the Orderly Liquidation Authority for circumstances when an orderly failure in bankruptcy might not be possible. This authority allows the FDIC to manage the orderly failure of a firm when failure in bankruptcy might threaten financial stability. Coupled with the Federal Reserve’s Total LossAbsorbing Capacity (TLAC) rule, which requires a minimum amount of long-term unsecured debt that can be converted to equity in resolution, these authorities work together to increase the likelihood that financial markets and the broader economy can weather the failure of a SIFI; that shareholders, creditors, and culpable management of the institution will be held accountable without cost to taxpayers; and that such an institution can be wound down and liquidated in an orderly way. As has occurred in the United States, the other leading jurisdictions of the world have enacted expanded authorities for the resolution of SIFIs. The FDIC has worked closely with all major financial jurisdictions, including the United Kingdom, the European Banking Union, Switzerland, and Japan, to facilitate cross-border resolution planning. In the years since enactment of Dodd-Frank, the FDIC has made significant progress in developing the operational capabilities necessary to carry out a resolution under the Orderly Liquidation Authority if needed. The fact that the credit rating agencies have lowered the credit ratings of the eight U.S. Global Systemically Important Banks (G-SIBs) because of a reduced expectation of taxpayer support in the event of failure is a sign of that progress. Until we actually execute a resolution using these authorities we should be cautious about bold statements. However, we have a domestic and international framework in place today that would have been extremely helpful in 2008, and that should promote a better outcome in the future. REBUILDING THE DIF, RESOLVING FAILED BANKS Under a restoration plan that reflects the statutory requirement to rebuild the Deposit Insurance Fund (DIF), the fund balance has increased every quarter since the end of 2009, when it reached an all-time low. As of December 31, 2017, the fund balance had increased to $92.7 billion. The DIF reserve ratio— the ratio of the DIF balance to estimated insured deposits—was 1.28 percent at September 30, 2017, the highest reserve ratio since June 2005. The Dodd-Frank Act raised the minimum reserve ratio for the DIF from 1.15 percent to 1.35 percent, MESSAGE FROM THE CHAIRMAN 9 ANNUAL REPORT and mandates that the reserve ratio reach 1.35 percent by September 30, 2020. Dodd-Frank also assigns the cost of that increase in the minimum reserve ratio to banks with $10 billion or more in total assets. To meet these requirements, large banks have been paying temporary assessment surcharges. Surcharges began in the third quarter of 2016—the quarter after the reserve ratio surpassed 1.15 percent—and will continue through the quarter in which the reserve ratio first meets or exceeds 1.35 percent. The FDIC expects the reserve ratio to reach 1.35 percent in 2018, ahead of the September 2020 statutory deadline. In the event that the reserve ratio does not reach 1.35 percent by the end of 2018, FDIC regulations call for a shortfall assessment in early 2019 on banks with total assets of $10 billion or more to cover the gap. In 2017, the numbers of failed banks and problem banks continued their trend toward pre-crisis levels. There were eight bank failures in 2017, down dramatically from a yearly peak of 157 in 2010, while the number of banks on the problem bank list (banks rated 4 or 5 on the CAMELS rating scale) fell to 104 at the end of September 2017 from a high of 888 in March 2011. During 2017, the FDIC successfully used various resolution strategies to protect insured depositors of failed institutions at the least cost to the DIF. The FDIC actively marketed failing institutions and sold them to other financial institutions. These strategies protected insured depositors and preserved banking relationships in many communities, providing depositors and customers with uninterrupted access to essential banking services. MANAGING FDIC RESOURCES As the banking industry continues to recover, the FDIC requires fewer resources. The agency’s authorized workforce for 2017 was 6,363 full-time equivalent positions compared with 6,533 the year before. The 2017 FDIC Operating Budget was $2.16 billion, a decrease of 2.4 percent from 2016. 10 The FDIC remains committed to fulfilling its mission while prudently managing costs. We reduced our budget for 2018 from the prior year by 3.0 percent to $2.09 billion and reduced authorized staffing by approximately 4.5 percent to 6,076 positions. This is the eighth consecutive reduction in the FDIC’s annual operating budget. However, contingent resources are included in the budget to ensure readiness should economic conditions unexpectedly deteriorate. COMMUNITY BANKING INITIATIVE The FDIC is the primary federal supervisor of the majority of community banks in the United States, and community banks account for 92 percent of FDIC-insured institutions. For these reasons, community banking is an important focus of FDIC supervision, technical assistance, and research. The FDIC maintains an extensive community bank research program, hosts community banking conferences, and convenes an Advisory Committee on Community Banking, through which the FDIC Board receives regular input from bankers. Community banks are critically important to our economy and the banking system. Community banks account for 13 percent of the banking assets in the United States, and 43 percent of the small loans to businesses and farms originated by all banks, making them key partners in supporting local economic development and job creation. The community banking sector continues to demonstrate resilience and innovation in meeting new challenges and competing in an evolving financial marketplace. Helping community banks meet the challenges they face is an important part of the FDIC’s Community Banking Initiative. These include challenges in the areas of recruitment and succession planning. In response, the FDIC developed a directory of universities and colleges that have established academic programs dedicated to community banking, and is working with the American Bankers Association to explore the feasibility of establishing an online clearinghouse through which banks can connect with universities and colleges seeking to place MESSAGE FROM THE CHAIRMAN 2017 students who have an interest in banking internships and jobs. federal and state housing finance agencies, the FHLBs, and government-sponsored enterprises. Also in 2017, in response to feedback from our Advisory Committee on Community Banking, we prepared a virtual version of the Directors’ Colleges that we deliver throughout our regions. The virtual curriculum includes six video modules covering topics directors most often tell us they want to learn more about: interest-rate risk, troubled debt restructurings, the Bank Secrecy Act, and corporate governance. In 2016 the FDIC launched a new survey regarding banks’ small business lending practices. This survey was designed to solicit and report information on the general characteristics of banks’ small business borrowers, the types of credit offered to small businesses, and the relative importance of commercial lending for banks of different sizes and business models. This information increases the understanding of how banks of all sizes are lending to small businesses, which is crucial to job creation. The survey has generated valuable data about a previously underresearched area, and a full report of the survey results will be released in 2018. The FDIC also hosted banker webinars focusing on financial education, accessing affordable mortgage credit, and changes to the Call Report. Additionally, we conducted 11 banker teleconferences to discuss changes to the Home Mortgage Disclosure Act, proposed changes to the capital rules, small business resources for community banks, liquidity and funds management, the Bank Secrecy Act, Community Development Lending, reasonably expected market areas, and new accounting proposals. In addition, we conducted three seminars on FDIC deposit insurance coverage for bank officers and employees, and released three videos covering Fundamentals of Deposit Insurance Coverage, Deposit Insurance Coverage for Revocable Trust Accounts, and Advanced Topics in Deposit Insurance Coverage. The FDIC also published a new guide to help community bankers learn more about the programs and products offered by the Federal Home Loan Banks (FHLBs) to facilitate mortgage lending. The first two parts of the Guide focus on Federal Agencies and Government-Sponsored Enterprises and State Housing Finance Agencies. The Affordable Mortgage Lending Guide, Part III: Federal Home Loan Banks describes many of the products and services offered by FHLBs, including products that support singlefamily home purchases, and alternatives for selling mortgages on the secondary market. The three-part guide is available through the FDIC’s Affordable Mortgage Lending Center, an online resource to help community bankers understand and compare the mortgage-lending products and services offered by Finally, the FDIC’s Advisory Committee on Community Banking is an ongoing forum for discussing current issues and receiving valuable feedback from the industry. The committee, which met three times during 2017, is composed of chief executives of 13 community banks located around the country. The committee provides valuable input on a wide variety of topics, including examination policies and procedures, capital and other supervisory issues, credit and lending practices, deposit insurance assessments and coverage, and regulatory compliance issues. Supporting De Novo Banks De novo institutions fill important gaps in local banking markets, provide credit and services to communities that may be overlooked by larger institutions, and help to preserve the vitality of the community banking sector. The FDIC is committed to working with, and providing support to, any group with an interest in starting a de novo bank, and welcomes applications for deposit insurance. The current environment, with low interest rates and the resulting impact on net interest margins, is challenging for the formation of new banks. Nevertheless, we have seen tentative signs of an uptick in de novo formations, including increased interest from prospective organizing groups in filing MESSAGE FROM THE CHAIRMAN 11 ANNUAL REPORT applications for new insured depository institutions. During 2017, the FDIC approved six applications for deposit insurance for new community banks. To encourage interest and help organizing groups navigate the application process, the FDIC conducted a series of outreach meetings throughout the country. These meetings aimed to help organizing groups become fully informed about the FDIC’s application process and the tools and resources available to assist them. We also issued a publication entitled Applying for Deposit Insurance – A Handbook for Organizers of De Novo Institutions that is intended to help organizers become familiar with the deposit insurance application process and understand the path to obtaining insurance. SIMPLIFYING REGULATION In March of 2017, the FDIC, OCC and Federal Reserve Board (FRB) in conjunction with the National Credit Union Administration (NCUA), all members of the Federal Financial Institutions Examination Council (FFIEC), issued a joint report to Congress detailing our extensive, two-year review of the rules affecting financial institutions. This review is required by the Economic Growth and Regulatory Paperwork Reduction Act of 1996 (EGRPRA), and its purpose is to identify and eliminate, as appropriate, outdated or otherwise unnecessary regulatory requirements on insured depository institutions, while, at the same time, ensuring that safety and soundness and consumer compliance standards are maintained. The EGRPRA-mandated review is required at least once every 10 years, and this review cycle included, for the first time, the significant body of new rules and regulations introduced in response to the financial crisis. The regulatory review process is one we take very seriously. Over the course of the review, the federal banking agencies and the NCUA hosted six public outreach meetings and reviewed more than 230 comment letters submitted in response to four Federal 12 Register notices. The agencies have reviewed these comments and considered appropriate changes to reduce regulatory burdens on institutions. We also explored opportunities to improve the transparency and clarity of our supervisory policies and procedures, especially as they apply to community banks. Together with the other FFIEC agencies, we have taken certain steps and continue to take further measures to address the significant issues identified as burdensome by supervised institutions during the EGRPRA review process. For example: ♦♦ We adopted a final rule that expanded the examination cycle for certain insured depository institutions with up to $1 billion in total assets. Approximately 4,790 insured depository institutions are now eligible for the expanded exam cycle. ♦♦ We streamlined the Call Report, removing 40 percent of the data items previously required for institutions with domestic offices only and reducing the length of the Call Report for eligible small institutions from 85 pages to 61 pages. In June 2017, and again in November 2017, we proposed additional burden-reducing revisions to all three versions of the Call Report. ♦♦ We issued an interagency proposal to simplify the generally applicable capital framework and to clarify the definition of high-volatility commercial real estate. The proposed simplifications include changes to the regulatory capital treatment of mortgage servicing assets, deferred tax assets, investments in the capital instruments of other financial institutions, and minority interest. ♦♦ We finalized a rule regarding regulatory capital to pause the phase-in of certain regulatory capital adjustments and deductions that are part of the Basel III capital standard. ♦♦ We issued an interagency proposal to increase the threshold for requiring an appraisal on commercial real estate loans, which we believe will reduce regulatory burden in a manner consistent with safety and soundness. Comments MESSAGE FROM THE CHAIRMAN 2017 on the proposal have been received and are being evaluated. ♦♦ We issued an interagency bulletin to make bankers and other stakeholders aware of the options available in areas where there is a shortage of appraisers. The advisory addresses concerns raised pursuant to the EGRPRA review process, as well as during six roundtables between federal banking regulators, state commissioners, and rural community bankers. ♦♦ We raised the threshold for loans included in the SNC program from $20 million to $100 million. This action lowered the number of loans required to be reported by financial institutions, providing regulatory relief for 82 mid-sized financial institutions. The federal banking agencies also recognize that regulatory burden does not emanate solely from statutes and regulations, but often comes from processes and procedures related to examinations and supervisory oversight. Accordingly, the agencies are jointly reviewing the examination process, examination report format, and examination report preparation process. We are working to identify opportunities to minimize burden to bank management where possible, with a particular goal of determining whether technology can be used to make existing examination activities more efficient or allow for additional safety and soundness examination work to be conducted off-site. EGRPRA commenters recommended a number of legislative changes as well, and the FDIC is supportive of reforms that would: ♦♦ Raise the total assets threshold for conducting annual stress tests from $10 billion to $50 billion; ♦♦ Increase the asset threshold for banks eligible for an 18-month examination cycle from $1 billion to $2 billion; ♦♦ Raise the asset threshold for the community bank Call Report to match a higher examination frequency threshold; ♦♦ Create a new appraisal threshold exemption for insured depository institutions that originate a de minimis number (i.e., less than 25) of residential mortgage loans in a calendar year; and ♦♦ Deem banks with assets under $10 billion compliant with risk-based capital requirements if they maintain a leverage capital ratio of 10 percent and do not engage in a short, specified list of activities. Overall, the FDIC supports measures to ensure that financial regulations are simple and straightforward and that regulatory costs and burdens are minimized, particularly for smaller institutions. However, in considering ways to simplify or streamline regulations, it is important to preserve the gains that have been achieved in restoring confidence and stability since the financial crisis and maintaining the safety and soundness of the U.S. banking system. REGULATORY RELIEF IN DISASTER AREAS In 2017, communities in Florida, Georgia, Texas, and, in particular, the U.S. Virgin Islands and Puerto Rico, were affected by severe storms and flooding related to hurricanes. The FDIC worked to provide flexibility to financial institutions in these areas relative to appraisal requirements, lending and credit policies, and efforts to meet customers’ cash and financial needs. As these areas continue to recover, the FDIC encourages depository institutions to consider all reasonable and prudent steps to assist their customers, consistent with safe-and-sound banking practices. EXPANDING ACCESS TO BANKING SERVICES AND PROTECTING CONSUMERS Expanding access to mainstream banking services helps strengthen confidence in the nation’s financial system, the FDIC’s core mission. Our most recent National Survey of Unbanked and Underbanked Households, published in October 2016, produced MESSAGE FROM THE CHAIRMAN 13 ANNUAL REPORT encouraging results, showing that the proportion of unbanked households has fallen to 7 percent. But the survey provides ample evidence that much work remains to expand economic inclusion, particularly among households with incomes below $30,000 per year, African American households, Hispanic households, and households headed by a working-age individual with a disability. Building on the insights gained from the survey, the FDIC has undertaken a number of initiatives to expand economic inclusion. The FDIC introduced the Safe Accounts pilot in 2011 in response to survey findings and with the encouragement of the Advisory Committee on Economic Inclusion. Safe Accounts have a low or no minimum balance requirement, are electronicbased, use debit cards, do not include overdraft or nonsufficient funds fees, and have low, transparent monthly fees. These accounts are designed to better enable unbanked and underbanked households to access the banking system and to sustain banking relationships over time. Since the pilot concluded, we have identified examples of banks across the spectrum of the industry— money center, regional, and community banks— as offering accounts consistent with the features of the Safe Account. FDIC analysts estimate that nine in 10 Americans live in a county with a branch of an institution that offers Safe Accounts. This represents a significant improvement since 2011, but many banks and consumers remain unaware of the benefits of these low-cost, card-based products. To ensure that consumers who would benefit from Safe Accounts are aware of their availability and to encourage bank engagement, the FDIC has partnered with the non-profit Cities for Financial Empowerment Fund, Bank On programs, and FDIC-supported Alliances for Economic Inclusion, and has worked with other community groups, banks, state and local governments, and philanthropic organizations. Through these forums, we provide outreach to representatives of hundreds of community-based organizations and bankers across the country. 14 Bringing these groups together creates opportunities to identify strategies to reach unbanked populations by lowering the barriers to accessing banking services. In addition to the Safe Account effort, the FDIC continues to study how mobile financial services may help banks address many of the core financial service needs of underserved consumers, including providing more timely information about balances and transactions and more control over customers’ financial lives. We also continued our efforts to provide and promote effective financial education for young people. Offering financial education to school-age children opens the door to many opportunities and establishes the groundwork for a lifelong banking relationship. Through our Youth Savings Pilot program, we have studied the financial education programs offered by 21 banks in partnership with local schools over a twoyear period. These programs tie financial education with the opportunity to open a safe, low-cost savings account at bank branches, some of which are located in the schools and run by students. We gathered insights from the pilot into a report we published in March 2017. The many lessons we learned—about program design, the importance of partnerships, types of accounts offered, classroombased financial education, the role of parents and guardians, program costs, and measuring performance—provide a comprehensive roadmap for banks and schools that are teaming up to link financial education with opportunities to save. The FDIC also launched a Youth Banking Network, a platform to support banks as they work with school and nonprofit partners to create and expand youth savings programs. The FDIC offers periodic conference calls and resources on topics of interest to network members, which now total more than 50 institutions, and receives ongoing feedback from network participants on ways to support collaborations. Our Money Smart program is another example of our ongoing efforts to develop and promote financial MESSAGE FROM THE CHAIRMAN 2017 education. For example, Money Smart for Older Adults, a resource developed jointly by the FDIC and the Consumer Financial Protection Bureau, was updated in 2017 to help older adults and their caregivers guard against financial exploitation and make informed financial decisions. We also continue to collaborate with the U.S. Small Business Administration (SBA) on Money Smart for Small Business, a resource that provides practical guidance for starting and managing a business. The Strategic Alliance Memorandum between the FDIC and SBA ensures this collaboration will continue through 2018. Money Smart for Young People, a curriculum that involves educators, parents/caregivers, and young people in the learning process, continues to be well received. There have been more than 145,000 downloads of the curriculum, portions of which are available in Spanish, since its launch in 2015. These resources are at work in classrooms and also are used by workforce development organizations in providing financial education to young people in employment programs. Many of these initiatives, as well as the future of economic inclusion efforts, were discussed at the Economic Inclusion Summit the FDIC hosted in April. The event brought together representatives from banks, trade associations, non-profit organizations, government agencies, and the public to explore strategies for increasing underserved consumers’ access to the mainstream financial system. In particular, panelists discussed strategies for ♦♦ Establishing safe and sustainable banking relationships, ♦♦ Leveraging partnerships for banking access and financial empowerment, and ♦♦ Growing customer relationships and building long-term loyalty among diverse customers. The FDIC’s Advisory Committee on Economic Inclusion also met twice in 2017 to discuss topics such as neighborhood access to bank branches, economic inclusion for persons with disabilities, and an FDIC survey of entry-level consumer checking and savings accounts, as well as collaborations with community-based organizations and resources for affordable mortgage lending. Overall, the progress the FDIC and our collaborators have made in this area has been substantial—initiating the national survey, developing the model Safe Account and seeing it offered by financial institutions around the country, and exploring the potential of mobile financial services to expand access. CONCLUSION During 2017, the U.S. banking industry continued its recovery from the recent financial crisis. The industry benefited from stronger balance sheets, fewer problem banks and bank closings, increased lending activity, and a larger balance in the DIF. In 2018, the FDIC will continue to work to fulfill its mission of maintaining public confidence and stability in the nation’s financial system. As I previously emphasized, bankers and supervisors should not allow the current strong economic and banking conditions to be a cause for complacency. The challenge for the FDIC going forward will be to preserve the hard-earned improvements in the capital and liquidity of U.S. banking institutions and sustain vigilant supervision of the banking industry, both to continue the strong performance of banks during this post-crisis period and to position the banking system to weather the next inevitable downturn. The workforce of the FDIC remains committed to the agency’s mission. I am very grateful to the dedicated professionals of the FDIC for their commitment to public service and for the high level at which they carry out their important responsibilities. Sincerely, Martin J. Gruenberg MESSAGE FROM THE CHAIRMAN 15 THIS PAGE INTENTIONALLY LEFT BLANK 2017 M E S S A G E F RO M T H E CHIEF FINANCIAL OFFICER I am pleased to present the FDIC’s 2017 Annual Report (also referred to as the Performance and Accountability Report). The report covers financial and program performance information, and summarizes our successes for the year. The FDIC takes pride in providing timely, reliable, and meaningful information to its many stakeholders. For 26 consecutive years, the U.S. Government Accountability Office (GAO) has issued unmodified (unqualified) audit opinions for the two funds administered by the FDIC: the Deposit Insurance Fund (DIF) and the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund (FRF). We take pride in our responsibility and demonstrate discipline and accountability as stewards of these funds. We remain proactive in the execution of sound financial management and in providing reliable financial data. FINANCIAL AND PROGRAM RESULTS FOR 2017 The DIF balance (the net worth of the Fund) rose to a record $92.7 billion as of December 31, 2017, compared to the year-end 2016 balance of $83.2 billion. The Fund balance increase was primarily due to assessment revenue. For 2017, DIF comprehensive income was $9.6 billion, or $975 million lower than 2016 comprehensive income of $10.6 billion. While assessment revenue in 2017 of $10.6 billion was $608 million higher than 2016 assessment revenue of $10.0 billion, the lower negative provision for insurance losses of $1.4 billion year-over-year (negative $183 million in 2017 as compared to negative $1.6 billion in 2016) more than offset the effect of the revenue increase. The DIF U.S. Treasury securities investment portfolio balance was $83.3 billion as of December 31, 2017, an increase of $9.8 billion over the year-end 2016 portfolio balance of $73.5 billion. Interest revenue on DIF investments was $1.1 billion for 2017, compared to $671 million for 2016. In 2017, the FDIC continued its efforts to reduce operating costs and prudently manage the funds that it administers. The FDIC Operating Budget for 2017 totaled approximately $2.16 billion, which represented a decrease of $53 million (2.4 percent) from 2016. Actual 2017 spending totaled approximately $1.93 billion. On December 19, 2017, the FDIC Board of Directors approved a 2018 FDIC Operating Budget totaling $2.09 billion, down $66 million (3.0 percent) from the 2017 budget. Including 2018, the annual operating budget has declined for eight consecutive years, consistent with a steadily declining workload. The FDIC continues to reduce staffing levels, as conditions in the banking industry improve and the FDIC requires fewer resources. The FDIC’s authorized full-time equivalent staffing dropped in 2017 from 6,363 to 6,076, a 4.5 percent reduction. In 2018, we project further reductions in the overall workforce. However, we will maintain a workforce capable of handling our supervision, insurance, and bank failure functions. MESSAGE FROM THE CHIEF FINANCIAL OFFICER 17 17 ANNUAL REPORT In 2017, eight banks failed, up from five in 2016. Even though the number of bank failures is relatively low, we will continue to prudently manage the risks to the DIF, including interest rate, fiscal, and global economic risks. We will remain focused on sound financial management techniques, and maintain our enterprise-wide risk management and internal control program. Sincerely, Steven O. App 18 MESSAGE FROM THE CHIEF FINANCIAL OFFICER 2017 FDIC SENIOR LEADERS Seated (left to right): Vice Chairman Thomas M. Hoenig and Chairman Martin J. Gruenberg. Standing 1st Row (left to right): Jay N. Lerner, Barbara A. Ryan, Steven Primrose, Craig R. Jarvill, Arleas Upton Kea, Mark E. Pearce, Barbara Hagenbaugh, Doreen R. Eberley. 2nd Row (left to right): Howard G. Whyte, Suzannah L. Susser, Lawrence Gross, Jr., Charles Yi, Russell G. Pittman, Steven O. App, Bret D. Edwards, Lee Price, Arthur J. Murton, Kymberly K. Copa, and Diane Ellis. Not pictured: Robert D. Harris, Noreen Padilla, C. Richard Miserendino, Saul Schwartz, Andy Jiminez, M. Anthony Lowe, and Ricardo Delfin. FDIC SENIOR LEADERS 19 THIS PAGE INTENTIONALLY LEFT BLANK I. MANAGEMENT’S DISCUSSION AND ANALYSIS 21 THIS PAGE INTENTIONALLY LEFT BLANK 2017 THE YEAR IN REVIEW OVERVIEW The FDIC continued to fulfill its mission-critical responsibilities during 2017. Insuring deposits, examining and supervising financial institutions, making large financial firms resolvable, managing receiverships, and educating consumers are the core responsibilities of the FDIC. The agency adopted and issued proposed rules on key regulations under the Economic Growth and Regulatory Paperwork Reduction Act of 1996 (EGRPRA), and engaged in several community banking and community development initiatives. Cybersecurity remained a high priority for the FDIC in 2017; the agency worked to strengthen cybersecurity oversight, help financial institutions mitigate increasing risks, and respond to cyber threats. The sections below highlight these and other accomplishments during the year. DEPOSIT INSURANCE As insurer of bank and savings association deposits, the FDIC must continually evaluate and effectively manage how changes in the economy, financial markets, and banking system affect the adequacy and the viability of the Deposit Insurance Fund (DIF). Long-Term Comprehensive Fund Management Plan In 2010 and 2011, the FDIC developed a comprehensive, long-term DIF management plan designed to reduce the effects of cyclicality and achieve moderate, steady assessment rates throughout economic and credit cycles, while also maintaining a positive fund balance, even during a banking crisis. That plan complements the Restoration Plan, originally adopted in 2008 and subsequently revised, which was designed to ensure that the reserve ratio (the ratio of the fund balance to estimated insured deposits) reaches 1.35 percent by September 30, 2020, as required by the Dodd-Frank Act. Under the plan, a reduction in assessment rates took effect in the third quarter of 2016 as a result of the reserve ratio’s having surpassed 1.15 percent in the previous quarter. Under the long-term DIF management plan, to increase the probability that the fund reserve ratio will reach a level sufficient to withstand a future crisis, the FDIC Board set the Designated Reserve Ratio (DRR) of the DIF at 2.0 percent. In September 2017, the Board voted to maintain the 2.0 percent ratio for 2018. The FDIC views the 2.0 percent DRR as a long-term goal and the minimum level needed to withstand future crises of the magnitude of past crises. Additionally, as part of the long-term DIF management plan, the FDIC has suspended dividends indefinitely when the fund reserve ratio exceeds 1.5 percent. In lieu of dividends, the plan prescribes progressively lower assessment rates that will become effective when the reserve ratio exceeds 2.0 percent and 2.5 percent. State of the Deposit Insurance Fund Estimated losses to the DIF from bank failures that occurred in 2017 totaled $1.1 billion. The fund balance continued to grow through 2017, as it has every quarter after the end of 2009. Assessment revenue was the primary contributor to the increase in the fund balance in 2017. The fund reserve ratio rose to 1.28 percent at September 30, 2017, from 1.18 percent a year earlier. Minimum Reserve Ratio Section 334 of the Dodd-Frank Act, which increased the minimum reserve ratio of the DIF from 1.15 percent to 1.35 percent, requires that the reserve ratio reach that level by September 30, 2020. Section 334 also mandates that the FDIC offset the effect of the increase in the minimum reserve ratio on IDIs with total consolidated assets of less than $10 billion. The final rule implementing these requirements took effect on July 1, 2016. It imposes surcharges on the quarterly assessments of insured depository institutions (IDIs) with total consolidated assets of $10 billion or more. The surcharges will continue through the quarter in which the reserve ratio first M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 23 23 ANNUAL REPORT reaches or exceeds 1.35 percent. The surcharge equals an annual rate of 4.5 basis points applied to an institution’s regular quarterly deposit insurance assessment base after subtracting $10 billion, with additional adjustments for banks with affiliated IDIs. The FDIC expects the reserve ratio to reach 1.35 percent in 2018. If, contrary to the FDIC’s expectations, the reserve ratio does not reach 1.35 percent by December 31, 2018 (but is still at least 1.15 percent), the final rule requires the FDIC to impose a shortfall assessment on IDIs with total consolidated assets of $10 billion or more on March 31, 2019. Because the Dodd-Frank Act requires that the FDIC offset the effect of the increase in the reserve ratio from 1.15 percent to 1.35 percent on IDIs with total consolidated assets of less than $10 billion, the final rule exempts these smaller banks from the surcharges and provides assessment credits to these institutions for the portion of their regular assessments that contributes to growth in the reserve ratio between 1.15 percent and 1.35 percent. Credits will be automatically applied to these small banks’ assessments when the reserve ratio is at or above 1.38 percent. that were not members of the Federal Reserve System (generally referred to as “state nonmember” institutions). Through risk management (safety and soundness), consumer compliance and the Community Reinvestment Act (CRA), and other specialty examinations, the FDIC assesses an institution’s operating condition, management practices and policies, and compliance with applicable laws and regulations. As of December 31, 2017, the FDIC conducted 1,611 statutorily required risk management examinations, including a review of Bank Secrecy Act (BSA) compliance, and all required followup examinations for FDIC-supervised problem institutions, within prescribed time frames. The FDIC also conducted 1,168 statutorily required CRA/ compliance examinations (770 joint CRA/compliance examinations, 393 compliance-only examinations, and 5 CRA-only examinations). In addition, the FDIC performed 3,614 specialty examinations (which include reviews for BSA compliance) within prescribed time frames. The table on the following page compares the number of examinations by type, conducted from 2015 through 2017. SUPERVISION Risk Management Supervision and consumer protection are cornerstones of the FDIC’s efforts to ensure the stability of, and public confidence in, the nation’s financial system. The FDIC’s supervision program promotes the safety and soundness of FDIC-supervised financial institutions, protects consumers’ rights, and promotes community investment initiatives. All risk management examinations have been conducted in accordance with statutorily- established time frames. As of September 30, 2017, 104 insured institutions with total assets of $16.0 billion were designated as problem institutions for safety and soundness purposes (defined as those institutions having a composite CAMELS1 rating of 4 or 5), compared to the 132 problem institutions with total assets of $24.9 billion on September 30, 2016. This is a 21 percent decline in the number of problem institutions and a 36 percent decrease in problem institution assets. For the 12 months ended September 30, 2017, 47 institutions with aggregate assets of $15.3 billion were removed from the list of Examination Program The FDIC’s strong bank examination program is the core of its supervisory program. As of December 31, 2017, the FDIC was the primary federal regulator for 3,636 FDIC-insured, state-chartered institutions The CAMELS composite rating represents the adequacy of Capital, the quality of Assets, the capability of Management, the quality and level of Earnings, the adequacy of Liquidity, and the Sensitivity to market risk, and ranges from “1” (strongest) to “5” (weakest). 1 24 M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 FDIC EXAMINATIONS 2015-2017 2017 2016 2015 1,440 1,563 1,665 171 164 206 State Member Banks 0 0 0 Savings Associations 0 0 0 National Banks 0 0 0 1,611 1,727 1,871 Compliance/Community Reinvestment Act 770 709 859 Compliance-only 393 594 478 5 8 10 1,168 1,311 1,347 347 351 365 Information Technology and Operations 1,627 1,742 1,886 Bank Secrecy Act 1,640 1,761 1,906 Subtotal – Specialty Examinations 3,614 3,854 4,157 TOTAL 6,393 6,892 7,375 Risk Management (Safety and Soundness): State Nonmember Banks Savings Banks Subtotal – Risk Management Examinations CRA/Compliance Examinations: CRA-only Subtotal – CRA/Compliance Examinations Specialty Examinations: Trust Departments problem financial institutions, while 19 institutions with aggregate assets of $7.6 billion were added to the list. The FDIC is the primary federal regulator for 72 of the 104 problem institutions, with total assets of $11.6 billion. In 2017, the FDIC’s Division of Risk Management Supervision (RMS) initiated 134 formal enforcement actions and 152 informal enforcement actions. Enforcement actions against institutions included, but were not limited to, 13 actions under Section 8(b) of the Federal Deposit Insurance Act (FDI Act )(all of which were consent orders), and 103 memoranda of understanding (MOUs). Of these enforcement actions against institutions, three consent orders, and 14 MOUs were based, in whole or in part, on apparent violations of BSA and anti-money laundering (AML) laws and regulations. In addition, enforcement actions were also initiated against individuals. These actions included, but were not limited to, 65 removal and prohibition actions under Section 8(e) of the FDI Act (58 consent orders and seven notices of intention to remove/prohibit), nine actions under Section 8(b) of the FDI Act (one order to pay restitution and 8 personal cease and desist orders and 25 civil money penalties (CMPs) (22 orders to pay and 3 notices of assessment). The FDIC continues to focus on forward-looking supervision by assessing risk management practices during the examination process to ensure that risks are mitigated before they lead to financial deterioration. Compliance As of December 31, 2017, 37 insured state nonmember institutions, about 1 percent of all supervised institutions, with total assets of $58 billion, were problem institutions for compliance, CRA, or M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 25 ANNUAL REPORT both. All of the problem institutions for compliance were rated “4” for compliance purposes, with none rated “5.” For CRA purposes, the majority were rated “Needs to Improve,” and only two were rated “Substantial Noncompliance.” As of December 31, 2017, all follow-up examinations for problem institutions were performed on schedule. As of December 31, 2017, the FDIC conducted all required compliance and CRA examinations and, when violations were identified, completed followup visits and implemented appropriate enforcement actions in accordance with FDIC policy. In completing these activities, the FDIC substantially met its internally-established time standards for the issuance of final examination reports and enforcement actions. Overall, banks demonstrated strong consumer compliance programs. The most significant consumer protection issue that emerged from the 2017 compliance examinations involved banks’ failure to adequately monitor third-party vendors. For example, the FDIC found violations involving unfair or deceptive acts or practices relating to issues such as failure to disclose material information about product features and limitations, deceptive marketing and sales practices, and misrepresentations about the costs of products. As a result, the FDIC issued orders requiring the payment of CMPs. As of December 31, 2017, the FDIC’s Division of Depositor and Consumer Protection (DCP) initiated 26 formal enforcement actions and 22 informal enforcement actions to address compliance concerns. This included three restitution orders, one consent order, 20 CMPs, two Notices of Assessment, and 22 MOUs. Restitution orders are formal actions that require institutions to pay restitution in the form of consumer refunds for different violations of law. In 2017, these orders required the payment of approximately $3 million to harmed consumers. As of December 31, 2017, the CMP orders totaled $619,884. 26 Large Bank Supervision Program The FDIC established the Large Bank Supervision Branch within RMS to address the growing complexity of large banking organizations with assets exceeding $10 billion and not assigned to the Complex Financial Institution Group (CFI). This branch is responsible for supervisory oversight, ongoing monitoring, and resolution planning, while supporting the insurance business line. For state nonmember banks with assets exceeding $10 billion, the FDIC generally applies a continuous examination program, whereby dedicated staff conducts ongoing on-site supervisory examinations and institution monitoring. At institutions where the FDIC is not the primary federal regulator, the FDIC has dedicated on-site examination staff at select banks, working closely with other financial institution regulatory authorities to identify emerging risks and assess the overall risk profile of large institutions. The Large Insured Depository Institution (LIDI) Program remains the primary instrument for offsite monitoring of IDIs with $10 billion or more in total assets not assigned to CFI. The LIDI Program provides a comprehensive process to standardize data capture and reporting through nationwide quantitative and qualitative risk analysis of large and complex institutions. In 2017, the LIDI Program covered 101 institutions with total assets of $5.7 trillion. The comprehensive LIDI Program supports effective large bank supervision by using individual institution information to best deploy resources to high-risk areas, determining the need for supervisory action, and supporting insurance assessments and resolution planning. The Shared National Credit (SNC) Program is an interagency initiative administered jointly by the FDIC, OCC, and FRB to ensure consistency in the regulatory review of large, syndicated credits, as well as identify risk in this market, which comprises a large volume of domestic commercial lending. In 2017, outstanding credit commitments identified in the SNC Program totaled $4.4 trillion. The FDIC, OCC, and FRB issued a joint M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 press release detailing the results of the review in August 2017. The latest review showed the level of adversely rated assets remained higher than in previous periods of economic expansion, raising the concern that future losses and problem loans could rise considerably in the next credit cycle. The high level of credit risk observed during the recent SNC examination stems from leveraged borrowers, as well as distressed borrowers in the oil and gas sector or other industry sector borrowers exhibiting excessive leverage. Notwithstanding the riskiness of the existing portfolio, the agencies noted improved underwriting and risk management practices related to the most recent leveraged loan originations, as underwriters continued to better align practices with regulatory expectations and as investor risk appetite moderated away from transactions at the lower end of the credit spectrum. The agencies still identified several common weaknesses in leveraged lending underwriting including ineffective covenants, liberal repayment terms, and incremental debt provisions. Sales Practices Review Significant resources were allocated in 2017 to assess the retail sales practices of the large institutions. Initiatives included coordination with the OCC, FRB and Consumer Financial Protection Bureau (CFPB), in reviewing practices at the largest institutions and conducting a horizontal review of sales practices at 17 large FDIC-supervised institutions. The examinations did not find systemic problems in opening accounts without customer consent; however, institutions need to improve their risk management processes to better mitigate and identify potential sales practice weaknesses. IT Examinations The FDIC examines information technology (IT), including information security, at each risk management examination. Examiners assign an IT rating using the Federal Financial Institutions Examination Council’s (FFIEC) Uniform Rating System for Information Technology (URSIT), and the IT rating is incorporated into the management component of the CAMELS rating, in accordance with the FFIEC’s Uniform Financial Institution Rating System (UFIRS). The FDIC continued to enhance its IT supervision in 2017. For example, examiners used the Information Technology Risk Examination Program (InTREx) in examinations of FDIC-supervised financial institutions. InTREx is an examiner work program introduced in 2016 that provides more efficient and risk-focused examination procedures. InTREx includes a cybersecurity preparedness assessment and provides more detailed examination results to institutions to help ensure management promptly identifies and addresses IT and cybersecurity risks. The FDIC also conducted a July webinar with other FFIEC members to provide financial institutions information on updates to the FFIEC’s Cybersecurity Assessment Tool (CAT). These updates provide institutions the ability to account for compensating controls used to achieve certain cybersecurity control objectives. The webinar provided financial institutions the opportunity to share their comments and questions with senior FFIEC staff and also to hear about updates to the FFIEC IT Examination Handbook. The FDIC, OCC, and FRB also examine IT and other operational components of service providers that support financial institutions. During 2017, the agencies implemented a new cybersecurity examination work program to identify and assess risk at service providers of all sizes, and conducted an interconnectivity risk horizontal review of the most significant service providers. The FDIC continues to actively engage with both the public and private sectors to assess cybersecurity and other operational risk issues to protect the financial institutions that the FDIC supervises. This work includes engaging with the Financial and Banking Information Infrastructure Committee (FBIIC), the Financial Services Sector Coordinating Council for Critical Infrastructure Protection, the Department of Homeland Security, the Financial Services Information Sharing and Analysis Center, other M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 27 ANNUAL REPORT regulatory agencies, and law enforcement to share information regarding emerging issues and coordinate responses. The FDIC played a significant role in organizing FBIIC incident management communication related to the financial services sector in areas affected by hurricanes Harvey, Irma, and Maria. The FDIC also actively participated in FBIIC working groups to better understand the financial sector’s vulnerability to a cybersecurity incident and consider ways to harmonize cybersecurity supervisory efforts. Cyber Fraud and Financial Crimes The FDIC has undertaken a number of initiatives in 2017 to protect the banking industry from criminal financial activities. These efforts include improving and automating the FDIC’s background investigations for banking applications, leading financial crimesrelated training programs, and assisting financial institutions in identifying and shutting down “phishing” websites that attempt to fraudulently obtain an individual’s confidential personal or financial information. In support of these efforts an article entitled “10 Scams Targeting Bank Customers: The Basics on How to Protect Yourself ” (Summer 2017) was published in the FDIC’s Consumer News. Bank Secrecy Act/Anti-Money Laundering In 2017, as a member of the Anti-Money Laundering and Countering the Financing of Terrorism (AML/ CFT) Expert Group, the FDIC contributed to the update of correspondent banking guidance issued by the Basel Committee on Bank Supervision. The FDIC also worked with domestic and international regulators and bankers to consider input regarding customer due diligence and beneficial ownership guidance and procedures that will coincide with the implementation of related regulations. In addition, the FDIC coordinated with the other FFIEC members to initiate revisions to the FFIEC BSA/AML Examination Manual by contacting various banking 28 trade associations for their comments and suggestions to improve the manual’s content. The Summer 2017 issue of the Supervisory Insights Journal included an article focused on the FDIC’s BSA/AML supervision program. The article discussed trends in supervision and enforcement, and included examples of rare, but significant failures identified by FDIC examiners in BSA/AML compliance programs. The article provided examiners and bankers with perspective on BSA/AML examinations and risk. Examiner Training and Development Examiner training continued to receive high priority and attention in 2017 on multiple fronts. The FDIC strives to deliver effective and efficient training that includes a variety of delivery methods including onthe-job, classroom, and computer-based instruction to all learners. A cadre of highly trained and highly skilled instructors facilitates classroom learning provided to regulatory partners from international and state agencies along with FDIC examination staff. Oversight of the training program is provided by senior and mid-level management to ensure that content and delivery are effective, appropriate, and current. Working in collaboration with partners across the organization and with the FFIEC, the FDIC strives to be agile so that emerging risks and topics are incorporated and conveyed timely. Examination staff at all levels benefit from targeted and tenure-appropriate content. No less relevant to the formal training program, peer-to-peer knowledge transfer is critical to ensure that institutional knowledge and experience is preserved. The FDIC has undertaken a multi-year project to expand and strengthen its examiner development programs for specialty examinations, such as IT, BSA/ AML, trust, capital markets, and accounting. As banks become more specialized, enhancing examiner skills in these areas is key to ensuring an effective examination program. The goal of this project is to standardize the skills needed to examine banks of varying levels of risk and complexity in each specialty area, and then to develop on-the-job training M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 programs to provide opportunities for examiners to acquire higher level competencies in these specialty areas. In 2017, the FDIC validated competency models in the accounting and IT areas, and made progress in developing specialty on-the-job training programs in BSA/AML, trust, and IT. Minority Depository Institution Activities The preservation of minority depository institutions (MDI) remains a high priority for the FDIC. In 2017, the FDIC continued to support MDI and Community Development Financial Institution (CDFI) industry-led strategies for success. These strategies include increasing collaboration between MDI and CDFI bankers; partnering to share costs, raise capital, or pool loans; and making innovative use of federal programs. The FDIC supports this effort by providing technical assistance to MDI and CDFI bankers. In December 2017, the FDIC published a Financial Institution Letter (FIL) to encourage collaboration among MDIs and between MDIs and other institutions. This publication describes some of the ways that financial institutions, including community banks, can partner with MDIs to the benefit of all institutions involved, as well as the communities they serve. Both community banks and larger insured financial institutions have valuable incentives under the CRA to undertake ventures with MDIs, including capital investment and loan participations. In February 2017, the federal banking agencies cosponsored a two-day conference titled, “Expanding the Impact: Increasing Capacity and Influence,” for approximately 110 bankers from more than 70 MDIs around the country. Key topics discussed at the conference included strategic planning and succession management, banking and innovation, and enhancing capacity through collaboration. Bankers provided very positive feedback on the conference, which was held in Los Angeles, where there is a significant concentration of MDIs. The conference featured an interactive panel with FDIC Chairman Martin J. Gruenberg, Federal Reserve Board Governor Jerome H. Powell, and former Comptroller of the Currency Thomas J. Curry. Also, in 2017, the FDIC updated the information in its 2014 research study that captures the impact of structural changes on the assets controlled by MDIs. Between 2002 and 2016, the number of voluntary mergers (72) was nearly twice the number of failures (39). Among MDIs that voluntarily merged or consolidated during that same period, 54 percent of the institutions and 76 percent of total assets were acquired by another MDI. Among MDIs that failed between 2002 and 2016, 38 percent of the institutions and 86 percent of total assets were acquired by another MDI. Although the rate of acquisition by another MDI was higher for voluntary mergers than for failures, the FDIC demonstrated its commitment to the statutory goal of preserving the minority character in mergers and acquisitions and providing technical assistance to help prevent insolvency. In the event of a potential MDI failure, the FDIC contacts all MDIs nationwide that qualify to bid on failing institutions. The FDIC solicits qualified MDIs’ interest in the failing institution, discusses the bidding process, and provides technical assistance regarding completion of bid forms. The FDIC continuously pursued efforts to improve communication and interaction with MDIs and to respond to the concerns of minority bankers in 2017. The FDIC maintains active outreach with MDI trade groups and offers to arrange annual meetings between FDIC regional management and each MDI’s board of directors to discuss issues of interest. The FDIC routinely contacts MDIs to offer return visits and technical assistance following the conclusion of FDIC safety and soundness, compliance, CRA, and specialty examinations to assist bank management in understanding and implementing examination recommendations. These return visits, normally conducted within 90 to 120 days after the examination, are intended to provide useful recommendations or feedback for improving operations, not to identify new issues. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 29 ANNUAL REPORT The FDIC’s website also encourages and provides contact information for any MDI to request technical assistance at any time. In 2017, the FDIC provided 211 individual technical assistance sessions on approximately 60 risk management and compliance topics, including: ♦♦ ♦♦ ♦♦ ♦♦ ♦♦ ♦♦ ♦♦ ♦♦ ♦♦ ♦♦ ♦♦ ♦♦ accounting; Bank Secrecy Act and Anti-Money Laundering; brokered deposits/waivers; capital planning; Community Reinvestment Act; compliance management systems; funding and liquidity; information technology risk management and cybersecurity; loan underwriting and administration; mortgage lending rules; troubled debt restructuring; and succession planning. The FDIC also held outreach, training, and educational programs for MDIs through conference calls and regional banker roundtables. In 2017, topics of discussion for these sessions included many of those listed above, as well as MDI research, strategic planning, new products and services, BSA training, cybersecurity, and liquidity risk. SUPERVISION POLICY The goal of supervision policy is to provide clear, consistent, meaningful, and timely guidance to financial institutions. Interest-Rate Risk, Credit Risk, and Liquidity Risk As the post-crisis economic expansion has progressed, there has been a resumption of loan growth in the banking industry. Institutions with concentrated portfolios are experiencing more rapid loan growth than the rest of the industry. At some banks, loan 30 growth has been accompanied by a reduction in holdings of liquid assets and increased reliance on funding sources other than stable core deposits. These trends have the potential to give rise to heightened credit risk and liquidity risk. In addition, an extended period of historically low interest rates and tightening net interest margins has created incentives for IDIs to reach for yield in their lending and investment portfolios by extending portfolio durations, potentially increasing their vulnerability to interestrate risk. Through regular on-site examinations and interim contacts with state nonmember institutions, FDIC staff regularly engages in dialogue with banks to ensure that their policies to manage credit risk, liquidity risk, and interest-rate risk are effective. Where appropriate, FDIC staff works with institutions that have significant exposure to these risks and encourages them to take appropriate riskmitigating steps. The FDIC uses off-site monitoring to help identify institutions that are potentially more exposed to these risks and follows up with individual institutions to better understand their risk profiles. Outreach and technical assistance efforts on these risk issues during 2017 included articles in the FDIC’s Supervisory Insights publication on credit risk trends and on the management of liquidity risk. The FDIC joined with the other federal banking agencies to host an interagency teleconference on November 6, 2017, with banks from around the country, regarding the management of liquidity risk. Additionally, FDIC examiners now devote additional attention during the examination process to assessing how well banks are managing the risks associated with concentrated credit exposures and concentrated funding sources. The findings of these assessments are shared with bank management in the report of examination. Other Guidance Issued Model Risk Management In June 2017, the FDIC adopted the Supervisory Guidance on Model Risk Management (MRM) M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 previously issued by the FRB and OCC. In recent years, many FDIC-supervised institutions have increased their reliance on models. The FDIC adopted the MRM guidance to facilitate consistent understanding of model risk management principles across the banking agencies and industry. The MRM guidance indicates that an effective model risk management framework may include: disciplined and knowledgeable model development that is well documented and conceptually sound; controls and processes to ensure proper implementation and appropriate use; effective validation processes; and strong governance, policies, and controls. The FDIC does not expect that the MRM guidance will pertain to FDIC-supervised institutions with total assets under $1 billion unless the institution’s model use is significant, complex, or poses elevated risk to the institution. Responses to Major Hurricanes The FDIC took a number of steps to address the aftermath of hurricanes Harvey, Irma, and Maria, and their effects on banking services by issuing a series of press releases and FILs, waiving certain regulatory requirements, and releasing interagency supervisory guidance. These included: ♦♦ Federal and State Banking Agencies Issue Statement on Supervisory Practices Regarding Financial Institutions and Borrowers Affected by Hurricane Harvey (PR-64-2017); ♦♦ Meeting the Financial Needs of Customers Affected by Hurricane Harvey and its Aftermath (FIL-38-2017); ♦♦ Federal and State Banking Agencies Issue Statement on Supervisory Practices Regarding Financial Institutions and Borrowers Affected by Hurricane Irma (PR-69-2017); ♦♦ Meeting the Financial Needs of Customers Affected by Hurricane Irma and its Aftermath (FIL-43-2017); and ♦♦ Guidance to Help Financial Institutions and Facilitate Recovery in Areas Affected by Hurricane Maria (FIL-46-2017). Temporary Exceptions to Appraisal Requirements On October 24, 2017, the FDIC, together with the FRB, OCC and NCUA, published an order in the Federal Register pursuant to their authority under Section 1123 of the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA) to make exceptions to FIRREA’s appraisal requirements for transactions involving real property located in a disaster area. The order exempts institutions from the appraisal requirements under FIRREA and its implementing regulations for any real estaterelated financial transaction requiring the services of an appraiser, provided that: (1) the transaction involves real property located in an area of a state or territory that has been declared a major disaster by the President as a result of severe storms and flooding related to Hurricanes Harvey, Irma, or Maria; (2) there is a binding commitment to fund a transaction that was entered into on or after the date of each such declaration; and (3) the value of the real property supports the institution’s decision to enter into the transaction. A financial institution that relies on the order should maintain sufficient information in the loan file estimating the collateral’s value to support the institution’s credit decision. The FDIC will monitor institutions that rely on the order to ensure real estate-related transactions are being originated in a manner consistent with safe and sound banking practices. The order expires three years after the date each state or territory was declared a major disaster. Interagency Supervisory Examiner Guidance for Institutions Affected by a Major Disaster The FDIC, in conjunction with the FRB, OCC, and NCUA, published supervisory examiner guidance for institutions affected by a disaster that results in a Presidential declaration of a major disaster, as defined by the Stafford Act. The guidance describes M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 31 ANNUAL REPORT examination procedures for institutions directly affected by a major disaster, including institutions that may be located outside the area declared a major disaster, but have loans or investments to individuals or entities located in the area declared a major disaster. The guidance describes expectations that examiners should have regarding how management at affected institutions conduct initial risk assessments and refine such assessments as more complete information becomes available and recovery efforts proceed. Examiners should consider the extent to which weaknesses in an institution’s financial condition are caused by external problems related to the major disaster and its aftermath. During 2017, the FDIC also issued seven FILs providing guidance to help financial institutions, and to facilitate recovery in areas affected by tornadoes, flooding, straight-line winds, landslides, mudslides, and other disasters. Risk Management Manual of Examination Policies On July 26, 2017, the FDIC issued FIL-31-2017 to inform the industry that the FDIC Risk Management Manual of Examination Policies (Examination Manual) was updated to incorporate guidance from the FDIC Board to examiners regarding supervisory recommendations, including matters requiring board attention (MRBA). The updated Examination Manual is available on the FDIC’s website. FINANCIAL TECHNOLOGY The FDIC has established a steering committee to monitor Financial Technology (Fintech) developments, and to better understand and assess the various dimensions within the program. The Committee is comprised of the Directors of the Division of Risk Management Supervision, Division of Depositor and Consumer Protection, Division of Insurance and Research, Division of Resolutions and Receiverships, and the Office of Complex Financial Institutions, as well as the General Counsel, Chief Risk Officer, and Chief Information Officer (CIO). 32 In 2017, the Fintech Steering Committee established the following objectives: ♦♦ Comprehend, assess, and monitor the current Fintech activities, risks, and trends; ♦♦ Evaluate the projected impact to the banking system, the deposit insurance system, effective regulatory oversight, economic inclusion, and consumer protection; ♦♦ Oversee internal working groups monitoring particular aspects of Fintech; ♦♦ Recommend follow-up actions, as appropriate, and monitor implementation; and ♦♦ Help formulate strategies to respond to opportunities and challenges presented by Fintech, and to ensure developments align with regulatory goals. The Fintech Steering Committee has established internal interdivisional working groups to focus on various Fintech topics, including marketplace lending, mobile and virtual deposit services, digital payments, artificial intelligence and machine learning, distributed ledger technology and smart contracts, and digital tokens. Center for Financial Research The FDIC’s Center for Financial Research (CFR) encourages and supports innovative research on topics that are important to the FDIC’s roles as deposit insurer and bank supervisor. Research from CFR staff was accepted during the year for publication in leading banking, finance, and economics journals, and was presented at banking and finance seminars at major conferences, regulatory institutions, and universities. In 2017, the CFR and the Journal of Financial Services Research jointly sponsored the 17th Annual Bank Research Conference. The conference organizers received more than 450 submissions for the 20 available presentation slots. CFR researchers also produced a number of new working papers in 2017. In addition, the CFR analyzed responses to the Small Business Lending Survey, and analysis and results M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 were discussed at the Community Bank Advisory Committee meeting in late 2017. A report of the survey’s findings will be published in 2018. COMMUNITY BANKING INITIATIVES Community banks provide traditional, relationshipbased banking services in their local communities. As defined in FDIC research, community banks comprised 92 percent of all FDIC-insured institutions as of September 2017. While they hold just 13 percent of banking industry assets, community banks are of critical importance to the U.S. economy and local communities across the nation. Community banks hold 43 percent of the industry’s small loans to farms and businesses, making them the lifeline to entrepreneurs and small enterprises of all types. They also hold the majority of bank deposits in U.S. rural counties and micropolitan counties with populations up to 50,000. In fact, as of June 2017, community banks held more than 75 percent of deposits in almost 1,200 U.S. counties. In 625 of these counties, the only banking offices available to consumers were those operated by community banks. The FDIC is the primary federal supervisor for the majority of community banks, in addition to being the insurer of deposits held by all U.S. banks and thrifts. Accordingly, the FDIC has a particular responsibility for the safety and soundness of community banks and for communicating the role they play in the banking system. In 2012, the FDIC launched a Community Banking Initiative focused on publishing new research on issues of importance to community banks and providing resources that will be useful to their efforts to manage risks, enhance the expertise of their staff, and better understand changes in the regulatory environment. Community Banking Research The FDIC continues to pursue an agenda of research and outreach focused on community banking issues. Since the 2012 publication of the FDIC Community Banking Study, FDIC researchers have published more than a dozen additional studies on topics ranging from small business financing to the factors that have driven industry consolidation over the past 30 years. The Community Bank Performance Section of the FDIC Quarterly Banking Profile (QBP), first introduced in 2014, continues to provide a detailed statistical picture of the community banking sector that can be accessed by analysts, other regulators, and bankers themselves. The most recent report shows that net income at community banks continued to grow at a healthy annual rate through September 2017, despite the headwinds associated with narrow net interest margins. The long-term trend of consolidation continues at both community and noncommunity banks. However, this trend has done little to diminish the role of community banks in the banking industry. More than two-thirds of the community banks that merged in 2017 were acquired by other community banks. On a merger-adjusted basis, loan growth at community banks exceeded growth at noncommunity banks in every year between 2012 and 2016. (See Chart 1 on page 35.) On this same basis, the number of banking offices operated by community banks increased slightly in the year ending in June 2017, while offices operated by noncommunity banks declined. (See Chart 2 on page 35.) Community Bank Advisory Committee The FDIC’s Advisory Committee on Community Banking is an ongoing forum for discussing current issues and receiving valuable feedback from the industry. The committee, which met three times during 2017, is composed of chief executive officers of 13 community banks from around the country. It is a valuable resource for input on a wide variety of topics, including examination policies and procedures, capital and other supervisory issues, credit and lending practices, deposit insurance assessments and coverage, and regulatory compliance issues. At the June 2017 meeting, the Division of Insurance and Research M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 33 ANNUAL REPORT Community Bank Advisory Committee. (DIR) presented a range of performance and growth comparisons between community and noncommunity banks dating back to 2006. These results showed that merger-adjusted total loan growth at community banks exceeded 8 percent in 2014, 2015, and 2016, outpacing nominal U.S. Gross Domestic Product growth in all three years. De Novo Banks The FDIC continued multiple initiatives in fulfilling its commitment to working with, and providing support to, any group with interest in starting a bank. In general, these initiatives focused on reviewing and, as appropriate, updating the processes, procedures, and management systems by which the FDIC receives, reviews, and acts on applications. Key elements of these initiatives with respect to deposit insurance applications included completing outreach meetings, issuing a handbook for organizers, and issuing updated procedures. Specifically, the FDIC has: 34 ♦♦ Continued to hold industry outreach meetings, which began in 2016. The meetings were designed to ensure industry participants are well informed about the FDIC’s application process and are aware of the tools and resources available to assist organizing groups. Outreach meetings have been held in each FDIC Regional Office. ♦♦ Issued in final form a publication entitled, “Applying for Deposit Insurance – A Handbook for Organizers of De Novo Institutions.” The handbook was issued for public comment in December 2016 to help organizers become familiar with the deposit insurance application process and to describe the path to obtaining deposit insurance. This publication serves as a guide for organizing groups and incorporates lessons shared by organizing officials of de novo institutions during the FDIC’s outreach events. The publication also addresses the timeframes within which applicants may expect communication from the FDIC regarding the application review process. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 CHART 1: COMMUNITY BANK LOAN GROWTH HAS EXCEEDED GROWTH AT NONCOMMUNITY BANKS FOR FIVE CONSECUTIVE YEARS Merger Adjusted Annual Growth in Total Loans and Leases 15% 15 11.2% 10% 10 9.5% 9.3% 9.0% 8.6% 8.6% 7.0% 6.0% 5.0% 5%5 2.1% 0%0 -0.3% 4.7% 4.8% 2.1% -0.9% -2.1% -5% -5 2.0% 3.4% 2.9% 8.3% -2.3% Community Banks Noncommunity Banks -10% -10 -8.9% 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 Source: FDIC CHART 2: PERCENT GROWTH IN TOTAL BANKING OFFICES June 2015-June 2016 1.0 0.5 +0.2% 0.0 -0.5 -1.0 -1.5 -2.0 -2.5 -2.3% -3.0 Community Banks Noncommunity Banks Source: FDIC. All calculations are merger adjusted. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 35 ANNUAL REPORT ♦♦ Issued an updated deposit insurance procedures manual for public comment. The manual provides comprehensive guidance to staff regarding the deposit insurance application process and addresses topics such as pre-filing activities, application review and acceptance, application processing, pre-opening activities, and post-opening considerations, among other important items. Technical Assistance Program As part of the Community Banking Initiative, the FDIC continued to provide a robust technical assistance program for bank directors, officers, and employees. The technical assistance program includes Directors’ College events held across the country, industry teleconferences and webinars, and a video program. In 2017, the FDIC hosted Directors’ College events in each of its six regions. These events were typically conducted jointly with state trade associations and addressed issues such as corporate governance, regulatory capital, community banking, concentrations management, consumer protection, BSA, and interest-rate risk, among other topics. The FDIC offers a series of banker events, intended to maintain open lines of communication and to keep bank management and staff up-to-date on important banking regulatory and emerging issues of interest to community bankers. In 2017, the FDIC offered 15 teleconferences or webinars focused on the following topics: ♦♦ Home Mortgage Disclosure Act (HMDA) Implementation; ♦♦ Understanding your Reasonably Expected Market Area (REMA) and CRA Assessment Area; ♦♦ CRA Best Practices for Addressing Identified Weaknesses and Documenting Community Development Activities; ♦♦ Small Business Resources for Community Banks; ♦♦ Financial Education and Financial Empowerment Resources that Support People with Disabilities; 36 ♦♦ Affordable Mortgage Lending; ♦♦ Liquidity and Funding Risk Management; ♦♦ Proposed Simplifications to the Capital Rule Pursuant to the Economic Growth and Regulatory Paperwork Reduction Act of 1996; ♦♦ Revisions to the Consolidated Reports of Condition and Income (Call Report); ♦♦ Current Expected Credit Losses (CECL) Methodology; and ♦♦ An update on Risk Management – Bank Secrecy Act. In November 2017, the FDIC participated in an interagency webinar focused on fair lending hot topics. Additionally, the FDIC offered three deposit insurance coverage seminars for bank officers and employees in 2017. These free seminars, which were offered nationwide, particularly benefitted smaller institutions that have limited training resources. The FDIC also released three deposit insurance seminar training videos on the FDIC’s website and YouTube channel. Economic Growth and Regulatory Paperwork Reduction Act In March 2017, the FFIEC submitted a report to Congress pursuant to the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA). The report was prepared by the federal banking agencies and NCUA. Under EGRPRA, the federal banking agencies and the FFIEC are directed to conduct a joint review of regulations every ten years to determine whether any of those regulations are outdated or unnecessary. Over the course of two years, the agencies published a series of Federal Register notices, providing industry participants, consumer and community groups, and other interested parties an opportunity to identify regulatory requirements they believe are no longer needed or should be modified. The agencies also held six public outreach meetings across the country to provide an opportunity for bankers, consumer and community groups, and other interested persons to M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 present their views on any of the regulations subject to EGRPRA review. A total of 234 comment letters were received directly in response to the Federal Register notices, as well as additional oral and written comments from panelists and the public at the outreach meetings. These comments formed the basis of the report that was submitted to Congress in March 2017. The EGRPRA report described actions the agencies had already taken to address comments received during the EGRPRA process as well as actions the agencies planned to take in the future. During 2017, the FDIC along with the other FFIEC member agencies, worked together to reduce burden in the following significant areas raised during the EGRPRA reviews: ♦♦ Community Bank Call Report During 2017, the FDIC and the other members of the FFIEC continued their initiative, launched in December 2014, to identify potential opportunities to reduce the burden associated with Call Report requirements for community banks. Effective as of the March 31, 2017 report date, a new streamlined FFIEC 051 Call Report was implemented for eligible small institutions. In general, eligible small institutions are institutions with domestic offices only and total assets of less than $1 billion. This new report removed approximately 950, or about 40 percent, of the nearly 2,400 data items that had been included in the FFIEC 041 Call Report applicable to all institutions with domestic offices only, and reduced the reporting frequency for approximately 100 additional data items. An eligible small institution is not required to file the FFIEC 051 report, but has the option to continue filing the FFIEC 041 report. Of the approximately 5,000 eligible small institutions, more than 70 percent have elected to submit the FFIEC 051 report. Certain burden-reducing changes also were made to the existing FFIEC 031 Call Report for institutions with domestic and foreign offices and the FFIEC 041 report effective March 31, 2017. On June 27, 2017, and on November 8, 2017, the banking agencies proposed additional burden-reducing revisions to all three versions of the Call Report. On January 3, 2018, the FFIEC announced the finalization of the June 2017 proposal. These proposals resulted from the FFIEC’s ongoing efforts to ease reporting requirements and lessen reporting burden that are focused on, but not limited to, small institutions. These revisions are scheduled to take effect June 30, 2018. ♦♦ Advisory on the Availability of Appraisers The FDIC, FRB, OCC, and NCUA issued an advisory that discusses two existing methods that may address appraiser shortages, particularly in rural areas: temporary practice permits and temporary waivers. The advisory addresses concerns raised pursuant to the EGRPRA review process. The first method, temporary practice permits, may be granted by state appraiser regulatory agencies to allow credentialed appraisers to provide their services in states experiencing a shortage of appraisers, subject to state law. Reciprocity is a widely used practice in which one state recognizes the appraiser certification and licensing of another state, permitting statecertified and -licensed appraisers to perform appraisals across state lines. The second method, temporary waivers, sets aside requirements relating to the certification or licensing of individuals to perform appraisals under Title XI of FIRREA in states or geographic political subdivisions while there is a scarcity of certified or licensed appraisers that has caused significant delays in performing appraisals. Authority to grant temporary waiver requests rests with the Appraisal Subcommittee, and is subject to FFIEC approval. To further communicate about the availability of the waiver process and get a deeper understanding of rural appraisal issues, the Conference of State Bank Supervisors organization arranged six roundtables between federal banking regulators, state commissioners M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 37 ANNUAL REPORT and rural community bankers. Roundtables were held in Michigan, Tennessee, Wyoming, North Dakota, South Dakota, and Montana. ♦♦ Commercial Real Estate Appraisal Threshold The FDIC, FRB, and OCC jointly issued an Notice of Proposed Rulemaking (NPR) entitled Real Estate Appraisals that was published in the Federal Register for a 60-day comment period, which ended on September 29, 2017. The NPR creates a new definition of, and separate category for, commercial real estate (CRE) transactions and proposes to increase the current appraisal threshold for CRE transactions from $250,000 to $400,000. For CRE transactions at or below the proposed threshold, the interagency appraisal regulations require financial institutions to obtain an appropriate evaluation of the real property collateral that is consistent with safe and sound banking practices, but such an evaluation does not need to be performed by a licensed or certified appraiser or meet the other Title XI appraisal standards. The agencies are in the process of reviewing the comments. ♦♦ Expanded Examination Cycle The FDIC, FRB, and OCC jointly adopted as final – and without change – the interim final rules that expanded the examination cycle for certain small IDIs and U.S. branches and agencies of foreign banks. The final rules were published in the Federal Register on December 16, 2016. Section 83001 of the Fixing America’s Surface Transportation Act raised the threshold for the 18-month examination cycle from less than $500 million to less than $1 billion for certain well-capitalized and well-managed IDIs with an “outstanding” composite condition, and gave the agencies discretion to similarly raise this threshold for certain IDIs with an “outstanding” or “good” composite condition. The agencies exercised this discretion and issued an interim final rule that, in general, makes qualifying IDIs with less than $1 billion in total assets eligible for an 18-month (rather than a 12-month) 38 examination cycle. The rules allow IDIs with up to $1 billion in total assets, and that meet certain other criteria, to qualify for an 18-month on-site examination cycle. To qualify, IDIs must have a CAMELS composite rating of “1” or “2,” must be well-capitalized, well-managed, must not be subject to a formal enforcement proceeding, and must not have undergone any change in control during the previous 12-month period. The rule also applies to qualifying U.S. branches or agencies of a foreign bank. As a result of this new rule, the FDIC rescinded and removed a transferred Office of Thrift Supervision (OTS) Regulation, 12 CFR 390.351, Frequency of Safety and Soundness Examinations, because it was redundant. Since BSA compliance programs are typically reviewed during safety and soundness examinations, institutions with assets between $500 million and $1 billion that are now eligible for a safety and soundness examination every 18-months will also generally be subject to less frequent BSA reviews. ♦♦ Extension of Capital Rule Transitions In August 2017, the FDIC, FRB, and OCC proposed revisions to the regulatory capital rules to pause the phase-in of certain regulatory capital adjustments and deductions that are part of the Basel III capital standard. Specifically, the agencies proposed to maintain on an ongoing basis the transition treatment effective for calendar year 2017 for items subject to the 10 and 15 percent common equity tier one capital deduction thresholds, and surplus minority interest. The proposal applied to all nonadvanced approaches banking organizations that are subject to the risk-based capital rules. The federal banking agencies finalized the proposed rule in November 2017. ♦♦ EGRPRA Capital Proposal In September 2017, the FDIC issued an NPR addressing industry feedback regarding M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 simplification of the capital rules for small banks generally, and to clarify the existing definition of high-volatility commercial real estate. In addition, the proposed simplifications include changes to the regulatory capital treatment of mortgage servicing assets, deferred tax assets, investments in the capital instruments of other financial institutions, and minority interest. Additionally, recognizing that regulatory burden does not emanate only from statutes and regulations, the FDIC, along with the FFIEC and its members, have initiated the FFIEC Examination Modernization project as a follow up to the review of regulations under EGRPRA. The Modernization project is focused on ways to improve the efficiency of processes, procedures, and tools related to examinations and supervisory oversight of the safety and soundness examination processes, while maintaining the quality of the process. There are three parts to the project: 1. Reviewing examination practices and processes with a particular goal of determining whether technology can be used to make existing examination activities more efficient or allow for additional safety and soundness examination work to be conducted off-site. 2. Reviewing the format of the examination report itself and determining whether there are opportunities to improve the quality and usefulness of reports. 3. Reviewing the Uniform Bank Performance Report (UBPR) and related reports and data to determine if there are ways to make them more informative, useful, and user friendly. In particular, the agencies are working to provide the ability to generate graphs and charts of key ratios. In 2017, the Examination Modernization Project’s staff met regularly to compare FFIEC agency practices and develop recommendations for the FFIEC’s consideration. ACTIVITIES RELATED TO SYSTEMICALLY IMPORTANT FINANCIAL INSTITUTIONS The FDIC is committed to addressing the unique challenges associated with the supervision, insurance, and potential resolution of large and complex financial institutions. The FDIC’s ability to analyze and respond to risks in these institutions is particularly important, as they comprise a significant share of banking industry assets and deposits. The FDIC’s programs related to complex financial institutions provide for a consistent approach to large bank supervision nationwide, allow for the identification and analysis of industry-wide and institution-specific risks and emerging issues, and enable a quick response to these risks. The FDIC has segregated these activities in two groups to both ensure that supervisory attention is risk-focused and tailored to the risk presented by the nation’s largest banks, and meet the FDIC’s responsibilities under the FDI Act and the Dodd-Frank Act. Complex Financial Institutions Program The Dodd-Frank Act expanded the FDIC’s responsibilities pertaining to SIFIs and nonbank financial companies designated by the Financial Stability Oversight Council (FSOC). The FDIC’s CFI Group and Large Bank Supervision Branch, both within RMS, perform ongoing risk monitoring of SIFIs and FSOC-designated nonbank financial companies, provide backup supervision of the firms’ related IDIs, and evaluate the firms’ required resolution plans. The CFI Group also performs certain analyses that support the FDIC’s role as an FSOC member. Resolution Plans – Living Wills Certain large banking organizations and nonbank financial companies designated by the FSOC for supervision by the FRB are periodically required to submit resolution plans to the FRB and the FDIC. Each resolution plan, commonly known as a living will, must describe the company’s strategy for rapid M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 39 ANNUAL REPORT and orderly resolution under the U.S. Bankruptcy Code in the event of material financial distress or failure of the company. Large Bank Holding Companies with Substantial Nonbank Assets Companies subject to the rule are divided into three groups: companies with $250 billion or more in nonbank assets, companies with nonbank assets between $100 billion and $250 billion, and all other companies with total consolidated assets of $50 billion or more. Companies in the first and second group were generally required to submit their resolution plans by July 1, 2015. These firms included Bank of America Corporation, Bank of New York Mellon Corporation, JPMorgan Chase & Co., State Street Corporation, Wells Fargo & Company, Goldman Sachs Group, Inc., Morgan Stanley, and Citigroup, Inc. (collectively referred to as the eight domestic banking organizations); and Barclays PLC, Credit Suisse Group AG, Deutsche Bank AG, and UBS AG, (collectively referred to as the four large foreign banking organizations, or FBOs). In April 2016, the FDIC and FRB jointly announced determinations and provided firm-specific feedback on the resolution plans submitted by the eight domestic banking organizations in July 2015. After reviewing the July 2015 submissions, the FDIC and FRB jointly determined that each of the resolution plans of Bank of America Corporation, Bank of New York Mellon Corporation, JPMorgan Chase & Co., State Street Corporation, and Wells Fargo & Company was not credible or would not facilitate an orderly resolution under the U.S. Bankruptcy Code, the statutory standard established in the Dodd-Frank Act. The agencies issued joint notices of deficiencies to these five firms detailing the deficiencies in their plans and the actions the firms must take to address them. The agencies also made public the Resolution Plan Assessment Framework, which explains the resolution plan requirement, provides further information on the determinations, and outlines the agencies’ processes for reviewing the plans. 40 Additionally, the agencies released new guidance for the July 2017 submissions. All of the domestic banking organizations that received feedback in April 2016 provided updates to their plans in October 2016. The FDIC and the FRB determined in December 2016 that Bank of America Corporation, Bank of New York Mellon Corporation, JP Morgan Chase & Co., and State Street Corporation adequately remediated the deficiencies cited in their 2015 resolution plans. The agencies jointly determined that Wells Fargo & Company did not adequately remedy two of the firm’s three deficiencies. In light of the nature of the deficiencies and the resolvability risks posed by the firm’s failure to remedy them, the agencies imposed restrictions on the growth of international and nonbank activities of Wells Fargo & Company and its subsidiaries. In April 2017, the agencies jointly determined that Wells Fargo & Company had remedied the remaining two deficiencies. The eight domestic banking organizations submitted updated plans on or before July 1, 2017. On December 19, 2017, the FDIC and the FRB issued letters to the eight firms providing the findings of their review of those plans and information about areas where additional work needs to be done to improve resolvability. The agencies also jointly determined that the plans of four firms have “shortcomings,” which are less-severe weaknesses that require additional work in their next plan. Guidance for the FBOs was also issued in March 2017, and a workshop to review the guidance was held with FDIC staff on May 2, 2017. The FBO guidance was issued to help the FBOs improve their resolution plans and to reflect the significant restructuring that they have undertaken to form intermediate holding companies. The guidance is organized around a number of key vulnerabilities, such as capital, liquidity, and governance mechanisms. FAQs on the FBO guidance were issued in September 2017. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 Other Large Bank Holding Company Filers In March 2017, the FDIC and FRB jointly announced that the agencies had provided firmspecific feedback on the resolution plans submitted by 16 regional bank holding companies with total consolidated assets of $50 billion or more regarding resolution plans submitted in December 2015. In December 2016, an additional 86 firms subject to the rule submitted resolution plans to the agencies. These plans included four full or tailored plans and 82 reduced content plans, which focus on material changes since their previous resolution plans, actions taken to strengthen the effectiveness of those plans, and where applicable, actions to ensure any subsidiary insured depository institution would be adequately protected from the risk arising from the activities of nonbank affiliates of the firm. In August 2017, the FDIC and FRB jointly announced that the two tailored plan filers in 2016 would be eligible to submit reduced content plans as their next submission. The FDIC and the FRB are jointly developing feedback to two domestic filers regarding their 2016 plan and to several FBOs regarding their 2015 plans. In August and September 2017, the FDIC and the FRB extended the due dates for these companies’ next plans to December 31, 2018. Nonbank Firms Nonbank financial firms designated as systemically important by FSOC also are required to submit resolution plans for review by the FDIC and FRB. During December 2015, three nonbank firms— American International Group, Inc. (AIG), General Electric Capital Corporation, Inc. (GECC), and Prudential, Inc. (PRU) — submitted their resolution plans for review. On June 28, 2016, FSOC rescinded GECC’s designation as a systemically important financial institution and joint agency review of GECC’s plan ceased. In August 2016, the FDIC and FRB jointly extended the next annual resolution plan submission date to December 31, 2017, for AIG and PRU. To allow the agencies an opportunity to consider potentially providing guidance and to provide the firms with sufficient time to develop responsive plans in July 2017, the agencies extended the next resolution plan due date to December 31, 2018, and informed the firms that this plan would satisfy their 2016 and 2017 annual resolution plan submission requirements. Subsequently, on September 29, 2017, as part of the annual review of AIG’s designation as systemically important, FSOC rescinded that designation. MetLife, which was designated as systemically important on December 18, 2014, challenged its designation in federal court and won a ruling on March 30, 2016, that rescinded its designation. The Department of Justice on behalf of the FSOC has appealed that decision. In August 2017 the U.S. Court of Appeals ordered the appeal held in abeyance indefinitely. MetLife will not be required to submit a resolution plan unless its designation is reinstated. Extended Deadline for Submissions for Certain Organizations’ Plans In March 2017, the agencies provided a one-year filing extension to the four large FBOs; their next resolution plans are now due on July 1, 2018. In September 2017, the agencies extended the next resolution plan filing deadline for the eight large domestic banks by one year to July 1, 2019. The extension will provide the time needed for firms to remediate any weaknesses identified in their July 2017 submissions and to prepare and improve their next resolution plan submissions. The agencies are also extending by one year, to December 31, 2018, the next resolution plan submission deadline for 82 foreign banks with limited U.S. operations. Insured Depository Institution Resolution Plans Section 360.10 of the FDIC Rules and Regulations requires an IDI with total assets of $50 billion or more to periodically submit to the FDIC a plan for its resolution in the event of its failure (IDI Rule). The IDI Rule requires each IDI meeting the criteria to M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 41 ANNUAL REPORT submit a resolution plan that should allow the FDIC, as receiver, to resolve the IDI under Sections 11 and 13 of the Federal Deposit Insurance Act (FDI Act) in an orderly manner that enables prompt access to insured deposits, maximizes the return from the sale or disposition of the failed IDI’s assets, and minimizes losses realized by creditors. The resolution plan must also describe how a proposed strategy will be least costly to the DIF. By September 1, 2015, the FDIC received 10 IDI resolution plans, from IDIs whose parent companies are among the group of largest SIFIs under the IDI Rule, and by December 31, 2015, 26 resolution plans were received from other IDIs with smaller parent companies. By December 31, 2016, the FDIC received initial IDI resolution plans from two additional insured banks. The FDIC reviewed these resolution plans in a manner consistent with the IDI Rule and guidance issued by the FDIC in December 2014. In June 2017, the FDIC provided feedback letters to each covered IDI, addressing findings and establishing expectations for the next IDI resolution plan to better align the content of resolution plans with the FDIC’s actual resolution experience. The FDIC also extended the due date for the next IDI resolution plan for each of these 38 insured banks to July 1, 2018. Since the feedback letters were issued, the FDIC has established processes to improve transparency and responsiveness. The FDIC established a dedicated mailbox to receive questions, conducted two industry calls, met with one trade association, and conducted 35 meetings with individual covered IDIs. Orderly Liquidation Authority – Resolution Strategy Development Under the Dodd-Frank Act, failed or failing financial companies are expected to file for reorganization or liquidation under the U.S. Bankruptcy Code, just as any failed or failing nonfinancial company would file. If resolution under the Bankruptcy Code would result in serious adverse effects to U.S. financial stability, the 42 Orderly Liquidation Authority (OLA) set out in Title II of the Dodd-Frank Act provides a backup authority for resolving a company for which the bankruptcy process is not viable. There are strict parameters on its use, however, and it can only be invoked under a statutorily prescribed recommendation and determination process, coupled with an expedited judicial review process. The FDIC has undertaken institution-specific strategic planning to carry out its orderly liquidation authorities with respect to the largest global systemically important banks (G-SIBs) and FBOs. The strategic plans and optionality being developed for these firms are informed by the Title I plan submissions. Further, the FDIC continues to build upon the systemic resolution framework, portions of which have been shared with other authorities, and is developing process documents to facilitate the implementation of the framework in a Title II resolution. In addition, preliminary work continues in the development of resolution strategies for the nonbank resolution plan filers and financial market utilities, particularly central counterparties (CCPs). Monitoring and Measuring Systemic Risks The FDIC monitors risks related to SIFIs at both the firm level and industry wide to inform supervisory planning and response, policy and guidance considerations, and resolution planning efforts. As part of this monitoring, the FDIC analyzes each company’s risk profile, governance and risk management capabilities, structure and interdependencies, business operation and activities, management information system capabilities, and recovery and resolution capabilities. The FDIC continues to work closely with the other federal banking agencies to analyze institution-specific and industry-wide conditions and trends, emerging risks and outliers, risk management, and the potential risk posed to financial stability by SIFIs and non-bank financial companies. To support risk monitoring that informs supervisory and resolution planning efforts, the FDIC has developed systems and reports that M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 make extensive use of structured and unstructured data. SIFI monitoring reports are prepared on a routine and ad-hoc basis and cover a variety of aspects that include risk components, business lines and activity, market trends, and product analysis. Additionally, the FDIC has implemented and continues to expand upon various monitoring systems, including the Systemic Monitoring System (SMS). The SMS provides an individual risk profile and assessment for each SIFI by evaluating the level and change in metrics that serve as important indicators of overall risk. The SMS supports the identification of emerging risks within individual firms and the prioritization of supervisory and monitoring activities. The SMS also serves as an early warning system of financial vulnerability by gauging a firm’s proximity and speed to resolution event. Information from FDIC-prepared reports and systems are used to prioritize activities relating to SIFIs and to coordinate and communicate with the FRB and OCC. The FDIC also has conducted semi-annual “Day of Risk” meetings to present, discuss, and prioritize the review of emerging risks. For each major risk, executive management discussed the nature of the risk, exposures of SIFIs, and planned supervisory efforts. In 2017, RMS CFI began piloting a new SIFI Risk Report (SRR) that identifies key vulnerabilities of systemically important firms, gauges the proximity of these firms to a resolution event, and independently assesses the appropriateness of supervisory ratings for the insured deposit institutions held by these firms. Implementation of this new report is targeted for early 2018. up supervisory activities. These activities include performing analyses of industry conditions and trends, supporting insurance pricing, participating in supervisory activities with other regulatory agencies, and exercising examination and enforcement authorities when necessary. At institutions where the FDIC is not the primary federal regulator, FDIC staff works closely with other regulatory authorities to identify emerging risk and assess the overall risk profile of large and complex institutions. The FDIC has assigned dedicated staff to IDIs of SIFIs to enhance risk-identification capabilities and facilitate the communication of supervisory information. These individuals work with the staff of the FRB and OCC in monitoring risk at their assigned institutions. Through December 2017, FDIC staff participated in 43 targeted examination activities with the FRB and 46 targeted examination activities with the OCC. The reviews included, but were not limited to, engagement in evaluation of risk governance, BSA/AML reviews, quantitative model reviews, and credit risk-related reviews. FDIC staff also participated in various interagency horizontal review activities, including the FRB’s Comprehensive Capital Assessment and Review, and reviews of compliance and conduct risk, model risk management, and sales practices. Cross-Border Efforts Back-up Supervision Activities for IDIs of Systemically Important Financial Institutions Advance planning and cross-border coordination for the resolution of Global-SIFIs (G-SIFIs) is essential to minimizing disruptions to global financial markets. Recognizing that the resolution of a G-SIFI creates complex international legal and operational concerns, the FDIC continues to work with foreign regulators to establish frameworks for effective crossborder cooperation, including information-sharing arrangements. Risk monitoring is enhanced by the FDIC’s back-up supervision activities. In its back-up supervisory role, as outlined in Sections 8 and 10 of the FDI Act, the FDIC has expanded resources and has developed and implemented policies and procedures to guide back- In October 2016, the FDIC hosted the second in an ongoing series of planned exercises with international authorities to enhance coordination on cross-border bank resolution. Participants in the exercise included senior financial officials representing authorities in M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 43 ANNUAL REPORT the United States, United Kingdom, and Europe, including the U.S. Department of Treasury, FRB, OCC, Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), Federal Reserve Bank of New York, HM Treasury, Bank of England, U.K. Prudential Regulation Authority, the Single Resolution Board (SRB), European Commission (EC), and European Central Bank. Staffs since have pursued a follow-on work plan endorsed by senior officials from these participating agencies. The FDIC serves as a co-chair for all of the crossborder crisis management groups (CMGs) of supervisors and resolution authorities for U.S. G-SIFIs. In addition, the FDIC participates as a host authority in CMGs for foreign G-SIFIs. The FDIC and the European Commission continued their engagement through the joint Working Group, which is composed of senior executives at the FDIC and EC who meet to focus on both resolution and deposit insurance issues. In 2017, the Working Group discussed cross-border bank resolution and resolution of CCPs, among other topics. FDIC staff also participated in the Joint EU-US Financial Regulatory Forum with representatives of the EC and other participating European Union authorities, including the Single Resolution Board and the European Banking Authority, and staffs of the Treasury Department, FRB, SEC, CFTC, and other participating U.S. agencies. The FDIC continued to advance its working relationships with authorities from other jurisdictions that regulate G-SIFIs, including those in Switzerland and Japan, and through international forums, such as the Financial Stability Board’s (FSB) Resolution Steering Group. In 2017, the FDIC had significant staff-level engagements with these authorities to discuss cross-border issues and potential impediments that could affect the resolution of a G-SIFI. Systemic Resolution Advisory Committee The FDIC created the Systemic Resolution Advisory Committee (SRAC) in 2011 to receive advice and 44 recommendations on a broad range of issues regarding the resolution of systemically important financial companies pursuant to the Dodd-Frank Act. Over the years, the SRAC has provided important advice to the FDIC regarding systemic resolutions and advised the FDIC on a variety of issues, including the following: ♦♦ The effects on financial stability and economic conditions resulting from the failure of a SIFI; ♦♦ The ways in which specific resolution strategies would affect stakeholders and customers; ♦♦ The tools available to the FDIC to wind down the operations of a failed organization; and ♦♦ The tools needed to assist in cross-border relations with foreign regulators and governments when a SIFI has international operations. Members of the SRAC have a wide range of experience, including managing complex firms, administering bankruptcies, and working in the legal system, accounting field, and academia. The last meeting of the SRAC was held on April 14, 2016. The SRAC discussed among other topics, the status of Title I Living Wills, an update on Title II Orderly Liquidation Authority, and developments in the European Union. In 2017, the charter of the SRAC was renewed. The next meeting is anticipated to be held in 2018. Financial Stability Oversight Council The FSOC was created by the Dodd-Frank Act in July 2010 to promote the financial stability of the United States. It is composed of 10 voting members, including the Chairperson of the FDIC, and five non-voting members. The FSOC’s responsibilities include the following: ♦♦ Identifying risks to financial stability, responding to emerging threats in the financial system, and promoting market discipline; ♦♦ Identifying and assessing threats that institutions may pose to financial stability and, if appropriate, designating a nonbank financial company for M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 ♦♦ ♦♦ ♦♦ ♦♦ supervision by the FRB subject to heightened prudential standards; Designating financial market utilities and payment, clearing, or settlement activities that are, or are likely to become, systemically important; Facilitating regulatory coordination and information sharing regarding policy development, rulemaking, supervisory information, and reporting requirements; Monitoring domestic and international financial regulatory proposals and advising Congress and making recommendations to enhance the integrity, efficiency, competitiveness, and stability of U.S. financial markets; and Producing annual reports describing, among other things, the Council’s activities and potential emerging threats to financial stability. The FSOC recently issued its 2017 annual report. Generally, at each of its meetings, the FSOC discusses various risk issues. In 2017, the FSOC meetings addressed, among other topics, U.S. fiscal issues, interest-rate risk, credit risk, the FRB and European bank stress tests, the United Kingdom’s 2016 vote to leave the European Union (i.e., Brexit), cybersecurity, nonbank financial company designations, and housing reform. DEPOSITOR AND CONSUMER PROTECTION A major component of the FDIC’s mission is to ensure that financial institutions treat consumers and depositors fairly, and operate in compliance with federal consumer protection, anti-discrimination, and community reinvestment laws. The FDIC also promotes economic inclusion to build and strengthen positive connections between insured financial institutions and consumers, depositors, small businesses, and communities. Rulemaking and Guidance Community Reinvestment Act In May 2017, the FDIC released revised publicly available examination procedures to align with internal guidance for Full and Limited Scope CRA Assessment Areas. These examination procedures provide instructions for examiners to follow when determining which assessment areas(s) should receive a full scope review and provide guidance on how to address assessment areas not selected for full scope review within a CRA performance evaluation. Assessment areas that are not reviewed using the full examination procedures are referred to as limited scope assessment areas. In November 2017, the FDIC, OCC, and FRB issued a final rule amending their respective Community Reinvestment Act (CRA) regulations primarily to conform to changes made by the CFPB to Regulation C, which implements the Home Mortgage Disclosure Act (HMDA). In particular, the final rule revises the definitions of “home mortgage loan” and “consumer loan” in the agencies’ CRA regulations, as well as the public file content requirements. These revisions will maintain consistency between the CRA regulations and the recent changes to Regulation C, which generally became effective on January 1, 2018. In addition, the final rule contains technical revisions and removes obsolete references to the Neighborhood Stabilization Program. Home Mortgage Disclosure Act In August 2017, the FDIC, with the other FFIEC members, issued HMDA Examiner Transaction Testing Guidelines. To support the evaluation of financial institutions’ compliance with HMDA’s requirements, the agencies’ examiners will use these guidelines in assessing the accuracy of the HMDA data that financial institutions record and report. Used in conjunction with HMDA examination procedures, the guidelines describe how examiners validate the accuracy of HMDA data and the circumstances in which examiners may direct M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 45 ANNUAL REPORT institutions to correct and resubmit HMDA data in connection with HMDA rules. In October 2017, the FDIC, FRB, and OCC issued a list of Designated Key HMDA Data Fields for examination staff to prioritize when validating HMDA data in accordance with the guidelines. The agencies will focus examination-related testing of HMDA data on certain agency-designated “key fields” considered most important to ensuring the integrity of analyses of overall HMDA data. Promoting Economic Inclusion The FDIC is strongly committed to promoting consumer access to a broad array of banking products to meet consumer financial needs. To promote financial access to responsible and sustainable products offered by IDIs, the FDIC: ♦♦ Conducts research on the unbanked and underbanked populations; ♦♦ Engages in research and development on models of products meeting the needs of lower-income consumers; ♦♦ Supports partnerships to promote consumer access to and use of banking services; ♦♦ Advances financial education and literacy; and ♦♦ Facilitates partnerships to support community and small business development. Advisory Committee on Economic Inclusion The Advisory Committee on Economic Inclusion (ComE-IN) provides the FDIC with advice and recommendations on important initiatives focused on expanding access to mainstream banking services to underserved populations. This may include reviewing basic retail financial services such as low-cost, safe transaction accounts; affordable small-dollar loans; savings accounts; and other services that promote individual asset accumulation and financial stability, and may also include exploring demand-side factors such as consumers’ perceptions of mainstream financial institutions. The ComE-IN met twice during 2017. The April 27, 2017 meeting reviewed discussions from the FDIC’s Economic Inclusion Summit, explored methods for evaluating neighborhood access to bank branches, and ComE-IN Committee meeting on October 18, 2017. 46 M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 assessed resources for affordable mortgage lending. The October 18, 2017 meeting featured panel discussions on Safe Accounts, the 2016 FDIC Bank Survey results, economic inclusion for persons with disabilities, and research on neighborhood access to bank branches. Economic Inclusion Summit The FDIC held an Economic Inclusion Summit on April 26, 2017. The day-long event convened representatives from banks, community organizations, and researchers to discuss developments related to economic inclusion as well as next steps for the field. FDIC National Survey of Unbanked and Underbanked Households and Related Research As part of its ongoing commitment to expanding economic inclusion in the United States, the FDIC works to fill the research and data gap regarding household participation in mainstream banking and the use of nonbank financial services. In addition, Section 7 of the Federal Deposit Insurance Reform Conforming Amendments Act of 2005 mandates that the FDIC regularly report on underserved populations and bank efforts to bring individuals and families into the conventional banking system. In response, the FDIC regularly conducts and reports on surveys of households and banks to inform the public and enhance the understanding of financial institutions, policymakers, regulators, researchers, academics, and others. During 2017, the FDIC conducted survey research and analysis in partnership with the U.S. Census Bureau to understand the terms and conditions of basic, entry-level checking accounts from FDICinsured institutions, with the survey questions embedded in the FDIC Small Business Lending Survey. The survey asked about eligibility, costs, balance requirements, and other details about basic, entry-level checking and savings accounts, as well as prepaid debit card programs offered by banks. Findings from the analysis were made public on October 18, 2017, at a meeting of the ComE-IN. In 2017, the FDIC also conducted an analysis to better understand residential neighborhood access to full-service bank branches. This work culminated on October 18, 2017, with a public presentation of an analysis of residential bank access in all metropolitan areas of the United States, at the same meeting of the ComE-IN. The presentation focused on identifying residential neighborhoods that had both relatively less convenient access to bank branches and concentrations of population segments that research has shown to disproportionately rely on branches to access their account. Examples of populations known through the 2015 FDIC National Survey of Unbanked and Underbanked Households to have a relatively high reliance on bank branches include older households, lower-income households, and households with lower educational attainment. Community and Small Business Development and Affordable Mortgage Lending In 2017, the FDIC provided technical assistance to banks and community organizations through more than 125 outreach events designed to increase shared knowledge and support collaboration between financial institutions and other community, housing, and small business development resources and to improve knowledge about the Community Reinvestment Act. The FDIC’s work emphasized sharing information to support bank efforts to provide prudent access to responsible, affordable mortgage credit. Late in 2016, the FDIC released the Affordable Mortgage Lending Guide, a three-part resource to help community banks identify affordable mortgage products. Part 1: Federal Agencies and Government Sponsored Enterprises and Part II: State Housing Finance Agencies were released in 2016. Part III: Federal Home Loan Banks was released in April 2017. Part II was updated in July 2017, and Part I is scheduled to be updated in early 2018. As part of this effort, the FDIC also launched the Affordable Mortgage Lending Center, a website that houses these publications and other resources. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 47 ANNUAL REPORT Together these resources provide a comprehensive overview of the programs and products available to community banks to support affordable mortgage lending, particularly to low- and moderate-income borrowers. By year-end 2017, the Affordable Mortgage Lending Center: ♦♦ Had a 400 percent increase in subscribers from year-end 2016 to over 9,000; ♦♦ Experienced more than 10,000 downloads since inception; and ♦♦ Received more than 50,000 page views since inception. Also in 2017, the FDIC, other federal regulators, and federal and state housing agencies hosted 19 affordable mortgage lending forums and conducted 35 outreach activities and events to offer technical assistance to help expand access to mortgage credit for low- and moderate-income households. Community Affairs staff in every Region exhibited at a State Bankers Association Conference. The FDIC also offered information about the Affordable Mortgage Lending Guide and website through participation in national conferences, including the Independent Community Bankers Association Conference and the American Bankers Association’s National Conference for Community Bankers, and presented at the Council of Community Bankers Association Executives’ annual meeting in March 2017. In addition, the FDIC sponsored sessions with interagency partners covering basic and advanced CRA training for banks. The agencies also offered CRA basics for community-based organizations, as well as seminars on establishing effective bank-community collaborations for community development in more than 45 communities. The FDIC focused on encouraging community development initiatives in rural communities. This work included workshops that highlighted housing needs and programs, economic development programs, and community development financial institution collaborations, including those serving Native American communities. 48 Advancing Financial Education Financial education helps consumers understand and use bank products effectively and sustain a banking relationship over time. The FDIC continued to be a leader in developing high-quality, free financial education resources and pursuing collaborations to use those tools to educate the public. In particular, the FDIC designed strategies to reach two particular segments of the population that the National Survey of Unbanked and Underbanked Consumers revealed are disproportionately unbanked and underbanked: low- and moderate-income young people and persons with disabilities. The FDIC’s work during 2017 focusing on young people was also consistent with the Financial Literacy and Education Commission’s focus on Starting Early for Financial Success. Youth Financial Education Recognizing the promise of hands-on learning approaches, the FDIC’s youth work centered on helping banks understand strategies to connect financial education to savings accounts. On March 28, 2017, the FDIC released the Youth Savings Pilot report which examines the experiences of 21 diverse banks in designing and implementing youth savings programs. The report describes promising practices banks can use to develop or expand their own youth savings programs. The report is accessible through the FDIC’s new Youth Banking Resource Center website, which had more than 11,000 page views between its launch in late March and the end of December. The release of the report was followed by a webinar to communicate key learnings from the pilot to financial institutions. The FDIC also launched the Youth Banking Network to support banks as they work with school and nonprofit partners to develop youth savings programs using the knowledge gained from the pilot. The FDIC convened three network conference calls that focused on topics of interest, including program design and financial education delivery. Bankers and other experts shared their experiences and promising practices. The FDIC provided periodic assistance to members in response to specific questions. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 The FDIC launched an updated version of the Teacher Online Resource Center. The site was redesigned to allow educators to more easily find Money Smart for Young People and other relevant resources. New videos provide a quick overview of the curriculum tools. Other enhancements to the site include links to relevant resources that can support the delivery of financial education in the classroom. The site had more than 35,000 page views during 2017. The FDIC pursued strategies to improve financial education and access to mainstream financial services for youth participating in youth employment programs, including those funded through the Workforce Innovation and Opportunity Act (WIOA). For workforce providers and their partners teaching financial education, the FDIC developed a tool to map Money Smart to WIOA’s financial education element. The FDIC also released a supplement to Money Smart designed to help prepare youth to open their first savings or transactional accounts. As a member of the Financial Literacy and Education Commission, the FDIC helped develop two resource guides for financial institutions and youth employment program providers to discuss opportunities of mutual benefit. The FDIC led three webinars in collaboration with the Department of Labor to increase awareness of Money Smart among organizations that receive federal funding for youth employment. In addition, the FDIC participated in three regional events in collaboration with the Department of Labor and Federal Reserve Banks to strengthen the capacity of workforce development organizations in working with financial institutions on financial capability initiatives. The FDIC was selected to hold a “quick shop” and a panel presentation at two national workforce association meetings. The FDIC’s Money Smart Alliance is a network of diverse organizations that use Money Smart to provide financial education training to organizations, consumers, and small businesses. The FDIC hosted a national webinar on February 28, 2017, to discuss the Money Smart Alliance and opportunities to join. The FDIC website also now features a searchable database of the Alliance members to help facilitate collaborations among organizations to use Money Smart and to help consumers find training. FDIC Community Affairs staff also continued to provide technical assistance to the Alliance members to support their implementation of Money Smart. For example, on June 28, 2017, a peer-to-peer learning webinar for Alliance members featured representatives of a financial institution and a non-profit organization discussing how they use Money Smart. A total of 350 organizations joined the Money Smart Alliance during 2017. A total of 614 organizations have renewed memberships or joined the Alliance since the inception of the new enrollment process in early 2016. Money Smart for Small Business was used by 297 of these Alliance members. Financial Education for Persons with Disabilities The FDIC emphasized strategies to promote economic inclusion for persons with disabilities, given this population is disproportionally unbanked and underbanked. As one element of these strategies, the FDIC expanded efforts with local partners through 15 community events to bring banks and organizations representing persons with disabilities together at the state and local levels. Together with the CFPB, the FDIC hosted a meeting of organizations that support persons with disabilities at Gallaudet University in May 2017. The organizations are part of the CFPB’s Focus on Disabilities cohort and together they learned about the CFPB’s Your Money, Your Goals toolkit and the FDIC’s Money Smart financial education program. The meeting was followed by two in-person trainings and two webinars to further assist members of the cohort advance financial capability for persons with disabilities. The FDIC revised its Guide to Presenting Money Smart for Adults to include updated information to help instructors support participants with disabilities, including more tips about reasonable M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 49 ANNUAL REPORT accommodations and sample language to include on registration forms. Also, the FDIC released an Instructor’s Guide Supplement including four scenarios that feature individuals with disabilities dealing with a financial situation in their lives that can be used with any financial education curriculum. Money Smart for Adults The FDIC began to revise and update the instructorled Money Smart for Adults curriculum to ensure accuracy and relevance. Five organizations, including two banks, tested three of the draft redeveloped modules, providing the FDIC with valuable information that helped inform the redevelopment of the remaining modules. All of the modules in the redeveloped curriculum will be tested and released in 2018. Money Smart for Small Business The FDIC continues to highlight the Money Smart for Small Business curriculum with a focus on informational events for bankers, community organizations, and entrepreneurs, and on increasing partnerships at the state and local levels for small business access to credit resources. In collaboration with diverse partners, particularly the Small Business Administration (SBA) and its partner network – including the Small Business Development Centers, Women’s Business Centers, and SCORE Association chapters – the FDIC convened forums and roundtables featuring safe small business products and services and provided information and technical assistance to support initiatives geared to increase access to capital for small businesses. In 2017, Community Affairs staff completed 92 events and activities primarily focused on small business. Partnerships for Access to Mainstream Banking The FDIC supported community development and economic inclusion partnerships at the local level by providing technical assistance and information 50 resources throughout the country, with a focus on unbanked and underbanked households and low- and moderate-income communities. Community Affairs staff support economic inclusion through work with the Alliances for Economic Inclusion (AEI), Bank On initiatives, and other coalitions originated by local and state governments, and in collaboration with federal partners and many local and national non-profit organizations. The FDIC also partners with other financial regulatory agencies to provide information and technical assistance on community development to banks and community leaders across the country. In the 12 AEI communities and in other areas, the FDIC helped working groups of bankers and community leaders develop responses to the financial capability and services needs in their communities. To integrate financial capability into community services more effectively, the FDIC supported seminars and training sessions for community service providers and asset-building organizations, workshops for financial coaches and counselors, promotion of savings opportunities for low- and moderate-income people and communities, initiatives to expand access to savings accounts for all ages, outreach to bring larger numbers of people to expanded tax preparation assistance sites, and education for business owners to help them become bankable. The FDIC worked in 10 Bank On communities to convene 18 forums and roundtables with almost 900 participants that helped advance strategies to expand access to safe and affordable deposit accounts and engage unbanked and underbanked consumers. The FDIC provided technical assistance to bankers, coalition leaders, and others interested in understanding opportunities for banking services designed to meet the needs of the unbanked and underbanked. In total, the FDIC sponsored more than 165 events during 2017 that provided opportunities for partners to collaborate on increasing access to bank accounts and credit services, opportunities to build savings and improve credit histories, and initiatives to significantly M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 strengthen the financial capability of community service providers who directly serve low- and moderate-income consumers and small businesses. Consumer Complaints and Inquiries The FDIC helps consumers by receiving, investigating, and responding to consumer complaints about FDIC-supervised institutions and answering inquiries about banking laws and regulations, FDIC operations, and other related topics. In addition, the FDIC provides analytical reports and information on complaint data for internal and external use, and conducts outreach activities to educate consumers. The FDIC recognizes that consumer complaints and inquiries play an important role in the development of strong public and supervisory policy. Assessing and resolving these matters helps the agency identify trends or problems affecting consumer rights, understand the public perception of consumer protection issues, formulate policy that aids consumers, and foster confidence in the banking system by educating consumers about the protection they receive under certain consumer protection laws and regulations. Consumer Complaints by Product and Issue The FDIC receives complaints and inquiries by telephone, fax, U.S. mail, email, and online through the FDIC’s website. In 2017, the FDIC handled 16,817 written and telephonic complaints and inquiries. Of this total, 9,460 related to FDICsupervised institutions. The FDIC responded to 97 percent of these complaints within time frames established by corporate policy, and acknowledged 100 percent of all consumer complaints and inquiries within 14 days. As part of the complaint and inquiry handling process, the FDIC works with the other federal financial regulatory agencies to ensure that complaints and inquiries are forwarded to the appropriate agencies for response. The FDIC carefully analyzes the products and issues involved in complaints about FDIC-supervised institutions. The number of complaints received about a specific bank product and issue can serve as a red flag to prompt further review of practices that may raise consumer protection or supervisory concerns. In 2017, the four most frequently identified consumer product complaints and inquiries about FDICsupervised institutions concerned consumer loans (19 percent), checking accounts (15 percent), residential real estate (13 percent), and credit cards (13 percent). Consumer loan complaints and inquiries most frequently described issues with reporting erroneous information and collection practices, while the issues most commonly cited in correspondence about checking accounts were concerns with account discrepancies or transaction errors. Complaints and inquiries about residential real estate related to disclosures and repossession/foreclosure. Consumer correspondences about credit cards most often raised issues regarding billing disputes/error resolution and reporting erroneous information to the credit reporting agencies. The FDIC also investigated 81 Fair Lending complaints alleging discrimination during 2017. The number of discrimination complaints investigated has fluctuated over the past several years but averaged approximately 80 complaints per year between 2012 and 2017. Over this period, nearly 43 percent of the complaints investigated alleged discrimination based on the race, color, national origin, or ethnicity of the applicant or borrower; 18 percent related to discrimination allegations based on age; nearly 14 percent involved the sex of the borrower or applicant; and roughly 7 percent concerned disability. Consumer refunds generally involve the financial institution offering a voluntary credit to the consumer’s account, often as a direct result of complaint investigations and identification of a banking error or violation of law. In 2017, consumers received more than $669,000 in refunds from financial institutions as a result of the assistance provided by the FDIC’s Consumer Affairs Program. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 51 ANNUAL REPORT Public Awareness of Deposit Insurance Coverage An important part of the FDIC’s deposit insurance mission is to ensure that bankers and consumers have access to accurate information about the FDIC’s rules for deposit insurance coverage. The FDIC has an extensive deposit insurance education program consisting of seminars for bankers, electronic tools for estimating deposit insurance coverage, and written and electronic information targeted to both bankers and consumers. The FDIC continued its efforts to educate bankers and consumers about the rules and requirements for FDIC insurance coverage during 2017. For example, as of December 31, 2017, the FDIC conducted four telephone seminars for bankers on deposit insurance coverage, reaching an estimated 5,513 bankers participating at approximately 1,575 bank sites throughout the country. The FDIC also features deposit insurance training videos that are available on the FDIC’s website and YouTube channel. As of December 31, 2017, the FDIC Call Center received 91,918 telephone calls, of which approximately 36,767 were identified as deposit insurance-related inquiries. The FDIC Call Center handled approximately 18,655 inquiries and Deposit Insurance subject matter experts (SME) handled 18,112 complex telephone calls identifying a total of 49,277 deposit insurance issues. In addition to telephone inquiries about deposit insurance coverage, the FDIC received 781 written inquiries from consumers and bankers identifying a total of 1,771 deposit insurance issues. Of these inquiries, 100 percent received responses within two weeks, as required by corporate policy. RECEIVERSHIP MANAGEMENT The FDIC has the unique mission of protecting depositors of insured banks and savings associations. No depositor has ever experienced a loss on the insured amount of his or her deposits in an FDIC- 52 insured institution due to a failure. When an institution closes, its chartering authority—the state for state-chartered institutions and the OCC for national banks and federal savings associations— typically appoints the FDIC as receiver, responsible for resolving the failed institution. The FDIC employs a variety of strategies and business practices to resolve a failed institution. These strategies and practices are typically associated with either the resolution process or the receivership process. Depending on the characteristics of the institution, the FDIC may utilize several of these methods to ensure the prompt and smooth payment of deposit insurance to insured depositors, to minimize the impact on the DIF, and to speed dividend payments to uninsured depositors and other creditors of the failed institution. The resolution process involves evaluating and marketing a failing institution, soliciting and accepting bids for the sale of the institution, determining which bid (if any) is least costly to the DIF, and working with the acquiring institution through the closing process. To minimize disruption to the local community, the resolution process must be performed as quickly and efficiently as possible. The FDIC uses two basic resolution methods: purchase and assumption transactions and deposit payoffs. The purchase and assumption (P&A) transaction is the most commonly used resolution method. Typically, in a P&A transaction, a healthy institution purchases certain assets and assumes certain liabilities of the failed institution. However, a variety of P&A transactions can be used. Because each failing bank situation is different, P&A transactions provide flexibility to structure deals that result in obtaining the highest value for the failed institution. For each possible P&A transaction, the acquirer may acquire either all of the failing institution’s deposits or only the insured portion of the deposits. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 From 2008 through 2013, loss sharing was offered by the FDIC in connection with P&A transactions. In a loss-share transaction, the FDIC, as receiver, agrees to share losses on certain assets with the acquirer, absorbing a significant portion (typically 80 percent) of future losses on assets that have been designated as “shared-loss assets” for a specific period of time (e.g., five to 10 years). The economic rationale for these transactions is that keeping assets in the banking sector and resolving them over an extended period of time can produce a better net recovery than the FDIC’s immediate liquidation of these assets. However, in recent years as the markets improved and functioned more normally with both capital and liquidity returning to the banking industry, acquirers become more comfortable with bidding on failing bank franchises without the loss-sharing protection. The FDIC continues to monitor compliance with shared-loss agreements by validating the appropriateness of loss-share claims; reviewing acquiring institutions’ efforts to maximize recoveries; ensuring consistent application of policies and procedures across both shared-loss and legacy portfolios; and confirming that the acquirers have sufficient internal controls, including adequate staff, reporting, and recordkeeping systems. At year-end 2017, there were 104 receiverships with active sharedloss agreements and $13.9 billion in total shared-loss covered assets. Financial Institution Failures During 2017, there were eight institution failures, compared to five failures in 2016. In all eight transactions, the FDIC successfully contacted all known, qualified, and interested bidders to market these institutions, and also made insured funds available to all depositors within one business day of the failure. There were no losses on insured deposits, and no appropriated funds were required to pay insured deposits. The following chart provides a comparison of failure activity over the past three years. FAILURE ACTIVITY 2015–2017 Dollars in Billions 2017 2016 2015 8 5 8 Total Assets of Failed Institutions* $5.1 $0.3 $6.7 Total Deposits of Failed Institutions* $4.7 $0.3 $4.9 Estimated Loss to the DIF $1.1 $0.05 $0.9 Total Institutions *Total assets and total deposits data are based on the last quarterly Call Report filed by the institution prior to failure. Asset Management and Sales As part of its resolution process, the FDIC tries to sell as many assets as possible to an assuming institution. Assets that are retained by the receivership are promptly valued and liquidated in order to maximize the return to the receivership estate. For 95 percent of failed institutions, at least 90 percent of the book value of marketable assets is marketed for sale within 90 days of an institution’s failure for cash sales, and within 120 days for structured sales. Cash sales of assets for 2017 totaled $1.8 billion in book value. As a result of the FDIC’s marketing and collection efforts, the book value of assets in inventory decreased by $1.0 billion (32 percent) in 2017. The following chart shows the beginning and ending balances of these assets by asset type. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 53 ANNUAL REPORT Protecting Insured Depositors ASSETS-IN-LIQUIDATION INVENTORY BY ASSET TYPE Dollars in Millions Asset Type Securities 12/31/17 12/31/16 12/31/15 $160 $183 $393 8 8 22 50 19 62 Real Estate Mortgages 139 85 173 Other Assets/ Judgments 260 268 398 Owned Assets 47 40 113 157 100 122 1,449 2,614 3,524 $2,271 $3,317 $4,807 Consumer Loans Commercial Loans Net Investments in Subsidiaries Structured and Securitized Assets TOTAL Professional Liability and Financial Crimes Recoveries Receivership Management Activities The FDIC, as receiver, manages failed banks and their subsidiaries with the goal of expeditiously winding up their affairs. The oversight and prompt termination of receiverships help to preserve value for the uninsured depositors and other creditors by reducing overhead and other holding costs. Once the assets of a failed institution have been sold and its liabilities extinguished, the final distribution of any proceeds is made, and the FDIC terminates the receivership. In 2017, the number of receiverships under management decreased by 40 (11 percent) to 338. The following chart shows overall receivership activity for the FDIC in 2017. RECEIVERSHIP ACTIVITY 54 The FDIC’s ability to attract healthy institutions to assume deposits and purchase assets of failed banks and savings associations at the time of failure minimizes the disruption to customers and allows assets to be returned to the private sector immediately. Assets remaining after resolution are liquidated by the FDIC in an orderly manner, and the proceeds are used to pay receivership creditors, including depositors whose accounts exceeded the insurance limit. During 2017, receiverships paid dividends of $953 thousand to depositors whose accounts exceeded the insurance limit. Active Receiverships as of 12/31/16 New Receiverships 378 Receiverships Terminated Active Receiverships as of 12/31/17 48 8 338 The FDIC investigates bank failures to identify potential claims against directors, officers, securities underwriters and issuers, fidelity bond insurance carriers, appraisers, attorneys, accountants, mortgage loan brokers, title insurance companies, and other professionals who may have caused losses to insured depository institutions. The FDIC will pursue meritorious claims that are expected to be costeffective. During 2017, the FDIC recovered $105 million from professional liability claims and settlements. The FDIC also authorized lawsuits related to one failed institution against three individuals for director and officer liability, and authorized another three lawsuits for fidelity bond accounting malpractice, and other claims. As of December 31, 2017, the FDIC’s caseload included 24 professional liability lawsuits (down from 28 at year-end 2016), 21 residential mortgage malpractice and fraud lawsuits (down from 42), and 164 open investigations (down from 173). The FDIC seeks to complete professional liability investigations and make decisions expeditiously on whether to pursue potential professional liability claims. During 2017, it completed investigations and made decisions on 96 percent of the investigations related to failures that reached the 18-month point M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 after the institution’s failure date, thereby exceeding its annual performance target. As part of the sentencing process for those convicted of criminal wrongdoing against an insured institution that later failed, a court may order a defendant to pay restitution or to forfeit funds or property to the receivership. The FDIC, working with the U.S. Department of Justice, in connection with criminal restitution and forfeiture orders issued by federal courts and independently in connection with restitution orders issued by the state courts, collected $9.6 million in 2017. As of December 31, 2017, there were 4,163 active restitution and forfeiture orders (increased from 3,991 at year-end 2016). This includes 119 orders held by the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund, (i.e., orders arising out of failed financial institutions that were in receivership or conservatorship by the FSLIC or the Resolution Trust Corporation). ENHANCING THE FDIC’S IT SECURITY FDIC Information Technology Strategic Plan Information Technology (IT) is a key enabler in ensuring the success of FDIC’s core programs. Further, the FDIC must ensure that strong security and privacy controls protect the information used in the course of carrying out its responsibilities. In 2017, representatives from the Chief Information Officer Organization (CIOO) and the FDIC’s business divisions contributed their insight and knowledge of IT challenges and opportunities with the four core principles that IT service delivery is secure, affordable, forward-thinking, and better prepares the FDIC to carry out its mission. As a result, the FDIC Information Technology Strategic Plan (ITSP) 2017-2020 was developed to address many of the foundational issues affecting the cost and quality of IT services. The ITSP goals are in the areas of information security and privacy, continuity of operations, enterprise mobility, information management and analytics, and IT service delivery. The ITSP identifies opportunities for the FDIC to improve internal operations in a world of ever changing technology. The plan identifies the five major goals with supporting objectives designed to improve business capabilities and systems: ♦♦ Improve information security and privacy protections against cyber threats and data breaches; ♦♦ Ensure that the IT systems supporting mission essential functions are continuously available and provide depositors confidence that their funds are readily available in the event of a crisis or bank failure; ♦♦ Develop mobile technologies that offer opportunities for authorized users of FDIC applications to conduct their work in new ways and from remote locations; ♦♦ Create new information management and analysis capabilities to assess risk in support of the FDIC’s supervisory responsibilities; and ♦♦ Improve service delivery and timely response to new business requirements. New capabilities serve both long-term institutional improvements, and the FDIC’s readiness in the event of unexpected challenges. Achieving these goals will significantly improve FDIC operations and the value the FDIC provides to the nation’s financial system. During 2017, the FDIC advanced a variety of initiatives to begin fulfilling the goals set for in this plan. Addressing FDIC Cybersecurity Risk The FDIC is committed to strengthening and managing effective and efficient cybersecurity practices. At the foundation of these practices is risk management, which serves to proactively identify, protect, detect, and respond to threats, as well as to rapidly recover from cybersecurity incidents. During 2017, the FDIC has taken a number of actions to enhance and improve our risk management practices. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 55 ANNUAL REPORT The FDIC addressed cybersecurity risk as a critical element of the ITSP. This strategic focus emphasizes the importance of cybersecurity to the mission and prompts tangible actions to sustain and improve our cybersecurity posture. To operationalize the strategy, the FDIC implemented a risk management function and assigned program- and executive-level officials to manage information risk. Ensuring that leaders are accountable for the effective planning, implementation, and monitoring of risk management enables the FDIC to identify, prioritize, communicate, and sustain the controls required to mitigate cybersecurity risks across the agency. On May 11, 2017, the President issued an Executive Order entitled Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The Executive Order builds on existing statutory requirements under the Federal Information Security Modernization Act of 2014 (FISMA), which establishes information security obligations for federal agencies (including the FDIC). Subsequent to the issuance of the Executive Order, the Office of Management and Budget issued Reporting Guidance for Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, to provide agency heads with instructions for meeting the risk management reporting requirements in the Executive Order. To fulfill these requirements to strengthen cybersecurity, the FDIC: ♦♦ Designated, and reported on, the Senior Accountable Official (SAO) for cybersecurity risk; ♦♦ Developed and submitted the FY17 Annual Risk and FISMA Reports; ♦♦ Conducted a CIOO Cybersecurity Framework (CSF) self-assessment which assessed the current state of FDIC cybersecurity controls; and ♦♦ Used the identified risks from the CIOO CSF assessment and FDIC FISMA reports to develop and submit an action plan for implementing the CSF. Furthermore, the FDIC is restructuring corporatewide information security guidance through the issuance of a new Information Security Policy Framework, which will align FDIC information security to industry-leading best practices, and will comply with recent cybersecurity requirements issued by the President and the U.S. Office of Management and Budget (OMB). Transitioning to the new framework will make it easier for FDIC personnel to identify applicable guidance and highlight policy areas needing improvement. The reorganization of policy information is still underway with completion expected in mid-2018. Mobility and Strengthening of Endpoint Devices The Enterprise Mobility objective is a comprehensive effort to deploy mobile technologies that enable FDIC authorized users to conduct their work in ways that improve efficiency and increase flexibility. This capability provides FDIC users with the ability to work securely, from any location at any time, on FDIC-owned equipment. During 2017, FDIC completed a variety of projects to support this objective, including: ♦♦ Laptop deployment — phased out desktops, eliminated use of personal computers, and issued identical and more secure government furnished equipment; ♦♦ Smartphone deployment — replaced FDICissued blackberry mobile devices with modern smartphones to expand mobile workforce capabilities while enhancing security; and ♦♦ Mobile Device Management (MDM) technology—- implemented a FedRAMP2compliant, cloud-based MDM solution to manage FDIC mobile devices. The Federal Risk and Authorization Management Program (FedRAMP) is an assessment and authorization process which U.S. federal agencies have been directed by the Office of Management and Budget to use to ensure security is in place when accessing cloud computing products and services. 2 56 M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 Insider Threat and Counterintelligence Program An insider threat is a concern or risk posed to the FDIC that involves an individual who misuses or betrays, wittingly or unwittingly, his or her authorized access to FDIC resources. This individual may have access to sensitive or personally identifiable information as well as privileged access to critical infrastructure or business sensitive information (e.g., bank data). The FDIC established the Insider Threat and Counterintelligence Program (ITCIP) in September 2016. ITCIP is a defensive program focused on preventing and mitigating internal and external threats and risks posed to FDIC personnel, facilities, assets, resources, and both national security and sensitive information by insider and foreign intelligence entities. These threats may involve inadvertent disclosures and intentional breaches of sensitive information by personnel who may be compromised by external sources, disgruntled, seeking personal gain, intending to damage the reputation of the FDIC, or acting for some other reason. ITCIP leverages both physical and logical safeguards to minimize the risk, likelihood, and impact of an executed insider threat. The National Insider Threat Task Force (NITTF) initiated its Federal Program Review in January 2017 to ensure the FDIC’s implementation of the White House minimum standards. NITTF’s independent evaluation showed that ITCIP met all minimum standards and achieved full operating capability on August 24, 2017. NITTF noted that ITCIP leads the federal government in several best practices that affect the entire workforce and serves as a model program for other independent regulators and non-Title 50 Departments and Agencies. MINORITY AND WOMEN INCLUSION Consistent with the provisions of the Dodd-Frank Act, the FDIC continues to enhance its longstanding commitment to promote diversity and inclusion in employment opportunities and all business areas of the agency. The Office of Minority and Women Inclusion (OMWI) supports the FDIC’s mission through outreach efforts to ensure the fair inclusion and utilization of minority- and women-owned businesses, law firms, and investors in contracting and investment opportunities. The FDIC relies on contractors to help meet its mission. In 2017, the FDIC awarded 210 (28 percent) contracts to minority- and women-owned businesses (MWOBs) out of a total of 737 issued. The FDIC awarded contracts with a combined value of $524 million in 2017, of which 19 percent ($97 million) were awarded to MWOBs, compared to 18 percent for all of 2016. The FDIC paid $110 million of its total contract payments (27 percent) to MWOBs, under 354 MWOB contracts. The FDIC made 67 referrals to minority- and women-owned law firms (MWOLFs), which accounted for 18 percent of all legal referrals in 2017. Total payments to MWOLFs were $6.5 million in 2017, which is 11 percent of all payments to outside counsel, compared to 14 percent for all of 2016. In 2017, the FDIC Legal Division participated in six minority bar association conferences and three stakeholder events in support of maximizing the participation of MWOLFs in FDIC legal contracting. This participation included serving on several panels and committees, such as the National Association of Minority and Women Owned Law Firms (NAMWOLF) Advisory Council, the NAMWOLF Events Committee, the NAMWOLF Diversity and Inclusion Initiative, and “How to Pitch Law Firm Services to Prospective Clients.” In addition, the Legal Division conducted an MWOLF workshop at the Dallas Regional Office to encourage FDIC in-house counsel to contract with MWOLFs. In recognition of its diversity and inclusion efforts, the FDIC received the NAMWOLF 2017 Diversity Initiative Achievement Award. Also, in 2017, the Legal Division staff worked closely with several MWOLFs on partnering with large non-minority owned firms to compete for FDIC legal referrals. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 57 ANNUAL REPORT Pursuant to Section 342 of the Dodd-Frank Act, which requires an assessment of legal contractors’ internal workforce diversity practices, the Legal Division conducted 12 compliance reviews of the top-billing law firms (both non-minority-owned and MWOLFs). The reviews included discussions relating to the recruitment, mentoring, and promotion of diverse attorneys working on FDIC legal matters. In 2017, the FDIC participated in a total of 35 business expos, one-on-one matchmaking sessions, and panel presentations. At these events, FDIC staff provided information and responded to inquiries regarding FDIC business opportunities for minorities and women. In addition to targeting MWOBs and MWOLFs, these efforts also targeted veteranowned and small disadvantaged businesses. Vendors were provided with the FDIC’s general contracting procedures, prime contractors’ contact information, and forecasts of possible upcoming solicitations. Also, vendors were encouraged to register through the FDIC’s Contractor Resource List (the principal database for vendors interested in doing business with the FDIC). The FDIC co-sponsored two technical assistance events. The FDIC, NCUA, and OCC hosted the Cybersecurity Awareness and Preparedness for Your Business event where presenters discussed cybersecurity intrusions in small businesses and what to do when a business is compromised. Cybersecurity requirements for financial institutions were discussed, as well as vendors’ expectations and requirements. The FDIC, NCUA, and OCC, in collaboration with the Virginia Procurement Technical Assistance Program, hosted the Proposal to Pricing – Developing a Winning Strategy technical assistance event. The presenters shared information on developing winning proposals and pricing strategies. The sponsoring agencies and various procurement trade organizations exhibited at the event. During 2017, OMWI and the Division of Resolutions and Receiverships (DRR) collaborated to present two 58 FDIC-sponsored asset purchaser workshops that were marketed extensively to minority- and women-owned investors and companies interested in learning about DRR’s sales processes. DRR speakers with strong backgrounds in their respective programs provided details on the various tools used by DRR to market assets and presented information to attendees on how to participate in the transactions and bid on assets offered for sale. Two outreach events were held in 2017 in New Orleans, LA, to support asset sales resulting from the failure of First NBC Bank. The first event was an investor workshop which included discussions of cash loan sales, structured transactions, real estate liquidations, and other forms of FDIC dispositions. The investor workshop attracted 104 attendees. The second event was conducted by Owned Real Estate (ORE) staff and was targeted to first-time homebuyers, tenants occupying non-owner occupied ORE, and other prospective purchasers of ORE in the New Orleans area. Housing counselors and lenders specialized in lower-priced home loans were available to help the 79 people who attended the event. Information regarding the Minority and Women Outreach Program can be found on the FDIC’s website at www.fdic.gov/mwop. The FDIC’s Homeownership Outreach Workshop focused on attendees receiving information on how and why the FDIC acquires properties, the types of properties, and where the properties are listed. At the conclusion of the workshop, the agency hosted a housing fair session where attendees met with representatives of financial institutions and non-profit organizations. In addition, FDIC worked closely with the OMWIs of the OCC, FRB, CFPB, NCUA, and the SEC to further implement Section 342(b)(2)(C) of the Dodd-Frank Act, which requires the agencies to develop standards to assess the diversity policies and practices of the entities they regulate. After finalizing the Interagency Policy Statement Establishing Joint M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 Standards for Assessing the Diversity Policies and Practices of Entities Regulated by the Agencies in 2015, the agency OMWIs received approval from the Office of Management and Budget in 2016 as required by the Paperwork Reduction Act of 1995, to collect information from regulated entities. To facilitate the collection of information from its regulated entities, the FDIC developed an electronic diversity self-assessment instrument to assist FDICregulated financial institutions in assessing their diversity programs. In October 2016, the Acting Director of OMWI distributed a letter to the presidents and Chief Executive Officers (CEOs) of 805 FDIC-regulated financial institutions identified as having 100 or more employees. The letter informed these large institutions about the process for conducting and voluntarily submitting their diversity information to the FDIC. In March 2017, a second reminder letter from the Acting Director of OMWI was distributed to financial institutions to encourage participation. The FDIC received diversity self-assessments from 95 (12 percent) of its regulated financial institutions. The FDIC will use diversity self-assessment information provided by its regulated entities to track progress and trends in the financial services industry, and to identify exemplary diversity policies and practices. Although OMWI is pleased with the participation of financial institutions that conducted and submitted a diversity self-assessment in its first year, it is taking steps to increase voluntary participation by augmenting outreach and participation at banking conferences, developing financial institution diversity marketing materials, and making improvements to the program website. OMWI will continue to raise awareness amongst FDIC-regulated financial institutions by identifying leading trends and establishing benchmarks designed to build a strong culture in diversity and inclusion practices. In November 2017, the Acting Director of OMWI distributed a letter to presidents and CEOs of regulated financial institutions encouraging them to voluntarily submit their 2017 diversity selfassessments by March 31, 2018. INTERNATIONAL OUTREACH FDIC played a leading role during the year in supporting the global development of deposit insurance, bank supervision, and bank resolution systems. This included working closely with regulatory and supervisory authorities from around the world, as well as international standard-setting bodies and multilateral organizations, such as the International Association of Deposit Insurers (IADI), the Association of Supervisors of Banks of the Americas (ASBA), the Basel Committee on Banking Supervision (BCBS), the Financial Stability Board (FSB), the International Monetary Fund (IMF), and the World Bank. The FDIC engaged with foreign regulatory counterparts by hosting visiting officials, conducting training seminars, delivering technical assistance abroad, and fulfilling the commitments of FDIC membership in international organizations. International Association of Deposit Insurers FDIC officials and subject matter experts provided continuing support for IADI programs in 2017. This included developing and facilitating technical assistance workshops for the Middle Eastern, African, European, Caribbean, North American, Eurasian, and Latin American regions of IADI; participating in reviews of IADI members’ selfassessment of compliance with the Core Principles; and participating in the IADI Biennial Research Conference in June. Led and supported by FDIC executives and senior staff, IADI technical assistance and training activities reached more than 250 participants during 2017. Association of Supervisors of Banks of the Americas Senior FDIC staff chaired the ASBA Training and Technical Committee in 2017, which designs and implements ASBA’s training strategy, promoting the adoption of sound banking supervision policies and M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 59 ANNUAL REPORT practices among its members. The training program reached more than 500 member participants in 2017. Basel Committee on Banking Supervision The FDIC supports and contributes to the development of international standards, guidelines, and sound practices for prudential regulation and supervision of banks through its longstanding membership in BCBS. This includes actively participating in many of the committee groups, working groups, and task forces established by BCBS to carry out its work, which is focused on policy development, supervision and implementation, macroprudential supervision, accounting, and consultation. International Capacity Building The FDIC provided technical assistance and training missions to foreign counterparts in 2017 to promote effective deposit insurance, bank supervision, and bank resolution systems. These missions included assisting the Bank of Greece and providing training for Canadian deposit insurers. These efforts also included programs for more than 200 visiting regulators and other government officials from 20 countries during the year. Structured classroom training included two presentations of FDIC 101: An Introduction to Deposit Insurance, Bank Supervision, and Resolutions, attended by 65 students from nearly 40 organizations. Other International Dialogues The FDIC advanced policy objectives with key jurisdictions worldwide by participating in highlevel interagency dialogues. Counterparties included China, India, Mexico and Canada. EFFECTIVE MANAGEMENT OF STRATEGIC RESOURCES The FDIC recognizes that it must effectively manage its human, financial, and technological resources to successfully carry out its mission and meet the 60 performance goals and targets set forth in its annual performance plan. The FDIC must align these strategic resources with its mission and goals and deploy them where they are most needed to enhance its operational effectiveness and minimize potential financial risks to the DIF. Following are the FDIC’s major accomplishments in improving operational efficiency and effectiveness during 2017. Human Capital Management The FDIC’s human capital management programs are designed to attract, train and develop, reward, and retain a highly skilled, diverse, and resultsoriented workforce. In 2017, the FDIC workforce planning initiatives emphasized the need to plan for employees to fulfill current and future capabilities and leadership needs. This focus ensures that the FDIC has a workforce positioned to meet today’s core responsibilities and prepared to fulfill its mission in the years ahead. Strategic Workforce Planning and Readiness During 2017, the FDIC continued to develop and implement the Workforce Development Initiative, an integrated strategy to address workforce challenges and opportunities. The effort is focused on four broad objectives: ♦♦ Attract and develop talented employees across the agency; ♦♦ Enhance the capabilities of employees through training and diverse work experiences; ♦♦ Encourage employees to engage in active career development planning and seek leadership roles in the FDIC; and ♦♦ Build on and strengthen the FDIC’s operations to support these efforts. In 2017, the FDIC continued to develop the infrastructure, governance, programs, and processes to help meet its long-term workforce and leadership needs. The FDIC is committed to building and expanding its talent pipeline to ensure succession M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 2017 challenges are met. To that end, the agency expanded its succession planning review process in 2017 to include all managers and an assessment of their leadership attributes. The effort began with a survey to assess the level of aspiration among current managers. More than two-thirds of current managers reported that they were interested in seeking higherlevel positions at the FDIC, demonstrating their ongoing interest in leadership development. Senior FDIC leaders from across the agency then convened to discuss leadership needs and strategies to address them, including efforts to develop the pipeline of the FDIC’s aspiring leadership pool. As a result of the succession planning review process, FDIC managers received recommendations to participate in diverse programs to enhance their leadership capabilities, including the Leadership Mentoring Program, external educational opportunities through Harvard’s Kennedy School of Government and Georgetown’s Government Affairs Institute, executive coaching, and enriched management training. The FDIC also continued to focus on ensuring the availability of a workforce equipped to meet today’s responsibilities, while simultaneously preparing for future capability needs. The FDIC furthered development of a Career Paths initiative, targeted at non-supervisory employees at all levels, to promote the acquisition of cross-organizational skills and knowledge. Additional support is provided to employees seeking professional development opportunities through expanded career management services. The FDIC’s strategic workforce planning initiatives require a long-term and sustained focus to identify future workforce and leadership needs, assess current capabilities, support aspiration to management and leadership roles, and develop and source the talent to meet emerging workforce needs. Through further development of its human capital strategies, the FDIC will work to ensure that the future FDIC workforce is as prepared, capable, and dedicated as the one it has today. Corporate Employee Program The FDIC’s Corporate Employee Program (CEP) sponsors the development of newly hired Financial Institution Specialists (FIS) in entry-level positions. The CEP encompasses major FDIC divisions where FIS are trained to become part of a highly effective workforce. During the first-year rotation within the program, FIS gain experience and knowledge in the core business of the FDIC, including DCP, RMS, DRR, and DIR. At the conclusion of the rotation period, FIS are placed within RMS or DCP, where they continue their career path to become commissioned examiners. The CEP is an essential part of the FDIC’s ability to provide highly-trained staff for its core occupational series, and ultimately for its future senior technical and leadership positions. Since the CEP’s inception in 2005, nearly 500 individuals are active in this multi-discipline program, and 875 have become commissioned examiners after successfully completing the program’s requirements. The FDIC continues to sponsor the Financial Management Scholars Program (FMSP), an additional hiring source for the CEP. Participants in the FMSP complete an internship with the FDIC the summer following the conclusion of their junior year in college. The program serves as an additional avenue to recruit talent. Employee Learning and Development The FDIC is committed to training and developing its employees throughout their careers to enhance technical proficiency and leadership capacity, supporting career progression and succession management. The FDIC is focused on developing and implementing comprehensive curricula for its business lines to prepare employees to meet new challenges. Such training, which includes both classroom and online instruction for maximum flexibility, is a critical part of workforce and succession planning as more experienced employees become eligible for retirement. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S 61 ANNUAL REPORT FDIC Workplace Excellence Steering Committee and Division and Office Councils. The FDIC also offers a comprehensive leadership development program that combines core courses, electives, and other enrichment opportunities to develop employees at all levels. From new employees to new executives, the FDIC provides employees with targeted leadership development opportunities that align with key leadership competencies. In addition to a broad array of internally developed and administered courses, the FDIC also provides its employees with funds and/or time to participate in external training to support their career development. Corporate Risk Management In September 2017, the FDIC Board of Directors approved the integration of the functions of the Office of Corporate Risk Management (OCRM) into a newly-constituted Risk Management and Internal Controls Branch (RMIC) within the Division of Finance (DOF). This change enhances the effectiveness of the FDIC’s enterprise riskmanagement function, integrates those functions with the FDIC’s internal control processes, and better aligns the risk-management process with existing annual corporate planning and budget processes. The existing operations of OCRM and DOF’s Corporate Management Control Branch were consolidated into RMIC. This branch will be led by a new Deputy Director, who will also carry the title of Chief Risk Officer. 62 Employee Engagement The FDIC continually evaluates its human capital programs and strategies to ensure that it remains an employer of choice, and that all of its employees are fully engaged and aligned with the mission. The FDIC uses the Federal Employee Viewpoint Survey mandated by Congress to solicit information from employees, and takes an agency-wide approach to address key issues identified in the survey. The FDIC continues to rank at or near the top in all categories of the Partnership for Public Service Best Places to Work in the Federal Government® list for mid-size federal agencies. Effective leadership is the primary factor driving employee satisfaction and commitment in the federal workplace, according to a report by the Partnership for Public Service. The FDIC’s Workplace Excellence (WE) program plays an important role in helping the FDIC engage employees. The WE program is composed of a national-level WE Steering Committee and Division/ Office WE Councils that are focused on maintaining, enhancing, and institutionalizing a positive workplace environment throughout the agency. In addition to the WE program, the FDIC-National Treasury Employees Union Labor Management Forum serves as a mechanism for the union and employees to have pre-decisional input on workplace matters. The WE program and Labor Management Forum enhances communication, provides additional opportunities for employee input and engagement, and improves employee empowerment. M A N A G E M E N T ’ S D I S C U S S I O N A N D A N A LY S I S II. PERFORMANCE RESULTS SUMMARY 63 THIS PAGE INTENTIONALLY LEFT BLANK 2017 SUMMARY OF 2017 PERFORMANCE RESULTS BY PROGRAM The FDIC successfully achieved 35 of the 36 annual performance targets established in its 2017 Annual Performance Plan. One target was not achieved: Issue a final rule implementing the Basel III Net Stable Funding Ratio. The rulemaking is subject to interagency negotiations and a final rule has not yet been issued. There were no instances in which 2017 performance had a material adverse effect on the successful achievement of the FDIC’s mission or its strategic goals and objectives regarding its major program responsibilities. Additional key accomplishments are noted below. Program Area Performance Results Insurance ♦♦ Updated the FDIC Board of Directors on loss, income, and reserve ratio projections for the Deposit Insurance Fund (DIF) at the March and September meetings. ♦♦ Briefed the FDIC Board of Directors in March and September on progress in meeting the goals of the Restoration Plan. ♦♦ Completed reviews of the recent accuracy of the contingent loss reserve. ♦♦ Researched and analyzed emerging risks and trends in the banking sector, financial markets, and the overall economy to identify issues affecting the banking industry and the DIF. ♦♦ Provided policy research and analysis to FDIC leadership in support of the implementation of financial industry regulation, as well as support for testimony and speeches. ♦♦ Published economic and banking information and analyses through the FDIC Quarterly, FDIC Quarterly Banking Profile (QBP), FDIC State Profiles, and the Center for Financial Research Working Papers. ♦♦ Operated the Electronic Deposit Insurance Estimator (EDIE), which had 687,913 user sessions in 2017. P E R F O R M A N C E R E S U LT S S U M M A R Y 65 65 ANNUAL REPORT 66 Program Area Performance Results Supervision ♦♦ A total of 396 institutions were assigned a composite CAMELS rating of 2 and had Matters Requiring Board Attention (MRBAs) identified in the examination reports. To ensure that MRBAs are being appropriately addressed at these institutions, the FDIC timely reviews progress reports and follows up with bank management as needed. More specifically, within six months of issuing the examination reports, the FDIC conducted appropriate follow up and review of these MRBAs at 375 (95 percent) of these institutions. Follow up and review of the MRBAs at the remaining 21 institutions (5 percent) occurred more than six months after issuing the examination reports primarily due to delayed responses from some banks as well as the need for additional information in order to complete a full review. ♦♦ Participated on the examinations of selected financial institutions, for which the FDIC is not the primary federal regulator, to assess risk to the DIF. ♦♦ Implemented the strategy outlined in the work plan approved by the Advisory Committee on Economic Inclusion to support the expanded availability of Safe Accounts and the responsible use of technology, to expand banking services to the underbanked. ♦♦ Published an edition of Supervisory Insights in the summer of 2017 that included two articles – one that discusses the importance of liquidity risk management as many institutions continue to reduce holdings of liquid assets, and a second that describes the purpose, development, and changes to the Bank Secrecy Act (BSA) over the years as well as an overview of the BSA examination process. The Winter 2016 publication included an article that identifies trends in credit risk in commercial real estate, agriculture, and oil and gas-related lending. Receivership Management ♦♦ Terminated at least 75 percent of new receiverships that are not subject to loss-share agreements, structured sales, or other legal impediments, within three years of the date of failure. ♦♦ Continued to enhance the FDIC’s ability to administer deposit insurance claims at large insured deposit institutions. ♦♦ Evaluated within 120 days all termination offers from Limited Liability Corporation (LLC) managing members to determine whether to pursue dissolution of those LLCs that are determined to be in the best overall economic interest of the participating receiverships. P E R F O R M A N C E R E S U LT S S U M M A R Y 2017 PERFORMANCE RESULTS BY PROGRAM AND STRATEGIC GOAL 2017 INSURANCE PROGRAM RESULTS Strategic Goal: Insured depositors are protected from loss without recourse to taxpayer funding. # 1 2 3 ANNUAL PERFORMANCE GOAL INDICATOR TARGET RESULTS Number of business days after an institution failure that depositors have access to insured funds. Depositors have access to insured funds within one business day if the failure occurs on a Friday. ACHIEVED. SEE PG. 53. Depositors have access to insured funds within two business days if the failure occurs on any other day of the week. ACHIEVED. SEE PG. 53. Insured depositor losses resulting from a financial institution failure. Depositors do not incur any losses on insured deposits. ACHIEVED. SEE PG. 53. No appropriated funds are required to pay insured depositors. ACHIEVED. SEE PG. 53. Disseminate data and analyses on issues and risks affecting the financial services industry to bankers, supervisors, the public, and other stakeholders on an ongoing basis. Scope and timeliness of information dissemination on identified or potential issues and risks. Disseminate results of research and analyses in a timely manner through regular publications, ad hoc reports, and other means. ACHIEVED. SEE PG. 65. Undertake industry outreach activities to inform bankers and other stakeholders about current trends, concerns, and other available FDIC resources. ACHIEVED. SEE PG. 65. Adjust assessment rates, as necessary, to achieve a DIF reserve ratio of at least 1.35 percent of estimated insured deposits by September 30, 2020. Updated fund balance projections and recommended changes to assessment rates. Provide updated fund balance projections to the FDIC Board of Directors by June 30, 2017, and December 31, 2017. ACHIEVED. SEE PG. 65. Recommend changes to deposit insurance assessment rates to the FDIC Board of Directors as necessary. ACHIEVED. SEE PG. 65. Respond promptly to all insured financial institution closings and related emerging issues. Demonstrated progress Provide progress reports to the FDIC in achieving the goals of Board of Directors by June 30, 2017, the Restoration Plan. and December 31, 2017. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. SEE PG. 65. 67 ANNUAL REPORT 2017 INSURANCE PROGRAM RESULTS (continued) Strategic Goal: Insured depositors are protected from loss without recourse to taxpayer funding. # 4 68 ANNUAL PERFORMANCE GOAL INDICATOR Expand and strengthen the FDIC’s participation and leadership role in supporting robust and effective deposit insurance programs, resolution strategies, and banking systems worldwide. Activities to expand and strengthen engagement with foreign jurisdictions and advance the FDIC’s global leadership and participation. TARGET RESULTS Foster strong relationships with international banking regulators, deposit insurers, other relevant authorities by engaging with strategically important jurisdictions and organizations on international financial safety net issues. ACHIEVED. SEE PGS. 59-60. Provide leadership and expertise to key international organizations and associations that promote sound deposit insurance and effective bank supervision and resolution practices. ACHIEVED. SEE PGS. 59-60. Provision of technical assistance to foreign counterparts. Promote international standards and expertise in financial regulatory practices and stability through the provision of technical assistance and training to global financial system authorities. ACHIEVED. SEE PGS. 59-60. 5 Market failing institutions to all known qualified and interested potential bidders. Scope of qualified and interested bidders solicited. Contact all known qualified and interested bidders. ACHIEVED. SEE PG. 53. 6 Provide educational information to insured depository institutions and their customers to help them understand the rules for determining the amount of insurance coverage on deposit accounts. Timeliness of responses to deposit insurance coverage inquiries. Respond within two weeks to 95 percent of written inquiries from consumers and bankers about FDIC deposit insurance coverage. ACHIEVED. SEE PG. 52. Initiatives to increase public awareness of deposit insurance coverage changes. Conduct at least four telephone or in-person seminars for bankers on deposit insurance coverage. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. SEE PG. 52. 2017 2017 SUPERVISION PROGRAM RESULTS Strategic Goal: FDIC-insured institutions are safe and sound. # ANNUAL PERFORMANCE GOAL INDICATOR TARGET RESULTS Conduct on-site risk management examinations to assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised depository institutions. When problems are identified, promptly implement appropriate corrective programs, and follow up to ensure that identified problems are corrected. Percentage of required examinations conducted in accordance with statutory requirements and FDIC policy. Conduct all required risk management examinations within the time frames prescribed by statute and FDIC policy. ACHIEVED. SEE PG. 24. Follow-up actions on identified problems. For at least 90 percent of institutions that are assigned a composite CAMELS rating of 2 and for which the examination report identifies “Matters Requiring Board Attention” (MRBAs), review progress reports and follow up with the institution within six months of the issuance of the examination report to ensure that all MRBAs are being addressed. ACHIEVED. SEE PG. 66. 2 Assist in protecting the infrastructure of the U.S. banking system against terrorist financing, money laundering, and other financial crimes. Percentage of required examinations conducted in accordance with statutory requirements and FDIC policy. Conduct all Bank Secrecy Act examinations within the time frames prescribed by statute and FDIC policy. ACHIEVED. SEE PG. 24. 3 More closely align regulatory Simplification of capital standards with risk capital standards for and ensure that capital is community banks. maintained at prudential levels. U.S. implementation of internationally agreed regulatory standards. Issue a Notice of Proposed Rulemaking (NPR) for a simplified capital framework for community banks. ACHIEVED. SEE PGS. 38-39. Issue a final rule implementing the Basel III Net Stable Funding Ratio. NOT ACHIEVED. SEE PGS. 159-160 Implement strategies to promote enhanced information security, cybersecurity, and business continuity within the banking industry. Continue implementation of a horizontal review program that focuses on the IT risks in large and complex supervised institutions and Technology Service Providers (TSPs). ACHIEVED. SEE PG. 27. Revise and implement by December 31, 2017, the Cybersecurity Examination Tool for TSPs. ACHIEVED. SEE PGS. 27-28. 1 4 Enhance the cybersecurity awareness and preparedness of the banking industry. P E R F O R M A N C E R E S U LT S S U M M A R Y 69 ANNUAL REPORT 2017 SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: Consumers’ rights are protected, and FDIC-supervised institutions invest in their communities. 70 # ANNUAL PERFORMANCE GOAL INDICATOR TARGET RESULTS 1 Conduct on-site CRA and consumer compliance examinations to assess compliance with applicable laws and regulations by FDIC-supervised depository institutions. When violations are identified, promptly implement appropriate corrective programs and follow up to ensure that identified problems are corrected. Conduct all required examinations Percentage of examinations conducted within the time frames established by in accordance with the FDIC policy. time frames prescribed by FDIC policy. ACHIEVED. SEE PG. 26. Implementation of corrective programs. Conduct visits and/or follow-up examinations in accordance with established FDIC policies to ensure that the requirements of any required corrective program have been implemented and are effectively addressing identified violations. ACHIEVED. SEE PG. 26. 2 Effectively investigate and respond to written consumer complaints and inquiries about FDIC-supervised financial institutions. Timely responses to written consumer complaints and inquiries. Respond to 95 percent of written consumer complaints and inquiries within time frames established by policy, with all complaints and inquiries receiving at least an initial acknowledgement within two weeks. ACHIEVED. SEE PG. 51. 3 Promote economic inclusion Completion of planned and access to responsible initiatives. financial services through supervisory, research, policy, and consumer/community affairs initiatives. Revise and administer the 2017 FDIC National Survey of Unbanked and Underbanked Households. ACHIEVED. SEE PG. 47. Continue and expand efforts to promote broader awareness of the availability of low-cost transaction accounts consistent with the FDIC’s Model SAFE transaction account template. ACHIEVED. SEE PGS. 46-47. Complete and pilot a revised, instructor-led Money Smart for Adults product. ACHIEVED. SEE PG. 50. P E R F O R M A N C E R E S U LT S S U M M A R Y 2017 2017 SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: Large and complex financial institutions are resolvable in an orderly manner under bankruptcy. # 1 ANNUAL PERFORMANCE GOAL Identify and address risks in large, complex financial institutions, including those designated as systemically important. INDICATOR TARGET RESULTS Compliance with the statutory and regulatory requirements under Title I of the DFA and Section 360.10 of the FDIC Rules and Regulations. In collaboration with the FRB continue to review all resolution plans subject to the requirements of Section 165 (d) of the DFA to ensure their conformance to statutory and other regulatory requirements. Identify potential impediments in those plans to resolution under the Bankruptcy Code. ACHIEVED. SEE PG. 40. Continue to review all resolution plans subject to the requirements of Section 360.10 of the IDI rule to ensure their conformance to statutory and other regulatory time frames. Identify potential impediments to resolvability under the Federal Deposit Insurance (FDI) Act. ACHIEVED. SEE PGS. 41-42. Conduct ongoing risk analysis and monitoring of large, complex financial institutions to understand and assess their structure, business activities, risk profiles, and resolution and recovery plans. ACHIEVED SEE PGS. 42-43. Risk monitoring of large, complex financial institutions, bank holding companies and designated nonbanking firms. P E R F O R M A N C E R E S U LT S S U M M A R Y 71 ANNUAL REPORT 2017 RECEIVERSHIP MANAGEMENT PROGRAM RESULTS Strategic Goal: Resolutions are orderly and receiverships are managed effectively. # ANNUAL PERFORMANCE GOAL INDICATOR RESULTS 1 Value, manage, and market assets of failed institutions and their subsidiaries in a timely manner to maximize net return. Percentage of the assets For at least 95 percent of insured marketed for each failed institution failures, market at least institution. 90 percent of the book value of the institution’s marketable assets within 90 days of the failure date (for cash sales) or 120 days of failure date (for structured sales). ACHIEVED. SEE PG. 53. 2 Manage the receivership estate and its subsidiaries toward an orderly termination. Timely termination of new receiverships. Terminate at least 75 percent of new receiverships that are not subject to loss-share agreements, structured sales, or other legal impediments, within three years of the date of failure. ACHIEVED. SEE PG. 66. 3 Conduct investigations into all potential professional liability claim areas for all failed insured depository institutions, and decide as promptly as possible, to close or pursue each claim, considering the size and complexity of the institution. Percentage of investigated claim areas for which a decision has been made to close or pursue the claim. For 80 percent of all claim areas, make a decision to close or pursue professional liability claims within 18 months of the failure of an insured depository institution. ACHIEVED. SEE PGS. 54-55. 4 Ensure the FDIC’s Refinement of operational readiness to resolution plans and administer the resolution of strategies. large financial institutions, including those designated as systemically important. Continue to refine plans to ensure the FDIC’s operational readiness to administer the resolution of large financial institutions under Title II of the DFA, including those nonbank financial companies designated as systemically important. ACHIEVED. SEE PGS. 41-42. Continue to deepen and strengthen bilateral working relationships with key foreign jurisdictions. ACHIEVED. SEE PGS. 43-44. Enhanced crossborder coordination and cooperation in resolution planning. 72 TARGET P E R F O R M A N C E R E S U LT S S U M M A R Y 2017 PRIOR YEARS’ PERFORMANCE RESULTS Refer to the respective full Annual Report of prior years, located on the FDIC’s website for more information on performance results for those years. Shaded areas indicate no such target existed for that respective year. INSURANCE PROGRAM RESULTS Strategic Goal: Insured depositors are protected from loss without recourse to taxpayer funding. Annual Performance Goals and Targets 2016 2015 2014 ♦♦ Depositors have access to insured funds within one business day if the failure occurs on a Friday. ACHIEVED. ACHIEVED. ACHIEVED. ♦♦ Depositors have access to insured funds within two business days if the failure occurs on any other day of the week. ACHIEVED. ACHIEVED. ACHIEVED. ♦♦ Depositors do not incur any losses on insured deposits. ACHIEVED. ACHIEVED. ACHIEVED. ♦♦ No appropriated funds are required to pay insured depositors. ACHIEVED. ACHIEVED. ACHIEVED. ♦♦ Disseminate results of research and analyses in a timely manner through regular publications, ad hoc reports, and other means. ACHIEVED. ACHIEVED. ACHIEVED. ♦♦ Undertake industry outreach activities to inform bankers and other stakeholders about current trends, concerns, and other available FDIC resources. ACHIEVED. ACHIEVED. ACHIEVED. 1. Respond promptly to all financial institution closings and related emerging issues. 2. Disseminate data and analyses on issues and risks affecting the financial services industry to bankers, supervisors, the public, and other stakeholders on an ongoing basis. 3. Adjust assessment rates, as necessary, to achieve a DIF reserve ratio of at least 1.35 percent of estimated insured deposits by September 30, 2020. ♦♦ Provide updated fund balance projections to the FDIC Board of Directors by June 30, 2016, and December 31, 2016. ACHIEVED. ♦♦ Provide updated fund balance projections to the FDIC Board of Directors by June 30, 2015, and December 31, 2015. ACHIEVED. ♦♦ Provide updated fund balance projections to the FDIC Board of Directors by June 30, 2014, and December 31, 2014. ♦♦ Provide progress reports to the FDIC Board of Directors by June 30, 2016, and December 31, 2016. ACHIEVED. ACHIEVED. ♦♦ Provide progress reports to the FDIC Board of Directors by June 30, 2015, and December 31, 2015. . ACHIEVED. ♦♦ Provide progress reports to the FDIC Board of Directors by June 30, 2014, and December 31, 2014. ♦♦ Recommend changes to deposit insurance assessment rates to the FDIC Board of Directors as necessary. ACHIEVED. ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. ACHIEVED. 73 ANNUAL REPORT INSURANCE PROGRAM RESULTS (continued) Strategic Goal: Insured depositors are protected from loss without recourse to taxpayer funding. Annual Performance Goals and Targets 2016 2015 2014 4. Expand and strengthen the FDIC’s participation and leadership role in supporting robust and effective deposit insurance programs, resolution strategies, and banking systems worldwide. 74 ♦♦ Foster strong relationships with international banking regulators, deposit insurers, and other relevant authorities by engaging with strategically important jurisdictions and organizations on key international financial safety net issues. ACHIEVED. ♦♦ Continue to play leadership roles within key international organizations and associations and promote sound deposit insurance, bank supervision, and resolution practices. ACHIEVED. ♦♦ Promote continued enhancement of international standards and expertise in financial regulatory practices and stability through the provision of technical assistance and training to global financial system authorities. ACHIEVED. ♦♦ Develop and foster closer relationships with bank supervisors in the reviews through the provision of technical assistance and by leading governance efforts in the Association of Supervisors of Banks of the Americas (ASBA). ACHIEVED. ♦♦ Maintain open dialogue with counterparts in strategically important jurisdictions, international financial organizations and institutions, and partner U.S. agencies; and actively participate in bilateral interagency regulatory dialogues. ACHIEVED. ♦♦ Maintain a leadership position in the International Association of Deposit Insurers (IADI) by conducting workshops and performing assessments of deposit insurance systems based on the methodology for assessment of compliance with the IADI Core Principles for Effective Deposit Insurance Systems (Core Principles), developing and conducting training on priority topics identified by IADI members, and actively participating in IADI’s Executive Council and Standing Committees. ACHIEVED. ♦♦ Maintain open dialogue with the Association of Supervisors of Banks of the Americas (ASBA) to develop and foster relationships with bank supervisors in the region by providing assistance when necessary. ACHIEVED. ♦♦ Engage with authorities responsible for resolutions and resolutions planning in priority foreign jurisdictions and contribute to the resolution-related agenda of the Financial Stability Board (FSB) through active participation in the FSB’s Resolution Steering Group (ReSG). ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. 2017 INSURANCE PROGRAM RESULTS (continued) Strategic Goal: Insured depositors are protected from loss without recourse to taxpayer funding. Annual Performance Goals and Targets 2016 ♦♦ Support visits, study tours, secondments, and longer-term technical assistance and training programs for representatives for foreign jurisdictions to strengthen their deposit insurance organizations, central banks, bank supervisors, and resolution authorities. 2015 2014 ACHIEVED. ♦♦ Maintain open dialogue with counterparts in strategically important countries as well as international financial institutions and partner U.S. agencies. ACHIEVED. ♦♦ Engage with authorities responsible for resolutions and resolutions planning in priority foreign jurisdictions. ACHIEVED. ♦♦ Contribute to the resolution-related agenda of the Financial Stability Board (FSB) through active participation in the FSB’s Resolution Steering Group and its working groups. ACHIEVED. ♦♦ Actively participate in bilateral interagency regulatory dialogues. ACHIEVED. ♦♦ Support visits, study tours, and longer-term technical assistance and training programs for foreign jurisdictions to strengthen their deposit insurance organizations, central banks, bank supervisors, and resolution authorities. ACHIEVED. 5. Provide educational information to insured depository institutions and their customers to help them understand the rules for determining the amount of insurance coverage on deposit accounts. ♦♦ Respond within two weeks to 95 percent of written inquiries from consumers and bankers about FDIC deposit insurance coverage. ACHIEVED. ACHIEVED. ♦♦ Conduct at least 4 telephone or in-person seminars for bankers on deposit insurance coverage. ACHIEVED. ACHIEVED. ♦♦ Complete and post on the FDIC website videos for bankers and consumers on deposit insurance coverage. ♦♦ Conduct at least 12 telephone or in-person seminars for bankers on deposit insurance coverage. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. ACHIEVED. ACHIEVED. 75 ANNUAL REPORT SUPERVISION PROGRAM RESULTS Strategic Goal: FDIC-insured institutions are safe and sound. Annual Performance Goals and Targets 2016 2015 2014 ♦♦ Conduct all required risk management examinations within the time frames prescribed by statute and FDIC policy. ACHIEVED. ACHIEVED. ACHIEVED. ♦♦ For at least 90 percent of institutions that are assigned a composite CAMELS rating of 2 and for which the examination report identifies “Matters Requiring Board Attention” (MRBAs), review progress reports and follow up with the institution within six months of the issuance of the examination report to ensure that all MRBAs are being addressed. ACHIEVED. ACHIEVED. 1. Conduct on-site risk management examinations to assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised depository institutions. When problems are identified, promptly implement appropriate corrective programs, and follow up to ensure that identified problems are corrected. ♦♦ Implement formal or informal enforcement actions within 60 days for at least 90 percent of all institutions that are newly downgraded to a composite Uniform Financial Institutions Rating of 3, 4, or 5. SUBSTANTIALLY ACHIEVED. 2. Assist in protecting the infrastructure of the U.S. banking system against terrorist financing, money laundering, and other financial crimes. ♦♦ Conduct all Bank Secrecy Act examinations within the time frames prescribed by statute and FDIC policy. ACHIEVED. ACHIEVED. ACHIEVED. 3. More closely align regulatory capital standards with risk and ensure that capital is maintained at prudential levels. ♦♦ Publish in 2016, a Notice of (proposed) Rulemaking on the Basel III Net Stable Funding Ratio. ACHIEVED. ♦♦ Publish by December 31, 2015, an interagency Notice of Proposed Rulemaking on implementation of the Basel III Net Stable Funding Ratio. 76 NOT ACHIEVED. ♦♦ Finalize Basel III reporting instructions in time to ensure that institutions that are using the advanced approaches can implement Basel III in the first quarter of 2014 and that all IDIs can implement the standardized approach in the first quarter of 2015. ACHIEVED. ♦♦ Publish a final Basel Liquidity Coverage Rule, in collaboration with other regulators by December 31, 2014. ACHIEVED. ♦♦ Publish a final rule implementing the Basel III capital accord in collaboration with other regulators, by December 31, 2014. ACHIEVED. ♦♦ Finalize, in collaboration with other regulators, an enhanced U.S. supplementary leverage ratio standard by December 31, 2014. ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y 2017 SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: FDIC-insured institutions are safe and sound. Annual Performance Goals and Targets 2016 2015 2014 4. Implement strategies to promote enhanced information security, cybersecurity, and business continuity within the banking industry. ♦♦ Establish a horizontal review program that focuses on the IT risks in large and complex supervised institutions and Technology Service providers (TSPs). ACHIEVED. ♦♦ Complete by June 30, 2016 examiner training and implement by September 30, 2016, the new IT examination work program to enhance focus on information security, cybersecurity, and business continuity. ACHIEVED. ♦♦ Enhance the technical expertise of the IT supervisory workforce. ACHIEVED. ♦♦ Working with FFIEC counterparts, update and strengthen IT guidance to the industry on cybersecurity preparedness. ACHIEVED. ♦♦ Working with the FFIEC counterparts, update and strengthen IT examination work programs for institutions and technology service providers (TSPs) to evaluate cybersecurity preparedness and cyber resiliency. ACHIEVED. ♦♦ Improve information sharing on identified technology risks among the IT examination workforces of FFIEC member agencies. ACHIEVED. 5. Identify and address risks in financial institutions designated as systemically important. ♦♦ Conduct ongoing risk analysis and monitoring of SIFIs to understand their structure, business activities and risk profiles, and their resolution and recovery capabilities. ACHIEVED. ♦♦ Complete, in collaboration with the Federal Reserve Board and in accordance with statutory and regulatory time frames, all required actions associated with the review of resolution plans submitted by financial companies subject to the requirements of Section 165(d) of the Dodd-Frank Act. ACHIEVED. ♦♦ Hold at least one meeting of the Systemic Resolution Advisory Committee to obtain feedback on resolving SIFIs. ACHIEVED. 6. Implement strategies to promote enhanced cybersecurity within the banking industry. ♦♦ In coordination with the FFIEC, implement recommendations to enhance the FDIC’s supervision of the IT risks at insured depository institutions and their technology service providers. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. 77 ANNUAL REPORT SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: Consumers’ rights are protected and FDIC-supervised institutions invest in their communities. Annual Performance Goals and Targets 2016 2015 ACHIEVED. ACHIEVED. 2014 1. Conduct on-site CRA and consumer compliance examinations to assess compliance with applicable laws and regulations by FDIC-supervised depository institutions. When violations are identified, promptly implement appropriate corrective programs and follow up to ensure that identified problems are corrected. ♦♦ Conduct all required examinations within the time frames established by FDIC policy. SUBSTANTIALLY ACHIEVED. ♦♦ Conduct 100 percent of required examinations within the time frames established by FDIC policy. ♦♦ Conduct visits and/or follow-up examinations in accordance with established FDIC policies to ensure that the requirements of any required corrective program have been implemented and are effectively addressing identified violations. ACHIEVED. ACHIEVED. ♦♦ Conduct visits and/or follow-up examinations in accordance with established FDIC policies and ensure that the requirements of any required corrective program have been implemented and are effectively addressing identified violations. ACHIEVED. 2. Effectively investigate and respond to written consumer complaints and inquiries about FDIC-supervised financial institutions. ♦♦ Respond to 95 percent of written consumer complaints and inquiries within time frames established by policy, with all complaints and inquiries receiving at least an initial acknowledgment within two weeks. ACHIEVED. ACHIEVED. 3. Promote economic inclusion and access to responsible financial services through supervisory, research, policy, and consumer/ community affairs initiatives. ♦♦ Publish the results of the 2015 FDIC National Survey of Unbanked and Underbanked Household. ACHIEVED. ♦♦ Complete and present to the Advisory Committee on Economic Inclusions (ComE-IN) a report on the pilot Youth Savings Program (YSP) conducted jointly with the CFPB. ACHIEVED. ♦♦ Revise, test, and administer the 2015 FDIC National Survey of Unbanked and Underbanked Household. ♦♦ Promote broader awareness of the availability of low-cost transaction accounts consistent with the FDIC’s Model SAFE transaction account template. 78 ACHIEVED. ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. 2017 SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: Consumers’ rights are protected and FDIC-supervised institutions invest in their communities. Annual Performance Goals and Targets 2016 2015 ♦♦ Support the Advisory Committee on Economic Inclusion in expanding the availability and awareness of low-cost transaction accounts, consistent with the FDIC’s SAFE account template ACHIEVED. ♦♦ In partnership with the Consumer Financial Protection Bureau, enhance financial capability among school-age children through (1) development and delivery of tailored financial education materials; (2) resources and outreach targeted to youth, parents, and teachers; and (3) implementation of a pilot youth savings program. ACHIEVED. 2014 ♦♦ Publish the results of the 2013 FDIC National Survey of Unbanked and Underbanked Households (conducted jointly with the U.S. Census Bureau). ACHIEVED. ♦♦ Implement the strategy outlined in the work plan approved by the Advisory Committee on Economic Inclusion to support the expanded availability of Safe accounts and the responsible use of technology, to expand banking services to the underbanked. ACHIEVED. ♦♦ Facilitate opportunities for banks and community stakeholders to address issues concerning access to financial services, community development, and financial education. ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y 79 ANNUAL REPORT SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: Large and complex financial institutions are resolvable in an orderly manner under bankruptcy. Annual Performance Goals and Targets 2016 2015 1. Identify and address risks in large and complex financial institutions designated as systemically important. 80 ♦♦ In collaboration with the FRB continue to review all resolution plans subject to the requirements of Section 165(d) of the DFA to ensure their conformance to statutory and other regulatory requirements. Identify potential impediments in those plans to resolution under the Bankruptcy Code. ACHIEVED. ♦♦ Continue to review all resolution plans subject to the requirements of Section 360.10 of the IDI rule to ensure their conformance to statutory and other regulatory time frames. Identify potential impediments to resolvability under the Federal Deposit Insurance (FDI) Act. ACHIEVED. ♦♦ Conduct ongoing risk analysis and monitoring of large, complex financial institutions to understand and assess their structure, business activities, risk profiles, and resolution and recovery plans. ACHIEVED. ♦♦ Conduct ongoing risk analysis and monitoring of large, complex financial institutions to understand and assess their structure, business activities, risk profiles, and resolution and recovery plans. ACHIEVED. ♦♦ Complete, in collaboration with the FRB and in accordance with statutory and regulatory time frames, a review of resolution plans submitted by individual financial companies subject to the requirements of section 165 (d) of DFA and Part 360.10 of the FDIC Rules and Regulations. ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y 2014 2017 RECEIVERSHIP MANAGEMENT PROGRAM RESULTS Strategic Goal: Resolutions are orderly and receiverships are managed effectively. Annual Performance Goals and Targets 2016 2015 2014 ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. 1. Market failing institutions to all known qualified and interested potential bidders. ♦♦ Contact all known qualified and interested bidders. 2. Value, manage, and market assets of failed institutions and their subsidiaries in a timely manner to maximize net return. ♦♦ For at least 95 percent of insured institution failures, market at least 90 percent of the book value of the institution’s marketable assets within 90 days of the failure date (for cash sales) or 120 days of the failure date (for structured sales). 3. Manage the receivership estate and its subsidiaries toward an orderly termination. ♦♦ Terminate at least 75 percent of new receiverships that are not subject to loss-share agreements, structured sales, or other legal impediments, within three years of the date of failure. 4. Conduct investigations into all potential professional liability claim areas for all failed insured depository institutions, and decide as promptly as possible to close or pursue each claim, considering the size and complexity of the institution. ♦♦ For 80 percent of all claim areas, make a decision to close or pursue professional liability claims within 18 months of the failure date of an insured depository institution. 5. Ensure the FDIC’s operational readiness to resolve a large, complex financial institution using the orderly liquidation authority in Title II of the DFA ♦♦ Update and refine firm-specific resolutions plans and strategies and develop operational procedures for the administration of a Title II receivership. ACHIEVED. ♦♦ Prepare for an early 2016 meeting of the Systemic Resolution Advisory Committee to obtain feedback on resolving SIFIs. ACHIEVED. ♦♦ Continue to deepen and strengthen bilateral working relationships with key foreign jurisdictions. ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. 81 THIS PAGE INTENTIONALLY LEFT BLANK III. FINANCIAL HIGHLIGHTS 83 THIS PAGE INTENTIONALLY LEFT BLANK 2017 In its role as deposit insurer of financial institutions, the FDIC promotes the safety and soundness of insured depository institutions (IDIs). The following financial highlights address the performance of the Deposit Insurance Fund. DEPOSIT INSURANCE FUND PERFORMANCE The DIF balance was $92.7 billion at December 31, 2017, compared to $83.2 billion at year-end 2016. Assessment revenue, including assessment surcharges on large banks, drove the growth in the DIF. Comprehensive income totaled $9.6 billion for 2017, compared to comprehensive income of $10.6 billion during 2016, a $975 million year-over-year decrease. Assessment revenue was $10.6 billion for 2017, compared to $10.0 billion for 2016. The combination of a higher assessment base, assessment surcharges on larger institutions, and lower regular assessment rates for all IDIs resulted in the net increase in assessment revenue of $608 million. The DIF’s interest revenue on U.S. Treasury securities for 2017 was $1.1 billion, compared to interest revenue of $671 million in 2016. The $386 million year-over-year increase resulted from a combination of factors: (1) the Federal Reserve increased the federal funds target rate, resulting in an increase in the average overnight investment interest rate; (2) higher yields on new long-term investments purchased as older long-term investments matured; and (3) steady growth in the investment portfolio balance. The provision for insurance losses was negative $183 million for 2017, compared to negative $1.6 billion for 2016. The negative provision for 2017 primarily resulted from a $969 million decrease to the estimated losses for prior year failures offset by a $718 million increase for higher-than-anticipated estimated losses for current year failures, as compared to the contingent liability at year-end 2016. The 2016 negative provision was almost fully attributable to reductions in estimated losses for prior year failures. The $969 million decrease in the estimated losses for prior year failures was primarily attributable to (1) a decrease in receivership shared-loss liability cost estimates of $420 million primarily due to lower-than-anticipated losses on covered assets, reductions in shared-loss cost estimates from the early termination of shared-loss agreements (SLAs) during the year, and unanticipated recoveries from SLAs where the commercial loss coverage has expired but the recovery period remains active; (2) $383 million of unanticipated recoveries received, or expected to be received, by receiverships from tax refunds, litigation settlements, and professional liability claims; and (3) a $124 million decrease in receivership contingent legal and representation and warranty liabilities, as well as projected future receivership expenses. During 2017, the DIF recognized an unrealized loss on U.S. Treasury securities of $500 million, while in 2016 there was an unrealized gain of $29 million. The unrealized loss in 2017 was the result of yields rising dramatically across all maturity sectors of the Treasury yield curve, resulting in declines in the securities’ market values relative to their book values. The DIF’s cash, cash equivalents, and U.S. Treasury investment portfolio balance was $85.1 billion at year-end 2017, an increase of $10.3 billion from the year-end 2016 balance of $74.8 billion. This increase was primarily due to assessment collections of $10.6 billion and recoveries from resolutions of $4.0 billion, less operating expenses paid of $1.8 billion and resolution disbursements of $3.0 billion. FINANCIAL HIGHLIGHTS 85 85 ANNUAL REPORT ESTIMATED DIF INSURED DEPOSITS 8,000 7,000 Dollars in Billions 6,000 5,000 4,000 3,000 2,000 1,000 0 3-11 6-11 9-11 12-11 3-12 6-12 9-12 12-12 3-13 6-13 9-13 12-13 3-14 6-14 9-14 12-14 3-15 6-15 9-15 12-15 3-16 6-16 9-16 12-16 3-17 6-17 9-17 SOURCE: Call Reports Note: Beginning in fourth quarter 2010 through fourth quarter 2012, estimated insured deposits include the entire balance of noninterestbearing transaction accounts. Fund Balance as a Percent of Estimated Insured Deposits DEPOSIT INSURANCE FUND RESERVE RATIOS 86 1.4 1.2 1.0 0.8 0.6 0.4 0.2 0.0 -0.2 3-11 6-11 9-11 12-11 3-12 6-12 9-12 12-12 3-13 6-13 9-13 12-13 3-14 6-14 9-14 12-14 3-15 6-15 9-15 12-15 3-16 6-16 9-16 12-16 3-17 6-17 9-17 FINANCIAL HIGHLIGHTS 2017 DEPOSIT INSURANCE FUND SELECTED STATISTICS Dollars in Millions For the years ended December 31 2017 2016 Financial Results 2015 Revenue $11,664 $10,674 $9,304 Operating Expenses 1,739 1,715 1,687 Insurance and Other Expenses (includes provision for losses) (181) (1,564) (2,240) 10,105 10,524 9,857 Comprehensive Income 9,586 10,561 9,820 Insurance Fund Balance $92,747 $83,162 $72,600 Fund as a Percentage of Insured Deposits (reserve ratio) 1.28%³ 1.20% 1.11% 5,738³ 5,913 6,182 104³ 123 183 $16,044³ $27,624 $46,780 8 5 8 $5,082 $277 $6,706 338 378 446 Net Income Selected Statistics Total DIF-Member Institutions1 Problem Institutions Total Assets of Problem Institutions Institution Failures Total Assets of Failed Institutions in Year 2 Number of Active Failed Institution Receiverships 1 Commercial banks and savings institutions. Does not include U.S. insured branches of foreign banks. 2 Total Assets data are based upon the last Call Report filed by the institution prior to failure. 3 As of September 30, 2017. FINANCIAL HIGHLIGHTS 87 THIS PAGE INTENTIONALLY LEFT BLANK IV. BUDGET AND SPENDING 89 THIS PAGE INTENTIONALLY LEFT BLANK 2017 FDIC OPERATING BUDGET The FDIC segregates its corporate operating budget and expenses into three discrete components: ongoing operations, receivership funding, and the Office of Inspector General (OIG). The receivership funding component represents expenses resulting from financial institution failures and is, therefore, largely driven by external forces and is less controllable and estimable. FDIC operating expenditures totaled $1.9 billion in 2017, including $1.7 billion in ongoing operations, $221 million in receivership funding, and $35 million for the OIG. This represented approximately 92 percent of the approved budget for ongoing operations, 74 percent of the approved budget for receivership funding, and 95 percent of the approved budget for the OIG for the year. The approved 2018 FDIC Operating Budget of approximately $2.1 billion consists of $1.8 billion for ongoing operations, $225 million for receivership funding, and $40 million for the OIG. The level of approved ongoing operations budget for 2018 is approximately $6 million (0.3 percent) higher than the 2017 ongoing operations budget, while the approved receivership funding budget is $75 million (25 percent) lower than the 2017 receivership funding budget. The 2018 OIG budget is $3 million (9 percent) higher than the 2017 OIG budget. As in prior years, the 2018 budget was formulated primarily on the basis of an analysis of projected workload for each of the Corporation’s three major business lines and its program support functions. The most significant factor contributing to the decrease in the FDIC Operating Budget is the improving health of the industry and the resultant reduction in failure related workload. Although savings in this area are being realized, the 2018 receivership funding budget provides resources for contractor support as well as non-permanent staffing for DRR, the Legal Division, and other organizations should workload in these areas require an immediate response. FDIC EXPENDITURES 2008–2017 Dollars in Millions $3,500 $3,000 $2,500 $2,000 $1,500 $1,000 $500 $0 2008 2009 2010 2011 2012 2013 BUDGET AND SPENDING 2014 2015 2016 2017 91 91 ANNUAL REPORT The FDIC’s Strategic Plan and Annual Performance Plan provide the basis for annual planning and budgeting for needed resources. The 2017 aggregate budget (for ongoing operations, receivership funding, OIG, and investment spending) was $2.2 billion, while actual expenditures for the year were $1.9 billion, about $18 million less than 2016 expenditures. Over the past decade the FDIC’s expenditures have varied in response to workload. During the last several years, expenditures have fallen, largely due to decreasing resolution and receivership activity. To a lesser extent decreased expenses have resulted from supervision-related costs associated with the oversight of fewer troubled institutions. 2017 BUDGET AND EXPENDITURES BY PROGRAM (including Allocated Support) Dollars in Millions $1,200 Budget Expenditures $900 $600 $300 $0 Supervision and Consumer Protection Program Receivership Management Program 2017 BUDGET AND EXPENDITURES BY PROGRAM General and Administrative 12 percent, to Corporate General and Administrative expenditures. (Excluding Investments) The FDIC budget for 2017 totaled approximately $2.2 billion. Budget amounts were allocated as follows: $1.06 billion or 49 percent, to the Supervision and Consumer Protection program; $529 million or 24 percent, to the Receivership Management program; $317 million, or 15 percent, to the Insurance program; and $252 million, or 92 Insurance Program Actual expenditures for the year totaled $1.9 billion. Actual expenditures amounts were allocated as follows: $1.0 billion, or 52 percent, to the Supervision and Consumer Protection program; $430 million, or 22 percent, to the Receivership Management program; $291 million, or 15 percent, to the Insurance program; and $201 million, or 10 percent, to Corporate General and Administrative expenditures. BUDGET AND SPENDING 2017 INVESTMENT SPENDING The FDIC instituted a separate Investment Budget in 2003 to provide enhanced governance of major multiyear development efforts. It has a disciplined process for reviewing proposed new investment projects and managing the construction and implementation of approved projects. Proposed IT projects are carefully reviewed to ensure that they are consistent with the Corporation’s enterprise architecture. The project approval and monitoring processes also enable the FDIC to be aware of risks to the major capital investment projects and facilitate appropriate, timely intervention to address these risks throughout the development process. An investment portfolio performance review is provided to the FDIC’s Board of Directors on a quarterly basis. From 2008-2017 investment spending totaled $124 million, and is estimated at $8 million for 2018. INVESTMENT SPENDING 2008 - 2017 Dollars in Millions $30 $25 $20 $15 $10 $5 $0 2008 2009 2010 2011 2012 2013 2014 BUDGET AND SPENDING 2015 2016 2017 93 THIS PAGE INTENTIONALLY LEFT BLANK V. FINANCIAL SECTION 95 ANNUAL REPORT DEPOSIT INSURANCE FUND (DIF) Federal Deposit Insurance Corporation Deposit Insurance Fund Balance Sheet As of December 31 (Dollars in Thousands) 2017 2016 1,829,198 $ 1,332,966 ASSETS Cash and cash equivalents $ Investment in U.S. Treasury securities (Note 3) Assessments receivable, net (Note 9) Interest receivable on investments and other assets, net Receivables from resolutions, net (Note 4) Property and equipment, net (Note 5) Total Assets $ 83,302,963 73,511,953 2,634,386 2,666,267 505,766 526,195 5,972,971 7,790,403 334,050 357,575 94,579,334 $ 86,185,359 LIABILITIES Accounts payable and other liabilities $ Liabilities due to resolutions (Note 6) 236,971 $ 238,322 1,203,260 2,073,375 259,316 232,201 Anticipated failure of insured institutions (Note 7) 97,777 477,357 Guarantee payments and litigation losses (Notes 7 and 8) 34,515 2,589 1,831,839 3,023,844 93,272,447 83,166,991 (479,362) 20,271 (45,590) (25,747) (524,952) (5,476) Postretirement benefit liability (Note 12) Contingent liabilities: Total Liabilities Commitments and off-balance-sheet exposure (Note 13) FUND BALANCE Accumulated Net Income ACCUMULATED OTHER COMPREHENSIVE INCOME Unrealized (loss) gain on U.S. Treasury securities, net (Note 3) Unrealized postretirement benefit loss (Note 12) Total Accumulated Other Comprehensive (Loss) Total Fund Balance Total Liabilities and Fund Balance $ The accompanying notes are an integral part of these financial statements. 96 FINANCIAL SECTION 92,747,495 83,161,515 94,579,334 $ 86,185,359 2017 DEPOSIT INSURANCE FUND (DIF) Federal Deposit Insurance Corporation Deposit Insurance Fund Statement of Income and Fund Balance For the Years Ended December 31 2017 (Dollars in Thousands) 2016 REVENUE Assessments (Note 9) $ Interest on U.S. Treasury securities Other revenue Total Revenue 10,594,838 $ 9,986,615 1,056,989 671,377 11,947 16,095 11,663,774 10,674,087 1,739,395 1,715,011 (183,149) (1,567,950) 2,072 3,509 1,558,318 150,570 10,105,456 10,523,517 EXPENSES AND LOSSES Operating expenses (Note 10) Provision for insurance losses (Note 11) Insurance and other expenses Total Expenses and Losses Net Income OTHER COMPREHENSIVE INCOME Unrealized (loss) gain on U.S. Treasury securities, net Unrealized postretirement benefit (loss) gain (Note 12) Total Other Comprehensive (Loss) Income Comprehensive Income Fund Balance - Beginning Fund Balance - Ending $ (499,633) 29,462 (19,843) 8,301 (519,476) 37,763 9,585,980 10,561,280 83,161,515 72,600,235 92,747,495 $ 83,161,515 The accompanying notes are an integral part of these financial statements. FINANCIAL SECTION 97 ANNUAL REPORT DEPOSIT INSURANCE FUND (DIF) Federal Deposit Insurance Corporation Deposit Insurance Fund Statement of Cash Flows For the Years Ended December 31 2017 (Dollars in Thousands) 2016 OPERATING ACTIVITIES Provided by: Assessments $ 10,609,959 $ 9,488,215 Interest on U.S. Treasury securities 1,622,583 1,523,215 Recoveries from financial institution resolutions 3,952,375 3,601,149 16,853 16,057 Operating expenses (1,838,673) (1,671,768) Disbursements for financial institution resolutions (3,010,042) (502,716) (799) (8,998) Miscellaneous receipts Used by: Miscellaneous disbursements Net Cash Provided by Operating Activities 11,352,256 12,445,154 29,931,209 26,517,122 (40,756,734) (38,474,320) (30,499) (31,334) (10,856,024) (11,988,532) INVESTING ACTIVITIES Provided by: Maturity of U.S. Treasury securities Used by: Purchase of U.S. Treasury securities Purchase of property and equipment Net Cash (Used) by Investing Activities Net Increase in Cash and Cash Equivalents Cash and Cash Equivalents - Beginning Cash and Cash Equivalents - Ending $ The accompanying notes are an integral part of these financial statements. 98 FINANCIAL SECTION 496,232 456,622 1,332,966 876,344 1,829,198 $ 1,332,966 2017 DEPOSIT INSURANCE FUND NOTES TO THE FINANCIAL STATEMENTS December 31, 2017 and 2016 1. Operations of the Deposit Insurance Fund OVERVIEW The Federal Deposit Insurance Corporation (FDIC) is the independent deposit insurance agency created by Congress in 1933 to maintain stability and public confidence in the nation’s banking system. Provisions that govern the FDIC’s operations are generally found in the Federal Deposit Insurance (FDI) Act, as amended (12 U.S.C. 1811, et seq). In accordance with the FDI Act, the FDIC, as administrator of the Deposit Insurance Fund (DIF), insures the deposits of banks and savings associations (insured depository institutions). In cooperation with other federal and state agencies, the FDIC promotes the safety and soundness of insured depository institutions (IDIs) by identifying, monitoring, and addressing risks to the DIF. Commercial banks, savings banks and savings associations (known as “thrifts”) are supervised by either the FDIC, the Office of the Comptroller of the Currency, or the Federal Reserve Board. In addition to being the administrator of the DIF, the FDIC is the administrator of the FSLIC Resolution Fund (FRF). The FRF is a resolution fund responsible for the sale of the remaining assets and the satisfaction of the liabilities associated with the former Federal Savings and Loan Insurance Corporation (FSLIC) and the former Resolution Trust Corporation. The FDIC maintains the DIF and the FRF separately to support their respective functions. Pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act), the FDIC also manages the Orderly Liquidation Fund (OLF). Established as a separate fund in the U.S. Treasury (Treasury), the OLF is inactive and unfunded until the FDIC is appointed as receiver for a covered financial company. A covered financial company is a failing financial company (for example, a bank holding company or nonbank financial company) for which a systemic risk determination has been made as set forth in section 203 of the Dodd-Frank Act. The Dodd-Frank Act (Public Law 111-203) granted the FDIC authority to establish a widely available program to guarantee obligations of solvent IDIs or solvent depository institution holding companies (including affiliates) upon the systemic risk determination of a liquidity event during times of severe economic distress. The program would not be funded by the DIF but rather by fees and assessments paid by all participants in the program. If fees are insufficient to cover losses or expenses, the FDIC must impose a special assessment on participants as necessary to cover the shortfall. Any excess funds at the end of the liquidity event program would be deposited in the General Fund of the Treasury. The Dodd-Frank Act also created the Financial Stability Oversight Council (FSOC) of which the Chairman of the FDIC is a member and expanded the FDIC’s responsibilities to include supervisory review of resolution plans (known as living wills) and backup examination authority for systemically important bank holding companies and nonbank financial companies. The living wills provide for an entity’s rapid and orderly resolution in the event of material financial distress or failure. OPERATIONS OF THE DIF The primary purposes of the DIF are to (1) insure the deposits and protect the depositors of IDIs and (2) resolve failed IDIs upon appointment of the FDIC as receiver in a manner that will result in the least possible cost to the DIF. The DIF is primarily funded from deposit insurance assessments. Other available funding sources, if necessary, are borrowings from the Treasury, the Federal Financing Bank (FFB), Federal Home Loan Banks, and IDIs. The FDIC has borrowing authority of $100 billion from the Treasury and a Note Purchase Agreement with the FFB, not to exceed $100 billion, to enhance the DIF’s ability to fund deposit insurance. A statutory formula, known as the Maximum Obligation Limitation (MOL), limits the amount of obligations the DIF can incur to the sum of its cash, 90 percent of the fair market value of other assets, and the amount authorized to be borrowed from the Treasury. The MOL for the DIF was $191.5 billion and $182.1 billion as of December 31, 2017 and 2016, respectively. OPERATIONS OF RESOLUTION ENTITIES The FDIC, as receiver, is responsible for managing and disposing of the assets of failed institutions in an orderly and efficient manner. The assets held by receiverships, passthrough conservatorships, and bridge institutions (collectively, resolution entities), and the claims against them, are accounted for separately from the DIF assets and liabilities to ensure that proceeds from these entities are distributed according to applicable laws and regulations. Therefore, income and expenses attributable to resolution entities are accounted for as transactions of those entities. FINANCIAL SECTION 1 99 ANNUAL REPORT DEPOSIT INSURANCE FUND The FDIC, as administrator of the DIF, bills resolution entities for services provided on their behalf. 2. Summary of Significant Accounting Policies GENERAL The financial statements include the financial position, results of operations, and cash flows of the DIF and are presented in accordance with U.S. generally accepted accounting principles (GAAP). These statements do not include reporting for assets and liabilities of resolution entities because these entities are legally separate and distinct, and the DIF does not have any ownership or beneficial interests in them. Periodic and final accounting reports of resolution entities are furnished to courts, supervisory authorities, and others upon request. USE OF ESTIMATES The preparation of the financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities, revenue and expenses, and disclosure of contingent liabilities. Actual results could differ from these estimates. Where it is reasonably possible that changes in estimates will cause a material change in the financial statements in the near term, the nature and extent of such potential changes in estimates have been disclosed. The more significant estimates include the assessments receivable and associated revenue; the allowance for loss on receivables from resolutions (which considers the impact of shared-loss agreements); the guarantee obligations for structured transactions; the postretirement benefit obligation; and the estimated losses for anticipated failures and representations and indemnifications. CASH EQUIVALENTS Cash equivalents are short-term, highly liquid investments consisting primarily of U.S. Treasury Overnight Certificates. INVESTMENT IN U.S. TREASURY SECURITIES The FDI Act requires that the DIF funds be invested in obligations of the United States or in obligations guaranteed as to principal and interest by the United States. The Secretary of the Treasury must approve all such investments in excess of $100,000 and has granted the FDIC approval to invest the DIF funds only in U.S. Treasury obligations that are purchased or sold exclusively through the Treasury’s Bureau of the Fiscal Service’s Government Account Series program. The DIF’s investments in U.S. Treasury securities are classified as available-for-sale (AFS). Securities designated as AFS are shown at fair value. Unrealized gains and losses are 100 reported as other comprehensive income. Any realized gains and losses are included in the Statement of Income and Fund Balance as components of net income. Income on securities is calculated and recorded daily using the effective interest or straight-line method depending on the maturity of the security (see Note 3). REVENUE RECOGNITION FOR ASSESSMENTS Assessment revenue is recognized for the quarterly period of insurance coverage based on an estimate. The estimate is derived from an institution’s regular risk-based assessment rate and assessment base for the prior quarter adjusted for the current quarter’s available assessment credits, certain changes in supervisory examination ratings for larger institutions, as well as modest assessment base growth and average assessment rate adjustment factors. Beginning July 1, 2016, the estimate includes a surcharge for institutions with $10 billion or more in total consolidated assets (see Note 9). At the subsequent quarter-end, the estimated revenue amounts are adjusted when actual assessments for the covered period are determined for each institution. CAPITAL ASSETS AND DEPRECIATION The FDIC buildings are depreciated on a straight-line basis over a 35- to 50-year estimated life. Building improvements are capitalized and depreciated over the estimated useful life of the improvements. Leasehold improvements are capitalized and depreciated over the lesser of the remaining life of the lease or the estimated useful life of the improvements, if determined to be material. Capital assets depreciated on a straight-line basis over a five-year estimated useful life include mainframe equipment; furniture, fixtures, and general equipment; and internal-use software. Computer equipment is depreciated on a straightline basis over a three-year estimated useful life (see Note 5). PROVISION FOR INSURANCE LOSSES The provision for insurance losses primarily represents changes in the allowance for losses on receivables from closed banks and the contingent liability for anticipated failures of insured institutions (see Note 11). REPORTING ON VARIABLE INTEREST ENTITIES The receiverships engaged in structured transactions, some of which resulted in the issuance of note obligations that were guaranteed by the FDIC, in its corporate capacity. As the guarantor of note obligations for several structured transactions, the FDIC, in its corporate capacity, holds an interest in many variable interest entities (VIEs). The FDIC conducts a qualitative assessment of its relationship with each VIE as required by the Financial Accounting Standards Board (FASB) Accounting Standards Codification (ASC) Topic 810, Consolidation. These assessments are conducted to FINANCIAL SECTION 2 2017 NOTES TO THE FINANCIAL STATEMENTS determine if the FDIC, in its corporate capacity, has (1) power to direct the activities that most significantly affect the economic performance of the VIE and (2) an obligation to absorb losses of the VIE or the right to receive benefits from the VIE that could potentially be significant to the VIE. When a variable interest holder has met both of these characteristics, the enterprise is considered the primary beneficiary and must consolidate the VIE. In accordance with the provisions of FASB ASC Topic 810, an assessment of the terms of the legal agreement for each VIE was conducted to determine whether any of the terms had been activated or modified in a manner that would cause the FDIC, in its corporate capacity, to be characterized as a primary beneficiary. In making that determination, consideration was given to which, if any, activities were significant to each VIE. Often, the right to service collateral, to liquidate collateral, or to unilaterally dissolve the VIE was determined to be the most significant activity. In other cases, it was determined that the structured transactions did not include such significant activities and that the design of the entity was the best indicator of which party was the primary beneficiary. The conclusion of these analyses was that the FDIC, in its corporate capacity, has not engaged in any activity that would cause the FDIC to be characterized as a primary beneficiary to any VIE with which it was involved as of December 31, 2017 and 2016. Therefore, consolidation is not required for the 2017 and 2016 DIF financial statements. In the future, the FDIC, in its corporate capacity, may become the primary beneficiary upon the activation of provisional contract rights that extend to the FDIC if payments are made on guarantee claims. Ongoing analyses will be required to monitor consolidation implications under FASB ASC Topic 810. The FDIC’s involvement with VIEs is fully described in Note 8 under FDIC Guaranteed Debt of Structured Transactions. RELATED PARTIES The nature of related parties and a description of related party transactions are discussed in Note 1 and disclosed throughout the financial statements and footnotes. APPLICATION OF RECENT ACCOUNTING STANDARDS In May 2014, the FASB issued Accounting Standards Update (ASU) 2014-09, Revenue from Contracts with Customers (Topic 606). The ASU, and its related amendments, requires an entity to recognize revenue based on the amount it expects to be entitled for the transfer of promised goods or services to customers. The FDIC’s implementation efforts have included identifying revenue within the scope of the new guidance. The new guidance is not expected to require a material change in the timing and measurement of revenue related to deposit insurance assessments. The FDIC does not expect the ASU to have a material impact on the DIF’s financial position or its results of operations. The new standard is effective on January 1, 2019, with early adoption permitted. The FDIC continues to evaluate the full effect of this guidance on the DIF, including changes related to disclosure requirements and alternative adoption methods. In January 2016, the FASB issued ASU 2016-01, Financial Instruments—Overall (Subtopic 825-10): Recognition and Measurement of Financial Assets and Financial Liabilities. The ASU addresses certain aspects of recognition, measurement, presentation, and disclosure of financial instruments through targeted changes to existing guidance. The ASU permits nonpublic entities to exclude disclosures related to the fair value of financial instruments measured at amortized cost. The FDIC has early adopted this provision and Note 14 was revised accordingly. The FDIC has determined that the other provisions of the ASU, which are effective for the DIF beginning on January 1, 2019, will not have a material effect on the financial position of the DIF or its results of operations. In February 2016, the FASB issued ASU 2016-02, Leases (Topic 842). The new guidance requires that substantially all leases will be reported on the balance sheet through the recognition of a right-of-use asset and a corresponding lease liability. The ASU also requires lessees and lessors to expand qualitative and quantitative disclosures and key information regarding their leasing arrangements. The FDIC’s implementation efforts are on-going and include a review of the entire portfolio of leases currently classified as operating leases. The standard is effective for the DIF on January 1, 2020, with early adoption allowed. The FDIC estimates an increase of approximately $157 million in assets and liabilities based on the amount disclosed as lease commitments for future years in Note 13. The FDIC does not expect the ASU to have a material effect on the DIF’s financial position or its results of operations. In June 2016, the FASB issued ASU 2016-13, Financial Instruments—Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments. The ASU will replace the incurred loss impairment model with a new expected credit loss model for financial assets measured at amortized cost and for off-balance-sheet credit exposures. The guidance also amends the AFS debt securities impairment model by requiring the use of an allowance to record estimated credit losses (and subsequent recoveries) related to AFS debt securities. The ASU is effective for the DIF on January 1, 2021 and requires the cumulative effect of the change on the DIF’s beginning fund balance when it is adopted. The FDIC continues to assess the effect the ASU FINANCIAL SECTION 3 101 ANNUAL REPORT DEPOSIT INSURANCE FUND (a) The Treasury Inflation-Protected Securities (TIPS) are indexed to increases or decreases in the Consumer Price Index for All Urban Consumers (CPI-U). For TIPS, the yields in the above table are stated at their real yields at purchase, not their effective yields. Effective yields on TIPS include a long-term annual inflation assumption as measured by the CPI-U. The long-term CPI-U consensus forecast is 2.0 percent, based on figures issued by the Congressional Budget Office and Blue Chip Economic Indicators in early 2016. will have on the DIF’s financial position and results of operations. Other recent accounting pronouncements have been deemed not applicable or material to the financial statements as presented. (b) Includes two Treasury notes totaling $3.4 billion which matured on Saturday, December 31, 2016. Settlements occurred the next business day, January 3, 2017. (c) These unrealized losses occurred over a period of less than a year as a result of temporary changes in market interest rates. The FDIC does not intend to sell the securities and is not likely to be required to sell them before their maturity date, thus, the FDIC does not consider these securities to be other than temporarily impaired at December 31, 2016. The aggregate related fair value of securities with unrealized losses was $31.4 billion as of December 31, 2016. 3. Investment in U.S. Treasury Securities The “Investment in U.S. Treasury securities” line item on the Balance Sheet consisted of the following components by maturity (dollars in millions). December 31, 2017 Yield at Maturity Purchase U.S. Treasury notes and bonds a Within 1 year After 1 year through 5 years Net Carrying Amount Face Value 1.25% $ 26,525 1.67% 56,500 b Subtotal $ 83,025 U.S. Treasury Inflation-Protected Securities After 1 year through 5 years -0.14% $ Subtotal Total 400 $ Unrealized Unrealized Holding Holding Gains Losses 4. Receivables from Resolutions, Net Fair Value 26,661 $ 0 $ (53) 56,694 3 (428) $ 83,355 $ 3 $ (481) $ 82,877 $ 427 $ 0 $ (1) $ 426 (1) $ 426 c (482) $ 83,303 $ 400 $ 427 $ 0 $ $ 83,425 $ 83,782 $ 3 $ $ 26,608 56,269 (a) The Treasury Inflation-Protected Securities (TIPS) are indexed to increases or decreases in the Consumer Price Index for All Urban Consumers (CPI-U). For TIPS, the yields in the above table are stated at their real yields at purchase, not their effective yields. Effective yields on TIPS include a long-term annual inflation assumption as measured by the CPI-U. The long-term CPI-U consensus forecast is 2.0 percent, based on figures issued by the Congressional Budget Office and Blue Chip Economic Indicators in early 2017. (b) Includes two Treasury notes totaling $2.1 billion which matured on Sunday, December 31, 2017. Settlements occurred the next business day, January 2, 2018. Receivables from closed banks (c) These unrealized losses occurred over a period of less than a year as a result of temporary changes in market interest rates. The FDIC does not intend to sell the securities and is not likely to be required to sell them before their maturity date, thus, the FDIC does not consider these securities to be other than temporarily impaired at December 31, 2017. The aggregate related fair value of securities with unrealized losses was $75.5 billion as of December 31, 2017. December 31, 2016 Yield at a Maturity Purchase U.S. Treasury notes and bonds Within 1 year 0.87% $ Net Carrying Amount Face Value 32,031 b $ After 1 year 1.38% 40,525 through 5 years Subtotal $ 72,556 $ U.S. Treasury Inflation-Protected Securities After 1 year -0.14% $ 400 $ through 5 years Subtotal $ 400 $ Total $ 72,956 $ 102 Unrealized Unrealized Holding Holding Gains Losses Total 32,365 $ 25 $ (5) 40,707 92 (94) 73,072 $ 117 $ (99) $ 73,090 420 $ 2 $ 0 $ 422 420 $ 2 $ 0 $ 422 (99) $ 73,512 73,492 $ 119 $ 32,385 40,705 c $ Allowance for losses Fair Value $ The receivables from resolutions result from DIF payments to cover obligations to insured depositors (subrogated claims), advances to resolution entities for working capital, and administrative expenses paid on behalf of resolution entities. Any related allowance for loss represents the difference between the funds advanced and/or obligations incurred and the expected repayment. Estimated future payments on losses incurred on assets sold to an acquiring institution under a shared-loss agreement (SLA) are factored into the computation of the expected repayment. Assets held by resolution entities (including structured transaction-related assets; see Note 8) are the main source of repayment of the DIF’s receivables from resolutions. The “Receivables from resolutions, net” line item on the Balance Sheet consisted of the following components (dollars in thousands). $ December 31 December 31 2017 2016 76,725,761 $ 80,314,038 (70,752,790) (72,523,635) 5,972,971 $ 7,790,403 As of December 31, 2017, the FDIC, as receiver, managed 338 active receiverships, including eight established in 2017. The resolution entities held assets with a book value of $8.8 billion as of December 31, 2017, and $14.9 billion as of December 31, 2016 (including $6.5 billion and $11.6 billion, respectively, of cash, investments, receivables due from the DIF, and other receivables). Estimated cash recoveries from the management and disposition of assets that are used to determine the allowance for losses are based on asset recovery rates from several sources, including actual or pending institutionspecific asset disposition data, failed institution-specific asset valuation data, aggregate asset valuation data on several recently failed or troubled institutions, sampled asset FINANCIAL SECTION 4 2017 NOTES TO THE FINANCIAL STATEMENTS valuation data, and empirical asset recovery data based on failures since 1990. Methodologies for determining the asset recovery rates incorporate estimating future cash recoveries, net of applicable liquidation cost estimates, and discounting based on market-based risk factors applicable to a given asset’s type and quality. The resulting estimated cash recoveries are then used to derive the allowance for loss on the receivables from these resolutions. hurricanes. The FDIC continues to assess and monitor the circumstances and conditions that may cause an increase in losses to the DIF from these shared-loss covered assets. The extent to which the acquiring institutions may incur elevated loan losses (after consideration of borrower insurance and other financial assistance) resulting in related shared-loss claims, if any, is not yet determinable. Consequently, no additional losses have been reflected in the DIF. For failed institutions resolved using a whole bank purchase and assumption transaction with an accompanying SLA, the projected future shared-loss payments on the covered residential and commercial loan assets sold to the acquiring institution under the agreement are considered in determining the allowance for loss on the receivables from these resolutions. The shared-loss cost projections are based on the covered assets’ intrinsic value, which is determined using financial models that consider the quality, condition and type of covered assets, current and future market conditions, risk factors, and estimated asset holding periods. WHOLE BANK PURCHASE AND ASSUMPTION TRANSACTIONS WITH SHARED-LOSS AGREEMENTS Since the beginning of 2008 through 2013, the FDIC resolved 304 failures using whole bank purchase and assumption resolution transactions with accompanying SLAs on total assets of $215.7 billion purchased by the financial institution acquirers. The acquirer typically assumed all of the deposits and purchased essentially all of the assets of a failed institution. The majority of the commercial and residential loan assets were purchased under an SLA, where the FDIC agreed to share in future losses and recoveries experienced by the acquirer on those assets covered under the agreement. For year-end 2017, the shared-loss cost estimates were updated for all 104 receiverships with active SLAs. The updated shared-loss cost projections for the larger residential shared-loss agreements were primarily based on third-party valuations estimating the cumulative loss of covered assets. The updated shared-loss cost projections on the remaining residential shared-loss agreements were based on a stratified random sample of institutions selected for third-party loss estimations, and valuation results from the sampled institutions were aggregated and extrapolated to the non-sampled institutions by asset type and performance status. For the remaining commercial covered assets, shared-loss cost projections were based on the FDIC’s historical loss experience that also factors in the time period based on the life of the agreement. Also reflected in the allowance for loss calculation are endof-agreement SLA “true-up” recoveries. True-up recoveries are projected to be received at expiration in accordance with the terms of the SLA, if actual losses at expiration are lower than originally estimated. Note that estimated asset recoveries are regularly evaluated during the year, but remain subject to uncertainties because of potential changes in economic and market conditions, which may cause the DIF’s actual recoveries to vary significantly from current estimates. Losses on the covered assets of failed institutions are shared between the acquirer and the FDIC, in its receivership capacity, when losses occur through the sale, foreclosure, loan modification, or charge-off of loans under the terms of the SLA. The majority of the agreements cover commercial and single-family loans over a five- to ten-year shared-loss period, respectively, with the receiver covering 80 percent of the losses incurred by the acquirer and the acquiring institution covering 20 percent. Prior to March 26, 2010, most SLAs included a threshold amount, above which the receiver covered 95 percent of the losses incurred by the acquirer. Recoveries by the acquirer on covered commercial and single-family SLA losses are also shared over an eightto ten-year period, respectively. Note that future recoveries on SLA losses are not factored into the DIF allowance for loss calculation because the amount and timing of such receipts are not determinable. The estimated shared-loss liability is accounted for by the receiver and is included in the calculation of the DIF’s allowance for loss against the corporate receivable from the resolution. As shared-loss claims are asserted and proven, receiverships satisfy these shared-loss payments using available liquidation funds and/or by drawing on amounts due from the DIF for funding the deposits assumed by the acquirer (see Note 6). As of December 31, 2017, 14 percent or $1.9 billion of remaining shared-loss covered assets (consisting primarily of single-family loans) are located in Puerto Rico, which sustained significant damage from the September 2017 FINANCIAL SECTION 5 103 ANNUAL REPORT DEPOSIT INSURANCE FUND Receivership shared-loss transactions are summarized as follows (dollars in thousands). December 31 December 31 2017 2016 $ 29,014,957 $ 28,988,624 Projected shared-loss payments, net of "true-up" recoveries $ 428,971 $ 966,063 13,896,921 $ 20,807,196 Shared-loss payments made to date, net of recoveries Total remaining shared-loss covered assets $ The $6.9 billion reduction in the remaining shared-loss covered assets from 2016 to 2017 is primarily due to the liquidation of covered assets from active SLAs, expiration of loss coverage for 14 commercial loan SLAs, and early termination of SLAs impacting 43 receiverships during 2017. CONCENTRATION OF CREDIT RISK Financial instruments that potentially subject the DIF to concentrations of credit risk are receivables from resolutions. The repayment of these receivables is primarily influenced by recoveries on assets held by receiverships and payments on the covered assets under SLAs. The majority of the remaining assets in liquidation ($2.3 billion) and current shared-loss covered assets ($13.9 billion), which together total $16.2 billion, are concentrated in commercial loans ($264 million), residential loans ($13.8 billion), and structured transaction-related assets ($1.4 billion) as described in Note 8. Most of the assets originated from failed institutions located in California ($9.6 billion), Puerto Rico ($1.9 billion), and Florida ($1.7 billion). 5. Property and Equipment, Net Depreciation expense was $54 million and $50 million for 2017 and 2016, respectively. The “Property and equipment, net” line item on the Balance Sheet consisted of the following components (dollars in thousands). December 31 December 31 2017 2016 Land $ 37,352 $ 37,352 Buildings (including building and leasehold improvements) 325,322 348,008 Application software (includes work-in-process) 112,727 127,113 Furniture, fixtures, and equipment 72,384 69,624 Accumulated depreciation (213,735) (224,522) Total $ 334,050 $ 357,575 6. Liabilities Due to Resolutions As of December 31, 2017 and 2016, the DIF recorded liabilities totaling $1.2 billion and $2.1 billion, respectively, to resolution entities representing the agreed-upon value of assets transferred from the receiverships, at the time of failure, to the acquirers/bridge institutions for use in funding the deposits assumed by the acquirers/bridge institutions. Ninety-one percent of these liabilities are due to failures resolved under whole-bank purchase and assumption transactions, most with an accompanying SLA. The DIF satisfies these liabilities either by sending cash directly to a receivership to fund shared-loss and other expenses or by offsetting receivables from resolutions when a receivership declares a dividend. 7. Contingent Liabilities ANTICIPATED FAILURE OF INSURED INSTITUTIONS The DIF records a contingent liability and a loss provision for DIF-insured institutions that are likely to fail when the liability is probable and reasonably estimable, absent some favorable event such as obtaining additional capital or merging. The contingent liability is derived by applying expected failure rates and loss rates to the institutions based on supervisory ratings, balance sheet characteristics, and projected capital levels. The banking industry’s financial condition and performance were generally positive in 2017. According to the most recent quarterly financial data submitted by DIF-insured institutions, the industry’s capital levels continued to improve, and the percentage of total loans that were noncurrent at September 30 fell to its lowest level since third quarter 2007. The industry reported total net income of $139.6 billion for the first nine months of 2017, an increase of 9.2 percent over the comparable period one year ago. Losses to the DIF from failures that occurred in 2017 were higher than the contingent liability at the end of 2016, as the deterioration in the financial condition of certain troubled institutions and the resulting cost of institution failures was more than anticipated. However, the reversal of the liability for institutions that failed in 2017, as well as favorable trends in bank supervisory downgrade rates, contributed to a decline in the contingent liability from $477 million at December 31, 2016 to $98 million at December 31, 2017. In addition to the recorded contingent liabilities, the FDIC has identified risks in the financial services industry that could result in additional losses to the DIF, should potentially vulnerable insured institutions ultimately fail. As a result of 104 FINANCIAL SECTION 6 2017 NOTES TO THE FINANCIAL STATEMENTS these risks, the FDIC believes that it is reasonably possible that the DIF could incur additional estimated losses of approximately $373 million as of December 31, 2017, as compared to $919 million as of year-end 2016. The actual losses, if any, will largely depend on future economic and market conditions and could differ materially from this estimate. During 2017, eight institutions failed with combined assets of $5.2 billion at the date of failure. Recent trends in supervisory ratings and market data suggest that the financial performance and condition of the banking industry should continue to improve over the coming year. However, the operating environment remains challenging for banks. Interest rates have been exceptionally low for an extended period, and there are signs of growing credit and liquidity risk. Revenue growth has been modest and margins remain narrow despite recent interest rate hikes. Economic conditions that challenge the banking sector include the potential effect of increases in interest rates on liquidity and economic activity; the impact of the 2017 hurricanes and wildfires on credit quality; the impact of continued weak energy and commodity prices on local markets; and the risk of market volatility from geopolitical developments. The FDIC continues to evaluate ongoing risks to affected institutions in light of existing economic and financial conditions, and the extent to which such risks may put stress on the resources of the insurance fund. LITIGATION LOSSES The DIF records an estimated loss for unresolved legal cases to the extent that those losses are considered probable and reasonably estimable. The FDIC recorded probable litigation losses of $200 thousand for the DIF as of December 31, 2017 and 2016. In addition, the FDIC has identified $1 million of reasonably possible losses from unresolved cases as of December 31, 2017 and 2016. 8. Other Contingencies INDYMAC FEDERAL BANK REPRESENTATION AND INDEMNIFICATION CONTINGENT LIABILITY On March 19, 2009, the FDIC, as receiver, for IndyMac Federal Bank (IMFB) and certain subsidiaries (collectively, Sellers) sold substantially all of the assets, which included mortgage loans and servicing rights, to OneWest Bank (now known as CIT Bank) and its affiliates (collectively, Acquirers). Under the sale agreements, the Acquirers have indemnification rights to recover losses incurred as a result of third-party claims and breaches of the Sellers’ representations. The FDIC, in its corporate capacity, guaranteed the Sellers’ indemnification obligations under the sale agreements. Until all indemnification claims are asserted, quantified and paid, losses could continue to be incurred by the receivership and indirectly by the DIF. The unpaid principal balances of loans in the servicing portfolios sold subject to the Sellers’ indemnification obligations totaled $171.6 billion at the time of sale. The IndyMac receivership has paid cumulative claims totaling $110 million and $30 million through December 31, 2017 and 2016, respectively. No claims have been asserted or accrued as of December 31, 2017. Claims under review in the amount of $18 million that were accrued for as of December 31, 2016, have been resolved. The Sellers have settled their obligations to the Acquirers and Fannie Mae with respect to the Fannie Mae mortgage loan portfolios (including claims relating to Fannie Mae’s inability to recover interest as a result of the servicer’s failure to pursue foreclosure within prescribed timelines). At the time of the sale to CIT, the loans serviced for Fannie Mae constituted approximately 70 percent of the reverse mortgage servicing portfolio. The receivership’s payment for this settlement is reflected in the “Receivables from resolutions, net” line item on the Balance Sheet. Given the passage of time and other factors, the FDIC believes that the likelihood of incurring losses directly to other investors is remote. The Acquirers’ rights to submit breach notices as well as their right to submit claims for reimbursement with respect to certain third party claims have passed. However, the Acquirers retain the right to assert indemnification claims for losses over the life of those loans for which breach notices or third party claim notices were timely submitted. While many loans are subject to notices of alleged breaches, not all breach allegations or third party claims will result in an indemnifiable loss. In addition, the Acquirers retain the right to seek reimbursement for losses incurred as a result of claims alleging breaches of loan seller representations asserted by Ginnie Mae on or before March 19, 2019 for its reverse mortgage servicing portfolios. At the time of the sale to CIT the reverse loans serviced for Ginnie Mae constituted approximately 2 percent of the reverse mortgage servicing portfolio. Quantifying the contingent liability is subject to a number of uncertainties, including market conditions, the occurrence of borrower defaults and resulting foreclosures and losses, and the possible allocation of certain losses to the Acquirers. Therefore, because of these uncertainties the FDIC has determined that, while additional losses are probable, the amount is not currently estimable. FINANCIAL SECTION 7 105 ANNUAL REPORT DEPOSIT INSURANCE FUND PURCHASE AND ASSUMPTION INDEMNIFICATION In connection with purchase and assumption agreements for resolutions, the FDIC, in its receivership capacity, generally indemnifies the purchaser of a failed institution’s assets and liabilities in the event a third party asserts a claim against the purchaser unrelated to the explicit assets purchased or liabilities assumed at the time of failure. The FDIC, in its corporate capacity, is a secondary guarantor if a receivership is unable to pay. These indemnifications generally extend for a term of six years after the date of institution failure. The FDIC is unable to estimate the maximum potential liability for these types of guarantees as the agreements do not specify a maximum amount and any payments are dependent upon the outcome of future contingent events, the nature and likelihood of which cannot be determined at this time. During 2017 and 2016, the FDIC, in its corporate capacity, made no indemnification payments under such agreements, and no amount has been accrued in the accompanying financial statements with respect to these indemnification guarantees. have been satisfied, and the FDIC has been reimbursed for any guarantee payments. FDIC GUARANTEED DEBT OF STRUCTURED TRANSACTIONS The FDIC, as receiver, used structured transactions (securitizations and structured sales of guaranteed notes (SSGNs) or collectively, “trusts”) to dispose of residential mortgage loans, commercial loans, and mortgage-backed securities held by the receiverships. For these transactions, certain loans or securities from failed institutions were pooled and transferred into a trust structure. The trusts issued senior and/or subordinated debt instruments and owner trust or residual certificates collateralized by the underlying mortgage-backed securities or loans. From March 2010 through March 2013, the receiverships transferred a portfolio of loans with an unpaid principal balance of $2.4 billion and mortgage-backed securities with a book value of $6.4 billion to the trusts. Private investors purchased the senior notes issued by the trusts for $6.2 billion in cash and the receiverships held the subordinated debt instruments and owner trust or residual certificates. In exchange for a fee, the FDIC, in its corporate capacity, guarantees the timely payment of principal and interest due on the senior notes, the latest maturity of which is 2050. If the FDIC is required to perform under its guarantees, it acquires an interest in the cash flows of the trust equal to the amount of guarantee payments made plus accrued interest. The subordinated note holders and owner trust or residual certificate holders receive cash flows from the trust only after all expenses have been paid, the guaranteed notes 106 The following table provides the maximum loss exposure to the FDIC, as guarantor, total guarantee fees collected, guarantee fees receivable, and other information related to the FDIC guaranteed debt for the trusts as of December 31, 2017 and 2016 (dollars in millions). December 31 2017 11 Number of trusts December 31 2016 11 Trust collateral balances Initial Current $ $ 8,780 $ 2,169 $ 8,780 2,707 Guaranteed note balances Initial Current (maximum loss exposure) $ $ 6,196 $ 672 $ 6,196 1,073 Guarantee fees collected to date $ 159 $ 152a Receivable for guarantee fees $ 8$ 14 Receivable for guarantee payments, net $ 20 $ 2 Amounts recognized in Contingent liabilities: Guarantee payments and litigation losses Contingent liability for guarantee payments $ 34 $ 2 8$ 14 Amounts recognized in Interest receivable on investments and other assets, net Amounts recognized in Accounts payable and other liabilities Deferred revenue for guarantee feesb $ (a) The guarantee fees reported previously in 2016 were $275 million and included fees from another type of structured transaction for which the guarantees have expired. (b) All guarantee fees are recorded as deferred revenue and recognized as revenue primarily on a straight-line basis over the term of the notes. Except as presented above, the DIF records no other structured transaction-related assets or liabilities on its balance sheet. ESTIMATED LOSS FROM GUARANTEE PAYMENTS Any estimated loss to the DIF from the guarantees is based on an analysis of the expected guarantee payments by the FDIC, net of reimbursements to the FDIC for such guarantee payments. The DIF recorded a contingent liability of $34 million as of December 31, 2017, for estimated payments FINANCIAL SECTION 8 2017 NOTES TO THE FINANCIAL STATEMENTS under the guarantee for one SSGN transaction, up from $2 million recorded at December 31, 2016. As guarantor, the FDIC, in its corporate capacity, is entitled to reimbursement from the trust for any guarantee payments; therefore a $34 million corresponding receivable has been recorded. The related allowance for loss on this receivable is $14 million, reflecting the expected shortfall of proceeds available for reimbursement after liquidation of the SSGN’s underlying collateral at note maturity. Guarantee payments are expected to begin in February 2020 and continue through note maturity in December 2020. For the same SSGN transaction, at December 31, 2016, it was reasonably possible that the DIF would have been required to make a final guarantee payment of $28 million at note maturity. For all of the remaining transactions, the estimated cash flows from the trust assets provide sufficient coverage to fully pay the debts. To date, the FDIC, in its corporate capacity, has not provided, and does not intend to provide, any form of financial or other type of support for structured transactions that it was not previously contractually required to provide. increases or decreases assessment rates, following notice-and-comment rulemaking, if required. • The FDIC Board of Directors designates a reserve ratio for the DIF and publishes the designated reserve ratio (DRR) before the beginning of each calendar year, as required by the FDI Act. Accordingly, in September 2017, the FDIC adopted a final rule maintaining the DRR at 2 percent for 2018. The DRR is an integral part of the FDIC’s comprehensive, long-term management plan for the DIF and is viewed as a longrange, minimum target for the reserve ratio. • The FDIC adopted a final rule that suspends dividends indefinitely, and, in lieu of dividends, adopts lower assessment rate schedules when the reserve ratio reaches 1.15 percent, 2 percent, and 2.5 percent. As of June 30, 2016, the reserve ratio of the DIF reached 1.17 percent. As a result of the ratio exceeding 1.15 percent, assessment rates were modified as follows, beginning with the quarter ending September 30, 2016. • Lower regular assessment rates became effective for all IDIs pursuant to final rules published in February 2011 and May 2016. 9. Assessments The FDIC deposit insurance assessment system is mandated by section 7 of the FDI Act and governed by part 327 of title 12 of the Code of Federal Regulations (12 CFR Part 327). The risk-based system requires the payment of quarterly assessments by all IDIs. In response to the Dodd-Frank Act, the FDIC implemented several changes to the assessment system, amended its Restoration Plan (which is required when the ratio of the DIF balance to estimated insured deposits (reserve ratio) is below the statutorily mandated minimum), and developed a comprehensive, long-term fund management plan. The plan is designed to restore and maintain a positive fund balance for the DIF even during a banking crisis and achieve moderate, steady assessment rates throughout any economic cycle. Summarized below are actions taken to implement requirements of the Dodd-Frank Act and provisions of the comprehensive, long-term fund management plan. • The FDIC amended the Restoration Plan, which is intended to ensure that the reserve ratio reaches 1.35 percent by September 30, 2020, as required by the Dodd-Frank Act, in lieu of the previous statutory minimum of 1.15 percent by the end of 2016. The FDIC updates, at least semiannually, its loss and income projections for the fund and, if needed, • A new risk-based method for calculating assessment rates became effective for institutions with less than $10 billion in total assets (small banks) pursuant to the final rule published in May 2016. The revised method is designed to be revenue-neutral, but helps ensure that banks that take on greater risks pay more for deposit insurance. Additionally, the Dodd-Frank Act requires that the FDIC offset the effect of increasing the minimum reserve ratio from 1.15 percent to 1.35 percent on small banks. To implement this requirement, the FDIC imposed a surcharge to the regular quarterly assessments of IDIs with $10 billion or more in total consolidated assets (larger institutions), beginning with the quarter ending September 30, 2016. Pursuant to a final rule published in March 2016: • The surcharge generally equals an annual rate of 4.5 basis points applied to a larger institution’s regular quarterly assessment base (with certain adjustments). • The FDIC will impose a shortfall assessment on larger institutions to achieve the minimum reserve ratio of 1.35 percent by the September 30, 2020 statutory deadline, if the reserve ratio has not reached 1.35 percent by the end of 2018. FINANCIAL SECTION 9 107 ANNUAL REPORT DEPOSIT INSURANCE FUND • The FDIC will provide assessment credits to small banks for the portion of their assessments that contribute to the growth in the reserve ratio between 1.15 percent and 1.35 percent to ensure that the effect of reaching 1.35 percent is fully borne by the larger institutions. The assessment credits will be determined and allocated as soon as practicable after the reserve ratio reaches 1.35 percent. In each quarter that the reserve ratio is at least 1.38 percent, the credits will be used to fully offset a small institution’s quarterly insurance assessment, until credits are exhausted. ASSESSMENT REVENUE Through December 31, 2017, annual assessment rates averaged approximately 7.2 cents per $100 of the assessment base for 2017, approximately 7.4 cents per $100 for the second half of 2016, and approximately 6.6 cents per $100 during the first half of 2016. The assessment base is generally defined as average consolidated total assets minus average tangible equity (measured as Tier 1 capital) of an IDI during the assessment period. Effective July 1, 2016, the change in the annual assessment rates primarily resulted from the net effect of the surcharges on large institutions, offset by lower regular assessment rates for all IDIs. The “Assessments receivable, net” line item on the Balance Sheet of $2.6 billion and $2.7 billion represents the estimated premiums due from IDIs for the fourth quarter of 2017 and 2016, respectively. The actual deposit insurance assessments for the fourth quarter of 2017 will be billed and collected at the end of the first quarter of 2018. During 2017 and 2016, $10.6 billion and $10.0 billion, respectively, were recognized as assessment revenue from institutions, including $4.9 billion and $2.4 billion in surcharges from large IDIs in 2017 and 2016, respectively. PENDING LITIGATION FOR UNDERPAID ASSESSMENTS On January 9, 2017, the FDIC filed suit in the United States District Court for the District of Columbia (and amended this complaint on April 7, 2017), alleging that Bank of America, N.A. (BoA) underpaid its insurance assessments for multiple quarters based on the underreporting of counterparty exposures. In total, the FDIC alleges that BoA underpaid insurance assessments by $1.12 billion, including interest for the quarters ending March 2012 through December 2014. The FDIC invoiced BoA for $542 million and $583 million representing claims in the initial suit and the amended complaint, respectively. BoA has failed to pay these past due amounts. Pending resolution of this matter, BoA has fully pledged security with a third-party custodian pursuant to a security agreement with the FDIC. As of December 31, 2017, the total amount of unpaid assessments (including accrued 108 interest) was $1.13 billion. For the years ending December 31, 2017 and 2016, the impact of this litigation is not reflected in the financial statements of the DIF. RESERVE RATIO As of September 30, 2017 and December 31, 2016, the DIF reserve ratio was 1.28 percent and 1.20 percent, respectively. ASSESSMENTS RELATED TO FICO Assessments are levied on institutions for payments of the interest on bond obligations issued by the Financing Corporation (FICO) and will continue until the final bond matures in September 2019. The FICO was established as a mixed-ownership government corporation to function solely as a financing vehicle for the former FSLIC. The FICO assessment has no financial impact on the DIF and is separate from deposit insurance assessments. The FDIC, as administrator of the DIF, acts solely as a collection agent for the FICO. Interest obligations collected and remitted to the FICO as of December 31, 2017 and 2016, were $760 million and $794 million, respectively. 10. Operating Expenses The “Operating expenses” line item on the Statement of Income and Fund Balance consisted of the following components (dollars in thousands). December 31 December 31 2017 2016 1,222,793 $ 1,235,244 265,514 265,492 Travel 88,786 92,126 Buildings and leased space 88,465 93,518 Software/Hardware maintenance 77,911 64,757 Depreciation of property and equipment 53,639 50,403 Other 26,362 26,191 1,823,470 1,827,731 (84,075) (112,720) Salaries and benefits $ Outside services Subtotal Less: Expenses billed to resolution entities and others Total $ 1,739,395 $ 1,715,011 11. Provision for Insurance Losses The provision for insurance losses was a negative $183 million for 2017, compared to negative $1.6 billion for 2016. The negative provision for 2017 primarily resulted from a $969 million decrease to the estimated losses for prior year failures offset by a $718 million increase for higher-thananticipated estimated losses for current year failures, as FINANCIAL SECTION 10 2017 NOTES TO THE FINANCIAL STATEMENTS compared to the contingent liability at year-end 2016. The 2016 negative provision was almost fully attributable to reductions in estimated losses for prior year failures. As described in Note 4, the estimated recoveries from assets held by receiverships and estimated payments related to assets sold by receiverships to acquiring institutions under shared-loss agreements (SLAs) are used to derive the loss allowance on the receivables from resolutions. Summarized below are the three primary components that comprise the $969 million decrease in estimated losses for prior year failures. • • • Receivership shared-loss liability cost estimates decreased $420 million primarily due to lowerthan-anticipated losses on covered assets, reductions in shared-loss cost estimates from the early termination of SLAs during the year, and unanticipated recoveries from SLAs where the commercial loss coverage has expired but the recovery period remains active. Receiverships received, or are expected to receive, $383 million of unanticipated recoveries from tax refunds, litigation settlements, and professional liability claims. These recoveries are typically not recognized in the allowance for loss estimate until the cash is received by receiverships, or collectability is assured, since significant uncertainties surround their recovery. Reductions in receivership contingent legal and representation and warranty liabilities, as well as projected future receivership expenses, resulted in a loss estimate decrease of $124 million. 12. Employee Benefits PENSION BENEFITS AND SAVINGS PLANS Eligible FDIC employees (permanent and term employees with appointments exceeding one year) are covered by the federal government retirement plans, either the Civil Service Retirement System (CSRS) or the Federal Employees Retirement System (FERS). Although the DIF contributes a portion of pension benefits for eligible employees, it does not account for the assets of either retirement system. The DIF also does not have actuarial data for accumulated plan benefits or the unfunded liability relative to eligible employees. These amounts are reported on and accounted for by the U.S. Office of Personnel Management (OPM). 1 percent of pay and an additional matching contribution up to 4 percent of pay. CSRS employees also can contribute to the TSP, but they do not receive agency matching contributions. Eligible FDIC employees may also participate in an FDIC-sponsored tax-deferred 401(k) savings plan with an automatic contribution of 1 percent of pay and an additional matching contribution up to 4 percent of pay. The expenses for these plans are presented in the table below (dollars in thousands). December 31 December 31 2017 2016 Civil Service Retirement System $ 2,644 $ 3,230 Federal Employees Retirement System (Basic Benefit) 111,228 111,368 35,180 34,966 Federal Thrift Savings Plan FDIC Savings Plan 39,004 37,499 Total $ 188,056 $ 187,063 POSTRETIREMENT BENEFITS OTHER THAN PENSIONS The DIF has no postretirement health insurance liability since all eligible retirees are covered by the Federal Employees Health Benefits (FEHB) program. The FEHB is administered and accounted for by the OPM. In addition, OPM pays the employer share of the retiree’s health insurance premiums. The FDIC provides certain life and dental insurance coverage for its eligible retirees, the retirees’ beneficiaries, and covered dependents. Retirees eligible for life and dental insurance coverage are those who have qualified due to (1) immediate enrollment upon appointment or five years of participation in the plan and (2) eligibility for an immediate annuity. The life insurance program provides basic coverage at no cost to retirees and allows converting optional coverage to direct-pay plans. For the dental coverage, retirees are responsible for a portion of the premium. The FDIC has elected not to fund the postretirement life and dental benefit liabilities. As a result, the DIF recognized the underfunded status (the difference between the accumulated postretirement benefit obligation and the plan assets at fair value) as a liability. Since there are no plan assets, the plan’s benefit liability is equal to the accumulated postretirement benefit obligation. Postretirement benefit obligation, gain and loss, and expense information included in the Balance Sheet and Statement of Income and Fund Balance are summarized as follows (dollars in thousands). Under the Federal Thrift Savings Plan (TSP), the FDIC provides FERS employees with an automatic contribution of FINANCIAL SECTION 11 109 ANNUAL REPORT DEPOSIT INSURANCE FUND December 31 2017 Accumulated postretirement benefit obligation recognized in Postretirement benefit liability $ Amounts recognized in accumulated other comprehensive income: Unrealized postretirement benefit loss Cumulative net actuarial loss Prior service cost Total $ (24,212) (1,535) (25,747) Amounts recognized in other comprehensive income: Unrealized postretirement benefit (loss) gain Actuarial (loss) gain $ Prior service credit Total $ (20,418) $ 575 (19,843) $ 7,726 575 8,301 $ $ 4,098 $ 9,241 3,882 8,440 654 13,993 $ 1,567 13,889 Expected amortization of accumulated other comprehensive income into net periodic benefit cost over the next year is shown in the table below (dollars in thousands). December 31, 2018 Prior service costs Net actuarial loss Total $ $ 575 1,491 2,066 The annual postretirement contributions and benefits paid are included in the table below (dollars in thousands). December 31 December 31 2017 2016 $ 6,720 $ 6,388 $ 788 $ 739 $ (7,508) $ (7,126) Employer contributions Plan participants' contributions Benefits paid Assumptions used to determine the amount of the accumulated postretirement benefit obligation and the net periodic benefit costs are summarized as follows. 232,201 (44,630) $ (960) (45,590) $ Net periodic benefit costs recognized in Operating expenses Service cost Interest cost Net amortization out of other comprehensive income Total $ 259,316 $ December 31 2016 Discount rate for future benefits (benefit obligation) Rate of compensation increase Discount rate (benefit cost) Dental health care cost-trend rate Assumed for next year Ultimate Year rate will reach ultimate December 31 December 31 2017 2016 4.03% 4.67% 3.44% 3.90% 4.67% 4.29% 4.00% 4.00% 2018 4.50% 4.50% 2017 13. Commitments and Off-Balance-Sheet Exposure COMMITMENTS: Leased Space The DIF leased space expense totaled $44 million and $48 million for 2017 and 2016, respectively. The FDIC’s lease commitments total $157 million for future years. The lease agreements contain escalation clauses resulting in adjustments, usually on an annual basis. Future minimum lease commitments are as follows (dollars in thousands). 2018 2019 2020 2021 2022 2023/Thereafter $45,337 $41,069 $25,914 $18,325 $9,443 $17,289 OFF-BALANCE-SHEET EXPOSURE: Deposit Insurance Estimates of insured deposits are derived primarily from quarterly financial data submitted by IDIs to the FDIC and represent the accounting loss that would be realized if all IDIs were to fail and the acquired assets provided no recoveries. As of September 30, 2017 and December 31, 2016, estimated insured deposits for the DIF were $7.1 trillion and $6.9 trillion, respectively. The expected contributions, for the year ending December 31, 2018, are $8.1 million. Expected future benefit payments for each of the next 10 years are presented in the following table (dollars in thousands). 2018 $7,354 110 2019 $7,809 2020 $8,323 2021 $8,846 2022 $9,388 2023-2027 $55,733 FINANCIAL SECTION 12 2017 NOTES TO THE FINANCIAL STATEMENTS 14. Fair Value of Financial Instruments 15. Information Relating to the Statement of Cash Flows Financial assets recognized and measured at fair value on a recurring basis at each reporting date include cash equivalents (see Note 2) and the investment in U.S. Treasury securities (see Note 3). The DIF’s financial assets measured at fair value consisted of the following components (dollars in millions). The following table presents a reconciliation of net income to net cash from operating activities (dollars in thousands). December 31, 2017 Quoted Prices in Active Markets for Significant Other Significant Identical Assets Observable Inputs Unobservable Inputs Total Assets (Level 1) (Level 2) (Level 3) at Fair Value Assets Cash equivalents1 Available-for-Sale Debt Securities $ Investment in U.S. Treasury securities2 Total Assets $ 1,820 83,303 85,123 $ 0 $ $ 1,820 0 $ 83,303 85,123 (1) Cash equivalents are Special U.S. Treasury Certificates with overnight maturities valued at prevailing interest rates established by the Treasury’s Bureau of the Fiscal Service. (2) The investment in U.S. Treasury securities is measured based on prevailing market yields for federal government entities. December 31, 2016 Quoted Prices in Active Markets for Significant Other Significant Identical Assets Observable Inputs Unobservable Inputs Total Assets (Level 1) (Level 2) (Level 3) at Fair Value December 31 2017 Operating Activities Net Income: Adjustments to reconcile net income to net cash provided by operating activities: Amortization of U.S. Treasury securities Treasury Inflation-Protected Securities inflation adjustment Depreciation on property and equipment Loss on retirement of property and equipment Provision for insurance losses Unrealized (loss) gain on postretirement benefits $ Change in Assets and Liabilities: Decrease (Increase) in assessments receivable, net Decrease (Increase) in interest receivable and other assets Decrease in receivables from resolutions (Decrease) in accounts payable and other liabilities Increase (Decrease) in postretirement benefit liability Increase in contingent liabilities - guarantee payments and litigation losses (Decrease) in liabilities due to resolutions Net Cash Provided by Operating Activities $ December 31 2016 10,105,456 $ 10,523,517 543,445 (8,564) 53,639 386 (183,149) (19,843) 977,245 (5,578) 50,403 1,607 (1,567,950) 8,301 31,881 21,171 1,620,258 (1,352) 27,116 31,927 (870,115) 11,352,256 $ (493,795) (107,749) 5,437,632 (34,249) (799) 2,389 (2,345,820) 12,445,154 Assets Cash equivalents1 Available-for-Sale Debt Securities $ 2 Investment in U.S. Treasury securities Total Assets $ 1,326 73,512 74,838 $ 0 $ $ 1,326 0 $ 73,512 74,838 (1) Cash equivalents are Special U.S. Treasury Certificates with overnight maturities valued at prevailing interest rates established by the Treasury’s Bureau of the Fiscal Service. (2) The investment in U.S. Treasury securities is measured based on prevailing market yields for federal government entities. 16. Subsequent Events Subsequent events have been evaluated through February 8, 2018, the date the financial statements are available to be issued. Based on management’s evaluation, there were no subsequent events requiring disclosure. FINANCIAL SECTION 13 111 ANNUAL REPORT FSLIC RESOLUTION FUND (FRF) Federal Deposit Insurance Corporation FSLIC Resolution Fund Balance Sheet As of December 31 2017 (Dollars in Thousands) 2016 ASSETS Cash and cash equivalents $ Other assets, net 885,380 $ 497 Total Assets 874,174 4,391 $ 885,877 $ 878,565 $ 92 $ 26 92 26 LIABILITIES Accounts payable and other liabilities Total Liabilities RESOLUTION EQUITY (NOTE 5) Contributed capital 125,489,317 125,489,317 Accumulated deficit (124,603,532) (124,610,778) Total Resolution Equity Total Liabilities and Resolution Equity $ The accompanying notes are an integral part of these financial statements. 112 FINANCIAL SECTION 885,785 878,539 885,877 $ 878,565 2017 FSLIC RESOLUTION FUND (FRF) Federal Deposit Insurance Corporation FSLIC Resolution Fund Statement of Income and Accumulated Deficit For the Years Ended December 31 2017 (Dollars in Thousands) 2016 REVENUE Interest on U.S. Treasury securities $ Other revenue Total Revenue 7,065 $ 2,070 764 3,278 7,829 5,348 562 2,725 21 (993) 0 (3,750) 583 (2,018) EXPENSES AND LOSSES Operating expenses Losses related to thrift resolutions (Note 6) Recovery of tax benefits Total Expenses and Losses Net Income 7,246 Accumulated Deficit - Beginning Accumulated Deficit - Ending $ 7,366 (124,610,778) (124,618,144) (124,603,532) $ (124,610,778) The accompanying notes are an integral part of these financial statements. FINANCIAL SECTION 113 ANNUAL REPORT FSLIC RESOLUTION FUND (FRF) Federal Deposit Insurance Corporation FSLIC Resolution Fund Statement of Cash Flows For the Years Ended December 31 2017 (Dollars in Thousands) 2016 OPERATING ACTIVITIES Provided by: Interest on U.S. Treasury securities $ 7,065 $ 2,070 Recovery of tax benefits 3,750 0 Recoveries from thrift resolutions 1,001 2,270 Department of Justice's return of unused goodwill legal expense funds (Note 3) 0 2,162 Miscellaneous receipts 4 0 (555) (3,363) (59) (2) Used by: Operating expenses Miscellaneous disbursements Net Cash Provided by Operating Activities 11,206 3,137 Net Increase in Cash and Cash Equivalents 11,206 3,137 874,174 871,037 885,380 $ 874,174 Cash and Cash Equivalents - Beginning Cash and Cash Equivalents - Ending $ The accompanying notes are an integral part of these financial statements. 114 FINANCIAL SECTION 2017 FSLIC RESOLUTION FUND NOTES TO THE FINANCIAL STATEMENTS December 31, 2017 and 2016 1. Operations/Dissolution of the FSLIC Resolution Fund OVERVIEW The Federal Deposit Insurance Corporation (FDIC) is the independent deposit insurance agency created by Congress in 1933 to maintain stability and public confidence in the nation’s banking system. Provisions that govern the FDIC’s operations are generally found in the Federal Deposit Insurance (FDI) Act, as amended (12 U.S.C. 1811, et seq). In accordance with the FDI Act, the FDIC, as administrator of the Deposit Insurance Fund (DIF), insures the deposits of banks and savings associations (insured depository institutions). In cooperation with other federal and state agencies, the FDIC promotes the safety and soundness of insured depository institutions (IDIs) by identifying, monitoring, and addressing risks to the DIF. In addition to being the administrator of the DIF, the FDIC is the administrator of the FSLIC Resolution Fund (FRF). As such, the FDIC is responsible for the sale of remaining assets and satisfaction of liabilities associated with the former Federal Savings and Loan Insurance Corporation (FSLIC) and the former Resolution Trust Corporation (RTC). The FDIC maintains the DIF and the FRF separately to support their respective functions. The FSLIC was created through the enactment of the National Housing Act of 1934. The Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA) abolished the insolvent FSLIC and created the FRF. At that time, the assets and liabilities of the FSLIC were transferred to the FRF – except those assets and liabilities transferred to the newly created RTC – effective on August 9, 1989. Further, the FIRREA established the Resolution Funding Corporation (REFCORP) to provide part of the initial funds used by the RTC for thrift resolutions. The RTC Completion Act of 1993 terminated the RTC as of December 31, 1995. All remaining assets and liabilities of the RTC were transferred to the FRF on January 1, 1996. Today, the FRF consists of two distinct pools of assets and liabilities: one composed of the assets and liabilities of the FSLIC transferred to the FRF upon the dissolution of the FSLIC (FRF-FSLIC), and the other composed of the RTC assets and liabilities (FRF-RTC). The assets of one pool are not available to satisfy obligations of the other. OPERATIONS/DISSOLUTION OF THE FRF The FRF will continue operations until all of its assets are sold or otherwise liquidated and all of its liabilities are satisfied. Any funds remaining in the FRF-FSLIC will be paid to the U.S. Treasury. Any remaining funds of the FRF-RTC will be distributed to the REFCORP to pay the interest on the REFCORP bonds. In addition, the FRF-FSLIC has available until expended $602 million in appropriations to facilitate, if required, efforts to wind up the resolution activity of the FRF-FSLIC. The FDIC has extensively reviewed and cataloged the FRF's remaining assets and liabilities. Some of the unresolved issues are: • criminal restitution orders (generally have from 1 to 21 years remaining to enforce); • collections of judgments obtained against officers and directors and other professionals responsible for causing or contributing to thrift losses (generally have up to 10 years remaining to enforce, unless the judgments are renewed or are covered by the Federal Debt Collections Procedures Act, which will result in significantly longer periods for collection of some judgments); • liquidation/disposition of residual assets purchased by the FRF from terminated receiverships; • one remaining issue related to assistance agreements entered into by the former FSLIC (FRF could continue to receive or refund overpayments of tax benefits sharing in future years); • a potential tax liability associated with a fully adjudicated goodwill litigation case (see Note 3); and • Affordable Housing Disposition Program monitoring (the last agreement expires no later than 2045; see Note 4). The FRF could realize recoveries from tax benefits sharing, criminal restitution orders, and professional liability claims. However, any potential recoveries are not reflected in the FRF’s financial statements, given the significant uncertainties surrounding the ultimate outcome. FINANCIAL SECTION 1 115 ANNUAL REPORT FSLIC RESOLUTION FUND On April 1, 2014, the FDIC concluded its role as receiver of FRF receiverships when the last active receivership was terminated. In total, 850 receiverships were liquidated by the FRF and the RTC. To facilitate receivership terminations, the FRF, in its corporate capacity, acquired the remaining receivership assets that could not be liquidated during the life of the receiverships due to restrictive clauses and other impediments. These assets are included in the “Other assets, net” line item on the Balance Sheet. During the years of receivership activity, the assets held by receivership entities, and the claims against them, were accounted for separately from the FRF’s assets and liabilities to ensure that receivership proceeds were distributed in accordance with applicable laws and regulations. Also, the income and expenses attributable to receiverships were accounted for as transactions of those receiverships. The FDIC, as administrator of the FRF, billed receiverships for services provided on their behalf. 2. Summary of Significant Accounting Policies GENERAL The financial statements include the financial position, results of operations, and cash flows of the FRF and are presented in accordance with U.S. generally accepted accounting principles (GAAP). During the years of receivership activity, these statements did not include reporting for assets and liabilities of receivership entities because these entities were legally separate and distinct, and the FRF did not have any ownership or beneficial interest in them. The FRF is a limited-life entity, however, it does not meet the requirements for presenting financial statements using the liquidation basis of accounting. According to Accounting Standards Codification Topic 205, Presentation of Financial Statements, a limited-life entity should apply the liquidation basis of accounting only if a change in the entity’s governing plan has occurred since its inception. By statute, the FRF is a limited-life entity whose dissolution will occur upon the satisfaction of all liabilities and the disposition of all assets. No changes to this statutory plan have occurred since inception of the FRF. estimates will cause a material change in the financial statements in the near term, the nature and extent of such potential changes in estimates have been disclosed. The estimate for other assets is considered significant. CASH EQUIVALENTS Cash equivalents are short-term, highly liquid investments consisting primarily of U.S. Treasury Overnight Certificates. RELATED PARTIES The nature of related parties and a description of related party transactions are discussed in Note 1 and disclosed throughout the financial statements and footnotes. APPLICATION OF RECENT ACCOUNTING STANDARDS In January 2016, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update (ASU) 2016-01, Financial Instruments—Overall (Subtopic 825-10): Recognition and Measurement of Financial Assets and Financial Liabilities. The ASU addresses certain aspects of recognition, measurement, presentation, and disclosure of financial instruments through targeted changes to existing guidance. The ASU permits nonpublic entities to exclude disclosures related to the fair value of financial instruments measured at amortized cost. The FDIC has early adopted this provision and Note 7 was revised accordingly. The FDIC has determined that the other provisions of the ASU, which are effective for the FRF beginning on January 1, 2019, will not have a material effect on the financial position of the FRF or its results of operations. In June 2016, the FASB issued ASU 2016-13, Financial Instruments – Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments. The ASU will replace the incurred loss impairment model with a new expected credit loss model for financial assets measured at amortized cost and for off-balance-sheet credit exposures. The FDIC has determined the ASU, which is effective for the FRF beginning on January 1, 2021, will not have a material effect on the financial position of the FRF or its results of operations. Other recent accounting pronouncements have been deemed not applicable or material to the financial statements as presented. USE OF ESTIMATES The preparation of the financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities, revenue and expenses, and disclosure of contingent liabilities. Actual results could differ from these estimates. Where it is reasonably possible that changes in 116 FINANCIAL SECTION 2 2017 NOTES TO THE FINANCIAL STATEMENTS 3. Goodwill Litigation In United States v. Winstar Corp., 518 U.S. 839 (1996), the Supreme Court held that when it became impossible following the enactment of FIRREA in 1989 for the federal government to perform certain agreements to count goodwill toward regulatory capital, the plaintiffs were entitled to recover damages from the United States. The contingent liability associated with the nonperformance of these agreements was transferred to the FRF on August 9, 1989, upon the dissolution of the FSLIC. The FRF can draw from an appropriation provided by Section 110 of the Department of Justice Appropriations Act, 2000 (Public Law 106-113, Appendix A, Title I, 113 Stat. 1501A-3, 1501A-20), such sums as may be necessary for the payment of judgments and compromise settlements in the goodwill litigation. This appropriation is to remain available until expended. Because an appropriation is available to pay such judgments and settlements, any estimated liability for goodwill litigation will have a corresponding receivable from the U.S. Treasury and therefore have no net impact on the financial condition of the FRF. The last remaining goodwill case was resolved in 2015. However, for another case fully adjudicated in 2012, an estimated loss of $8 million for the court-ordered reimbursement of potential tax liabilities to the plaintiff is reasonably possible. The FRF-FSLIC paid goodwill litigation expenses incurred by the Department of Justice (DOJ), the entity that defended these lawsuits against the United States, based on a Memorandum of Understanding (MOU) dated October 2, 1998, between the FDIC and the DOJ. These expenses were paid in advance by the FRF-FSLIC and any unused funds were carried over by the DOJ and applied toward the next fiscal year charges. In September 2016, the DOJ returned $2 million of unused funds to the FRF-FSLIC and retained $250 thousand to cover future administrative expenses. The returned funds were recognized in the “Other revenue” line item on the Statement of Income and Accumulated Deficit. 4. Guarantees future losses on these mortgage loans through 2020. Based on the most current data available, as of September 30, 2017, the maximum exposure on this indemnification is the current unpaid principal balance of the remaining 18 multifamily loans totaling $919 thousand. Based on a contingent liability assessment of this portfolio as of September 30, 2017, the majority of the loans are at least 90 percent amortized, and all are scheduled to mature within one to three years. Since all of the loans are performing and no losses have occurred since 2001, future payments on this indemnification are not expected. No contingent liability for this indemnification has been recorded as of December 31, 2017 and 2016. AFFORDABLE HOUSING DISPOSITION PROGRAM Required by FIRREA under section 501, the Affordable Housing Disposition Program (AHDP) was established in 1989 to ensure the preservation of affordable housing for low-income households. The FDIC, in its capacity as administrator of the FRF-RTC, assumed responsibility for monitoring property owner compliance with land use restriction agreements (LURAs). To enforce the property owners’ LURA obligation, the RTC, prior to its dissolution, entered into Memoranda of Understanding with 34 monitoring agencies to oversee these LURAs. As of December 31, 2017, 24 monitoring agencies oversee these LURAs. The FDIC, through the FRF, has agreed to indemnify the monitoring agencies for all losses related to LURA legal enforcement proceedings. Since 2006, the FDIC entered into two litigations against property owners and paid $23 thousand in legal expenses, which was fully reimbursed due to successful litigation. The maximum potential exposure to the FRF cannot be estimated as it is contingent upon future legal proceedings. However, loss mitigation factors include: (1) the indemnification may become void if the FDIC is not immediately informed upon receiving notice of any legal proceedings and (2) the FDIC is entitled to reimbursement of any legal expenses incurred for successful litigation against a property owner. AHDP guarantees will continue until the termination of the last LURA, or 2045 (whichever occurs first). As of December 31, 2017 and 2016, no contingent liability for this indemnification has been recorded. FANNIE MAE GUARANTEE On May 21, 2012, the FDIC, in its capacity as administrator of the FRF, entered into an agreement with Fannie Mae for the release of $13 million of credit enhancement reserves to the FRF in exchange for indemnifying Fannie Mae from all future losses incurred on 76 multi-family mortgage loans. The former RTC supplied Fannie Mae with the credit enhancement reserves in the form of cash collateral to cover FINANCIAL SECTION 3 117 ANNUAL REPORT FSLIC RESOLUTION FUND 5. Resolution Equity As stated in the Overview section of Note 1, the FRF is composed of two distinct pools: the FRF-FSLIC and the FRFRTC. The FRF-FSLIC consists of the assets and liabilities of the former FSLIC. The FRF-RTC consists of the assets and liabilities of the former RTC. Pursuant to legal restrictions, the two pools are maintained separately and the assets of one pool are not available to satisfy obligations of the other. Contributed capital, accumulated deficit, and resolution equity consisted of the following components by each pool (dollars in thousands). December 31, 2017 Contributed capital beginning Contributed capital ending FRF-FSLIC $ Accumulated deficit Total Resolution Equity $ 43,864,980 $ FRF-RTC 81,624,337 $ 81,624,337 125,489,317 (43,022,301) (81,581,231) (124,603,532) 842,679 $ Contributed capital ending FRF-FSLIC $ Accumulated deficit Total Resolution Equity $ 125,489,317 43,864,980 43,106 $ December 31, 2016 Contributed capital beginning FRF Consolidated 43,864,980 $ FRF-RTC 81,624,337 $ 885,785 FRF Consolidated 125,489,317 43,864,980 81,624,337 125,489,317 (43,029,200) (81,581,578) (124,610,778) 835,780 $ 42,759 $ 878,539 CONTRIBUTED CAPITAL The FRF-FSLIC and the former RTC received $43.5 billion and $60.1 billion from the U.S. Treasury, respectively, to fund losses from thrift resolutions prior to July 1, 1995. Additionally, the FRF-FSLIC issued $670 million in capital certificates to the Financing Corporation (a mixed-ownership government corporation established to function solely as a financing vehicle for the FSLIC) and the RTC issued $31.3 billion of these instruments to the REFCORP. FIRREA prohibited the payment of dividends on any of these capital certificates. Through December 31, 2017, the FRF-FSLIC received a total of $2.3 billion in goodwill appropriations, the effect of which increased contributed capital. 118 Through December 31, 2017, the FRF-RTC had returned $4.6 billion to the U.S. Treasury and made payments of $5.1 billion to the REFCORP. The most recent payment to the REFCORP was in July of 2013 for $125 million. In addition, the FDIC returned $2.6 billion to the U.S. Treasury on behalf of the FRF-FSLIC in 2013. These actions reduced contributed capital. ACCUMULATED DEFICIT The accumulated deficit represents the cumulative excess of expenses and losses over revenue for activity related to the FRF-FSLIC and the FRF-RTC. Approximately $29.8 billion and $87.9 billion were brought forward from the former FSLIC and the former RTC on August 9, 1989, and January 1, 1996, respectively. Since the dissolution dates, the FRF-FSLIC accumulated deficit increased by $13.2 billion, whereas the FRF-RTC accumulated deficit decreased by $6.3 billion. 6. Losses Related to Thrift Resolutions Losses related to thrift resolutions represent changes in the estimated losses on assets acquired from terminated receiverships, as well as expenses for the disposition and administration of these assets. These losses were $21 thousand for 2017, compared to negative $993 thousand for 2016. The negative balance in 2016 was due to a $1 million reduction in estimated losses for better-than-anticipated recoveries upon disposition of an asset. 7. Fair Value of Financial Instruments At December 31, 2017 and 2016, the FRF’s financial assets measured at fair value on a recurring basis are cash equivalents (see Note 2) of $842 million and $831 million, respectively. Cash equivalents are Special U.S. Treasury Certificates with overnight maturities valued at prevailing interest rates established by the U.S. Treasury’s Bureau of the Fiscal Service. The valuation is considered a Level 1 measurement in the fair value hierarchy, representing quoted prices in active markets for identical assets. FINANCIAL SECTION 4 2017 NOTES TO THE FINANCIAL STATEMENTS 8. Information Relating to the Statement of Cash Flows The following table presents a reconciliation of net income to net cash from operating activities (dollars in thousands). December 31 Operating Activities Net Income: Change in Assets and Liabilities: Decrease (Increase) in other assets Increase (Decrease) in accounts payable and other liabilities Net Cash Provided by Operating Activities 2017 $ $ 7,246 $ December 31 2016 7,366 3,894 (3,631) 66 (598) 11,206 $ 3,137 9. Subsequent Events Subsequent events have been evaluated through February 8, 2018, the date the financial statements are available to be issued. Based on management’s evaluation, there were no subsequent events requiring disclosure. FINANCIAL SECTION 5 119 ANNUAL REPORT GOVERNMENT ACCOUNTABILITY OFFICE AUDITOR’S REPORT 441 G St. N.W. Washington, DC 20548 Independent Auditor’s Report To the Board of Directors The Federal Deposit Insurance Corporation In our audits of the 2017 and 2016 financial statements of the Deposit Insurance Fund (DIF) and of the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund (FRF), both of which are administered by the Federal Deposit Insurance Corporation (FDIC), 1 we found • the financial statements of the DIF and of the FRF as of and for the years ended December 31, 2017, and 2016, are presented fairly, in all material respects, in accordance with U.S. generally accepted accounting principles; • FDIC maintained, in all material respects, effective internal control over financial reporting relevant to the DIF and to the FRF as of December 31, 2017; and • with respect to the DIF and to the FRF, no reportable noncompliance for 2017 with provisions of applicable laws, regulations, contracts, and grant agreements we tested. The following sections discuss in more detail (1) our report on the financial statements and on internal control over financial reporting and other information included with the financial statements; 2 (2) our report on compliance with laws, regulations, contracts, and grant agreements; and (3) agency comments. Report on the Financial Statements and on Internal Control over Financial Reporting In accordance with Section 17 of the Federal Deposit Insurance Act, as amended, 3 and the Government Corporation Control Act, 4 we have audited the financial statements of the DIF and of the FRF, both of which are administered by FDIC. The financial statements for the DIF comprise the balance sheets as of December 31, 2017, and 2016; the related statements of income and fund balance and of cash flows for the years then ended; and the related notes to the financial statements. The financial statements for the FRF comprise the balance sheets as of December 31, 2017, and 2016; the related statements of income and accumulated deficit and of cash flows for the years then ended; and the related notes to the financial statements. We also have audited FDIC’s internal control over financial reporting relevant to the DIF and to the FRF as of December 31, 2017, based on criteria established under 31 U.S.C. § 3512(c), (d), commonly known as the Federal Managers’ Financial Integrity Act (FMFIA). 1 A third fund managed by FDIC, the Orderly Liquidation Fund, established by Section 210(n) of the Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, 124 Stat. 1376, 1506 (July 21, 2010), is unfunded and did not have any transactions from its inception in 2010 through 2017. 2 Other information consists of information included with the financial statements, other than the auditor’s report. 3 Act of September 21, 1950, Pub. L. No. 797, § 2[17], 64 Stat. 873, 890, classified as amended at 12 U.S.C. § 1827. 4 31 U.S.C. §§ 9101-9110. 120 FINANCIAL SECTION 2017 GOVERNMENT ACCOUNTABILITY OFFICE AUDITOR’S REPORT (continued) We conducted our audits in accordance with U.S. generally accepted government auditing standards. We believe that the audit evidence we obtained is sufficient and appropriate to provide a basis for our audit opinions. Management’s Responsibility FDIC management is responsible for (1) the preparation and fair presentation of these financial statements in accordance with U.S. generally accepted accounting principles; (2) preparing and presenting other information included in documents containing the audited financial statements and auditor’s report, and ensuring the consistency of that information with the audited financial statements; (3) maintaining effective internal control over financial reporting, including the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error; (4) evaluating the effectiveness of internal control over financial reporting based on the criteria established under FMFIA; and (5) its assessment about the effectiveness of internal control over financial reporting as of December 31, 2017, included in the accompanying Management’s Report on Internal Control over Financial Reporting in appendix I. Auditor’s Responsibility Our responsibility is to express opinions on these financial statements and opinions on FDIC’s internal control over financial reporting relevant to the DIF and to the FRF based on our audits. U.S. generally accepted government auditing standards require that we plan and perform the audits to obtain reasonable assurance about whether the financial statements are free from material misstatement, and whether effective internal control over financial reporting was maintained in all material respects. We are also responsible for applying certain limited procedures to other information included with the financial statements. An audit of financial statements involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the auditor’s assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances. An audit of financial statements also involves evaluating the appropriateness of the accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. An audit of internal control over financial reporting involves performing procedures to obtain evidence about whether a material weakness exists. 5 The procedures selected depend on the auditor’s judgment, including the assessment of the risk that a material weakness exists. An audit of internal control over financial reporting also includes obtaining an understanding of internal control over financial reporting, and evaluating and testing the design and operating effectiveness of internal control over financial reporting based on the assessed risk. Our audit of internal control also considered FDIC’s process for evaluating and reporting on internal control 5 A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. FINANCIAL SECTION 121 ANNUAL REPORT GOVERNMENT ACCOUNTABILITY OFFICE AUDITOR’S REPORT (continued) over financial reporting based on criteria established under FMFIA. Our audits also included performing such other procedures as we considered necessary in the circumstances. We did not evaluate all internal controls relevant to operating objectives as broadly established under FMFIA, such as those controls relevant to preparing performance information and ensuring efficient operations. We limited our internal control testing to testing controls over financial reporting. Our internal control testing was for the purpose of expressing an opinion on whether effective internal control over financial reporting was maintained, in all material respects. Consequently, our audit may not identify all deficiencies in internal control over financial reporting that are less severe than a material weakness. Definition and Inherent Limitations of Internal Control over Financial Reporting An entity’s internal control over financial reporting is a process effected by those charged with governance, management, and other personnel, the objectives of which are to provide reasonable assurance that (1) transactions are properly recorded, processed, and summarized to permit the preparation of financial statements in accordance with U.S. generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition, and (2) transactions are executed in accordance with provisions of applicable laws, regulations, contracts, and grant agreements, noncompliance with which could have a material effect on the financial statements. Because of its inherent limitations, internal control over financial reporting may not prevent, or detect and correct, misstatements due to fraud or error. We also caution that projecting any evaluation of effectiveness to future periods is subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate. Opinions on Financial Statements In our opinion, • the DIF’s financial statements present fairly, in all material respects, the DIF’s financial position as of December 31, 2017, and 2016, and the results of its operations and its cash flows for the years then ended, in accordance with U.S. generally accepted accounting principles, and • the FRF’s financial statements present fairly, in all material respects, the FRF’s financial position as of December 31, 2017, and 2016, and the results of its operations and its cash flows for the years then ended, in accordance with U.S. generally accepted accounting principles. Opinions on Internal Control over Financial Reporting In our opinion, 122 • FDIC maintained, in all material respects, effective internal control over financial reporting relevant to the DIF as of December 31, 2017, based on criteria established under FMFIA and • FDIC maintained, in all material respects, effective internal control over financial reporting relevant to the FRF as of December 31, 2017, based on criteria established under FMFIA. FINANCIAL SECTION 2017 GOVERNMENT ACCOUNTABILITY OFFICE AUDITOR’S REPORT (continued) FDIC made progress during 2017 in addressing a significant deficiency 6 that we reported in our 2016 audit. 7 Specifically, FDIC sufficiently addressed the deficiencies in information systems access and configuration management controls such that we no longer consider the remaining control deficiencies in this area, individually or collectively, to represent a significant deficiency as of December 31, 2017. During our 2017 audit, we identified other deficiencies in FDIC’s internal control over financial reporting that we do not consider to be material weaknesses or significant deficiencies. Nonetheless, these deficiencies warrant FDIC management’s attention. We have communicated these matters to FDIC management and, where appropriate, will report on them separately. Other Matters Other Information FDIC’s other information contains a wide range of information, some of which is not directly related to the financial statements. This information is presented for purposes of additional analysis and is not a required part of the financial statements. We read the other information included with the financial statements in order to identify material inconsistencies, if any, with the audited financial statements. Our audit was conducted for the purpose of forming opinions on the DIF and the FRF financial statements. We did not audit and do not express an opinion or provide any assurance on the other information. Report on Compliance with Laws, Regulations, Contracts, and Grant Agreements In connection with our audits of the financial statements of the DIF and of the FRF, both of which are administered by FDIC, we tested compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements consistent with our auditor’s responsibility discussed below. We caution that noncompliance may occur and not be detected by these tests. We performed our tests of compliance in accordance with U.S. generally accepted government auditing standards. Management’s Responsibility FDIC management is responsible for complying with applicable laws, regulations, contracts, and grant agreements. Auditor’s Responsibility Our responsibility is to test compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements that have a direct effect on the determination of material amounts and disclosures in the financial statements of the DIF and of the FRF, and to perform certain other limited procedures. Accordingly, we did not test FDIC’s compliance with all applicable laws, regulations, contracts, and grant agreements. 6 A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. 7 GAO, Financial Audit: Federal Deposit Insurance Corporation Funds’ 2016 and 2015 Financial Statements, GAO-17299R (Washington, D.C.: Feb. 15, 2017). FINANCIAL SECTION 123 ANNUAL REPORT GOVERNMENT ACCOUNTABILITY OFFICE AUDITOR’S REPORT (continued) Results of Our Tests for Compliance with Laws, Regulations, Contracts, and Grant Agreements Our tests for compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements disclosed no instances of noncompliance for 2017 that would be reportable, with respect to the DIF and to the FRF, under U.S. generally accepted government auditing standards. However, the objective of our tests was not to provide an opinion on compliance with applicable laws, regulations, contracts, and grant agreements. Accordingly, we do not express such an opinion. Intended Purpose of Report on Compliance with Laws, Regulations, Contracts, and Grant Agreements The purpose of this report is solely to describe the scope of our testing of compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements, and the results of that testing, and not to provide an opinion on compliance. This report is an integral part of an audit performed in accordance with U.S. generally accepted government auditing standards in considering compliance. Accordingly, this report on compliance with laws, regulations, contracts, and grant agreements is not suitable for any other purpose. Agency Comments In commenting on a draft of this report, FDIC stated that it was pleased to receive unmodified opinions on the DIF’s and the FRF’s financial statements, and noted that we reported that FDIC had effective internal control over financial reporting and that there was no reportable noncompliance with tested provisions of applicable laws, regulations, contracts, and grant agreements. Further, FDIC stated that it remains committed to ensuring sound financial management remains a top priority. The complete text of FDIC’s response is reprinted in appendix II. James R. Dalkin Director Financial Management and Assurance February 8, 2018 124 FINANCIAL SECTION 2017 Appendix I MANAGEMENT’S REPORT ON INTERNAL CONTROL OVER FINANCIAL REPORTING FINANCIAL SECTION 125 ANNUAL REPORT Appendix II MANAGEMENT’S RESPONSE TO THE AUDITOR’S REPORT 126 FINANCIAL SECTION VI. RISK MANAGEMENT AND INTERNAL CONTROLS 127 THIS PAGE INTENTIONALLY LEFT BLANK 2017 The FDIC uses several means to maintain comprehensive internal controls, ensure the overall effectiveness and efficiency of operations, and otherwise comply as necessary with the following federal standards, among others: ♦♦ Chief Financial Officers’ Act (CFO Act) ♦♦ Federal Managers’ Financial Integrity Act (FMFIA) ♦♦ Federal Financial Management Improvement Act (FFMIA) ♦♦ Government Performance and Results Act (GPRA) ♦♦ Federal Information Security Management Act (FISMA) ♦♦ OMB Circular A-123 ♦♦ GAO’s Standards for Internal Control in the Federal Government As a foundation for these efforts, the Division of Finance, Risk Management and Internal Controls Branch oversees a corporate-wide program of relevant activities by establishing policies and working with management in each division and office in the FDIC. The FDIC has made a concerted effort to ensure that financial, reputational, and operational risks have been identified and that corresponding control needs are being incorporated into day-to-day operations. The program also requires that comprehensive procedures be documented, employees be thoroughly trained, and supervisors be held accountable for performance and results. Compliance monitoring is carried out through periodic management reviews and by the distribution of various activity reports to all levels of management. Conscientious attention is also paid to the implementation of audit recommendations made by the FDIC Office of Inspector General, the GAO, and other providers of external/audit scrutiny. The FDIC has received unmodified/unqualified opinions on its financial statement audits for 26 consecutive years, and these and other positive results reflect the effectiveness of the overall management control program. In 2017, efforts were focused on data mining, continuity of operations, process mapping, process improvements, internal controls of outsourced service providers, continuation of efforts on failed bank data, and systems security. Considerable energy was devoted to ensuring that the FDIC’s processes and systems of control have kept pace with the workload, and that the foundation of controls throughout the FDIC remained strong. During 2018, RMIC will continue to focus on enhancing FDIC’s Risk Management program, improving data mining capabilities, identifying performance metrics, mapping key operational areas, exploring opportunities for process improvement, monitoring FDIC’s internal controls over outsourced service providers, continuing efforts with stakeholders on failed bank data, and system security. Also, continued emphasis and management scrutiny will be applied to the accuracy and integrity of transactions and oversight of systems development efforts in general. FRAUD REDUCTION AND DATA ANALYTICS ACT OF 2015 The Fraud Reduction and Data Analytics Act of 2015 was signed into law on June 30, 2016. The law is intended to improve federal agency financial and administrative controls and procedures to assess and mitigate fraud risks, and to improve federal agencies’ development and use of data analytics for the purpose of identifying, preventing, and responding to fraud, including improper payments. The FDIC’s enterprise risk management and internal control program considers the potential for fraud and incorporates elements of Principle 8 – Assess Fraud Risk, of the GAO Standards of Internal Control in the Federal Government. The FDIC implemented a Fraud Risk Assessment Framework as a basis for identifying potential financial fraud risks and schemes, ensuring that preventive and detective controls are present and working as intended. Examples of fraud risks are contractor payments, wire transfers, travel card purchases, and theft of cash receipts. RISK MANAGEMENT AND INTERNAL CONTROLS 129 129 ANNUAL REPORT As part of the Framework, potential fraud areas are identified and key controls are evaluated/implemented as proactive measures to fraud prevention. Although no system of internal control provides absolute assurance, the FDIC’s system of internal control can provide reasonable assurance that key controls are adequate and working as intended. Monitoring activities include supervisory approvals, management reports, and exception reporting. FDIC management performs due diligence in areas of suspected or alleged fraud. At the conclusion of due diligence, the matter is either dropped or referred to the Office of Inspector General for investigation. During 2017, there has been no systemic fraud identified within the FDIC. MANAGEMENT REPORT ON FINAL ACTIONS As required under amended Section 5 of the Inspector General Act of 1978, the FDIC must report information on final action taken by management on certain audit reports. The tables on the following pages provide information on final action taken by management on audit reports for the federal fiscal year period October 1, 2016, through September 30, 2017. TABLE 1: MANAGEMENT REPORT ON FINAL ACTION ON AUDITS WITH DISALLOWED COSTS FOR FISCAL YEAR 2017 Dollars in Thousands Number of Reports Disallowed Costs 1 $55 2 $6 3 $61 (a) Collections & offsets 3 $791 (b) Other 0 $0 2. Write-offs 0 $0 3. Total of 1 & 2 Audit reports needing final action at the end of the period 3 $79 0 $02 Audit Reports A. B. C. D. E. Management decisions – final action not taken at beginning of period Management decisions made during the period Total reports pending final action during the period (A and B) 1. Recoveries: 1 Amount collected in D1(a) included excess recoveries of $18,000 for one report, EVAL-16-005. 2 The amount is zero because all recoveries were collected during the reporting period. TABLE 2: MANAGEMENT REPORT ON FINAL ACTION ON AUDITS WITH RECOMMENDATIONS TO PUT FUNDS TO BETTER USE FOR FISCAL YEAR 2017 Dollars in Thousands (There were no audit reports in this category.) 130 RISK MANAGEMENT AND INTERNAL CONTROLS 2017 TABLE 3: AUDIT REPORTS WITHOUT FINAL ACTIONS BUT WITH MANAGEMENT DECISIONS OVER ONE YEAR OLD FOR FISCAL YEAR 2017 Report No. and Issue Date AUD-14-002 11/21/2013 AUD-15-008 09/16/2015 OIG Audit Finding Management Action The Director, Division of Administration (DOA) should coordinate with Division of Information Technology (DIT) and FDIC division and office officials, as appropriate, to address potential gaps that may exist between the 12hour timeframe required to restore mission essential functions following an emergency and the 72-hour recovery time objective for restoring mission critical applications. The Chief Information Officer Organization developed cost estimates for recovering applications within 12-72 hours and prepared a Board Case that presented the approach for meeting the associated continuity of operations objectives. The Directors of RMS and DCP should coordinate to assess the effectiveness of the FDIC’s supervisory policy and approach with respect to the issues and risks discussed in this report after a reasonable period of time is allowed for implementation. RMS, jointly with DCP, is developing the scope and methodology for the Survey, which will include participation of a cross-section of personnel in three regions to assess their implementation and understanding of supervisory guidance. The Survey will include a final written document summarizing the results. Disallowed Costs $0 Due Date: Subsequently Closed $0 Due Date: 3/30/2018 AUD-16-001 10/28/2015 The Acting CIO should assess the ISM Outsourced Information Service Provider Assessment Methodology processes supporting information service provider assessments to determine and implement any needed improvements to ensure timely completion of assessments. The Chief Information Officer Organization has developed a new methodology for managing the process. A transition plan will be developed and executed to ensure timely completion of assessments while the new methodology is being phased in. $0 Due Date: 6/30/2018 AUD-16-004 07/07/2016 The CIO should revise procedures and controls for incident handling, to include major incidents, to ensure that risks associated with these incidents are sufficiently documented and supported by appropriate evidence. Procedures were revised and controls improved to ensure that risks associated with incidents, to include major incidents, are sufficiently documented and supported by appropriate evidence. $0 Due Date: Completion undergoing independent review. RISK MANAGEMENT AND INTERNAL CONTROLS 131 THIS PAGE INTENTIONALLY LEFT BLANK VII. APPENDICES 133 THIS PAGE INTENTIONALLY LEFT BLANK 2017 A. KEY STATISTICS FDIC ACTIONS ON FINANCIAL INSTITUTIONS APPLICATIONS 2015–2017 Deposit Insurance Approved1 Denied New Branches Approved Denied Mergers Approved Denied Requests for Consent to Serve2 Approved Section 19 Section 32 Denied Section 19 Section 32 Notices of Change in Control Letters of Intent Not to Disapprove Disapproved Brokered Deposit Waivers Approved Denied Savings Association Activities Approved Denied State Bank Activities/Investments3 Approved Denied Conversion of Mutual Institutions Non-Objection Objection 1 2 3 2017 2016 2015 12 7 5 12 7 5 0 0 0 500 507 548 500 507 548 0 0 0 218 245 270 218 245 270 0 0 0 104 167 240 104 164 239 1 9 7 103 155 232 0 3 1 0 0 0 0 3 1 17 14 20 17 14 20 0 0 0 12 14 20 11 13 20 1 1 0 1 0 1 1 0 1 0 0 0 2 5 10 2 5 10 0 0 0 5 5 4 5 5 4 0 0 0 Includes deposit insurance application filed on behalf of (1) newly organized institutions, (2) existing uninsured financial services companies seeking establishment as an insured institution, and (3) interim institutions established to facilitate merger or conversion transactions, and applications to facilitate the establishment of thrift holding companies. Under Section 19 of the Federal Deposit Insurance (FDI) Act, an insured institution must receive FDIC approval before employing a person convicted of dishonesty or breach of trust. Under Section 32, the FDIC must approve any change of directors or senior executive officers at a state nonmember bank that is not in compliance with capital requirements or is otherwise in troubled condition. Section 24 of the FDI Act, in general, prohibits a federally-insured state bank from engaging in an activity not permissible for a national bank and requires notices to be filed with the FDIC. APPENDICES 135 135 ANNUAL REPORT COMBINED RISK AND CONSUMER ENFORCEMENT ACTIONS 2015–2017 2017 Total Number of Actions Initiated by the FDIC Termination of Insurance Involuntary Termination Sec. 8a For Violations, Unsafe/Unsound Practices or Conditions Voluntary Termination Sec. 8a By Order Upon Request Sec. 8p No Deposits Sec. 8q Deposits Assumed Sec. 8b Cease-and-Desist Actions Notices of Charges Issued Orders to Pay Restitution Consent Orders Personal Cease and Desist Orders Sec. 8e Removal/Prohibition of Director or Officer Notices of Intention to Remove/Prohibit Consent Orders Sec. 8g Suspension/Removal When Charged With Crime Civil Money Penalties Issued Sec. 7a Call Report Penalties Sec. 8i Civil Money Penalties Sec. 8i Civil Money Penalty Notices of Assessment Sec. 10c Orders of Investigation Sec. 19 Waiver Orders Approved Section 19 Waiver Orders Denied Section 19 Waiver Orders Sec. 32 Notices Disapproving Officer/Director’s Request for Review Truth-in-Lending Act Reimbursement Actions Denials of Requests for Relief Grants of Relief Banks Making Reimbursement* Suspicious Activity Reports (Open and closed institutions)* Other Actions Not Listed 2016 2015 231 259 268 9 5 11 0 0 0 0 0 0 9 5 11 0 0 0 8 5 6 1 0 5 26 30 48 0 2 3 4 0 9 14 26 36 8 2 0 65 97 88 7 8 4 58 89 84 0 0 0 47 37 45 0 0 0 42 34 36 5 3 9 9 10 19 71 72 51 71 72 51 0 0 0 0 1 0 135 83 64 0 0 0 0 0 0 135 83 64 182,647 222,836 189,505 4 7 6 * These actions do not constitute the initiation of a formal enforcement action and, therefore, are not included in the total number of actions initiated. 136 APPENDICES 2017 ESTIMATED INSURED DEPOSITS AND THE DEPOSIT INSURANCE FUND, DECEMBER 31, 1934, THROUGH SEPTEMBER 30, 20171 Dollars in Millions (except Insurance Coverage) Deposits in Insured Institutions2 Year 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990 1989 1988 1987 1986 1985 Insurance Coverage2 $250,000 250,000 250,000 250,000 250,000 250,000 250,000 250,000 250,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 Total Domestic Deposits $11,963,382 11,691,575 10,950,122 10,408,187 9,825,479 9,474,720 8,782,291 7,887,858 7,705,354 7,505,408 6,921,678 6,640,097 6,229,753 5,724,621 5,223,922 4,916,078 4,564,064 4,211,895 3,885,826 3,817,150 3,602,189 3,454,556 3,318,595 3,184,410 3,220,302 3,275,530 3,331,312 3,415,464 3,412,503 2,337,080 2,198,648 2,162,687 1,975,030 Est. Insured Deposits $7,091,993 6,914,305 6,522,388 6,196,472 5,998,238 7,402,053 6,973,483 6,301,542 5,407,773 4,750,783 4,292,211 4,153,808 3,890,930 3,622,059 3,452,497 3,383,598 3,215,581 3,055,108 2,869,208 2,850,452 2,746,477 2,690,439 2,663,873 2,588,619 2,602,781 2,677,709 2,733,387 2,784,838 2,755,471 1,756,771 1,657,291 1,636,915 1,510,496 Percentage of Domestic Deposits 59.3 59.1 59.6 59.5 61.0 78.1 79.4 79.9 70.2 63.3 62.0 62.6 62.5 63.3 66.1 68.8 70.5 72.5 73.8 74.7 76.2 77.9 80.3 81.3 80.8 81.7 82.1 81.5 80.7 75.2 75.4 75.7 76.5 APPENDICES Deposit Insurance Fund $90,505.9 83,161.5 72,600.2 62,780.2 47,190.8 32,957.8 11,826.5 (7,352.2) (20,861.8) 17,276.3 52,413.0 50,165.3 48,596.6 47,506.8 46,022.3 43,797.0 41,373.8 41,733.8 39,694.9 39,452.1 37,660.8 35,742.8 28,811.5 23,784.5 14,277.3 178.4 (6,934.0) 4,062.7 13,209.5 14,061.1 18,301.8 18,253.3 17,956.9 Insurance Fund as a Percentage of Total Domestic Est. Insured Deposits Deposits 0.76 1.28 0.71 1.20 0.66 1.11 0.60 1.01 0.48 0.79 0.35 0.45 0.13 0.17 (0.09) (0.12) (0.27) (0.39) 0.23 0.36 0.76 1.22 0.76 1.21 0.78 1.25 0.83 1.31 0.88 1.33 0.89 1.29 0.91 1.29 0.99 1.37 1.02 1.38 1.03 1.38 1.05 1.37 1.03 1.33 0.87 1.08 0.75 0.92 0.44 0.55 0.01 0.01 (0.21) (0.25) 0.12 0.15 0.39 0.48 0.60 0.80 0.83 1.10 0.84 1.12 0.91 1.19 137 ANNUAL REPORT ESTIMATED INSURED DEPOSITS AND THE DEPOSIT INSURANCE FUND, DECEMBER 31, 1934, THROUGH SEPTEMBER 30, 20171 (continued) Dollars in Millions (except Insurance Coverage) Deposits in Insured Institutions2 Year 1984 1983 1982 1981 1980 1979 1978 1977 1976 1975 1974 1973 1972 1971 1970 1969 1968 1967 1966 1965 1964 1963 1962 1961 1960 1959 1958 1957 1956 1955 1954 1953 1952 138 Insurance Coverage2 100,000 100,000 100,000 100,000 100,000 40,000 40,000 40,000 40,000 40,000 40,000 20,000 20,000 20,000 20,000 20,000 15,000 15,000 15,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 Total Domestic Deposits 1,805,334 1,690,576 1,544,697 1,409,322 1,324,463 1,226,943 1,145,835 1,050,435 941,923 875,985 833,277 766,509 697,480 610,685 545,198 495,858 491,513 448,709 401,096 377,400 348,981 313,304 297,548 281,304 260,495 247,589 242,445 225,507 219,393 212,226 203,195 193,466 188,142 Est. Insured Deposits 1,393,421 1,268,332 1,134,221 988,898 948,717 808,555 760,706 692,533 628,263 569,101 520,309 465,600 419,756 374,568 349,581 313,085 296,701 261,149 234,150 209,690 191,787 177,381 170,210 160,309 149,684 142,131 137,698 127,055 121,008 116,380 110,973 105,610 101,841 Insurance Fund as a Percentage of Percentage of Domestic Deposits 77.2 75.0 73.4 70.2 71.6 65.9 66.4 65.9 66.7 65.0 62.4 60.7 60.2 61.3 64.1 63.1 60.4 58.2 58.4 55.6 55.0 56.6 57.2 57.0 57.5 57.4 56.8 56.3 55.2 54.8 54.6 54.6 54.1 APPENDICES Deposit Insurance Fund 16,529.4 15,429.1 13,770.9 12,246.1 11,019.5 9,792.7 8,796.0 7,992.8 7,268.8 6,716.0 6,124.2 5,615.3 5,158.7 4,739.9 4,379.6 4,051.1 3,749.2 3,485.5 3,252.0 3,036.3 2,844.7 2,667.9 2,502.0 2,353.8 2,222.2 2,089.8 1,965.4 1,850.5 1,742.1 1,639.6 1,542.7 1,450.7 1,363.5 Total Domestic Deposits 0.92 0.91 0.89 0.87 0.83 0.80 0.77 0.76 0.77 0.77 0.73 0.73 0.74 0.78 0.80 0.82 0.76 0.78 0.81 0.80 0.82 0.85 0.84 0.84 0.85 0.84 0.81 0.82 0.79 0.77 0.76 0.75 0.72 Est. Insured Deposits 1.19 1.22 1.21 1.24 1.16 1.21 1.16 1.15 1.16 1.18 1.18 1.21 1.23 1.27 1.25 1.29 1.26 1.33 1.39 1.45 1.48 1.50 1.47 1.47 1.48 1.47 1.43 1.46 1.44 1.41 1.39 1.37 1.34 2017 ESTIMATED INSURED DEPOSITS AND THE DEPOSIT INSURANCE FUND, DECEMBER 31, 1934, THROUGH SEPTEMBER 30, 20171 (continued) Dollars in Millions (except Insurance Coverage) Deposits in Insured Institutions2 Year 1951 1950 1949 1948 1947 1946 1945 1944 1943 1942 1941 1940 1939 1938 1937 1936 1935 1934 Insurance Coverage2 10,000 10,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 Total Domestic Deposits 178,540 167,818 156,786 153,454 154,096 148,458 157,174 134,662 111,650 89,869 71,209 65,288 57,485 50,791 48,228 50,281 45,125 40,060 Est. Insured Deposits 96,713 91,359 76,589 75,320 76,254 73,759 67,021 56,398 48,440 32,837 28,249 26,638 24,650 23,121 22,557 22,330 20,158 18,075 Insurance Fund as a Percentage of Percentage of Domestic Deposits 54.2 54.4 48.8 49.1 49.5 49.7 42.6 41.9 43.4 36.5 39.7 40.8 42.9 45.5 46.8 44.4 44.7 45.1 Deposit Insurance Fund 1,282.2 1,243.9 1,203.9 1,065.9 1,006.1 1,058.5 929.2 804.3 703.1 616.9 553.5 496.0 452.7 420.5 383.1 343.4 306.0 291.7 Total Domestic Deposits 0.72 0.74 0.77 0.69 0.65 0.71 0.59 0.60 0.63 0.69 0.78 0.76 0.79 0.83 0.79 0.68 0.68 0.73 Est. Insured Deposits 1.33 1.36 1.57 1.42 1.32 1.44 1.39 1.43 1.45 1.88 1.96 1.86 1.84 1.82 1.70 1.54 1.52 1.61 1 For 2017, figures are as of September 30; all other prior years are as of December 31. Prior to 1989, figures are for the Bank Insurance Fund (BIF) only and exclude insured branches of foreign banks. For 1989 to 2005, figures represent the sum of the BIF and Savings Association Insurance Fund (SAIF) amounts; for 2006 to 2017, figures are for DIF. Amounts for 1989-2017 include insured branches of foreign banks. Prior to year-end 1991, insured deposits were estimated using percentages determined from June Call and Thrift Financial Reports. 2 The year-end 2008 coverage limit and estimated insured deposits do not reflect the temporary increase to $250,000 then in effect under the Emergency Economic Stabilization Act of 2008. The Dodd-Frank Wall Street Reform and Consumer Protection (Dodd-Frank) Act made this coverage limit permanent. The year-end 2009 coverage limit and estimated insured deposits reflect the $250,000 coverage limit. The Dodd-Frank Act also temporarily provided unlimited coverage for non-interest bearing transaction accounts for two years beginning December 31, 2010. Coverage for certain retirement accounts increased to $250,000 in 2006. Initial coverage limit was $2,500 from January 1 to June 30, 1934. APPENDICES 139 ANNUAL REPORT INCOME AND EXPENSES, DEPOSIT INSURANCE FUND, FROM BEGINNING OF OPERATIONS, SEPTEMBER 11, 1933, THROUGH DECEMBER 31, 2017 Dollars in Millions Income 140 Year Total Assessment Income TOTAL Expenses and Losses Assessment Credits Investment and Other Effective Assessment Rate1 Total Provision for Ins. Losses Admin. and Operating Expenses2 Interest & Other Ins. Expenses Funding Transfer from the FSLIC Resolution Fund Net Income/ (Loss) $242,293.1 $175,595.0 $11,392.9 $78,091.0 $149,306.1 $108,291.2 $31,549.0 $9,466.0 $139.5 $93,126.5 2017 11,663.7 10,594.8 0.0 1,068.9 0.0717% 1,558.2 (183.1) 1,739.4 2.0 0 10,105.5 2016 10,674.1 9,986.6 0.0 687.5 0.0699% 150.6 (1,567.9) 1,715.0 3.5 0 10,523.5 2015 9,303.5 8,846.8 0.0 456.7 0.0647% (553.2) (2,251.3) 1,687.2 10.9 0 9,856.7 2014 8,965.1 8,656.1 0.0 309.0 0.0663% (6,634.7) (8,305.5) 1,664.3 6.5 0 15,599.8 2013 10,458.9 9,734.2 0.0 724.7 0.0775% (4,045.9) (5,659.4) 1,608.7 4.8 0 14,504.8 2012 18,522.3 12,397.2 0.2 6,125.3 0.1012% (2,599.0) (4,222.6) 1,777.5 (153.9) 0 21,121.3 2,843.4 0.1115% (2,915.4) 19,257.4 2011 16,342.0 13,499.5 0.9 2010 13,379.9 13,611.2 0.8 2009 24,706.4 17,865.4 148.0 (230.5) 6,989.0 (4,413.6) 1,625.4 (127.2) 0 0.1772% 75.0 (847.8) 1,592.6 (669.8) 0 13,304.9 0.2330% 60,709.0 57,711.8 1,271.1 1,726.1 0 (36,002.6) 2008 7,306.3 4,410.4 1,445.9 4,341.8 0.0418% 44,339.5 41,838.8 1,033.5 1,467.2 0 (37,033.2) 2007 3,196.2 3,730.9 3,088.0 2,553.3 0.0093% 1,090.9 95.0 992.6 3.3 0 2,105.3 2006 2,643.5 31.9 0.0 2,611.6 0.0005% 904.3 (52.1) 950.6 5.8 0 1,739.2 2005 2,420.5 60.9 0.0 2,359.6 0.0010% 809.3 (160.2) 965.7 3.8 0 1,611.2 2004 2,240.3 104.2 0.0 2,136.1 0.0019% 607.6 (353.4) 941.3 19.7 0 1,632.7 2003 2,173.6 94.8 0.0 2,078.8 0.0019% (67.7) (1,010.5) 935.5 7.3 0 2,241.3 2002 2,384.7 107.8 0.0 2,276.9 0.0023% 719.6 (243.0) 945.1 17.5 0 1,665.1 2001 2,730.1 83.2 0.0 2,646.9 0.0019% 3,123.4 2,199.3 887.9 36.2 0 2000 2,570.1 64.3 0.0 2,505.8 0.0016% 945.2 28.0 883.9 33.3 0 (393.3) 1,624.9 1999 2,416.7 48.4 0.0 2,368.3 0.0013% 2,047.0 1,199.7 823.4 23.9 0 369.7 1998 2,584.6 37.0 0.0 2,547.6 0.0010% 817.5 (5.7) 782.6 40.6 0 1,767.1 1997 2,165.5 38.6 0.0 2,126.9 0.0011% 247.3 (505.7) 677.2 75.8 0 1,918.2 1996 7,156.8 5,294.2 0.0 1,862.6 0.1622% 353.6 (417.2) 568.3 202.5 0 6,803.2 1995 5,229.2 3,877.0 0.0 1,352.2 0.1238% 202.2 (354.2) 510.6 45.8 0 5,027.0 1994 7,682.1 6,722.7 0.0 959.4 0.2192% (1,825.1) (2,459.4) 443.2 191.1 0 9,507.2 1993 7,354.5 6,682.0 0.0 672.5 0.2157% (6,744.4) (7,660.4) 418.5 497.5 0 14,098.9 1992 6,479.3 5,758.6 0.0 720.7 0.1815% (596.8) (2,274.7) 614.83 1,063.1 35.4 7,111.5 1991 5,886.5 5,254.0 0.0 632.5 0.1613% 16,925.3 15,496.2 326.1 1,103.0 42.4 (10,996.4) 1990 3,855.3 2,872.3 0.0 983.0 0.0868% 13,059.3 12,133.1 275.6 650.6 56.1 (9,147.9) 1989 3,494.8 1,885.0 0.0 1,609.8 0.0816% 4,352.2 3,811.3 219.9 321.0 5.6 (851.8) 1988 3,347.7 1,773.0 0.0 1,574.7 0.0825% 7,588.4 6,298.3 223.9 1,066.2 0 (4,240.7) 1987 3,319.4 1,696.0 0.0 1,623.4 0.0833% 3,270.9 2,996.9 204.9 69.1 0 48.5 1986 3,260.1 1,516.9 0.0 1,743.2 0.0787% 2,963.7 2,827.7 180.3 (44.3) 0 296.4 1985 3,385.5 1,433.5 0.0 1,952.0 0.0815% 1,957.9 1,569.0 179.2 209.7 0 1,427.6 1984 3,099.5 1,321.5 0.0 1,778.0 0.0800% 1,999.2 1,633.4 151.2 214.6 0 1,100.3 1983 2,628.1 1,214.9 164.0 1,577.2 0.0714% 969.9 675.1 135.7 159.1 0 1,658.2 1982 2,524.6 1,108.9 96.2 1,511.9 0.0769% 999.8 126.4 129.9 743.5 0 1,524.8 APPENDICES 2017 INCOME AND EXPENSES, DEPOSIT INSURANCE FUND, FROM BEGINNING OF OPERATIONS, SEPTEMBER 11, 1933, THROUGH DECEMBER 31, 2017 (continued) Dollars in Millions Income Assessment Income Expenses and Losses Assessment Credits Investment and Other Effective Assessment Rate1 Total Provision for Ins. Losses Admin. and Operating Expenses2 Interest & Other Ins. Expenses Funding Transfer from the FSLIC Resolution Fund Net Income/ (Loss) Year Total 1981 2,074.7 1,039.0 117.1 1,152.8 0.0714% 848.1 320.4 127.2 400.5 0 1,226.6 1980 1,310.4 951.9 521.1 879.6 0.0370% 83.6 (38.1) 118.2 3.5 0 1,226.8 1979 1,090.4 881.0 524.6 734.0 0.0333% 93.7 (17.2) 106.8 4.1 0 996.7 1978 952.1 810.1 443.1 585.1 0.0385% 148.9 36.5 103.3 9.1 0 803.2 1977 837.8 731.3 411.9 518.4 0.0370% 113.6 20.8 89.3 3.5 0 724.2 1976 764.9 676.1 379.6 468.4 0.0370% 212.3 28.0 180.4 3.9 0 552.6 1975 689.3 641.3 362.4 410.4 0.0357% 97.5 27.6 67.7 2.2 0 591.8 1974 668.1 587.4 285.4 366.1 0.0435% 159.2 97.9 59.2 2.1 0 508.9 4 1973 561.0 529.4 283.4 315.0 0.0385% 108.2 52.5 54.4 1.3 0 452.8 1972 467.0 468.8 280.3 278.5 0.0333% 65.7 10.1 49.6 6.0 5 0 401.3 355.0 1971 415.3 417.2 241.4 239.5 0.0345% 60.3 13.4 46.9 0.0 0 1970 382.7 369.3 210.0 223.4 0.0357% 46.0 3.8 42.2 0.0 0 336.7 1969 335.8 364.2 220.2 191.8 0.0333% 34.5 1.0 33.5 0.0 0 301.3 1968 295.0 334.5 202.1 162.6 0.0333% 29.1 0.1 29.0 0.0 0 265.9 1967 263.0 303.1 182.4 142.3 0.0333% 27.3 2.9 24.4 0.0 0 235.7 1966 241.0 284.3 172.6 129.3 0.0323% 19.9 0.1 19.8 0.0 0 221.1 1965 214.6 260.5 158.3 112.4 0.0323% 22.9 5.2 17.7 0.0 0 191.7 1964 197.1 238.2 145.2 104.1 0.0323% 18.4 2.9 15.5 0.0 0 178.7 1963 181.9 220.6 136.4 97.7 0.0313% 15.1 0.7 14.4 0.0 0 166.8 1962 161.1 203.4 126.9 84.6 0.0313% 13.8 0.1 13.7 0.0 0 147.3 1961 147.3 188.9 115.5 73.9 0.0323% 14.8 1.6 13.2 0.0 0 132.5 1960 144.6 180.4 100.8 65.0 0.0370% 12.5 0.1 12.4 0.0 0 132.1 1959 136.5 178.2 99.6 57.9 0.0370% 12.1 0.2 11.9 0.0 0 124.4 1958 126.8 166.8 93.0 53.0 0.0370% 11.6 0.0 11.6 0.0 0 115.2 1957 117.3 159.3 90.2 48.2 0.0357% 9.7 0.1 9.6 0.0 0 107.6 1956 111.9 155.5 87.3 43.7 0.0370% 9.4 0.3 9.1 0.0 0 102.5 1955 105.8 151.5 85.4 39.7 0.0370% 9.0 0.3 8.7 0.0 0 96.8 1954 99.7 144.2 81.8 37.3 0.0357% 7.8 0.1 7.7 0.0 0 91.9 1953 94.2 138.7 78.5 34.0 0.0357% 7.3 0.1 7.2 0.0 0 86.9 1952 88.6 131.0 73.7 31.3 0.0370% 7.8 0.8 7.0 0.0 0 80.8 1951 83.5 124.3 70.0 29.2 0.0370% 6.6 0.0 6.6 0.0 0 76.9 1950 84.8 122.9 68.7 30.6 0.0370% 7.8 1.4 6.4 0.0 0 77.0 1949 151.1 122.7 0.0 28.4 0.0833% 6.4 0.3 6.1 0.0 0 144.7 1948 145.6 119.3 0.0 26.3 0.0833% 7.0 0.7 6.36 0.0 0 138.6 147.6 1947 157.5 114.4 0.0 43.1 0.0833% 9.9 0.1 9.8 0.0 0 1946 130.7 107.0 0.0 23.7 0.0833% 10.0 0.1 9.9 0.0 0 120.7 1945 121.0 93.7 0.0 27.3 0.0833% 9.4 0.1 9.3 0.0 0 111.6 APPENDICES 141 ANNUAL REPORT INCOME AND EXPENSES, DEPOSIT INSURANCE FUND, FROM BEGINNING OF OPERATIONS, SEPTEMBER 11, 1933, THROUGH DECEMBER 31, 2017 (continued) Dollars in Millions Income Year 1 Total Assessment Income Expenses and Losses Assessment Credits Investment and Other Effective Assessment Rate1 Funding Transfer from the FSLIC Resolution Fund Provision for Ins. Losses Admin. and Operating Expenses2 Interest & Other Ins. Expenses 9.3 0.1 9.2 0.0 0 90.0 Total Net Income/ (Loss) 1944 99.3 80.9 0.0 18.4 0.0833% 1943 86.6 70.0 0.0 16.6 0.0833% 9.8 0.2 9.6 0.0 0 76.8 1942 69.1 56.5 0.0 12.6 0.0833% 10.1 0.5 9.6 0.0 0 59.0 1941 62.0 51.4 0.0 10.6 0.0833% 10.1 0.6 9.5 0.0 0 51.9 1940 55.9 46.2 0.0 9.7 0.0833% 12.9 3.5 9.4 0.0 0 43.0 1939 51.2 40.7 0.0 10.5 0.0833% 16.4 7.2 9.2 0.0 0 34.8 1938 47.7 38.3 0.0 9.4 0.0833% 11.3 2.5 8.8 0.0 0 36.4 1937 48.2 38.8 0.0 9.4 0.0833% 12.2 3.7 8.5 0.0 0 36.0 1936 43.8 35.6 0.0 8.2 0.0833% 10.9 2.6 8.3 0.0 0 32.9 1935 20.8 11.5 0.0 9.3 0.0833% 11.3 2.8 8.5 0.0 0 9.5 1933-34 7.0 0.0 0.0 7.0 N/A 10.0 0.2 9.8 0.0 0 (3.0) The effective assessment rate is calculated from annual assessment income (net of assessment credits), excluding transfers to the Financing Corporation (FICO), Resolution Funding Corporation (REFCORP) and FSLIC Resolution Fund, divided by the average assessment base. Figures represent only BIF-insured institutions prior to 1990, and BIF- and SAIF-insured institutions from 1990 through 2005. After 1995, all thrift closings became the responsibility of the FDIC and amounts are reflected in the SAIF. Beginning in 2006, figures are for the DIF. The annualized assessment rate for 2017 is based on full year assessment income divided by a four quarter average of 2017 quarterly assessment base amounts. The assessment base for fourth quarter 2017 was estimated using the third quarter 2017 assessment base and an assumed quarterly growth rate of one percent. Historical Assessment Rates: of $4.5 billion. Subsequently, assessment rates for the SAIF were lowered to the same range as the BIF, effective October 1996. This range of rates remained unchanged for both funds through 2006. 1934 – 1949 The statutory assessment rate was 0.0833 percent. 1950 – 1984 The effective assessment rates varied from the statutory rate of 0.0833 percent due to assessment credits provided in those years. 1985 – 1989 The statutory assessment rate was 0.0833 percent (no credits were given). 1990 The statutory rate increased to 0.12 percent. 1991 – 1992 The statutory rate increased to a minimum of 0.15 percent. The effective rates in 1991 and 1992 varied because the FDIC exercised new authority to increase assessments above the statutory minimum rate when needed. 1993 – 2006 Beginning in 1993, the effective rate was based on a risk-related premium system under which institutions paid assessments in the range of 0.23 percent to 0.31 percent. In May 1995, the BIF reached the mandatory recapitalization level of 1.25 percent. As a result, BIF assessment rates were reduced to a range of 0.04 percent to 0.31 percent of assessable deposits, effective June 1995, and assessments totaling $1.5 billion were refunded in September 1995. Assessment rates for the BIF were lowered again to a range of 0 to 0.27 percent of assessable deposits, effective the start of 1996. In 1996, the SAIF collected a one-time special assessment 142 2007 – 2008 As part of the implementation of the Federal Deposit Insurance Reform Act of 2005, assessment rates were increased to a range of 0.05 percent to 0.43 percent of assessable deposits effective at the start of 2007, but many institutions received a one-time assessment credit ($4.7 billion in total) to offset the new assessments. 2009 – 2011 For the first quarter of 2009, assessment rates were increased to a range of 0.12 percent to 0.50 percent of assessable deposits. On June 30, 2009, a special assessment was imposed on all insured banks and thrifts, which amounted in aggregate to approximately $5.4 billion. For 8,106 institutions, with $9.3 trillion in assets, the special assessment was 5 basis points of each insured institution’s assets minus tier one capital; 89 other institutions, with assets of $4.0 trillion, had their special assessment capped at 10 basis points of their second quarter assessment base. From the second quarter of 2009 through the first quarter of 2011, initial assessment rates ranged between 0.12 percent and 0.45 percent of assessable deposits. Initial rates are subject to further adjustments. APPENDICES 2017 2011 – 2016 Beginning in the second quarter of 2011, the assessment base changed to average total consolidated assets less average tangible equity (with certain adjustments for banker’s banks and custodial banks), as required by the Dodd-Frank Act. The FDIC implemented a new assessment rate schedule at the same time to conform to the larger assessment base. Initial assessment rates were lowered to a range of 0.05 percent to 0.35 percent of the new base. The annualized assessment rates averaged approximately 17.6 cents per $100 of assessable deposits for the first quarter of 2011 and 11.1 cents per $100 of the new base for the last three quarters of 2011 (which is shown in the table). 2016 Beginning July 1, 2016, initial assessment rates were lowered from a range of 5 basis points to 35 basis points to a range of 3 basis points to 30 basis points, and an additional surcharge was imposed on large banks (generally institutions with $10 billion or more in assets) of 4.5 basis points of their assessment base (after making adjustments). 2 These expenses, which are presented as operating expenses in the Statement of Income and Fund Balance, pertain to the FDIC in its corporate capacity only and do not include costs that are charged to the failed bank receiverships that are managed by the FDIC. The receivership expenses are presented as part of the “Receivables from Resolutions, net” line on the Balance Sheet. The narrative and graph presented on page 91 of this report shows the aggregate (corporate and receivership) expenditures of the FDIC. 3 Includes $210 million for the cumulative effect of an accounting change for certain postretirement benefits (1992). 4 Includes a $106 million net loss on government securities (1976). 5 This amount represents interest and other insurance expenses from 1933 to 1972. 6 Includes the aggregate amount of $81 million of interest paid on capital stock between 1933 and 1948. APPENDICES 143 ANNUAL REPORT FDIC INSURED INSTITUTIONS CLOSED DURING 2017 Dollars in Thousands Codes for Bank Class: NM = State-chartered bank that is not a member of the Federal Reserve System N = National Bank Name and Location Bank Class Number of Deposit Accounts SB = Savings Bank SI = Stock and Mutual Savings Bank Total Assets1 Total Deposits1 Insured Deposit Funding and Other Disbursements SM = State-chartered bank that is a member of the Federal Reserve System SA = Savings Association Estimated Loss to the DIF2 Date of Closing or Acquisition Receiver/Assuming Bank and Location Purchase and Assumption - All Deposits First NBC Bank New Orleans, LA NM 53,549 $3,325,870 $3,032,208 $2,966,960 $826,903 04/28/17 Whitney Bank Gulfport, MS Guaranty Bank Milwaukee, WI SA 287,742 $1,031,900 $1,002,026 $988,104 $143,423 05/05/17 First-Citizens Bank & Trust Company Raleigh, NC Fayette County Bank Saint Elmo, IL SM 1,257 $34,370 $33,972 $32,625 $9,015 05/26/17 United Fidelity Bank, FSB Evansville, IN 2,593 $166,345 $143,964 $137,509 $60,511 12/15/17 Royal Savings Bank Chicago, IL Insured Deposit Transfer Washington Federal Bank for Savings Chicago, IL SA Whole Bank Purchase and Assumption - All Deposits Harvest Community Bank Pennsville, NJ NM 7,083 $124,223 $122,177 $122,425 $22,689 01/13/17 First-Citizens Bank & Trust Company Raleigh, NC Seaway Bank and Trust Company Chicago, IL NM 19,239 $297,809 $256,505 $244,633 $55,465 01/27/17 State Bank of Texas Dallas, TX Proficio Bank Cottonwood Heights, UT NM 253 $68,208 $65,042 $57,157 $11,763 03/03/17 Cache Valley Bank Logan, UT The Farmers and Merchants State Bank of Argonia Argonia, KS NM 1,407 $33,012 $27,466 $27,411 $2,595 10/13/17 Conway Bank Conway Springs, KS 1 Total Assets and Total Deposits data are based upon the last Call Report filed by the institution prior to failure. 2 Estimated losses are as of December 31, 2017. Estimated losses are routinely adjusted with updated information from new appraisals and asset sales, which ultimately affect the asset values and projected recoveries. Represents the estimated loss to the DIF from deposit insurance obligations. 144 APPENDICES 2017 RECOVERIES AND LOSSES BY THE DEPOSIT INSURANCE FUND ON DISBURSEMENTS FOR THE PROTECTION OF DEPOSITORS, 1934 - 2017 Dollars in Thousands Bank and Thrift Failures1 Year2 2017 2016 2015 2014 2013 2012 2011 20107 20097 20087 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990 1989 1988 1987 1986 1985 1984 1983 1982 1981 1980 1934 - 1979 Number of Banks/ Thrifts 2,623 8 5 8 18 24 51 92 157 140 25 3 0 0 4 3 11 4 7 8 3 1 6 6 13 41 120 124 168 206 200 184 138 116 78 44 32 7 10 558 Total Assets3 $946,643,412 5,081,737 277,182 6,706,038 2,913,503 6,044,051 11,617,348 34,922,997 92,084,988 169,709,160 371,945,480 2,614,928 0 0 170,099 947,317 2,872,720 1,821,760 410,160 1,592,189 290,238 27,923 232,634 802,124 1,463,874 3,828,939 45,357,237 64,556,512 16,923,462 28,930,572 38,402,475 6,928,889 7,356,544 3,090,897 2,962,179 3,580,132 1,213,316 108,749 239,316 8,615,743 Total Deposits3 $713,234,800 4,683,360 268,516 4,870,464 2,691,485 5,132,246 11,009,630 31,071,862 78,290,185 137,835,121 234,321,715 2,424,187 0 0 156,733 901,978 2,512,834 1,661,214 342,584 1,320,573 260,675 27,511 230,390 776,387 1,397,018 3,509,341 39,921,310 52,972,034 15,124,454 24,152,468 26,524,014 6,599,180 6,638,903 2,889,801 2,665,797 2,832,184 1,056,483 100,154 219,890 5,842,119 Funding4 $586,955,906 4,576,824 261,476 4,561,973 2,681,159 5,020,975 11,039,374 30,710,664 82,305,089 136,081,390 205,833,992 1,920,667 0 0 139,236 883,772 1,567,805 21,131 297,313 1,308,274 293,091 25,546 201,533 609,043 1,224,769 3,841,658 14,541,476 21,501,674 10,812,484 11,443,281 10,432,655 4,876,994 4,632,121 2,154,955 2,165,036 3,042,392 545,612 114,944 152,355 5,133,173 APPENDICES Recoveries5 $415,743,180 1,372,516 0 743,513 455,889 273,511 1,722,978 3,217,179 55,641,718 95,397,606 184,490,213 1,461,932 0 0 134,978 812,933 1,711,173 1,138,677 265,175 711,758 58,248 20,520 140,918 524,571 1,045,718 3,209,012 10,866,760 15,496,730 8,040,995 5,247,995 5,055,158 3,014,502 2,949,583 1,506,776 1,641,157 1,973,037 419,825 105,956 121,675 4,752,295 Estimated Additional Recoveries $64,090,944 2,071,944 214,362 2,951,918 1,833,025 3,499,492 6,854,792 20,989,325 10,307,410 13,759,165 3,182,784 296,884 0 0 341 8,192 (493,685) (1,410,011) 0 10,035 12,486 0 0 0 0 0 567 1,918 0 0 0 0 0 0 0 0 0 0 0 0 Final and Estimated Losses6 $107,121,782 1,132,364 47,114 866,542 392,245 1,247,972 2,461,604 6,504,160 16,355,961 26,924,619 18,160,995 161,851 0 0 3,917 62,647 350,317 292,465 32,138 586,481 222,357 5,026 60,615 84,472 179,051 632,646 3,674,149 6,003,026 2,771,489 6,195,286 5,377,497 1,862,492 1,682,538 648,179 523,879 1,069,355 125,787 8,988 30,680 380,878 145 ANNUAL REPORT RECOVERIES AND LOSSES BY THE DEPOSIT INSURANCE FUND ON DISBURSEMENTS FOR THE PROTECTION OF DEPOSITORS, 1934 - 2017 Dollars in Thousands Assistance Transactions1 146 Year2 Number of Banks/ Thrifts Total Assets3 Total Deposits3 Funding4 Recoveries5 Estimated Additional Recoveries 2017 2016 2015 2014 2013 2012 2011 2010 20098 20088 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990 1989 1988 1987 1986 154 0 0 0 0 0 0 0 0 8 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 1 1 80 19 7 $3,317,099,253 0 0 0 0 0 0 0 0 1,917,482,183 1,306,041,994 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 33,831 78,524 14,206 4,438 15,493,939 2,478,124 712,558 $1,442,173,417 0 0 0 0 0 0 0 0 1,090,318,282 280,806,966 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 33,117 75,720 14,628 6,396 11,793,702 2,275,642 585,248 $11,630,356 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1,486 6,117 4,935 2,548 1,730,351 160,877 158,848 $6,199,875 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1,236 3,093 2,597 252 189,709 713 65,669 $0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 APPENDICES Final and Estimated Losses6 $5,430,481 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 250 3,024 2,338 2,296 1,540,642 160,164 93,179 2017 RECOVERIES AND LOSSES BY THE DEPOSIT INSURANCE FUND ON DISBURSEMENTS FOR THE PROTECTION OF DEPOSITORS, 1934 - 2017 (continued) Dollars in Thousands Assistance Transactions1 Year2 1985 1984 1983 1982 1981 1980 1934-1979 Number of Banks/ Thrifts 4 2 4 10 3 1 4 Total Assets3 5,886,381 40,470,332 3,611,549 10,509,286 4,838,612 7,953,042 1,490,254 Total Deposits3 5,580,359 29,088,247 3,011,406 9,118,382 3,914,268 5,001,755 549,299 Funding4 765,732 5,531,179 764,690 1,729,538 774,055 0 0 Recoveries5 406,676 4,414,904 427,007 686,754 1,265 0 0 Estimated Additional Recoveries 0 0 0 0 0 0 0 Final and Estimated Losses6 359,056 1,116,275 337,683 1,042,784 772,790 0 0 1 Institutions for which the FDIC is appointed receiver, including deposit payoff, insured deposit transfer, and deposit assumption cases. 2 For 1990 through 2005, amounts represent the sum of BIF and SAIF failures (excluding those handled by the RTC); prior to 1990, figures are only for the BIF. After 1995, all thrift closings became the responsibility of the FDIC and amounts are reflected in the SAIF. For 2006 to 2017, figures are for the DIF. 3 Assets and deposit data are based on the last Call Report or TFR filed before failure. 4 Funding represents the amounts provided by the DIF to receiverships for subrogated claims, advances for working capital, and administrative expenses paid on their behalf. Beginning in 2008, the DIF resolves failures using whole-bank purchase and assumption transactions, most with an accompanying shared-loss agreement (SLA). The DIF satisfies any resulting liabilities by offsetting receivables from resolutions when receiverships declare a dividend and/or sending cash directly to receiverships to fund an SLA and other expenses. 5 Recoveries represent cash received and dividends (cash and non-cash) declared by receiverships. 6 Final losses represent actual losses for unreimbursed subrogated claims of inactivated receiverships. Estimated losses represent the difference between the amount paid by the DIF to cover obligations to insured depositors and the estimated recoveries from the liquidation of receivership assets. 7 Includes amounts related to transaction account coverage under the Transaction Account Guarantee Program (TAG). The estimated losses as of December 31, 2017, for TAG accounts in 2010, 2009, and 2008 are $378 million, $1.1 billion, and $13 million, respectively. 8 Includes institutions where assistance was provided under a systemic risk determination. APPENDICES 147 ANNUAL REPORT NUMBER, ASSETS, DEPOSITS, LOSSES, AND LOSS TO FUNDS OF INSURED THRIFTS TAKEN OVER OR CLOSED BECAUSE OF FINANCIAL DIFFICULTIES, 1989 THROUGH 19951 Dollars in Thousands Deposits Final Receivership Loss2 Loss to Fund3 $393,986,574 $318,328,770 $75,977,846 $81,581,231 2 423,819 414,692 28,192 27,750 1994 2 136,815 127,508 11,472 14,599 1993 10 6,147,962 5,708,253 267,595 65,212 1992 59 44,196,946 34,773,224 3,286,908 3,832,145 1991 144 78,898,904 65,173,122 9,235,967 9,734,263 213 129,662,498 98,963,962 16,062,685 19,257,578 318 134,519,630 113,168,009 47,085,027 48,649,684 Year Number of Institutions Assets Total 748 1995 1990 1989 4 1 Beginning in 1989 through July 1, 1995, all thrift closings were the responsibility of the Resolution Trust Corporation (RTC). Since the RTC was terminated on December 31, 1995, and all assets and liabilities transferred to the FSLIC Resolution Fund (FRF), all the results of the thrift closing activity from 1989 through 1995 are now reflected on the FRF’s books. Year is the year of failure, not the year of resolution. 2 The Final Receivership Loss represents the loss at the fund level from receiverships for unreimbursed subrogated claims of the FRF and unpaid advances to receiverships from the FRF. 3 The Loss to Fund represents the total resolution cost of the failed thrifts in the FRF-RTC fund. In addition to the receivership losses, this includes corporate revenue and expense items such as interest expense on Federal Financing Bank debt, interest expense on escrowed funds, administrative expenses, and interest revenue on advances to receiverships. 4 Total for 1989 excludes nine failures of the former FSLIC. 148 APPENDICES 2017 B. MORE ABOUT THE FDIC FDIC Board of Directors Martin J. Gruenberg Martin J. Gruenberg is the 20th Chairman of the FDIC, receiving Senate confirmation on November 15, 2012, for a five-year term. Mr. Gruenberg served as Vice Chairman and Member of the FDIC Board of Directors from August 22, 2005, until his confirmation as Chairman. He served as Acting Chairman from July 9, 2011, to November 15, 2012, and also from November 16, 2005, to June 26, 2006. Mr. Gruenberg joined the FDIC Board after broad congressional experience in the financial services and regulatory areas. He served as Senior Counsel to Senator Paul S. Sarbanes (D-MD) on the staff of the Senate Committee on Banking, Housing, and Urban Affairs from 1993 to 2005. Mr. Gruenberg advised the Senator on issues of domestic and international financial regulation, monetary policy, and trade. He also served as Staff Director of the Banking Committee’s Subcommittee on International Finance and Monetary Policy from 1987 to 1992. Major legislation in which Mr. Gruenberg played an active role during his service on the Committee includes the Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA); the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA); the Gramm-Leach-Bliley Act; and the Sarbanes-Oxley Act of 2002. Thomas M. Hoenig Thomas M. Hoenig was confirmed by the Senate as Vice Chairman of the FDIC on November 15, 2012. He joined the FDIC on April 16, 2012, as a member of the Board of Directors of the FDIC for a six-year term. Prior to serving on the FDIC Board, Mr. Hoenig was the President of the Federal Reserve Bank of Kansas City and a member of the Federal Reserve System’s Federal Open Market Committee from 1991 to 2011. Mr. Hoenig was with the Federal Reserve for 38 years, beginning as an economist, and then as a senior officer in banking supervision during the U.S. banking crisis of the 1980s. In 1986, he led the Kansas City Federal Reserve Bank’s Division of Bank Supervision and Structure, directing the oversight of more than 1,000 banks and bank holding companies with assets ranging from less than $100 million to $20 billion. He became President of the Kansas City Federal Reserve Bank on October 1, 1991. Mr. Hoenig is a native of Fort Madison, Iowa, and received a doctorate in economics from Iowa State University. Mr. Gruenberg served as Chairman of the Executive Council and President of the International Association of Deposit Insurers (IADI) from November 2007 to November 2012. Mr. Gruenberg holds a J.D. from Case Western Reserve Law School and an A.B. from Princeton University, Woodrow Wilson School of Public and International Affairs. APPENDICES 149 ANNUAL REPORT Mick Mulvaney Joseph M. Otting Mick Mulvaney is Acting Director of the Consumer Financial Protection Bureau. Joseph M. Otting was sworn in as the 31st Comptroller of the Currency on November 27, 2017. Mick Mulvaney is the current Director of the Office of Management and Budget and the Acting Director of the Consumer Financial Protection Bureau. Prior to his appointments, he served the people of the 5th District of South Carolina as their Congressman where he was first elected in 2010, he is the first Republican member to hold the seat in 128 years. A lifelong Carolinas resident, he attended Georgetown University, graduating with honors in International Economics, Commerce, and Finance. He completed his formal education at Harvard Business School’s OPM program in 2006. While in the private sector, he was a lawyer, a real estate developer, a home builder, and a restaurant franchiser and franchisee. While in Congress, he served on the Budget Committee, Joint Economic Committee, Small Business Committee, Financial Services Committee, and the Oversight and Government Reform Committee. He is a regular spokesperson for the Administration, having appeared on major network shows, including: Meet the Press, Face the Nation, This Week, and Fox News Sunday. He also makes regular appearances on cable television news, national radio, and online media. Mick and Pam were married in 1998, and are the proud parents of triplets: James, Caroline, and Finnegan, and two great Danes: Guiness and Harper. 150 The Comptroller of the Currency is the administrator of the federal banking system and chief officer of the Office of the Comptroller of the Currency (OCC). The OCC supervises nearly 1,400 national banks, federal savings associations, and federal branches and agencies of foreign banks operating in the United States. The mission of the OCC is to ensure that national banks and federal savings associations operate in a safe and sound manner, provide fair access to financial services, treat customers fairly, and comply with applicable laws and regulations. The Comptroller also serves as a director of the Federal Deposit Insurance Corporation and member of the Financial Stability Oversight Council and the Federal Financial Institutions Examination Council. Prior to becoming Comptroller of the Currency, Mr. Otting was an executive in the banking industry. He served as President of CIT Bank and Co-President of CIT Group from August 2015 to December 2015. Mr. Otting previously was President, Chief Executive Officer, and a member of the Board of Directors of OneWest Bank, N.A. Prior to joining OneWest Bank, he served as Vice Chairman of U.S. Bancorp, where he managed the Commercial Banking Group and served on the Bancorp’s executive management committee. He also served as a member of U.S. Bank’s main subsidiary banks’ Board of Directors. From 1994 to 2001, Mr. Otting was with Union Bank of California, where he was Executive Vice President and Group Head of Commercial Banking. Before joining Union Bank, he was with Bank of America and held positions in branch management, preferred banking, and commercial lending. APPENDICES 2017 Mr. Otting has played significant roles in charitable and community development organizations. He has served as a board member for the California Chamber of Commerce, the Killebrew-Thompson Memorial foundation, the Associated Oregon Industries, the Oregon Business Council, the Portland Business Alliance, the Minnesota Chamber of Commerce, and Blue Cross Blue Shield of Oregon. He was also a member of the Financial Services Roundtable, the Los Angeles Chamber of Commerce, and the Board and Executive Committee of the Los Angeles Economic Development Corporation. Mr. Otting holds a bachelor of arts in management from the University of Northern Iowa and is a graduate of the School of Credit and Financial Management, which was held at Dartmouth College in Hanover, New Hampshire. Thomas J. Curry Thomas J. Curry, former Comptroller of the Currency, resigned from the FDIC Board of Directors as of May 5, 2017. Mr. Curry served as a director of the FDIC beginning in 2004 and was the secondlongest serving Board member in FDIC history. Richard Cordray Richard Cordray, former Director of the Consumer Financial Protection Bureau, resigned on November 24, 2017. Mr. Cordray served as the first Director of the Consumer Financial Protection Bureau. APPENDICES 151 152 APPENDICES Director Mark E. Pearce Doreen R. Eberley Director DIVISION OF DEPOSITOR AND CONSUMER PROTECTION OFFICE OF COMMUNICATIONS Board Member Vacant FDIC DIVISION OF RISK MANAGEMENT SUPERVISION Chief Learning Officer and Director Suzannah L. Susser CORPORATE UNIVERSITY Director Arleas Upton Kea DIVISION OF ADMINISTRATION Director Craig R. Jarvill DIVISION OF FINANCE Vice Chairman, Board Member Thomas M. Hoenig FDIC DEPUTY TO THE CHAIRMAN Kymberly K. Copa DEPUTY TO THE CHAIRMAN FOR COMMUNICATIONS Barbara Hagenbaugh Noreen Padilla Director Bret D. Edwards Ricardo (Rick) Delfin Director DIVISION OF RESOLUTIONS AND RECEIVERSHIPS Acting Chief Information Security Officer Charles Yi General Counsel Director Russell G. Pittman DIVISION OF INFORMATION TECHOLOGY LEGAL DIVISION Board Member Joseph Otting OCC OFFICE OF CHIEF INFORMATION SECURITY OFFICER Howard Whyte CHIEF INFORMATION OFFICER AND CHIEF PRIVACY OFFICER Lawrence Gross SPECIAL ADVISOR FOR INFORMATION TECHOLOGY Jason C. Cave OFFICE OF COMPLEX FINANCIAL INSTITUTIONS Michele A. Heller WRITER-EDITOR Inspector General Jay N. Lerner OFFICE OF INSPECTOR GENERAL Arthur Murton SPECIAL ADVISOR Robert D. Harris SPECIAL ADVISOR FOR SUPERVISORY MATTERS Barbara A. Ryan Steven O. App INTERNAL OMBUDSMAN DEPUTY TO THE CHAIRMAN AND CHIEF OPERATING OFFICER, CHIEF OF STAFF DEPUTY TO THE CHAIRMAN AND CHIEF FINANCIAL OFFICER Chairman Martin J. Gruenberg FDIC BOARD OF DIRECTORS FDIC ORGANIZATION CHART/OFFICIALS Director Diane Ellis DIVISION OF INSURANCE AND RESEARCH Ombudsman M. Anthony Lowe OFFICE OF THE OMBUDSMAN Director Andy Jiminez OFFICE OF LEGISLATIVE AFFAIRS Acting Director Saul Schwartz OFFICE OF MINORITY AND WOMEN INCLUSION Administrative Law Judge C. Richard Miserendino OFFICE OF FINANCIAL INSTITUTION ADJUDICATION Board Member Mick Mulvaney CFPB (Acting Director) ANNUAL REPORT 2017 CORPORATE STAFFING STAFFING TRENDS 2008-2017 9,000 6,000 3,000 0 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 4,988 6,557 8,150 7,973 7,476 7,254 6,631 6,385 6,096 5,880 FDIC Year–End On-Board Staffing Notes: 2008-2017 staffing totals reflect year-end full time equivalent staff. APPENDICES 153 ANNUAL REPORT NUMBER OF EMPLOYEES BY DIVISION/OFFICE 2016 AND 2017 (YEAR-END)1 Total Division or Office: Washington Regional/ 2017 2016 2017 2016 2017 2016 2,558 2,627 197 204 2,361 2,423 831 838 120 116 711 722 457 537 134 138 323 399 506 531 326 340 180 191 358 370 246 256 112 114 276 301 219 237 57 64 217 210 211 202 6 8 194 193 157 153 37 40 166 167 162 164 4 3 36 34 36 34 0 0 126 122 78 76 48 47 62 67 48 50 14 17 Executive Offices3 26 22 26 22 0 0 Executive Support Offices4 68 79 60 72 8 7 5,880 6,096 2,019 2,062 3,861 4,034 Division of Risk Management Supervision Division of Depositor and Consumer Protection Division of Resolutions and Receiverships Legal Division Division of Administration Division of Information Technology Corporate University Division of Insurance and Research Division of Finance Office of the Chief Information Security Officer2 Office of Inspector General Office of Complex Financial Institutions TOTAL 1 The FDIC reports staffing totals using a full-time equivalent methodology, which is based on an employee’s scheduled work hours. Division/Office staffing has been rounded to the nearest whole FTE. Totals may not foot due to rounding. 2 Formerly known as the Information Security and Privacy Staff. 3 Includes the Offices of the Chairman, Vice Chairman, Director (Appointive), Chief Operating Officer, Chief Financial Officer, and Chief lnformation Officer. 4 Includes the Offices of Legislative Affairs, Communications, Ombudsman, Minority and Women Inclusion, and Corporate Risk Management (the functions of which were absorbed by the Division of Finance in 2017). 154 APPENDICES 2017 SOURCES OF INFORMATION FDIC Website www.fdic.gov Public Information Center A wide range of banking, consumer, and financial information is available on the FDIC’s website. This includes the FDIC’s Electronic Deposit Insurance Estimator (EDIE), which estimates an individual’s deposit insurance coverage; the Institution Directory, which contains financial profiles of FDIC-insured institutions; Community Reinvestment Act evaluations and ratings for institutions supervised by the FDIC; Call Reports, which are bank reports of condition and income; and Money Smart, a training program to help individuals outside the financial mainstream enhance their money management skills and create positive banking relationships. Readers also can access a variety of consumer pamphlets, FDIC press releases, speeches, and other updates on the agency’s activities, as well as corporate databases and customized reports of FDIC and banking industry information. FDIC Call Center Phone: 877-275-3342 (877-ASK-FDIC) 703-562-2222 3501 Fairfax Drive Room E-1021 Arlington, VA 22226 Phone: 877-275-3342 (877-ASK-FDIC), 703-562-2200 Fax: 703-562-2296 FDIC Online Catalog: https://catalog.fdic.gov E-mail: publicinfo@fdic.gov Publications such as FDIC Quarterly and Consumer News and a variety of deposit insurance and consumer pamphlets are available at www.fdic.gov or may be ordered in hard copy through the FDIC online catalog. Other information, press releases, speeches and congressional testimony, directives to financial institutions, policy manuals, and FDIC documents are available on request through the Public Information Center. Hours of operation are 9:00 a.m. to 4:00 p.m., Eastern Time, Monday – Friday. Office of the Ombudsman Hearing Impaired: 800-925-4618 3501 Fairfax Drive 703-562-2289 Room E-2022 The FDIC Call Center in Washington, DC, is the primary telephone point of contact for general questions from the banking community, the public, and FDIC employees. The Call Center directly, or with other FDIC subject-matter experts, responds to questions about deposit insurance and other consumer issues and concerns, as well as questions about FDIC programs and activities. The Call Center also refers callers to other federal and state agencies as needed. Hours of operation are 8:00 a.m. to 8:00 p.m., Eastern Time, Monday – Friday, and 9:00 a.m. to 5:00 p.m., Saturday – Sunday. Recorded information about deposit insurance and other topics is available 24 hours a day at the same telephone number. Arlington, VA 22226 As a customer service, the FDIC Call Center has many bilingual Spanish agents on staff and has access to a translation service, which is able to assist with over 40 different languages. Phone: 877-275-3342 (877-ASK-FDIC) Fax: 703-562-6057 E-mail: ombudsman@fdic.gov The Office of the Ombudsman (OO) is an independent, neutral, and confidential resource and liaison for the banking industry and the general public. The OO responds to inquiries about the FDIC in a fair, impartial, and timely manner. It researches questions and fields complaints from bankers and bank customers. OO representatives are present at all bank closings to provide accurate information to bank customers, the media, bank employees, and the general public. The OO also recommends ways to improve FDIC operations, regulations, and customer service. APPENDICES 155 ANNUAL REPORT REGIONAL AND AREA OFFICES Atlanta Regional Office Chicago Regional Office Michael J. Dean, Regional Director 10 Tenth Street, NE Suite 800 Atlanta, Georgia 30309 (678) 916-2200 John P. Conneely, Regional Director 300 South Riverside Plaza Suite 1700 Chicago, Illinois 60606 (312) 382-6000 Alabama Illinois Florida Indiana Georgia Kentucky North Carolina Michigan South Carolina Ohio Virginia Wisconsin West Virginia Dallas Regional Office Memphis Area Office Kristie K. Elmquist, Regional Director Kristie K. Elmquist, Director 1601 Bryan Street 6060 Primacy Parkway Dallas, Texas 75201 Suite 300 (214) 754-0098 Memphis, Tennessee 38119 (901) 685-1603 Colorado New Mexico Arkansas Oklahoma Louisiana Texas Mississippi Tennessee Kansas City Regional Office New York Regional Office James D. LaPierre, Regional Director 1100 Walnut Street Suite 2100 Kansas City, Missouri 64106 (816) 234-8000 John F. Vogel, Regional Director 350 Fifth Avenue Suite 1200 New York, New York 10118 (917) 320-2500 Iowa Delaware Kansas District of Columbia Minnesota Maryland Missouri New Jersey Nebraska New York North Dakota Pennsylvania South Dakota Puerto Rico Virgin Islands 156 APPENDICES 2017 Boston Area Office San Francisco Regional Office John F. Vogel, Director 15 Braintree Hill Office Park Suite 100 Braintree, Massachusetts 02184 (781) 794-5500 Kathy L. Moe, Regional Director 25 Jessie Street at Ecker Square Suite 2300 San Francisco, California 94105 (415) 546-0160 Connecticut Alaska Maine American Samoa Massachusetts Arizona New Hampshire California Rhode Island Federated States of Micronesia Vermont Guam Hawaii Idaho Montana Nevada Oregon Utah Washington Wyoming APPENDICES 157 ANNUAL REPORT C. IMPLEMENTATION OF KEY REGULATIONS that the FDIC has access to expanded QFC data to facilitate the orderly resolution of IDIs with more complex QFC portfolios. The changes to both the formatting and the quantity of information will enable the FDIC, as receiver, to make better informed and efficient decisions during the one business day stay period for the transfer of QFCs. The effective date of the final rule is October 1, 2017. During 2017, the FDIC undertook a number of initiatives to implement regulations or clarify supervisory expectations. Swap Margin Guidance In February 2017, the FDIC, the Federal Reserve Board (FRB), and the Office of the Comptroller of the Currency (OCC) issued a joint release explaining how supervisors should examine for compliance with the swap margin rule, which requires the prudent posting of collateral for swaps that are not cleared through a clearinghouse. The guidance explains that swap entities covered by the rule were expected to prioritize their compliance efforts surrounding the March 1, 2017 variation margin deadline according to the size and risk of their counterparties. Furthermore, the guidance clarifies that swap entities’ compliance with counterparties that present significant credit and market risk exposures is expected to be in place on the due date, as laid out in the final rule. For other counterparties that do not present significant credit and market risks, swap entities were expected to make good faith efforts to comply with the final rule in a timely manner, but not later than September 1, 2017. At this time, a number of FDIC-supervised institutions are affected by the rule in their capacity as swaps counterparties, but none are “covered swaps entities” as defined by the rule. Qualified Financial Contracts Recordkeeping In July 2017, the FDIC approved a final rule amending its regulations regarding Recordkeeping Requirements for Qualified Financial Contracts (QFCs). The final rule enhances and updates recordkeeping requirements relating to the QFCs of insured depository institutions (IDIs) in a troubled condition. Among other things, the final rule ensures 158 Restrictions on Certain FDIC-Supervised Institutions During 2017, the FDIC, FRB, and OCC coordinated on the issuance of rules applying to QFCs of systemically important U.S. banking organizations and systemically important foreign banking organizations in order to improve their resolvability and protect the financial stability of the United States. Together the agencies’ final rules promote orderly resolution by preventing large-scale early terminations of derivatives portfolios of an institution in resolution. Early terminations of QFCs, as illustrated by the failure of Lehman Brothers in September 2008, contribute to financial instability by promoting fire sales of assets and spreading contagion within the financial system. In October 2017, the FDIC approved its final rule, which also enhances the resilience and the safety and soundness of certain state savings associations and state-chartered nonmember banks for which the FDIC is the primary federal regulator (FDICSupervised Institutions). This final rule requires FDIC supervised institutions that are affiliated with a systemically important financial institution (SIFI) to ensure that covered QFCs to which they are a party provide that any default rights and restrictions on the transfer of the QFCs are limited to the same extent as they would be under the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act) and the Federal Deposit Insurance (FDI) Act. In addition, SIFIs are generally prohibited from being party to QFCs that would allow a QFC counterparty to exercise default rights against the SIFI based on the entry into a resolution proceeding under the FDI Act APPENDICES 2017 or any other resolution proceeding of an affiliate of the SIFI. The final rule also amends the definition of ‘‘qualifying master netting agreement’’ in the FDIC’s capital and liquidity rules and certain related terms in the FDIC’s capital rules. These amendments are intended to ensure that the regulatory capital and liquidity treatment of QFCs to which a SIFI is party would not be affected by the implementation of the rule. Guidelines for Appeals of Material Supervisory Determinations In July 2017, the FDIC adopted revised Guidelines for Appeals of Material Supervisory Determinations. The revised guidelines expand the circumstances under which banks may appeal a material supervisory determination and improves the consistency of the appeals processes among the FDIC, FRB, and OCC. Specifically, the revised guidelines: ♦♦ Permit the appeal of the level of compliance with an existing formal enforcement action, the initiation of an informal enforcement action, and matters requiring board attention; ♦♦ Specify that formal enforcement-related actions or decisions do not affect a pending appeal, and expand the opportunities for appeal available in certain circumstances; and ♦♦ Require annual reports of Division Directors’ decisions with respect to material supervisory determinations. In September 2017, the FDIC issued financial institution letter (FIL) 42-2017 to distribute the revised guidelines to the industry. Current Expected Credit Losses Accounting Standard Frequently Asked Questions In September 2017, the FDIC, FRB, OCC, and National Credit Union Administration (NCUA) issued a second set of frequently asked questions (FAQs) on the application of the Financial Accounting Standards Board’s new accounting standard on credit losses and related supervisory expectations. This accounting standard, which will apply to all institutions, introduces the current expected credit losses (CECL) methodology for estimating credit loss allowances on loans and certain other exposures. The second set of FAQs address a variety of technical issues and questions related to the implementation of the new accounting standard. The second set of FAQs was combined with those issued in December 2016 to form a single self-contained document to assist institutions and examiners. Securities Transaction Settlement Cycle In September 2017, the FDIC and OCC jointly issued a Notice of Proposed Rulemaking (NPR) titled Securities Transaction Settlement Cycle that was published in the Federal Register for a 30-day comment period, with comments due October 11, 2017. The NPR would shorten the standard settlement cycle from three to two days for securities purchased or sold by FDIC-supervised institutions, national banks, and federal savings associations, thereby aligning the FDIC’s and OCC’s regulations with the new industry standard settlement cycle as implemented by the U.S. Securities and Exchange Commission (SEC). The three-day settlement cycle is referred to as the “trade date plus three days”, or “T+3”, and is the current standard for the U.S. securities industry. The NPR is part of an industrywide shift to a T+2 days settlement cycle. For many FDIC-supervised institutions, the majority of the changes needed to implement T+2 will be completed by third-party industry custodians, systems and service providers, and broker-dealers through which institutions trade for themselves or on behalf of their fiduciary. Net Stable Funding Ratio During the financial crisis, a number of large banking organizations failed, or experienced serious difficulties, in part because of severe liquidity problems. In May 2016, the FDIC and other banking agencies proposed a rule that would reduce the vulnerability of large APPENDICES 159 ANNUAL REPORT banking organizations to liquidity risk. The Net Stable Funding Ratio (NSFR) Rule would require certain large banks to maintain sufficient levels of stable funding, including capital, long-term debt, and other stable sources over a one-year window, to account for the liquidity risks arising from their assets, derivatives, and off-balance sheet activities. Comments received and reviewed about the 160 proposed NSFR rule concerned the stable funding requirements for assets, liabilities and off-balance sheet exposures, as well as the estimated costs and benefits and the empirical foundation and underpinnings supporting the proposal. The federal banking agencies are reviewing these comments and considering how to proceed with the proposed rule. APPENDICES 2017 D. OFFICE OF INSPECTOR GENERAL’S ASSESSMENT OF THE MANAGEMENT AND PERFORMANCE TOP MANAGEMENT AND PERFORMANCE CHALLENGES FACING THE FDIC CHALLENGES FACING THE FEDERAL DEPOSIT INSURANCE CORPORATION Emerging Cybersecurity Risks at Insured Financial Institutions In August 2017, the President’s National Infrastructure Advisory Council (“NIAC”) 1 highlighted significant cybersecurity risks to the financial services sector and concluded that the country had “a narrow and fleeting window of opportunity before a watershed, 9/11-level cyber attack to organize effectively and take bold action.” The Federal Deposit Insurance Corporation (“FDIC”), in its Annual Performance Plan for 2017, recognized that cybersecurity was a ”significant concern for the banking industry because of the industry’s use of and reliance on technology, not only in bank operations, but also as an interface with customers.” The FDIC Performance Plan further stated that “[c]ybersecurity has become one of the most critical challenges facing the financial services sector due to the frequency and increasing sophistication of cyber attacks.” The Financial Stability Oversight Council (“FSOC”) also underscored cybersecurity risks to the banking sector in its Annual Report (2017), stating that, “[i]f severe enough, a Common Cyber-Criminal Strategies • Distributed denial-of-service – prevents customer access to bank websites and is also used as a diversionary tactic by criminals attempting to commit fraud using stolen credentials to initiate wire transfers. • Malicious software – a broad class of attack that is generally delivered by email and lures the recipient into reading the email, opening an attachment, and providing sensitive information. • Compound attack – deploys more than one method of attack simultaneously. • Ransomware – limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. Sources: FDIC Supervisory Insights, A Framework for Cybersecurity and FFIEC Joint Statement-Cyber Attacks Involving Extortion cybersecurity failure could have systemic implications for the financial sector and the U.S. economy more broadly.” 2 The Department of the Treasury’s Office of Financial Research (“OFR”) Annual Report to Congress 2017 added that “[t]he financial system is an attractive target for cyber thieves and other hackers because financial companies manage the nation’s wealth and handle trillions of dollars in transactions every day that underlie the U.S. economy.” The International Monetary Fund Working Paper, Cyber Risk, Market Failures, and Financial Stability (2017), also recognized that the financial sector experienced the most cybersecurity incidents across all industries with confirmed data The NIAC was established on October 16, 2001 and advises the President, through the Secretary of Homeland Security, on security and resilience of the Nation’s critical infrastructure sectors and their functional systems, physical assets, and cyber networks. 2 The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 established the FSOC, which has accountability for identifying risks and responding to emerging threats to financial stability. The FSOC is a collaborative body that brings together the expertise of federal financial regulators (including the FDIC), an independent insurance expert appointed by the President, and state regulators. The Office of Financial Research is a bureau within the Department of the Treasury that provides support to the FSOC, the Council’s member organizations, and the public. 1 APPENDICES 161 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) losses in 2015, and by a substantial margin. In addition, on December 1, 2017, the Federal Reserve Vice Chair for Supervision, Randal Quarles, described cybersecurity as the biggest risk facing the financial sector and encouraged that federal banking regulators should be “bringing more of the resources of the government to bear” to boost digital defenses. 3 The FDIC plays an important role as a financial regulator to ensure the stability of the financial system, and as the primary federal regulator of approximately 3,700 financial institutions. In addition, as of the third quarter of 2017, the FDIC provided deposit insurance coverage for 5,738 institutions with total assets of $17.2 trillion and deposits of $7.1 trillion. Therefore, the FDIC has a significant financial interest in mitigating cybersecurity risks at insured banks. If a bank fails, the FDIC will need to step in and may have to fund the losses from its Deposit Insurance Fund. Given the significance of cybersecurity risk to U.S. financial institutions, FDIC information technology (“IT”) examinations are an important tool to identify weaknesses and vulnerabilities in FDIC-supervised institutions. According to the Federal Financial Institutions Examination Council 4 (“FFIEC”) Cybersecurity Threat and Vulnerability Monitoring and Sharing Statement, “[f]inancial institution management is expected to monitor and maintain sufficient awareness of cybersecurity threats and vulnerability information so they may evaluate risk and respond accordingly.” FDIC IT examinations assess the management of IT risks, including cybersecurity, at FDICsupervised institutions and at select third-party technology service providers (“TSP”). When examinations identify undue risks and weak risk management practices at institutions, the FDIC may use informal or formal enforcement procedures to address those risks and practices as well as deteriorating financial conditions, or violations of laws or regulations. 5 Many financial American Banker, Regulators Have Bigger Role to Play in Cybersecurity (December 1, 2017). The Federal Financial Institutions Examination Council is an interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System, FDIC, National Credit Union Administration, Office of the Comptroller of the Currency, and Consumer Financial Protection Bureau and to make recommendations to promote uniformity in the supervision of financial institutions. 5 Risk Management Manual of Examination Policies, Part I 1.1 Basic Examination Concepts and Guidelines and Part IV Administrative and Enforcement Actions. 3 4 162 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) institutions maintain contracts with TSPs to outsource certain bank functions such as IT operations or business or product lines. As recognized in the Office of the Comptroller of the Currency’s (“OCC”) Semiannual Risk Perspectives (Spring 2017), 6 TSPs are also targets for cybercrime and may provide a back door into bank operations through the supply of IT products and services that allow remote access and management of bank operations or applications. In addition, the OCC identified concerns with large numbers of banks relying on a small number of TSPs. For example, OCC examiners identified third-party services for merchant card processing, denial of service mitigation, and trust account systems as instances of concentration among providers. As such, if a TSP has its systems or information compromised, it may significantly impact a large segment of the banking industry. In our OIG evaluation, Case Study of a Computer Security Incident Involving a Technology Service Provider (2016), we reviewed allegations about a computer security incident potentially involving unauthorized access to unencrypted Personally Identifiable Information (“PII”) 7 from multiple client financial institutions residing on a TSP’s computer server. We concluded that a poor internal control environment and a vague incident response policy limited the TSP’s ability to protect against the incident and hampered incident response efforts. The TSP did not collect or retain forensics information such as an image of the server, and it lacked a computer activity log to identify data access and exfiltration. Further, in our OIG evaluation, Technology Service Provider Contracts with FDIC-Supervised Institutions (February 2017), we assessed how FDIC-supervised institutions’ contracts with TSPs addressed the TSP’s responsibilities related to business continuity planning and responding to and reporting on cybersecurity incidents. Based on our sample of 48 contracts with 19 institutions, we did not see evidence that most financial institutions reviewed fully considered and assessed the potential impact that TSPs may have on the institution’s business continuity planning and cybersecurity incident response and reporting operations. In 2015, we issued an OIG evaluation report, The FDIC’s Supervisory Approach to Cyberattack Risks, which found inconsistencies in the quality and depth of IT examination assessments and documentation of findings among examiners, because examiners had discretion in conducting and documenting IT work. We also found a few situations where IT examinations of complex financial institutions were led by individuals that either did not have sufficient IT expertise or These risks were recently reiterated in the OCC’s Semiannual Risk Perspective (Fall 2017) released on January 18, 2018. According to OMB Memorandum 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, the term PII refers to information that can be used to distinguish or trace an individual's identity, such as their name, Social Security Number, biometric records, etc. alone, or when combined with other personal or identifying information that is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. 6 7 APPENDICES 163 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) required on-the-job training. The FDIC has taken steps described in the paragraphs below to address issues identified in these reports. In July 2015, the Government Accountability Office (“GAO”) issued a report, Cybersecurity: Banks and Other Depository Regulators Need Better Data Analytics and Depository Institutions Want More Usable Threat Information. GAO examined how the bank regulators – the FDIC, the OCC, and the Federal Reserve Board – oversee financial institutions’ efforts to mitigate cyber risk. The GAO found that the regulators were not routinely aggregating and analyzing data on IT deficiencies found in individual financial institutions in order to analyze trends in specific security problems across institutions and use that information to better target future examinations. In the last 2 years, the FDIC modified its IT examination process, in part in response to concerns identified. In July 2016, the FDIC implemented a new Information Technology Risk Examination (“InTREx”) program for financial institutions. InTREx provides baseline work programs supplemented by FFIEC Information Technology Examination Handbook (IT Handbook) programs for more complex or high-risk areas. A work program provides a series of questions and steps to guide examiners. The IT Handbook also provides examination procedures for TSPs. According to the FDIC, InTREx enhances identification, assessment, and validation of IT and operations risks in financial institutions. InTREx contains both structured and unstructured information that should facilitate supervisory tasks and horizontal analysis across institutions. We will be conducting an audit that will assess the InTREx program. A key challenge associated with IT examinations is ensuring that the FDIC has the right number of examiners with appropriate skills, training, and experience to match institution IT complexity. According to the FDIC’s InTREx Program Examination Procedures, examiner staffing is based on a financial institution’s Information Technology Profile (“ITP”) questionnaire score. Upon receipt of the completed ITP information, the FDIC validates the profile, makes qualitative adjustments, and determines the net technology score that translates into a complexity level of high, medium, or low. The FDIC then attempts to match the examiner’s IT training to the complexity of the institution’s IT systems. Thus, a highly complex bank requires an examiner trained in advanced IT skills. During 2016, the FDIC trained 1,594 field examiners in InTREx low-complexity IT examination processes and completed a reorganization that established a new Operational Risk Branch led by a Deputy Director. In addition, the FDIC advised that it had established a new IT supervision group, updated its core IT training for examiners, added an IT examination requirement for examiners, increased the pace of IT subject-matter expert training, and hired term IT specialists. 164 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) We are planning to conduct an evaluation of the FDIC’s approach to examiner staffing, including IT examination resources. In addition to examinations, the FDIC provides cybersecurity awareness resources to financial institutions. For example, the FDIC, through the FFIEC website, provides bankers with access to technical assistance videos, articles, exercises, and Financial Institution Letters (“FIL”) 8 that address cybersecurity risks. According to OIG analysis, the FDIC issued 21 FILs related to cybersecurity to Chief Executive Officers at financial institutions between January 2008 and December 2017. These FILs included information such as cybersecurity awareness webinars (October 25, 2016), introduction of cybersecurity assessment tools (July 2, 2015), and statements on malware (March 30, 2015). The FFIEC also issues statements and alerts to financial institutions regarding threats and vulnerabilities. Between October 2013 and May 2017, the FFIEC issued 15 statements and alerts related to cybersecurity. To illustrate, in June 2016, the FFIEC issued a statement advising financial institutions to review risk management practices and controls over payment networks. The FDIC must continue its efforts to mitigate cybersecurity risks at financial institutions and TSPs in order to protect the Deposit Insurance Fund and consumers. In this regard, the FDIC should continue building its capabilities to assess IT risks and trends and deploy IT examination staff commensurate with risks at FDIC-supervised institutions. Further, the FDIC should take prompt supervisory action when banks do not have effective information security programs. FILs are addressed to the Chief Executive Officers of financial institutions and are used by the FDIC to announce new regulations and policies, new FDIC publications, and a variety of other matters of principal interest to those responsible for operating a bank or savings association. 8 APPENDICES 165 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Management of Information Security and Privacy Programs According to the United States Computer Emergency Readiness Team (“US-CERT”), from 2014 through 2016, federal government agencies reported more than 177,000 cybersecurity incidents, with more than 50,000 involving PII. 9 GAO’s report, High Risk Series: Progress on Many High-Risk Areas, While Substantial Efforts Needed on Others (2017), recognized that safeguarding computer systems from cyber threats is a high risk across the Federal government and has been a long-standing concern for over 20 years. Without proper safeguards, computer systems are vulnerable to individuals and groups with malicious intentions who can intrude and use their access to obtain sensitive information, commit fraud and identity theft, disrupt operations, or launch attacks against other computer systems and networks. In 2015, the records of the Office of Personnel Management were compromised. The computer hack resulted in the theft of records containing the PII of more than 21 million prospective, current, and former Federal employees. This breach alone is estimated to cost $350 million for credit and identity monitoring services, identity theft protection, and identity restoration services for affected individuals. This data breach brought into focus the need for strong management of information security and privacy protection programs within the FDIC. Recent guidance from the Office of Management and Budget (“OMB”), OMB Memorandum M-17-12, entitled Preparing for and Responding to a Breach of Personally Identifiable Information (January 3, 2017), further describes the gravity of cybersecurity breaches: “Identity theft represented 16 percent (490,220) of the over 3 million complaints received by the Federal Trade Commission (“FTC”) in 2015. In 2014, the Department of Justice reported that 17.6 million individuals or 7 percent of all U.S. residents age 16 or older, were victims of one or more occurrences of identity theft.” The FDIC uses IT systems and applications to perform its several mission goals regarding safety and soundness for financial institutions, consumer protection, managing the Deposit Insurance Fund, and resolution and receivership of failed institutions. These systems and applications hold significant amounts of sensitive data. 10 For example, the FDIC’s Failed Bank Data System contains more than 2,500 terabytes of sensitive information from more than 500 bank failures. US-CERT is an organization within the Department of Homeland Security that assists federal civilian agencies with their data breach incident handling efforts. The Federal Information Security Modernization Act of 2014 (“FISMA 2014”) requires federal agencies to report security incidents to US-CERT, which analyzes the information to identify trends and indicators of attack across the federal government. 10 FDIC Circular 1360.9, Protecting Sensitive Information, defines sensitive information as “information that contains an element of confidentiality. It includes information that is exempt from disclosure by the Freedom of Information Act and information whose disclosure is governed by the Privacy Act of 1974. Sensitive information requires a high level of protection from loss, misuse, and unauthorized access or modification.” 9 166 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) In addition, FDIC systems contain substantial amounts of PII, including, for example, names, Social Security Numbers, and addresses related to bank officials, depositors, and borrowers at FDIC-insured institutions and failed banks, and FDIC employees. Of the FDIC’s 261 system applications, 151 applications required Privacy Impact Assessments because they collect, maintain, or disseminate PII. Over time, the FDIC has experienced a number of cybersecurity incidents. In August 2011, the FDIC began to experience a sophisticated, targeted attack on its network known as an Advanced Persistent Threat (“APT”). 11 The attacker behind the APT penetrated more than 90 workstations or servers within the FDIC’s network over a significant period of time, including computers used by the former Chairman and other senior FDIC officials. The attacker further gained unauthorized access to a significant quantity of sensitive data. The FDIC’s Division of Information Technology failed to fully inform senior FDIC executives of the severity and magnitude of the intrusion. In response to this incident, the FDIC hired a cybersecurity firm to perform additional analysis and realigned its IT functions. In late 2015 and early 2016, the FDIC was again impacted by significant cybersecurity incidents. In this case, the FDIC detected eight data breaches as departing employees improperly took sensitive information shortly before leaving the FDIC. The FDIC initially estimated that this sensitive information included the PII of approximately 200,000 individual bank customers associated with approximately 380 financial institutions, as well as the proprietary and sensitive data of financial institutions; however, the FDIC later revised the number of affected individuals to 121,633. In our OIG report, The FDIC’s Controls for Mitigating the Risk of an Unauthorized Release of Sensitive Resolution Plans (July 2016), we reviewed the September 2015 breach in which a former employee copied, without authorization, highly confidential components of three sensitive resolution plans onto an unencrypted Universal Serial Bus (“USB”) storage device and took the information upon abruptly resigning. OIG law enforcement officials subsequently recovered the USB device containing all of the exfiltrated data as well as a sensitive Executive Summary for a fourth resolution plan in hard copy. Based on the OIG criminal investigation, the employee was subsequently charged in the Federal District Court for the Eastern District of New York with theft of government property (18 U.S.C. Section 641). In another OIG report, The FDIC’s Process for Identifying and Reporting Major Information Security Incidents (July 2016), we reviewed the FDIC’s process to address the breach involving An advanced persistent threat may occur when an entity gains unauthorized access to a computer network, escalates its privileges, and develops an ongoing presence within the network to compromise the network data and component-level security. 11 APPENDICES 167 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) an employee’s use of a USB storage device to copy more than 10,000 documents, including more than 10,000 unique Social Security Numbers upon the employee’s departure from the FDIC. We found that over 4 weeks elapsed between the discovery of the incident and a determination that the incident involved a data breach. We concluded the FDIC had not devoted sufficient resources to review potential violations. In a recent OIG report, The FDIC’s Processes for Responding to Breaches of Personally Identifiable Information (September 2017), we assessed the adequacy of the FDIC’s processes to evaluate the risk of harm to individuals affected by a breach of PII and to notify and provide services to those individuals when appropriate. We reviewed a sample of suspected or confirmed breaches occurring between January 1, 2015 and December 1, 2016, potentially affecting 13,000 individuals. We found that the FDIC did not notify affected individuals until more than 9 months had elapsed from the date of discovery of the breaches. Further, we noted that the FDIC had not devoted sufficient resources to address a dramatic increase in breach investigation activities. We also determined that the individuals responsible for examining the data breaches did not always have the necessary skills and training to ensure proper performance of their duties. In another recent OIG report, Audit of the FDIC’s Information Security Program – 2017 (October 2017), we identified FDIC security control weaknesses that limited the effectiveness of the FDIC’s information security program and practices and placed the confidentiality, integrity, and availability of the FDIC’s information systems and data at risk. Security control weaknesses included, for example: • • • • • 168 Contingency Planning. The FDIC’s IT restoration capabilities were limited, and the agency had not taken timely action to address known limitations with respect to its ability to maintain or restore critical IT systems and applications during a disaster. Information Security Risk Management. The FDIC established the Information Security Risk Advisory Council (“the Council”) in 2015. However, the Council did not fulfill several of its key responsibilities as defined in FDIC policy. Enterprise Security Architecture. The FDIC had not established an enterprise security architecture that (i) describes the FDIC’s current and desired state of security and (ii) defines a plan for transitioning between the two. The lack of an enterprise security architecture increased the risk that the FDIC’s information systems would be developed with inconsistent security controls that are costly to maintain. Technology Obsolescence. The FDIC was using certain software in its server operating environment that was at the end of its useful life and for which the vendor was not providing support to the FDIC. Information Security Strategic Plan. The FDIC had drafted, but not yet finalized, an information security strategic plan. APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) • • • Patch Management. We noted instances in which patches addressing high-risk vulnerabilities were not installed on servers, desktop computers, and laptop computers within the timeframes established by FDIC policy. Credentialed Scanning. We found instances in which network IT devices were not subject to a “credentialed” scan—a thorough type of scan that involves logging into the IT device to inspect for vulnerabilities. Security Information and Event Management (“SIEM”) Tool. The FDIC had not developed a process to ensure that all servers on the FDIC’s network routed log data to the FDIC’s SIEM tool. We determined that, according to the FISMA Reporting Metrics, the FDIC was rated as “Defined,” which indicated that policies and procedures were formalized and documented, but not consistently implemented. GAO also assessed information security controls over key financial systems, data, and networks as part of its audit of the FDIC’s financial statements. In its report, Information Security: FDIC Needs to Improve Controls over Financial Systems and Information (May 2017), GAO identified information security deficiencies at the FDIC. For example, GAO found that the FDIC did not implement sufficient controls to isolate financial systems from other parts of its network to prevent unauthorized users and systems from communicating with the financial systems. Further, GAO reported that the FDIC did not implement sufficient controls over a privileged account used by systems engineers to manage the FDIC’s virtual environment. As a result, the FDIC had diminished ability to distinguish between authorized and unauthorized activity in the systems. According to GAO, those information system control issues “represented a significant deficiency in the FDIC’s internal control over financial reporting systems as of December 31, 2016.” 12 Weaknesses in Management of Contractor Personnel. Our OIG report, Controls over Separating Personnel’s Access to Sensitive Information (September 2017), identified weaknesses in the management of contractor access to FDIC systems, data, and facilities. We found that separating contractor employees may present greater risks than FDIC employees, because the FDIC may not know as much about an individual contractor’s personnel history and the contractor may depart without advanced notice. Further, we found that the priority review of network activity using the Data Loss Prevention (“DLP”) 13 tool was not conducted in the pre-exit clearance process for many contractors. We estimated that at least 43 percent of FDIC At the time of issuance of this report, we were advised by the FDIC that the GAO had not identified a significant deficiency in the FDIC’s internal control over financial reporting as of December 31, 2017. 13 The DLP operates as a guard around the digital perimeter of the FDIC and monitors various electronic ways sensitive information could leave the FDIC. For example, the DLP monitors outgoing emails, documents sent to network printers, website uploads, and downloads to external media. 12 APPENDICES 169 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) contractors who separated between October 1, 2015 and September 30, 2016 were not subject to such DLP priority review. In addition, the FDIC could not locate clearance records for 46 percent of the contractors we sampled, and records management liaisons did not review data questionnaires before contractors separated in 94 percent of the cases we reviewed. Further our OIG report, Follow-on Audit of the FDIC’s Identity, Credential, and Access Management Program (June 2017), found that the FDIC did not maintain current, accurate, and complete contractor personnel data to ensure Personal Identity Verification (“PIV”) card (i.e., a badge) credential issuance to authorized FDIC contractors. Absent reliable contractor information, PIV cards may not be issued and revoked in a timely manner, presenting an increased risk of unauthorized access to FDIC facilities and networks. Contracts for IT goods and services also pose risks because there are often multiple tiers of outsourcing, as well as numerous actors such as suppliers, acquirers, systems integrators, and service providers that interact to design, manufacture, and deploy products and services. The National Institute of Standards and Technology described the vulnerabilities in the “supply chain” for U.S. Government agencies to include the influence of foreign governments, counterfeit products, unauthorized production, tampering, and insertion of malicious software and hardware. For example, on December 12, 2017, legislation was enacted that banned the U.S. Government’s use of Kaspersky Labs, a supplier of antivirus products, due to concerns of foreign government influence. The FDIC contracts for the purchase of laptops, servers, and other IT products in support of its mission and should maintain awareness of supply chain risks. Change in Cyber Management at FDIC. Turnover in key leadership positions affected the management of the FDIC’s cybersecurity and privacy programs. Between 2010 and 2017, the FDIC had seven acting or permanent Chief Information Officers (“CIO”) who also held the role of Chief Privacy Officer (“CPO”). During this same period of time, the FDIC also had seven Chief Information Security Officers. These senior management changes impact the direction of an organization because turnover affects management strategy, planning, budgets, and staffing. As noted by GAO in Federal Chief Information Officers: Responsibilities, Reporting Relationships, Tenure, and Challenges (2004), a high turnover rate in CIOs negatively impacts their effectiveness because there is limited time to put their agenda in place or form close working relationships with agency leadership. In the case of the FDIC, the turnover hindered progress in establishing and implementing an IT governance framework, such as an Enterprise Architecture, IT Strategic Plan, and Information Security Plan—all of which are fundamental to a successful IT program. A recent example highlights how turnover experienced by the FDIC contributed to the underlying challenge of managing information security. The former CIO at the FDIC 170 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) (November 2015 to October 2017) began an initiative to move FDIC IT operations to cloudbased solutions. Adopting a cloud-based IT approach reflected a significant change not contemplated in the governance documents referenced above, as it moved IT procurement, development, and maintenance from on-site services to off-site services. Such a move involved migrating the FDIC’s data center to a contractor owned and operated facility and a shift in FDIC IT personnel skills, governance, and policies and procedures towards oversight, management, and monitoring of cloud contracts. However, the FDIC’s current CIO decided to take a more measured approach by moving some IT operations to the cloud in October 2017. FDIC resources devoted to cloud strategy planning from March to October 2017 could have been deployed to other IT initiatives. The FDIC’s Privacy Program. The FDIC has designated its CIO as the CPO, also referred to as the Senior Agency Official for Privacy (“SAOP”). Notably, however, OMB Memorandum M-16-24, Role and Designation of Senior Agency Officials for Privacy, states that “agencies should recognize that privacy and security are independent and separate disciplines. While privacy and security require coordination, they often raise distinct concerns and require different expertise and different approaches. The distinction between privacy and security is one of the reasons that the Executive Branch has established a Federal Privacy Council independent from the Chief Information Officers Council.” In light of the updated requirements and responsibilities for the SAOP/CPO, the FDIC may wish to consider whether the CIO should continue to serve as SAOP/CPO. The perspectives of the SAOP/CPO are different from those of the CIO. The CIO has responsibility for maintaining a broad, strategic orientation focused on enterprise issues and concerns and protecting the agency’s IT resources. These issues relate to the management of the FDIC’s IT systems, enterprise architecture, governance of programs and resources, acquisition of hardware, backup systems, personnel, security systems, and processes to keep the IT systems running efficiently and effectively. In contrast, the CPO’s (and SAOP’s) role is oriented towards protecting the privacy of individuals, including FDIC programs, policies, and procedures that affect bank customers and FDIC personnel, and reducing the risk of harm to potentially affected individuals in the event of a breach. Also, the SAOP/CPO has responsibility for privacy issues and concerns that extend beyond IT issues. For example, the SAOP/CPO has responsibilities for privacy implications related to FDIC materials that are not in electronic form. In addition, the SAOP/CPO is responsible for the privacy implications of internal FDIC programs that might affect FDIC personnel. The SAOP/CPO is further responsible for the privacy implications of disclosures of information outside of the FDIC, and this official may need to make decisions about the laws and regulations governing APPENDICES 171 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) privacy law, discovery productions in litigation, Freedom of Information Act requests, and other disclosure laws and regulations. The FDIC’s Performance Plan for 2017 indicated that it would prioritize efforts “to protect its networks and data from unauthorized access, data breaches, and intrusions.” The Plan further stated that the FDIC intends to implement technologies to improve its ability to classify and protect sensitive data. Also, in 2017, the FDIC updated its IT strategic plan, revised its Breach Response Plan, and established a new Office of the Chief Information Security Officer. The FDIC also issued PIV cards to all employees and contractors and began requiring use of the cards to access FDIC computers. Looking ahead, the FDIC also plans to integrate cybersecurity into the FDIC-wide enterprise architecture and update its policies and procedures for expiring and outdated software and patch management. In addition, the FDIC is working to improve contingency planning in order to maintain or restore critical IT systems and applications during a disaster. As global cyber intrusions continue to increase, the FDIC must continue to safeguard its own computer systems and data. The FDIC should ensure that IT and privacy program managers address weaknesses and build capabilities to prevent cybersecurity attacks, and minimize the risks associated with breaches, including the compromise of sensitive and PII data. 172 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Utilizing Threat Information to Mitigate Risk in the Banking Sector On February 12, 2013, the President issued Presidential Policy Directive 21 entitled, Critical Infrastructure Security and Resilience. This directive identified the banking sector as one of 16 critical infrastructure sectors that are vital to public confidence and the nation’s safety, prosperity, and well-being. The President’s National Infrastructure Advisory Council recommended and encouraged public and private sectors “to move actionable information to the right people at the speed required by cyber threats.”14 The FSOC, in its Annual Report (2017), also highlighted the importance of sharing threat information among the public and private sector as a “key priority” to reduce the risk of cybersecurity incidents and mitigate their impact if they occur. The financial sector is diverse and interconnected, and spans from the largest institutions (assets greater than $2 trillion) to the smallest community banks. The International Monetary Fund in its Working Paper, Cyber Risk, Market Failures, and Financial Stability (2017), stated that “given the financial system’s dependence on a relatively small set of technical systems, knock-on effects from downtimes and service disruptions due to successful attacks have the potential to be widespread and systemic.” As identified by the FDIC in Crisis and Response, An FDIC History 2008-2013, financial system interconnectedness played a role in the financial crisis, “[e]ven financial institutions without large exposures to mortgage assets or derivatives were affected because they were deeply interconnected with the financial system in which these exposures played so significant a role.” According to Presidential Policy Directive 21, the national preparedness systems must be integrated to secure critical infrastructure, withstand all hazards, and rapidly recover from disasters. Federal departments and agencies must collaborate with private sector critical infrastructure owners and operators. Both the Departments of the Treasury and Homeland Security recognized that sharing timely and actionable information is critical to managing risk. In 2007, the Department of Homeland Security issued the National Infrastructure Protection Plan (“NIPP”); one portion of the NIPP relates to the financial sector – the Banking and Finance Critical Infrastructure and Key Resources Sector-Specific Plan. This Sector-Specific Plan described that financial regulators, including the FDIC, and the private sector are responsible for securing critical infrastructure, under the leadership of the Treasury Department. This relationship is addressed through several working groups and committees, including the Financial and Banking The President’s National Infrastructure Advisory Council, Securing Cyber Assets – Addressing Urgent Cyber Threats to Critical Infrastructure (August 2017). 14 APPENDICES 173 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Information Infrastructure Committee (“FBIIC”), 15 the Financial Services Sector Coordinating Council (“FSSCC”), 16 and the Financial Services Information Sharing and Analysis Center (“FSISAC”). 17 These organizations provide structures through which financial sector participants share information at the national and local levels, assess and mitigate sector-wide risks, develop and maintain key relationships, and conduct periodic testing of emergency protocols. The FDIC participates in these organizations to monitor cybersecurity, share information, and coordinate responses. The U.S. Government gathers threat information about U.S. financial institutions and the financial system. For example, in its report entitled, Cybersecurity: Bank and Other Depository Regulators Need Better Data Analytics and Depository Institutions Want More Usable Threat Information (2015), the GAO identified numerous sources of threat information that is provided to financial institutions. The FBIIC was created in 2001 to improve the reliability and security of the financial sector infrastructure and consists of 18 federal and state member organizations across the financial regulatory community. 16 The FSSCC was established in 2002 to work collaboratively with key government agencies to protect the nation’s critical infrastructure from cyber and physical threats and consists of 70 private sector members, including trade associations, financial utilities, and critical financial firms. 17 The FS-ISAC was established in 1999 as a member-owned non-profit entity to share timely, relevant, and actionable physical and cyber security threat and incident information. FS-ISAC has 7,000 members across 39 countries. 15 174 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) As part of its review, GAO discussed the receipt of cyber threat information from the government with representatives from more than 50 depository institutions. The participants said that the information received from government sources was repetitive, not timely, and could not always be acted upon, because the information lacked sufficient details. Financial institutions said they rarely obtained cyber threat information from the government that they had not already received from other sources and that in some cases, smaller banks struggled with the volume of information from government agencies. The GAO report also identified barriers to sharing threat information and reporting incidents in a timely manner. For example, institutions stated that information received from the government about cyber threats and actual attacks lacked sufficient context or details to allow institutions to take appropriate protective actions. In addition, some institutions were often reluctant or unable to share information with government agencies or other institutions, and expressed concern that the information shared could negatively impact their competitive advantages because reported information may become public. GAO also reported that classified information could not be shared with bank officials who did not have access to such information. As a result, intelligence community and law enforcement representatives were often cautious about declassifying certain information based on their concern that sensitive sources and methods used might be divulged. In its Annual Report for 2017, the FSOC also recognized that there was a body of relevant information held by the government that was classified as national security information and must maintain its classification restrictions. Nevertheless, the FSOC encouraged agencies to “balance the need to keep information secure with efforts to share information with industry to enhance cybersecurity resilience.” Therefore, the FSOC called on government agencies to “consider how to share information appropriately and, where possible, continue efforts to declassify (or downgrade classification) to the extent practicable, consistent with national security needs.” Further, Federal Reserve Vice Chair for Supervision, Randal Quarles, recently stated that bank regulators have a bigger role to play in preventing cybercrime and should focus more on connecting financial institutions with national security agencies.18 The former Comptroller of the Currency, Thomas Curry, also warned in his statement accompanying the agency’s Semiannual Risk Perspective (Fall 2015) that “[w]e can’t allow the federal banking system to be compromised by hackers or used by criminals or terrorists.” The financial sector also faces threats based on new technology; one worth noting in particular is the rapid growth of the virtual currency markets. According to Forbes, there are more than 18 American Banker, Regulators Have Bigger Role to Play in Cybersecurity (December 1, 2017). APPENDICES 175 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) 1,000 different virtual currencies with a total market value of $650 billion. 19 In addition, there has been widespread volatility in the marketplace. For example, CNN reported on December 9, 2017, that Bitcoin value soared from just under $10,000 per coin to more than $18,000 within one week. Clearinghouses and brokerages expressed concern about liability due to Bitcoin’s high volatility and risk of manipulation because of the lack of transparency and regulation underlying Bitcoin futures products. 20 Moreover, virtual currencies do not require the disclosure of information about a user’s identity and therefore give participants some degree of anonymity. In the GAO’s Virtual Currencies: Emerging Regulatory, Law Enforcement, and Consumer Protection Challenges (2014) report, it noted that “[b]ecause some virtual currency transactions provide greater anonymity than transactions using traditional payment systems, law enforcement and financial regulators have raised concerns about the use of virtual currencies for illegal activities.” The GAO further identified concerns about the use of virtual currencies in money laundering, financial and other crimes including cross-border criminal activities, and consumer protection issues related to the loss of funds on virtual currency exchanges.21 At present, the United States does not have a direct and comprehensive program to conduct oversight of the virtual currency markets. However, some government regulators and agencies have issued guidance to address concerns about virtual currencies, including the Financial Crimes Enforcement Network (“FinCEN”), Internal Revenue Service, Commodity Futures Trading Commission (CFTC), and Securities and Exchange Commission (SEC). 22 The FDIC has analyzed the potential impact that virtual currencies pose to financial institutions and formed a Financial Technology Working Group to monitor virtual currencies and other financial technology innovations. Among the challenges identified by the FDIC are the potential for illicit use and connection to criminal activity, legal and supervisory challenges, and integration with and risk to financial institutions. The FDIC should continue to monitor issues surrounding virtual currencies, to ensure that examiners and institutions are aware of the threats posed by these evolving technologies and markets. Further, the Financial Services Sector-Specific Plan of the NIPP also described physical threats, such as natural disasters, terrorist attacks, and floods that have significant potential to disrupt the financial system. For example, CNN reported on November 10, 2017, Hurricanes Could Bring 2018 Will See Many More Cryptocurrencies Double In Value (January 2, 2018). Bitcoin to start futures trading, stoking Wild West worries, Reuters (December 7, 2017). 21 In the Statement of GAO’s Director, Financial Markets and Community Investment before the Senate Committee on Banking, Housing, and Urban Affairs (September 12, 2017), GAO also identified data and privacy risks in the use of blockchain technology. 22 FinCEN’s Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime (FIN-2016-A005 October 25, 2016); CFTC Backgrounder on Oversight of and Approach to Virtual Currency Futures Markets (January 4, 2018); SEC Chairman Jay Clayton Statement on Cryptocurrencies and Initial Coin Offerings (December 11, 2017). 19 20 176 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Another Disaster: Foreclosure, that approximately 4.8 million mortgaged properties were in the paths of Hurricanes Harvey, Irma, and Maria, representing nearly $746 billion in unpaid mortgage principal balances. Threats to financial institutions also may come from, or be exacerbated by, their dependence on other critical infrastructure services, such as energy, electricity, communication, and transportation. The recent hurricanes in Puerto Rico provide an example of the effect of the loss of electricity and transportation to the banking industry. During Hurricane Maria, banks lost electrical power to run their operations, and armored cars could not reach branches to stock ATMs due to road conditions. Threat Information Critical to Financial Institutions and Their Service Providers. Threat information held by the U.S. Government is critical to financial institutions and their service providers. As discussed in FDIC’s Supervisory Insights, A Framework for Cybersecurity, “financial institutions should have a program for gathering, analyzing, understanding, and sharing information about vulnerabilities to arrive at ‘actionable intelligence.’” The Supervisory Insights article further stated that actionable intelligence can be gathered through a number of public and private resources, including FS-ISAC and the Department of Homeland Security’s U.S. Computer Emergency Readiness Team. The FDIC, along with the FFIEC, has encouraged financial institutions to participate in FS-ISAC. Also, FDIC IT examiners assess an institution’s process to gather threat information. As noted in GAO’s 2015 report referenced above, financial institutions are required to quickly respond to and mitigate the impact of data breaches. In order to secure their systems, institutions must have timely and actionable threat information. The 2015 Financial Services Sector-Specific Plan explained that “an incident impacting one firm has the potential to have cascading impacts that quickly affect other firms or sectors.” The financial crisis provided an example of how the default of poorly underwritten mortgages at one bank rippled through the financial system to other banks, brokerages, and insurance companies through asset-backed securities and collateralized debt obligations backed by those mortgages. Threat Information Critical to FDIC Examiners. Threat information held by the U.S. Government is also critical to FDIC examiners. Examiners should have access to relevant threat information and an understanding of the current threat level and types of threats, in order to focus examinations and prioritize areas for supervisory attention. FDIC examiners use standard work programs to assess safety and soundness risk; however, they also have discretion to modify the scope of an examination and assess whether certain areas require greater scrutiny or expanded examination procedures. Therefore, understanding common threats across all institutions, even those not supervised by the FDIC, is important to APPENDICES 177 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) examiners. This information can be used by an examiner to test risk management programs at financial institutions. FDIC examiners should have relevant information concerning current threats and risks relating to an institution or a geographic region, which allows them to tailor examination procedures accordingly. In addition, if examiners identify weaknesses in an institution’s risk assessment process, including components related to gathering threat intelligence, they are instructed to identify such weaknesses in the Report of Examination. If the weaknesses are significant, an enforcement action may be used to specify and monitor the required corrective action. Further, FDIC examiners may initiate limited-scope examinations and visitations to investigate adverse or unusual situations based on up-to-date threat and risk information. These examinations and visitations have flexible formats. Examiners must assess whether bank staff have adequate threat information, and whether they take appropriate remediation action. Without relevant threat information, examiners may not be able to direct examination efforts effectively. The FDIC, along with its government partners, collects and queries threat information contained within U.S. Government databases and repositories. The FDIC should continue to ensure that relevant threat information is disseminated to its examiner personnel to target risk areas at institutions and focus the FDIC’s resources. The FDIC should also continue to assess whether financial institutions have access to and receive relevant threat information to mitigate risks. When institutions and examiners have threat information, they can more effectively take action to mitigate threats. 178 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Readiness for Banking Crises According to the Financial Crisis Inquiry Commission (2011), 23 nearly $11 trillion in household wealth vanished during the financial crisis that began in 2008. During the financial crisis, 4 million families lost their homes to foreclosure, and another 4-1/2 million slipped into the foreclosure process or were seriously behind on mortgage payments, and 26 million Americans were out of work, could not find full-time jobs, or gave up looking for work. 24 As reported in the FDIC’s Crisis and Response, An FDIC History, 2008-2013, the net cost of the crisis was up to “roughly 80 percent of an entire year’s gross domestic product.” 25 The financial crisis resulted in 489 bank failures from 2008 through 2013. These failures cost the Deposit Insurance Fund (“DIF”) approximately $72 billion, and it fell to the lowest level in history, a negative $20.9 billion by the end of 2009. 26 In addition, the number of problem banks peaked in early 2011 at almost 900, constituting nearly 12 percent of all FDIC-insured institutions. 27 As this crisis unfolded, it challenged every aspect of the FDIC’s operations, not only because of its severity, but also because of the speed with which problems unfolded. According to FDIC analysis, failure rates increased much faster during the 2008–2013 crisis than during the 1980s and early 1990s banking and thrift crises. For example, by 2009 almost 2 percent of banks had failed—a rate that was not reached in the previous crisis until the eighth year. In November 2017, the FDIC Chairman stated that “[i]t is also worth keeping in mind that the evolution of the global financial system towards greater interconnectedness and complexity may tend to increase the frequency, severity, and speed with which the financial crises occur.” The FDIC Chairman further remarked that “regulators must guard against the temptation to become complacent about the risk facing the financial system.” The OFR noted in its Annual Report for 2017 that new vulnerabilities have emerged since the previous financial crisis and highlighted key threats to the financial system. There have been several changes in the financial markets since the crisis – for example: the increased use of automated trading systems, increased speed of executing financial transactions, and a wider variety of trading venues and The Financial Crisis Inquiry Commission was established by statute, Financial Enforcement and Recovery Act (2009), to “examine the causes of the current financial and economic crisis in the United States.” The Commission was independent and composed of a 10-member panel of experienced financial experts knowledgeable in housing, economics, finance, market regulation, banking, and consumer protection. These members were selected by the leadership in Congress at the time. 24 The Commission and staff reviewed millions of pages of documents, interviewed more than 700 witnesses, and held 19 days of public hearings. See also, U.S. Government Accountability Office, Financial Regulatory Reform: Financial Crisis Losses and Potential Impact of the Dodd-Frank Act, (February 2013). 25 The FDIC conducted a study of the financial crisis entitled Crisis and Response, An FDIC History, 2008-2013, published in December 2017. 26 Since the end of 2009, the DIF has grown every quarter and became positive in the second quarter of 2011. The DIF balance as of December 31, 2017 was $92.7 billion. 27 The FDIC identifies “problem banks” as those with examination ratings of 4 or 5 (the two lowest ratings), which refers to institutions that exhibit deficiencies in practice or performance so severe that failure is either a distinct possibility (4 rating) or likely (5 rating) unless deficiencies are corrected. 23 APPENDICES 179 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) liquidity providers. Vice Chair Quarles of the Federal Reserve Board stated that “the banking industry and technology firms have been seeking innovations in financial services that mirror and complement changes that have been made in other industries. Innovation is coming to finance with changes to consumer lending, financial advice, and retail payments, to name a few. . . . With a steady diet of news about the effect of electronic networks, personal devices, apps, and more on U.S. industries, many question the effect of these technologies on the payment system.” 28 The financial system continues to evolve with new risks and complexities, and such changes have the potential to create unanticipated risks. To carry out its program activities and meet its mission – and to prepare for the next banking crisis – the FDIC should ensure that its personnel and examiners have the proper skillsets. The FDIC has an effort underway to address succession planning and develop advanced subject-matter expertise. The FDIC must continue to ensure that it has adequate plans in place to address disruptions to the banking system, irrespective of their cause, nature, magnitude, or scope. Further, its plans should be current and up-to-date, and incorporate lessons learned from past crises and the related bank failures. In addition, the plans should contemplate the present and foreseeable state of the banking and financial services sector, as banking industry practices and technologies continue to evolve. Also, the FDIC plans should continue efforts aimed at ensuring seamless coordination with and among other federal agencies and financial regulators, as well as with its international partners. The FDIC also should be able to react and respond quickly to a crisis. It should exercise and test its plans periodically to ensure that it is capable of fulfilling its mission, and ensure that its personnel and examiners have the proper skillsets to carry out program activities and meet the mission of the agency. Authorities and Mechanisms. The FDIC must also continue to evaluate whether it has the proper authorities and tools in place for the next financial crisis. Since the previous crisis, the FDIC has been granted authority, pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”), to resolve the failure of systemically important financial institutions (“SIFI”) 29 through orderly liquidation authority. 30 The FDIC must continue to ensure that it can execute these authorities effectively, especially with respect to the orderly liquidation authority. The FDIC continues to build upon its capabilities through monitoring of resolution Vice Chairman for Supervision Randal K. Quarles speech, Thoughts on Prudent Innovation in the Payment System (November 30, 2017). In Resolution Plans: Regulators Have Refined Their Review Process but Could Improve Transparency and Timeliness (April 2016), GAO defines a SIFI as a term “commonly used by academics and other experts to refer to bank holding companies with $50 billion or more in total consolidated assets and nonbank financial companies designated by the Financial Stability Oversight Council for Federal Reserve supervision and enhanced prudential standards, but the Dodd-Frank Wall Street Reform and Consumer Protection Act does not use the term.” 30 Orderly liquidation authority acts as a backstop where SIFIs cannot otherwise be resolved through Bankruptcy Code processes. 28 29 180 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) plans and pre-planning exercises with key stakeholders and international partners. However, planning for these activities is complex, and the processes remain untested. The Dodd-Frank Act also gave the FDIC greater discretion to manage the DIF, including where to set the designated reserve ratio. 31 Consistent with the Act, the FDIC implemented a plan for the DIF by amending FDIC regulations to set the designated reserve ratio at 2 percent. 32 The FDIC should also continue evaluating whether it has the proper mechanisms to address failing institutions in the next crisis. For example, the FDIC has used Shared-Loss Agreements (“SLA”) to resolve failed institutions. In an SLA, a healthy acquiring institution agrees to purchase a failing institution, whereby the FDIC also agrees to absorb a significant portion of the losses experienced by the acquiring institution. According to the FDIC study on the financial crisis, SLAs were used by the FDIC for 62 percent of the failed banks and 82 percent of failed bank assets. 33 The FDIC study identifies a number of issues in its analysis of lessons learned – including exploring options for maintaining readiness in a low-failure environment, considering broadening its options for funding resolutions, and implementing the necessary back-office operations and infrastructure to oversee the loss share program. We have work planned to evaluate whether the SLAs utilized by the FDIC achieved its program goals effectively. The FDIC should explore whether there are other mechanisms that should be considered for the next financial crisis and ensure that such tools are ready to be implemented should they be needed. When resolving a failing or failed bank, the FDIC uses an automated tool called the Claims Administration System (“CAS”) to identify a depositor’s insured and uninsured funds. When planning for the development of the CAS program, the FDIC expected that CAS could make insurance determinations for an institution of any size, up to 5 million deposit accounts; however, over time, the FDIC recognized the challenges of inconsistent and incomplete data at institutions. To mitigate these challenges, the FDIC issued a final rule on April 1, 2017 that required large institutions with greater than 2 million accounts to develop the capability to calculate deposit insurance coverage for their customers. 34 As of December 2016, this rule would cover 38 financial institutions that maintain between 2 million and 87 million deposit accounts, at an expected cost of approximately $478 million. The FDIC has used CAS to make insurance determinations for a failing bank with greater than 2 million accounts during preclosing resolution planning but has not yet tested the system for institutions with greater than 31 The reserve ratio is the DIF balance divided by estimated insured deposits. The FDIC stated in the background of the Final Rule on the Designated Reserve Ratio that “a fund that is sufficiently large is a necessary precondition to maintaining a positive fund balance during a banking crisis and allowing for long-term, steady assessment rates. 75 Fed. Reg. 79,286 (December 20, 2010). 33 The failure of the Washington Mutual financial institution was not included in these figures, because of its size and unique characteristics. 34 12 C.F.R. Part 370. 32 APPENDICES 181 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) 2 million deposit accounts during a closing weekend. Accordingly, the FDIC is continuing to upgrade CAS capacity and timeliness. We have ongoing work to assess to what extent CAS has achieved expectations for accuracy, timeliness, and capacity in making insurance determinations. Staffing Plans. Determining the right number and skillsets of permanent staff needed to carry out and support the FDIC’s program areas is a fundamental challenge. At the peak of the financial crisis in 2011, the FDIC maintained approximately 9,250 permanent, term, and temporary positions, whereas it’s proposed staffing level for 2018 is 6,076 positions – a 34percent reduction. The FDIC’s annual budget is formulated primarily on the basis of an analysis of projected workload for each of the FDIC’s business lines 35 and its program support functions. Risk Management Supervision (“RMS”). With respect to RMS, the FDIC viewed its corps of experienced examiners as a great asset during the last financial crisis. However, much of the current FDIC workforce will transition into retirement over the next decade. According to FDIC data, more than 25 percent of the FDIC’s current permanent workforce is projected to retire over the next 10 years, and many others are eligible to retire. While the FDIC has initiated a multi-year Workforce Development Initiative, it must maintain a steady flow of new examiners to step into the roles currently filled by seasoned examiners. In addition, the FDIC should ensure that there is a “knowledge transfer” from the more experienced personnel to the newer staff. To that end, RMS’s strategic plan includes a goal to ensure that the knowledge, expertise, and experiences of its most tenured workforce are shared with and transferred to a less tenured workforce. RMS uses a staffing model to forecast a range for the appropriate number of examiners and its overall staffing size. This staffing model has been validated on two prior occasions. However, as noted earlier, in periods of crisis, the number of problem banks typically increases. For example, in March 2011, the number of problem banks was 888, whereas it currently stands at approximately 100 (as of September 2017). These problem banks required additional attention from FDIC RMS examiners, because they had elevated safety and soundness risks. As a result, the risk management examination staff was 2,237 positions in 2011, and has now been reduced to 1,549 in 2018 — a 31-percent reduction. During the financial crisis of 2008-2013, the FDIC reduced specialty examinations, examiner training, and temporary assignments, and repurchased employees’ annual leave, and hired temporary staff to address the increased workload. The FDIC also prioritized examination activities, increased staffing levels, and made greater use of off-site monitoring and on-site visitations between examinations. The FDIC has three major business lines: The Division of Risk Management Supervision (“RMS”) for safety and soundness and IT examinations; the Division of Resolutions and Receiverships (“DRR”) for failed bank resolutions and receivership activities; and the Division of Depositor and Consumer Protection (“DCP”) to ensure financial institutions treat customers and depositors fairly. 35 182 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Resolutions and Receiverships (“DRR”). DRR staffing requirements during the financial crisis were significantly higher than current staffing because of the bank failure workload. In 2010, there were 157 financial institutions that failed, as compared to only 5 failures in 2016 and 8 in 2017. As a result, DRR authorized staffing fell from 2,460 positions in 2010 to 409 positions in 2018 — an 83-percent reduction. DRR has developed an operational readiness framework. The framework is composed of several elements, including resource management, operation training, knowledge management, contract management, operational governance (i.e., delegated authorities, budget, and other organizational issues to address readiness), and technology support. The framework outlines a rapid hiring strategy through the use of contractors, retirees, and temporary employees. DRR has established number of contracts to support an increase in workload. The FDIC has determined that having the contracts in place minimizes the time to ramp up the acquisition process. At the peak of the previous financial crisis, more than 80 percent of DRR staffing consisted of term and temporary employees. In 2005, the FDIC implemented a Corporate Employee Program (“CEP”) that was designed to train new and experienced FDIC employees in a variety of functions, with the goal of creating a flexible workforce that could be re-allocated depending upon economic conditions and level of resolution activity. Subsequently, the FDIC determined that the CEP did not work as designed for augmenting DRR staffing needs, because it assumed that many of the employees who would be shifted to resolution tasks would come from the supervision division. However, as resolution activity began to increase, the workload of other divisions—including supervision—also increased, so that the realignment of resources could not be achieved as intended. Other Challenges to FDIC Staffing Issues. The staffing challenges identified above are difficult to address quickly within a compressed timeframe, because the FDIC requires background investigations before hiring new employees. The FDIC requires that employees, appointees, and applicants for employment undergo a National Agency Check and Inquiry with Credit or other appropriate background investigation according to the positions they hold. Background investigations are critical to ensure that the FDIC employs and retains only those persons who meet all federal requirements for suitability (i.e., character, reputation, honesty, integrity, trustworthiness) and whose employment or conduct would not jeopardize the accomplishment of the FDIC’s duties or responsibilities. A high-quality suitability program is essential to minimizing the risk of unauthorized disclosures of sensitive information and to helping ensure that information about individuals with criminal backgrounds or other questionable behavior is identified and assessed as part of the process for granting or retaining APPENDICES 183 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) clearances. Our OIG evaluation, The FDIC’s Personnel Security and Suitability Program, examined the timeliness of background checks for FDIC personnel. We found that during the period of 2011 to 2013, the submissions from the FDIC to investigate the background of employees and contractors exceeded OPM’s 14-day requirement, and that the average delays extended nearly 2 months. According to the Division of Administration’s (“DOA”) Acquisition Services Branch (“ASB”), ASB initially had difficulty recruiting and hiring term employees at the beginning of the most recent financial crisis. It appeared that prospective candidates were not interested in such term-limited appointments. However, as the crisis persisted, ASB expanded the number of permanent positions, reorganized, and was able to attract candidates for term appointments and complete contracting requirements. In addition, the current Administration has requested that government agencies develop reform plans aimed at reducing staffing levels. In June 2017, the FDIC submitted its multi-year strategy used to reduce operating and staffing on an annual basis to the OMB. The FDIC indicated in its submission that from 2010 through 2017, it had reduced its annual budget by approximately 46 percent and it’s staffing by 30 percent. The FDIC anticipates a permanent workforce of no more than 6,000 in the near term but noted that adjustments may be necessary. Readiness of Support Functions. In addition to staffing models, the FDIC should also ensure that it has the proper infrastructure in place, in order to address the administrative functions of the agency in a timely manner during the next banking crisis. For example, the FDIC must ensure that it has the proper contracting services in place. During the recent financial crisis, the FDIC issued over 6,000 awards totaling more than $8 billion. The vast majority of these awards went to support resolution and receivership activity at FDIC headquarters and in the Dallas Regional Office. In addition to the contracting activity, the FDIC should also ensure that it has the proper support services for such contracts, including legal support (Legal Division), as well as oversight managers and technical monitors. In addition the FDIC should ensure that it has the proper level of human resources personnel to hire new employees and annuitants. The agency should continue to ensure that there is sufficient IT equipment (including computers, servers, peripheral devices, software licenses, and communications devices) in preparation for the next financial crisis, and a robust infrastructure so that these computer systems may operate in a secure environment. The FDIC must continue to maintain and update its readiness strategies, and test and exercise its plans to ensure they keep pace with an ever-changing financial environment and incorporate important lessons from the past. 184 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Enterprise Risk Management Practices Enterprise Risk Management (“ERM”) is a decision-making tool that assists federal leaders in anticipating and managing risks at an agency, and helps to consider and compare multiple risks and how they present challenges and opportunities when viewed across the organization. According to OMB guidance, ERM is beneficial because it addresses a fundamental organizational issue: the need for information about major risks to flow both vertically (i.e., up and down the organization) and horizontally (i.e., across its organizational units) to improve the quality of decision-making. When implemented effectively, ERM seeks to open channels of communication, so that managers have access to the information they need to make sound decisions. ERM can also help executives recognize how risks interact (i.e., how one risk can exacerbate or offset another risk). Further, ERM examines the interaction of risk treatments (actions taken to address a risk), such as acceptance or avoidance. ERM encompasses many risk areas, including financial risk, operational risk, reporting risk, compliance risk, governance risk, strategic risk, and reputational risk. In July 2016, OMB issued an updated Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control, to ensure that federal officials effectively manage risks that could affect the achievement of agency strategic objectives. 36 OMB Circular A-123 requires agencies to integrate risk management and internal control functions and guides OMB defines the following terms: • Risk. The effect of uncertainty on objectives. • Risk management. A series of coordinated activities to direct and control challenges or threats to achieving an organization’s goals and objectives. • Enterprise Risk Management. An effective agencywide approach to addressing the full spectrum of the organization’s significant internal and external risks by understanding the combined impact of risks as an interrelated portfolio, rather than addressing risks only within silos. agencies’ processes to integrate organizational performance and ERM. The Circular emphasizes the need for agencies to coordinate risk management and strong and effective internal controls into existing business activities as an integral part of governing and managing an agency. Source: OMB Circular A-123 OMB Circular A-123 encouraged agencies to establish a Risk Management Council (“RMC”); develop “Risk Profiles”, which identify risks arising from mission and mission-support operations; The FDIC has determined that while Circular A-123 is not binding on the FDIC, the Circular provides “good government” principles that may be useful to the FDIC’s own ERM program. 36 APPENDICES 185 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) and consider those risks as part of the annual strategic review process. An effective RMC includes senior officials from program operations and mission-support functions to ensure the identification of risks that have the most significant impact on the mission outcomes. The Chief Operating Officer (“COO”) or a senior official with responsibility for the enterprise should serve as RMC chairperson. OMB Circular A-123 complements OMB Circular A-11, Preparation, Submission, and Execution of the Budget, Section 270, which discusses agency responsibilities for identifying and managing strategic and programmatic risk as part of agency strategic planning, performance management, and performance reporting practices. Together, these two OMB Circulars constitute the ERM policy framework for the federal government. OMB views ERM as part of the overall governance process, and internal controls as an integral part of risk management and ERM. The Relationship Between Internal Controls and ERM Governance Enterprise Risk Management Risk Management Internal Controls Source: OMB Circular A-123. OMB Circular A-123 specifies elements that federal agencies’ ERM frameworks should include and steps agencies should take to develop these frameworks. These include a planned risk management governance structure, a process for considering risk appetite and risk tolerance levels, a methodology for developing a risk profile, a general implementation timeline, and a plan for developing the depth and quality of the risk profiles over time. The organization’s senior leadership should establish a risk appetite (i.e., amount of risk an organization is willing to accept), which serves as a guidepost to establish strategy and select objectives, and a risk 186 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) tolerance (i.e., an acceptable level of variance in performance relative to the achievement of objectives). GAO reported that effective ERM implementation starts with an agency establishing a customized ERM program that fits its specific organizational mission, culture, operating environment, and business processes. 37 GAO identified six essential elements to assist federal agencies as they move forward with ERM implementation. Source: GAO-17-63. In our 2008 report, The FDIC’s Internal Risk Management Program, we evaluated the extent to which the FDIC’s implementation of an ERM program complied with applicable governmentwide guidance. We found that the FDIC should institutionalize how the various FDIC committees interrelate and support ERM, and ensure the continuity of risk management efforts as changes in leadership and/or senior management occur. Since that report, the FDIC has taken steps described below to develop an ERM framework, but in light of recent organizational 37 Enterprise Risk Management: Selected Agencies’ Experiences Illustrate Good Practices in Managing Risk (December 2016). APPENDICES 187 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) changes to the program, the FDIC must continue to enhance and develop its ERM infrastructure to achieve an effective and efficient ERM program. ERM is especially important for the FDIC at this time since it is experiencing significant changes at its senior levels, including the Board of Directors 38 and its governance bodies. The FDIC has a Board with five members: the FDIC Chairman, the FDIC Vice Chairman, the Director of the Consumer Financial Protection Bureau (“CFPB”), the Comptroller of the Currency, and an internal FDIC board member. The FDIC Chairman’s term expired in November 2017, but he continues to serve as Chairman until a nominee is confirmed. The Vice-Chairman’s term expires in April 2018. The Comptroller of the Currency was appointed in November 2017, and the CFPB Director is currently in an acting role. In addition, the FDIC internal board member position has been vacant since June 4, 2015. In 2010, the FDIC engaged a consulting firm to evaluate its existing risk management practices and recommend improvements. The consulting firm identified several gaps in the FDIC’s risk management structure. For example, most risks at the FDIC were addressed within existing hierarchical organizational structures, with limited communication across the agency organizational units. Further, while the FDIC had a network of internal committees to address various risks, governance over those committees was ambiguous. The consultant recommended the establishment of a centralized, independent risk management organization headed by a Chief Risk Officer (“CRO”) that should report directly to the FDIC Chairman. In January 2011, the FDIC Board of Directors established the CRO position and subsequently, in December 2011, the FDIC Board approved the creation of an Office of Corporate Risk Management (“OCRM”) with staffing of 15 employees. The CRO reported operationally to the FDIC Chairman and functionally to the Board of Directors. The OCRM provided an organization within the FDIC to review external and internal risks with a system-wide perspective and instill risk governance as part of the FDIC’s culture. In addition, the FDIC established an Enterprise Risk Committee (“ERC”) chaired by the CRO. The newly established ERC evaluated significant external business risks facing the FDIC and banking industry. The first CRO assumed his position in August 2011 and the OCRM staffing was authorized at 15 positions. The initial CRO retired in May 2016 and the then-Deputy CRO became the Acting CRO until his retirement in June 2017. Further, due to other staff departures, there were only five professional staff in OCRM by September 2017. According to the Federal Deposit Insurance Act, the management of the FDIC is vested in a Board of Directors consisting of five members who each serve 6-year terms – the Comptroller of the Currency, the Director of the Consumer Financial Protection Bureau, and three members appointed by the President with advice and consent of the Senate. 12 U.S.C. §1821(a) and (b). The three members are the Chairman of the FDIC, the FDIC Vice Chairman, and an internal FDIC Director. 38 188 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) In September 2017, the FDIC transferred OCRM functions into the Division of Finance (“DOF”). The reorganization combined the OCRM and the Corporate Management Control (“CMC”) Branch into a newly-constituted Risk Management and Internal Controls Branch (“RMIC”) within DOF. The title of CRO will now be held by a Deputy Director in DOF. Currently, the Acting Deputy Director heads RMIC. The FDIC plans to select a permanent CRO in early 2018. As part of the 2017 reorganization, the FDIC also decided to use the existing Operating Committee as the focal point for the coordination of risk management at the FDIC, thus disbanding and replacing the ERC. The FDIC also maintains a framework to enhance awareness of external threats that may impact FDIC operations. The framework consists of Regional Risk Committees that review regional economic and banking trends; the Management Risk Roundtable that examines risks to the banking industry and the Deposit Insurance Fund; and the External Risk Forum that facilitates information sharing and awareness of risks facing the banking industry and the FDIC. We intend to conduct an evaluation of the effectiveness of the FDIC ERM Program. The FDIC should continue institutionalizing ERM and best practices outlined in OMB guidance. The FDIC Board of Directors, senior management, and individuals at every level throughout the FDIC should acknowledge, understand, and take ownership of current and emerging risks to the FDIC mission and be prepared to take steps to mitigate these risks. APPENDICES 189 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Acquisition Management and Oversight According to the GAO’s Framework for Assessing the Acquisition Function at Federal Agencies (2005), agencies should effectively manage their acquisition process in order to ensure that contract requirements are defined clearly and all aspects of contracts are fulfilled. 39 GAO noted that clear descriptions of contract requirements lead to the acquisition of goods and services at a fair price. Vague statements of work, however, can lead to miscommunication, uncertainty, delays, and increased costs. Agencies must properly oversee contractor performance and identify any deficiencies, as well ensure appropriate verification of expenditures. Over the last 10 years (2008 through 2017), the FDIC awarded more than 12,600 contracts totaling nearly $11.2 billion. The DOA ASB provides a wide range of contracting programs and services to support day-to-day operations at the FDIC. As shown in the chart below, the FDIC awarded $2.6 billion in contracts from January 2014 to December 2017. In addition, the FDIC budget for 2018 includes more than $457 million in contracting expenses for outside services. FDIC Contract Awards January 2014-December 2017 Total Value of Contract Awards $1,000,000,000 $900,000,000 $800,000,000 $700,000,000 $600,000,000 $500,000,000 $400,000,000 $300,000,000 $200,000,000 $100,000,000 $2014 2015 2016 2017 Source: FDIC Division of Administration Three divisions, DOA, the Division of Information Technology (“DIT”), and DRR, accounted for 96 percent ($2.5 billion) of all contract awards through DOA’s ASB between January 2014 and December 2017. DOA contracts for services such as security, facilities, and records management. DIT procures contracts for technology services, such as help desk personnel, GAO, Framework for Assessing the Acquisition Function at Federal Agencies (2005); See also, Testimony of GAO Assistant Comptroller General before the Subcommittee on Oversight and Investigations, U.S. House of Representatives (December 3, 1992). 39 190 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) computer systems design, and telecommunications. DRR is responsible for managing the resolution process, which involves a range of contracts to support the closing functions at failed institutions, and management and disposition of receivership assets. For example, DRR contracts include appraisal management services, credit card consulting, commercial loan servicing, and data management. Contracting Officers are responsible for ensuring the performance of all actions necessary for efficient and effective contracting, compliance with contract terms, and protection of the FDIC’s interests in all of its contractual relationships. In addition, FDIC program offices develop contract requirements, and program office Oversight Managers and Technical Monitors oversee the contractor’s performance and technical work. Oversight management involves monitoring contract expenses and ensuring that the contractor delivers the required goods or performs the work according to the delivery schedule in the contract. In Crisis and Response, An FDIC History, 2008-2013, the FDIC explained that contracting was an essential part of the FDIC’s failure resolution process during the financial crisis, but it was overtaxed early in the crisis. Specifically, staffing was thin, contract timeframes to approve new contracts or modify existing contracts were too long to support the volume of failures, and the FDIC had to rapidly hire and train Oversight Managers. We are initiating an evaluation to review FDIC’s current contract oversight program. The FDIC also must continue to ensure that its contractors and contracting personnel meet security and suitability standards for employment and access to sensitive information. In addition, contractors must meet criteria for integrity and fitness such as conflicts of interest, ethical responsibilities, and use of confidential information. 40 These security protections are important since the contractors have access to FDIC space and information and use FDIC equipment. Such information includes sensitive information related to bank closings as well as personally identifiable information for private citizens and FDIC employees. DOA’s Security and Emergency Preparedness Section, Personnel Security Unit, is responsible for establishing and implementing contractor personnel security policy, including evaluations, adjudications, approvals, and clearances, and ensuring appropriate background investigations are conducted on contractor personnel. 41 With regard to contracting for legal services, for the 4 years from 2014 through 2017, the FDIC’s Legal Division spent $364 million on outside counsel. The Legal Division has independent contracting authority and is excluded from FDIC procurement policies executed by ASB. The Legal Division contracts for services of outside counsel in areas such as bankruptcy and creditor’s rights; collections; environmental law; federal, state, and local taxation; foreclosures; 40 41 12 C.F.R. Part 366. FDIC Circular 1610.2, Personnel Security Policy and Procedures for FDIC Contractors. APPENDICES 191 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) real estate; and financial transactions. The Legal Division retains outside counsel through Legal Services Agreements that contain terms and conditions applicable to referrals of FDIC legal matters. The Legal Division assigns an Oversight Attorney (“OA”) responsible for all strategic and major tactical decisions associated with a matter. The OA also monitors progress against a case plan and budgets. The FDIC characterizes “large contracts” as those with award amounts exceeding $20 million or that require greater oversight based on the complex nature of the contract. As of January 2018, the FDIC had 11 large contracts between $20 and $112 million in value. Over the past 2 years, DRR and DIT oversaw a total of 540 contracts, each with a value of $1 million or more. In our OIG work, we have noted several shortcomings in contractor oversight, which can lead to delays and cost overruns. In our report, The FDIC’s Failed Bank Data Services Project (March 2017), we reviewed a 10-year, $295 million project related to the transition of the management of failed financial institution data from one contractor to another. Our review focused on transition costs of approximately $24.4 million. The audit concluded that transition milestones were not met, resulting in a one year delay. Further, transition costs, while less than projected in the approval, were greater than the initial estimates at contract inception, by $14.5 million. We concluded that the reasons for the increase were that the FDIC faced challenges related to defining contract requirements, coordinating contracting and program office personnel, and establishing implementation milestones. We reported that FDIC personnel did not fully understand the requirements for transitioning failed financial institution data and services to a new contractor, or communicate these requirements to bidders in a comprehensive transition plan as part the solicitation. Further, the FDIC did not establish clear expectations in the contract documents and did not implement a project management framework and plans. In addition, our OIG report on the FDIC’s Identity, Credential, and Access Management Program (2015), reviewed the FDIC’s Identity, Credential, and Access Management Program (“ICAM”) and identified significant issues or program risks. We found that the FDIC had not achieved its goal of issuing identity credentials (known as personal identity verification (PIV) cards) to all eligible employees and contractor personnel. The FDIC had not established appropriate governance to ensure the ICAM program’s success. The FDIC awarded an initial contract for $3.4 million to procure expertise and support for planning and implementing the credential program. We reported that the milestone goals for this project slipped by more than 2 years (from August 2014 to December 2016) and that the contract cost ceiling needed to be increased by $1.5 million — a 44 percent increase. We determined that these delays and cost overruns were the result of technical hurdles as well as unclear roles and responsibilities of the parties involved in governing the ICAM program. 192 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) In 2017, we conducted a Follow-on Audit of the FDIC’s Identity, Credential, and Access Management Program (June 2017) and found that the FDIC addressed the issues from the 2015 report but experienced considerable challenges that warranted management’s attention. For example, the FDIC had not established policies and procedures governing the management and use of PIV cards for physical and logical access. We also concluded that the FDIC did not maintain current, accurate, and complete contractor personnel data needed to manage PIV cards, and management had not finalized and approved a plan for retiring the FDIC’s legacy PIV card system. In response to recommendations made in OIG reports, the FDIC is taking actions to improve contract management and oversight. For example, 346 Oversight Managers and Technical Monitors received training, and ASB was developing an Oversight Manager refresher course during 2017. In a time of reduced budget and staff, the FDIC should continue efforts aimed at optimizing its use of contract resources by clearly defining work and deliverables, managing contract milestones, and overseeing contract expenditures. Taking those steps helps to ensure that the FDIC receives goods and services at a fair price and without undue delays and costly inefficiencies. APPENDICES 193 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Measuring Costs and Benefits of FDIC Regulations GAO’s report, Dodd-Frank Act Regulations: Implementation Could Benefit from Additional Analyses and Coordination (2011), recognizes that, while not required, many Federal financial regulators generally perform cost-benefit analysis when they propose a new rule. The Congressional Research Service (“CRS”) has recognized that the use of cost-benefit analysis may improve the quality and effectiveness of federal rules and minimize burden in its Cost-Benefit and Other Analysis Requirements in the Rulemaking Process (2014). On February 3, 2017, the President issued Executive Order 13772 that set forth seven core principles for Federal regulations governing U.S. financial institutions, including “make regulation[s] efficient, effective, and appropriately tailored.” As required by this Executive Order, the Department of the Treasury issued a report, A Financial System That Creates Economic Opportunities (June 2017), examining costs relating to compliance with regulations imposed on banks. This report recommended that financial regulatory agencies should conduct rigorous cost-benefit analysis and make greater use of proposed rulemaking to solicit public comment. While there is no formal requirement for financial regulators to conduct cost-benefits analysis for rulemaking, the FDIC generally conducts this analysis on its own initiative for proposed rules. In addition, the FDIC routinely solicits comments from the public for Notice of Proposed Rulemakings in accordance with the provisions of the Administrative Procedures Act , and because of the difficulty in obtaining quantitative data measuring regulatory costs and benefits, it considers such comments to be an important source of information. The FDIC has developed a framework for conducting analysis of regulations. According to the FDIC’s Statement of Policy on Development and Review of FDIC Regulations and Policies (updated December 2017), the agency “evaluate[s] benefits and costs based on available information, and consider[s] reasonable possible alternatives; the main alternatives should be described and analyzed for consistency with statutory or regulatory objectives, effectiveness, and burden on the public or industry.” Also, in 2015, the FDIC organized an Office of the Chief Economist and Regulatory Analysis within the Division of Insurance and Research, which, according to the FDIC, aims to provide consistency and rigor in its regulatory analysis. 42 The CRS report, Cost Benefit Analysis and Financial Regulator Rulemaking (2017), recognized that performing cost benefit analysis “can be useful in determining whether or not a regulation is beneficial. However, performing CBA [Cost Benefit Analysis] can be a difficult and timeconsuming process, and it produces uncertain results because it involves making assumptions The Federal Reserve also recently established a new office to analyze the impact of its regulations. (See Fed adds staff for new office dedicated to gauging economic impact of regulations, Politico Pro, January 18, 2018). 42 194 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) about future outcomes.” The CRS report also noted that cost benefit analysis, “for financial regulation is particularly challenging, due largely to the high degree of uncertainty over precise regulatory costs and outcomes.” The report identified three challenges to making accurate cost benefit analysis: (1) behavioral changes of people as they adapt to a new regulation, (2) quantification that must overcome uncertainty over the causal relationship between the regulation and outcomes, and (3) monetization, which is difficult for outcomes that do not have easily discernable monetary values. In addition, the Yale Law Journal published a review entitled Cost-Benefit Analysis of Financial Regulations Case Studies and Implications (2015), which examined select financial regulations. This review determined “that the capacity of anyone . . . to conduct qualified [Cost Benefit Analysis on Financial Regulations] with any real precision or confidence does not exist for important, representative types of financial regulation.” The review concluded that, “[t]oo many contestable assumptions are required for anyone producing or consuming guesstimate [Cost Benefit Analysis on Financial Regulations] to have any confidence in any specific estimate of costs or benefits, even if expressed in ranges or bounds.” Another CRS report, An Analysis of the Regulatory Burden on Small Banks (2015), noted that bank regulators, including the FDIC, generally did not quantify overall costs or benefits for 14 major rules issued in accordance with the Dodd-Frank Act requirements, although regulators did assess some costs associated with individual rules. The bank regulators quantified some costs for two rules and qualitatively discussed costs and benefits for three rules. The CRS did not identify any cost-benefit analysis for the other remaining rules. Similarly, GAO’s report, Dodd-Frank Regulations: Agencies’ Efforts to Analyze and Coordinate Their Recent Final Rules (2016), reviewed five major rules, one of which was issued by the FDIC, and found that regulators quantified some costs in all five rules. The FDIC rule was one of the two where some benefits were quantified. GAO cited earlier work that noted that bank regulators faced difficulties in quantifying benefits because financial regulatory concepts are complex and challenging to define and model; research methodologies do not necessarily address economic values and the distribution of risk; and flows of future costs and benefits can be uncertain and difficult to project. 43 For these reasons, the FDIC faces challenges with proper data collection and lack of available information with respect to measuring costs and identifying benefits for a particular rule. In responses to the GAO report, regulators advised GAO that there are industry concerns about the potential for unintended consequences from Dodd-Frank Act rulemaking and 43 Dodd-Frank Regulations: Regulators’ Analytical and Coordination Efforts (2014). APPENDICES 195 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) implementation and were undertaking retrospective reviews of rules. For example, in February 2016, the FDIC issued a proposed rule on Recordkeeping for Timely Deposit Insurance Determination. The FDIC experienced challenges in quantifying the costs and benefits of this rule. The FDIC had engaged an independent contracting firm to estimate the expected costs that 36 large banks would incur as a result of the proposed rule requiring such banks to calculate insured deposits within 24 hours of failure. The contractor estimated that the cost to the industry was $328 million (80 cents per deposit account). The FDIC found, however, that the benefits of the rule were difficult to determine, explaining that “[b]ecause there is no market in which the value of these public benefits can be determined, it is not possible to monetize these benefits.” During the comment period for this rule, the American Bankers Association, Clearinghouse Association, Consumer Bankers Association, and Securities Industry and Financial Markets Association provided comments that outlined numerous concerns about the proposed rule. One such concern was that the FDIC had not adequately considered the costs the rule would place on financial intermediaries, the disruption that it would cause in deposit markets, and the risk that it would place on the security of depositors’ personal information. The associations further stated that the FDIC contractor had underestimated the actual implementation costs of the rule and did not contemplate ongoing costs to the institutions. In addition, the associations asserted that the FDIC did not fully consider that the increased costs would likely be passed on to customers at the institutions. They also noted that “the FDIC has a responsibility to provide concrete evidence to support the purported benefits” of the rule and “conduct a full-fledged cost-benefit analysis.” After evaluating public comments on the proposed rule, the FDIC issued a final rule with a revised total cost of $478 million in which the cost to the covered institutions was estimated at $368 million with the remaining costs accrued to depositors and the FDIC. In the final rule, the FDIC stated that the rule would ensure “prompt and efficient deposit insurance determinations by the FDIC and thus the liquidity of deposit funds; enabl[e] the FDIC to more readily resolve a failed [Insured Depository Institution]; reduc[e] the costs of failure of a covered institution by increasing the FDIC’s resolution options; and promot[e] long term stability in the banking system by reducing moral hazard.” The FDIC further advised us that the estimated costs of implementation would amount to less than one seventh of one percent of 2015 total noninterest expenses for institutions required to implement the rule. The FDIC engages in a regulatory review process at least every 10 years, in accordance with the Economic Growth and Regulatory Paperwork Reduction Act. This process considers whether any of the FDIC’s regulations are outdated, unnecessary, or unduly burdensome. In addition, in 196 APPENDICES 2017 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) 2009, the FDIC established an Advisory Committee on Community Banking to provide advice and guidance on policy issues impacting small community banks, including current examination policies and procedures, credit and lending practices, deposit insurance assessments, insurance coverage, and regulatory compliance, including the cost and benefit of regulations. Community banks include rural and urban institutions supervised by the FDIC. Further, in 2012, the FDIC conducted a Community Banking Study to identify and explore issues and questions about community banks. The Study found a number of areas warranting additional FDIC research, including how regulatory costs for community banks have changed. As part of its Annual Performance Plan for 2017, the FDIC committed to follow up on issues identified in the Study relating to efficiency, consistency, and transparency of its supervisory processes. While the FDIC aims to conduct cost-benefit analyses for proposed rules, it faces challenges in collecting the necessary data and information, and estimating the costs and benefits of its regulations with a degree of precision. The FDIC should continue efforts to make meaningful cost-benefit determinations because regulations have lasting effects on institutions and consumers. APPENDICES 197 ANNUAL REPORT E. ACRONYMS AEI Alliance for Economic Inclusion DFA Dodd-Frank Act AFS Available-For-Sale DIF Deposit Insurance Fund AIG American International Group, Inc. DIR Division of Insurance and Research AML Anti-Money Laundering DIT Division of Information Technology AML/CFT Anti-Money Laundering and Countering the Financing of Terrorism DOA Division of Administration ASBA Association of Supervisors of Banks of the Americas DRR Designated Reserve Ratio DRR (FDIC) Division of Resolutions and Receiverships ASC Accounting Standards Codification EC European Commission ASU Accounting Standards Update EDIE Electronic Deposit Insurance Estimator BCBS Basel Committee on Banking Supervision EGRPRA BoA Bank of America Economic Growth and Regulatory Paperwork Reduction Act of 1996 BSA Bank Secrecy Act ERM Enterprise Risk Management Call Report Consolidated Reports of Condition and Income FASB Financial Accounting Standards Board FBIIC Financial and Banking Information Infrastructure Committee FBO Foreign Bank Organization FDI Act Federal Deposit Insurance Act FDIC Federal Deposit Insurance Corporation CAMELS rating scale Capital adequacy; Asset quality; Management quality; Earnings; Liquidity; Sensitivity to market risks CAT Cybersecurity Assessment Tool FEHB Federal Employees Health Benefits CCP Central Counterparties FERS Federal Employees Retirement System CDFI Community Development Financial Institution FFB Federal Financing Bank FFIEC CECL Current Expected Credit Losses Federal Financial Institutions Examination Council CEO Chief Executive Officer FFMIA CEP Corporate Employee Program Federal Financial Management Improvement Act CFI Complex Financial Institution FHLB Federal Home Loan Banks CFO Act Chief Financial Officers’ Act FICO Financing Corporation CFPB Consumer Financial Protection Bureau FIL Financial Institution Letter CFR Center for Financial Research Fintech Financial Technology CFTC Commodity Futures Trading Commission FIRREA CIO Chief Information Officer Financial Institutions Reform, Recovery Enforcement Act CMG Crisis Management Group FIS Financial Institution Specialists CMP Civil Money Penalty FISMA Federal Information Security Management Act ComE-IN Advisory Committee on Economic Inclusion FMFIA Federal Managers’ Financial Integrity Act CPI-U Consumer Price Index for All Urban Consumers FMSP Financial Management Scholars Program FRB CRA Community Reinvestment Act Board of Governors of the Federal Reserve System CRE Commercial Real Estate FRF FSLIC Resolution Fund CSF Cybersecurity Framework FSB Financial Stability Board CSRS Civil Service Retirement System FS-ISAC DCP Division of Consumer Protection Financial Services Information Sharing and Analysis Center 198 APPENDICES 2017 FSLIC Federal Savings and Loan Insurance Corporation OMB U.S. Office of Management and Budget FSOC Financial Stability Oversight Council OMWI Office of Minority and Women Inclusion FTE Full-Time Employee OO Office of the Ombudsmen GAAP Generally Accepted Accounting Principles OPM Office of Personnel Management GAO U.S. Government Accountability Office ORE Owned Real Estate GDP Gross Domestic Product OTS Office of Thrift Supervision GECC General Electric Capital Corporation, Inc. P&A Purchase and Assumption GPRA Government Performance and Results Act PIV Personal Identity Verification G-SIBs Global Systemically Important Banks PRU Prudential Incorporation G-SIFI Global SIFIs QBP Quarterly Banking Profile HMDA Home Mortgage Disclosure Act QFC Qualified Financial Contracts IADI International Association of Deposit Insurers REMA Reasonably Expected Market Area IDI Insured Depository Institution ReSG FSB’s Resolution Steering Committee IMF International Monetary Fund RMIC Risk Management and Internal Controls IMFB IndyMac Federal Bank RMS Division of Risk Management Supervision InTREx Information Technology Risk Examination Program RTC Resolution Trust Corporation SBA Small Business Administration IT Information Technology SEC Securities and Exchange Commission ITCIP Insider Threat and Counterintelligence Program SIFI Systemically Important Financial Institution SLA Shared-Loss Agreement ITSP Information Technology Strategic Plan SME Subject Matter Expert LIDI Large Insured Depository Institution SMS Systemic Monitoring System LLC Limited Liability Company SNC Shared National Credit Program MDI Minority Depository Institutions SRAC Systemic Resolution Advisory Committee MOL Maximum Obligation Limitation SRR SIFI Risk Report MOU Memoranda of Understanding SRB Single Resolution Board MRM Model Risk Management SSGN Structured Sale of Guaranteed Note MRBA Matters Requiring Board Attention TIPS Treasury Inflation-Protected MWOB Minority- and Women-Owned Business TSP Federal Thrift Savings Plan NCUA National Credit Union Administration NPR Notice of Proposed Rulemaking NSFR Net Stable Funding Ratio OCC Office of the Comptroller of the Currency OCRM Office of Corporate Risk Management OIG Office of the Inspector General OLA Orderly Liquidation Authority OLF Orderly Liquidation Fund TSP (IT-related) Technology Service Providers UBPR Uniform Bank Performance Report URSIT Uniform Rating System for Information Technology VIEs Variable Interest Entities WE Workplace Excellence WIOA Workforce Investment Opportunity Act YSP Youth Savings Program APPENDICES 199 N OT E S 2017 Federal Deposit Insurance Corporation This Annual Report was produced by talented and dedicated staff. To these individuals, we would like to offer our sincere thanks and appreciation. Special recognition is given to the following for their contributions: ❏❏ Jannie F. Eaddy ❏❏ Barbara A. Glasby ❏❏ Pamela A. Brownfield ❏❏ Financial Reporting Section Staff ❏❏ Division and Office Points-of-Contact FEDERAL DEPOSIT INSURANCE CORPORATION H H H 550 17th Street, N.W. Washington, DC 20429-9990 www.fdic.gov FDIC-003-2018 H H H