The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.
FEDERAL DEPOSIT INSURANCE CORPORATION 2019 ANNUAL REPORT THIS PAGE INTENTIONALLY LEFT BLANK FEDERAL DEPOSIT INSURANCE CORPORATION 2019 ANNUAL REPORT ANNUAL REPORT FEDERAL DEPOSIT INSURANCE CORPORATION 550 17th Street NW, Washington, DC 20429 OFFICE OF THE CHAIRMAN February 13, 2020 Dear Sir/Madam, The Federal Deposit Insurance Corporation (FDIC) is pleased to submit its 2019 Annual Report (also referred to as the Performance and Accountability Report), which includes the audited financial statements of the Deposit Insurance Fund and the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund. This report is produced in accordance with: ♦ Section 17(a) of the Federal Deposit Insurance Act, ♦ the Chief Financial Officers Act of 1990, Public Law 101-576, ♦ the Government Performance and Results Act of 1993 (as amended) and the GPRA Modernization Act of 2010, ♦ Section 5 (as amended) of the Inspector General Act of 1978, ♦ the Reports Consolidation Act of 2000, and ♦ the Fraud Reduction and Data Analytics Act of 2015. In accordance with the Reports Consolidation Act of 2000, the FDIC assessed the reliability of the performance data contained in this report. We found no material inadequacies and the data are considered to be complete and reliable. Based on internal management evaluations, and in conjunction with the results of independent financial statement audits, we can provide reasonable assurance that the objectives of Section 2 (internal controls) and Section 4 (financial management systems) of the Federal Managers’ Financial Integrity Act of 1982 have been achieved, and that the FDIC has no material weaknesses. We are committed to maintaining effective internal controls corporate-wide in 2020. Sincerely, Jelena McWilliams Chairman The President of the United States The President of the United States Senate The Speaker of the United States House of Representatives 2 2019 TA B L E O F C O N T E N T S Mission, Vision, and Values........................................................................................................................................... 4 Message from the Chairman......................................................................................................................................... 5 Message from the Chief Financial Officer.................................................................................................................... 9 FDIC Senior Leaders.................................................................................................................................................... 10 In Memoriam..................................................................................................................................................................11 I. Management’s Discussion and Analysis.......................................................................................................... 13 Overview................................................................................................................................................................................... 15 Deposit Insurance...................................................................................................................................................................... 15 Supervision ............................................................................................................................................................................... 16 Supervision Policy..................................................................................................................................................................... 23 Innovation/Financial Technology .............................................................................................................................................. 28 Community Banking Initiatives................................................................................................................................................ 30 Activities Related to Large and Complex Financial Institutions................................................................................................. 34 Depositor and Consumer Protection......................................................................................................................................... 37 Failure Resolution and Receivership Management..................................................................................................................... 44 Information Technology............................................................................................................................................................ 46 Diversity and Inclusion.............................................................................................................................................................. 47 International Outreach ............................................................................................................................................................. 49 Effective Management of Strategic Resources............................................................................................................................. 50 II. Performance Results Summary........................................................................................................................ 53 Summary of 2019 Performance Results by Program.................................................................................................................. 55 Performance Results by Program and Strategic Goal.................................................................................................................. 55 Prior Years’ Performance Results................................................................................................................................................ 65 III. Financial Highlights............................................................................................................................................ 79 Deposit Insurance Fund Performance........................................................................................................................................ 81 IV. Budget and Spending......................................................................................................................................... 85 FDIC Operating Budget........................................................................................................................................................... 87 2019 Budget and Expenditures by Program .............................................................................................................................. 88 Investment Spending................................................................................................................................................................. 89 V. Financial Section................................................................................................................................................ 91 Deposit Insurance Fund (DIF).................................................................................................................................................. 92 FSLIC Resolution Fund (FRF)................................................................................................................................................ 106 Government Accountability Office Auditor’s Report............................................................................................................... 113 Management’s Report on Internal Control over Financial Reporting....................................................................................... 118 Management’s Response to the Auditor’s Report...................................................................................................................... 119 VI. Risk Management and Internal Controls........................................................................................................ 121 Program Evaluation................................................................................................................................................................. 123 Fraud Reduction and Data Analytics Act of 2015.................................................................................................................... 124 Management Report on Final Actions..................................................................................................................................... 124 VII. Appendices....................................................................................................................................................... 129 A. Key Statistics....................................................................................................................................................................... 131 B. More About the FDIC........................................................................................................................................................ 145 C. Office of Inspector General’s Assessment of the Management and Performance Challenges Facing the FDIC..................... 154 D. Acronyms and Initialisms................................................................................................................................................... 192 ANNUAL REPORT 3 MI SS IO N , V ISION, AND VA LUES MISSION The Federal Deposit Insurance Corporation (FDIC) is an independent agency created by the Congress to maintain stability and public confidence in the nation’s financial system by: ♦ Insuring deposits, ♦ Examining and supervising financial institutions for safety and soundness and consumer protection, ♦ Making large and complex financial institutions resolvable, and ♦ Managing receiverships. VISION The FDIC is a recognized leader in promoting sound public policies; addressing risks in the nation’s financial system; and carrying out its insurance, supervisory, consumer protection, resolution planning, and receivership management responsibilities. VALUES The FDIC and its employees have a tradition of distinguished public service. Six core values guide us in accomplishing our mission: Integrity We adhere to the highest ethical and professional standards. Competence We are a highly skilled, dedicated, and diverse workforce that is empowered to achieve outstanding results. Teamwork We communicate and collaborate effectively with one another and with other regulatory agencies. Effectiveness We respond quickly and successfully to risks in insured depository institutions and the financial system. Accountability We are accountable to each other and to our stakeholders to operate in a financially responsible and operationally effective manner. Fairness We respect individual viewpoints and treat one another and our stakeholders with impartiality, dignity, and trust. FEDERAL DEPOSIT INSURANCE CORPORATION 4 2019 ME S S A G E F RO M T H E C H A IR MAN Insurance Fund grew to over $110 billion at year end, and the reserve ratio increased to 1.41 percent as of the third quarter, the highest level since 1999. During 2019, 13 new banks opened their doors while only four banks failed, and the FDIC approved nine applications for deposit insurance. Over the past year, the FDIC has focused on three overarching goals: 1. Strengthening the banking system as it continues to evolve; 2. Tailoring regulations to ensure that our rules are commensurate with the risk profile of the institutions we supervise; and 3. Encouraging innovation at the FDIC and community banks. STRENGTHENING THE BANKING SYSTEM Over the past year, the FDIC has worked to strengthen the banking system by modernizing our approach to supervision and regulation. These efforts seek to enhance efficiency and transparency while maintaining the safety and soundness of the system. 2019 was my first full year as Federal Deposit Insurance Corporation (FDIC) Chairman, and I am proud of all that we have accomplished thanks to the hard work and dedication of the FDIC’s talented workforce. We continue to fulfill our vital mission to maintain stability and public confidence in the nation’s financial system by achieving high standards in all areas of operation: insuring deposits, examining and supervising financial institutions for safety and soundness and consumer protection, making large and complex financial institutions resolvable, and managing receiverships. The banking industry remains strong and well-positioned to support economic growth. In 2019, net income, net operating revenue, and loan growth were positive, and the number of banks on the FDIC’s problem bank list declined to its lowest level since 2007. The Deposit When I joined the agency, I asked staff to identify rules and regulations that have not been updated in 10 or more years. To have a strong financial system – and strong economic growth – banks must be able to meet the needs of consumers and businesses across the nation. This ability, in turn, requires that regulators modernize our rules as the industry evolves. Last year, we began a comprehensive review of our longstanding regulatory framework for brokered deposits, which was implemented in 1989. Those regulations have not been revised to meaningfully address the significant changes in technology, business models, and products across the financial services industry over those 30 years. Our review resulted in a proposal that would establish a new, transparent framework for determining what qualifies MESSAGE FROM THE CHAIRMAN 5 ANNUAL REPORT as a brokered deposit. These changes would have a real impact on how banks deliver products and services to consumers, including the more than 20 million unbanked Americans who could have greater access to banking services. We also worked with our regulatory partners to issue a proposal to modernize our regulations under the Community Reinvestment Act (CRA), which have not been substantively updated for nearly 25 years. The proposal, which seeks to encourage greater lending and investment in low- and moderate-income communities where there is significant need for credit, would clarify what activities qualify for CRA credit. In addition, the proposal would recognize the evolution of the banking system, including the emergence of digital banks, by adding a test to determine whether banks need to establish additional CRA assessment areas. We look forward to receiving feedback on these proposals as we work to improve and finalize them in 2020. With respect to supervision, FDIC examination teams are leveraging technology to reduce the amount of time they spend on-site at supervised institutions. This reduces the compliance burden for institutions – especially community banks – without sacrificing the quality of our supervision. We also took several steps to support de novo bank formation, including revamping our internal processes to provide more transparency and help organizers navigate the deposit insurance application process. The results we have seen thus far are encouraging with nine new deposit insurance applications approved in 2019 and 14 in 2018 – the largest numbers since 2008. In addition, we established two new subcommittees to our Community Bank Advisory Committee: ♦ Subcommittee on Supervision Modernization, comprised of bankers, technologists, former regulators, and legal experts to consider how the FDIC can improve the efficiency of the examination process; and ♦ Subcommittee on Minority Depository Institutions (MDIs), comprised of FDIC-regulated institutions to focus on the unique nature, needs and benefits of MDIs and a supervisory framework that can support them. TAILORING REGULATIONS As we continue to think about ways to strengthen the banking system, the appropriate calibration of our regulatory framework remains a top priority. It is critical that regulators continuously evaluate whether our rules are appropriately addressing risks in our financial system as the system itself and the regulated entities within it evolve over time. In 2019, the FDIC completed all of its statutorily mandated rules pursuant to the Economic Growth, Regulatory Relief, and Consumer Protection Act, including an interagency rule that establishes four riskbased categories for determining capital and liquidity requirements. This framework better aligns our regulatory requirements for large banks with their risk profiles, taking into account their size and complexity. In addition, we issued a rule to improve the efficiency and effectiveness of the resolution planning process. Under both rules, the largest, most systemically important institutions remain subject to the most stringent standards, and requirements for all other institutions are tiered based on each bank’s risk profile. Simultaneously, we are taking steps to reduce regulatory burden at community banks, recognizing that community bankers should focus more time on the business of banking and less time navigating complex regulatory issues. In November, we issued a rule that establishes a simple leverage ratio for qualifying community banks. The rule provides meaningful regulatory compliance burden relief by allowing these banks to avoid complex risk-based capital calculations and reporting. In addition, we issued a rule that simplifies the Call Report for community banks and expands eligibility to file the streamlined Call Report. FOSTERING INNOVATION Perhaps no issue is more important – or more central to the future of banking – than technological innovation. Regulators must be proactive in engaging with all stakeholders, including banks, consumer groups, trade associations, and technology companies to understand and help foster the safe adoption of technology across the banking system, especially at community banks. The cost of innovation and regulatory uncertainty are the two primary hurdles that are keeping community banks from developing and utilizing new technologies. 6 MESSAGE FROM THE CHAIRMAN 2019 Partnerships with financial technology companies, or fintechs, can help community banks overcome the first hurdle, but in order for them to overcome the second, the FDIC must ensure that our regulatory framework enables those partnerships. In 2019, we established a new office – the FDIC Tech Lab, or FDiTech – to address these issues. FDiTech’s goal is to eliminate regulatory uncertainty through engagement and technical assistance, while encouraging the market to develop technology that improves the operations of financial institutions. Through events like tech sprints and pilot programs, FDiTech will collaborate with banks and technology companies to tackle difficult challenges facing the financial services industry and the FDIC. Importantly, FDiTech will also engage directly with community banks to discuss how technological developments could impact their businesses. As part of this effort and to further expand on the efforts of the Subcommittee on Supervision Modernization, we plan to host a series of community bank-focused roundtables that will bring bankers together with technologists and technology service providers. It is my goal that the FDIC lays the foundation for the next chapter of banking by encouraging innovation that meets consumer demand, promotes community banking, reduces compliance burdens, and modernizes our supervision. commitment to diversity and inclusion, we have created an executive-level taskforce on diversity to help to ensure our recruiting resources, hiring decisions, interviewing processes, retention efforts, and advancement pools reflect a purposeful and intentional effort to leverage diversity to maintain a high-performing workforce. The racial and gender diversity of the FDIC workforce continues to increase, and we will work to consistently improve diversity at all levels of the agency, fostering an environment without barriers in which all employees feel welcomed, valued, respected, and engaged. LOOKING AHEAD When I joined the FDIC, I committed to visiting all 50 states to engage with bankers, state regulators, and consumers on their own turf. Through the end of 2019, I had visited 28 states and received invaluable feedback regarding the challenges banks face in different parts of the country. In 2020, we will continue to advance the goals of strengthening our banking system, fostering innovation, and ensuring that banks can meet the needs of businesses and consumers across the nation. These are ambitious goals, and I know that the dedicated employees of the FDIC will rise to the challenge. I remain honored to serve alongside the men and women of the FDIC who endeavor every day to fulfill our vital mission. Sincerely, PROMOTING DIVERSITY AND INCLUSION My personal and professional experiences have underscored the importance of a workplace that is free from discrimination and that supports diversity and inclusion. In furtherance of the FDIC’s longstanding Jelena McWilliams MESSAGE FROM THE CHAIRMAN 7 THIS PAGE INTENTIONALLY LEFT BLANK 2019 M E S S A GE F R O M T H E C H I E F F I N A N C IA L O F F IC E R I am pleased to present the FDIC’s 2019 Annual Report, which covers financial and program performance information and summarizes our successes for the year. For 28 consecutive years, the U.S. Government Accountability Office has issued unmodified audit opinions for the two funds administered by the FDIC: the Deposit Insurance Fund (DIF) and the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund (FRF). We take pride in our accomplishments and continue to consistently demonstrate discipline and accountability as stewards of these funds. We remain proactive in the execution of sound financial management and in providing reliable and timely financial data to enhance decision-making. 2019 FINANCIAL AND PROGRAM RESULTS The DIF balance rose to a record $110.3 billion as of December 31, 2019, compared to the year-end 2018 balance of $102.6 billion. The Fund balance increase was primarily due to assessment revenue, earnings on investments, and reductions in losses from prior year failures. Four insured financial institutions failed in 2019, with total assets of $209 million. The DIF U.S. Treasury securities investment portfolio balance was $100.1 billion as of December 31, 2019, an increase of $7.4 billion over the year-end 2018 portfolio balance of $92.7 billion. Interest revenue on DIF investments was $2.1 billion for 2019, compared to $1.6 billion for 2018. In 2019, the FDIC continued to reduce operating costs. The FDIC Operating Budget for 2019 totaled approximately $2.04 billion—a decrease of $49 million (2.3 percent) from 2018. Actual 2019 spending totaled approximately $1.86 billion. The FDIC Board of Directors recently approved a 2020 FDIC Operating Budget totaling $2.02 billion, down $26 million (1.3 percent) from the 2019 budget. Including 2020, the annual operating budget has declined for ten consecutive years, consistent with a steadily declining workload. The FDIC also continues to reduce staffing levels as internal resource needs are realigned to reflect banking industry changes and conditions. The FDIC’s authorized full-time equivalent staffing dropped from 6,083 in 2018 to 5,915 in 2019, a 2.8 percent reduction. Authorized staffing for 2020 is 5,755 full-time equivalent positons, a 2.7 percent reduction from 2019. The FDIC continued to implement its enterprise risk management (ERM) program in 2019 by communicating a risk appetite statement to all employees, developing a corporate risk profile and risk inventory, and initiating an ERM training program. We will continue to enhance the ERM program in 2020 through regional office outreach and by further integrating the program into the FDIC’s strategic planning and budgeting processes. I appreciate the FDIC professionals who plan, execute, and account for the agency’s resources. Their commitment to ensuring sound financial management provides the foundation for our strong stewardship and ensures reliable financial information is available to our stakeholders. Sincerely, Bret D. Edwards MESSAGE FROM THE CHIEF FINANCIAL OFFICER 9 ANNUAL REPORT F D I C SE N IO R L E A D E R S Seated (left to right): Howard G. Whyte, Bret D. Edwards, Director Martin J. Gruenberg, Chairman Jelena McWilliams, Arleas Upton Kea, Arthur J. Murton, and Doreen R. Eberley. Standing 1st Row (left to right): Mark E. Pearce, Kymberly K. Copa, Zachary N. Brown, Jay N. Lerner, Chad Davis, Ricardo Delfin, Nicholas Podsiadly, and Brandon Milhorn. 2nd Row (left to right): Suzannah L. Susser, Diane Ellis, Russell G. Pittman, Saul Schwartz, M. Anthony Lowe, Robert D. Harris, and Andy Jiminez. Not pictured: Maureen E. Sweeney and Amy C. Thompson. 10 FDIC SENIOR LEADERS 2019 I N ME MOR IA M ANDREW C. HOVE in as Vice Chairman in 1990 against the backdrop of the banking and savings and loan crises, he also served as Acting Chairman three times. Throughout, Mr. Hove steered the FDIC into safer waters, prompting stability not only within the financial services industry, but within the FDIC itself. Mr. Hove brought three decades of experience as a community banker to the FDIC, and guided the Corporation from the perilous depths of the dual crises to a period of recovery for both industries. Under his leadership as Acting Chairman, the FDIC’s Bank Insurance Fund recovered from a $7 billion deficit in 1991 to reach nearly $22 billion in 1994. We at the FDIC were saddened by the August 18, 2019, passing of Andrew C. Hove, former FDIC Vice Chairman. Mr. Andrew “Skip” Hove served as the FDIC’s first Vice Chairman and as its longest-serving Acting Chairman during the years of the banking and savings and loan crises and their aftermath. Mr. Hove demonstrated calm, thoughtful, decisive, and collegial leadership throughout his FDIC tenure. Sworn Mr. Hove also prevented a potential panic during the 1992 election cycle, when fears of a “December surprise” —that a meltdown in the banking industry similar to what had occurred in the savings and loan industry would follow the November election—began to mount. To counter such fears, Mr. Hove pre-emptively led a public information campaign to assure Congress, the media, and depositors that the banking industry had in fact turned a corner. Mr. Hove was proven right; no meltdown occurred. A downward spiral in public confidence had been averted. Vice Chairman Hove was honored for his years of service and his enthusiastic support of training and education when the FDIC dedicated the Hove Auditorium at Virginia Square. He was admired as a man of integrity, honesty, wisdom, kindness, modesty, and generosity. He was a public servant in the truest sense of the word. The FDIC mourns the loss of a faithful public servant. IN MEMORIAM 11 THIS PAGE INTENTIONALLY LEFT BLANK I. MANAGEMENT'S DISCUSSION AND ANALYSIS THIS PAGE INTENTIONALLY LEFT BLANK 2019 OVERVIEW During 2019, the FDIC continued to fulfill its missioncritical responsibilities. In addition, the agency is working to further strengthen the banking system, modernize its approach to supervision, and increase transparency surrounding its programs. The FDIC also continued to engage in several community banking and community development initiatives. assessment rates that will become effective when the reserve ratio exceeds 2.0 percent and 2.5 percent. State of the Deposit Insurance Fund Cybersecurity remained a high priority for the FDIC in 2019; the agency worked to strengthen infrastructure resiliency, enhance data governance, help financial institutions mitigate risk, and respond to cyber threats. This Annual Report highlights these and other accomplishments during the year. Four small institutions with total assets of $209 million failed in 2019. Despite these failures, the fund balance continued to grow through 2019, as it has every quarter after the end of 2009. Assessment revenue was the primary contributor to the increase in the fund balance, while earnings on investments, unrealized gains on investment securities held by the DIF, and a reduction in losses from past failures were also significant contributors to growth in 2019. The fund reserve ratio rose to 1.41 percent at September 30, 2019, from 1.36 percent a year earlier. DEPOSIT INSURANCE Minimum Reserve Ratio As insurer of bank and savings association deposits, the FDIC must continually evaluate and effectively manage how changes in the economy, financial markets, and banking system affect the adequacy and the viability of the Deposit Insurance Fund (DIF). Section 334 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act), which increased the minimum reserve ratio of the DIF from 1.15 percent to 1.35 percent, mandates that the reserve ratio reach that level by September 30, 2020. Long-Term Comprehensive Fund Management Plan In 2010 and 2011, the FDIC developed a comprehensive, long-term DIF management plan designed to reduce the effects of cyclicality and achieve moderate, steady assessment rates throughout economic and credit cycles, while also maintaining a positive fund balance, even during a banking crisis. Under the long-term DIF management plan, to increase the probability that the fund reserve ratio (the ratio of the fund balance to estimated insured deposits) would reach a level sufficient to withstand a future crisis, the FDIC Board set the Designated Reserve Ratio (DRR) of the DIF at 2.0 percent. The FDIC views the 2.0 percent DRR as a long-term goal and the minimum level needed to withstand future crises of the magnitude of past crises. In December 2019, the Board voted to maintain the 2.0 percent ratio for 2020. Additionally, as part of the long-term DIF management plan, the FDIC has suspended dividends indefinitely when the fund reserve ratio exceeds 1.5 percent. In lieu of dividends, the plan prescribes progressively lower To achieve this ratio, the FDIC imposed surcharges on the quarterly assessments of insured depository institutions (IDIs) with total consolidated assets of $10 billion or more (i.e., large banks). The surcharge equaled an annual rate of 4.5 basis points applied to an institution’s regular quarterly deposit insurance assessment base after subtracting $10 billion, with additional adjustments for banks with affiliated IDIs. As of September 30, 2018, the reserve ratio exceeded the required minimum of 1.35 percent, and the surcharges were suspended. Application of Small Bank Assessment Credits Because the Dodd-Frank Act mandates that the FDIC offset the effect of the increase in the reserve ratio on small banks (i.e., banks with assets less than $10 billion), these banks were exempt from the surcharges. Also in accordance with the Dodd-Frank Act, FDIC regulations provide assessment credits to small banks for the portion of their regular assessments that contributed to growth in the reserve ratio between 1.15 percent and 1.35 percent. The FDIC awarded these banks an aggregate amount of approximately $765 million in credits after the reserve M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 15 ANNUAL REPORT ratio surpassed 1.35 percent as of September 30, 2018. The FDIC notified all eligible banks of their respective assessment credit amounts in January 2019. FDIC regulations provide that the FDIC will automatically apply assessment credits to reduce a small bank’s regular assessment up to the entire amount beginning in the first assessment period in which the reserve ratio is at least 1.38 percent. The reserve ratio increased to 1.40 percent as of June 30, 2019, thereby exceeding 1.38 percent for the first time since small bank assessment credits were awarded, and was 1.41 percent as of September 30, 2019. As a result, the FDIC automatically applied approximately $559 million of small bank assessment credits to offset banks’ second and third quarter 2019 assessments. After applying these credits, $206 million in small bank credits remain. In November 2019, the FDIC approved a final rule amending the deposit insurance assessment regulations that govern the use of small bank assessment credits and one-time assessment credits (OTACs) by certain IDIs.1 Under the final rule, the FDIC will apply small bank assessment credits to quarterly deposit insurance assessments as long as the DIF reserve ratio is at least 1.35 percent (instead of, as originally provided, 1.38 percent). In addition, after small bank assessment credits have been applied for four quarterly assessment periods, and as long as the reserve ratio is at least 1.35 percent, the FDIC will remit the full nominal value of any remaining small bank assessment credits and OTACs in lump-sum payments to each IDI holding such credits in the next assessment period. SUPERVISION Supervision and consumer protection are cornerstones of the FDIC’s efforts to ensure the stability of, and public confidence in, the nation’s financial system. The FDIC’s supervision program promotes the safety and soundness of FDIC-supervised financial institutions, protects consumers’ rights, and promotes community investment initiatives. Examination Program The FDIC’s strong bank examination efforts are at the core of its supervisory program. As of December 31, 2019, the FDIC was the primary federal regulator for 3,347 FDIC-insured, state-chartered institutions that were not members of the Federal Reserve System (generally referred to as “state nonmember” institutions). Through risk management (safety and soundness), consumer compliance, Community Reinvestment Act (CRA), and other specialty examinations, the FDIC assesses an institution’s operating condition, management practices and policies, and compliance with applicable laws and regulations. As of December 31, 2019, the FDIC conducted 1,458 statutorily required risk management examinations, including reviews of Bank Secrecy Act (BSA) compliance, and all required follow-up examinations for FDICsupervised problem institutions, within prescribed time frames. The FDIC also conducted 1,147 statutorily required CRA/consumer compliance examinations (933 joint CRA/consumer compliance examinations, 210 consumer compliance-only examinations, and four CRAonly examinations). In addition, the FDIC performed 3,270 specialty examinations (which include reviews for BSA compliance) within prescribed time frames. The table on the following page illustrates the number of examinations by type, conducted from 2017 through 2019. Risk Management All risk management examinations have been conducted in accordance with statutorily-established time frames. As of September 30, 2019, 55 insured institutions with total assets of $48.8 billion were designated as problem institutions—defined as those institutions having a composite CAMELS2 rating of 4 or 5—for safety and soundness purposes. By comparison, on September 30, 2018, there were 71 problem institutions with total assets of $53.3 billion. This represents a 23 percent decline in the number of problem institutions and an 8 percent decrease in problem institution assets. The Federal Deposit Insurance Reform Act of 2005 (FDI Reform Act) required the FDIC to provide OTACs to IDIs that existed on December 31, 1996, and paid a deposit insurance assessment prior to that date, or that were successors to such an institution. The purpose of the OTAC, which was described as a “transitional” credit when it was enacted, was to recognize the contributions that certain institutions made to capitalize the Bank Insurance Fund and Savings Association Insurance Fund, which had been recently merged into the DIF. 1 2 The CAMELS composite rating represents an institution's adequacy of Capital, quality of Assets, capability of Management, quality and level of Earnings, adequacy of Liquidity, and Sensitivity to market risk, and ranges from “1” (strongest) to “5” (weakest). 16 M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 FDIC EXAMINATIONS Risk Management (Safety and Soundness): State Nonmember Banks Savings Banks State Member Banks Savings Associations National Banks Subtotal–Risk Management Examinations CRA/Consumer Compliance Examinations: Consumer Compliance/Community Reinvestment Act Consumer Compliance-only CRA-only Subtotal–CRA/Compliance Examinations Specialty Examinations: Trust Departments Information Technology and Operations Bank Secrecy Act Subtotal–Specialty Examinations TOTAL For the 12 months ended September 30, 2019, 28 institutions with aggregate assets of $4.5 billion were removed from the list of problem financial institutions, while 12 institutions with aggregate assets of $1.6 billion were added to the list. The FDIC is the primary federal regulator for 39 of the 55 problem institutions, with total assets of $4.4 billion. In 2019, the FDIC’s Division of Risk Management Supervision (RMS) initiated 100 formal enforcement actions and 119 informal enforcement actions. Enforcement actions against institutions included, but were not limited to, 17 actions under Section 8(b) of the Federal Deposit Insurance Act (FDI Act), one of which was a notice of charges, three civil money penalties (CMPs), and 83 memoranda of understanding (MOUs). Of these enforcement actions against institutions, five consent orders, three CMPs and 18 MOUs were based, in whole or in part, on apparent violations of BSA and anti-money laundering (AML) laws and regulations. In addition, enforcement actions were also initiated against individuals. These actions included, but were not limited to, 34 removal and prohibition actions under Section 8(e) of the FDI Act (33 consent orders and one notice of intention to remove/prohibit), five actions under Section 2019 2018 2017 1,310 1,333 1,440 148 159 171 0 0 0 0 0 0 0 0 0 1,458 1,492 1,611 933 876 770 210 337 393 4 2 5 1,147 1,215 1,168 313 308 347 1,466 1,503 1,627 1,491 1,523 1,640 3,270 3,334 3,614 5,875 6,041 6,393 8(b) of the FDI Act, and 10 CMPs, (nine orders to pay restitution and one notice of assessment), including two CMPs related to BSA. The FDIC conducts risk examination through a riskfocused, forward-looking supervision program. The objective of a risk-focused examination is to evaluate the safety and soundness of the financial institution by assessing its risk management systems, financial condition, and compliance with applicable laws and regulations, while focusing on the bank’s highest risks. The riskfocused examination process seeks to strike an appropriate balance between evaluating the condition of an institution at a certain point in time and evaluating the soundness of the institution’s processes for managing risk in all phases of the economic cycle. By evaluating an institution’s risk management practices, examiners look beyond the financial condition of a bank at a point in time, to how well it can respond to changing market conditions given its particular risk profile. Examiners communicate their views about changes needed in its practices, operations or financial condition through supervisory recommendations, including Matters Requiring Board Attention (MRBA). A M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 17 ANNUAL REPORT principal purpose of supervisory recommendations is to communicate supervisory concerns to a bank so that it can make appropriate changes in its practices, operations, or financial condition and thereby avoid more formal remedies in the future, such as enforcement actions. RMS tracks bank managements’ responsiveness to MRBAs through examination follow up activities. For example, in 2019, a total of 312 institutions were assigned a composite CAMELS rating of 2 and had MRBAs identified in the examination reports. To ensure that MRBAs are being appropriately addressed at these institutions, the FDIC timely reviews progress reports and follows up with bank management as needed. More specifically, within six months of issuing the examination reports, the FDIC conducted appropriate follow up and review of these MRBAs at 301 (96.5 percent) of these institutions. Follow up and review of the MRBAs at the remaining 11 institutions (3.5 percent) occurred more than six months after issuing the examination reports primarily due to delayed responses from some banks, as well as the need for additional information in order to complete a full review. Consumer Compliance As of December 31, 2019, 36 insured state nonmember institutions (collectively, with total assets of $33 billion), about 1 percent of all supervised institutions, were problem institutions for consumer compliance, CRA, or both. All of the problem institutions for consumer compliance were rated “4” for consumer compliance purposes, with none rated “5.” For CRA purposes, the majority were rated “Needs to Improve”; only two were rated “Substantial Noncompliance.” As of December 31, 2019, all follow-up examinations for problem institutions were performed on schedule. As of December 31, 2019, the FDIC conducted and achieved all required consumer compliance and CRA examinations and, when violations were identified, completed follow-up visits and implemented appropriate enforcement actions in accordance with FDIC policy. In completing these activities, the FDIC achieved its internally established time standards for the issuance of final examination reports and enforcement actions. Overall, FDIC examiners concluded that the vast majority of FDIC-supervised institutions were rated satisfactory or better for consumer compliance and demonstrated the ability to maintain effective programs to manage their 18 consumer compliance responsibilities. Some noteworthy issues that emerged from 2019 consumer compliance examinations include continuing concerns about banks’ monitoring of third-party service providers and their implementation of the Truth in Lending Act (TILA) – Real Estate Settlement Procedures Act (RESPA) Integrated Disclosure Rule (TRID). The TRID implementation issues were the most frequently cited violations of TILA in 2019. In response, the FDIC developed and hosted a banker teleconference on Understanding the TRID Rule (see discussion under the Technical Assistance Program section). As of December 31, 2019, the FDIC’s Division of Depositor and Consumer Protection (DCP) initiated 19 formal enforcement actions and 15 informal enforcement actions to address consumer compliance examination findings. This included three consent orders to strengthen consumer compliance management systems, 16 CMPs, and 11 MOUs. The CMPs were issued against institutions to address violations of the Flood Disaster Protection Act, the RESPA, and Section 5 of the Federal Trade Commission Act for unfair or deceptive acts or practices. The CMP orders totaled in excess of $2.1 million. In addition to the consumer refunds resulting from the assistance provided by the FDIC’s Consumer Response Center (see discussion under the Consumer Complaints and Inquiries section), consumer compliance examination findings resulted in banks making voluntary restitution of approximately $4.7 million to over 19,000 consumers and TILA reimbursements of approximately $1.3 million to more than 6,000 consumers. Consumer Compliance Supervision Strategic Plan DCP has established a Supervision Strategic Plan to identify near-term initiatives that are aligned with long-term objectives. The Supervision Strategic Plan for consumer compliance is built around four pillars: Technology and Financial Innovation, Supervisory Efficiency, Emerging Risk Identification, and Communication Effectiveness. DCP established 20 key near-term initiatives in alignment with these pillars, and set forth strategies to leverage technology, expand industry engagement, and efficiently conduct risk-focused examination activities to pursue these initiatives. DCP will continue to advance these strategic priorities, and is updating the plan to reflect 2021 – 2024 initiatives and goals. Current development of plans for 2021 – 2024 initiatives will continue to advance strategic priorities. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 External stakeholders—in particular, community banks— will benefit from the plan through continued transparency in the supervisory process, which includes changes to examination report formats, access to information and resources, tools that will improve the exchange of data and documents with the FDIC, and increased engagement with the FDIC’s exceptionally knowledgeable and wellequipped examiners. Large Bank Supervision Program The Large Bank Supervision Branch (LBSB) within RMS addresses the growing complexity of large banking organizations with assets from $10 billion to $100 billion of all charters, plus all FDIC-supervised banks over $10 billion. This branch is responsible for supervisory oversight and ongoing monitoring, while supporting the insurance business line. For state nonmember banks with assets exceeding $10 billion, the FDIC generally applies a continuous examination program, whereby dedicated staff conduct ongoing on-site supervisory examinations and institution monitoring. The Large Insured Depository Institution (LIDI) Program remains the primary instrument for off-site monitoring of IDIs supervised by LBSB, as well as select banks supervised by the Division of Complex Institution Supervision and Resolution (CISR) where the FDIC has on-site examination staff. The LIDI Program provides a comprehensive process to standardize data capture and reporting for large and complex institutions nationwide, allowing for quantitative and qualitative risk analysis. In 2019, the LIDI Program covered 122 institutions with total assets of $6.8 trillion. The LIDI Program supports effective large bank supervision by using individual institution information to focus resources on higher-risk areas, determine the need for supervisory action, and support insurance assessments and resolution planning. The Shared National Credit (SNC) Program is an interagency initiative administered jointly by the FDIC, the Office of the Comptroller of the Currency (OCC), and the Federal Reserve Board (FRB) to promote consistency in the regulatory review of large, syndicated credits, as well as to identify risk in this market, which comprises a large volume of domestic commercial lending. In 2019, outstanding credit commitments identified in the SNC Program totaled $4.8 trillion. The FDIC, FRB, and OCC report the results of their review in an annual, joint public statement. In the third and fourth quarter of 2018, the LBSB completed a horizontal commercial loan underwriting review at 32 large FDIC-supervised institutions to further understand and assess recent commercial loan underwriting practices. In July 2019, the overall findings and observations from that review were shared via a letter to each covered bank’s Chief Executive Officer. Operational Risk Supervision Program Information Technology and Cybersecurity The FDIC examines information technology (IT), including cybersecurity, at each bank it supervises as part of the risk management examination. Examiners assign an IT rating using the Federal Financial Institutions Examination Council’s (FFIEC) Uniform Rating System for Information Technology (URSIT), and the IT rating is incorporated into the management component of the CAMELS rating, in accordance with the FFIEC’s Uniform Financial Institutions Rating System. During 2019, the FDIC collaborated with the FRB and state banking departments to enhance the Information Technology Risk Examination (InTREx) Program used to conduct financial institution IT examinations. For example, the InTREx information technology profile used to risk-focus IT examinations was streamlined, and redundancies in examiner questions were eliminated. The FDIC also enhanced its examinations of service providers. For example, the interagency Cybersecurity Examination Program became a standard component of the most significant service provider examinations. The FDIC, FRB, and OCC, also horizontally reviewed the contracts between financial institutions and large service providers to evaluate how well the agreements provide for protecting customer nonpublic personal information. The FDIC collaborated with the other FFIEC member entities3 to update the FFIEC IT Examination Handbook booklet titled Business Continuity Management. FFIEC member agencies include the FDIC, FRB, National Credit Union Administration (NCUA), OCC, and Consumer Financial Protection Bureau (CFPB). The FFIEC also includes a State Liaison Committee (SLC) as a voting member; the SLC includes representatives from the Conference of State Bank Supervisors (CSBS), American Council of State Savings Supervisors (ACSSS), and National Association of State Credit Union Supervisors (NASCUS). 3 M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 19 ANNUAL REPORT Examiners use this booklet as a reference, and it contains detailed procedures for examining more complex entities. Finally, the FDIC, FRB, and OCC conducted IT examinations of services provided to banks by third parties, with a particular focus on the strength of the contracts between banks and their service providers. The FDIC also continued to build its IT examination workforce. For example, an entry-level IT and Cyber Risk Management Analyst position was created. The new analysts will focus only on IT (including cybersecurity) examinations, and are expected to reach proficiency at those tasks quicker than examiners who have broader responsibilities. The FDIC also updated its advanced IT training for safety and soundness examiners. Examiners take this training to prepare them to examine the most complex institutions and service providers. The FDIC actively engages with both the public and private sectors to assess emerging cybersecurity threats and other operational risk issues. The information obtained from these engagements is shared with financial institutions and examiners, when appropriate. FDIC staff meet regularly with the Financial and Banking Information Infrastructure Committee (FBIIC), the Financial Services Sector Coordinating Council for Critical Infrastructure Protection, the Department of Homeland Security (DHS), the Financial Services Information Sharing and Analysis Center, other regulatory agencies, and law enforcement to share information regarding emerging issues and to coordinate responses. For example, in June 2019, the FDIC sent a DHS cybersecurity alert to all FDIC-supervised institutions highlighting the need for them to defend against a rise in malicious cyber activity directed at the United States. Additionally, in October 2019, the FDIC and other FFIEC members conducted a webinar to raise awareness about the increased frequency of email compromise fraud. The webinar featured a guest speaker from the Financial Crimes Enforcement Network (FinCEN), which has researched this type of fraud. Bank Secrecy Act/Anti-Money Laundering Throughout 2019, the FDIC, FRB, and OCC and the Department of the Treasury (including FinCEN), focused on improving the efficiency and effectiveness of the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) regime. In July 2019, the agencies issued a joint statement to clarify the risk-focused approach to BSA/AML supervision. The FDIC, FRB, OCC, Treasury, and FinCEN also issued 20 a statement on providing financial services to customers engaged in hemp-related businesses. The FFIEC made significant progress in updating the FFIEC BSA/AML Examination Manual that is expected to be released in early 2020. Revised sections of the manual reinforce instructions to examiners regarding depository institutions’ policies, procedures, and processes designed to reasonably meet the requirements of the BSA and safeguard institutions from money laundering, terrorist financing, and other illicit financial activity. The manual emphasizes that examiners should tailor the BSA/AML examination scope and planned procedures to the money laundering/terrorist financing risk profile of the depository institution. Cyber Fraud and Financial Crimes The FDIC has undertaken a number of initiatives in 2019 to protect the banking industry from criminal financial activities. These include developing a financial crimes conference that will be held in 2020 for examiners, lawyers, and others from federal banking and law enforcement agencies. Another initiative helped financial institutions identify and shut down “phishing” websites that attempt to fraudulently obtain an individual’s confidential personal or financial information. Finally, in August 2019, the FDIC published a Consumer News article that offered tips consumers can use to protect themselves from fake check scams. Examiner Training and Development Examiner training continued to be a top priority in 2019. The FDIC strives to deliver effective and efficient onthe-job, classroom, and computer-based instruction. A cadre of highly trained and skilled instructors provides classroom learning to FDIC examination staff, as well as staff of regulatory partners from international and state agencies. Oversight of the training program is provided by senior and mid-level management to ensure that content and delivery are effective, appropriate, and current. The FDIC works in collaboration with partners across the organization and with the FFIEC to ensure that emerging risks and topics are incorporated and conveyed timely. Examination staff at all levels benefit from targeted and tenure-appropriate content. The FDIC also recognizes the critical role peer-to-peer knowledge transfer plays in preserving institutional knowledge and experience, and encourages opportunities for employees to learn from each other. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 In 2019, the FDIC held training for all of its commissioned risk management examiners and case managers on a variety of topics, including root cause analysis, emerging technologies, model risk management, and operational risk. In addition, the FDIC launched refresher foundational training for all examinationrelated staff on the Bank Secrecy Act; this training will be completed in first quarter 2020. In addition, a Current Expected Credit Losses (CECL) Examiner Training and Development Plan was launched in 2018 to begin a multi-year initiative to ensure examination staff understand the requirements of the new credit losses accounting standard, and are consistent in conveying the FDIC’s expectations with respect to banks’ CECL implementation efforts. The FDIC has also undertaken a multi-year project to expand and strengthen its examiner development programs for specialty areas, such as IT, BSA/AML, trust, capital markets, and accounting. As banks become more specialized, enhancing examiner skills in these areas is key to ensuring an effective examination program. The goal of this project is to standardize the skills needed to examine banks of varying levels of risk and complexity in each specialty area, and to develop on-the-job training (OJT) programs to provide opportunities for examiners to acquire higher-level competencies in these specialty areas. In 2019, the FDIC released the second of its IT OJT programs and continued to develop specialty OJT programs in accounting, capital markets, BSA/AML, and trust. Minority Depository Institution Activities The preservation and promotion of minority depository institutions (MDIs) remains a long-standing and high priority for the FDIC. In 2019, the FDIC expanded engagement with MDIs and continued to promote and support MDI and Community Development Financial Institution (CDFI bank) industry-led strategies to better serve their communities. These strategies include increasing collaboration between MDIs and other financial institutions; partnering to share costs, raise capital, or pool loans; and making innovative use of available federal programs. The FDIC supports these efforts through research, outreach, and engagement to better understand MDI issues, as well as by providing technical assistance and education and training for MDI and CDFI banks. During 2019, the FDIC published a research study, Minority Depository Institutions: Structure, Performance, and Social Impact that explores changes in FDIC-insured MDIs, their role in the financial services industry, and their impact on the communities they serve. The study showed that MDI financial performance improved significantly over the past five years; MDIs consolidated significantly, but more gradually than community banks overall; and MDIs are important service providers to lowor moderate-income and minority communities. The FDIC established a new MDI Subcommittee of the Advisory Committee on Community Banking (CBAC), which held its inaugural meeting in December 2019. The subcommittee provides an opportunity for minority bankers to discuss key issues and share feedback directly with FDIC Board Members and senior management. In addition, the FDIC added additional MDI bankers to the CBAC membership to further bring MDI perspectives and issues to the table. Throughout 2019, the FDIC hosted three roundtables with large banks and MDI bankers to foster collaboration in support of the continued vibrancy of MDIs and their communities. During the roundtables, executives from 29 large banks and 24 MDIs discussed potential partnerships including financial support, lending activities, or service activities including technical assistance. Each roundtable outlined how both MDIs and other institutions may realize business and regulatory benefits by developing partnerships, drawing upon the FDIC’s Resource Guide for Collaboration with Minority Depository Institutions published in December 2017. In addition, the FDIC clarified how relationships with MDIs receive consideration under the Community Reinvestment Act. The FDIC is following up to monitor the outcomes of the roundtables and highlight successful partnerships at future roundtables. One of the FDIC’s statutory goals is to preserve the minority character of MDIs in failed bank acquisitions. In 2019, the FDIC hosted three workshops and two webinars with MDI bankers to discuss the failed bank bidding process and special marketing procedures for MDIs. In addition, the FDIC implemented a new marketing procedure that provides a two-week window exclusively for MDIs. During this window, the FDIC contacts all qualified MDIs on the bid list to ensure they received an invitation to bid, and provides full access to M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 21 ANNUAL REPORT FDIC Chairman McWilliams is introduced to Alden J. McDonald’s son, Todd McDonald at the June 2019 Interagency MDI and CDFI Bank Conference. Alden McDonald founded Liberty Bank and Trust in 1972 in New Orleans, Louisiana. the data room if an MDI is interested. The FDIC also describes in detail the failing bank transaction and offers to provide technical assistance on the bidding process. Following the two-week period, the FDIC invites all other qualified bidders to the failing bank project. One MDI failed in 2019, and the acquirer was another MDI. In fact FDIC’s research shows that over a 17-year period, most of the assets of merged and failed MDIs have been acquired by other MDIs. Of the nearly $23 billion in MDI failed-bank assets during this period, 86 percent were acquired by another minority bank. In June 2019, the FDIC hosted the interagency MDI and CDFI bank conference, Focus on the Future: Prospering in a Changing Industry, in collaboration with the OCC and FRB. The conference featured a dialogue with federal leadership, who provided updates on programs and policies that can help MDI and CDFI banks achieve their goals. Minority bank CEOs discussed strategies for their customers, employees, and communities in order to succeed in today’s marketplace. Experts discussed innovation, collaboration, supervision, and FDIC research. Interactive workshops addressed topics such as cybersecurity and threat-monitoring tools and resources, understanding MDIs and their markets, succession management, federal programs supporting MDIs, the benefits of participating in the CDFI Fund’s programs, and preserving the minority character in failing bank transactions. The FDIC also continuously pursued efforts to improve communication and interaction with MDIs and to respond to the concerns of minority bankers in 2019. 22 The FDIC maintains active outreach with MDI trade groups and offers to arrange annual meetings between FDIC regional management and each MDI’s board of directors to discuss issues of interest. The FDIC routinely contacts MDIs to offer return visits and technical assistance following the conclusion of FDIC safety and soundness, consumer compliance, CRA, and specialty examinations to help bank management understand and implement examination recommendations. These return visits, normally conducted within 90 to 120 days after the examination, are intended to provide useful recommendations or feedback for improving operations, not to identify new issues. Through its public website (www.fdic.gov), the FDIC invites inquiries and provides contact information for any MDI to request technical assistance at any time. In 2019, the FDIC provided 134 individual technical assistance sessions on nearly 50 risk management, consumer compliance, and resolution topics, including: ♦ Accounting, ♦ Bank Secrecy Act and Anti-Money Laundering, ♦ Community Reinvestment Act, ♦ Compliance management, ♦ Funding and liquidity, ♦ Information technology risk management and cybersecurity, ♦ Internal audit, and ♦ Failed bank acquisition. Chairman McWilliams (center) in discussion with John Hope Bryant, founder, Chairman and CEO of Operation HOPE, and Evelyn Smalls, President and CEO of United Bank of Philadelphia at the National Bankers Association Annual Convention in October 2019. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 The FDIC also held outreach, training, and educational programs for MDIs through conference calls and regional banker roundtables. In 2019, topics of discussion for these sessions included many of those listed above, as well as collaboration and partnerships, the CECL accounting methodology, IT vendor management, cybersecurity, CRA, innovation, BSA, CDFI Fund Programs, and emerging technology. SUPERVISION POLICY The goal of supervision policy is to provide clear, consistent, meaningful, and timely information to financial institutions and examiners. Risk-Focused Supervision Program During 2019, the FDIC undertook an effort to memorialize its long-standing practices regarding riskfocused, forward-looking supervision. The result of this effort was referenced in RMS’s August 2019 update to the Risk Management Manual of Examination Policies, which incorporated a new section titled “Risk-Focused, Forward-Looking Safety and Soundness Supervision.” The new section describes the FDIC’s long-standing philosophy and methods for supervising institutions by focusing on institutions and the areas within institutions presenting the greatest risks. It also describes principles for communication, risk-tailoring of examination procedures, examination planning, and off-site examination activities that are followed during safety and soundness examinations. As part of this effort, RMS also implemented more robust examination planning procedures, including increasing the amount of notice bankers are provided before examinations begin and allowing examiners more time to understand the institution and tailor procedures to the institution’s risk profile accordingly. Additionally, procedures for loan review have been enhanced and electronic document-transfer systems with institutions have been improved. Current Expected Credit Losses Implementation In June 2016, the Financial Accounting Standards Board (FASB) introduced the CECL methodology for estimating allowances for credit losses, replacing the current incurredloss methodology. Since then, the FDIC has worked collaboratively with the FRB, OCC, FASB, Securities and Exchange Commission (SEC), and CSBS to answer questions regarding the implementation of CECL. ♦ The FDIC participated on the FFIEC Task Force on Reports that developed revisions to the Call Report and other FFIEC reports to address the changes in the accounting for credit losses under the new standard. Because the standard could be early adopted by institutions effective January 1, 2019, these revisions were implemented for quarterly reports as of March 31, 2019, and take effect for annual reports as of December 31, 2019. Institutions were notified of the final reporting changes in an interagency FFIEC Financial Institution Letter (FIL) and an FDIC-only FIL. ♦ In December 2018, the FDIC, FRB and OCC issued the CECL Regulatory Capital final rule revising the regulatory capital rules for the implementation of, and capital transition to, the CECL methodology. The final rule allows banks to transition the day-one effects of the credit losses accounting standard on regulatory capital over three years. The final rule also revises the agencies’ regulatory capital rule and other rules to take into consideration differences between the new accounting standard and existing U.S. generally accepted accounting principles. ♦ In April 2019, the FDIC, FRB, OCC, and NCUA issued an updated set of frequently asked questions (FAQs) that focus on the application of the new credit losses accounting standard and related regulatory reporting. This updated set includes the initial set of FAQs issued in December 2016 and the second set of FAQs issued in September 2017. Certain of the previously issued FAQs were updated in response to recent developments. An appendix includes links to relevant resources that are available to institutions to assist with the implementation of CECL. ♦ In April 2019, the FDIC, FRB, OCC, NCUA, FASB, SEC, and CSBS conducted a webinar covering one possible simplified method of calculating allowances under CECL, which is known as the Weighted Average Remaining Maturity (WARM) Method. In January 2019, the FASB issued a Staff questions and answers (Q&A) document confirming that the WARM method is one of many acceptable methods that can be used to estimate allowances for less M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 23 ANNUAL REPORT complex financial asset pools under CECL. The webinar also discussed the use of reasonable and supportable forecasts when estimating allowances. Management of Credit Risk, Liquidity Risk, and Interest-Rate Risk The economy is in its eleventh year of expansion. Amid increasing competition for loans, a large majority of insured institutions continue to grow their loan portfolios, albeit more slowly than in prior years. Some institutions have increased existing concentrations, leaving them with greater exposure to market sector changes. Loan growth, accompanied by a reduction in holdings of liquid assets and increased reliance on funding sources other than traditionally stable deposits, is particularly prevalent among institutions with rising or elevated concentration levels. Competition for deposits is increasing and intensified by long-term trends like declining rural populations and consumers’ adoption of innovative financial technology. A lengthy period of historically low interest rates and tightening net interest margins have created incentives for insured depository institutions to reach for yield in their lending and investment portfolios by extending portfolio durations, potentially increasing their vulnerability to higher interest rates. Long-term rates have been falling in recent years, resulting in a flatter yield curve and, in 2019, the yield curve temporarily inverted. The uncertainty in the direction of rates and shape of the yield curve create a challenging environment for managing exposure to interest-rate risk. Through regular on-site examinations and interim contacts with state nonmember institutions, FDIC staff regularly engage in dialogue with institution management about the need to ensure that their practices to manage credit risk, liquidity risk, and interest-rate risk are effective. Where appropriate, FDIC staff work with institutions that have significant exposure to these risks and encourage them to take appropriate risk-mitigating steps. The FDIC employs off-site monitoring to help identify institutions that may have heightened exposure to these risks, and follows up with them to better understand their risk profiles. Throughout 2019, the FDIC conducted outreach and offered technical assistance regarding these risk issues. The FDIC also published Supervisory Insights articles on 24 the risks associated with potential transitions in financial instrument reference rates and the risk management practices of insured banks with commercial real estate loan concentrations and leveraged lending. FDIC examiners continue to assess how well banks are managing the risks associated with credit and funding concentrations. The findings of these assessments are shared with bank management in the Report of Examination. CAMELS Request for Information In October 2019, the FDIC and FRB issued a request for information and comments from interested parties regarding the consistency of ratings assigned by the agencies under the Uniform Financial Institutions Rating System (more commonly known as CAMELS ratings). The agencies are also requesting feedback on the use of CAMELS ratings by the agencies in their bank application and enforcement action processes. Comments are due by February 28, 2020. Applications Procedures Manual During 2019, the FDIC issued updated, public facing sections of the Applications Procedures Manual. The manual provides comprehensive direction to FDIC staff assigned to review and process applications, notices, and other requests (collectively, applications) submitted to the FDIC. In June, 17 sections of the manual were released, and in December an additional 18 sections were released. As part of Chairman McWilliams’ “Trust Through Transparency” initiative, making the manual publicly available provides greater transparency to the banking industry and other interested parties regarding the FDIC’s application processes. As appropriate, the manual will be updated periodically for changes in laws, regulations, and processes. FDIC-insured institutions and other interested parties may access application-related information through the FDIC’s Bank Applications webpage located at https:// www.fdic.gov/regulations/applications/. Supervisory Guidance Regulatory Relief - Areas Affected by Severe Storms During 2019, the FDIC issued eight advisories through FILs to provide guidance to financial institutions in areas affected by hurricanes, tornadoes, flooding, wildfires, and other severe storms, and to facilitate recovery. In M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 these advisories, the FDIC encouraged banks to work constructively with borrowers experiencing financial difficulties as a result of natural disasters, and clarified that prudent extensions or modifications of loan terms in such circumstances can contribute to the health of communities and serve the long-term interests of lending institutions. Allowance for Credit Losses On October 17, 2019, the three banking agencies and the NCUA, with input from CSBS, issued for public comment a proposed Interagency Policy Statement on Allowances for Credit Losses (ACLs) in response to CECL, the new credit losses accounting standard. The proposed policy statement would replace the agencies’ December 2006 Interagency Policy Statement on the Allowance for Loan and Lease Losses (ALLL) and the July 2001 Policy Statement on Allowance for Loan and Lease Losses Methodologies and Documentation for Banks and Savings Institutions (collectively, the 2006 and 2001 ALLL Policy Statements). The comment period closed December 16, 2019. ♦ The principles outlined in the policy statement on ACLs would become of interest to an institution upon the institution’s adoption of the CECL. ♦ Once CECL is effective for all institutions, the agencies will rescind the 2006 and 2001 ALLL Policy Statements. ♦ The proposed new policy statement addresses most of the topics covered in the 2006 and 2001 ALLL Policy Statements, but in the context of CECL. Thus, the new policy statement describes: • The measurement of expected credit losses under CECL and the accounting for impairment on available-for-sale (AFS) debt securities in accordance with the new credit losses accounting standard; • Principles related to designing, documenting, and validating expected credit loss estimation processes, including the internal controls over these processes; • Maintaining appropriate ACLs; • The responsibilities of boards of directors and management; and • Examiner reviews of ACLs. Credit Risk Review In October 2019, the FDIC, jointly with the FRB, OCC, and NCUA, issued a request for comment on proposed Guidance for Credit Risk Review Systems. The proposed supervisory guidance updates and reaffirms, as a standalone document, the elements of an effective credit risk review system currently contained in the Interagency Policy Statement on the Allowance for Loan and Lease Losses (Attachment 1 - Loan Review Systems), issued in 2006. The proposed supervisory guidance also reflects current industry credit review practices and terminology associated with the CECL methodology. The comment period closed on December 16, 2019. Codification of Section 19 Statement of Policy On November 18, 2019, the FDIC approved an NPR to codify the Section 19 Statement of Policy (SOP) in the FDIC’s regulations and seek public comment on all aspects of the Section 19 SOP. Section 19 of the FDI Act generally prohibits individuals convicted of certain crimes from becoming employed by, or participating in the affairs of, an IDI. Specifically, the proposal seeks comment on whether and how the FDIC should expand the criteria for what constitutes a de minimis offense. This proposal also supports the ongoing initiative among the federal financial regulators to address the appropriate role of supervisory guidance compared to notice and comment rulemakings. The comment period closes on March 16, 2020. Regulatory Tailoring Tailoring of Capital and Liquidity Standards In October 2019, the FDIC, FRB and OCC approved a final rule to tailor the regulatory capital and liquidity requirements for large depository institution holding companies, U.S. intermediate holding companies of foreign banking organizations (U.S. IHCs), and certain depository institutions. Under the final rule, the requirements for U.S. Global-Systemically Important Banks (U.S. G-SIBs) are unchanged and these institutions remain subject to the most stringent standards. However, the final rule tailors the capital and liquidity requirements for all other banking organizations with greater than $100 billion in total consolidated assets, commensurate with their size, complexity, and potential systemic risks. The final rule is consistent with considerations and factors set forth under section 165 of the Dodd-Frank Act, as amended by the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA). M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 25 ANNUAL REPORT The final rule established risk-based categories for determining the tailored regulatory capital and liquidity requirements applicable to large U.S. banking organizations and the U.S. IHCs. Under the final rule, banking organizations fall into one of four categories based on five risk-based indicators: total assets, crossjurisdictional activity, short-term wholesale funding, nonbank assets, and off-balance sheet exposure. In addition to tailoring the agencies’ capital requirements, the final rule tailors the application of the liquidity coverage ratio, which was finalized in 2014 and requires large banking organizations to hold a minimum amount of high-quality liquid assets that can be easily and quickly converted into cash to meet net cash outflows over a 30-day stress period. The final rule will also tailor the application of the net stable funding ratio, which the agencies plan to finalize in 2020 and would apply a one-year liquidity standard that examines the stability of a bank’s funding profile. Capital Simplifications In May 2019, the FDIC, FRB, and OCC approved a final rule to simplify aspects of the capital rule for non-advanced approaches banking organizations, which responds to industry feedback on the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA). The final rule simplifies the treatment of threshold deduction items and increases the individual common equity tier 1 deduction thresholds for mortgage servicing assets, certain deferred tax assets, and investments in the capital of other financial institutions. The final rule also simplifies the calculation of minority interests includable in regulatory capital and makes a number of technical corrections. Volcker Rule In July 2019, the FDIC, FRB, OCC, SEC, and Commodity Futures Trading Commission (CFTC) published a final rule pursuant to Section 203 of EGRRCPA to amend Section 13 of the Bank Holding Company Act, commonly referred to as the Volcker Rule, by exempting community banks from the requirements of the rule. To qualify for the exclusion, neither the bank nor any controlling company may have more than $10 billion in total consolidated assets, or total trading assets and trading liabilities of more than 5 percent of total consolidated assets, as reported on the most recent 26 regulatory filing. The final rule also implements Section 204 of EGRRCPA to amend the restrictions applicable to the naming of a hedge fund or private equity fund to permit certain banking entities that are not banks or bank holding companies to share a name with the fund under certain circumstances. In November 2019, the FDIC, FRB, OCC, SEC, and CFTC published a final rule to simplify and tailor requirements under the Volcker Rule, which generally prohibits banking entities from engaging in proprietary trading and from owning or controlling hedge funds or private equity funds. The final rule tailors compliance requirements based on the size of a firm’s trading assets and liabilities, with the most stringent requirements applied to banking entities with the most trading activity. The rule also provides greater clarity, certainty, and objectivity about what activities are prohibited by the Volcker Rule. The final rule has an effective date of January 1, 2020, and a compliance date of January 1, 2021. However, a banking entity may voluntarily comply, in whole or in part, with the changes to the rule prior to January 1, 2021. A pending Notice of Proposed Rulemaking (NPR) is planned for early 2020 to address the outstanding issues related to the prohibitions and restrictions on investments in private equity and hedge funds (i.e., “covered funds”). Brokered Deposits In the thirty years since Congress enacted restrictions on brokered deposits, the banking industry has undergone dramatic changes. Technology, law, business models, and product ranges have evolved. In 2018, the FDIC decided to undertake a comprehensive review of its brokered deposits regulation. The FDIC approved an advance notice of proposed rulemaking (ANPR) on December 18, 2018, to seek comment on both the brokered deposit regulation and restrictions on interest rates. The ANPR was published in the Federal Register on February 6, 2019. The FDIC accepted comments on the ANPR until May 7, 2019, and received more than 130 comments. The FDIC then divided the brokered deposit rulemaking process into two sections: the first will address possible changes in the interest rate restrictions; the second will address specific brokered deposit issues. The FDIC approved an NPR on brokered deposits in December 2019 that would establish a new framework for regulating brokered deposits. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 The FDIC will be seeking comments for 60 days after publication in the Federal Register. Interest Rate Restrictions On August 20, 2019, the FDIC approved an NPR on interest rate restrictions applicable to institutions that are less than well capitalized. The NPR was published in the Federal Register on September 4, 2019. In the NPR, the FDIC proposed changing the calculation of the national rate cap, as well as greatly simplifying the local rate cap for less than well-capitalized institutions in areas where prevailing rates may exceed the national rate or cap. The FDIC accepted comments through November 8, 2019. Community Bank Leverage Ratio In November 2019, the FDIC, FRB, and OCC approved a final rule to implement Section 201 of EGRRCPA to establish a community bank leverage ratio (CBLR) framework designed to reduce burden for qualifying community banks that opt into the framework. The framework provides a simple measure of capital adequacy for qualifying community banks and allows them to alleviate the burden of calculating and reporting risk-based capital ratios. If a qualifying community bank exceeds a CBLR of 9 percent, it is deemed to meet the generally applicable leverage and risk-based capital requirements and the well-capitalized ratio requirements under the prompt corrective action regulatory capital framework. Eligible banks may elect to adopt the framework beginning in 2020 and do so simply through reporting on their quarterly Call Report. In September 2019, the FDIC approved a final rule amending the deposit insurance assessment system to address the application of the leverage ratio for qualifying community banks. Appraisal Threshold for Residential Real Estate Loans In October 2019, the FDIC, FRB, and OCC published a final rule to amend the agencies’ regulations requiring appraisals for certain real estate-related transactions. The final rule raises the threshold from $250,000 to $400,000 at which appraisals are required for residential real estaterelated transactions. The final rule also makes conforming changes to exempt certain transactions secured by residential property in rural areas from the agencies’ appraisal requirement pursuant to the EGRRCPA. Pursuant to the Dodd-Frank Act, the final rule amends the agencies’ appraisal regulations to require institutions to subject appraisals performed for federally related transactions to appropriate review for compliance with the Uniform Standards of Professional Appraisal Practice. Federal Interest Rate Authority In November 2019, the FDIC approved an NPR to clarify the federal law governing interest rates state banks may charge their customers. The FDIC’s proposal would codify longstanding legal interpretations of the FDI Act and provides that a permissible interest rate on a loan, as permitted by the law where the bank is located, would not be affected by subsequent events, such as a change in state law, a change in the relevant commercial paper rate, or the sale/assignment/transfer of the loan. Comments will be accepted on this proposal until February 4, 2020. Management Interlocks Part 348 of the FDIC’s Rules and Regulations generally restricts the ability of a management official to serve at more than one depository organization to foster competition. Since 1996, the Major Assets Prohibition prevented a management official of a bank with total assets greater than $2.5 billion from serving at an unaffiliated bank with total assets of $1.5 billion. On October 10, 2019, the FDIC, FRB, and OCC finalized a rule to increase both lower and upper thresholds to $10 billion. Thus, only banks above the threshold are required to seek an exemption to permit a prohibited management interlock. Supplementary Leverage Ratio In November 2019, the FDIC approved a final rule for custodial banking organizations, pursuant to Section 402 of EGRRCPA, which amends the Supplementary Leverage Ratio of the regulatory capital rule. The final rule allows large banking organizations predominantly engaged in custody, safekeeping, and asset-servicing activities to exclude certain central bank deposits from total leverage exposure when calculating their supplementary leverage ratio. High Volatility Commercial Real Estate In November 2019, the FDIC approved a final rule to revise the risk-based capital definition for high volatility commercial real estate (HVCRE) loans, which are a subset M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 27 ANNUAL REPORT of acquisition, development, and construction loans. The final rule implements the changes outlined in Section 214 of EGRRCPA and provides interpretation on certain aspects of the HVCRE exposure definition. The final rule also addresses the public comments received on a July 2019 interagency proposal that clarifies whether certain lot development loans qualify for the 1-4 family exemption. Derivatives In November 2019, the FDIC, FRB, and OCC approved the Standardized Approach for Counterparty Credit Risk (SA-CCR) final rule. The framework provided in the SA-CCR final rule is required for banking organizations subject to the advanced approaches, but other institutions may elect to use it. The SA-CCR final rule amends the regulatory capital rule and implements a new approach for calculating the exposure amount for derivative contracts. Specifically, the final rule implements a new framework for calculating derivatives’ exposure at default, in addition to the previously available Current Exposure Method and Internal Models Method (IMM). The final rule also amends capital requirements associated with the IMM, bank exposures to central counterparties, and the leverage ratio to the degree they are impacted, and introduces a number of derivatives-related technical amendments. In November 2019, the FDIC, FRB, OCC, Federal Housing Finance Agency (FHFA), and Farm Credit Administration (FCA) published a proposed rule that would amend the swap margin rule, which establishes capital and margin requirements for non-cleared swaps. Specifically, the proposal would: ♦ Preserve the status quo for legacy swaps transferred to or by a covered swap entity in the event of the U.K. withdrawal from the E.U. without a Withdrawal Agreement (i.e., Brexit); ♦ Preserve the status quo for legacy swaps amended as part of the London Inter-bank Offered Rate (LIBOR) transition; ♦ Modify inter-affiliate margin treatment to repeal initial margin requirements but retain the variation margin requirements; and ♦ Extend the compliance period for certain smaller counterparties and clarifies the existing trading documentation requirements in the swap margin rule. 28 Office of Thrift Supervision Regulations The FDIC also streamlined and clarified certain regulations through the Office of Thrift Supervision (OTS) rule integration process. Under Section 316(b) of the Dodd-Frank Act, former OTS rules remain in effect “until modified, terminated, set aside, or superseded in accordance with applicable law” by the relevant successor agency, a court of competent jurisdiction, or operation of law. When the FDIC republished the transferred OTS regulations as new FDIC regulations applicable to state savings associations, the FDIC stated in the Federal Register notice that its staff would evaluate the transferred OTS rules and might later recommend incorporating them into other FDIC rules, amending them, or rescinding them. This process began in 2013 and continues, involving publication in the Federal Register of a series of NPRs and final rules. In June 2019, the FDIC removed a transferred rule regarding lending and investment that is duplicative of standards in existing FDIC regulations. The final rulemaking also removed rules related to the registration of residential mortgage loan originators in light of Title X of the Dodd-Frank Act, which transferred this authority to the CFPB. In November 2019, the FDIC removed transferred rules regarding the maintenance of depositrelated records and, in December 2019, removed the transferred rules regarding regulatory reporting standards and accounting requirements and operations of state savings associations. The final rulemaking also made conforming amendments to existing FDIC regulations so that all FDIC-supervised institutions would follow substantially the same regulations and guidance regarding their operation. Staff will continue to review the remaining six transferred regulations. INNOVATION/FINANCIAL TECHNOLOGY The FDIC continuously monitors developments in technology to better understand how it may affect the financial industry. FinTech and the Future of Banking Conference In April 2019, the FDIC and Duke University’s Fuqua School of Business and Innovation and Entrepreneurship Initiative jointly sponsored the Fintech and the Future of M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 ♦ Conduct “tech sprints” and pilot projects to test emerging technologies in cooperation with states and affected federal regulators; ♦ Support and promote the adoption of new technologies by financial institutions, particularly at community banks; and ♦ Expand banking services to the unbanked, underbanked, and individuals in underserved communities through new technologies. Treasury Secretary Steven Mnuchin and FDIC Chairman McWilliams in discussion at the April 2019 Fintech and the Future of Banking Conference. Banking conference. The event drew broad interest from representatives of banks, nonbanks, technology service providers, federal regulatory and other government agencies, Congress, nonprofit organizations, and research institutions, with approximately 275 people in attendance. Treasury Secretary Steven Mnuchin and FDIC Chairman Jelena McWilliams opened the conference with a conversation about the role of financial technology and innovation in banking, and Comptroller of the Currency Joseph M. Otting followed with a discussion of fintech from a regulatory perspective. Throughout the conference, prominent academic experts presented highlights from research focused on technology’s impact on lending, financial advice, and competition alongside the perspectives of senior leaders in policy and industry. Separate policy discussions also explored the topics of regulatory innovation and fintech funding. FDiTech and FDIC Emerging Technology Steering Committee In 2019, Chairman McWilliams established the FDIC Tech Lab, or FDiTech. The FDIC is currently seeking a Chief Innovation Officer to lead this new office, and has worked over the last year to establish a concept of operations to support engagement with stakeholders and innovative approaches to technology development to support the FDIC and the financial services industry. Through these efforts, FDiTech will focus on its mission to: ♦ Engage bankers, fintechs, technologists, and other regulators on innovations that will lay the foundation for banking’s future; In addition to FDiTech, the FDIC’s Emerging Technology Steering Committee has provided focused resources on the importance of technology on the financial services landscape. The committee is comprised of the Directors of RMS, DCP, Division of Insurance and Research (DIR), Division of Resolutions and Receiverships (DRR), and Division of Complex Institution Supervision and Resolution, as well as the General Counsel, the Chief Risk Officer, the Chief Financial Officer and the Chief Information Officer. In 2019, the Emerging Technology Steering Committee continued work on its established objectives: ♦ Comprehend, assess, and monitor the current emerging technology activities, risks, and trends; ♦ Evaluate the projected impact to the banking system, the deposit insurance system, effective regulatory oversight, economic inclusion, and consumer protection; ♦ Oversee internal working groups monitoring particular aspects of emerging technology; ♦ Recommend follow-up actions, as appropriate, and monitor implementation; and ♦ Help formulate strategies to respond to opportunities and challenges presented by emerging technology, and to ensure developments align with regulatory goals. The FDIC also participates on several working groups related to financial technology: ♦ The Basel Committee on Banking Supervision’s Task Force on Financial Technology, which focuses on the impact of financial technology on banks’ business models, risk management, and implications for bank supervision; ♦ The Financial Stability Oversight Council (FSOC) Digital Assets Working Group, which is examining M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 29 ANNUAL REPORT The CFR also developed and maintained many financial models used throughout the FDIC, including off-site models that inform the examination process. CFR economists also provided ongoing support to RMS through on-site examinations. In September 2019, the CFR and the Journal of Financial Services Research jointly sponsored the 19th Annual Bank Research Conference. FDIC Chairman McWilliams kicked-off the conference by highlighting the importance of scholarly research in providing a solid foundation on which to make good public policy. The conference has become a premier forum in its field. The 19th Annual Bank Research Conference featured a poster session with six additional papers. Here, an attendee listens to a researcher as he describes his project. potential policy areas as they relate to digital assets and the application of distributed ledger technology; ♦ An interagency fintech discussion forum, which focuses on issues related to consumer compliance; ♦ The Global Financial Innovation Network, which seeks to provide a more efficient way for innovative firms to interact with regulators, helping them navigate between countries as they look to scale new ideas; ♦ The US-UK Financial Innovation Partnership, which focuses on regulatory and commercial engagements by encouraging collaboration in the private sector, sharing information and expertise about regulatory practices, and promoting growth and innovation; and ♦ The Financial Stability Board Financial Innovation Network, which looks at FinTech innovations from the perspective of financial stability. Center for Financial Research The FDIC’s Center for Financial Research (CFR) encourages, supports, and conducts innovative research on topics that inform the FDIC’s key functions of deposit insurance, supervision, and the resolution of failed banks. CFR researchers published papers in leading banking, finance, and economics journals, including the American Economic Review, the Review of Economic Dynamics, and The Journal of Law and Economics. In addition, CFR researchers presented their research at major conferences, regulatory institutions, and universities. 30 Conference organizers received more than 400 submissions for the 25 available presentation slots, and approximately 200 participants attended. Discussion sessions focused on capital regulation, the effect of regulation on banks, deposit insurance, resolution of failed banks, liquidity regulation, systemic risk, fintech, and leveraged lending, among other topics. COMMUNITY BANKING INITIATIVES Community banks provide traditional, relationship-based banking services in their local communities, and as the primary federal supervisor for the majority of community banks, the FDIC has a particular responsibility for the safety and soundness of this segment of the banking system. As defined for FDIC research purposes, community banks made up 92 percent of all FDIC-insured institutions at mid-year 2019. While these banks hold just 12 percent of banking industry assets, community banks are of critical importance to the U.S. economy and local communities across the nation. They hold 41 percent of the industry’s small loans to farmers and businesses, making them the lifeline to entrepreneurs and small enterprises of all types. They hold the majority of bank deposits in U.S. rural counties and micropolitan counties with populations up to 50,000. In fact, as of June 2019, community banks held more than 75 percent of deposits in more than 1,200 U.S. counties. In more than 600 of these counties, the only banking offices available to consumers were those operated by community banks. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 Community Banking Research The FDIC pursues an ambitious, ongoing agenda of research and outreach focused on community banking issues. Since the 2012 publication of the FDIC Community Banking Study, FDIC researchers have published more than a dozen additional studies on topics ranging from small business financing to the factors that have driven industry consolidation over the past 30 years. The FDIC Quarterly Banking Profile (QBP) includes a section focused specifically on community bank performance, providing a detailed statistical picture of the community banking sector that can be accessed by analysts, other regulators, and bankers themselves. The most recent report shows that net income at community banks continued to grow at a healthy annual rate in the first nine months of 2019. The long-term trend of consolidation has done little to diminish the role of community banks in the banking industry. Just over 71 percent of the community banks that merged during the period September 2018 through September 2019 were acquired by other community banks. On a merger-adjusted basis, loan growth at community banks exceeded growth at noncommunity banks in every year between 2012 and 2019. (See the chart below.) From June 2018 to June 2019, currently operating noncommunity banks closed far more offices than they acquired. In contrast, currently operating community banks acquired offices and opened more offices, on net, during the year. (See the table on the following page.) Community Bank Advisory Committee The FDIC’s CBAC is an ongoing forum for discussing current issues and receiving valuable feedback from the industry. The committee, which met three times during 2019, is composed of as many as 18 community bank executives from around the country. It is a valuable resource for information on a wide range of topics, including examination policies and procedures, capital and other supervisory issues, credit and lending practices, deposit insurance assessments and coverage, and regulatory compliance issues. COMMUNITY BANK LOAN GROWTH HAS OUTPACED NONCOMMUNITY BANK LOAN GROWTH FOR EIGHT CONSECUTIVE YEARS Merger Adjusted Annual Growth in Total Loans and Leases 15% 15 11.2% 10% 10 9.5% 9.3% 9.0% 8.6% 8.6% 7.0% 5.0% 5% 5 2.1% 0% 0 -0.3% -2.1% 7.7% 4.8% 3.9% 6.5% 4.1% 6.0% 4.4% 2.1% -0.9% -2.3% -5% -5 -10% -10 3.4% 2.9% 2.0% 4.7% 8.3% 6.0% Community Banks Noncommunity Banks -8.9% 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 Source: FDIC. Note: Data as of third quarter for 2019, data as of year-end for all other years. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 31 ANNUAL REPORT COMMUNITY BANKS ADDED OFFICES WHILE NONCOMMUNITY BANKS CLOSED OFFICES FROM JUNE 2018 TO JUNE 2019 Offices of CurrentlyOperating Banks in June 2018 Community Banks Noncommunity Banks TOTAL Offices of Acquired Banks Number of Offices in June 2018 (Mergeradjusted) New Offices Opened Offices Closed Net Offices Purchased or Sold Number of Offices in June 2019 29,092 518 29,610 628 401 26 29,863 56,990 1,426 58,416 498 2,387 -26 56,501 86,082 1,944 88,026 1,126 2,788 0 86,364 Source: FDIC Summary of Deposits Data as of June 2019 At each of the 2019 Advisory Committee meetings, there was a discussion of local banking conditions, an update from the FDIC Ombudsman, a supervisory policy update, and an update on the Supervision Modernization Subcommittee. Further, at the March meeting, representatives from FinCEN provided a briefing on the use of bank filings required by the BSA, and FDIC staff discussed the 2017 FDIC National Survey of Unbanked and Underbanked Households. At the July 2019 meeting, discussion included FDIC and U.S. Small Business Administration (SBA) collaboration efforts; the FDIC’s Money Smart financial education materials; and findings of the 2019 research study, Minority Depository Institutions: Structure, Performance, and Social Impact. At the October 2019 meeting, FDIC staff also discussed the 2019 Risk Review, current financial performance of community banks, small bank assessment credits, and tools and resources relating to Opportunity Zones. The subcommittee is evaluating recommendations to explore technology solutions that would use advanced data analytics in loan reviews, update and enhance several existing software platforms, expand the learning and development experience to include a virtual learning environment for the current and future examination workforce, and evaluate hiring specialists to examine advanced data analytics and new technology that exists today. The subcommittee will make its recommendations to the CBAC early in 2020. Supervision Modernization Subcommittee Throughout 2019, the FDIC continued multiple initiatives aimed at streamlining the deposit insurance application process. Based on feedback received in response to a 2018 Request for Information and a nationwide series of six roundtable events, the FDIC clarified that applicants need not identify a specific location for the proposed institution’s main office or all senior executive officers at the time an application is submitted. These changes can significantly reduce the costs of the application process, while not impeding the FDIC’s review of the application or the public’s ability to comment on the application. In 2019, the FDIC established the Subcommittee on Supervision Modernization to support the CBAC. The subcommittee, which met three times during 2019, is composed of individuals from technology firms, academia, and banks. The subcommittee considered how the FDIC can leverage technology and refine processes to make the examination program more efficient, as well as manage and train a geographically dispersed workforce. As part of the subcommittee, a working group reviewed workflows of the consumer compliance and risk management examination processes from planning an examination through conducting examination completion activities, while identifying concerns and opportunities for improvement in the current processes. At the September 2019 meeting, the working group considered the types of data used and data availability in presenting their recommendations to subcommittee members. 32 MDI Subcommittee As noted in the “Minority Depository Institutions Activities” section, the FDIC established a new MDI Subcommittee of the CBAC to bring forward the perspectives of minority bankers and to focus on the issues, tools, and resources that are unique to MDIs. De Novo Banks In addition, after revising the process for reviewing deposit insurance proposals to provide initial feedback to organizers on draft applications prior to submission, the FDIC began engaging in more fulsome pre-filing discussions with organizers. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 The FDIC also updated its delegations of authority so that the vast majority of deposit insurance applications for traditional community banks can be approved at the Regional Office level without requiring input from the Washington Office. Consistent with the FDIC’s updated timeframes and guidelines, Regional Offices should issue most decisions on deposit insurance applications for traditional community banks within 120 days from receipt of a substantially complete application. To help organizers through the application process, the FDIC issued updated versions of its Applying for Deposit Insurance – A Handbook for Organizers of De Novo Institutions, and Deposit Insurance Applications Procedures Manual, and released a supplement to FDIC procedures to address non-community and nonbank deposit insurance proposals. The handbook addresses organizers’ informational needs, and offers information for navigating the application process. The manual provides comprehensive instructions to staff regarding the deposit insurance application process. The FDIC also updated and publicly issued its Applications Procedures Manual, which includes an overview section that conveys important instructions regarding the review and processing of deposit insurance applications and other types of filings. This information should also prove helpful to organizers as they consider and develop a filing. for webinars and teleconferences. Based in part on the feedback received, the FDIC expects to announce several new or revised technical assistance initiatives in 2020. In 2019, the FDIC hosted Directors’ College events in five of its six regions. These events were typically conducted jointly with state trade associations, and addressed issues such as corporate governance, regulatory capital, community banking, concentrations management, consumer protection, BSA, and interest-rate risk, among other topics. The FDIC also offers a series of banker events, in order to maintain open lines of communication and to keep bank management and staff informed regarding important banking regulatory and emerging issues of interest to community bankers. In 2019, the FDIC offered 14 teleconferences or webinars focused on the following topics: ♦ Understanding Reasonably Expected Market Area (REMA) and Community Reinvestment Act (CRA) Assessment area, ♦ Liquidity and funding risk management, ♦ Current Expected Credit Losses (CECL) accounting methodology, ♦ The impact of rising interest rates on asset/liability management, Technical Assistance Program ♦ Money Smart for Small Businesses, As part of the Community Banking Initiative, the FDIC continued to provide a robust technical assistance program for bank directors, officers, and employees. The technical assistance program includes Directors’ College events held across the country, industry teleconferences and webinars, and a video program. ♦ Regulatory and accounting update, In 2019, to better understand the needs of community banks, the FDIC issued a Request for Information seeking feedback on the FDIC’s methods and efforts to provide technical assistance. The FDIC requested information on additional steps the agency could take to support effective management and operation of FDIC-supervised institutions through technical assistance and collaboration on safety and soundness and consumer compliance matters. The agency received 18 responses. Responses affirmed the value of the technical assistance videos, commented favorably on a pilot topic-based resource page for bankers, and provided valuable suggestions ♦ Common exam findings, ♦ Update on consumer compliance and CRA, ♦ Information sharing on standardized export of imaged loan documents, ♦ Building collaboration between financial institutions and law enforcement to prevent and address elder financial abuse, ♦ Understanding and mitigating RESPA Section 8(a) risks, ♦ Understanding the requirements of the Truth In Lending Act (Regulation Z) and Real Estate Settlement Procedures Act (Regulation X) Integrated Disclosure Rule (TRID Rule), ♦ Final Private Flood Insurance Rule (along with the OCC, FRB, and FCA), and ♦ Fair Lending interagency webinar. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 33 ANNUAL REPORT Economic Growth and Regulatory Paperwork Reduction Act EGRPRA directs the federal banking agencies and the FFIEC to conduct a joint review of regulations every 10 years to determine whether any of those regulations are outdated or unnecessary. In March 2017, the FFIEC submitted a report to Congress describing actions the member entities had already taken to address comments received during the EGRPRA process as well as actions they planned to take in the future. During 2019, the FDIC along with the other FFIEC member entities, continued to work together to reduce burden in the areas of Capital Simplifications, Management Interlocks, and OTS Regulations, which were raised during the EGRPRA review process. ACTIVITIES RELATED TO LARGE AND COMPLEX FINANCIAL INSTITUTIONS The FDIC is committed to addressing the unique challenges associated with the supervision, insurance, and potential resolution of large and complex financial institutions (LCFIs). The agency’s ability to analyze and respond to risks in these institutions is particularly important, as they comprise a significant share of banking industry assets and deposits. In order to centralize and integrate the FDIC’s operations related to the supervision and resolution of large and complex financial institutions, including systemically important financial institutions (SIFIs), financial market utilities (e.g., central counterparties), and all FDIC-insured depository institutions with assets above $100 billion for which the FDIC is not the primary federal regulatory authority, the FDIC’s Chairman formed the Division of Complex Institution Supervision and Resolution (CISR) effective July 21, 2019. At CISR’s inception, the then–Office of Complex Financial Institutions (OCFI), RMS, and DRR transferred to CISR all branches having responsibility for supervision and monitoring and resolution planning and execution for LCFIs in the CISR portfolio. The FDIC’s Complex Financial Institution (CFI) Group and Large Bank Supervision Branch, now both within CISR, perform ongoing risk monitoring of Global Systemically Important Banks (G-SIBs), large Foreign 34 Banking Organizations (FBOs), and FSOC-designated nonbank financial companies; provide backup supervision of the firms’ related IDIs; and evaluate the firms’ required resolution plans. The CFI Group also performs certain analyses that support the FDIC’s role as an FSOC member. Resolution Plans – Title I Living Wills In 2018, the EGRRCPA revised the application of resolution planning requirements by raising the $50 billion asset threshold to $250 billion, and provided the FRB with discretion to apply resolution planning requirements to firms with $100 billion or more and less than $250 billion in total consolidated assets. In November 2019, the FDIC and FRB published a final rule to implement EGRRCPA by establishing three categories of firms for purposes of resolution planning: (1) U.S. and foreign banking organizations with $250 billion or more in total consolidated assets, (2) U.S. banking organizations identified as U.S. G-SIBs, and (3) any designated nonbank financial companies that the FSOC has determined under section 113 of the DoddFrank Act should be supervised by the FRB. In the resolution plan rule, the FRB determined to exercise its discretion under EGRRCPA to apply resolution planning requirements to the following firms: ♦ U.S. bank holding companies with a) average total consolidated assets equal to $100 billion or more and less than $250 billion and b) $75 billion or more in any of the following risk-based indicators: crossjurisdictional activity, total nonbank assets, weighted short-term wholesale funding, or off-balance sheet exposure; and ♦ Foreign banking organizations with a) total global assets equal to $100 billion or more and less than $250 billion, b) average combined U.S. assets equal to $100 billion or more, and c) $75 billion or more in any of the four risk-based indicators measured based on combined U.S. operations. The final rule uses categories established by the agencies’ tailoring rule to separate firms into three filing groups for the purpose of calibrating the timing of resolution plan submissions, and plan content. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 Large Bank Holding Companies with Substantial Nonbank Assets The eight domestic G-SIBs—Bank of America Corporation, Bank of New York Mellon Corporation, JPMorgan Chase & Co., State Street Corporation, Wells Fargo & Company, Goldman Sachs Group, Inc., Morgan Stanley, and Citigroup, Inc.—submitted resolution plans on or before July 1, 2019. On December 17, 2019, the FDIC and FRB issued letters to the eight firms providing their review findings and information about areas where additional work needs to be done to improve resolvability. On July 26, 2019, the agencies extended the next full resolution plan submission date for four of the FBOs— Barclays PLC, Credit Suisse Group AG, Deutsche Bank AG, and UBS AG—to July 21, 2021. These banks remain required to submit limited plans by July 1, 2020, describing how they have addressed the shortcomings identified in December 2018 and providing updates concerning certain resolution projects. Other Large Bank Holding Company Filers In December 2018, 82 foreign-based banking organizations submitted resolution plans. In July 2019, the FDIC, jointly with the FRB, provided feedback and extensions of the next due date for resolution plans to July 2021. At the same time, 15 domestic firms also received extensions to July 2021. These extensions will give the banks additional time to prepare their plans in light of resolution plan rule changes proposed by the agencies in April 2019. Insured Depository Institution Resolution Plans Section 360.10 of the FDIC Rules and Regulations requires an IDI with total assets of $50 billion or more, to periodically submit to the FDIC a plan for its resolution in the event of its failure (the “IDI rule”). The IDI rule requires covered IDIs to submit a resolution plan that would allow the FDIC, as receiver, to resolve the institution under Sections 11 and 13 of the FDI Act in an orderly manner that enables prompt access to insured deposits, maximizes the return from the sale or disposition of the failed IDI’s assets, and minimizes losses realized by creditors. The resolution plan must also describe how a proposed strategy will be least costly to the Deposit Insurance Fund. Forty-one large insured banks covered by the IDI rule submitted their resolution plans by July 1, 2018. In April 2019, the FDIC issued an ANPR seeking comments on ways to tailor the IDI rule requirements and deferred future IDI Plan submissions until the completion of revisions to the rule. Monitoring and Measuring Systemic Risks The FDIC monitors risks related to G-SIBs and large FBOs at the firm level and industry wide to inform supervisory planning and response, policy and guidance considerations, and resolution planning efforts. As part of this monitoring, the FDIC analyzes each company’s risk profile, governance and risk management capabilities, structure and interdependencies, business operations and activities, management information system capabilities, and recovery and resolution capabilities. The FDIC continues to work closely with the other federal banking agencies to analyze institution-specific and industry-wide conditions and trends, emerging risks and outliers, risk management, and the potential risk posed to financial stability by G-SIBs and large FBOs and large nonbank financial companies. To support risk monitoring that informs supervisory and resolution planning efforts, the FDIC has developed systems and reports that make extensive use of structured and unstructured data. Monitoring reports are prepared on a routine and adhoc basis and cover a variety of aspects that include risk components, business lines and activity, market trends, and product analysis. Additionally, the FDIC has implemented and continues to expand upon various monitoring systems, including the Systemic Monitoring System (SMS) and the SIFI Risk Report (SRR). The SMS provides an individual risk profile and assessment for each G-SIB and large FBO by evaluating the level and change in metrics that serve as important indicators of overall risk. The SMS supports the identification of emerging and outsized risks within individual firms and the prioritization of supervisory and monitoring activities. The SMS also serves as an early warning system of financial vulnerability. Information from SMS and other FDIC-prepared reports is used to prioritize activities relating to SIFIs and to coordinate supervisory and resolution-related activities with the other banking agencies. The SRR identifies key vulnerabilities of systemically important firms, gauges the proximity M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 35 ANNUAL REPORT of these firms to a resolution event, and independently assesses the appropriateness of supervisory CAMELS ratings for the insured deposit institutions held by these firms. The FDIC also conducts semi-annual “Day of Risk” meetings to present, discuss, and prioritize the review of emerging risks. In some cases, these discussions can lead to shifts in supervisory focus or priorities. Back-up Supervision Activities for IDIs of Systemically Important Financial Institutions Risk monitoring is enhanced by the FDIC’s back-up supervision activities. In its back-up supervisory role, as outlined in Sections 8 and 10 of the FDI Act, the FDIC has expanded resources and has developed and implemented policies and procedures to guide back-up supervisory activities. These activities include performing analyses of industry conditions and trends, supporting insurance pricing, participating in supervisory activities with other regulatory agencies, and exercising examination and enforcement authorities when necessary. At institutions where the FDIC is not the primary federal regulator, FDIC staff work closely with other regulatory authorities to identify emerging risks and assess the overall risk profile of large and complex institutions. The FDIC has assigned dedicated staff to IDIs of G-SIBs and large FBOs and certain other large IDIs to enhance riskidentification capabilities and facilitate the communication of supervisory information. These individuals work with the staff of the FRB and OCC in monitoring risk at their assigned institutions. Through December 2019, FDIC staff participated in 117 targeted examination activities with the FRB or OCC in G-SIBS, large FBOs, and large regional banks. The reviews included, but were not limited to, engagement in the evaluation of corporate governance, BSA/AML compliance, credit risk, model risk management, market risk, interest rate risk, capital adequacy, asset management, and third party risk management. FDIC staff also participated in various interagency horizontal review activities, including the FRB’s Comprehensive Capital Analysis and Review, Comprehensive Liquidity Analysis and Review, as well as reviews of model risk management, risk appetite and risk limits, and cyber and operational resiliency. 36 Title II Orderly Liquidation Authority Under the Dodd-Frank Act, failed or failing financial companies are expected to file for reorganization or liquidation under the U.S. Bankruptcy Code, similar to what any failed or failing nonfinancial company would file. If resolution under the Bankruptcy Code would result in serious adverse effects to U.S. financial stability, Title II of the Dodd-Frank Act provides a back-up authority for resolving a company for which the bankruptcy process is not viable. There are strict parameters on the use of the Title II Orderly Liquidation Authority, however, and it can only be invoked under a statutorily prescribed recommendation and determination process, coupled with an expedited judicial review process. Resolution Strategy Development The FDIC has undertaken institution-specific strategic planning to carry out its orderly liquidation authorities with respect to the largest G-SIBs operating in the United States. The strategic plans and optionality being developed for these firms are informed by the Title I plan submissions. Further, the FDIC is updating its systemic resolution framework to incorporate enhanced firm capabilities established through the Title I planning process and other domestic and foreign resolution planning and policy developments. The FDIC continues to build out process documents to facilitate the implementation of a Title II resolution. In addition, work continues in the development of resolution strategies for financial market utilities, particularly central counterparties (CCPs). Cross-Border Efforts Cross-border cooperation and advance planning are critical components of resolution planning for G-SIBs due to the international nature of their services and their extensive operations overseas. In 2019, the FDIC continued its robust engagement with foreign authorities to deepen mutual understanding of the complex legal and operational issues related to cross-border resolution. This work is underpinned by an understanding that transparency and confidence in resolution planning will serve as a stabilizing force during times of stress. The FDIC continued to enhance cooperation on crossborder resolution through institution specific engagement as well as through bilateral and multilateral outreach, including through international forums such as the M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 Financial Stability Board’s Resolution Steering Group and its subgroups on banks, insurance, and financial market infrastructures. With regard to the FDIC’s institution specific engagement, the FDIC co-chaired cross-border crisis management groups (CMGs) of supervisors and resolution authorities for U.S. G-SIBs and participated as a host authority in CMGs for foreign G-SIBs. This year, as part of the CMG work for U.S. G-SIBs, FDIC and FRB staff launched a pilot workshop to provide additional background to host CMG members regarding the U.S. bankruptcy framework and resolution under Title II of the Dodd-Frank Act. These CMG efforts improve resolution preparedness by strengthening our working relationships with key authorities, providing a forum to share institution-specific concerns and plans for the resolution, and supporting information-sharing arrangements. The FDIC continued its bilateral and multilateral outreach through ongoing resolution-related dialogues with key foreign counterparts. In April 2019, the FDIC hosted senior officials representing resolution, regulatory, and supervisory authorities; central banks; and finance ministries from the U.S., U.K., and the European Banking Union for a planned exercise to enhance understanding of one another’s resolution regimes and strengthen coordination on cross-border resolution. This meeting built upon two prior trilateral exercises in 2014 and 2016 and continued staff work across the jurisdictions is on-going. The FDIC also participated in the joint U.S.-E.U. Financial Regulatory Forum meetings and the U.S.-U.K. Financial Regulatory Working Group meetings, discussing cross-border issues relevant to bank and CCP resolution and financial stability. The FDIC also progressed resolution planning for CCPs by working with domestic and international supervisors and resolution authorities to understand risks and to try to identify resolution options for U.S. CCPs, in addition to working within international groups on related issues. Systemic Resolution Advisory Committee The FDIC created the Systemic Resolution Advisory Committee (SRAC) in 2011 to receive advice and recommendations on a broad range of issues regarding the resolution of systemically important financial companies pursuant to the Dodd-Frank Act. Members of the SRAC have a wide range of experience, including managing complex firms, serving as bankruptcy judges, and working in the legal system, accounting field, and academia. The SRAC Charter was renewed in 2019. Planning continues for the next SRAC meeting, which is tentatively scheduled for the first quarter of 2020. DEPOSITOR AND CONSUMER PROTECTION A major component of the FDIC’s mission is to ensure that financial institutions treat consumers and depositors fairly, and operate in compliance with federal consumer protection, anti-discrimination, and community reinvestment laws. The FDIC also promotes economic inclusion to build and strengthen positive connections between insured financial institutions and consumers, depositors, small businesses, and communities. Promoting Economic Inclusion The FDIC is strongly committed to promoting access to a broad array of responsible and sustainable banking products to meet consumers’ financial needs. In support of this goal, the FDIC: ♦ Conducts research on unbanked and underbanked populations; ♦ Researches strategies, products, and services that banks can use to meet the needs of lower-income consumers; ♦ Supports partnerships to promote consumer access to and use of banking services; ♦ Advances financial education and literacy; and ♦ Facilitates partnerships to support community and small business development. Advisory Committee on Economic Inclusion The Advisory Committee on Economic Inclusion (ComE-IN) provides the FDIC with advice and recommendations on important initiatives to expand access to mainstream banking services to underserved populations. This includes reviewing basic retail financial services (e.g., low-cost, SAFE transaction accounts; M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 37 ANNUAL REPORT Appalachia Working Group members. affordable small-dollar loans; and savings accounts), as well as demand-side factors such as consumers’ perceptions of mainstream financial institutions. In October 2019, the ComE-IN held a meeting that included discussions of opportunities to engage underserved populations, an update on mortgage markets, and developments with the potential to expand access to consumer credit. FDIC National Survey of Unbanked and Underbanked Households and Related Research https://economicinclusion.gov, that features survey results and data, and provides users with the ability to generate custom tabulations and access a wide range of preformatted information, including new five-year estimates that provide additional granularity for state and local results. Public Awareness of Deposit Insurance Coverage As part of its ongoing commitment to expanding economic inclusion in the United States, the FDIC works to fill the research and data gap regarding household participation in mainstream banking and the use of nonbank financial services. In addition, Section 7 of the Federal Deposit Insurance Reform Conforming Amendments Act of 2005 mandates that the FDIC regularly report on underserved populations and bank efforts to bring individuals and families into the mainstream banking system. In response, the FDIC regularly conducts and reports on surveys of households and banks to inform the public and enhance the understanding of financial institutions, policymakers, regulators, researchers, academics, and others. An important part of the FDIC’s deposit insurance mission is to ensure that bankers and consumers have access to accurate information about the FDIC’s rules for deposit insurance coverage. The FDIC has an extensive deposit insurance education outreach program consisting of seminars for bankers, a web-based calculator for estimating deposit insurance coverage as well as written and other web-based resources targeted to both bankers and consumers. For example, bankers and consumers can use the FDIC’s BankFind tool to verify whether a website is operated by a legitimate FDIC-member bank. Through December 31, 2019, the FDIC identified and took appropriate action on more than 65 websites, some of which included the Member FDIC logo but were not operated by FDIC-member banks. In 2019, the FDIC finalized and administered the 2019 FDIC National Survey of Unbanked and Underbanked Households. This version of the survey includes revisions intended to improve data quality by streamlining the survey instrument and provide additional insights into the experiences of unbanked and underbanked consumers. The FDIC continued to maintain a dedicated website at During 2019, the FDIC continued its efforts to educate bankers and consumers about the rules and requirements for FDIC insurance coverage. For example, as of December 31, 2019, the FDIC conducted four telephone seminars for bankers on deposit insurance coverage, reaching an estimated 4,725 bankers participating at 38 M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 approximately 1,350 bank sites throughout the country. The FDIC also features deposit insurance training videos that are available on the FDIC’s website and YouTube channel. Additionally, the FDIC operated the Electronic Deposit Insurance Estimator (EDIE), which had 751,418 user sessions in 2019. As of December 31, 2019, the FDIC Call Center received 99,835 telephone calls, of which 25,365 were identified as deposit insurance-related inquiries. In addition to telephone inquiries about deposit insurance coverage, the FDIC received 1,524 written inquiries from consumers and bankers. Of these inquiries, 99 percent received responses within two weeks, as required by corporate policy. Rulemaking and Guidance Loans in Areas Having Special Flood Hazards In February 2019, the FDIC, OCC, FRB, NCUA, and FCA issued a final private flood insurance rule to amend regulations regarding Loans in Areas Having Special Flood Hazards pursuant to the Biggert-Waters Flood Insurance Reform Act (the B-W Act).4 The final rule requires regulated lending institutions to accept a private flood insurance policy that meets both 1) the statutory definition of “private flood insurance,” and 2) the mandatory purchase requirement. The final rule includes a streamlined compliance aid provision to assist regulated lending institutions with evaluating policies. In addition, the final rule provides that institutions may accept private flood insurance policies that do not meet the B-W Act’s criteria for mandatory acceptance, provided certain conditions are met, including that the policy (1) provides coverage in the amount required by the flood insurance purchase requirement, (2) is issued by an insurer that is licensed, admitted, or not disapproved by a state insurance regulator, (3) covers both lenders and borrowers as loss payees, and (4) provides sufficient protection of the loan consistent with general safety and soundness principles, which is documented in writing. Furthermore, the final rule allows lending institutions to accept certain flood coverages provided by mutual aid societies as long as certain conditions are met, including a determination by an institution’s primary supervisory 4 agency that such policies meet the requirement for flood insurance for purposes of federal flood insurance legislation. Home Mortgage Disclosure Act In April 2019, the FDIC and other FFIEC members issued a revised version of A Guide to HMDA Reporting: Getting It Right. The 2019 edition applies to 2019 HMDA data reported in 2020 and includes a summary of the EGRRCPA amendments to HMDA and the 2018 HMDA rule. The guide was designed to help financial institutions better understand the HMDA requirements, including data collection and reporting provisions. Consumer Compliance Supervisory Highlights The inaugural issue of the FDIC Consumer Compliance Supervisory Highlights was released in June 2019. The purpose of this publication is to enhance transparency regarding the FDIC’s consumer compliance supervisory activities. The publication includes a high-level overview of consumer compliance issues identified during 2018 through the FDIC’s supervision of state non-member banks and thrifts. Additionally, this issue features articles of interest to examiners, bankers, and supervisors. It provides examples that may be useful in mitigating risks and serves as a resource for supervised institutions to help stay up-to-date on issues identified during examinations. Transparency and Accountability Report The first annual Transparency and Accountability Report was published in spring 2019. This report highlights the public outreach activities of the Consumer Response Center and Deposit Insurance section. It details consumer contacts about deposit insurance coverage and account-titling specifics. It also references summary data on the various consumer contacts about operating financial institutions under FDIC jurisdiction. The report focuses on the public interactions along with providing educational insight to the public. Additionally, metrics on requests from the public for FDIC assistance are updated and published monthly on the FDIC’s Transparency and Accountability webpage (https://www.fdic.gov/transparency/consumers.html). Included on the webpage is the volume of public inquiries and the timeliness in responding to those requests. 84 FR 4953 (Feb. 20, 2019). M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 39 ANNUAL REPORT Updated Examination Procedures Updated examination procedures were communicated through revisions to the FDIC Consumer Compliance Examination Manual that is publicly available on the FDIC’s website, including procedures on: ♦ Interagency Home Mortgage Disclosure Act Examination Procedures: These procedures incorporate amendments to HMDA made by the EGRRCPA, the 2018 HMDA rule, and amendments to Regulation C made by CFPB’s final rules issued in 2015 and 2017. The procedures also incorporate the FFIEC HMDA Examiner Transaction Testing Guidelines. ♦ Loans in Areas Having Special Flood Hazards: These procedures reflect statutory and regulatory amendments made by the B-W Act and the agency’s final rule on private flood insurance, including provisions pertaining to the mandatory and discretionary acceptance of private flood insurance by financial institutions, and the qualification and acceptance of mutual aid society plans in satisfaction of the flood insurance purchase requirement. ♦ Protecting Tenants at Foreclosure Act: These procedures address the permanent reinstatement of the Protecting Tenants at Foreclosure Act (PTFA) due to the enactment of the EGRRCPA. Examiners will use the procedures in assessing the quality of an institution’s compliance management system regarding the PTFA, including notice requirements and the timing of eviction. ♦ Fair Lending Scope and Conclusions Memorandum: Sections and questions of the memorandum were revised to reflect changes to pre-examination interview questions and information requests made during the examination planning process. ♦ Consumer Compliance Examinations and ThirdParty Risk: These sections were updated to add information on the Interagency Statement Clarifying the Role of Guidance and make minor conforming technical changes. ♦ Truth in Lending Act and Electronic Fund Transfer Act: These chapters were updated to incorporate the CFPB’s amendments to Regulation E and Regulation Z related to Prepaid Accounts, effective April 1, 2019. Subsequently, the FDIC adopted the revised interagency examination procedures to incorporate these amendments. 40 Community and Small Business Development and Affordable Mortgage Lending As of December 31, 2019, the FDIC engaged with banks and community organizations through more than 230 outreach events. These events increased shared knowledge and supported collaboration between financial institutions and other community, housing, and small business development resources. The FDIC’s work emphasized sharing information to support bank efforts to prudently provide affordable mortgages, small business credit, and access to SAFE accounts and financial education. As part of this effort, the FDIC launched the Affordable Mortgage Lending Center in 2016, a website (https://www.fdic.gov/ consumers/community/mortgagelending) that houses various resources, including the Affordable Mortgage Lending Guide, a three-part guide designed to help community banks identify affordable mortgage products. The Affordable Mortgage Lending Center had more than 19,497 subscribers as of December 31, 2019. Materials from the center have been downloaded more than 15,600 times, and the site has had more than 82,000 page views since its inception. In addition, the FDIC sponsored sessions with the FRB and OCC covering basic and advanced CRA training for banks. The agencies also offered basic CRA training for community-based organizations as well as seminars on establishing effective bank and community collaborations. The FDIC also focused on encouraging community development initiatives in rural communities. This work included workshops to highlight housing needs and programs, economic development programs, and community development financial institution collaborations, such as those serving Native American communities. The FDIC Community Affairs Branch and SBA Office of Entrepreneurial Development signed a MOU in April 2019 to continue efforts focused on small business. As of December 31, 2019, the FDIC sponsored 69 small business events and activities with more than 1,500 attendees. Advancing Financial Education Effective financial education helps people gain the skills and confidence necessary to establish and sustain a banking relationship, achieve financial goals, and improve M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 financial well-being. Through Money Smart, the FDIC offers non-copyrighted, high-quality, free financial education resources for banks, community organizations, and other stakeholders to train people of all ages and small businesses. First launched in 2001 as an instructorled curriculum for adults, it now features materials to train people of all ages. Regular updates ensure that Money Smart benefits from user feedback and current instructional best practices. The FDIC helps organizations effectively use the curriculum, including through the Money Smart Alliance, which facilitates quarterly webinars for the more than 1,400 member organizations. Youth Financial Education The FDIC released an enhanced Money Smart for Young People curriculum in December 2019, providing updated tools to engage educators, parents, and young people in the financial education process. The curriculum now benefits from insights that we received from 26 educators who taught 83 sessions using Money Smart for Young People as part of a special project in 2018. In addition, as part of our ongoing collaboration with the CFPB, the curriculum helps educators identify opportunities to use some of the CFPB’s Building Blocks Activities, which the CFPB developed through research to help promote lifelong learning and financial skills development. Money Smart for Older Adults The CFPB and the FDIC also released an updated Spanish-language version of the Money Smart for Older Adults curriculum. Its goal is to help prevent elder financial exploitation by raising awareness of fraud and scams among older adults and their caregivers. Money Smart for Older Adults also encourages advance planning and informed financial decision-making. The updates provide new information and resources to help older adults and their caregivers recognize and prevent fraud, scams, and other types of financial exploitation. More than one million copies of the curriculum have been ordered in English or Spanish since its original release in 2013. Recognizing the impact of Money Smart for Older Adults, the American Society on Aging honored the curriculum with the 2019 Gloria Cavanaugh Award for Excellence in Training and Education. The award is presented to an individual or program that has demonstrated continued excellence in training and education in the field of aging. One non-profit in Texas that regularly uses Money Smart for Older Adults provided feedback from dozens of participants who offered comments such as, “[t] his course was a lifesaver for me,” “[n]o other place that I know of to get all this information,” “the information helped to initiate conversations with friends who may be unaware of steps to take care for themselves,” and “the information opened my eyes to things I was not aware of.” Money Smart for Adults The FDIC expanded the reach of the updated Money Smart for Adults, which was released in late 2018, through several enhancements in response to requests by users. Updated curricula were released in Chinese, Korean, Spanish, and Vietnamese. The Financial Industry Regulatory Authority (FINRA) also reviewed the curriculum and confirmed its consistency with FINRA standards, a step pursued in response to feedback to make it easier for FINRA-regulated entities to conduct educational workshops with the curriculum. A self-paced online learning game, “How Money Smart Are You?” is set for release in 2020. Using a gameshow format, the new product will allow people to build their financial skills and knowledge at their own pace, with an option to receive certificates of completion. The website for the new game will also include a financial glossary, frequently asked questions, and fillable tools to augment financial knowledge. Insights from users in targeted audiences of adults with low- to moderate-incomes have helped improve the product, as field testing of draft games was conducted in Phoenix, Arizona; Atlanta, Georgia; Bethesda, Maryland; Columbus, Ohio; and at the World Institute on Disability in Berkeley, California. Money Smart for Small Business Money Smart for Small Business is a product developed jointly by the FDIC and the SBA. For several months, the SBA and FDIC worked with other federal agencies; entrepreneurs; and small business training, counseling, and lending organizations, including financial institutions, to update the Banking Services and Credit Building modules. The purpose of the revision was to address important information gaps identified by entrepreneurs and organizations serving small businesses and to provide practical tools to enhance the learning experience, such as the addition of a case study, checklists, a more attractive graphic design, and other useful features. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 41 ANNUAL REPORT Money Smart Outreach During 2019, more than 4,000 prospective trainers were trained on how to use Money Smart, including representatives of banks, Volunteer Income Tax Assistance program sites, nonprofit program managers, and others. For example, the FDIC collaborated with a national bank to deliver two Money Smart webinar training sessions for more than 300 bank employees on Money Smart for Adults so that they can effectively use it throughout the communities they serve. The FDIC leads the Money Smart Alliance to scale promising practices through periodic webinars and facilitate collaboration between members. More than 327 organizations joined the Alliance during 2019, bringing the total number of members to 1,409. One example of how Alliance members use Money Smart includes the University of Wyoming Extension’s use of Money Smart for Adults with its Master Money Manager Coach initiative to help financially at-risk individuals improve their financial situation across Wyoming. Another example involves a community bank in Pennsylvania collaborating with a non-profit organization to provide Money Smart for Adults training to non-violent offenders finishing jail sentences. This program offers to connect the participants with appropriate basic banking services, which assists with their reintegration into society. The FDIC also builds the capacity of organizations to use Money Smart through Money Smart News, a publication for financial educators to provide updates and ideas for implementation. For example, the publication highlighted Bank On South Alabama, a group of financial institutions, community groups, and government entities that promotes greater bank account access. Partnering financial institutions and their employees volunteer to help nonprofits bring the Money Smart program to their clients in shelters, substance abuse centers, and other locations. As an example, once a week for five weeks, bankers taught Money Smart to students participating in a summer youth program. These sessions helped people who might not otherwise have had an opportunity to engage with a bank to learn about finances and how to open a bank account. Another Money Smart News article highlighted one bank’s advice for other trainers based on its experience having conducted 1,000 Money Smart workshops during the previous year. 42 Money Smart News also highlighted the 75 banks in the Youth Banking Network that continued to share ideas and approaches on how to better connect financial education to savings accounts for school-aged children. This diverse set of banks includes those with assets just over $50 million to those with assets over $350 billion, with a mix of banks operating in rural, suburban, and urban areas. The banks are at various stages, ranging from those building an internal business case for pursuing youth savings collaboration to banks with well-established programs that are seeking to expand them in scope or quality. One bank in the Network shared that its financial education efforts have resulted in about $130 million of new deposits for the bank from adults and youth. FDIC staff encourage financial education to be used as a tool for other work. For example, the FDIC and the CFPB cohosted the “Building Collaboration between Financial Institutions and Law Enforcement to Prevent and Address Elder Financial Abuse” webinar on July 25, 2019, drawing more than 4,300 registrations. During the presentation, Money Smart for Older Adults was promoted as a tool to foster local collaboration and education, and feedback after the session from banks confirmed examples of its use. Moreover, the FDIC participated in a Twitter event hosted by the Federal Emergency Management Agency (FEMA) during Financial Capability Month. The chat had more than 36 million potential impressions. Furthermore, the Money Smart website was also redesigned to improve the user experience, including new videos. The Money Smart related webpages had more than 250,000 views during the year. In addition to Money Smart, the FDIC’s Consumer News is a monthly, digital educational publication that provides practical guidance on how to become a smarter and safer user of financial services. There were 13 issues published online in 2019, including an extra, special edition issue in February for America Saves Week. The FDIC is also adding Consumer Resource Guides, which are plain language educational materials to explain how banking regulations impact consumers. Consumers can also take advantage of the FDIC Information and Support Center’s searchable Knowledge Center at https://ask.fdic.gov/ fdicinformationandsupportcenter/s/public-information, where they can search for topics of interest and recent news stories. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 Partnerships for Access to Mainstream Banking The FDIC supported community development and economic inclusion partnerships at the local level by providing technical assistance and information resources throughout the country, with a focus on unbanked and underbanked households and low- and moderateincome communities. Community Affairs staff support economic inclusion through work with the Alliances for Economic Inclusion (AEI), Bank On initiatives, and other coalitions originated by local and state governments, and in collaboration with federal partners and many local and national non-profit organizations. The FDIC also partners with other financial regulatory agencies to provide information and technical assistance on community development to banks and community leaders across the country. In the 12 AEI communities and in other areas, the FDIC helped working groups of bankers and community leaders develop responses to the financial capability and services needs in their communities. To integrate financial capability into community services more effectively, the FDIC supported seminars and training sessions for community service providers and assetbuilding organizations, workshops for financial coaches and counselors, promotion of savings opportunities for low- and moderate-income people and communities, initiatives to expand access to savings accounts for all ages, outreach to bring larger numbers of people to expanded tax preparation assistance sites, and education for business owners to help them become bankable. The FDIC conducted three forums in Spanish in Los Angeles and San Jose, California and Reno, Nevada to inform and educate banks, and identify local stakeholders to support community efforts to improve financial resiliency of the Spanish-speaking community. Additionally, the FDIC provided how-to guidance in establishing an in-school bank branch at a Native American Asset Building Conference in Niagara Falls, New York. The FDIC supports coalitions working on access and use of SAFE and affordable accounts nationwide. In 2019, Community Affairs staff provided technical assistance to 35 Bank On coalitions to promote banking access. Specifically, the FDIC convened 20 outreach events engaging 515 representatives from banks, local governments, and community organizations to help them understand opportunities and to advance strategies to expand access to SAFE and affordable deposit accounts and engage unbanked and underbanked consumers. As of December 31, 2019, the FDIC hosted more than 54 events that provided opportunities for partners to collaborate on increasing access to bank accounts and credit services, opportunities to build savings and improve credit histories, and initiatives to significantly strengthen the financial capability of community service providers that directly serve consumers with low or moderate incomes and small businesses. Consumer Complaints and Inquiries The FDIC helps consumers by receiving, investigating, and responding to consumer complaints about FDICsupervised institutions and answering inquiries about banking laws and regulations, FDIC operations, and other related topics. In addition, the FDIC provides analytical reports and information on complaint data for internal and external use, and conducts outreach activities to educate consumers. The FDIC recognizes that consumer complaints and inquiries play an important role in the development of strong public and supervisory policy. Assessing and resolving these matters helps the agency identify trends or problems affecting consumer rights, understand the public perception of consumer protection issues, formulate policy that aids consumers, and foster confidence in the banking system by educating consumers about the protection they receive under certain consumer protection laws and regulations. Consumer Complaints by Topic and Issue The FDIC receives complaints and inquiries by telephone, fax, U.S. mail, e-mail, and online through the FDIC’s website. In 2019, the FDIC handled 18,401 written and telephonic complaints and inquiries. Of the 12,943 involving written correspondence, 5,253 were referred to other agencies and 7,690 were handled by the FDIC. The FDIC responded to 99 percent of written complaints within time frames established by corporate policy, and acknowledged 100 percent of all consumer complaints and inquiries within 14 days. As part of the complaint M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 43 ANNUAL REPORT and inquiry handling process, the FDIC works with the other federal financial regulatory agencies to ensure that complaints and inquiries are forwarded to the appropriate agencies for response. The FDIC carefully analyzes the topics and issues involved in complaints about FDICsupervised institutions. The number of complaints received about a specific bank topic and issue can serve as a red flag to prompt further review of practices that may raise consumer protection or supervisory concerns. In 2019, the four most frequently identified topics in consumer complaints and inquiries about FDICsupervised institutions concerned checking accounts (24 percent), consumer/business credit cards (17 percent), consumer lines of credit/installment loans (14 percent), and residential real estate (9 percent). Issues most commonly cited in correspondence about checking accounts were concerns for refusing to provide service, the error resolution process for disputes, and account discrepancies or transaction errors. Consumer correspondence about credit cards most often raised issues regarding reporting of account information, billing disputes, and fees. Consumer loan complaints and inquiries most frequently described issues with reporting of account information, collection practices, and billing disputes. Correspondence regarding residential real estate related to disclosures, inaccurate appraisal reports, and foreclosure and modification issues. The FDIC also investigated 51 Fair Lending complaints alleging discrimination during 2019. The number of discrimination complaints investigated has fluctuated over the past several years but averaged approximately 69 complaints per year between 2014 and 2019. Over this period, 48 percent of the issues identified in complaints investigated alleged discrimination based on the race, color, national origin, or ethnicity of the applicant or borrower; 14 percent involved the sex of the applicant or borrower; 13 percent related to discrimination allegations based on age; and 7 percent concerned handicap. Consumer refunds generally involve the financial institution offering a voluntary credit to the consumer’s account, often as a direct result of complaint investigations and identification of a banking error or violation of law. Through December 2019, consumers received more than $412,426 in refunds from financial institutions as a result of the assistance provided by the FDIC’s Consumer Response Center. 44 FAILURE RESOLUTION AND RECEIVERSHIP MANAGEMENT The FDIC has the unique mission of protecting depositors of insured banks and savings associations. No depositor has ever experienced a loss on the insured amount of his or her deposits in an FDIC-insured institution due to a failure. When an institution closes, its chartering authority—the state for state-chartered institutions and the OCC for national banks and federal savings associations—typically appoints the FDIC as receiver, responsible for resolving the failed institution. The FDIC employs a variety of strategies and business practices to resolve a failed institution. These strategies and practices are typically associated with either the resolution process or the receivership process. Depending on the characteristics of the institution, the FDIC may utilize several of these methods to ensure the prompt and smooth payment of deposit insurance to insured depositors, to minimize the impact on the DIF, and to speed dividend payments to uninsured depositors and other creditors of the failed institution. The resolution process involves evaluating and marketing a failing institution, soliciting and accepting bids for the sale of the institution, determining which bid (if any) is least costly to the DIF, and working with the acquiring institution through the closing process. To minimize disruption to the local community, the resolution process must be performed as quickly and efficiently as possible. The FDIC uses two basic resolution methods: purchase and assumption transactions and deposit payoffs. The purchase and assumption (P&A) transaction is the most commonly used resolution method. Typically, in a P&A transaction, a healthy institution purchases certain assets and assumes certain liabilities of the failed institution, including the option of acquiring either all deposits or only the insured portion. Because each failing bank situation is different, P&A transactions provide flexibility to structure resolution transactions that result in obtaining the highest value for the failed institution. For example, a P&A transaction could include a sharedloss feature, in which the FDIC as receiver agrees to share losses on certain assets with the acquirer for a specified period of time (e.g., five to 10 years). The FDIC used shared-loss P&A transactions extensively during periods M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 of economic distress, when asset values became highly uncertain. Shared-loss P&A transactions have not been offered since 2013; however, the FDIC continues to monitor agreements that remain in place. At year-end 2019, there were 59 receiverships with active shared-loss agreements. Total assets covered by shared-loss agreements were reduced by $5.4 billion to $4.2 billion. Financial Institution Failures During 2019, there were four institution failures, compared to no failures in 2018. In all four transactions, the FDIC successfully contacted all known, qualified, and interested bidders to market these institutions, and all depositors had access to insured funds within one business day. As a result of the FDIC’s marketing and collection efforts, the book value of assets in inventory decreased by $654 million (56 percent) in 2019. Total assets in liquidation have not been lower than $1 billion since April 2008. The following chart shows the beginning and ending balances of these assets by asset type. ASSETS-IN-LIQUIDATION INVENTORY BY ASSET TYPE Dollars in Millions Asset Type 12/31/19 12/31/18 12/31/17 $10 $50 $160 Consumer Loans 0 0 8 Commercial Loans 1 34 50 Securities Further, there were no losses on insured deposits, and no appropriated funds were required to pay insured deposits. Real Estate Mortgages 19 67 139 Other Assets/Judgments 44 151 260 The following chart provides a comparison of failure activity over the past three years. Owned Assets 3 3 47 31 19 157 416 854 1,449 $524 $1,178 $2,271 Net Investments in Subsidiaries FAILURE ACTIVITY Dollars in Billions 2019 2018 2017 4 0 8 Total Assets of Failed Institutions* $0.2 $0.0 $5.1 Total Deposits of Failed Institutions* $0.2 $0.0 $4.7 $0.03 $0.0 $1.2 Total Institutions Estimated Loss to the DIF *Total assets and total deposits data are based on the last quarterly report filed by the institution prior to failure. Asset Management and Sales As part of its resolution process, the FDIC tries to sell as many assets as possible to an assuming institution. Assets that are retained by the receivership are promptly valued and liquidated in order to maximize the return to the receivership estate. During 2019, for 95 percent of failed institutions, at least 90 percent of the book value of marketable assets was marketed for sale within 90 days of an institution’s failure for cash sales, and within 120 days for structured sales. Cash sales of all assets for 2019 totaled $482 million in book value. Structured and Securitized Assets TOTAL Receivership Management Activities The FDIC, as receiver, manages failed insured depository institutions and oversees their subsidiaries with the goal of expeditiously winding up their affairs. The oversight and prompt termination of receiverships help to preserve value for the uninsured depositors and other creditors by reducing overhead and other holding costs. Assets remaining after resolution are liquidated by the FDIC in an orderly manner, and the proceeds are used to pay receivership claimants, including depositors whose accounts exceeded the insurance limit. During 2019, receiverships paid dividends of $1.2 million to depositors whose accounts exceeded the insurance limit. Once the assets of a failed institution have been sold and its liabilities extinguished, the final distribution of any proceeds is made, and the FDIC terminates the receivership. In 2019, the total number of active receiverships under management decreased by 28 (10 percent) to 248. Further, the FDIC terminated more than 75 percent of new receiverships within three years of the date of failure. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 45 ANNUAL REPORT The following chart shows overall receivership activity for the FDIC in 2019. RECEIVERSHIP ACTIVITY Active Receiverships as of 12/31/18 New Receiverships 272 Receiverships Terminated Active Receiverships as of 12/31/19 28 4 248 Professional Liability and Financial Crimes Recoveries The FDIC investigates bank failures to identify potential claims against directors, officers, securities underwriters and issuers, fidelity bond insurance carriers, appraisers, attorneys, accountants, mortgage loan brokers, title insurance companies, and other professionals who may have caused losses to insured depository institutions and FDIC receiverships. The FDIC will pursue meritorious claims that are expected to be cost-effective. During 2019, the FDIC recovered $626.4 million from professional liability claims and settlements. The FDIC authorized one professional liability lawsuit during 2019. As of December 31, 2019, the FDIC’s caseload included 11 professional liability lawsuits (down from 21 at year-end 2018), eight residential mortgage malpractice and fraud lawsuits (down from nine), and open investigations in 51 claim areas out of nine institutions. The FDIC completed investigations and made decisions on 91 percent of the investigations related to failures that reached the 18-month point after the institution’s failure date in 2019, thereby exceeding its annual performance target. As part of the sentencing process, for those convicted of criminal wrongdoing against an insured institution that later failed, a court may order a defendant to pay restitution or to forfeit funds or property to the receivership. The FDIC, working with the U.S. Department of Justice in connection with criminal restitution and forfeiture orders issued by federal courts and independently in connection with restitution orders issued by the state courts, collected $9.96 million in 2019. As of December 31, 2019, there were 2,187 active restitution and forfeiture orders (decreased from 2,346 at year-end 2018). This includes 56 orders held by the Federal Savings and Loan Insurance Corporation (FSLIC) 46 Resolution Fund (i.e., orders arising out of failed financial institutions that were in receivership or conservatorship by the FSLIC or the Resolution Trust Corporation). INFORMATION TECHNOLOGY Information technology (IT) is an essential component in virtually all FDIC business processes. This integration with the business provides opportunities for efficiencies but also requires an awareness of potential risks. In 2019, the Chief Information Officer Organization (CIOO) focused its efforts on managing information security risk, strengthening infrastructure resiliency, and modernizing FDIC applications and systems to support the FDIC’s business processes and key stakeholders. Managing Information Security Risk The FDIC’s information security program is integral to the agency’s ability to carry out its mission of maintaining stability and public confidence in the nation’s financial system. The FDIC continues to strengthen its information security functions in accordance with the Federal Information Security Modernization Act of 2014 (FISMA) and in alignment with the standards and guidance provided by the National Institute of Standards and Technology (NIST). For example, in 2019 the FDIC: ♦ Continued progress towards optimizing the Security Operations Center (SOC) including implementation of new capabilities to monitor and analyze network traffic and cloud usage for indications of information security risk; ♦ Implemented a Privacy Continuous Monitoring (PCM) strategy, which strengthens privacy controls and facilitates ongoing privacy reviews to ensure personally identifiable information (PII) is effectively managed and protected; ♦ Enhanced monitoring capabilities over platforms supporting core business functions consistent with leading risk management practices for information security; ♦ Updated and published 34 System of Record Notices (SORNs) in the Federal Register and implemented delegation of SORN publication authority to align with federal guidance; and M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 ♦ Introduced new policies and procedures for patching, risk assessments, remediation plans, and firewall and network security to further strengthen information security and privacy risk management. Information Security continues to be a top management priority at the FDIC. Strengthening Infrastructure Resiliency The FDIC must be able to provide and maintain an acceptable level of service in the face of threats and challenges to normal computer and network operations. Threats and challenges for services can range from simple misconfigurations to unforeseen large-scale natural disasters or targeted attacks. The FDIC works to ensure that its infrastructure can anticipate, absorb, adapt to, and/ or rapidly recover from a potentially disruptive event. To continue to support a resilient and effective infrastructure, in 2019, the FDIC executed a comprehensive initiative to expand and enhance its existing disaster recovery and business continuity capabilities. The FDIC’s efforts were particularly focused on ensuring that designated IT systems and applications that support mission-essential functions could be recovered within targeted timeframes. As part of this multi-year project, the FDIC completed the migration of key IT systems and applications to a new and larger backup data center (BDC). This effort strengthens resiliency by extending geographic proximity of the FDIC’s BDC from its primary data center. The new facility introduced new security capabilities including enterprise logging and expanded data loss prevention. Additional enhancements include rapid restoration (failover) of mission-critical business applications. Automated foundational restoration processes minimize manual intervention, and equipment is maintained in a higher availability mode to enable faster restoration. As a result, the FDIC is better positioned to preempt and rapidly recover from an outage or threat. The CIOO completed a test of failover functionality in October 2019 that identified lessons that will continue to strengthen the BDC. The FDIC also implemented a Resiliency and Performance Improvement Project to improve resiliency and performance of its IT infrastructure. The project allows faster restoration of network services and is part of the series of controls in place to support effective disaster recovery. Modernizing IT and Enhancing Data Governance The FDIC is committed to promoting efficient operations, treating data as a strategic asset, and providing IT resources that support its workforce and improve the FDIC’s engagement with regulated institutions. To meet these key needs, in 2019 the FDIC: ♦ Developed and began implementing a comprehensive integrated five-year IT Modernization Plan to support several business drivers including Bank Supervision Modernization, Financial Crisis Preparedness, and the treatment of data as a corporate resource. The IT Modernization Plan supports a cost-effective, agile technology environment that fosters business innovation and efficiencies. ♦ Completed an Enterprise Architecture Target statement that outlines the basis for developing the FDIC’s future IT environment in order to guide IT decision-making and support the FDIC in executing its mission. ♦ Launched a Cloud Technology Migration Modernization project and migrated applications for two of the Corporation’s Divisions (Division of Resolutions and Receiverships and the Division of Insurance and Research). ♦ Launched an Enterprise Data Governance Initiative to provide strategic direction on the FDIC’s data strategy, where trusted data are easily used and securely shared to support the FDIC’s mission. ♦ Created a new Chief Data Officer position to provide strategic leadership to the FDIC’s data strategy. DIVERSITY AND INCLUSION Consistent with the provisions of the Dodd-Frank Act, the FDIC maintains its commitment to provide diversity and inclusion in employment opportunities and all business areas of the FDIC. The Office of Minority and Women Inclusion (OMWI) supports the FDIC’s mission through outreach efforts to ensure the fair inclusion and utilization of minority- and women-owned businesses (MWOBs), law firms (MWOLFs), and investors in contracting and investment opportunities. OMWI is also responsible for assessing the diversity policies and practices of FDICregulated financial institutions. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 47 ANNUAL REPORT The FDIC Diversity and Inclusion (D&I) Strategic Plan is evaluated and updated regularly and delineates strategies to promote workforce and workplace inclusion and sustainability of diversity and inclusion efforts. The D&I Executive Advisory Council (EAC) oversees the plan’s implementation and promotes the coordination and awareness of diversity and inclusion initiatives as an FDIC priority. Additionally, employees provide input on these efforts by serving on the regional and headquarters Chairman’s Diversity Advisory Councils or joining one of the nine Employee Resource Groups. Minority- and Women-Owned Business Outreach OMWI’s outreach efforts also ensure the fair inclusion and utilization of MWOBs, MWOLFs, and investors in contracting and investment opportunities. In 2019, the FDIC awarded 152 (29.3 percent) contracts to MWOBs out of a total of 518 issued. The FDIC awarded contracts with a combined value of $554.0 million in 2019, of which 31.3 percent ($173.5 million) were awarded to MWOBs, compared to 24.5 percent for all of 2018. The FDIC paid $98.3 million of its total contract payments (21.1 percent) to MWOBs, under 287 MWOB contracts. In 2019, the FDIC participated in a total of 18 business expos, one-on-one matchmaking sessions, and panel presentations. At these events, FDIC staff provided information and responded to inquiries regarding FDIC business opportunities for minorities and women. In addition to targeting MWOBs, these efforts also targeted veteran-owned and small disadvantaged businesses. Vendors were provided with the FDIC’s general contracting procedures, prime contractors’ contact information, and forecasts of possible upcoming solicitations. Also, vendors were encouraged to register through the FDIC’s Contractor Resource List (the principal database for vendors interested in doing business with the FDIC). On December 5, 2019, the FDIC and the other OMWI agencies partnered with the Minority Business Development Agency and the Northern Virginia Procurement Technical Assistance Center to host the “Connections That Count” technical assistance event in Arlington, Virginia. Technical assistance events are designed to provide information, resources, and tools to MWOBs in order to build and expand their federal 48 contracting opportunities. It is also a forum for MWOBs to network with representatives from various sources of business assistance, as well as OMWI representatives. In addition, the sponsoring agencies and various procurement trade organizations exhibited at the event. Minority- and Women-Owned Law Firm Outreach The Legal Division’s legal contracting program endeavors to maximize the participation of both minority- and women-owned law firms (MWOLFs), minority and women partners, and associates employed at majority owned firms (Diverse Attorneys). This approach is consistent with Section 342 of the Dodd-Frank Act that encourages diversity and inclusion at all levels. For both MWOLFs and Diverse Attorneys, FDIC legal matters provide important learning and professional client development opportunities that can be quite meaningful to career advancement. For 2019, the Legal Division had an aggregate 34.0 percent diversity and inclusion participation rate in legal contracting as set forth below. The FDIC made 20 referrals to MWOLFs, which accounted for 32.2 percent of all legal referrals. Total payments to MWOLFs were $3.4 million in 2019, which is 10.7 percent of all payments to outside counsel, compared to 7.7 percent for all of 2018. In 2019, Diverse Attorneys earned $7.4 million in legal fees, which is 23.3 percent of all payments to outside counsel. Taken together, FDIC paid $10.8 million to MWOLF firms and Diverse Attorneys out of a total of $31.7 million dollars spent on outside counsel services in 2019. This number represents 34.0 percent of total outside counsel fees, which is a significant increase from 2018, in which there was a 27.5 percent aggregate participation rate, despite the steep decline in overall outside counsel spending. The keystone of the Legal Division diversity and inclusion outreach is the FDIC’s partnerships with minority bar associations and specialized stakeholder organizations. In 2019, the FDIC Legal Division participated in seven minority bar association conferences and three stakeholder events in support of maximizing the participation of MWOLFs and Diverse Attorneys in FDIC legal contracting. The Legal Division divided its stakeholder event participation into events concentrating on outreach to MWOLF firms and focusing on outreach to Diverse Attorneys who work at majority owned law firms. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 In 2019, National Association of Minority and Women Owned Law Firms again formally recognized the FDIC in a press release as a principal member of, and major contributor to, its Inclusion Initiative, a collaborative program among law departments of major corporations designed to increase the participation of MWOLF firms in legal contracting. The FDIC participates in the Inclusion Initiative along with major corporations. FRB, CFPB, NCUA, SEC, and the Department of the Treasury to further implement Section 342(b)(2)(C) of the Dodd-Frank Act, which required the agencies to develop standards to assess the diversity policies and practices of the entities they regulate. After publishing Joint Standards in 2015, the FDIC developed a diversity self-assessment instrument to assist FDIC-regulated financial institutions in systematically assessing their diversity programs. The Legal Division understands the value of integrating FDIC in-house counsel in its legal contracting diversity and inclusion. Also in 2019, the Legal Division presented a Legal Contracting Diversity and Inclusion Workshop for the closed bank oversight attorneys at the Dallas Regional Office. These attorneys are responsible for assigning work to outside counsel. The program included a review of the prior year’s legal contracting statistics, planned projects, question and answers, and the solicitation of ideas from the attorneys for improving the selection and retention of outside counsel. The FDIC began collecting voluntary self-assessments from its regulated financial institutions in 2017. The FDIC received 95 of 805 (11.8 percent) self-assessments in 2017 for the 2016 reporting period. In 2018, the FDIC received 137 of 820 (16.7 percent) self-assessments from its regulated institutions for the 2017 reporting period. In 2019, the FDIC received 133 of 784 (17 percent) selfassessments from its regulated institutions for the 2018 reporting period. OMWI analyzed the self-assessment responses for the 2016 – 2018 reporting periods and posted this analysis on its internal and external websites. Pursuant to Section 342 of the Dodd-Frank Act, which requires an assessment of legal contractors’ internal workforce diversity practices, the Legal Division conducted 12 compliance reviews of the top-billing law firms (both non-minority-owned and MWOLFs). The reviews included questions that focused on associate and partner recruitment, retention rates of minority and women associates and partners, and partnership offers to minority and women attorneys working on FDIC legal matters. The reviews are instrumental in gathering diversity data for ongoing monitoring efforts as well as the exchange of ideas to enhance diversity initiatives. OMWI hosted an outreach event on October 24, 2019, jointly with the other OMWI agencies for their respective regulated entities. The event was entitled “Financial Regulatory Agencies Diversity Summit” and was held in Chicago, Illinois. Additionally, on November 20, 2019, the FDIC participated in a webinar hosted by the American Bankers Association titled, “What Bankers Need to Know about the Diversity Self-Assessment.” Both events focused on the value of conducting voluntary self-assessments, annually submitting assessment results to OMWI Directors, and making diversity information transparent to the public. The OMWI agencies also outlined how the self-assessments will be used to identify leading trends and establish benchmarks that will assist financial institutions in assessing and enhancing their diversity programs. In addition to the outreach efforts noted above, the Legal Division continues to provide technical assistance to other related government agencies on developing MWOLF outreach programs that mirror the FDIC’s program. The Legal Division evaluated and approved three new MWOLF applications in 2019. Firms from various geographic areas were added to the FDIC List of Counsel Available in order to be eligible to receive legal contracting work. Financial Institution Diversity The FDIC’s Financial Institution Diversity program is responsible for assessing the diversity policies and practices of FDIC-regulated financial institutions. The FDIC OMWI worked closely with the OMWIs from the OCC, Information related to diversity and inclusion at the FDIC can be found at www.fdic.gov/about/diversity. INTERNATIONAL OUTREACH The FDIC continues to play a leading role in supporting the global development of deposit insurance, bank supervision, and bank resolution systems. This included working closely with regulatory and supervisory authorities from around the world, as well as international standardsetting bodies and multilateral organizations, such as the International Association of Deposit Insurers (IADI), M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 49 ANNUAL REPORT the Association of Supervisors of Banks of the Americas (ASBA), the Basel Committee on Banking Supervision (BCBS), the Financial Stability Board (FSB), the International Monetary Fund (IMF), and the World Bank. The FDIC engaged with foreign regulatory counterparts by hosting visiting officials, conducting training seminars, delivering technical assistance abroad, and fulfilling the commitments of FDIC membership in international organizations. The FDIC also advanced policy objectives with key jurisdictions by participating in high-level interagency dialogues. International Association of Deposit Insurers FDIC officials and subject matter experts provided continuing support for IADI programs in 2019. This included chairing IADI’s Training and Conference Technical Committee, which provided support for developing and facilitating technical assistance workshops for the African, European, Eurasian, Asia-Pacific, Caribbean, North American, and Latin American regions of IADI. The FDIC also chaired IADI’s Differential Premium Systems Technical Committee, which is drafting a paper evaluating the effectiveness of differential deposit insurance premium systems. The FDIC also participated in reviews of IADI members’ self-assessments of compliance with the Core Principles. The FDIC assisted in the development of IADI’s Biennial Research Conference, which provides a forum for researchers and deposit insurance and bank resolution practitioners to meet to discuss issues facing deposit insurers. It also assisted in development of the annual conference for officials and senior management of deposit insurance authorities in conjunction with the IADI Annual General Meeting. Led and supported by FDIC executives and senior staff, IADI technical assistance and training activities reached approximately 500 participants during 2019. Association of Supervisors of Banks of the Americas Senior FDIC staff chaired the ASBA Training and Technical Committee in 2019, which designs and implements ASBA’s training strategy, promoting the adoption of sound banking supervision policies and practices among its members. The training program reached more than 500 member participants in 2019. Basel Committee on Banking Supervision The FDIC supports and contributes to the development of international standards, guidelines, and sound 50 practices for prudential regulation and supervision of banks through its longstanding membership in BCBS. The contribution includes actively participating in many of the committee groups, working groups, and task forces established by BCBS to carry out its work, which focused on policy development, supervision and implementation, macroprudential supervision, accounting, and consultation. International Capacity Building During the year, the FDIC provided direct assistance to many foreign organizations through the provision of technical expertise. These engagements included providing staff experts to provide training in bank resolution and planning for the European Union’s Single Resolution Board, assisting the Serbia Deposit Insurance Agency in developing its target fund model, and assisting the IMF in Manila, Philippines. The FDIC also hosted more than 147 visiting regulators and other government officials from 34 countries during the year. Two sessions of “FDIC 101: An Introduction to Deposit Insurance, Bank Supervision, and Resolutions,” a structured learning program for senior foreign officials, were offered in 2019 and attended by 56 participants from more than 38 organizations. The FDIC piloted a new two-week training program called “The Bank Resolution Experience,” which is an in-depth training on the FDIC’s resolution functions designed to educate staff-level practitioners from foreign counterparts with resolution authority. The pilot was attended by 22 participants from 15 organizations. The FDIC’s Corporate University also makes supervisory courses available to foreign participants and trained 89 students this year. EFFECTIVE MANAGEMENT OF STRATEGIC RESOURCES The FDIC recognizes that it must effectively manage its human, financial, and technological resources to successfully carry out its mission and meet the performance goals and targets set forth in its annual performance plan. The FDIC must align these strategic resources with its mission and goals and deploy them where they are most needed to enhance its operational effectiveness and minimize potential financial risks to the DIF. Following are the FDIC’s major accomplishments in improving operational efficiency and effectiveness during 2019. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 2019 Human Capital Management Examiner Recruiting, Hiring, and Training The FDIC’s human capital management programs are designed to attract, train, develop, reward, and retain a highly skilled, diverse, and results-oriented workforce. In 2019, the FDIC workforce planning initiatives emphasized the need to plan for employees to fulfill current and future capability and leadership needs. This focus ensures that the FDIC has a workforce positioned to meet today’s core responsibilities and prepared to fulfill its mission in the years ahead. From 2005 through 2019, the FDIC’s Corporate Employee Program (CEP) sponsored the development of newlyhired Financial Institution Specialists (FIS) in entrylevel positions. During the first-year rotation within the program, FISs gained experience and knowledge in the core business of the FDIC and then were placed within RMS or DCP, where they continued their career path to become commissioned examiners. More than 1,050 employees have become commissioned examiners after successfully completing the program’s requirements. Strategic Workforce Planning and Readiness The FDIC understands that succession planning is critical to ensure that gaps in employee aspiration, engagement, and readiness for senior leadership positions are addressed. The FDIC dedicates resources to strengthen and expand its internal pipeline of employees who aspire to higherlevel positions, have the necessary leadership and technical skills, and are prepared to assume future leadership roles. The FDIC conducted succession planning survey research that established a baseline of career aspirations, engagement, and readiness of corporate graded (CG) 12-15 employees for mission-critical leadership positions. In 2019, this baseline was used to inform FDIC’s career development planning strategies and broader workforce planning strategies and investments. In addition, the baseline is being used to inform individual Divisions as they plan and implement succession planning activities tailored to meet their Divisions’ unique workforce needs. During the past few years, the FDIC has witnessed an uptick of retirements in management and leadership positions, requiring a greater emphasis on knowledge transfer and long-term succession planning. To ensure that these critical skills are sustained, the FDIC is developing new career paths that encompass emerging skills, while offering leadership training and career development opportunities designed to increase the internal candidate pool of potential leaders at all levels. The FDIC is also undertaking innovative approaches to attract and retain entry-level examiners with specialty and emerging skillsets. Through these efforts, the FDIC workforce will be even better positioned to respond to dynamic financial and technological challenges, now and in the future. In an effort to make the examination processes and procedures more efficient and effective, evaluate the training and commissioning processes, promote diversity and engagement, and ensure that the vast institutional knowledge held by examiners today is passed on to future examiners, newly hired FISs now will be assigned directly into a discipline: risk management or consumer protection. After a centralized orientation, newly-hired FISs will experience task-based, on-the-job training while working toward commission. Employee Learning and Development The FDIC is committed to training and developing its employees throughout their careers to enhance technical proficiency and leadership capacity, supporting career progression and succession management. The FDIC is in the midst of modernizing learning and development, including expanding virtual and online offerings, integrating modern learning technology, and modernizing the training center. The FDIC develops and implements comprehensive curricula for its business lines to prepare employees to meet new challenges. Such training, offered Corporate University Associate Professor Dr. Alphronzo Moseley, right, leads a roundtable discussion on the FDIC’s leadership development program for first-line supervisors. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S 51 ANNUAL REPORT via a range of delivery modes, positions the FDIC’s Corporate University to be a virtual university with a physical presence. Employees working to become commissioned examiners or resolutions and receiverships specialists attend a prescribed set of specialized, internally developed and instructed courses. Post-commission, employees continue to further their knowledge in specialty areas with more advanced courses. The FDIC is revising examiner classroom training to better support on-the-job application and is developing resolution and receivership training to support readiness and compliance training and converting instructor led courses to web-based training. The FDIC also offers a comprehensive leadership development program that combines core courses, electives, and other enrichment opportunities to develop employees at all levels. From new employees to new executives, the FDIC provides employees with targeted opportunities that align with key leadership competencies. In addition to a broad array of internally developed and administered courses, the FDIC provides its employees with funds to participate in external training to support their career development. Employee Engagement The FDIC continually evaluates its human capital programs and strategies to ensure that it remains an employer of choice, and that all of its employees are fully engaged and aligned with the mission. The FDIC uses the Federal Employee Viewpoint Survey mandated by Congress to solicit information from employees, and takes an agency-wide approach to address key issues identified in the survey. The FDIC consistently scores highly in all categories of the Partnership for Public Service Best Places to Work in the Federal Government® list for mid-size federal 52 Photo credit: Partnership for Public Service Internal Ombudsman Robert Harris and Deputy to the Chairman and Chief Financial Officer Bret Edwards receive the award for one of the Best Places to Work in the Federal Government for mid-sized federal agencies from Max Stier, President and CEO of Partnership for Public Service. agencies. In 2019, the FDIC was recognized for the tenth consecutive year as one of the top federal agencies. Effective leadership is the primary factor driving employee satisfaction and commitment in the federal workplace, according to a report by the Partnership for Public Service. The FDIC engages employees through formal mechanisms such as the TEAM (Transparency, Empowerment, Accountability, Mission) FDIC initiative that empowers employees to identify and implement short-term projects that positively impact the FDIC workplace and support the FDIC’s mission; Chairman’s Diversity Advisory Councils; and Employee Resource Groups; and informally through working groups, team discussions, and daily employee-supervisor interactions. Employee engagement plays an important role in empowering employees and helps maintain, enhance, and institutionalize a positive workplace environment. M A N A G E M E N T ' S D I S C U S S I O N A N D A N A LY S I S II. PERFORMANCE RESULTS SUMMARY THIS PAGE INTENTIONALLY LEFT BLANK 2019 SUMMARY OF 2019 PERFORMANCE RESULTS BY PROGRAM The FDIC successfully achieved 48 of the 49 annual performance targets established in its 2019 Annual Performance Plan. One target was not achieved, which involved a final rulemaking regarding a liquidity standard. There were no instances in which 2019 performance had a material adverse effect on the successful achievement of the FDIC’s mission or its strategic goals and objectives regarding its major program responsibilities. PERFORMANCE RESULTS BY PROGRAM AND STRATEGIC GOAL 2019 INSURANCE PROGRAM RESULTS Strategic Goal: Insured depositors are protected from loss without recourse to taxpayer funding. # 1 2 ANNUAL PERFORMANCE GOAL Respond promptly to all IDI closings and related emerging issues. Disseminate data and analyses on issues and risks affecting the financial services industry to bankers, supervisors, the public, and other stakeholders on an ongoing basis. INDICATOR TARGET RESULTS Number of business days after an institution failure that depositors have access to insured funds. Depositors have access to insured funds within one business day if the failure occurs on a Friday. ACHIEVED. SEE PG. 45. Insured depositor losses resulting from a financial institution failure. Depositors have access to insured funds within two business days if the failure occurs on any other day of the week. ACHIEVED. SEE PG. 45. Depositors do not incur any losses on insured deposits. ACHIEVED. SEE PG. 45. No appropriated funds are required to pay insured depositors. Disseminate results of research and analyses in a timely manner through regular publications, ad hoc reports, and other means. ACHIEVED. SEE PG. 45. Scope and timeliness of information dissemination on identified or potential issues and risks. Undertake industry outreach activities to inform bankers and other stakeholders about current trends, concerns, available resources, and FDIC performance metrics. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. SEE PGS. 28-31. ACHIEVED. SEE PGS. 28-31. 55 ANNUAL REPORT 2019 INSURANCE PROGRAM RESULTS (continued) Strategic Goal: Insured depositors are protected from loss without recourse to taxpayer funding. # 3 4 ANNUAL PERFORMANCE GOAL INDICATOR Monitor the status of the DIF reserve ratio and analyze the factors that affect fund growth. Adjust assessment rates, as necessary. Updated fund balance projections and recommended changes to assessment rates, as necessary. Expand and strengthen the FDIC’s participation and leadership role in supporting robust and effective deposit insurance programs, resolution strategies, and banking systems worldwide. Activities to expand and strengthen engagement with strategically important foreign jurisdictions and key international organizations and associations, and to advance the FDIC’s global leadership and participation on deposit insurance, institution supervision, resolution practices and international financial safety net issues. Provision of technical assistance and training to foreign counterparts. 5 56 Ensure timely consideration and efficient processing of de novo deposit insurance applications. Updated policies, procedures, and guidance. TARGET RESULTS Provide updated fund balance projections to the FDIC Board of Directors semiannually. ACHIEVED. SEE PGS. 15-16. Recommend changes to deposit insurance assessment rates to the FDIC Board of Directors as necessary. Foster strong relationships with international banking regulators, deposit insurers, and other relevant authorities by engaging with strategically important jurisdictions and organizations on international financial safety net issues. ACHIEVED. SEE PGS. 15-16. ACHIEVED. SEE PGS. 49-50. Provide leadership and expertise to key international organizations and associations that promote sound deposit insurance and effective bank supervision and resolution practices. ACHIEVED. SEE PGS. 49-50. Promote international standards and expertise in financial regulatory practices and stability through the provision of technical assistance and training to global financial system authorities. Conduct six regional roundtable discussions to explain and solicit feedback on the de novo application process, and implement additional changes, as appropriate, based on that feedback. ACHIEVED. SEE PGS. 49-50. Ensure the de novo deposit insurance application process is streamlined and transparent. ACHIEVED. SEE PGS. 32-33. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. SEE PGS. 32-33. 2019 2019 INSURANCE PROGRAM RESULTS (continued) Strategic Goal: Insured depositors are protected from loss without recourse to taxpayer funding. # 6 7 ANNUAL PERFORMANCE GOAL Market failing institutions to all known qualified and interested potential bidders. Provide educational information to IDIs and their customers to help them understand the rules for determining the amount of insurance coverage on deposit accounts. INDICATOR TARGET RESULTS Scope of qualified and interested bidders solicited. Timeliness of responses to deposit insurance coverage inquiries. Contact all known qualified and interested bidders. ACHIEVED. SEE PG. 45. Respond within two weeks to 95 percent of written inquiries from consumers and bankers about FDIC deposit insurance coverage. ACHIEVED. SEE PG. 39. Initiatives to increase public awareness of deposit insurance coverage changes. Conduct at least four telephone or in-person seminars for bankers on deposit insurance coverage. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED SEE PGS. 38-39. 57 ANNUAL REPORT 2019 SUPERVISION PROGRAM RESULTS Strategic Goal: FDIC-insured institutions are safe and sound. # 1 2 58 ANNUAL PERFORMANCE GOAL Conduct on-site risk management examinations to assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised depository institutions. When problems are identified, promptly implement appropriate corrective programs and follow up to ensure that identified problems are corrected. Assist in protecting the infrastructure of the U.S. banking system against terrorist financing, money laundering, and other financial crimes. INDICATOR TARGET RESULTS Percentage of required examinations conducted in accordance with statutory requirements and FDIC policy. Conduct all required risk management examinations within the timeframes prescribed by statute and FDIC policy. ACHIEVED. SEE PG.16. Follow-up actions on identified problems. For at least 90 percent of IDIs that are assigned a composite CAMELS rating of 2 and for which the examination report identifies “Matters Requiring Board Attention” (MRBAs), review progress reports and follow up with the institution within six months of the issuance of the examination report to ensure that all MRBAs are being addressed. Percentage of required Conduct all BSA examinations within examinations conducted the timeframes prescribed by statute in accordance with and FDIC policy. statutory requirements and FDIC policy. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. SEE PGS. 17-18. ACHIEVED. SEE PG. 16. 2019 2019 SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: FDIC-insured institutions are safe and sound. # 3 ANNUAL PERFORMANCE GOAL Establish regulatory capital standards that ensure institutions have sufficient loss-absorbing capacity to remain resilient under stress while reducing complexity and maximizing efficiency. INDICATOR Simplification of capital standards for community banks. U.S. implementation of internationally agreed regulatory standards. Implementation of other changes to capital requirements directed by the Congress. TARGET RESULTS Complete, by September 30, 2019, rulemaking for a community bank leverage ratio and conforming changes to the deposit insurance assessment process. ACHIEVED. SEE PG. 27. Finalize aspects of the interagency capital simplification proposal issued in September 2017, including changes to the regulatory capital treatment of mortgage servicing assets, deferred tax assets, investment in the capital instruments of other financial institutions, and minority interest. ACHIEVED. SEE PG. 26. Issue interagency final rules to adopt the statutory definition of high volatility commercial real estate for risk based capital. ACHIEVED. SEE PGS. 27-28. Reevaluate and take appropriate actions on Basel III requirements for small banks that do not meet or are not eligible for the community bank leverage ratio. ACHIEVED. SEE PG. 26. Issue a final rule, by December 31, 2019, to implement the Net Stable Funding Ratio (NSFR). NOT ACHIEVED. SEE PG. 26. Issue interagency final rules to tailor capital requirements for large financial institutions. ACHIEVED. SEE PGS. 25-26. Issue interagency rulemaking to remove certain central bank deposits from the denominator of the supplementary leverage ratio for custodial banks. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. SEE PG. 27. 59 ANNUAL REPORT 2019 SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: FDIC-insured institutions are safe and sound. # 4 60 ANNUAL PERFORMANCE GOAL Implement strategies to promote enhanced cybersecurity and business continuity within the banking industry. INDICATOR TARGET RESULTS Enhance the cybersecurity awareness and preparedness of the banking industry. Continue to conduct horizontal reviews that focus on the IT risks in large and complex supervised institutions and in technology service providers. ACHIEVED. SEE PGS. 19-20. Continue to use the Cybersecurity Examination Program for the most significant service provider examinations. ACHIEVED. SEE PGS. 19-20. Improve the analysis and sharing of cybersecurity-related threat information with financial institutions. ACHIEVED. SEE PGS. 19-20. P E R F O R M A N C E R E S U LT S S U M M A R Y 2019 2019 SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: Consumers’ rights are protected, and FDIC-supervised institutions invest in their communities. # 1 2 ANNUAL PERFORMANCE GOAL INDICATOR Conduct on-site CRA and consumer compliance examinations to assess compliance with applicable laws and regulations by FDIC-supervised institutions. When violations are identified, promptly implement appropriate corrective programs and follow up to ensure that identified problems are corrected. Effectively investigate and respond to written consumer complaints and inquiries about FDIC-supervised financial institutions. TARGET RESULTS Conduct all required examinations Percentage of examinations conducted within the timeframes established. in accordance with the timeframes prescribed by FDIC policy. ACHIEVED. SEE PG. 18. Implementation of corrective programs. ACHIEVED. SEE PG. 18. Timely responses to written consumer complaints and inquiries. Public availability of information on consumer complaints. Conduct visits and/or follow-up examinations in accordance with established FDIC processes to ensure that the requirements of any corrective program have been implemented and are effectively addressing identified violations. Respond to 95 percent of written consumer complaints and inquiries within timeframes established by policy, with all complaints and inquiries receiving at least an initial acknowledgement within two weeks. ACHIEVED. SEE PGS. 43-44. Publish, through the Consumer Response Center (CRC), an annual report regarding the nature of the FDIC’s interactions with consumers and depositors. ACHIEVED. SEE PG. 39. Publish, on the FDIC’s website, and regularly update metrics on requests from the public for FDIC assistance. ACHIEVED. SEE PG. 39. P E R F O R M A N C E R E S U LT S S U M M A R Y 61 ANNUAL REPORT 2019 SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: Consumers’ rights are protected, and FDIC-supervised institutions invest in their communities. # 3 ANNUAL PERFORMANCE GOAL INDICATOR Promote economic inclusion Completion of planned and access to responsible initiatives. financial services through supervisory, research, policy, and consumer/community affairs initiatives. TARGET Administer the 2019 Survey of the Unbanked and Underbanked Households. ACHIEVED. SEE PG. 38. Conduct outreach to institutions and the public to expand the availability and usage of low-cost transaction accounts tailored to the needs of unbanked and underbanked households. ACHIEVED. SEE PGS. 37-38. Expand the reach of the new Money Smart for Adults through online resources, translating the curriculum into other languages, and outreach. ACHIEVED. SEE PG. 41. Strengthen connections between small businesses and FDIC-insured institutions. ACHIEVED. SEE PG. 40. Increase engagement and collaboration with, and provide support for, Minority Depository Institutions (MDIs). 62 RESULTS P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. SEE PGS. 21-23. 2019 2019 SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: Large and complex financial institutions are resolvable under the Bankruptcy Code. # 1 ANNUAL PERFORMANCE GOAL Identify and address risks in large, complex financial institutions, including those designated as systemically important. INDICATOR Rulemaking for resolution planning requirements. Compliance with the statutory and regulatory requirements under Title I of the DoddFrank Act and Section 360.10 of the FDIC Rules and Regulations. Risk monitoring of large, complex financial institutions, bank holding companies, and designated nonbanking firms. TARGET RESULTS Complete interagency rulemaking with the FRB to tailor application of resolution planning requirements under Section 165(d) of the DoddFrank Act. ACHIEVED. SEE PG. 34. Issue an ANPR to tailor and make adjustments to the FDIC’s resolution planning requirements for IDIs. ACHIEVED. SEE PG. 35. In collaboration with the FRB, review all resolution plans subject to the requirements of Section 165(d) of Dodd-Frank Act to ensure their conformance to statutory and other regulatory requirements. Identify and provide feedback to firms on potential impediments in those plans to resolution under the Bankruptcy Code. ACHIEVED. SEE PG. 35. Review resolution plans subject to the requirements of Section 360.10 of the Insured Depository Institutions (IDI) Rule to ensure their conformance to other regulatory requirements. ACHIEVED. SEE PG. 35. Conduct ongoing risk analysis and monitoring of large, complex financial institutions to understand and assess their structure, business activities, risk profiles, and resolution and recovery plans. ACHIEVED. SEE PGS. 35-36. P E R F O R M A N C E R E S U LT S S U M M A R Y 63 ANNUAL REPORT 2019 RECEIVERSHIP MANAGEMENT PROGRAM RESULTS Strategic Goal: Resolutions are orderly and receiverships are managed effectively. # ANNUAL PERFORMANCE GOAL 1 Value, manage, and market assets of failed institutions and their subsidiaries in a timely manner to maximize net return. 2 Manage the receivership estate and its subsidiaries toward an orderly termination. 3 Conduct investigations into all potential professional liability claim areas for all failed IDIs and decide as promptly as possible to close or pursue each claim, considering the size and complexity of the institution. Ensure the FDIC’s operational readiness to administer the resolution of large financial institutions, including those designated as systemically important. 4 64 INDICATOR TARGET RESULTS Percentage of the assets For at least 95 percent of insured marketed for each failed institution failures, market at least institution. 90 percent of the book value of the institution’s marketable assets within 90 days of the failure date (for cash sales) and within 120 days of the date that the pool of similar assets is of sufficient size to bring to market (for structured sales). Timely termination of Terminate at least 75 percent of new new receiverships. receiverships that are not subject to loss-share agreements, structured sales, or other legal impediments within three years of the date of failure. Percentage of For 80 percent of all claim areas, investigated claim areas make a decision to close or pursue for which a decision has professional liability claims within 18 been made to close or months of the failure of an insured pursue the claim. depository institution. ACHIEVED. SEE PG. 45. Refinement of resolution plans and strategies. Continue to refine plans to ensure the FDIC’s operational readiness to administer the resolution of large, complex financial institutions. ACHIEVED. SEE PG. 36. Continued crossborder coordination and cooperation in resolution planning. Continue to deepen and strengthen bilateral working relationships with key foreign jurisdictions, both on a bilateral basis and through multilateral fora. ACHIEVED. SEE PGS. 36-37. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. SEE PG. 45. ACHIEVED. SEE PG. 46. 2019 PRIOR YEARS’ PERFORMANCE RESULTS Refer to the respective full Annual Report of prior years, located on the FDIC’s website for more information on performance results for those years. Shaded areas indicate no such target existed for that respective year. INSURANCE PROGRAM RESULTS Strategic Goal: Insured depositors are protected from loss without recourse to taxpayer funding. ANNUAL PERFORMANCE GOALS AND TARGETS 1. Respond promptly to all insured financial institution closings and related emerging issues. ♦ Depositors have access to insured funds within one business day if the failure occurs on a Friday. ♦ Depositors have access to insured funds within two business days if the failure occurs on any other day of the week. ♦ Depositors do not incur any losses on insured deposits. ♦ No appropriated funds are required to pay insured depositors. 2. Disseminate data and analyses on issues and risks affecting the financial services industry to bankers, supervisors, the public, and other stakeholders on an ongoing basis. ♦ Disseminate results of research and analyses in a timely manner through regular publications, ad hoc reports, and other means. ♦ Undertake industry outreach activities to inform bankers and other stakeholders about current trends, concerns, and other available FDIC resources. 3. Adjust assessment rates, as necessary, to achieve a DIF reserve ratio of at least 1.35 percent of estimated insured deposits by September 30, 2020. ♦ Provide updated fund balance projections to the FDIC Board of Directors by June 30, 2018, and December 31, 2018. ♦ Provide updated fund balance projections to the FDIC Board of Directors by June 30, 2017, and December 31, 2017. ♦ Provide updated fund balance projections to the FDIC Board of Directors by June 30, 2016, and December 31, 2016. ♦ Provide updated fund balance projections to the FDIC Board of Directors by June 30, 2015, and December 31, 2015. 2018 2017 2016 2015 2014 N/A – NO FAILURES. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. N/A – NO FAILURES. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. N/A – NO FAILURES. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. N/A – NO FAILURES. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. ACHIEVED. 65 ANNUAL REPORT INSURANCE PROGRAM RESULTS (continued) Strategic Goal: Insured depositors are protected from loss without recourse to taxpayer funding. Annual Performance Goals and Targets ♦ Provide updated fund balance projections to the FDIC Board of Directors by June 30, 2014, and December 31, 2014. ♦ Provide progress reports to the FDIC Board of Directors by June 30, 2018, and December 31, 2018. ♦ Provide progress reports to the FDIC Board of Directors by June 30, 2017, and December 31, 2017. ♦ Provide progress reports to the FDIC Board of Directors by June 30, 2016, and December 31, 2016. ♦ Provide progress reports to the FDIC Board of Directors by June 30, 2015, and December 31, 2015. ♦ Provide progress reports to the FDIC Board of Directors by June 30, 2014, and December 31, 2014. ♦ Recommend changes to deposit insurance assessment rates to the FDIC Board of Directors as necessary. 4. Expand and strengthen the FDIC’s participation and leadership role in supporting robust and effective deposit insurance programs, resolution strategies, and banking systems worldwide. ♦ Foster strong relationships with international banking regulators, deposit insurers, and other relevant authorities by engaging with strategically important jurisdictions and organizations on international financial safety net issues. ♦ Provide leadership and expertise to key international organizations and associations that promote sound deposit insurance and effective bank supervision and resolution practices. ♦ Promote international standards and expertise in financial regulatory practices and stability through the provision of technical assistance and training to global financial system authorities. ♦ Continue to play leadership roles within key international organizations and associations and promote sound deposit insurance, bank supervision, and resolution practices. ♦ Promote continued enhancement of international standards and expertise in financial regulatory practices and stability through the provision of technical assistance and training to global financial system authorities. 66 2018 2017 2016 2015 2014 ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. ACHIEVED. 2019 INSURANCE PROGRAM RESULTS (continued) Strategic Goal: Insured depositors are protected from loss without recourse to taxpayer funding. Annual Performance Goals and Targets 2018 2017 ♦ Develop and foster closer relationships with bank supervisors in the reviews through the provision of technical assistance and by leading governance efforts in the Association of Supervisors of Banks of the Americas (ASBA). ♦ Maintain open dialogue with counterparts in strategically important jurisdictions, international financial organizations and institutions, and partner U.S. agencies; and actively participate in bilateral interagency regulatory dialogues. ♦ Maintain open dialogue with counterparts in strategically important jurisdictions, international financial organizations and institutions, and partner U.S. agencies. ♦ Maintain a leadership position in the International Association of Deposit Insurers (IADI) by conducting workshops and performing assessments of deposit insurance systems based on the methodology for assessment of compliance with the IADI Core Principles for Effective Deposit Insurance Systems (Core Principles), developing and conducting training on priority topics identified by IADI members, and actively participating in IADI’s Executive Council and Standing Committees. ♦ Maintain open dialogue with the Association of Supervisors of Banks of the Americas (ASBA) to develop and foster relationships with bank supervisors in the region by providing assistance when necessary. ♦ Engage with authorities responsible for resolutions and resolutions planning in priority foreign jurisdictions and contribute to the resolution-related agenda of the Financial Stability Board (FSB) through active participation in the FSB’s Resolution Steering Group (ReSG). ♦ Engage with authorities responsible for resolutions and resolutions planning in priority foreign jurisdictions. ♦ Contribute to the resolution-related agenda of the Financial Stability Board (FSB) through active participation in the FSB’s Resolution Steering Group and its working groups. P E R F O R M A N C E R E S U LT S S U M M A R Y 2016 2015 2014 ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. 67 ANNUAL REPORT INSURANCE PROGRAM RESULTS (continued) Strategic Goal: Insured depositors are protected from loss without recourse to taxpayer funding. Annual Performance Goals and Targets 2018 2017 2016 ♦ Actively participate in bilateral interagency regulatory dialogues. ♦ Support visits, study tours, secondments, and longerterm technical assistance and training programs for representatives for foreign jurisdictions to strengthen their deposit insurance organizations, central banks, bank supervisors, and resolution authorities. 5. Market failing institutions to all known qualified and interested potential bidders. ♦ Contact all known qualified and interested bidders. 2015 2014 ACHIEVED. N/A – NO FAILURES. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. 6. Provide educational information to insured depository institutions and their customers to help them understand the rules for determining the amount of insurance coverage on deposit accounts. ♦ Respond within two weeks to 95 percent of written ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. inquiries from consumers and bankers about FDIC deposit insurance coverage. ♦ Conduct at least four telephone or in-person seminars ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. for bankers on deposit insurance coverage. ♦ Conduct at least 12 telephone or in-person seminars ACHIEVED. for bankers on deposit insurance coverage. ♦ Complete and post on the FDIC website videos ACHIEVED. for bankers and consumers on deposit insurance coverage. 68 P E R F O R M A N C E R E S U LT S S U M M A R Y 2019 SUPERVISION PROGRAM RESULTS Strategic Goal: FDIC-insured institutions are safe and sound. ANNUAL PERFORMANCE GOALS AND TARGETS 1. Conduct on-site risk management examinations to assess the overall financial condition, management practices and policies, and compliance with applicable laws and regulations of FDIC-supervised depository institutions. When problems are identified, promptly implement appropriate corrective programs, and follow up to ensure that identified problems are corrected. ♦ Conduct all required risk management examinations within the time frames prescribed by statute and FDIC policy. ♦ For at least 90 percent of institutions that are assigned a composite CAMELS rating of 2 and for which the examination report identifies “Matters Requiring Board Attention” (MRBAs), review progress reports and follow up with the institution within six months of the issuance of the examination report to ensure that all MRBAs are being addressed. ♦ Implement formal or informal enforcement actions within 60 days for at least 90 percent of all institutions that are newly downgraded to a composite Uniform Financial Institutions Rating of 3, 4, or 5. 2. Assist in protecting the infrastructure of the U.S. banking system against terrorist financing, money laundering, and other financial crimes. ♦ Conduct all Bank Secrecy Act examinations within the time frames prescribed by statute and FDIC policy. 3. Ensure that regulatory capital standards promote banks’ resilience under stress and the confidence of their counterparties. ♦ Finalize a Notice of Proposed Rulemaking (NPR) for a simplified risk-based capital framework for community banks. ♦ Finalize the Basel III Net Stable Funding Ratio (NSFR). 2018 2017 2016 2015 2014 ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. SUBSTANTIALLY ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. NOT ACHIEVED. NOT ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y 69 ANNUAL REPORT SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: FDIC-insured institutions are safe and sound. Annual Performance Goals and Targets 2018 2017 2016 2015 2014 4. More closely align regulatory capital standards with risk and ensure that capital is maintained at prudential levels. ♦ Issue a Notice of Proposed Rulemaking (NPR) for a ACHIEVED. simplified capital framework for community banks. NOT ♦ Issue a final rule implementing the Basel III Net ACHIEVED. Stable Funding Ratio. ♦ Publish in 2016, a Notice of (proposed) Rulemaking ACHIEVED. on the Basel III Net Stable Funding Ratio. ♦ Publish by December 31, 2015, an interagency NOT Notice of Proposed Rulemaking on implementation ACHIEVED. of the Basel III Net Stable Funding Ratio. ♦ Finalize Basel III reporting instructions in time to ensure that institutions that are using the advanced ACHIEVED. approaches can implement Basel III in the first quarter of 2014 and that all IDIs can implement the standardized approach in the first quarter of 2015. ♦ Publish a final Basel Liquidity Coverage Rule, ACHIEVED. in collaboration with other regulators by December 31, 2014. ♦ Publish a final rule implementing the Basel III capital ACHIEVED. accord in collaboration with other regulators, by December 31, 2014. ♦ Finalize, in collaboration with other regulators, an ACHIEVED. enhanced U.S. supplementary leverage ratio standard by December 31, 2014. 5. Implement strategies to promote enhanced information security, cybersecurity, and business continuity within the banking industry. ♦ Continue implementation of a horizontal review program that focuses on the IT risks in large and ACHIEVED. ACHIEVED. complex supervised institutions and Technology Service Providers (TSPs). ♦ Continue implementation of the Cybersecurity Examination Program for the most significant service ACHIEVED. provider examinations. ♦ Revise and implement by December 31, 2017, the ACHIEVED. Cybersecurity Examination Tool for TSPs. ♦ Establish a horizontal review program that focuses ACHIEVED. on the IT risks in large and complex supervised institutions and Technology Service providers (TSPs). 70 P E R F O R M A N C E R E S U LT S S U M M A R Y 2019 SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: FDIC-insured institutions are safe and sound. Annual Performance Goals and Targets 2018 2017 ♦ Complete by June 30, 2016, examiner training and implement by September 30, 2016, the new IT examination work program to enhance focus on information security, cybersecurity, and business continuity. ♦ Enhance the technical expertise of the IT supervisory workforce. ♦ Working with FFIEC counterparts, update and strengthen IT guidance to the industry on cybersecurity preparedness. ♦ Working with the FFIEC counterparts, update and strengthen IT examination work programs for institutions and technology service providers (TSPs) to evaluate cybersecurity preparedness and cyber resiliency. ♦ Improve information sharing on identified technology risks among the IT examination workforces of FFIEC member agencies. ♦ In coordination with the FFIEC, implement recommendations to enhance the FDIC’s supervision of the IT risks at insured depository institutions and their technology service providers. 6. Identify and address risks in financial institutions designated as systemically important. ♦ Conduct ongoing risk analysis and monitoring of SIFIs to understand their structure, business activities and risk profiles, and their resolution and recovery capabilities. ♦ Complete, in collaboration with the Federal Reserve Board and in accordance with statutory and regulatory timeframes, all required actions associated with the review of resolution plans submitted by financial companies subject to the requirements of Section 165 (d) of the Dodd-Frank Act. ♦ Hold at least one meeting of the Systemic Resolution Advisory Committee to obtain feedback on resolving SIFIs. P E R F O R M A N C E R E S U LT S S U M M A R Y 2016 2015 2014 ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. 71 ANNUAL REPORT SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: Consumers’ rights are protected, and FDIC-supervised institutions invest in their communities. ANNUAL PERFORMANCE GOALS AND TARGETS 1. Conduct on-site CRA and consumer compliance examinations to assess compliance with applicable laws and regulations by FDIC-supervised depository institutions. When violations are identified, promptly implement appropriate corrective programs and follow up to ensure that identified problems are corrected. ♦ Conduct all required examinations within the time frames established by FDIC policy. ♦ Conduct visits and/or follow-up examinations in accordance with established FDIC policies to ensure that the requirements of any required corrective program have been implemented and are effectively addressing identified violations. ♦ Conduct 100 percent of required examinations within the time frames established by FDIC policy. 2. Effectively investigate and respond to written consumer complaints and inquiries about FDIC-supervised financial institutions. ♦ Respond to 95 percent of written consumer complaints and inquiries within time frames established by policy, with all complaints and inquiries receiving at least an initial acknowledgment within two weeks. 3. Promote economic inclusion and access to responsible financial services through supervisory, research, policy, and consumer/community affairs initiatives. ♦ Publish the results of the 2017 FDIC National Survey of Unbanked and Underbanked Households. ♦ Complete planning for the 2019 FDIC National Survey of Unbanked and Underbanked Households. 72 2018 2017 2016 2015 2014 SUBSTANTIALLY ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. SUBSTANTIALLY ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. SUBSTANTIALLY ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y ACHIEVED. ACHIEVED. 2019 SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: FDIC-insured institutions are safe and sound. Annual Performance Goals and Targets 2018 2017 2016 2015 2014 ♦ Continue to promote broader access to and use of low-cost transaction and savings accounts to build banking relationships that will meet the needs of ACHIEVED. unbanked and underbanked households by increasing the current level of engagement from 10 communities to 15 communities. ♦ Launch the revised Money Smart for Adults ACHIEVED. curriculum. ♦ Revise and administer the 2017 FDIC National ACHIEVED. Survey of Unbanked and Underbanked Households. ♦ Continue and expand efforts to promote broader awareness of the availability of low-cost transaction ACHIEVED. accounts consistent with the FDIC’s Model SAFE transaction account template. ♦ Complete and pilot a revised, instructor-led Money ACHIEVED. Smart for Adults product. ♦ Publish the results of the 2015 FDIC National ACHIEVED. Survey of Unbanked and Underbanked Household. ♦ Complete and present to the Advisory Committee on Economic Inclusions (ComE-IN) a report on the ACHIEVED. pilot Youth Savings Program (YSP) conducted jointly with the CFPB. ♦ Revise, test, and administer the 2015 FDIC National ACHIEVED. Survey of Unbanked and Underbanked Household. ♦ Publish the results of the 2013 FDIC National Survey ACHIEVED. of Unbanked and Underbanked Households (conducted jointly with the U.S. Census Bureau). ♦ Promote broader awareness of the availability of lowACHIEVED. cost transaction accounts consistent with the FDIC’s Model SAFE transaction account template. ♦ Support the Advisory Committee on Economic Inclusion in expanding the availability and awareness ACHIEVED. of low-cost transaction accounts, consistent with the FDIC’s SAFE account template. ♦ Implement the strategy outlined in the work plan approved by the Advisory Committee on Economic ACHIEVED. Inclusion to support the expanded availability of SAFE accounts and the responsible use of technology, to expand banking services to the underbanked. P E R F O R M A N C E R E S U LT S S U M M A R Y 73 ANNUAL REPORT SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: FDIC-insured institutions are safe and sound. Annual Performance Goals and Targets 2018 2017 ♦ In partnership with the Consumer Financial Protection Bureau, enhance financial capability among school-age children through (1) development and delivery of tailored financial education materials; (2) resources and outreach targeted to youth, parents, and teachers; and (3) implementation of a pilot youth savings program. ♦ Facilitate opportunities for banks and community stakeholders to address issues concerning access to financial services, community development, and financial education. 74 P E R F O R M A N C E R E S U LT S S U M M A R Y 2016 2015 2014 ACHIEVED. ACHIEVED. 2019 SUPERVISION PROGRAM RESULTS (continued) Strategic Goal: Large and complex financial institutions are resolvable in an orderly manner under bankruptcy. ANNUAL PERFORMANCE GOALS AND TARGETS 2018 2017 2016 2015 2014 1. Identify and address risks in large and complex financial institutions, including those designated as systemically important. ♦ In collaboration with the FRB continue to review all resolution plans subject to the requirements of Section 165(d) of the DFA to ensure their ACHIEVED. ACHIEVED. ACHIEVED. conformance to statutory and other regulatory requirements. Identify potential impediments in those plans to resolution under the Bankruptcy Code. ♦ Continue to review all resolution plans subject to the requirements of Section 360.10 of the IDI rule to ensure their conformance to statutory and ACHIEVED. ACHIEVED. ACHIEVED. other regulatory requirements. Identify potential impediments to resolvability under the Federal Deposit Insurance (FDI) Act. ♦ Conduct ongoing risk analysis and monitoring of large, complex financial institutions to understand ACHIEVED. ACHIEVED. ACHIEVED. and assess their structure, business activities, risk profiles, and resolution and recovery plans. ♦ Conduct ongoing risk analysis and monitoring of large, complex financial institutions to understand ACHIEVED. and assess their structure, business activities, risk profiles, and resolution and recovery plans. ♦ Complete, in collaboration with the FRB and in accordance with statutory and regulatory time frames, a review of resolution plans submitted by individual ACHIEVED. financial companies subject to the requirements of section 165 (d) of DFA and Part 360.10 of the FDIC Rules and Regulations. P E R F O R M A N C E R E S U LT S S U M M A R Y 75 ANNUAL REPORT RECEIVERSHIP MANAGEMENT PROGRAM RESULTS Strategic Goal: Resolutions are orderly and receiverships are managed effectively. ANNUAL PERFORMANCE GOALS AND TARGETS 1. Value, manage, and market assets of failed institutions and their subsidiaries in a timely manner to maximize net return. ♦ For at least 95 percent of insured institution failures, market at least 90 percent of the book value of the institution’s marketable assets within 90 days of the failure date (for cash sales) or 120 days of the date that the pool of similar assets is of sufficient size to bring to market (for structured sales). ♦ For at least 95 percent of insured institution failures, market at least 90 percent of the book value of the institution’s marketable assets within 90 days of the failure date (for cash sales) or 120 days of the failure date (for structured sales). 2. Manage the receivership estate and its subsidiaries toward an orderly termination. ♦ Terminate at least 75 percent of new receiverships that are not subject to loss-share agreements, structured sales, or other legal impediments, within three years of the date of failure. 3. Conduct investigations into all potential professional liability claim areas for all failed insured depository institutions, and decide as promptly as possible, to close or pursue each claim, considering the size and complexity of the institution. ♦ For 80 percent of all claim areas, make a decision to close or pursue professional liability claims within 18 months of the failure date of an insured depository institution. 4. Ensure the FDIC’s operational readiness to administer the resolution of large financial institutions, including those designated as systemically important. ♦ Continue to refine plans to ensure the FDIC’s operational readiness to administer the resolution of large financial institutions under Title II of the DFA, including those nonbank financial companies designated as systemically important. ♦ Refine plans to ensure the FDIC’s operational readiness to administer the resolution of large financial institutions including those designated as systemically important. 76 2018 2017 2016 2015 2014 ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. N/A – NO FAILURES. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. N/A – NO FAILURES. ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y 2019 RECEIVERSHIP MANAGEMENT PROGRAM RESULTS (continued) Strategic Goal: Resolutions are orderly and receiverships are managed effectively. Annual Performance Goals and Targets ♦ Continue to deepen and strengthen bilateral working relationships with key foreign jurisdictions. ♦ Hold a meeting of the Systemic Resolution Advisory Committee in early 2016 to obtain feedback on resolving SIFIs. 5. Ensure the FDIC’s operational readiness to resolve a large, complex financial institution using the orderly liquidation authority in Title II of the DFA. ♦ Update and refine firm-specific resolutions plans and strategies and develop operational procedures for the administration of a Title II receivership. ♦ Prepare for an early 2016 meeting of the Systemic Resolution Advisory Committee to obtain feedback on resolving SIFIs. ♦ Continue to deepen and strengthen bilateral working relationships with key foreign jurisdictions. 2018 2017 2016 ACHIEVED. ACHIEVED. ACHIEVED. P E R F O R M A N C E R E S U LT S S U M M A R Y 2015 2014 ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. ACHIEVED. 77 THIS PAGE INTENTIONALLY LEFT BLANK III. FINANCIAL HIGHLIGHTS THIS PAGE INTENTIONALLY LEFT BLANK 2019 In its role as insurer of bank and savings association deposits, the FDIC promotes the safety and soundness of insured depository institutions. The following financial highlights address the performance of the Deposit Insurance Fund. DEPOSIT INSURANCE FUND PERFORMANCE The DIF balance was $110.3 billion at December 31, 2019, an increase of $7.7 billion from the year-end 2018 balance of $102.6 billion. The DIF’s comprehensive income totaled $7.7 billion for 2019 compared to comprehensive income of $9.9 billion during 2018. The $2.2 billion year-overyear decrease was primarily due to a $4.6 billion decrease in assessment revenue partially offset by a $1.8 billion increase in interest and unrealized gains on U.S. Treasury securities. Assessment revenue was $4.9 billion for 2019, compared to $9.5 billion for 2018. The $4.6 billion year-overyear decrease was primarily due to the cessation of the surcharge assessment on large institutions effective October 1, 2018, as a result of the reserve ratio exceeding the required minimum of 1.35 percent as of September 30, 2018. In addition, assessment revenue was reduced in 2019 for actual and expected small bank assessment credit usage of $704 million. The DIF’s interest revenue on U.S. Treasury securities for 2019 was $2.1 billion, compared to $1.6 billion in 2018. The $484 million year-over-year increase resulted primarily from a steady growth in the investment portfolio balance. In addition, the DIF recognized an unrealized gain on U.S. Treasury securities of $1.2 billion, up from a $136 million unrealized loss in 2018. The unrealized gain in 2019 was the result of yields declining across all maturity sectors of the Treasury yield curve, resulting in increases in the securities’ market values relative to their book values. The provision for insurance losses was a negative $1.3 billion for 2019, compared to negative $563 million for 2018. The negative provision for 2019 primarily resulted from a decrease to the estimated losses for prior year failures, attributable to: (1) a decrease in receivership shared-loss liability cost estimates of $575 million primarily due to lower-than-anticipated losses on covered assets, reductions in shared-loss cost estimates from expirations and early terminations of shared-loss agreements during the year, and higher true-up recoveries (projected to be received at expiration if actual losses at expiration are lower than originally estimated); (2) $465 million of unanticipated recoveries received by receiverships from litigation settlements and professional liability claims; and (3) a $118 million reduction in future receivership expense estimates. The DIF’s cash, cash equivalents, and U.S. Treasury investment portfolio balances increased by $7.6 billion during 2019 to $106.1 billion at year-end 2019, from $98.5 billion at year-end 2018. This increase was primarily due to assessment collections of $5.1 billion, interest received on U.S. Treasury securities of $2.0 billion, and recoveries from resolutions of $1.7 billion, less operating expenses paid of $1.7 billion. FINANCIAL HIGHLIGHTS 81 ANNUAL REPORT ESTIMATED DIF INSURED DEPOSITS $8,000 Dollars in Billions $7,000 $6,000 $5,000 $4,000 $3,000 $2,000 $1,000 9 9-1 9 6-1 9 3-1 -18 12 8 9-1 8 6-1 8 3-1 -17 12 7 9-1 7 6-1 7 3-1 -16 12 6 9-1 6 6-1 6 3-1 -15 12 5 9-1 5 6-1 5 3-1 -14 12 4 9-1 4 6-1 4 3-1 -13 12 3 9-1 3 6-1 3 3-1 -12 12 2 9-1 2 6-1 2 3-1 -11 12 1 9-1 1 6-1 1 3-1 0 SOURCE: Commercial Bank Call and Thrift Financial Reports Note: Beginning in fourth quarter 2010 through fourth quarter 2012, estimated insured deposits include the entire balance of noninterestbearing transaction accounts. DEPOSIT INSURANCE FUND RESERVE RATIOS Fund Balance as a Percent of Estimated Insured Deposits 1.4 1.2 1.0 0.8 0.6 0.4 0.2 0.0 -0.2 9 9-1 9 6-1 9 3-1 -18 12 8 9-1 8 6-1 8 3-1 -17 12 7 9-1 7 6-1 7 3-1 -16 12 6 9-1 6 6-1 6 3-1 -15 12 5 9-1 5 6-1 5 3-1 -14 12 4 9-1 4 6-1 4 3-1 -13 12 3 9-1 3 6-1 3 3-1 -12 12 2 9-1 2 6-1 2 3-1 -11 12 1 9-1 1 6-1 1 3-1 82 FINANCIAL HIGHLIGHTS 2019 DEPOSIT INSURANCE FUND SELECTED STATISTICS Dollars in Millions For the years ended December 31 2019 2018 2017 $7,095 $11,171 $11,664 1,796 1,765 1,739 (1,282) (560) (181) Net Income 6,582 9,966 10,105 Comprehensive Income 7,738 9,861 9,586 Insurance Fund Balance $110,347 $102,609 $92,747 1 1.41% 1.36% 1.30% 5,2561 5,406 5,670 55 1 60 95 $48,7791 $48,489 $13,939 4 0 8 $209 $0 $5,082 248 272 338 Financial Results Revenue Operating Expenses Insurance and Other Expenses (includes provision for losses) Fund as a Percentage of Insured Deposits (reserve ratio) Selected Statistics Total DIF-Member Institutions2 Problem Institutions Total Assets of Problem Institutions Institution Failures Total Assets of Failed Institutions in Year 3 Number of Active Failed Institution Receiverships 1 As of September 30, 2019. 2 Commercial banks and savings institutions. Does not include U.S. insured branches of foreign banks. 3 Total Assets data are based upon the last Call Report filed by the institution prior to failure. FINANCIAL HIGHLIGHTS 83 THIS PAGE INTENTIONALLY LEFT BLANK IV. BUDGET AND SPENDING THIS PAGE INTENTIONALLY LEFT BLANK 2019 FDIC OPERATING BUDGET The FDIC segregates its corporate operating budget and expenses into three discrete components: ongoing operations, receivership funding, and the Office of Inspector General (OIG). The receivership funding component represents expenses resulting from financial institution failures and is, therefore, largely driven by external forces and is less controllable and estimable. FDIC operating expenditures totaled $1.9 billion in 2019, including $1.8 billion in ongoing operations, $75 million in receivership funding, and $38 million for the OIG. This represented approximately 96 percent of the approved budget for ongoing operations, 43 percent of the approved budget for receivership funding, and 88 percent of the approved budget for the OIG for the year. The approved 2020 FDIC Operating Budget of approximately $2.0 billion consists of $1.9 billion for ongoing operations, $75 million for receivership funding, and $43 million for the OIG. The level of approved ongoing operations budget for 2020 is approximately $74 million (4.1 percent) higher than the 2019 ongoing operations budget, while the approved receivership funding budget is $100 million (57 percent) lower than the 2019 receivership funding budget. The 2020 OIG budget is unchanged from the 2019 OIG budget. As in prior years, the 2020 budget was formulated primarily on the basis of an analysis of projected workload for each of the FDIC’s three major business lines and its program support functions. The most significant factor contributing to the decrease in the FDIC Operating Budget is the improving health of the industry and the resultant reduction in failure related workload. Although savings in this area are being realized, the 2020 receivership funding budget provides resources for contractor support should workload in these areas require an immediate response. FDIC EXPENDITURES Dollars in Millions $3,500 $3,000 $2,500 $2,000 $1,500 $1,000 $500 $0 2010 2011 2012 2013 2014 2015 BUDGET AND SPENDING 2016 2017 2018 2019 87 ANNUAL REPORT The FDIC’s Strategic Plan and Annual Performance Plan provide the basis for annual planning and budgeting for needed resources. The 2019 aggregate budget (for ongoing operations, receivership funding, OIG, and investment spending) was $2.04 billion, while actual expenditures for the year were $1.86 billion, about $34 million less than 2018 expenditures. Over the past decade the FDIC’s expenditures have varied in response to workload. During the last several years, expenditures have fallen, largely due to decreasing resolution and receivership activity. To a lesser extent decreased expenses have resulted from supervision-related costs associated with the oversight of fewer troubled institutions. 2019 BUDGET AND EXPENDITURES BY PROGRAM (Support Allocated) Dollars in Millions $1,200 Budget Expenditures $900 $600 $300 $0 Supervision and Consumer Protection Program Receivership Management Program Insurance Program General and Administrative 2019 BUDGET AND EXPENDITURES BY PROGRAM or 13 percent, to Corporate General and Administrative expenditures. (Excluding Investments) Actual expenditures for the year totaled $1.86 billion. Actual expenditures amounts were allocated as follows: $1.06 billion, or 57 percent, to the Supervision and Consumer Protection program; $252 million, or 14 percent, to the Receivership Management program; $324 million, or 17 percent, to the Insurance program; and $225 million, or 12 percent, to Corporate General and Administrative expenditures. The FDIC budget for 2019 totaled approximately $2.04 billion. Budget amounts were allocated as follows: $1.06 billion, or 52 percent, to the Supervision and Consumer Protection program; $394 million, or 19 percent, to the Receivership Management program; $323 million, or 16 percent, to the Insurance program; and $264 million, 88 BUDGET AND SPENDING 2019 INVESTMENT SPENDING approval and monitoring processes also enable the FDIC to be aware of risks to the major capital investment projects and facilitate appropriate, timely intervention to address these risks throughout the development process. An investment portfolio performance review is provided to the FDIC’s Board of Directors on a quarterly basis. From 2010-2019, investment spending totaled $103 million and is estimated at $11 million for 2020. The FDIC instituted a separate Investment Budget in 2003 to provide enhanced governance of major multiyear development efforts. It has a disciplined process for reviewing proposed new investment projects and managing the construction and implementation of approved projects. Proposed IT projects are carefully reviewed to ensure that they are consistent with the FDIC’s enterprise architecture. The project INVESTMENT SPENDING Dollars in Millions $25 $20 $15 $10 $5 $0 2010 2011 2012 2013 2014 2015 2016 BUDGET AND SPENDING 2017 2018 2019 89 THIS PAGE INTENTIONALLY LEFT BLANK V. FINANCIAL SECTION ANNUAL REPORT DEPOSIT INSURANCE FUND (DIF) Federal Deposit Insurance Corporation Deposit Insurance Fund Balance Sheet As of December 31 (Dollars in Thousands) ASSETS Cash and cash equivalents Investment in U.S. Treasury securities (Note 3) $ Assessments receivable (Note 9) Receivables from resolutions, net (Note 4) Total Assets LIABILITIES Accounts payable and other liabilities Liabilities due to resolutions (Note 6) 92,708,356 1,020,947 549,791 329,828 1,376,341 3,058,241 328,530 103,795,254 $ 214,451 $ 198,072 289,462 235,935 Guarantee payments and litigation losses (Notes 7 and 8) 346,271 Commitments and off-balance-sheet exposure (Note 13) FUND BALANCE Accumulated Net Income ACCUMULATED OTHER COMPREHENSIVE INCOME Unrealized gain (loss) on U.S. Treasury securities, net (Note 3) Unrealized postretirement benefit (loss) (Note 12) 113,936 977,720 1,186,330 109,820,102 103,238,013 Total Fund Balance $ 33,611 587,268 (615,549) 526,836 (629,089) (60,432) Total Accumulated Other Comprehensive Income (Loss) 604,776 93,505 34,031 Total Liabilities FINANCIAL SECTION 100,071,880 111,324,658 $ Anticipated failure of insured institutions (Note 7) 92 5,773,995 $ Contingent liabilities: The accompanying notes are an integral part of these financial statements. 5,990,765 $ 2,669,270 Postretirement benefit liability (Note 12) Total Liabilities and Fund Balance 2018 1,241,968 Interest receivable on investments and other assets, net Property and equipment, net (Note 5) 2019 (13,540) 110,346,938 102,608,924 111,324,658 $ 103,795,254 2019 DEPOSIT INSURANCE FUND (DIF) Federal Deposit Insurance Corporation Deposit Insurance Fund Statement of Income and Fund Balance For the Years Ended December 31 (Dollars in Thousands) REVENUE Assessments (Note 9) $ Interest on U.S. Treasury securities Other revenue 2019 2018 4,939,063 $ 9,526,723 2,116,504 39,745 Total Revenue EXPENSES AND LOSSES Operating expenses (Note 10) Provision for insurance losses (Note 11) Total Expenses and Losses Net Income OTHER COMPREHENSIVE INCOME Unrealized gain (loss) on U.S. Treasury securities, net 11,208 7,095,312 11,170,794 1,795,605 1,764,748 3,149 3,102 (1,285,531) Insurance and other expenses 1,632,863 (562,622) 513,223 1,205,228 6,582,089 9,965,566 1,202,817 (136,187) Total Other Comprehensive Income (Loss) 1,155,925 (104,137) Comprehensive Income 7,738,014 9,861,429 102,608,924 92,747,495 Unrealized postretirement benefit (loss) gain (Note 12) Fund Balance - Beginning Fund Balance - Ending (46,892) $ 110,346,938 $ 32,050 102,608,924 The accompanying notes are an integral part of these financial statements. FINANCIAL SECTION 93 ANNUAL REPORT DEPOSIT INSURANCE FUND (DIF) Federal Deposit Insurance Corporation Deposit Insurance Fund Statement of Cash Flows For the Years Ended December 31 2019 (Dollars in Thousands) OPERATING ACTIVITIES Provided by: Assessments $ Interest on U.S. Treasury securities Recoveries from financial institution resolutions 5,079,563 $ 1,988,763 1,674,857 Miscellaneous receipts 27,895 Used by: Operating expenses Disbursements for financial institution resolutions Net Cash Provided by Operating Activities 10,766,890 1,837,400 3,254,230 18,290 (1,746,598) (1,744,274) (2,262) (3,694) (256,773) Miscellaneous disbursements 2018 (353,448) 6,765,445 13,775,394 Maturity of U.S. Treasury securities 34,250,000 27,354,816 Purchase of U.S. Treasury securities (40,749,953) (37,140,141) (6,548,675) (9,830,597) INVESTING ACTIVITIES Provided by: Used by: Purchase of property and equipment (48,722) Net Cash (Used) by Investing Activities Net Increase in Cash and Cash Equivalents Cash and Cash Equivalents - Beginning Cash and Cash Equivalents - Ending $ The accompanying notes are an integral part of these financial statements. 94 FINANCIAL SECTION (45,272) 216,770 3,944,797 5,773,995 1,829,198 5,990,765 $ 5,773,995 2019 DEPOSIT INSURANCE FUND NOTES TO THE FINANCIAL STATEMENTS December 31, 2019 and 2018 1. Operations of the Deposit Insurance Fund OVERVIEW The Federal Deposit Insurance Corporation (FDIC) is the independent deposit insurance agency created by Congress in 1933 to maintain stability and public confidence in the nation’s banking system. Provisions that govern the FDIC’s operations are generally found in the Federal Deposit Insurance (FDI) Act, as amended (12 U.S.C. 1811, et seq). In accordance with the FDI Act, the FDIC, as administrator of the Deposit Insurance Fund (DIF), insures the deposits of banks and savings associations (insured depository institutions). In cooperation with other federal and state agencies, the FDIC promotes the safety and soundness of insured depository institutions (IDIs) by identifying, monitoring, and addressing risks to the DIF. Commercial banks, savings banks and savings associations (known as “thrifts”) are supervised by either the FDIC, the Office of the Comptroller of the Currency, or the Federal Reserve Board. In addition to being the administrator of the DIF, the FDIC is the administrator of the FSLIC Resolution Fund (FRF). The FRF is a resolution fund responsible for the sale of the remaining assets and the satisfaction of the liabilities associated with the former Federal Savings and Loan Insurance Corporation (FSLIC) and the former Resolution Trust Corporation. The FDIC maintains the DIF and the FRF separately to support their respective functions. Pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act), the FDIC also manages the Orderly Liquidation Fund (OLF). Established as a separate fund in the U.S. Treasury (Treasury), the OLF is inactive and unfunded until the FDIC is appointed as receiver for a covered financial company. A covered financial company is a failing financial company (for example, a bank holding company or nonbank financial company) for which a systemic risk determination has been made as set forth in section 203 of the Dodd-Frank Act. The Dodd-Frank Act (Public Law 111-203) granted the FDIC authority to establish a widely available program to guarantee obligations of solvent IDIs or solvent depository institution holding companies (including affiliates) upon the systemic risk determination of a liquidity event during times of severe economic distress. The program would not be funded by the DIF but rather by fees and assessments paid by all participants in the program. If fees are insufficient to cover losses or expenses, the FDIC must impose a special assessment on participants as necessary to cover the shortfall. Any excess funds at the end of the liquidity event program would be deposited in the General Fund of the Treasury. The Dodd-Frank Act also created the Financial Stability Oversight Council of which the Chairman of the FDIC is a member and expanded the FDIC’s responsibilities to include supervisory review of resolution plans (known as living wills) and backup examination authority for systemically important bank holding companies and nonbank financial companies supervised by the Federal Reserve Board. The living wills provide for an entity’s rapid and orderly resolution in the event of material financial distress or failure. OPERATIONS OF THE DIF The primary purposes of the DIF are to (1) insure the deposits and protect the depositors of IDIs and (2) resolve failed IDIs upon appointment of the FDIC as receiver in a manner that will result in the least possible cost to the DIF. The DIF is primarily funded from deposit insurance assessments and interest earned on investments in U.S. Treasury securities. Other available funding sources, if necessary, are borrowings from the Treasury, the Federal Financing Bank (FFB), Federal Home Loan Banks, and IDIs. The FDIC has borrowing authority of $100 billion from the Treasury and a Note Purchase Agreement with the FFB, not to exceed $100 billion, to enhance the DIF’s ability to fund deposit insurance. A statutory formula, known as the Maximum Obligation Limitation (MOL), limits the amount of obligations the DIF can incur to the sum of its cash, 90 percent of the fair market value of other assets, and the amount authorized to be borrowed from the Treasury. The MOL for the DIF was $209.5 billion and $201.8 billion as of December 31, 2019 and 2018, respectively. OPERATIONS OF RESOLUTION ENTITIES The FDIC, as receiver, is responsible for managing and disposing of the assets of failed institutions in an orderly and efficient manner. The assets held by receiverships, conservatorships, and bridge institutions (collectively, resolution entities), and the claims against them, are accounted for separately from the DIF assets and liabilities to ensure that proceeds from these entities are distributed according to applicable laws and regulations. Therefore, income and expenses attributable to resolution entities are FINANCIAL SECTION 1 95 ANNUAL REPORT DEPOSIT INSURANCE FUND accounted for as transactions of those entities. The FDIC, as administrator of the DIF, bills resolution entities for services provided on their behalf. 2. Summary of Significant Accounting Policies GENERAL The financial statements include the financial position, results of operations, and cash flows of the DIF and are presented in accordance with U.S. generally accepted accounting principles (GAAP). These statements do not include reporting for assets and liabilities of resolution entities because these entities are legally separate and distinct, and the DIF does not have any ownership or beneficial interests in them. Periodic and final accounting reports of resolution entities are furnished to courts, supervisory authorities, and others upon request. USE OF ESTIMATES The preparation of the financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities, revenue and expenses, and disclosure of contingent liabilities. Actual results could differ from these estimates. Where it is reasonably possible that changes in estimates will cause a material change in the financial statements in the near term, the nature and extent of such potential changes in estimates have been disclosed. The more significant estimates include the assessments receivable and associated revenue; the allowance for loss on receivables from resolutions (which considers the impact of shared-loss agreements); the guarantee obligations for structured transactions; the postretirement benefit obligation; and the estimated losses for anticipated failures. CASH EQUIVALENTS Cash equivalents are short-term, highly liquid investments consisting primarily of U.S. Treasury Overnight Certificates. INVESTMENT IN U.S. TREASURY SECURITIES The FDI Act requires that the DIF funds be invested in obligations of the United States or in obligations guaranteed as to principal and interest by the United States. The Secretary of the Treasury must approve all such investments in excess of $100,000 and has granted the FDIC approval to invest the DIF funds only in U.S. Treasury obligations that are purchased or sold exclusively through the Treasury’s Bureau of the Fiscal Service’s Government Account Series program. The DIF’s investments in U.S. Treasury securities are classified as available-for-sale (AFS). Securities designated as AFS are shown at fair value. Unrealized gains and losses are reported as other comprehensive income. Any realized gains and losses are included in the Statement of Income and Fund 96 Balance as components of net income. Income on securities is calculated and recorded daily using the effective interest or straight-line method depending on the maturity of the security (see Note 3). REVENUE RECOGNITION FOR ASSESSMENTS Assessment revenue is recognized for the quarterly period of insurance coverage based on an estimate. The estimate is derived from an institution’s regular risk-based assessment rate and assessment base for the prior quarter adjusted for certain changes in supervisory examination ratings for larger institutions, modest assessment base growth and average assessment rate adjustment factors, and any assessment credits expected to be applied. At the subsequent quarterend, the estimated revenue amounts are adjusted when actual assessments for the covered period are determined for each institution (see Note 9). CAPITAL ASSETS AND DEPRECIATION The FDIC buildings are depreciated on a straight-line basis over a 35- to 50-year estimated life. Building improvements are capitalized and depreciated over the estimated useful life of the improvements. Leasehold improvements are capitalized and depreciated over the lesser of the remaining life of the lease or the estimated useful life of the improvements, if determined to be material. Capital assets depreciated on a straight-line basis over a five-year estimated useful life include mainframe equipment; furniture, fixtures, and general equipment; and internal-use software. Computer equipment is depreciated on a straight-line basis over a threeyear estimated useful life (see Note 5). PROVISION FOR INSURANCE LOSSES The provision for insurance losses primarily represents changes in the allowance for losses on receivables from closed banks and the contingent liability for anticipated failure of insured institutions (see Note 11). REPORTING ON VARIABLE INTEREST ENTITIES The receiverships engaged in structured transactions, some of which resulted in the issuance of note obligations that were guaranteed by the FDIC, in its corporate capacity. As the guarantor of note obligations for several structured transactions, the FDIC, in its corporate capacity, holds an interest in many variable interest entities (VIEs). The FDIC conducts a qualitative assessment of its relationship with each VIE as required by the Financial Accounting Standards Board (FASB) Accounting Standards Codification (ASC) Topic 810, Consolidation. These assessments are conducted to determine if the FDIC, in its corporate capacity, has (1) the power to direct the activities that most significantly affect the economic performance of the VIE and (2) an obligation to absorb losses of the VIE or the right to receive benefits from FINANCIAL SECTION 2 2019 NOTES TO THE FINANCIAL STATEMENTS the VIE that could potentially be significant to the VIE. When a variable interest holder has met both of these characteristics, the enterprise is considered the primary beneficiary and must consolidate the VIE. In accordance with the provisions of FASB ASC Topic 810, an assessment of the terms of the legal agreement for each VIE was conducted to determine whether any of the terms had been activated or modified in a manner that would cause the FDIC, in its corporate capacity, to be characterized as a primary beneficiary. In making that determination, consideration was given to which, if any, activities were significant to each VIE. Often, the right to service collateral, to liquidate collateral, or to unilaterally dissolve the VIE was determined to be the most significant activity. In other cases, it was determined that the structured transactions did not include such significant activities and that the design of the entity was the best indicator of which party was the primary beneficiary. The conclusion of these analyses was that the FDIC, in its corporate capacity, has not engaged in any activity that would cause the FDIC to be characterized as a primary beneficiary to any VIE with which it was involved as of December 31, 2019 and 2018. Therefore, consolidation is not required for the December 31, 2019 and 2018 DIF financial statements. In the future, the FDIC, in its corporate capacity, may become the primary beneficiary upon the activation of provisional contract rights that extend to the FDIC if payments are made on guarantee claims. Ongoing analyses will be required to monitor consolidation implications under FASB ASC Topic 810. The FDIC’s involvement with VIEs is fully described in Note 8 under FDIC Guaranteed Debt of Structured Transactions. RELATED PARTIES The nature of related parties and a description of related party transactions are discussed in Note 1 and disclosed throughout the financial statements and footnotes. APPLICATION OF RECENT ACCOUNTING STANDARDS In June 2016, the FASB issued ASU 2016-13, Financial Instruments—Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments. The ASU will replace the incurred loss impairment model with a new expected credit loss model for financial assets measured at amortized cost and for off-balance-sheet credit exposures. The guidance also amends the AFS debt securities impairment model by requiring the use of an allowance to record estimated credit losses (and subsequent recoveries) related to AFS debt securities. In November 2019, the FASB issued ASU 2019-10, Financial Instruments—Credit Losses (Topic 326), Derivatives and Hedging (Topic 815), and Leases (Topic 842): Effective Dates, that changed the effective date of ASU 2016-13 for the DIF to January 1, 2023. The FDIC does not expect the ASU to have a material effect on the DIF’s financial position and results of operations. However, changes to the balance sheet and certain disclosures will be required. Other recent accounting standards have been deemed not applicable or material to the financial statements as presented. 3. Investment in U.S. Treasury Securities The “Investment in U.S. Treasury securities” line item on the Balance Sheet consisted of the following components by maturity (dollars in millions). December 31, 2019 Yield at Maturity Purchase U.S. Treasury notes and bonds Within 1 year After 1 year through 5 years Face Value Net Carrying Amount Unrealized Holding Gains Unrealized Holding Losses Fair Value 1.93% $ 45,550 $ 45,928 $ 50 $ (11) $ 45,967 2.08% 52,900 53,557 555 (7) 54,105 98,450 $ 99,485 $ 605 $ Total $ (18) (a) $ 100,072 (a) These unrealized losses occurred as a result of temporary changes in market interest rates. The FDIC does not intend to sell the securities and is not likely to be required to sell them before their maturity date, thus, the FDIC does not consider these securities to be other than temporarily impaired at December 31, 2019. As of December 31, 2019, securities with a continuous unrealized loss position of less than 12 months had an aggregate related fair value and unrealized loss of $8.6 billion and $8 million, respectively. For those with a continuous unrealized loss position of 12 months or longer, their aggregate related fair value and unrealized losses were $13.1 billion and $10 million, respectively. December 31, 2018 Yield at Maturity Purchase U.S. Treasury notes and bonds Within 1 year 1.90% $ After 1 year through 5 years Total 2.08% $ Face Value Net Carrying Amount 28,950 $ 28,997 $ 64,650 64,327 93,600 $ 93,324 $ Unrealized Holding Gains Unrealized Holding Losses 0 $ Fair Value (104) $ 28,893 137 (649) 63,815 137 $ (753) (a) $ 92,708 (a) These unrealized losses occurred as a result of temporary changes in market interest rates. The FDIC does not intend to sell the securities and is not likely to be required to sell them before their maturity date, thus, the FDIC does not consider these securities to be other than temporarily impaired at December 31, 2018. As of December 31, 2018, securities with a continuous unrealized loss position of less than 12 months had an aggregate related fair value and unrealized loss of $21.6 billion and $77 million, respectively. For those with a continuous unrealized loss position of 12 months or longer, their aggregate related fair value and unrealized losses were $53.1 billion and $676 million, respectively. 4. Receivables from Resolutions, Net The receivables from resolutions result from DIF payments to cover obligations to insured depositors (subrogated claims), advances to resolution entities for working capital, and administrative expenses paid on behalf of resolution entities. Any related allowance for loss represents the difference between the funds advanced and/or obligations incurred and the expected repayment. Estimated future payments on FINANCIAL SECTION 3 97 ANNUAL REPORT DEPOSIT INSURANCE FUND losses incurred on assets sold to an acquiring institution under a shared-loss agreement (SLA) are factored into the computation of the expected repayment. Assets held by resolution entities (including structured transaction-related assets; see Note 8) are the main source of repayment of the DIF’s receivables from resolutions. The “Receivables from resolutions, net” line item on the Balance Sheet consisted of the following components (dollars in thousands). December 31 Receivables from closed banks $ Total $ Allowance for losses 2019 63,981,989 $ (61,312,719) 2,669,270 $ December 31 2018 68,267,737 (65,209,496) 3,058,241 As of December 31, 2019, the FDIC, as receiver, managed 248 active receiverships; four new receiverships were established in 2019. The resolution entities held assets with a book value of $3.4 billion as of December 31, 2019, and $5.1 billion as of December 31, 2018 (including $2.9 billion and $4.0 billion, respectively, of cash, investments, receivables due from the DIF, and other receivables). Estimated cash recoveries from the management and disposition of assets that are used to determine the allowance for losses are based on asset recovery rates from several sources, which may include the following: actual or pending institution-specific asset disposition data, failed institutionspecific asset valuation data, aggregate asset valuation data on several recently failed or troubled institutions, sampled asset valuation data, and empirical asset recovery data based on failures since 2007. Methodologies for determining the asset recovery rates incorporate estimating future cash recoveries, net of applicable liquidation cost estimates, and discounting based on market-based risk factors applicable to a given asset’s type and quality. The resulting estimated cash recoveries are then used to derive the allowance for loss on the receivables from these resolutions. For failed institutions resolved using a whole bank purchase and assumption transaction with an accompanying SLA, the projected shared-loss payments and the end of agreement true-up recoveries on the covered residential and commercial loan assets sold to the acquiring institution under the agreement are considered in determining the allowance for loss on the receivables from these resolutions. The sharedloss cost projections are based on the covered assets’ intrinsic value, which is determined using financial models that consider the quality and type of covered assets, current and future market conditions, risk factors, and estimated asset holding periods. True-up recoveries are projected to be received at expiration in accordance with the terms of the SLA, 98 if actual losses at expiration are lower than originally estimated. For December 31, 2019, the shared-loss cost estimates were updated for 59 receiverships with active SLAs. Note that all commercial asset shared-loss coverage expired as of year-end 2018. The updated shared-loss cost projections on the $4.2 billion of remaining residential shared-loss covered assets were based on the FDIC’s historical loss experience that also factors in the remaining time period of shared-loss coverage. In 2019, there were three changes to the calculation of the allowance for loss on receivables from resolutions. The calculation for estimating the servicing fee component of the true-up recoveries was updated from an upfront estimate of initial assets to an estimate based on actual asset balances over the life of the agreement to more closely reflect end-ofagreement expected results. In addition, shared-loss cost projections are based on the FDIC’s historical loss experience and no longer include pending sales activity; this change was made to address the seasoned nature of this portfolio. Finally, the projection of future receivership expenses was adjusted to reflect lower expected liquidation cost estimates. The effect of these changes resulted in a reduction of $213 million to the estimated losses for failed institutions. Note that estimated asset recoveries are regularly evaluated during the year, but remain subject to uncertainties because of potential changes in economic and market conditions, which may cause the DIF’s actual recoveries to vary significantly from current estimates. WHOLE BANK PURCHASE AND ASSUMPTION TRANSACTIONS WITH SHARED-LOSS AGREEMENTS Since the beginning of 2008 through 2013, the FDIC resolved 304 failures using whole bank purchase and assumption resolution transactions with accompanying SLAs on total assets of $215.6 billion purchased by the financial institution acquirers. The acquirer typically assumed all of the deposits and purchased essentially all of the assets of a failed institution. The majority of the commercial and residential loan assets were purchased under an SLA, where the FDIC agreed to share in future losses and recoveries experienced by the acquirer on those assets covered under the agreement. Losses on the covered assets of failed institutions are shared between the acquirer and the FDIC, in its receivership capacity, when losses occur through the sale, foreclosure, loan modification, or charge-off of loans under the terms of the SLA. The majority of the agreements cover commercial and single-family loans over a five- to ten-year shared-loss period, respectively, with the receiver covering 80 percent of the losses incurred by the acquirer and the acquiring institution FINANCIAL SECTION 4 2019 NOTES TO THE FINANCIAL STATEMENTS covering 20 percent. Prior to March 26, 2010, most SLAs included a threshold amount, above which the receiver covered 95 percent of the losses incurred by the acquirer. Recoveries by the acquirer on covered commercial and singlefamily SLA losses are also shared over an eight- to ten-year period, respectively. Note that future recoveries on SLA losses are not factored into the DIF allowance for loss calculation because the amount and timing of such receipts are not determinable. The estimated shared-loss liability is accounted for by the receiver and is included in the calculation of the DIF’s allowance for loss against the corporate receivable from the resolution. As shared-loss claims are asserted and proven, receiverships satisfy these shared-loss payments using available liquidation funds and/or by drawing on amounts due from the DIF for funding the deposits assumed by the acquirer (see Note 6). Receivership shared-loss transactions are summarized as follows (dollars in thousands). December 31 Remaining shared-loss covered assets Shared-loss payments made to date, $ December 31 2019 4,205,256 $ 2018 9,602,069 $ 29,116,846 $ 29,088,461 Estimated remaining shared-loss liability $ 31,458 $ 566,194 net of recoveries Estimated true-up recoveries $ (477,130) $ (390,987) net of true-up recoveries $ (445,672) $ 175,207 Projected shared-loss payments, The $5.4 billion reduction in the remaining shared-loss covered assets from 2018 to 2019 is primarily due to the liquidation of covered assets from active SLAs and natural or early termination of SLAs impacting 22 receiverships during 2019. As of December 31, 2019, the shared-loss coverage period has expired for $3.8 billion or 91 percent of the total remaining covered assets, however, related balances are included in the above table pending receipt and disposition of final claim certificates. Projected remaining shared-loss payments are less than estimated end-of-agreement true-up recoveries in 2019 as the majority of the expected shared-loss payments by receiverships with SLAs nearing expiration have already been paid. CONCENTRATION OF CREDIT RISK Financial instruments that potentially subject the DIF to concentrations of credit risk are receivables from resolutions. The repayment of these receivables is primarily influenced by recoveries on assets held by receiverships and payments on the covered assets under SLAs. Of the $519 million of assets in liquidation and $4.2 billion of shared-loss covered assets as of December 31, 2019, 19 percent or $900 million, were related to receiverships that have fully repaid DIF’s subrogated claims, thereby mitigating further loss exposure. The remaining assets primarily originated from failed institutions located in California ($3.2 billion). 5. Property and Equipment, Net Depreciation expense was $49 million and $51 million for 2019 and 2018, respectively. The “Property and equipment, net” line item on the Balance Sheet consisted of the following components (dollars in thousands). Land Buildings (including building and leasehold improvements) Application software (includes work-in-process) Furniture, fixtures, and equipment Accumulated depreciation Total 6. December 31 December 31 2019 2018 $ 37,352 $ 37,352 342,071 328,787 108,006 103,543 66,970 66,889 (224,571) (208,041) $ 329,828 $ 328,530 Liabilities Due to Resolutions As of December 31, 2019 and 2018, the DIF recorded liabilities totaling $343 million and $601 million, respectively, to resolution entities representing the agreed-upon value of assets transferred from the receiverships, at the time of failure, to the acquirers/bridge institutions for use in funding the deposits assumed by the acquirers/bridge institutions. Ninety-five percent of these liabilities are due to failures resolved under whole-bank purchase and assumption transactions, most with an accompanying SLA. The DIF satisfies these liabilities either by sending cash directly to a receivership to fund shared-loss and other expenses or by offsetting receivables from resolutions when a receivership declares a dividend. In addition, there were $3 million and $4 million in unpaid deposit claims related to multiple receiverships as of December 31, 2019 and 2018, respectively. The DIF pays these liabilities when the claims are approved. 7. Contingent Liabilities ANTICIPATED FAILURE OF INSURED INSTITUTIONS The DIF records a contingent liability and a loss provision for DIF-insured institutions that are likely to fail when the liability FINANCIAL SECTION 5 99 ANNUAL REPORT DEPOSIT INSURANCE FUND is probable and reasonably estimable, absent some favorable event such as obtaining additional capital or merging. The contingent liability is derived by applying expected failure rates and loss rates to the institutions based on supervisory ratings, balance sheet characteristics, and projected capital levels. The banking industry’s financial condition and performance were generally positive in 2019. According to the most recent quarterly financial data submitted by DIF-insured institutions, the industry’s capital levels continued to improve, and the percentage of total loans that were noncurrent at September 30 is at its lowest level since second quarter 2007. The industry reported total net income of $180.3 billion for the first nine months of 2019, an increase of 1.5 percent over the comparable period one year ago. Consistent with the positive performance of the banking industry, the contingent liability remained relatively stable as of December 31, 2019 compared to December 31, 2018. The DIF recorded contingent liabilities totaling $94 million and $114 million as of December 31, 2019 and 2018, respectively. In addition to the recorded contingent liabilities, the FDIC has identified risks in the financial services industry that could result in additional losses to the DIF, should potentially vulnerable insured institutions ultimately fail. As a result of these risks, the FDIC believes that it is reasonably possible that the DIF could incur additional estimated losses of approximately $57 million as of December 31, 2019, compared to $227 million as of year-end 2018. The actual losses, if any, will largely depend on future economic and market conditions and could differ materially from this estimate. Four financial institutions failed in 2019, with total assets of $209 million and an estimated loss to the DIF at December 31, 2019, of $31 million. The improvement in financial performance and condition of the banking industry of the past year should continue if market conditions remain favorable. However, the operating environment poses several key challenges. Interest rates declined in the first half of 2019, and there are signs of growing credit and liquidity risk. Revenue growth and net interest margins have benefited from interest rate hikes in recent years; however, margins may be squeezed now as short-term interest rates have declined. Economic conditions that challenge the banking sector include the impact of slower global economic growth; the impact of trade tariffs on manufacturing and exports; the impact of continued weak commodity prices on local markets; and the risk of market volatility from global economic and geopolitical 100 developments. The FDIC continues to evaluate ongoing risks to affected institutions in light of existing economic and financial conditions, and the extent to which such risks may put stress on the resources of the insurance fund. LITIGATION LOSSES The DIF records an estimated loss for unresolved legal cases to the extent that those losses are considered probable and reasonably estimable. The FDIC recorded probable litigation losses of $200 thousand for the DIF as of December 31, 2019 and 2018. In addition, the FDIC has identified no reasonably possible losses from unresolved cases as of December 31, 2019 and 2018. 8. Other Contingencies PURCHASE AND ASSUMPTION INDEMNIFICATION In connection with purchase and assumption agreements for resolutions, the FDIC, in its receivership capacity, generally indemnifies the purchaser of a failed institution’s assets and liabilities in the event a third party asserts a claim against the purchaser unrelated to the explicit assets purchased or liabilities assumed at the time of failure. The FDIC, in its corporate capacity, is a secondary guarantor if a receivership is unable to pay. These indemnifications generally extend for a term of six years after the date of institution failure. The FDIC is unable to estimate the maximum potential liability for these types of guarantees as the agreements do not specify a maximum amount and any payments are dependent upon the outcome of future contingent events, the nature and likelihood of which cannot be determined at this time. During 2019 and 2018, the FDIC, in its corporate capacity, made no indemnification payments under such agreements, and no amount has been accrued in the accompanying financial statements with respect to these indemnification guarantees. FDIC GUARANTEED DEBT OF STRUCTURED TRANSACTIONS The FDIC, as receiver, used structured transactions (securitizations and structured sales of guaranteed notes (SSGNs) or collectively, “trusts”) to dispose of residential mortgage loans, commercial loans, and mortgage-backed securities held by the receiverships. For these transactions, certain loans or securities from failed institutions were pooled and transferred into a trust structure. The trusts issued senior and/or subordinated debt instruments and owner trust or residual certificates collateralized by the underlying mortgage-backed securities or loans. FINANCIAL SECTION 6 2019 NOTES TO THE FINANCIAL STATEMENTS From March 2010 through March 2013, the receiverships transferred a portfolio of loans with an unpaid principal balance of $2.4 billion and mortgage-backed securities with a book value of $6.4 billion to the trusts. Private investors purchased the senior notes issued by the trusts for $6.2 billion in cash and the receiverships held the subordinated debt instruments and owner trust or residual certificates. In exchange for a fee, the FDIC, in its corporate capacity, guarantees the timely payment of principal and interest due on the senior notes, with the last guarantee expected to terminate in 2022. If the FDIC is required to perform under its guarantees, it acquires an interest in the cash flows of the trust equal to the amount of guarantee payments made plus accrued interest. The subordinated note holders and owner trust or residual certificate holders receive cash flows from the trust only after all expenses have been paid, the guaranteed notes have been satisfied, and the FDIC has been reimbursed for any guarantee payments. The following table provides the maximum loss exposure to the FDIC, as guarantor, total guarantee fees collected, guarantee fees receivable, and other information related to the FDIC guaranteed debt for the trusts as of December 31, 2019 and 2018 (dollars in millions). December 31 2019 Number of trusts Initial Current December 31 2018 11 6 11 8 Trust collateral balances Initial Current $ $ 8,780 $ 878 $ 8,780 1,643 Guaranteed note balances Initial Current (maximum loss exposure) $ $ 6,196 $ 195 $ 6,196 404 Guarantee fees collected to date $ 166 $ 163 Amounts recognized in Interest receivable on investments and other assets, net Receivable for guarantee fees Receivable for guarantee payments, net Amounts recognized in Contingent liabilities: Guarantee payments and litigation losses Contingent liability for guarantee payments Amounts recognized in Accounts payable and other liabilities Deferred revenue for guarantee feesa $ 1$ 4 $ 32 $ 28 $ 34 $ 33 $ 1$ 4 (a) All guarantee fees are recorded as deferred revenue and recognized as revenue primarily on a straight-line basis over the term of the notes. Except as presented above, the DIF records no other structured transaction-related assets or liabilities on its balance sheet. ESTIMATED LOSS FROM GUARANTEE PAYMENTS Any estimated loss to the DIF from the guarantees is based on an analysis of the expected guarantee payments by the FDIC, net of reimbursements to the FDIC for such guarantee payments. The DIF recorded a contingent liability of $34 million as of December 31, 2019 for estimated payments under the guarantee for one SSGN transaction, up from $33 million at December 31, 2018. As guarantor, the FDIC, in its corporate capacity, is entitled to reimbursement from the trust for any guarantee payments; therefore, a corresponding receivable has been recorded. The related allowance for loss on this receivable is $2 million and $5 million as of December 31, 2019 and 2018, reflecting the expected shortfall of proceeds available for reimbursement after liquidation of the SSGN’s underlying collateral at note maturity. Guarantee payments are expected to be made at note maturity in December 2020. For all of the remaining transactions, the estimated cash flows from the trust assets provide sufficient coverage to fully pay the debts. To date, the FDIC, in its corporate capacity, has not provided, and does not intend to provide, any form of financial or other type of support for structured transactions that it was not previously contractually required to provide. 9. Assessments The FDIC deposit insurance assessment system is mandated by section 7 of the FDI Act and governed by part 327 of title 12 of the Code of Federal Regulations (12 CFR Part 327). The risk-based system requires the payment of quarterly assessments by all IDIs. In response to the Dodd-Frank Act, the FDIC implemented several changes to the assessment system, amended its Restoration Plan (which is required when the ratio of the DIF balance to estimated insured deposits, or reserve ratio, is below the statutorily mandated minimum), and developed a comprehensive, long-term fund management plan. The Dodd-Frank Act established the minimum reserve ratio for the DIF at 1.35 percent, up from the previous statutory minimum of 1.15 percent. If the reserve ratio falls below 1.35 percent, or the FDIC projects that it will within 6 months, the FDIC generally must implement a restoration plan that will return the DIF to 1.35 percent within 8 years. The long-term fund management plan is designed to restore and maintain a positive fund balance for the DIF even during FINANCIAL SECTION 7 101 ANNUAL REPORT DEPOSIT INSURANCE FUND a banking crisis and achieve moderate, steady assessment rates throughout any economic cycle. Summarized below are key longer-term provisions of the plan. • The FDIC Board of Directors designates a reserve ratio for the DIF and publishes the designated reserve ratio (DRR) before the beginning of each calendar year, as required by the FDI Act. Accordingly, in December 2019, the FDIC published a notice maintaining the DRR at 2 percent for 2020. The DRR is an integral part of the FDIC’s comprehensive, long-term management plan for the DIF and is viewed as a long-range, minimum target for the reserve ratio. • The FDIC suspended dividends indefinitely, and, in lieu of dividends, prescribes progressively lower assessment rates when the reserve ratio exceeds 2 percent and 2.5 percent. As noted above, the Dodd-Frank Act increased the minimum reserve ratio from 1.15 percent to 1.35 percent. This increase was required to be achieved by September 30, 2020, and the Dodd-Frank Act mandated that the FDIC offset the effect of increasing the minimum reserve ratio on institutions with less than $10 billion in total assets (small banks). To implement this requirement, the FDIC imposed a surcharge to the regular quarterly assessments of IDIs with $10 billion or more in total consolidated assets (large banks) beginning with the quarter ending September 30, 2016, and provided for credits to small banks for their contribution to the growth in the reserve ratio from 1.15 percent to 1.35 percent. As of September 30, 2018, the reserve ratio of the DIF exceeded the required minimum of 1.35 percent by reaching 1.36 percent. As a result, the requirements of the amended Restoration Plan were achieved, the surcharge assessment on large banks ended effective October 1, 2018, and small bank assessment credits of $765 million were awarded. As long as the reserve ratio is at a prescribed level, small bank credits are automatically applied to reduce the regular quarterly deposit insurance assessment up to the full amount of the credits or assessment, whichever is less. In November 2019, the FDIC approved a final rule that amended the requirements for applying small bank assessment credits, effective beginning with the third quarter 2019 assessments. Under the rule, once the FDIC begins applying small bank credits to quarterly assessments when the reserve ratio is at least 1.38 percent, credits will be applied for three additional quarters when the reserve ratio is at least 1.35 percent. The final rule also requires the FDIC to remit the full nominal value of any remaining small bank credits to each IDI holding such credits after four quarterly assessment 102 periods of application in the next assessment period in which the reserve ratio is at least 1.35 percent. In the second quarter of 2019, the reserve ratio rose to 1.40 percent and the FDIC began applying small bank credits against quarterly assessments. Of the total $765 million credits awarded, $559 million were applied in 2019 to reduce assessments paid by small banks. In addition, the year-end 2019 assessment receivable and related assessment revenue have been reduced by $145 million, reflecting expected credit use in the fourth quarter assessment collection at the end of March 2020. If the reserve ratio remains at least 1.35 percent for the first quarter of 2020, an estimated $55 million in assessment credits will be applied against the first quarter assessment. The FDIC estimates that approximately $6 million in small bank credits will be remitted. ASSESSMENT REVENUE Annual assessment rates averaged approximately 3.1 cents per $100 of the assessment base during 2019. Annual assessment rates averaged approximately 7.2 cents per $100 of the assessment base through September 30, 2018. Annual assessment rates averaged approximately 3.5 cents per $100 for the fourth quarter of 2018, reflecting the end of surcharges on larger institutions beginning October 1, 2018. The assessment base is generally defined as average consolidated total assets minus average tangible equity (measured as Tier 1 capital) of an IDI during the assessment period. The “Assessments receivable” line item on the Balance Sheet of $1.2 billion and $1.4 billion represents the estimated premiums due from IDIs for the fourth quarter of 2019 and 2018, respectively. The actual deposit insurance assessments for the fourth quarter of 2019 will be billed and collected at the end of the first quarter of 2020. During 2019 and 2018, $4.9 billion and $9.5 billion, respectively, were recognized as assessment revenue from institutions, including $3.8 billion in surcharges from large IDIs in 2018. In total, surcharges of $11.2 billion were collected over nine quarters. PENDING LITIGATION FOR UNDERPAID ASSESSMENTS On January 9, 2017, the FDIC filed suit in the United States District Court for the District of Columbia (and amended this complaint on April 7, 2017), alleging that Bank of America, N.A. (BoA) underpaid its insurance assessments for multiple quarters based on the underreporting of counterparty exposures. In total, the FDIC alleges that BoA underpaid insurance assessments by $1.12 billion, including interest for the quarters ending March 2012 through December 2014. The FDIC invoiced BoA for $542 million and $583 million representing claims in the initial suit and the amended complaint, respectively. BoA has failed to pay these past due amounts. Pending resolution of this matter, BoA has fully FINANCIAL SECTION 8 2019 NOTES TO THE FINANCIAL STATEMENTS pledged security with a third-party custodian pursuant to a security agreement with the FDIC. As of December 31, 2019, the total amount of unpaid assessments (including accrued interest) was $1.18 billion. For the years ending December 31, 2019 and 2018, the impact of this litigation is not reflected in the financial statements of the DIF. 11. Provision for Insurance Losses RESERVE RATIO As of September 30, 2019 and December 31, 2018, the DIF reserve ratio was 1.41 percent and 1.36 percent, respectively. As described in Note 4, the estimated recoveries from assets held by receiverships and estimated payments related to assets sold by receiverships to acquiring institutions under shared-loss agreements (SLAs) are used to derive the loss allowance on the receivables from resolutions. Summarized below are the three primary components that comprise the majority of the decrease in estimated losses for prior year failures. ASSESSMENTS RELATED TO FICO Assessments are levied on institutions for payments of the interest on bond obligations issued by the Financing Corporation (FICO). The FDIC collected the final FICO assessment in March 2019 pursuant to a final rule issued in December 2018 by the Federal Housing Finance Agency, the agency authorized by Congress to prescribe regulations relating to the FICO. The FICO was established as a mixedownership government corporation to function solely as a financing vehicle for the former FSLIC. The FICO assessment has no financial impact on the DIF and is separate from deposit insurance assessments. The FDIC, as administrator of the DIF, acts solely as a collection agent for the FICO. Interest obligations collected and remitted to the FICO were $47 million and $460 million for 2019 and 2018, respectively. The provision for insurance losses was a negative $1.3 billion for 2019, compared to negative $563 million for 2018. The negative provision for 2019 primarily resulted from a decrease to the estimated losses for prior year failures. • Receivership shared-loss liability cost estimates decreased $575 million primarily due to lower-thananticipated losses on covered assets, reductions in shared-loss cost estimates from expirations and early terminations of SLAs during the year, and higher true-up recoveries (projected to be received at expiration if actual losses at expiration are lower than originally estimated). • Receiverships received $465 million of unanticipated recoveries from litigation settlements and professional liability claims. These recoveries are typically not recognized in the allowance for loss estimate until the cash is received by receiverships, or collectability is assured, since significant uncertainties surround their recovery. • Reduction in projected future receiverships expenses, resulted in a loss estimate decrease of $118 million. 10. Operating Expenses The “Operating expenses” line item on the Statement of Income and Fund Balance consisted of the following components (dollars in thousands). December 31 Salaries and benefits Outside services $ Travel 268,093 89,552 Software/Hardware maintenance 94,761 Depreciation of property and equipment 48,547 Other 27,175 Subtotal Total 1,225,753 $ 80,684 Buildings and leased space Less: Expenses billed to resolution entities and others 2019 $ December 31 2018 1,221,138 268,693 89,443 86,795 83,276 51,316 26,666 1,834,565 1,827,327 1,795,605 $ 1,764,748 (38,960) (62,579) 12. Employee Benefits PENSION BENEFITS AND SAVINGS PLANS Eligible FDIC employees (permanent and term employees with appointments exceeding one year) are covered by the federal government retirement plans, either the Civil Service Retirement System (CSRS) or the Federal Employees Retirement System (FERS). Although the DIF contributes a portion of pension benefits for eligible employees, it does not account for the assets of either retirement system. The DIF also does not have actuarial data for accumulated plan benefits or the unfunded liability relative to eligible employees. These amounts are reported on and accounted for by the U.S. Office of Personnel Management (OPM). FINANCIAL SECTION 9 103 ANNUAL REPORT DEPOSIT INSURANCE FUND Under the Federal Thrift Savings Plan (TSP), the FDIC provides FERS employees with an automatic contribution of 1 percent of pay and an additional matching contribution up to 4 percent of pay. CSRS employees also can contribute to the TSP, but they do not receive agency matching contributions. Eligible FDIC employees may also participate in an FDICsponsored tax-deferred 401(k) savings plan with an automatic contribution of 1 percent of pay and an additional matching contribution up to 4 percent of pay. The expenses for these plans are presented in the table below (dollars in thousands). Civil Service Retirement System Federal Employees Retirement System (Basic Benefit) Federal Thrift Savings Plan FDIC Savings Plan Total December 31 December 31 2019 2018 $ 1,806 $ 2,089 116,899 111,926 36,149 35,564 39,873 39,466 $ 194,727 $ 189,045 POSTRETIREMENT BENEFITS OTHER THAN PENSIONS The DIF has no postretirement health insurance liability since all eligible retirees are covered by the Federal Employees Health Benefits (FEHB) program. The FEHB is administered and accounted for by the OPM. In addition, OPM pays the employer share of the retiree’s health insurance premiums. The FDIC provides certain life and dental insurance coverage for its eligible retirees, the retirees’ beneficiaries, and covered dependents. Retirees eligible for life and dental insurance coverage are those who have qualified due to (1) immediate enrollment upon appointment or five years of participation in the plan and (2) eligibility for an immediate annuity. The life insurance program provides basic coverage at no cost to retirees and allows for converting optional coverage to directpay plans. For the dental coverage, retirees are responsible for a portion of the premium. The FDIC has elected not to fund the postretirement life and dental benefit liabilities. As a result, the DIF recognized the underfunded status (the difference between the accumulated postretirement benefit obligation and the plan assets at fair value) as a liability. Since there are no plan assets, the plan’s benefit liability is equal to the accumulated postretirement benefit obligation. Postretirement benefit obligation, gain and loss, and expense information included in the Balance Sheet and Statement of Income and Fund Balance are summarized as follows (dollars in thousands). 104 December 31 2019 Accumulated postretirement benefit obligation recognized in Postretirement benefit liability Amounts recognized in accumulated other comprehensive income: Unrealized postretirement benefit loss Cumulative net actuarial loss Prior service cost Total Amounts recognized in other comprehensive income: Unrealized postretirement benefit (loss) gain Actuarial (loss) gain Prior service credit Total Net periodic benefit costs recognized in Operating expenses Service cost Interest cost Net amortization out of other comprehensive income Total December 31 2018 $ 289,462 $ 235,935 $ (60,432) $ 0 (60,432) $ (13,155) (385) (13,540) (47,277) $ 385 (46,892) $ 31,475 575 32,050 3,775 $ 10,360 4,625 9,334 385 14,520 $ 2,064 16,023 $ $ $ $ $ The year-over-year increase in the accumulated postretirement benefit obligation as of December 31, 2019, is primarily attributable to a decrease in the discount rate. The annual postretirement contributions and benefits paid are included in the table below (dollars in thousands). December 31 December 31 2019 2018 $ 7,885 $ 7,354 $ 871 $ 846 $ (8,756) $ (8,200) Employer contributions Plan participants' contributions Benefits paid The expected contributions for the year ending December 31, 2020, are $9 million. Expected future benefit payments for each of the next 10 years are presented in the following table (dollars in thousands). 2020 $8,297 2021 $8,841 FINANCIAL SECTION 2022 $9,400 2023 $9,962 2024 2025-2029 $10,550 $60,730 10 2019 NOTES TO THE FINANCIAL STATEMENTS Assumptions used to determine the amount of the accumulated postretirement benefit obligation and the net periodic benefit costs are summarized as follows. December 31 December 31 2019 2018 3.46% 4.81% 3.49% 3.49% 4.81% 4.03% Discount rate for future benefits (benefit obligation) Rate of compensation increase Discount rate (benefit cost) Dental health care cost-trend rate Assumed for next year Ultimate Year rate will reach ultimate 3.50% 3.50% 2020 3.80% 3.80% 2019 13. Commitments and Off-Balance-Sheet Exposure COMMITMENTS: Leased Space The DIF leased space expense totaled $45 million and $44 million for 2019 and 2018. The FDIC’s lease commitments total $134 million for future years. The lease agreements contain escalation clauses resulting in adjustments, usually on an annual basis. Future minimum lease commitments are as follows (dollars in thousands). 2020 $42,603 2021 $33,603 2022 $20,774 2023 $18,304 2024 $16,824 2025/Thereafter $1,724 OFF-BALANCE-SHEET EXPOSURE: Deposit Insurance Estimates of insured deposits are derived primarily from quarterly financial data submitted by IDIs to the FDIC and represent the accounting loss that would be realized if all IDIs were to fail and the acquired assets provided no recoveries. As of September 30, 2019 and December 31, 2018, estimated insured deposits for the DIF were $7.7 trillion and $7.5 trillion, respectively. 14. Fair Value of Financial Instruments the receivables from resolutions, assessments receivable, interest receivable on investments, other short-term receivables, and accounts payable and other liabilities. 15. Information Relating to the Statement of Cash Flows The following table presents a reconciliation of net income to net cash from operating activities (dollars in thousands). Operating Activities Net Income: $ Adjustments to reconcile net income to net cash provided by operating activities: Amortization of U.S. Treasury securities Treasury Inflation-Protected Securities inflation adjustment Depreciation on property and equipment Loss on retirement of property and equipment Provision for insurance losses Unrealized (loss) gain on postretirement benefits Change in Assets and Liabilities: Decrease in assessments receivable (Increase) in interest receivable and other assets Decrease in receivables from resolutions Increase (Decrease) in accounts payable and other liabilities Increase (Decrease) in postretirement benefit liability Increase (Decrease) in contingent liabilities guarantee payments and litigation losses (Decrease) in liabilities due to resolutions Net Cash Provided by Operating Activities $ December 31 2019 6,582,089 $ December 31 2018 9,965,566 339,247 0 48,547 (1,124) (1,285,531) (46,892) 246,725 (2,980) 51,316 (524) (562,622) 32,050 134,373 (470,766) 1,653,681 16,379 53,527 1,258,045 (43,889) 3,493,375 (38,899) (23,381) 420 (258,505) 6,765,445 $ (904) (598,484) 13,775,394 16. Subsequent Events Subsequent events have been evaluated through February 6, 2020, the date the financial statements are available to be issued. Based on management’s evaluation, there were no subsequent events requiring disclosure. As of December 31, 2019 and 2018, financial assets recognized and measured at fair value on a recurring basis include cash equivalents (see Note 2) of $6 billion and $5.7 billion, respectively, and the investment in U.S. Treasury securities (see Note 3) of $100.1 billion and $92.7 billion, respectively. The valuation is considered a Level 1 measurements in the fair value hierarchy, representing quoted prices in active markets for identical assets. Other financial assets and liabilities, measured at amortized cost, are FINANCIAL SECTION 105 11 ANNUAL REPORT FSLIC RESOLUTION FUND (FRF) Federal Deposit Insurance Corporation FSLIC Resolution Fund Balance Sheet As of December 31 2019 (Dollars in Thousands) ASSETS Cash and cash equivalents Other assets, net Total Assets LIABILITIES Accounts payable and other liabilities $ 922,911 $ 901,562 $ 923,436 $ 902,308 $ Total Liabilities RESOLUTION EQUITY (NOTE 5) Contributed capital 525 16 $ 16 125,489,317 Accumulated deficit (124,565,897) Total Resolution Equity 923,420 Total Liabilities and Resolution Equity $ The accompanying notes are an integral part of these financial statements. 106 2018 FINANCIAL SECTION 923,436 $ 746 9 9 125,489,317 (124,587,018) 902,299 902,308 2019 FSLIC RESOLUTION FUND (FRF) Federal Deposit Insurance Corporation FSLIC Resolution Fund Statement of Income and Accumulated Deficit For the Years Ended December 31 2019 (Dollars in Thousands) REVENUE Interest on U.S. Treasury securities $ Other revenue (Note 6) Total Revenue EXPENSES AND LOSSES Operating expenses Recovery of tax benefits (Note 7) 2018 18,673 $ 1,775 16,626 523 425 4 (313) (673) Total Expenses and Losses 21,121 Net Income Accumulated Deficit - Beginning $ Accumulated Deficit - Ending 808 20,448 (1,200) Losses related to thrift resolutions 15,818 (124,587,018) (124,565,897) $ 0 112 16,514 (124,603,532) (124,587,018) The accompanying notes are an integral part of these financial statements. FINANCIAL SECTION 107 ANNUAL REPORT FSLIC RESOLUTION FUND (FRF) Federal Deposit Insurance Corporation FSLIC Resolution Fund Statement of Cash Flows For the Years Ended December 31 2019 (Dollars in Thousands) OPERATING ACTIVITIES Provided by: Interest on U.S. Treasury securities $ Recovery of tax benefits Recoveries from thrift resolutions Miscellaneous receipts 18,673 $ 1,200 Operating expenses Miscellaneous disbursements 15,818 0 1,835 832 (358) (452) 0 Used by: (1) 3 (19) Net Cash Provided by Operating Activities 21,349 16,182 Net Increase in Cash and Cash Equivalents 21,349 16,182 Cash and Cash Equivalents - Beginning Cash and Cash Equivalents - Ending $ The accompanying notes are an integral part of these financial statements. 108 2018 FINANCIAL SECTION 901,562 922,911 $ 885,380 901,562 2019 FSLIC RESOLUTION FUND NOTES TO THE FINANCIAL STATEMENTS December 31, 2019 and 2018 1. Operations/Dissolution of the FSLIC Resolution Fund OVERVIEW The Federal Deposit Insurance Corporation (FDIC) is the independent deposit insurance agency created by Congress in 1933 to maintain stability and public confidence in the nation’s banking system. Provisions that govern the FDIC’s operations are generally found in the Federal Deposit Insurance (FDI) Act, as amended (12 U.S.C. 1811, et seq). In accordance with the FDI Act, the FDIC, as administrator of the Deposit Insurance Fund (DIF), insures the deposits of banks and savings associations (insured depository institutions). In cooperation with other federal and state agencies, the FDIC promotes the safety and soundness of insured depository institutions (IDIs) by identifying, monitoring, and addressing risks to the DIF. In addition to being the administrator of the DIF, the FDIC is the administrator of the FSLIC Resolution Fund (FRF). As such, the FDIC is responsible for the sale of remaining assets and satisfaction of liabilities associated with the former Federal Savings and Loan Insurance Corporation (FSLIC) and the former Resolution Trust Corporation (RTC). The FDIC maintains the DIF and the FRF separately to support their respective functions. The FSLIC was created through the enactment of the National Housing Act of 1934. The Financial Institutions Reform, Recovery, and Enforcement Act of 1989 (FIRREA) abolished the insolvent FSLIC and created the FRF. At that time, the assets and liabilities of the FSLIC were transferred to the FRF – except those assets and liabilities transferred to the newly created RTC – effective on August 9, 1989. Further, the FIRREA established the Resolution Funding Corporation (REFCORP) to provide part of the initial funds used by the RTC for thrift resolutions by authorizing REFCORP to issue debt obligations. The REFCORP issued debt obligations in the form of longterm bonds ranging in maturity from 2019 to 2030. The RTC Completion Act of 1993 terminated the RTC as of December 31, 1995. All remaining assets and liabilities of the RTC were transferred to the FRF on January 1, 1996. Today, the FRF consists of two distinct pools of assets and liabilities: one composed of the assets and liabilities of the FSLIC transferred to the FRF upon the dissolution of the FSLIC (FRFFSLIC), and the other composed of the RTC assets and liabilities (FRF-RTC). The assets of one pool are not available to satisfy obligations of the other. OPERATIONS/DISSOLUTION OF THE FRF The FRF will continue operations until all of its assets are sold or otherwise liquidated and all of its liabilities are satisfied. Any funds remaining in the FRF-FSLIC will be paid to the U.S. Treasury. Any remaining funds of the FRF-RTC will be distributed to the REFCORP to pay interest on the REFCORP bonds. In addition, the FRF-FSLIC has available until expended $602 million in appropriations to facilitate, if required, efforts to wind up the resolution activity of the FRFFSLIC. The FDIC has extensively reviewed and cataloged the FRF's remaining assets and liabilities. Some of the unresolved issues are: • criminal restitution orders (generally have from 1 to 27 years remaining to enforce); • collections of judgments obtained against officers and directors and other professionals responsible for causing or contributing to thrift losses (generally have up to 10 years remaining to enforce, unless the judgments are renewed or are covered by the Federal Debt Collections Procedures Act, which will result in significantly longer periods for collection of some judgments); • liquidation/disposition of residual assets purchased by the FRF from terminated receiverships; • a potential tax liability associated with a fully adjudicated goodwill litigation case (see Note 3); and • Affordable Housing Disposition Program monitoring (the last agreement expires no later than 2045; see Note 4). The FRF could realize recoveries from criminal restitution orders and professional liability claims. However, any potential recoveries are not reflected in the FRF’s financial statements, given the significant uncertainties surrounding the ultimate outcome. On April 1, 2014, the FDIC concluded its role as receiver, on behalf of the FRF, when the last active receivership was terminated. In total, 850 receiverships were liquidated by the FRF and the RTC. To facilitate receivership terminations, the FRF, in its corporate capacity, acquired the remaining receivership assets that could not be liquidated during the life 1 FINANCIAL SECTION 109 ANNUAL REPORT FSLIC RESOLUTION FUND 110 of the receiverships due to restrictive clauses and other impediments. These assets are included in the “Other assets, net” line item on the Balance Sheet. CASH EQUIVALENTS Cash equivalents are short-term, highly liquid investments consisting primarily of U.S. Treasury Overnight Certificates. During the years of receivership activity, the assets held by receivership entities, and the claims against them, were accounted for separately from the FRF’s assets and liabilities to ensure that receivership proceeds were distributed in accordance with applicable laws and regulations. Also, the income and expenses attributable to receiverships were accounted for as transactions of those receiverships. The FDIC, as administrator of the FRF, billed receiverships for services provided on their behalf. RELATED PARTIES The nature of related parties and a description of related party transactions are discussed in Note 1 and disclosed throughout the financial statements and footnotes. APPLICATION OF RECENT ACCOUNTING STANDARDS Recent accounting standards have been deemed not applicable or material to the financial statements as presented. 2. 3. Summary of Significant Accounting Policies Goodwill Litigation GENERAL The financial statements include the financial position, results of operations, and cash flows of the FRF and are presented in accordance with U.S. generally accepted accounting principles (GAAP). During the years of receivership activity, these statements did not include reporting for assets and liabilities of receivership entities because these entities were legally separate and distinct, and the FRF did not have any ownership or beneficial interest in them. In United States v. Winstar Corp., 518 U.S. 839 (1996), the Supreme Court held that when it became impossible following the enactment of FIRREA in 1989 for the federal government to perform certain agreements to count goodwill toward regulatory capital, the plaintiffs were entitled to recover damages from the United States. The contingent liability associated with the nonperformance of these agreements was transferred to the FRF on August 9, 1989, upon the dissolution of the FSLIC. The FRF is a limited-life entity, however, it does not meet the requirements for presenting financial statements using the liquidation basis of accounting. According to Accounting Standards Codification Topic 205, Presentation of Financial Statements, a limited-life entity should apply the liquidation basis of accounting only if a change in the entity’s governing plan has occurred since its inception. By statute, the FRF is a limited-life entity whose dissolution will occur upon the satisfaction of all liabilities and the disposition of all assets. No changes to this statutory plan have occurred since inception of the FRF. The FRF can draw from an appropriation provided by Section 110 of the Department of Justice Appropriations Act, 2000 (Public Law 106-113, Appendix A, Title I, 113 Stat. 1501A-3, 1501A-20), such sums as may be necessary for the payment of judgments and compromise settlements in the goodwill litigation. This appropriation is to remain available until expended. Because an appropriation is available to pay such judgments and settlements, any estimated liability for goodwill litigation will have a corresponding receivable from the U.S. Treasury and therefore have no net impact on the financial condition of the FRF. USE OF ESTIMATES The preparation of the financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities, revenue and expenses, and disclosure of contingent liabilities. Actual results could differ from these estimates. Where it is reasonably possible that changes in estimates will cause a material change in the financial statements in the near term, the nature and extent of such potential changes in estimates have been disclosed. The estimates for other assets, goodwill litigation, and indemnifications are considered significant. The last remaining goodwill case was resolved in 2015. However, for another case fully adjudicated in 2012, an estimated loss of $4 million as of December 31, 2019, compared to $5 million as of year-end 2018, for the courtordered reimbursement of potential tax liabilities to the plaintiff is reasonably possible. The FRF-FSLIC paid goodwill litigation expenses incurred by the Department of Justice (DOJ), the entity that defended these lawsuits against the United States, based on a Memorandum of Understanding dated October 2, 1998, between the FDIC and the DOJ. These expenses were paid in advance by the FRF-FSLIC and any unused funds were carried over by the DOJ and applied toward the next fiscal year FINANCIAL SECTION 2 2019 NOTES TO THE FINANCIAL STATEMENTS charges. The DOJ returned all unused funds in September 2016 except for $250 thousand retained to cover future administrative expenses. In September 2019, after reducing for expenses incurred, the DOJ returned the remaining $234 thousand of unused funds to the FRF-FSLIC (see Note 6). 4. Affordable Housing Disposition Program Required by FIRREA under section 501, the Affordable Housing Disposition Program (AHDP) was established in 1989 to ensure the preservation of affordable housing for lowincome households. The FDIC, in its capacity as administrator of the FRF-RTC, assumed responsibility for monitoring property owner compliance with land use restriction agreements (LURAs). To enforce the property owners’ LURA obligation, the RTC, prior to its dissolution, entered into Memoranda of Understanding with 34 monitoring agencies to oversee these LURAs. As of December 31, 2019, 24 monitoring agencies oversee these LURAs. The FDIC, through the FRF, has agreed to indemnify the monitoring agencies for all losses related to LURA legal enforcement proceedings. From 2006 through 2018, two lawsuits against property owners resulted in $23 thousand in legal expenses, which were fully reimbursed due to successful litigation. In 2019, new litigation against two property owners has thus far resulted in legal expenses of $7 thousand. The maximum potential exposure to the FRF cannot be estimated as it is contingent upon future legal proceedings. However, loss mitigation factors include: (1) the indemnification may become void if the FDIC is not immediately informed upon receiving notice of any legal proceedings and (2) the FDIC is entitled to reimbursement of any legal expenses incurred for successful litigation against a property owner. AHDP guarantees will continue until the termination of the last LURA, or 2045 (whichever occurs first). As of December 31, 2019 and 2018, no contingent liability for this indemnification has been recorded. 5. Resolution Equity As stated in the Overview section of Note 1, the FRF is composed of two distinct pools: the FRF-FSLIC and the FRFRTC. The FRF-FSLIC consists of the assets and liabilities of the former FSLIC. The FRF-RTC consists of the assets and liabilities of the former RTC. Pursuant to legal restrictions, the two pools are maintained separately and the assets of one pool are not available to satisfy obligations of the other. Contributed capital, accumulated deficit, and resolution equity consisted of the following components by each pool (dollars in thousands). December 31, 2019 Contributed capital beginning Contributed capital ending FRF-FSLIC $ Accumulated deficit Total Resolution Equity $ December 31, 2018 Contributed capital beginning Contributed capital ending 43,864,980 $ $ 81,624,337 $ 125,489,317 81,624,337 125,489,317 (42,986,401) (81,579,496) (124,565,897) 878,579 $ 43,864,980 $ 81,624,337 $ 43,783 125,489,317 125,489,317 (81,580,554) $ 923,420 FRF Consolidated 81,624,337 (43,006,464) 858,516 44,841 $ FRF-RTC 43,864,980 $ FRF Consolidated 43,864,980 FRF-FSLIC Accumulated deficit Total Resolution Equity FRF-RTC (124,587,018) $ 902,299 CONTRIBUTED CAPITAL The FRF-FSLIC and the former RTC received $43.5 billion and $60.1 billion from the U.S. Treasury, respectively, to fund losses from thrift resolutions prior to July 1, 1995. Additionally, the FRF-FSLIC issued $670 million in capital certificates to the Financing Corporation (a mixed-ownership government corporation established to function solely as a financing vehicle for the FSLIC) and the RTC issued $31.3 billion of these instruments to the REFCORP. FIRREA prohibited the payment of dividends on any of these capital certificates. Through December 31, 2019, the FRF-FSLIC received a total of $2.3 billion in goodwill appropriations, the effect of which increased contributed capital. Through December 31, 2019, the FRF-RTC had returned $4.6 billion to the U.S. Treasury and made payments of $5.1 billion to the REFCORP. The most recent payment to the REFCORP was in July of 2013 for $125 million. In addition, the FDIC returned $2.6 billion to the U.S. Treasury on behalf of the FRFFSLIC in 2013. These actions reduced contributed capital. ACCUMULATED DEFICIT The accumulated deficit represents the cumulative excess of expenses and losses over revenue for activity related to the FRF-FSLIC and the FRF-RTC. Approximately $29.8 billion and $87.9 billion were brought forward from the former FSLIC and the former RTC on August 9, 1989, and January 1, 1996, respectively. Since the dissolution dates, the FRF-FSLIC accumulated deficit increased by $13.2 billion, whereas the FRF-RTC accumulated deficit decreased by $6.3 billion. FINANCIAL SECTION 3111 ANNUAL REPORT FSLIC RESOLUTION FUND 6. 9. Other Revenue Other revenue primarily represents recoveries from assets acquired from terminated receiverships, such as professional liability and criminal restitution claims, and unclaimed property escheatments. Additionally, in 2019, the return of unused goodwill litigation expense funds from the DOJ is included. Other revenue was $2 million for 2019, compared to $808 thousand for 2018. 7. Recovery of Tax Benefits Recovery of tax benefits represents receipts based on underlying tax provisions from entities that either entered into assistance agreements with the former FSLIC, or have subsequently purchased financial institutions that had prior agreements with the FSLIC. In 2019, FRF received $1 million from the settlement of the last remaining FSLIC tax benefits sharing agreement. 8. Fair Value of Financial Instruments At December 31, 2019 and 2018, the FRF’s financial assets measured at fair value on a recurring basis are cash equivalents (see Note 2) of $878 million and $857 million, respectively. Cash equivalents are Special U.S. Treasury Certificates with overnight maturities valued at prevailing interest rates established by the U.S. Treasury’s Bureau of the Fiscal Service. The valuation is considered a Level 1 measurement in the fair value hierarchy, representing quoted prices in active markets for identical assets. 112 Information Relating to the Statement of Cash Flows The following table presents a reconciliation of net income to net cash from operating activities (dollars in thousands). December 31 Operating Activities Net Income: Change in Assets and Liabilities: Decrease (Increase) in other assets Increase (Decrease) in accounts payable and other liabilities Net Cash Provided by Operating Activities 10. December 31 2019 $ $ 21,121 2018 $ 16,514 221 (249) 7 (83) 21,349 $ 16,182 Subsequent Events Subsequent events have been evaluated through February 6, 2020, the date the financial statements are available to be issued. Based on management’s evaluation, there were no subsequent events requiring disclosure. FINANCIAL SECTION 4 2019 GOVERNMENT ACCOUNTABILITY OFFICE AUDITOR’S REPORT 441 G St. N.W. Washington, DC 20548 Independent Auditor’s Report To the Board of Directors The Federal Deposit Insurance Corporation In our audits of the 2019 and 2018 financial statements of the Deposit Insurance Fund (DIF) and of the Federal Savings and Loan Insurance Corporation (FSLIC) Resolution Fund (FRF), both of which the Federal Deposit Insurance Corporation (FDIC) administers,1 we found the financial statements of the DIF and of the FRF as of and for the years ended December 31, 2019, and 2018, are presented fairly, in all material respects, in accordance with U.S. generally accepted accounting principles; FDIC maintained, in all material respects, effective internal control over financial reporting relevant to the DIF and to the FRF as of December 31, 2019; and with respect to the DIF and to the FRF, no reportable noncompliance for 2019 with provisions of applicable laws, regulations, contracts, and grant agreements we tested. • • • The following sections discuss in more detail (1) our report on the financial statements and on internal control over financial reporting and other information included with the financial statements;2 (2) our report on compliance with laws, regulations, contracts, and grant agreements; and (3) agency comments. Report on the Financial Statements and on Internal Control over Financial Reporting In accordance with Section 17 of the Federal Deposit Insurance Act, as amended,3 and the Government Corporation Control Act,4 we have audited the financial statements of the DIF and of the FRF, both of which FDIC administers. The financial statements of the DIF comprise the balance sheets as of December 31, 2019, and 2018; the related statements of income and fund balance and of cash flows for the years then ended; and the related notes to the financial statements. The financial statements of the FRF comprise the balance sheets as of December 31, 2019, and 2018; the related statements of income and accumulated deficit and of cash flows for the years then ended; and the related notes to the financial statements. We also have audited FDIC’s internal control over financial reporting relevant to the DIF and to the FRF as of December 31, 2019, based on criteria established under 31 U.S.C. § 3512(c), (d), commonly known as the Federal Managers’ Financial Integrity Act (FMFIA). 1A third fund managed by FDIC, the Orderly Liquidation Fund, established by Section 210(n) of the Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, 124 Stat. 1376, 1506 (July 21, 2010), is unfunded and did not have any transactions from its inception in 2010 through 2019. 2Other 3Act 431 information consists of information included with the financial statements, other than the auditor’s report. of September 21, 1950, Pub. L. No. 797, § 2[17], 64 Stat. 873, 890, classified as amended at 12 U.S.C. § 1827. U.S.C. §§ 9101-9110. FINANCIAL SECTION 113 ANNUAL REPORT GOVERNMENT ACCOUNTABILITY OFFICE AUDITOR’S REPORT (continued) We conducted our audits in accordance with U.S. generally accepted government auditing standards. We believe that the audit evidence we obtained is sufficient and appropriate to provide a basis for our audit opinions. Management’s Responsibility FDIC management is responsible for (1) the preparation and fair presentation of these financial statements in accordance with U.S. generally accepted accounting principles; (2) preparing and presenting other information included in documents containing the audited financial statements and auditor’s report, and ensuring the consistency of that information with the audited financial statements; (3) maintaining effective internal control over financial reporting, including the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error; (4) evaluating the effectiveness of internal control over financial reporting based on the criteria established under FMFIA; and (5) its assessment about the effectiveness of internal control over financial reporting as of December 31, 2019, included in the accompanying Management’s Report on Internal Control over Financial Reporting in appendix I. Auditor’s Responsibility Our responsibility is to express opinions on these financial statements and opinions on FDIC’s internal control over financial reporting relevant to the DIF and to the FRF based on our audits. U.S. generally accepted government auditing standards require that we plan and perform the audits to obtain reasonable assurance about whether the financial statements are free from material misstatement, and whether effective internal control over financial reporting was maintained in all material respects. We are also responsible for applying certain limited procedures to other information included with the financial statements. An audit of financial statements involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the auditor’s assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances. An audit of financial statements also involves evaluating the appropriateness of the accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. An audit of internal control over financial reporting involves performing procedures to obtain evidence about whether a material weakness exists.5 The procedures selected depend on the auditor’s judgment, including the assessment of the risk that a material weakness exists. An audit of internal control over financial reporting also includes obtaining an understanding of internal control over financial reporting and evaluating and testing the design and operating effectiveness of internal control over financial reporting based on the assessed risk. Our audit of internal control also considered FDIC’s process for evaluating and reporting on internal control 5A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis. A deficiency in internal control exists when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. 114 FINANCIAL SECTION 2019 GOVERNMENT ACCOUNTABILITY OFFICE AUDITOR’S REPORT (continued) over financial reporting based on criteria established under FMFIA. Our audits also included performing such other procedures as we considered necessary in the circumstances. We did not evaluate all internal controls relevant to operating objectives as broadly established under FMFIA, such as those controls relevant to preparing performance information and ensuring efficient operations. We limited our internal control testing to testing controls over financial reporting. Our internal control testing was for the purpose of expressing an opinion on whether effective internal control over financial reporting was maintained, in all material respects. Consequently, our audit may not identify all deficiencies in internal control over financial reporting that are less severe than a material weakness. Definition and Inherent Limitations of Internal Control over Financial Reporting An entity’s internal control over financial reporting is a process effected by those charged with governance, management, and other personnel, the objectives of which are to provide reasonable assurance that (1) transactions are properly recorded, processed, and summarized to permit the preparation of financial statements in accordance with U.S. generally accepted accounting principles, and assets are safeguarded against loss from unauthorized acquisition, use, or disposition, and (2) transactions are executed in accordance with provisions of applicable laws, regulations, contracts, and grant agreements, noncompliance with which could have a material effect on the financial statements. Because of its inherent limitations, internal control over financial reporting may not prevent, or detect and correct, misstatements due to fraud or error. We also caution that projecting any evaluation of effectiveness to future periods is subject to the risk that controls may become inadequate because of changes in conditions or that the degree of compliance with the policies or procedures may deteriorate. Opinions on Financial Statements In our opinion, • • the DIF’s financial statements present fairly, in all material respects, the DIF’s financial position as of December 31, 2019, and 2018, and the results of its operations and its cash flows for the years then ended, in accordance with U.S. generally accepted accounting principles, and the FRF’s financial statements present fairly, in all material respects, the FRF’s financial position as of December 31, 2019, and 2018, and the results of its operations and its cash flows for the years then ended, in accordance with U.S. generally accepted accounting principles. Opinions on Internal Control over Financial Reporting In our opinion, • • FDIC maintained, in all material respects, effective internal control over financial reporting relevant to the DIF as of December 31, 2019, based on criteria established under FMFIA, and FDIC maintained, in all material respects, effective internal control over financial reporting relevant to the FRF as of December 31, 2019, based on criteria established under FMFIA. FINANCIAL SECTION 115 ANNUAL REPORT GOVERNMENT ACCOUNTABILITY OFFICE AUDITOR’S REPORT (continued) During our 2019 audit, we identified deficiencies in FDIC’s internal control over financial reporting that we do not consider to be material weaknesses or significant deficiencies.6 Nonetheless, these deficiencies warrant FDIC management’s attention. We have communicated these matters to FDIC management and, where appropriate, will report on them separately. Other Matters Other Information FDIC’s other information contains a wide range of information, some of which is not directly related to the financial statements. This information is presented for purposes of additional analysis and is not a required part of the financial statements. We read the other information included with the financial statements in order to identify material inconsistencies, if any, with the audited financial statements. Our audit was conducted for the purpose of forming opinions on the DIF’s and the FRF’s financial statements. We did not audit and do not express an opinion or provide any assurance on the other information. Report on Compliance with Laws, Regulations, Contracts, and Grant Agreements In connection with our audits of the financial statements of the DIF and of the FRF, both of which FDIC administers, we tested compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements consistent with our auditor’s responsibility discussed below. We caution that noncompliance may occur and not be detected by these tests. We performed our tests of compliance in accordance with U.S. generally accepted government auditing standards. Management’s Responsibility FDIC management is responsible for complying with applicable laws, regulations, contracts, and grant agreements. Auditor’s Responsibility Our responsibility is to test compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements that have a direct effect on the determination of material amounts and disclosures in the financial statements of the DIF and of the FRF and to perform certain other limited procedures. Accordingly, we did not test FDIC’s compliance with all applicable laws, regulations, contracts, and grant agreements. Results of Our Tests for Compliance with Laws, Regulations, Contracts, and Grant Agreements Our tests for compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements disclosed no instances of noncompliance for 2019 that would be reportable, with respect to the DIF and to the FRF, under U.S. generally accepted government auditing standards. However, the objective of our tests was not to provide an opinion on compliance with applicable laws, regulations, contracts, and grant agreements. Accordingly, we do not express such an opinion. 6A significant deficiency is a deficiency, or a combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those charged with governance. 116 FINANCIAL SECTION 2019 GOVERNMENT ACCOUNTABILITY OFFICE AUDITOR’S REPORT (continued) Intended Purpose of Report on Compliance with Laws, Regulations, Contracts, and Grant Agreements The purpose of this report is solely to describe the scope of our testing of compliance with selected provisions of applicable laws, regulations, contracts, and grant agreements, and the results of that testing, and not to provide an opinion on compliance. This report is an integral part of an audit performed in accordance with U.S. generally accepted government auditing standards in considering compliance. Accordingly, this report on compliance with laws, regulations, contracts, and grant agreements is not suitable for any other purpose. Agency Comments In commenting on a draft of this report, FDIC stated that it was pleased to receive unmodified opinions on the DIF’s and the FRF’s financial statements, and noted that we reported that FDIC had effective internal control over financial reporting and that there was no reportable noncompliance with tested provisions of applicable laws, regulations, contracts, and grant agreements. FDIC also stated that it recognizes the essential role a strong internal control program plays in an agency achieving its mission and that its commitment to sound financial management has been and will remain a top priority. The complete text of FDIC’s response is reprinted in appendix II. James R. Dalkin Director Financial Management and Assurance February 6, 2020 FINANCIAL SECTION 117 ANNUAL REPORT Appendix I MANAGEMENT’S REPORT ON INTERNAL CONTROL OVER FINANCIAL REPORTING 118 FINANCIAL SECTION 2019 Appendix II MANAGEMENT’S RESPONSE TO THE AUDITOR’S REPORT FINANCIAL SECTION 119 THIS PAGE INTENTIONALLY LEFT BLANK VI. RISK MANAGEMENT AND INTERNAL CONTROLS THIS PAGE INTENTIONALLY LEFT BLANK 2019 The FDIC uses several means to identify and address enterprise risks, maintain comprehensive internal controls, ensure the overall effectiveness and efficiency of operations, and otherwise comply as necessary with the following federal standards, among others: ♦ Chief Financial Officers Act (CFO Act) ♦ Federal Managers’ Financial Integrity Act (FMFIA) ♦ Federal Financial Management Improvement Act (FFMIA) ♦ Government Performance and Results Act (GPRA) ♦ Federal Information Security Modernization Act of 2014 (FISMA) ♦ OMB Circular A-123 ♦ GAO’s Standards for Internal Control in the Federal Government As a foundation for these efforts, the Division of Finance, Risk Management and Internal Controls Branch (DOFRMIC) oversees a corporate-wide program of risk management and internal control activities and works closely with FDIC division and office management. The FDIC has made a concerted effort to identify and assess financial, reputational, and operational risks and incorporate corresponding controls into day-to-day operations. The program also requires that divisions and offices document comprehensive procedures, thoroughly train employees, and hold supervisors accountable for performance and results. Divisions and offices monitor compliance through periodic management reviews and various activity reports distributed to all levels of management. The FDIC also takes seriously FDIC Office of Inspector General and GAO audit recommendations and strives to implement agreed upon actions promptly. The FDIC has received unmodified opinions on its financial statement audits for 28 consecutive years, and these and other positive results reflect the effectiveness of the overall internal control program. In 2019, DOF-RMIC continued to enhance the FDIC’s Enterprise Risk Management program. ERM program accomplishments include, but were not limited to: ♦ Enhancing the ERM program’s governance structure, ♦ Confirming the FDIC’s risk appetite statement and risk profile, ♦ Relaunching the Model Risk Management program, and ♦ Providing Project Risk Manager support for certain complex IT projects. During 2020, DOF-RMIC will continue enhancing the ERM program. DOF-RMIC will focus on raising ERM awareness in the FDIC regional offices, better integrating the ERM program with FDIC’s strategic planning and budget process, enhancing the internal control program, and exploring opportunities for process improvements. PROGRAM EVALUATION DOF-RMIC periodically evaluates selected program areas responsible for achieving FDIC strategic objectives and performance goals. During 2019, DOF-RMIC evaluated DRR processes responsible for achieving two Insurance Program strategic objectives and related performance goals. Strategic Objective and Related Performance Goal Evaluated: ♦ The FDIC resolves failed IDIs in the manner leastcostly to the DIF. • Market failing institutions to all known qualified and interested potential bidders. The FDIC maintains a database of qualified and interested potential bidders for failed financial institutions. In developing the potential bidders list, the FDIC identifies well-capitalized and well-managed banks that are expected to be interested in acquiring the failing institution. During 2019, four financial institutions failed. FDIC marketed these institutions using a secured web-based virtual data room. This approach allowed the FDIC to effectively and efficiently market the failing institution and its assets to potential bidders in a confidential manner. We confirmed in each case that the marketing process was competitive and multiple interested banks submitted bids. RISK MANAGEMENT AND INTERNAL CONTROLS 123 ANNUAL REPORT Strategic Objective and Related Performance Goals Evaluated: ♦ Customers of failed IDIs have timely access to insured funds and financial services. • Depositors have access to insured funds within one business day if the failure occurs on a Friday. • Depositors have access to insured funds within two business days if the failure occurs on any other day of the week. • Depositors do not incur any losses on insured deposits. • No appropriated funds are required to pay insured depositors. The FDIC has procedures in place to ensure that customers have timely access to insured funds and financial services, such as automated teller machines, safe deposit boxes, and wire services. If an institution failure occurs on a Friday, FDIC’s target for access to insured funds by customers is one business day. If a failure occurs on any other day of the week, the target is two business days. We confirmed that procedures were up-to-date and appropriate. In 2019, four banks failed. The acquiring institution in three of the failures assumed all deposits and the fourth acquiring institution assumed insured deposits only. In all cases, DRR completed the deposit insurance determination timely and the acquiring institutions re-opened for business by the first business day immediately following the Friday failure. Moreover, no depositors incurred losses on insured deposits and no appropriated funds were used to pay insured deposits. FRAUD REDUCTION AND DATA ANALYTICS ACT OF 2015 The Fraud Reduction and Data Analytics Act of 2015 was signed into law on June 30, 2016. The law is intended to improve federal agency financial and administrative controls and procedures to assess and mitigate fraud risks, and to improve federal agencies’ development and use of 124 data analytics for the purpose of identifying, preventing, and responding to fraud, including improper payments. The FDIC’s enterprise risk management and internal control program considers the potential for fraud and incorporates elements of Principle 8—Assess Fraud Risk—from the GAO Standards of Internal Control in the Federal Government. The FDIC implemented a Fraud Risk Assessment Framework as a basis for identifying potential financial fraud risks and schemes and ensuring that preventive and detective controls are present and working as intended. Examples of transactions more susceptible to fraud include contractor payments, wire transfers, travel card purchases, and cash receipts. As part of the Framework, management identifies potential fraud areas and implements and evaluates key controls as proactive measures for fraud prevention. Although no system of internal control provides absolute assurance, the FDIC’s system of internal control provides reasonable assurance that key controls are adequate and working as intended. Monitoring activities include supervisory approvals, management reports, and exception reporting. FDIC management performs due diligence in areas of suspected or alleged fraud. At the conclusion of due diligence, the matter is either closed or referred to the Office of Inspector General for investigation. During 2019, there was no systemic fraud identified within the FDIC. MANAGEMENT REPORT ON FINAL ACTIONS As required under the provisions of Section 5 (as amended) of the Inspector General Act of 1978, the FDIC must report information on final action taken by management on certain audit reports. The tables on the following pages provide information on final action taken by management on audit reports for the federal fiscal year period October 1, 2018, through September 30, 2019. RISK MANAGEMENT AND INTERNAL CONTROLS 2019 TABLE 1: MANAGEMENT REPORT ON FINAL ACTION ON AUDITS WITH DISALLOWED COSTS FOR FISCAL YEAR 2019 Dollars in Thousands (There were no audit reports in this category.) TABLE 2: MANAGEMENT REPORT ON FINAL ACTION ON AUDITS WITH RECOMMENDATIONS TO PUT FUNDS TO BETTER USE FOR FISCAL YEAR 2019 Dollars in Thousands (There were no audit reports in this category.) TABLE 3: AUDIT REPORTS WITHOUT FINAL ACTIONS BUT WITH MANAGEMENT DECISIONS OVER ONE YEAR OLD FOR FISCAL YEAR 2019 Report No. and Issue Date AUD-16-001 10/28/2015 AUD-17-001 11/2/2016 EVAL-17-007 9/18/2017 OIG Audit Recommendation The Acting CIO should assess the Information Security Manager (ISM) Outsourced Information Service Provider Assessment Methodology processes supporting information service provider assessments to determine and implement any needed improvements to ensure timely completion of assessments. OIG recommends that the CIO should review existing resource commitments and priorities for addressing data communications Plans of Action and Milestones (POA&Ms) and take appropriate steps to ensure they are addressed in a timely manner. Management Action The CIOO updated its assessment methodology to help ensure timely completion of assessments and completed assessments consistent with its implementation plan. Status: Completed. Undergoing OIG review. The CIOO developed and documented its policy risk tolerance levels and timeframes for remediating POA&Ms. The FDIC has achieved a substantial reduction in several aging POA&M performance metrics. Additional time is needed to refine and meet performance benchmarks. Due Date: 6/26/2020. The Director, DOA should incorporate DOA established procedures and protocols a risk assessment of individual separating for incorporating an employee-specific risk employees into the FDIC’s pre-exit assessment as part of the pre-exit clearance clearance process. process. Disallowed Costs $0 $0 $0 Status: Subsequently closed. RISK MANAGEMENT AND INTERNAL CONTROLS 125 ANNUAL REPORT TABLE 3: AUDIT REPORTS WITHOUT FINAL ACTIONS BUT WITH MANAGEMENT DECISIONS OVER ONE YEAR OLD FOR FISCAL YEAR 2019 (continued) Report No. and Issue Date AUD-18-001 10/25/2017 OIG Audit Recommendation Management Action The CIO should implement the Information Security Risk Advisory (ISRA) Council’s responsibilities to develop a method and strategy for use by FDIC divisions and offices in the classification of risk ratings and risk profiles of corporate applications and systems. The CIOO developed a new methodology for categorizing applications and systems based on their risk profile. However, additional time is needed to fully implement the new methodology. The CIO should implement the ISRA Council’s responsibilities to develop and communicate the FDIC’s information security risk tolerance level and risk profile used to prioritize risk mitigation activities. The FDIC issued its Corporate Risk Appetite Statement, which includes a discussion of technology risk. The CIOO developed risk tolerances and metrics for monitoring key risk indicators. The CIO should ensure that the improvements to the FDIC’s patch management process result in systems being patched in accordance with FDIC’s patch management policy and National Institute of Standards and Technology recommended practices. The FDIC established patch management risk tolerances and is monitoring to ensure that systems are patched within established timeframes. In addition, the FDIC updated its patching policy to incorporate a new process for documenting deferrals and acceptances of risk, when appropriate. Further, the FDIC developed work instructions to ensure the process of monitoring vulnerabilities and tolerance levels is repeatable. Due Date: 1/31/2020 Due Date: 1/28/2020 Status: Subsequently closed. 126 RISK MANAGEMENT AND INTERNAL CONTROLS Disallowed Costs $0 2019 TABLE 3: AUDIT REPORTS WITHOUT FINAL ACTIONS BUT WITH MANAGEMENT DECISIONS OVER ONE YEAR OLD FOR FISCAL YEAR 2019 (continued) Report No. and Issue Date AUD-18-001 10/25/2017 (continued) OIG Audit Recommendation The CIO should review and enhance the FDIC’s vulnerability scanning processes to ensure that issues associated with conducting credentialed scans are resolved in a timely manner. Management Action The FDIC revised its standard operating procedure for addressing authentication failures. The procedure now requires evidence of successful authentication prior to closing change control tickets generated as a result of authentication failures. The FDIC still needs to demonstrate consistent, effective performance of the new procedures. Disallowed Costs $0 Due Date: 5/29/2020 The CIO should develop an approach and implementing procedures for evaluating risk associated with known security weaknesses and vulnerabilities to ensure they collectively remain within established risk tolerance levels. The CIOO developed standard risk tolerances for information security vulnerabilities, developed a framework to quantify risk, and integrated these items into the CIOO’s risk management processes. Additionally, the CIOO updated its Information Security Risk Management directive to align roles, responsibilities, and expectations for reporting risk levels that approach or exceed risk tolerance limits. The CIOO will finalize and publish the directive once the directives review process is complete. Due Date: 5/29/2020 RISK MANAGEMENT AND INTERNAL CONTROLS 127 ANNUAL REPORT TABLE 3: AUDIT REPORTS WITHOUT FINAL ACTIONS BUT WITH MANAGEMENT DECISIONS OVER ONE YEAR OLD FOR FISCAL YEAR 2019 (continued) Report No. and Issue Date AUD-18-004 7/26/18 OIG Audit Recommendation Management Action The CIO should implement an enterprise architecture that is part of the FDIC’s IT Governance Framework and used to guide IT decision-making. The CIO implemented an enterprise architecture that is part of the FDIC’s IT Governance Framework and used to guide IT decision-making. Disallowed Costs $0 Status: Subsequently closed. The CIO should incorporate the revised The CIOO combined existing IT IT governance processes into applicable governance policies into one overarching FDIC policies, procedures, and charters. directive which will define the FDIC’s IT decision-making framework for governing and managing IT resources for enterprise architecture, IT strategy, IT planning, data management, and IT project management. The CIOO will finalize and publish the directive once the directives review process is complete. Due Date: 3/31/2020 The CIO should identify and document the IT resources and expertise needed to execute the FDIC’s IT Strategic Plan. EVAL-18-004 8/8/2018 128 The CIOO developed a workforce planning guide that outlines the process that will be used to document the IT resources and expertise needed to execute the FDIC’s IT Strategic Plan. The CIOO will perform the IT workforce assessment against future IT workforce needs as defined in the FDIC’s IT Modernization Plan and target IT architecture. Due Date: 9/30/2020 The Director, Division of Risk RMS issued a comprehensive document Management Supervision should describing its risk-focused supervision issue a comprehensive policy guidance program, including how the FDIC document defining Forward-Looking implemented Forward-Looking Supervision, including its purpose, goals, Supervision concepts. roles, and responsibilities. Status: Subsequently closed. RISK MANAGEMENT AND INTERNAL CONTROLS $0 VII. APPENDICES THIS PAGE INTENTIONALLY LEFT BLANK 2019 A. KEY STATISTICS FDIC ACTIONS ON FINANCIAL INSTITUTIONS APPLICATIONS Deposit Insurance Approved1 Denied New Branches Approved Denied Mergers Approved Denied Requests for Consent to Serve2 Approved Section 19 Section 32 Denied Section 19 Section 32 Notices of Change in Control Letters of Intent Not to Disapprove Disapproved Brokered Deposit Waivers Approved Denied Savings Association Activities3 Approved Denied State Bank Activities/Investments4 Approved Denied Conversion of Mutual Institutions Non-Objection Objection 2019 2018 2017 15 17 12 15 17 12 0 0 0 548 533 500 548 533 500 0 0 0 243 224 218 243 224 218 0 0 0 87 120 104 87 120 104 5 7 1 82 113 103 0 0 0 0 0 0 0 0 0 12 21 17 12 21 17 0 0 0 3 5 12 3 5 11 0 0 1 2 0 1 2 0 1 0 0 0 20 9 2 20 9 2 0 0 0 4 2 5 4 2 5 0 0 0 1 Includes deposit insurance application filed on behalf of (1) newly organized institutions, (2) existing uninsured financial services companies seeking establishment as an insured institution, and (3) interim institutions established to facilitate merger or conversion transactions, and applications to facilitate the establishment of thrift holding companies. 2 Under Section 19 of the Federal Deposit Insurance (FDI) Act, an insured institution must receive FDIC approval before employing a person convicted of dishonesty or breach of trust. Under Section 32, the FDIC must approve any change of directors or senior executive officers at a state nonmember bank that is not in compliance with capital requirements or is otherwise in troubled condition. 3 Section 28 of the FDI Act, in general, prohibits a federally-insured state savings association from engaging in an activity not permissible for a federal savings association and requires notices or applications to be filed with the FDIC. 4 Section 24 of the FDI Act, in general, prohibits a federally-insured state bank from engaging in an activity not permissible for a national bank and requires notices or applications to be filed with the FDIC. APPENDICES 131 ANNUAL REPORT COMBINED RISK AND CONSUMER ENFORCEMENT ACTIONS Total Number of Actions Initiated by the FDIC Termination of Insurance Involuntary Termination Sec. 8a For Violations, Unsafe/Unsound Practices or Conditions Voluntary Termination Sec. 8a By Order Upon Request Sec. 8p No Deposits Sec. 8q Deposits Assumed Sec. 8b Cease-and-Desist Actions Notices of Charges Issued Orders to Pay Restitution Consent Orders Personal Cease and Desist Orders Sec. 8e Removal/Prohibition of Director or Officer Notices of Intention to Remove/Prohibit Consent Orders Sec. 8g Suspension/Removal When Charged With Crime Civil Money Penalties Issued Sec. 7a Call Report Penalties Sec. 8i Civil Money Penalties Sec. 8i Civil Money Penalty Notices of Assessment Sec. 10c Orders of Investigation Sec. 19 Waiver Orders Approved Section 19 Waiver Orders Denied Section 19 Waiver Orders Sec. 32 Notices Disapproving Officer/Director’s Request for Review Truth-in-Lending Act Reimbursement Actions Denials of Requests for Relief Grants of Relief Banks Making Reimbursement1 Suspicious Activity Reports (Open and closed institutions)1 Other Actions Not Listed2 2019 2018 2017 182 177 231 17 8 9 0 0 0 0 0 0 17 8 9 0 0 0 12 7 8 5 1 1 24 23 26 1 1 0 0 5 4 18 17 14 5 0 8 34 52 65 1 2 7 33 50 58 0 0 0 29 25 47 0 0 0 27 23 42 2 2 5 11 6 9 64 59 71 64 59 71 0 0 0 0 0 0 58 91 135 0 0 0 0 0 0 58 91 135 225,270 193,585 182,647 3 4 4 1 These actions do not constitute the initiation of a formal enforcement action and, therefore, are not included in the total number of actions initiated. 2 The Other Actions Not Listed were, in 2019: 3 Supervisory Prompt Corrective Action Directives and 1 Other Formal Action; in 2018: 2 Supervisory Prompt Corrective Action Directives, 1 Temporary Cease and Desist Order and 1 Other Formal Action; and 2017: 1 Supervisory Prompt Corrective Action Directive and 3 Other Formal Actions. 132 APPENDICES 2019 ESTIMATED INSURED DEPOSITS AND THE DEPOSIT INSURANCE FUND, DECEMBER 31, 1934, THROUGH SEPTEMBER 30, 20191 Dollars in Millions (except Insurance Coverage) Deposits in Insured Institutions2 Year 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990 1989 1988 1987 1986 Insurance Coverage2 $250,000 250,000 250,000 250,000 250,000 250,000 250,000 250,000 250,000 250,000 250,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 100,000 Insurance Fund as a Percentage of Total Domestic Deposits Est. Insured Deposits Percentage of Domestic Deposits Deposit Insurance Fund Total Domestic Deposits Est. Insured Deposits $13,018,939 12,659,395 12,129,503 11,693,371 10,952,922 10,410,687 9,825,479 9,474,720 8,782,291 7,887,858 7,705,354 7,505,408 6,921,678 6,640,097 6,229,753 5,724,621 5,223,922 4,916,078 4,564,064 4,211,895 3,885,826 3,817,150 3,602,189 3,454,556 3,318,595 3,184,410 3,220,302 3,275,530 3,331,312 3,415,464 3,412,503 2,337,080 2,198,648 2,162,687 $7,736,888 7,525,393 7,156,067 6,917,200 6,518,675 6,195,554 5,998,238 7,402,053 6,973,483 6,301,542 5,407,773 4,750,783 4,292,211 4,153,808 3,890,930 3,622,059 3,452,497 3,383,598 3,215,581 3,055,108 2,869,208 2,850,452 2,746,477 2,690,439 2,663,873 2,588,619 2,602,781 2,677,709 2,733,387 2,784,838 2,755,471 1,756,771 1,657,291 1,636,915 59.4 59.4 59.0 59.2 59.5 59.5 61.0 78.1 79.4 79.9 70.2 63.3 62.0 62.6 62.5 63.3 66.1 68.8 70.5 72.5 73.8 74.7 76.2 77.9 80.3 81.3 80.8 81.7 82.1 81.5 80.7 75.2 75.4 75.7 $108,939.7 102,608.9 92,747.5 83,161.5 72,600.2 62,780.2 47,190.8 32,957.8 11,826.5 (7,352.2) (20,861.8) 17,276.3 52,413.0 50,165.3 48,596.6 47,506.8 46,022.3 43,797.0 41,373.8 41,733.8 39,694.9 39,452.1 37,660.8 35,742.8 28,811.5 23,784.5 14,277.3 178.4 (6,934.0) 4,062.7 13,209.5 14,061.1 18,301.8 18,253.3 0.84 0.81 0.76 0.71 0.66 0.60 0.48 0.35 0.13 (0.09) (0.27) 0.23 0.76 0.76 0.78 0.83 0.88 0.89 0.91 0.99 1.02 1.03 1.05 1.03 0.87 0.75 0.44 0.01 (0.21) 0.12 0.39 0.60 0.83 0.84 1.41 1.36 1.30 1.20 1.11 1.01 0.79 0.45 0.17 (0.12) (0.39) 0.36 1.22 1.21 1.25 1.31 1.33 1.29 1.29 1.37 1.38 1.38 1.37 1.33 1.08 0.92 0.55 0.01 (0.25) 0.15 0.48 0.80 1.10 1.12 APPENDICES 133 ANNUAL REPORT ESTIMATED INSURED DEPOSITS AND THE DEPOSIT INSURANCE FUND, DECEMBER 31, 1934, THROUGH SEPTEMBER 30, 20191 (continued) Dollars in Millions (except Insurance Coverage) Deposits in Insured Institutions2 Year Insurance Coverage2 1985 1984 1983 1982 1981 1980 1979 1978 1977 1976 1975 1974 1973 1972 1971 1970 1969 1968 1967 1966 1965 1964 1963 1962 1961 1960 1959 1958 1957 1956 1955 1954 1953 1952 100,000 100,000 100,000 100,000 100,000 100,000 40,000 40,000 40,000 40,000 40,000 40,000 20,000 20,000 20,000 20,000 20,000 15,000 15,000 15,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 10,000 134 Total Domestic Deposits 1,975,030 1,805,334 1,690,576 1,544,697 1,409,322 1,324,463 1,226,943 1,145,835 1,050,435 941,923 875,985 833,277 766,509 697,480 610,685 545,198 495,858 491,513 448,709 401,096 377,400 348,981 313,304 297,548 281,304 260,495 247,589 242,445 225,507 219,393 212,226 203,195 193,466 188,142 Insurance Fund as a Percentage of Est. Insured Deposits Percentage of Domestic Deposits Deposit Insurance Fund Total Domestic Deposits Est. Insured Deposits 1,510,496 1,393,421 1,268,332 1,134,221 988,898 948,717 808,555 760,706 692,533 628,263 569,101 520,309 465,600 419,756 374,568 349,581 313,085 296,701 261,149 234,150 209,690 191,787 177,381 170,210 160,309 149,684 142,131 137,698 127,055 121,008 116,380 110,973 105,610 101,841 76.5 77.2 75.0 73.4 70.2 71.6 65.9 66.4 65.9 66.7 65.0 62.4 60.7 60.2 61.3 64.1 63.1 60.4 58.2 58.4 55.6 55.0 56.6 57.2 57.0 57.5 57.4 56.8 56.3 55.2 54.8 54.6 54.6 54.1 17,956.9 16,529.4 15,429.1 13,770.9 12,246.1 11,019.5 9,792.7 8,796.0 7,992.8 7,268.8 6,716.0 6,124.2 5,615.3 5,158.7 4,739.9 4,379.6 4,051.1 3,749.2 3,485.5 3,252.0 3,036.3 2,844.7 2,667.9 2,502.0 2,353.8 2,222.2 2,089.8 1,965.4 1,850.5 1,742.1 1,639.6 1,542.7 1,450.7 1,363.5 0.91 0.92 0.91 0.89 0.87 0.83 0.80 0.77 0.76 0.77 0.77 0.73 0.73 0.74 0.78 0.80 0.82 0.76 0.78 0.81 0.80 0.82 0.85 0.84 0.84 0.85 0.84 0.81 0.82 0.79 0.77 0.76 0.75 0.72 1.19 1.19 1.22 1.21 1.24 1.16 1.21 1.16 1.15 1.16 1.18 1.18 1.21 1.23 1.27 1.25 1.29 1.26 1.33 1.39 1.45 1.48 1.50 1.47 1.47 1.48 1.47 1.43 1.46 1.44 1.41 1.39 1.37 1.34 APPENDICES 2019 ESTIMATED INSURED DEPOSITS AND THE DEPOSIT INSURANCE FUND, DECEMBER 31, 1934, THROUGH SEPTEMBER 30, 20191 (continued) Dollars in Millions (except Insurance Coverage) Deposits in Insured Institutions2 Year Insurance Coverage2 1951 1950 1949 1948 1947 1946 1945 1944 1943 1942 1941 1940 1939 1938 1937 1936 1935 1934 10,000 10,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 5,000 Total Domestic Deposits 178,540 167,818 156,786 153,454 154,096 148,458 157,174 134,662 111,650 89,869 71,209 65,288 57,485 50,791 48,228 50,281 45,125 40,060 Est. Insured Deposits 96,713 91,359 76,589 75,320 76,254 73,759 67,021 56,398 48,440 32,837 28,249 26,638 24,650 23,121 22,557 22,330 20,158 18,075 Insurance Fund as a Percentage of Percentage of Domestic Deposits 54.2 54.4 48.8 49.1 49.5 49.7 42.6 41.9 43.4 36.5 39.7 40.8 42.9 45.5 46.8 44.4 44.7 45.1 Deposit Insurance Fund 1,282.2 1,243.9 1,203.9 1,065.9 1,006.1 1,058.5 929.2 804.3 703.1 616.9 553.5 496.0 452.7 420.5 383.1 343.4 306.0 291.7 Total Domestic Deposits Est. Insured Deposits 0.72 0.74 0.77 0.69 0.65 0.71 0.59 0.60 0.63 0.69 0.78 0.76 0.79 0.83 0.79 0.68 0.68 0.73 1.33 1.36 1.57 1.42 1.32 1.44 1.39 1.43 1.45 1.88 1.96 1.86 1.84 1.82 1.70 1.54 1.52 1.61 1 For 2019, figures are as of September 30; all other prior years are as of December 31. Prior to 1989, figures are for the Bank Insurance Fund (BIF) only and exclude insured branches of foreign banks. For 1989 to 2005, figures represent the sum of the BIF and Savings Association Insurance Fund (SAIF) amounts; for 2006 to 2019, figures are for DIF. Amounts for 1989-2019 include insured branches of foreign banks. Prior to year-end 1991, insured deposits were estimated using percentages determined from June Call and Thrift Financial Reports. 2 The year-end 2008 coverage limit and estimated insured deposits do not reflect the temporary increase to $250,000 then in effect under the Emergency Economic Stabilization Act of 2008. The Dodd-Frank Wall Street Reform and Consumer Protection (Dodd-Frank) Act made this coverage limit permanent. The year-end 2009 coverage limit and estimated insured deposits reflect the $250,000 coverage limit. The Dodd-Frank Act also temporarily provided unlimited coverage for non-interest bearing transaction accounts for two years beginning December 31, 2010. Coverage for certain retirement accounts increased to $250,000 in 2006. Initial coverage limit was $2,500 from January 1 to June 30, 1934. APPENDICES 135 ANNUAL REPORT INCOME AND EXPENSES, DEPOSIT INSURANCE FUND, FROM BEGINNING OF OPERATIONS, SEPTEMBER 11, 1933, THROUGH DECEMBER 31, 2019 Dollars in Millions Income Expenses and Losses Year Total Assessment Income Assessment Credits Investment and Other TOTAL $260,559.2 $190,764.4 $12,096.5 $81,891.3 2019 7,095.3 5,642.7 703.6 2,156.2 2018 11,170.8 9,526.7 0.0 2017 11,663.7 10,594.8 0.0 2016 10,674.1 9,986.6 2015 9,303.5 8,846.8 2014 8,965.1 2013 10,458.9 2012 Effective Assessment Rate1 Total Provision for Ins. Losses $151,024.5 $106,443.1 Admin. and Operating Expenses2 Net Income/ (Loss) $109,674.2 $9,472.2 $139.5 0.0313% 513.2 (1,285.5) 1,795.6 3.1 0 1,644.1 0.0626% 1,205.2 (562.6) 1,764.7 3.1 0 9,965.6 1,068.9 0.0716% 1,558.2 (183.1) 1,739.4 2.0 0 10,105.5 0.0 687.5 0.0699% 150.6 (1,567.9) 1,715.0 3.5 0 10,523.5 0.0 456.7 0.0647% (553.2) (2,251.3) 1,687.2 10.9 0 9,856.7 8,656.1 0.0 309.0 0.0663% (6,634.7) (8,305.5) 1,664.3 6.5 0 15,599.8 9,734.2 0.0 724.7 0.0775% (4,045.9) (5,659.4) 1,608.7 4.8 0 14,504.8 18,522.3 12,397.2 0.2 6,125.3 0.1012% (2,599.0) (4,222.6) 1,777.5 (153.9) 0 21,121.3 2011 16,342.0 13,499.5 0.9 2,843.4 0.1115% (2,915.4) (4,413.6) 1,625.4 (127.2) 0 19,257.4 2010 13,379.9 13,611.2 0.8 (847.8) 1,592.6 (669.8) 0 13,304.9 2009 24,706.4 17,865.4 148.0 2008 7,306.3 4,410.4 1,445.9 2007 3,196.2 3,730.9 2006 2,643.5 2005 2,420.5 2004 2003 6,582.1 0.1772% 75.0 6,989.0 0.2330% 60,709.0 57,711.8 1,271.1 1,726.1 0 (36,002.6) 4,341.8 0.0418% 44,339.5 41,838.8 1,033.5 1,467.2 0 (37,033.2) 3,088.0 2,553.3 0.0093% 1,090.9 95.0 992.6 3.3 0 2,105.3 31.9 0.0 2,611.6 0.0005% 904.3 (52.1) 950.6 5.8 0 1,739.2 60.9 0.0 2,359.6 0.0010% 809.3 (160.2) 965.7 3.8 0 1,611.2 2,240.3 104.2 0.0 2,136.1 0.0019% 607.6 2,173.6 94.8 0.0 2,078.8 0.0019% (67.7) 2002 2,384.7 107.8 0.0 2,276.9 0.0023% 719.6 2001 2,730.1 83.2 0.0 2,646.9 0.0019% 3,123.4 2,199.3 2000 2,570.1 64.3 0.0 2,505.8 0.0016% 945.2 1999 2,416.7 48.4 0.0 2,368.3 0.0013% 2,047.0 1998 2,584.6 37.0 0.0 2,547.6 0.0010% 817.5 (5.7) 1997 2,165.5 38.6 0.0 2,126.9 0.0011% 247.3 (505.7) 1996 7,156.8 5,294.2 0.0 1,862.6 0.1622% 353.6 (417.2) 1995 5,229.2 3,877.0 0.0 1,352.2 0.1238% 202.2 1994 7,682.1 6,722.7 0.0 959.4 0.2192% 1993 7,354.5 6,682.0 0.0 672.5 0.2157% 1992 6,479.3 5,758.6 0.0 720.7 0.1815% 1991 5,886.5 5,254.0 0.0 632.5 0.1613% 1990 3,855.3 2,872.3 0.0 983.0 1989 3,494.8 1,885.0 0.0 1,609.8 1988 3,347.7 1,773.0 0.0 1987 3,319.4 1,696.0 1986 3,260.1 1,516.9 1985 3,385.5 1984 3,099.5 1983 2,628.1 136 (230.5) $35,109.3 Interest & Other Ins. Expenses Funding Transfer from the FSLIC Resolution Fund (353.4) 941.3 19.7 0 1,632.7 (1,010.5) 935.5 7.3 0 2,241.3 (243.0) 945.1 17.5 0 1,665.1 887.9 36.2 0 28.0 883.9 33.3 0 1,199.7 823.4 23.9 0 369.7 782.6 40.6 0 1,767.1 677.2 75.8 0 1,918.2 568.3 202.5 0 6,803.2 (354.2) 510.6 45.8 0 5,027.0 (1,825.1) (2,459.4) 443.2 191.1 0 9,507.2 (6,744.4) (7,660.4) 418.5 497.5 0 14,098.9 (596.8) (2,274.7) 614.83 1,063.1 35.4 7,111.5 16,925.3 15,496.2 326.1 1,103.0 42.4 (10,996.4) 0.0868% 13,059.3 12,133.1 275.6 650.6 56.1 (9,147.9) 0.0816% 4,352.2 3,811.3 219.9 321.0 5.6 (851.8) 1,574.7 0.0825% 7,588.4 6,298.3 223.9 1,066.2 0 (4,240.7) 0.0 1,623.4 0.0833% 3,270.9 2,996.9 204.9 69.1 0 48.5 0.0 1,743.2 0.0787% 2,963.7 2,827.7 180.3 (44.3) 0 296.4 1,433.5 0.0 1,952.0 0.0815% 1,957.9 1,569.0 179.2 209.7 0 1,427.6 1,321.5 0.0 1,778.0 0.0800% 1,999.2 1,633.4 151.2 214.6 0 1,100.3 1,214.9 164.0 1,577.2 0.0714% 969.9 675.1 135.7 159.1 0 1,658.2 APPENDICES (393.3) 1,624.9 2019 INCOME AND EXPENSES, DEPOSIT INSURANCE FUND, FROM BEGINNING OF OPERATIONS, SEPTEMBER 11, 1933, THROUGH DECEMBER 31, 2019 (continued) Dollars in Millions Income Year Total Assessment Income Expenses and Losses Assessment Credits Investment and Other Effective Assessment Rate1 Total Provision for Ins. Losses Admin. and Operating Expenses2 Interest & Other Ins. Expenses Funding Transfer from the FSLIC Resolution Fund Net Income/ (Loss) 1982 2,524.6 1,108.9 96.2 1,511.9 0.0769% 999.8 126.4 129.9 743.5 0 1,524.8 1981 2,074.7 1,039.0 117.1 1,152.8 0.0714% 848.1 320.4 127.2 400.5 0 1,226.6 1980 1,310.4 951.9 521.1 879.6 0.0370% 83.6 (38.1) 118.2 3.5 0 1,226.8 1979 1,090.4 881.0 524.6 734.0 0.0333% 93.7 (17.2) 106.8 4.1 0 996.7 1978 952.1 810.1 443.1 585.1 0.0385% 148.9 36.5 103.3 9.1 0 803.2 1977 837.8 731.3 411.9 518.4 0.0370% 113.6 20.8 89.3 3.5 0 724.2 1976 764.9 676.1 379.6 468.4 0.0370% 212.3 28.0 180.4 3.9 0 552.6 1975 689.3 641.3 362.4 410.4 0.0357% 97.5 27.6 67.7 2.2 0 591.8 1974 668.1 587.4 285.4 366.1 0.0435% 159.2 97.9 59.2 2.1 0 508.9 1973 561.0 529.4 283.4 315.0 0.0385% 108.2 52.5 54.4 1.3 0 452.8 1972 467.0 468.8 280.3 278.5 0.0333% 65.7 10.1 49.6 6.0 5 0 401.3 1971 415.3 417.2 241.4 239.5 0.0345% 60.3 13.4 46.9 0.0 0 355.0 1970 382.7 369.3 210.0 223.4 0.0357% 46.0 3.8 42.2 0.0 0 336.7 1969 335.8 364.2 220.2 191.8 0.0333% 34.5 1.0 33.5 0.0 0 301.3 1968 295.0 334.5 202.1 162.6 0.0333% 29.1 0.1 29.0 0.0 0 265.9 1967 263.0 303.1 182.4 142.3 0.0333% 27.3 2.9 24.4 0.0 0 235.7 1966 241.0 284.3 172.6 129.3 0.0323% 19.9 0.1 19.8 0.0 0 221.1 1965 214.6 260.5 158.3 112.4 0.0323% 22.9 5.2 17.7 0.0 0 191.7 1964 197.1 238.2 145.2 104.1 0.0323% 18.4 2.9 15.5 0.0 0 178.7 1963 181.9 220.6 136.4 97.7 0.0313% 15.1 0.7 14.4 0.0 0 166.8 1962 161.1 203.4 126.9 84.6 0.0313% 13.8 0.1 13.7 0.0 0 147.3 1961 147.3 188.9 115.5 73.9 0.0323% 14.8 1.6 13.2 0.0 0 132.5 1960 144.6 180.4 100.8 65.0 0.0370% 12.5 0.1 12.4 0.0 0 132.1 1959 136.5 178.2 99.6 57.9 0.0370% 12.1 0.2 11.9 0.0 0 124.4 1958 126.8 166.8 93.0 53.0 0.0370% 11.6 0.0 11.6 0.0 0 115.2 1957 117.3 159.3 90.2 48.2 0.0357% 9.7 0.1 9.6 0.0 0 107.6 1956 111.9 155.5 87.3 43.7 0.0370% 9.4 0.3 9.1 0.0 0 102.5 1955 105.8 151.5 85.4 39.7 0.0370% 9.0 0.3 8.7 0.0 0 96.8 1954 99.7 144.2 81.8 37.3 0.0357% 7.8 0.1 7.7 0.0 0 91.9 1953 94.2 138.7 78.5 34.0 0.0357% 7.3 0.1 7.2 0.0 0 86.9 1952 88.6 131.0 73.7 31.3 0.0370% 7.8 0.8 7.0 0.0 0 80.8 1951 83.5 124.3 70.0 29.2 0.0370% 6.6 0.0 6.6 0.0 0 76.9 1950 84.8 122.9 68.7 30.6 0.0370% 7.8 1.4 6.4 0.0 0 77.0 1949 151.1 122.7 0.0 28.4 0.0833% 6.4 0.3 6.1 0.0 0 144.7 1948 145.6 119.3 0.0 26.3 0.0833% 7.0 0.7 6.36 0.0 0 138.6 1947 157.5 114.4 0.0 43.1 0.0833% 9.9 0.1 9.8 0.0 0 147.6 1946 130.7 107.0 0.0 23.7 0.0833% 10.0 0.1 9.9 0.0 0 120.7 1945 121.0 93.7 0.0 27.3 0.0833% 9.4 0.1 9.3 0.0 0 111.6 APPENDICES 4 137 ANNUAL REPORT INCOME AND EXPENSES, DEPOSIT INSURANCE FUND, FROM BEGINNING OF OPERATIONS, SEPTEMBER 11, 1933, THROUGH DECEMBER 31, 2019 (continued) Dollars in Millions Income Year 1 Assessment Income Total Expenses and Losses Assessment Credits Investment and Other Effective Assessment Rate1 Total Provision for Ins. Losses Admin. and Operating Expenses2 Interest & Other Ins. Expenses Funding Transfer from the FSLIC Resolution Fund Net Income/ (Loss) 1944 99.3 80.9 0.0 18.4 0.0833% 9.3 0.1 9.2 0.0 0 90.0 1943 86.6 70.0 0.0 16.6 0.0833% 9.8 0.2 9.6 0.0 0 76.8 1942 69.1 56.5 0.0 12.6 0.0833% 10.1 0.5 9.6 0.0 0 59.0 1941 62.0 51.4 0.0 10.6 0.0833% 10.1 0.6 9.5 0.0 0 51.9 1940 55.9 46.2 0.0 9.7 0.0833% 12.9 3.5 9.4 0.0 0 43.0 1939 51.2 40.7 0.0 10.5 0.0833% 16.4 7.2 9.2 0.0 0 34.8 1938 47.7 38.3 0.0 9.4 0.0833% 11.3 2.5 8.8 0.0 0 36.4 1937 48.2 38.8 0.0 9.4 0.0833% 12.2 3.7 8.5 0.0 0 36.0 1936 43.8 35.6 0.0 8.2 0.0833% 10.9 2.6 8.3 0.0 0 32.9 1935 20.8 11.5 0.0 9.3 0.0833% 11.3 2.8 8.5 0.0 0 9.5 1933-34 7.0 0.0 0.0 7.0 N/A 10.0 0.2 9.8 0.0 0 (3.0) The effective assessment rate is calculated from annual assessment income (net of assessment credits), excluding transfers to the Financing Corporation (FICO), Resolution Funding Corporation (REFCORP) and FSLIC Resolution Fund, divided by the average assessment base. Figures represent only BIF-insured institutions prior to 1990, and BIF- and SAIF-insured institutions from 1990 through 2005. After 1995, all thrift closings became the responsibility of the FDIC and amounts are reflected in the SAIF. Beginning in 2006, figures are for the DIF. The annualized assessment rate for 2019 is based on full year assessment income divided by a four quarter average of 2019 quarterly assessment base amounts. The assessment base for fourth quarter 2019 was estimated using the third quarter 2019 assessment base and an assumed quarterly growth rate of one percent. Historical Assessment Rates: 1934 – 1949 The statutory assessment rate was 0.0833 percent. 1950 – 1984 The effective assessment rates varied from the statutory rate of 0.0833 percent due to assessment credits provided in those years. 1985 – 1989 The statutory assessment rate was 0.0833 percent (no credits were given). 1990 1991 – 1992 1993 – 2006 138 of 1996. In 1996, the SAIF collected a one-time special assessment of $4.5 billion. Subsequently, assessment rates for the SAIF were lowered to the same range as the BIF, effective October 1996. This range of rates remained unchanged for both funds through 2006. 2007 – 2008 As part of the implementation of the Federal Deposit Insurance Reform Act of 2005, assessment rates were increased to a range of 0.05 percent to 0.43 percent of assessable deposits effective at the start of 2007, but many institutions received a one-time assessment credit ($4.7 billion in total) to offset the new assessments. 2009 – 2011 For the first quarter of 2009, assessment rates were increased to a range of 0.12 percent to 0.50 percent of assessable deposits. On June 30, 2009, a special assessment was imposed on all insured banks and thrifts, which amounted in aggregate to approximately $5.4 billion. For 8,106 institutions, with $9.3 trillion in assets, the special assessment was 5 basis points of each insured institution’s assets minus tier one capital; 89 other institutions, with assets of $4.0 trillion, had their special assessment capped at 10 basis points of their second quarter assessment base. From the second quarter of 2009 through the first quarter of 2011, initial assessment rates ranged between 0.12 percent and 0.45 percent of assessable deposits. Initial rates were subject to further adjustments. The statutory rate increased to 0.12 percent. The statutory rate increased to a minimum of 0.15 percent. The effective rates in 1991 and 1992 varied because the FDIC exercised new authority to increase assessments above the statutory minimum rate when needed. Beginning in 1993, the effective rate was based on a risk-related premium system under which institutions paid assessments in the range of 0.23 percent to 0.31 percent. In May 1995, the BIF reached the mandatory recapitalization level of 1.25 percent. As a result, BIF assessment rates were reduced to a range of 0.04 percent to 0.31 percent of assessable deposits, effective June 1995, and assessments totaling $1.5 billion were refunded in September 1995. Assessment rates for the BIF were lowered again to a range of 0 to 0.27 percent of assessable deposits, effective the start APPENDICES 2019 2011 – 2016 2016 Beginning in the second quarter of 2011, the assessment base changed to average total consolidated assets less average tangible equity (with certain adjustments for banker’s banks and custodial banks), as required by the Dodd-Frank Act. The FDIC implemented a new assessment rate schedule at the same time to conform to the larger assessment base. Initial assessment rates were lowered to a range of 0.05 percent to 0.35 percent of the new base. The annualized assessment rates averaged approximately 17.6 cents per $100 of assessable deposits for the first quarter of 2011 and 11.1 cents per $100 of the new base for the last three quarters of 2011 (which is shown in the table). 2018 The 4.5 basis point surcharge imposed on large banks ended effective October 1, 2018. The annualized assessment rates averaged approximately 7.2 cents per $100 of the assessable base for the first three quarters of 2018 and 3.5 cents per $100 of the assessment base for the last quarter of 2018. The full year annualized assessment rate averaged 6.3 cents per $100 (which is shown in the table). 2019 Assessment income for 2019 included the application of small bank credits in the second, third, and fourth quarters, for a total of $704 million. Beginning July 1, 2016, initial assessment rates were lowered from a range of 5 basis points to 35 basis points to a range of 3 basis points to 30 basis points, and an additional surcharge was imposed on large banks (generally institutions with $10 billion or more in assets) of 4.5 basis points of their assessment base (after making adjustments). 2 These expenses, which are presented as operating expenses in the Statement of Income and Fund Balance, pertain to the FDIC in its corporate capacity only and do not include costs that are charged to the failed bank receiverships that are managed by the FDIC. The receivership expenses are presented as part of the “Receivables from Resolutions, net” line on the Balance Sheet. The narrative and graph presented on page 87 of this report shows the aggregate (corporate and receivership) expenditures of the FDIC. 3 Includes $210 million for the cumulative effect of an accounting change for certain postretirement benefits (1992). 4 Includes a $106 million net loss on government securities (1976). 5 This amount represents interest and other insurance expenses from 1933 to 1972. 6 Includes the aggregate amount of $81 million of interest paid on capital stock between 1933 and 1948. APPENDICES 139 ANNUAL REPORT FDIC INSURED INSTITUTIONS CLOSED DURING 2019 Dollars in Thousands Codes for Bank Class: NM = N = State-chartered bank that is not a member of the Federal Reserve System National Bank Name and Location Bank Class Number of Deposit Accounts SB = SI = Savings bank Stock and Mutual Savings Bank Total Assets1 Total Deposits1 Insured Deposit Funding and Other Disbursements SM = SA = State-chartered bank that is a member of the Federal Reserve System Savings Association Estimated Loss to the DIF2 Date of Closing or Acquisition Receiver/Assuming Bank and Location Purchase and Assumption - All Deposits Louisa Community Bank Louisa, KY NM 1,584 $28,163 $25,174 $24,673 $4,547 10/25/19 Kentucky Farmers Bank Corporation Catlettsburg, KY Resolute Bank Maumee, OH SM 739 $23,292 $22,885 $21,227 $2,188 10/25/19 Buckeye State Bank Powell, OH City National Bank of New Jersey Newark, NJ N 10,312 $120,574 $111,234 $110,647 $2,491 11/01/19 Industrial Bank Washington, DC 1,363 $36,738 $31,254 $31,094 $21,577 05/31/19 Legend Bank, N.A. Bowie, TX Insured Deposit Transfer Enloe State Bank Cooper, TX NM 1 Total Assets and Total Deposits data are based upon the last Call Report filed by the institution prior to failure. 2 Estimated losses are as of December 31, 2019. Estimated losses are routinely adjusted with updated information from new appraisals and asset sales, which ultimately affect the asset values and projected recoveries. Represents the estimated loss to the DIF from deposit insurance obligations. 140 APPENDICES 2019 RECOVERIES AND LOSSES BY THE DEPOSIT INSURANCE FUND ON DISBURSEMENTS FOR THE PROTECTION OF DEPOSITORS, 1934 - 2019 Dollars in Thousands Bank and Thrift Failures1 Year2 Number of Banks/ Thrifts Total Assets3 Total Deposits3 Funding4 Final and Estimated Losses6 2019 2018 2017 2016 2015 2014 2013 2012 2011 20107 20097 20087 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990 1989 1988 1987 1986 1985 1984 1983 1982 1981 1980 1934 - 1979 2,627 4 0 8 5 8 18 24 51 92 157 140 25 3 0 0 4 3 11 4 7 8 3 1 6 6 13 41 120 124 168 206 200 184 138 116 78 44 32 7 10 558 $946,852,179 208,767 0 5,081,737 277,182 6,706,038 2,913,503 6,044,051 11,617,348 34,922,997 92,084,988 169,709,160 371,945,480 2,614,928 0 0 170,099 947,317 2,872,720 1,821,760 410,160 1,592,189 290,238 27,923 232,634 802,124 1,463,874 3,828,939 45,357,237 64,556,512 16,923,462 28,930,572 38,402,475 6,928,889 7,356,544 3,090,897 2,962,179 3,580,132 1,213,316 108,749 239,316 8,615,743 $713,129,053 $190,547 0 4,683,360 268,516 4,574,170 2,691,485 5,132,246 11,009,630 31,071,862 78,290,185 137,835,121 234,321,715 2,424,187 0 0 156,733 901,978 2,512,834 1,661,214 342,584 1,320,573 260,675 27,511 230,390 776,387 1,397,018 3,509,341 39,921,310 52,972,034 15,124,454 24,152,468 26,524,014 6,599,180 6,638,903 2,889,801 2,665,797 2,832,184 1,056,483 100,154 219,890 5,842,119 $582,048,662 187,641 0 4,596,003 262,243 4,565,684 2,684,528 5,022,368 11,042,913 30,717,287 82,305,089 136,081,390 205,833,992 1,920,200 0 0 139,244 883,772 1,567,805 21,131 297,313 1,308,316 293,117 25,546 201,533 609,043 1,224,769 3,841,658 14,541,476 21,501,772 10,812,484 11,443,281 10,432,655 4,876,994 4,632,121 2,154,955 2,165,036 3,042,392 545,612 114,944 152,355 5,133,173 $104,976,605 30,803 0 1,163,650 42,464 851,681 394,526 1,217,721 2,411,932 6,433,638 15,874,775 25,988,291 17,862,077 158,534 0 0 3,917 62,647 413,989 292,465 32,138 586,027 221,606 5,026 60,615 84,472 179,051 632,646 3,674,149 6,001,595 2,771,489 6,195,286 5,377,497 1,862,492 1,682,538 648,179 523,879 1,069,355 125,787 8,988 30,680 380,878 APPENDICES 141 ANNUAL REPORT RECOVERIES AND LOSSES BY THE DEPOSIT INSURANCE FUND ON DISBURSEMENTS FOR THE PROTECTION OF DEPOSITORS, 1934 - 2019 (continued) Dollars in Thousands Assistance Transactions1 142 Year2 Number of Banks/ Thrifts Total Assets3 Total Deposits3 Funding4 Recoveries5 Estimated Additional Recoveries 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 20098 20088 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990 1989 1988 1987 154 0 0 0 0 0 0 0 0 0 0 8 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 1 1 80 19 $3,317,099,253 0 0 0 0 0 0 0 0 0 0 1,917,482,183 1,306,041,994 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 33,831 78,524 14,206 4,438 15,493,939 2,478,124 $1,442,173,417 0 0 0 0 0 0 0 0 0 0 1,090,318,282 280,806,966 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 33,117 75,720 14,628 6,396 11,793,702 2,275,642 $11,630,356 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1,486 6,117 4,935 2,548 1,730,351 160,877 $6,199,875 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1,236 3,093 2,597 252 189,709 713 $0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 APPENDICES Final and Estimated Losses6 $5,430,481 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 250 3,024 2,338 2,296 1,540,642 160,164 2019 RECOVERIES AND LOSSES BY THE DEPOSIT INSURANCE FUND ON DISBURSEMENTS FOR THE PROTECTION OF DEPOSITORS, 1934 - 2019 (continued) Dollars in Thousands Assistance Transactions1 (continued) Year2 Number of Banks/ Thrifts 1986 1985 1984 1983 1982 1981 1980 1934-1979 7 4 2 4 10 3 1 4 Total Assets3 712,558 5,886,381 40,470,332 3,611,549 10,509,286 4,838,612 7,953,042 1,490,254 Total Deposits3 585,248 5,580,359 29,088,247 3,011,406 9,118,382 3,914,268 5,001,755 549,299 Funding4 158,848 765,732 5,531,179 764,690 1,729,538 774,055 0 0 Recoveries5 Estimated Additional Recoveries 65,669 406,676 4,414,904 427,007 686,754 1,265 0 0 0 0 0 0 0 0 0 0 Final and Estimated Losses6 93,179 359,056 1,116,275 337,683 1,042,784 772,790 0 0 1 Institutions for which the FDIC is appointed receiver, including deposit payoff, insured deposit transfer, and deposit assumption cases. 2 For 1990 through 2005, amounts represent the sum of BIF and SAIF failures (excluding those handled by the RTC); prior to1990, figures are only for the BIF. After 1995, all thrift closings became the responsibility of the FDIC and amounts are reflected in the SAIF. For 2006 to 2019, figures are for the DIF. 3 Assets and deposit data are based on the last Call Report or TFR filed before failure. 4 Funding represents the amounts provided by the DIF to receiverships for subrogated claims, advances for working capital, and administrative expenses paid on their behalf. Between 2008 and 2013, the DIF resolved failures using whole-bank purchase and assumption transactions, most with an accompanying shared-loss agreement (SLA). The DIF satisfies any resulting liabilities by offsetting receivables from resolutions when receiverships declare a dividend and/or sending cash directly to receiverships to fund an SLA and other expenses. 5 Recoveries represent cash received and dividends (cash and non-cash) declared by receiverships. 6 Final losses represent actual losses for unreimbursed subrogated claims of inactivated receiverships. Estimated losses generally represent the difference between the amount paid by the DIF to cover obligations to insured depositors and the estimated recoveries from the liquidation of receivership assets. 7 Includes amounts related to transaction account coverage under the Transaction Account Guarantee Program (TAG). The estimated losses as of December 31, 2019, for TAG accounts in 2010, 2009, and 2008 are $363 million, $1.1 billion, and $12 million, respectively. 8 Includes institutions where assistance was provided under a systemic risk determination. APPENDICES 143 ANNUAL REPORT NUMBER, ASSETS, DEPOSITS, LOSSES, AND LOSS TO FUNDS OF INSURED THRIFTS TAKEN OVER OR CLOSED BECAUSE OF FINANCIAL DIFFICULTIES, 1989 THROUGH 19951 Dollars in Thousands Year Number of Institutions Assets Total 748 $393,986,574 Deposits Final Receivership Loss2 Loss to Fund3 $318,328,770 $75,977,846 $81,579,496 1995 2 423,819 414,692 28,192 27,750 1994 2 136,815 127,508 11,472 14,599 1993 10 6,147,962 5,708,253 267,595 65,212 1992 59 44,196,946 34,773,224 3,286,908 3,832,145 1991 144 78,898,904 65,173,122 9,235,967 9,734,263 1990 213 129,662,498 98,963,962 16,062,685 19,257,578 19894 318 134,519,630 113,168,009 47,085,027 48,647,949 1 Beginning in 1989 through July 1, 1995, all thrift closings were the responsibility of the Resolution Trust Corporation (RTC). Since the RTC was terminated on December 31, 1995, and all assets and liabilities transferred to the FSLIC Resolution Fund (FRF), all the results of the thrift closing activity from 1989 through 1995 are now reflected on the FRF’s books. Year is the year of failure, not the year of resolution. 2 The Final Receivership Loss represents the loss at the fund level from receiverships for unreimbursed subrogated claims of the FRF-RTC and unpaid advances to receiverships from the FRF-RTC. 3 The Loss to Fund represents the total resolution cost of the failed thrifts in the FRF-RTC fund. In addition to the receivership losses, this includes corporate revenue and expense items such as interest expense on Federal Financing Bank debt, interest expense on escrowed funds, administrative expenses, and interest revenue on advances to receiverships. 4 Total for 1989 excludes nine failures of the former FSLIC. 144 APPENDICES 2019 B. MORE ABOUT THE FDIC FDIC Board of Directors Seated: Jelena McWilliams Standing (left to right) Joseph M. Otting, Martin J. Gruenberg, and Kathleen L. Kraninger Jelena McWilliams Jelena McWilliams was sworn in as the 21st Chairman of the FDIC on June 5, 2018. She serves a six-year term on the FDIC Board of Directors, and is designated as Chairman for a term of five years. Ms. McWilliams was Executive Vice President, Chief Legal Officer, and Corporate Secretary for Fifth Third Bank in Cincinnati, Ohio. At Fifth Third Bank she served as a member of the executive management team and numerous bank committees including: Management Compliance, Enterprise Risk, Risk and Compliance, Operational Risk, Enterprise Marketing, and Regulatory Change. Prior to joining Fifth Third Bank, Ms. McWilliams worked in the U.S. Senate for six years, most recently as Chief Counsel and Deputy Staff Director with the Senate Committee on Banking, Housing and Urban Affairs, and previously as Assistant Chief Counsel with the Senate Small Business and Entrepreneurship Committee. APPENDICES 145 ANNUAL REPORT From 2007 to 2010, Ms. McWilliams served as an attorney at the Federal Reserve Board of Governors, where she drafted consumer protection regulations, reviewed and analyzed comment letters on regulatory proposals, and responded to consumer complaints. Before entering public service, she practiced corporate and securities law at Morrison & Foerster LLP in Palo Alto, California, and Hogan & Hartson LLP (now Hogan Lovells LLP) in Washington, D.C. In legal practice, Ms. McWilliams advised management and boards of directors on corporate governance, compliance, and reporting requirements under the Securities Act of 1933 and the Securities Exchange Act of 1934. She also represented publicly- and privately-held companies in mergers and acquisitions, securities offerings, strategic business ventures, venture capital investments, and general corporate matters. Ms. McWilliams graduated with highest honors from the University of California at Berkeley with a B.S. in political science, and earned her law degree from U.C. Berkeley School of Law. Martin J. Gruenberg Martin J. Gruenberg is the 20th Chairman of the FDIC, receiving Senate confirmation on November 15, 2012, for a five-year term. Mr. Gruenberg served as Vice Chairman and Member of the FDIC Board of Directors from August 22, 2005, until his confirmation as Chairman. He served as Acting Chairman from July 9, 2011, to November 15, 2012, and also from November 16, 2005, to June 26, 2006. Mr. Gruenberg joined the FDIC Board after broad congressional experience in the financial services and regulatory areas. He served as Senior Counsel to Senator Paul S. Sarbanes (D-MD) on the staff of the Senate Committee on Banking, Housing, and Urban Affairs from 1993 to 2005. Mr. Gruenberg advised the Senator on issues of domestic and international financial regulation, monetary policy, and trade. He also served as Staff Director of the Banking Committee’s Subcommittee on International Finance and Monetary Policy from 1987 to 1992. Major legislation in which Mr. Gruenberg played an active role during his service on the Committee includes the Financial Institutions Reform, Recovery, 146 and Enforcement Act of 1989 (FIRREA); the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA); the Gramm-Leach-Bliley Act; and the Sarbanes-Oxley Act of 2002. Mr. Gruenberg served as Chairman of the Executive Council and President of the International Association of Deposit Insurers (IADI) from November 2007 to November 2012. In addition, Mr. Gruenberg has served as Chairman of the Board of Directors of the Neighborhood Reinvestment Corporation (NeighborWorks America) since June 2019, and a member of the Board since April 2018. Mr. Gruenberg holds a J.D. from Case Western Reserve Law School and an A.B. from Princeton University, Woodrow Wilson School of Public and International Affairs. Kathleen L. Kraninger Kathy Kraninger became Director of the Consumer Financial Protection Bureau (CFPB) in December, 2018. From her early days as a Peace Corps volunteer, to her role establishing the Department of Homeland Security (DHS), to her policy work at the Office of Management and Budget (OMB) to the CFPB, Director Kraninger has dedicated her career to public service. Director Kraninger came to the CFPB from OMB, where as a Policy Associate Director she oversaw the budgets for executive branch agencies including the Departments of Commerce, Justice, DHS, Housing and Urban Development, Department of Transportation (DOT), and the Department of Treasury, in addition to 30 other government agencies. Previously she worked in the U.S. Senate, where she was the Clerk for the Senate Appropriations Subcommittee on Homeland Security, which provides DHS with its $40 billion discretionary budget. On Capitol Hill, she also worked for the House Appropriations Subcommittee on Homeland Security as well as the Senate Homeland Security and Governmental Affairs Committee. Ms. Kraninger also served in executive branch posts with DOT. There, after the terrorist attacks on September 11, 2001, she volunteered to join the leadership team that set up the newly created DHS. APPENDICES 2019 Her work at DHS led to awards including the Secretary of Homeland Security’s Award of Exceptional Service, the International Police and Public Safety 9/11 Medal, and the Meritorious Public Service Award from the United States Coast Guard. Ms. Kraninger graduated magna cum laude from Marquette University and earned a law degree from Georgetown University Law Center. She served as a U.S. Peace Corps Volunteer in Ukraine. Joseph M. Otting Joseph M. Otting was sworn in as the 31st Comptroller of the Currency on November 27, 2017. The Comptroller of the Currency is the administrator of the federal banking system and chief officer of the Office of the Comptroller of the Currency (OCC). The OCC supervises nearly 1,400 national banks, federal savings associations, and federal branches and agencies of foreign banks operating in the United States. The mission of the OCC is to ensure that national banks and federal savings associations operate in a safe and sound manner, provide fair access to financial services, treat customers fairly, and comply with applicable laws and regulations. The Comptroller also serves as a director of the Federal Deposit Insurance Corporation and member of the Financial Stability Oversight Council and the Federal Financial Institutions Examination Council. Prior to becoming Comptroller of the Currency, Mr. Otting was an executive in the banking industry. He served as President of CIT Bank and Co-President of CIT Group. Mr. Otting previously was President, Chief Executive Officer, and a member of the Board of Directors of OneWest Bank, N.A. Prior to joining OneWest Bank, he served as Vice Chairman of U.S. Bancorp, where he managed the Commercial Banking Group and served on the Bancorp’s executive management committee. He also served as a member of U.S. Bank’s main subsidiary banks’ Board of Directors. From 1986 to 2001, Mr. Otting was with Union Bank of California, where he was Executive Vice President and Group Head of Commercial Banking. Before joining Union Bank, he was with Bank of America and held positions in branch management, preferred banking, and commercial lending. Mr. Otting has played significant roles in charitable and community development organizations. He has served as a board member for the California Chamber of Commerce, the Killebrew-Thompson Memorial foundation, the Associated Oregon Industries, the Oregon Business Council, the Portland Business Alliance, the Minnesota Chamber of Commerce, and Blue Cross Blue Shield of Oregon. He was also a member of the Financial Services Roundtable, the Los Angeles Chamber of Commerce, and the Board and Executive Committee of the Los Angeles Economic Development Corporation. Mr. Otting holds a bachelor of arts in management from the University of Northern Iowa and is a graduate of the School of Credit and Financial Management, which was held at Dartmouth College in Hanover, New Hampshire. APPENDICES 147 148 APPENDICES DIVISION OF INSURANCE AND RESEARCH Diane Ellis COMPLEX INSTITUTION SUPERVISION AND RESOULUTION Ricardo (Rick) Delfin OFFICE OF THE OMBUDSMAN M. Anthony Lowe OFFICE OF LEGISLATIVE AFFAIRS Andy Jiminez Saul Schwartz Director Director Director Director Director Director Maureen Sweeney OFFICE OF MINORITY AND WOMEN INCLUSION * Director Amy Thompson Chief Learning Officer Suzannah L. Susser CISO Zachary Brown DIVISION OF RESOLUTIONS AND RECEIVERSHIPS Arthur Murton DEPUTY TO THE CHAIRMAN FOR FINANCIAL STABILITY OFFICE OF COMMUNICATIONS Chad Davis DEPUTY TO THE CHAIRMAN FOR EXTERNAL AFFAIRS CORPORATE UNIVERSITY Bret D. Edwards DIVISION OF FINANCE DIVISION OF ADMINISTRATION Arleas Upton Kea DEPUTY TO THE CHAIRMAN AND CHIEF FINANCIAL OFFICER DEPUTY TO THE CHAIRMAN AND CHIEF OPERATING OFFICER Administrative Law Judges (1) Christopher B. McNeil (2) Jennifer Whang OFFICE OF FINANCIAL INSTITUTION ADJUDICATION ** Travis Hill DEPUTY TO THE CHAIRMAN FOR POLICY CFPB Director Doreen R. Eberley DIVISION OF RISK MANAGEMENT SUPERVISION Board Member Kathleen L. Kraninger Chief Innvovation Officer Vacant FDiTECH Director Mark E. Pearce DIVISION OF DEPOSITOR AND CONSUMER PROTECTION Leonard Chanin DEPUTY TO THE CHAIRMAN FOR CONSUMER PROTECTION AND INNOVATION * OMWI Director reports directly to the Chairman ** ALJs are supported administratively within the Legal Division General Counsel Nicholas Podsiadly LEGAL DIVISION Nicholas Podsiadly GENERAL COUNSEL Brandon Milhorn Board Member OCC Joseph M. Otting DEPUTY TO THE CHAIRMAN AND CHIEF OF STAFF OFFICE OF CHIEF INFORMATION SECURITY OFFICER Sylvia W. Burns CHIEF INFORMATION OFFICER AND CHIEF PRIVACY OFFICER DIVISION OF INFORMATION TECHNOLOGY Jay N. Lerner Inspector General Chairman FDIC BOARD OF DIRECTORS Jelena McWilliams OFFICE OF INSPECTOR GENERAL Board Member FDIC Vice Chairman FDIC Martin J. Gruenberg Vacant FDIC ORGANIZATION CHART/OFFICIALS ANNUAL REPORT 2019 CORPORATE STAFFING STAFFING TRENDS 9,000 6,000 3,000 0 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 8,150 7,973 7,476 7,254 6,631 6,385 6,096 5,880 5,693 5,593 FDIC Year–End On-Board Staffing Notes: 2010-2019 staffing totals reflect year-end full time equivalent staff. APPENDICES 149 ANNUAL REPORT NUMBER OF EMPLOYEES BY DIVISION/OFFICE (YEAR-END)1 Total Division or Office: 2019 Division of Risk Management Supervision Division of Depositor and Consumer Protection Legal Division Division of Administration Division of Resolutions and Receiverships Division of Complex Institution Supervision and Resolution2 Division of Information Technology Corporate University Division of Insurance and Research Division of Finance Executive Support Offices 3 Office of the Chief Information Security Officer Executive Offices4 Office of Inspector General TOTAL Washington 2018 2019 Regional/ 2018 2019 2018 2,318 2,499 174 207 2,145 2,293 794 816 123 122 671 694 440 474 298 314 142 160 353 353 247 246 106 108 323 387 89 119 234 268 243 62 113 49 130 13 237 280 173 216 64 64 217 204 210 197 7 7 204 204 166 168 38 36 156 164 152 160 4 4 110 67 103 60 7 7 41 37 41 37 0 0 30 20 30 20 0 0 128 126 78 80 50 46 5,593 5,693 1,995 1,994 3,598 3,699 1 The FDIC reports staffing totals using a full-time equivalent methodology, which is based on an employee’s scheduled work hours. Division/Office staffing has been rounded to the nearest whole FTE. Totals may not foot due to rounding. 2 In 2019, the Office of Complex Financial Institution merged with parts of Risk Management Supervision and Division of Resolutions and Receivership to create this new Division. 3 Includes the Offices of the Legislative Affairs, Communications, Ombudsman, CIO Management Services, FDI Tech, Financial Adjudication and Minority and Women Inclusion. 4 Includes the Offices of the Chairman, Vice Chairman, Director (Appointive), Chief Operating Officer, Chief Financial Officer, Chief Information Officer, Consumer Protection and Innovation, External Affairs, Policy and Financial Stability. 150 APPENDICES 2019 SOURCES OF INFORMATION FDIC Website Public Information Center www.fdic.gov 3501 Fairfax Drive Room E-1021 Arlington, VA 22226 A wide range of banking, consumer, and financial information is available on the FDIC's website. This includes the FDIC's Electronic Deposit Insurance Estimator (EDIE), which estimates an individual’s deposit insurance coverage; the Institution Directory, which contains financial profiles of FDIC-insured institutions; Community Reinvestment Act evaluations and ratings for institutions supervised by the FDIC; Call Reports, which are bank reports of condition and income; and Money Smart, a training program to help individuals outside the financial mainstream enhance their money management skills and create positive banking relationships. Readers also can access a variety of consumer pamphlets, FDIC press releases, speeches, and other updates on the agency's activities, as well as corporate databases and customized reports of FDIC and banking industry information. FDIC Call Center Phone: 877-275-3342 (877-ASK-FDIC) 703-562-2222 Hearing Impaired: Phone: 877-275-3342 (877-ASK-FDIC), 703-562-2200 Fax: 703-562-2296 FDIC Online Catalog: E-mail: https://catalog.fdic.gov publicinfo@fdic.gov Publications such as FDIC Quarterly and Consumer News and a variety of deposit insurance and consumer pamphlets are available at www.fdic.gov or may be ordered in hard copy through the FDIC online catalog. Other information, press releases, speeches and congressional testimony, directives to financial institutions, policy manuals, and FDIC documents are available on request through the Public Information Center. Hours of operation are 9:00 a.m. to 4:00 p.m., Eastern Time, Monday – Friday. Office of the Ombudsman 800-925-4618 703-562-2289 The FDIC Call Center in Washington, DC, is the primary telephone point of contact for general questions from the banking community, the public, and FDIC employees. The Call Center directly, or with other FDIC subjectmatter experts, responds to questions about deposit insurance and other consumer issues and concerns, as well as questions about FDIC programs and activities. The Call Center also refers callers to other federal and state agencies as needed. Hours of operation are 8:00 a.m. to 8:00 p.m., Eastern Time, Monday – Friday, and 9:00 a.m. to 5:00 p.m., Saturday – Sunday. Recorded information about deposit insurance and other topics is available 24 hours a day at the same telephone number. As a customer service, the FDIC Call Center has many bilingual Spanish agents on staff and has access to a translation service, which is able to assist with over 40 different languages. 3501 Fairfax Drive Room E-2022 Arlington, VA 22226 Phone: 877-275-3342 (877-ASK-FDIC) Fax: 703-562-6057 E-mail: ombudsman@fdic.gov The Office of the Ombudsman (OO) is an independent, neutral, and confidential resource and liaison for the banking industry and the general public. The OO responds to inquiries about the FDIC in a fair, impartial, and timely manner. It researches questions and fields complaints from bankers and bank customers. OO representatives are present at all bank closings to provide accurate information to bank customers, the media, bank employees, and the general public. The OO also recommends ways to improve FDIC operations, regulations, and customer service. APPENDICES 151 ANNUAL REPORT REGIONAL AND AREA OFFICES Atlanta Regional Office Chicago Regional Office Michael J. Dean, Regional Director 10 Tenth Street, NE Suite 800 Atlanta, Georgia 30309 (678) 916-2200 John P. Conneely, Regional Director 300 South Riverside Plaza Suite 1700 Chicago, Illinois 60606 (312) 382-6000 States Represented: Alabama Florida Georgia North Carolina South Carolina Virginia West Virginia States Represented: Illinois Indiana Kentucky Michigan Ohio Wisconsin Dallas Regional Office Memphis Area Office Kristie K. Elmquist, Regional Director 1601 Bryan Street Dallas, Texas 75201 (214) 754-0098 Kristie K. Elmquist, Director 6060 Primacy Parkway Suite 300 Memphis, Tennessee 38119 (901) 685-1603 States Represented: Colorado New Mexico Oklahoma Texas States Represented: Arkansas Louisiana Mississippi Tennessee 152 APPENDICES 2019 Kansas City Regional Office New York Regional Office James D. LaPierre, Regional Director 1100 Walnut Street Suite 2100 Kansas City, Missouri 64106 (816) 234-8000 Frank R. Hughes, Regional Director 350 Fifth Avenue Suite 1200 New York, New York 10118 (917) 320-2500 States Represented: Iowa Kansas Minnesota Missouri Nebraska North Dakota South Dakota States and Territories Represented: Delaware District of Columbia Maryland New Jersey New York Pennsylvania Puerto Rico Virgin Islands Boston Area Office San Francisco Regional Office Frank R. Hughes, Director 15 Braintree Hill Office Park Suite 200 Braintree, Massachusetts 02184 (781) 794-5500 Kathy L. Moe, Regional Director 25 Jessie Street at Ecker Square Suite 2300 San Francisco, California 94105 (415) 546-0160 States Represented: Connecticut Maine Massachusetts New Hampshire Rhode Island Vermont States and Territories Represented: Alaska American Samoa Arizona California Federated States of Micronesia Guam Hawaii Idaho Montana Nevada Oregon Utah Washington Wyoming APPENDICES 153 ANNUAL REPORT C. OFFICE OF INSPECTOR GENERAL’S ASSESSMENT OF THE MANAGEMENT AND PERFORMANCE CHALLENGES FACING THE FDIC Top Management and Performance Challenges Facing the Federal Deposit Insurance Corporation February 2020 Federal Deposit Insurance Corporation Office of Inspector General 154 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) INTRODUCTION Each year, Federal Inspectors General are required to identify and report on the top challenges facing their respective agencies, pursuant to the Reports Consolidation Act of 2000. The Office of Inspector General (OIG) is therefore issuing this report, which identifies the Top Management and Performance Challenges (TMPC) facing the Federal Deposit Insurance Corporation (FDIC). This TMPC report is based upon the OIG’s experience and observations from our oversight work, reports by other oversight bodies, review of academic and other relevant literature, perspectives from Government agencies and officials, and information from private-sector entities. We considered this body of information in light of the current operating environment and circumstances and our independent judgment. The FDIC faces Challenges in the following critical areas, a number of which remain from previous years: Keeping Pace with Emerging Financial Technologies; Enhancing the FDIC’s Information Technology Security Program; Ensuring the FDIC’s Readiness for Crises; Sharing Threat Information with Banks and Examiners; Strengthening the Governance of the FDIC; Overseeing Human Resources; Keeping FDIC Facilities, Information, and Personnel Safe and Secure; Administering the Acquisition Process; and Measuring Costs and Benefits of FDIC Regulations. We believe that the FDIC should focus its attention on these Challenges, and we hope that this document informs policy makers, including the FDIC and Congressional oversight bodies, and the American public about the programs and operations at the FDIC and the Challenges it faces. APPENDICES 155 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) 1|KEEPING PACE WITH EMERGING FINANCIAL TECHNOLOGIES Technology is re-shaping consumers’ interactions with banks, changing the way banks do business, and disrupting the banking industry. Emerging technologies promise potential benefits but also introduce risk. Increased digital interconnections with multiple avenues to access banking systems elevate cybersecurity risk because an incident at one digital juncture has the potential to infect the entire banking system. The FDIC’s challenge is keeping pace with new technology and the associated risks to banks, third-party service providers, and the banking system. The key is for the FDIC to align supervisory guidance, examination procedures, and supervisory strategies with rapidly evolving risks. Use of financial technology is having a significant impact on banks and the banking industry. Global investment in financial technologies was $37.9 billion in the first half of 2019. 1 More than half of all consumers are interacting with banks through digital means. 2 Person-to-person cashless transactions totaled more than $570 billion in 2018. 3 Consumers also prefer connectivity among financial management applications and their bank accounts. 4 The FDIC Chairman has recognized that technology is “not simply transforming how customers access financial services; it is transforming the business of banking both in the way consumers interact with their financial institutions, and the way banks do business.” 5 Banks are incorporating new technologies into bank processes and establishing partnerships with thirdparty financial technology companies. 6 Community banks, in particular, are working closely with technology companies to develop solutions, such as reducing the time for loan underwriting and digital credit applications. 7 Financial technologies offer banks potential benefits but also introduce a range of risks. According to the Financial Stability Oversight Council (FSOC), 8 “[c]yber vulnerabilities in the financial system include vulnerabilities to malware attacks, ransomware attacks, denial of service attacks, data breaches, and other events. Such incidents have the potential to impact tens or even hundreds of millions of Americans and result in financial losses of billions of dollars due to disruption of operations, theft, and recovery costs.” 9 The FDIC Chairman stated that “[c]ybersecurity is the biggest threat facing America’s banks.” 10 The Office of the Comptroller of the Currency (OCC) similarly observed that “[o]perational risk is elevated as banks adapt to a changing and increasingly complex operating environment,” and key drivers are “the need to adapt and evolve current technology systems for ongoing 1 KPMG, The Pulse of Fintech 2019 – Biannual Global Analysis of Investment in Fintech, (July 31, 2019). American Banker, 10 ways technology will change banking in 2019, (January 6, 2019). 3 Forbes, Venmo Versus Zelle: Who’s Winning the P2P Payments War?, (February 11, 2019). 4 American Banker, 10 ways technology will change banking in 2019, (January 6, 2019). 5 Jelena McWilliams, FDIC Chairman, Remarks at the CATO Summit on Financial Regulation, “If You Build It, They Will Come,” (June 12, 2019). 6 American Banker, 10 ways technology will change banking in 2019, (January 6, 2019). 7 Bankrate, Community Banks Step Up Tech to Compete with Big Banks, Benefitting Customers, (May 31, 2019). 8 The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 established FSOC, which has responsibility for identifying risks and responding to emerging threats to financial stability. FSOC brings together the expertise of Federal financial regulators (including the FDIC), an independent insurance expert, and state regulators. 9 FSOC, 2019 Annual Report. 10 CNN Business, Banks could get fined for cyber breaches, top regulator says, (August 1, 2019). 2 156 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) cybersecurity threats.” 11 According to reports from the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), financial institutions reported 3,494 cyberattacks during the first half of 2019. 12 Small banks (less than $1 billion in assets) were the victims of nearly half (47 percent) of bank-related cybercrimes between 2012 and 2017. 13 In the Fall of 2019, the OCC recognized elevated cybersecurity risks as “malicious actors target not only bank staff and processes but also bank customers and third parties.” 14 According to Banking Technology Vision 2019 by the consulting firm Accenture, as interconnectivity among banks, consumers, and third parties grows, “the potential points of weakness and vulnerability also multiply.” 15 Hackers need only a single weakness to exploit and penetrate systems. 16 Banks’ use of advanced technology may also increase the risks of harm to consumers. For example, the OCC noted that banks’ deployment of new technology may result in fair lending issues. 17 When banks use artificial intelligence, they often use algorithm models and rules that rely upon historical data. 18 If model rules are outdated or the data used in the algorithm models are not representative of the current customer population, selection bias may occur. 19 Banks also face competitive risks from technology innovations of non-bank entities. The OCC further noted that “[b]anks face strategic risks from non-depository financial institutions, use of innovative and evolving technology, and progressive data analysis capabilities.” 20 According to the Global Payments Pulse Survey 2019 conducted by Accenture, approximately $280 billion of banks’ global payment revenue is likely to be displaced by non-bank competitors in the next 6 years. 21 Further, according to the Basel Committee on Banking Supervision, “[t]he estimated market capitalization of crypto-assets reached a historical peak exceeding $800 billion in January 2018.” 22 Non-bank entities such as Facebook 23 and Walmart 24 have announced plans to introduce cryptocurrencies. These privately controlled cryptocurrencies fall outside traditional 11 OCC, Semiannual Risk Perspective, (Fall 2019). New York Times, Capital One Breach Shows a Bank Hacker Needs Just One Gap to Wreak Havoc, (July 30, 2019). 13 Forbes, 5 Cybersecurity Myths Banks Should Stop Believing, (April 8, 2019). 14 OCC, Semiannual Risk Perspective, (Fall 2019). 15 Accenture, The Dawn of Banking in the Post-Digital Era – Banking Technology Vision 2019, (May 7, 2019). 16 New York Times, Capital One Breach Shows How a Bank Hacker Needs Just One Gap to Wreak Havoc, (July 30, 2019). 17 OCC, Semiannual Risk Perspective, (Fall 2019). 18 American Banker, Don’t let AI trigger a fair-lending violation, (August 6, 2019). 19 American Banker, Don’t let AI trigger a fair-lending violation, (August 6, 2019). 20 OCC, Semiannual Risk Perspective, (Fall 2019). 21 Accenture, Global Payment Pulse Survey 2019. 22 Basel Committee on Banking Supervision, Discussion Paper: Designing a Prudential Treatment for Crypto-assets, (December 2019). 23 Washington Post, Why governments around the world are afraid of Libra, Facebook’s cryptocurrency, (July 12, 2019). 24 American Banker, Walmart crypto coin patent could be a back door to banking, (August 2, 2019). One bank, JP Morgan Chase, plans to issue its own cryptocurrency called JPM Coin that will be used for international payments for large institutional clients. See CNBC, JP Morgan is tolling out the first US bank-backed cryptocurrency to transform payments business, (February 14, 2019). 12 APPENDICES 157 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) banking systems and may be beyond the reach of the current regulatory structures. 25 In addition, certain banks are also testing the use of blockchain and distributed ledger technologies, as well as digital currencies for cross-border transfers. 26 Modernizing FDIC Guidance and Understanding Risks of Financial Technology FDIC policy makers should understand technology and its impact on the safety and soundness of institutions in order to provide guidance to both bankers and examiners. Keeping policies and guidance in step with technology is a challenge. According to the Department of the Treasury, current financial statutes and regulations may not address new technology and evolving business models. 27 Regulators should create an agile framework that encourages innovation and sound risk management practices. 28 The FDIC Chairman has stated that: In many cases, the cost to innovation is prohibitively high for community banks, which often lack the expertise, information technology, and research and development budgets to independent[ly] develop and deploy their own technology . . . [I]f our regulatory framework does not evolve with technological advances in a manner that enables partnerships between banks and fintechs, such innovation may not occur at community banks. 29 Further, bank examiners need up-to-date examination procedures to effectively assess the risks associated with new financial technologies. The FDIC also faces challenges in issuing timely guidance that is consistent with other Federal banking regulators. 30 The Board of Governors of the Federal Reserve System, the OCC, the Consumer Financial Protection Bureau, and the FDIC share responsibility for Federal banking regulation and supervision. 31 These regulatory agencies work through the Federal Financial 25 Washington Post, Facebook’s Zuckerberg takes broad lashing on Libra, 2020 election and civil rights at congressional hearing, (October 23, 2019). See Commodity Futures Trading Corporation, Backgrounder on Oversight of and Approach to Virtual Currency Futures Markets, (January 4, 2018), “US Law does not provide for direct, comprehensive Federal oversight of underlying Bitcoin or virtual currency spot markets.” US regulation includes (1) the Internal Revenue Service treating virtual currencies as property subject to capital gains tax, (2) the Department of the Treasury Financial Crimes Enforcement Network monitoring virtual currency exchanges as money transmitters for anti-money laundering purposes, and (3) the Securities and Exchange Commission treating virtual currency issuances as securities issuances. 26 CNBC, JP Morgan Is Rolling Out the First US Bank-backed Cryptocurrency to Transform Payments Business, (February 14, 2019). Reuters, Wells Fargo Tests Cryptocurrency for Internal Transactions, (September 17, 2019). 27 Department of the Treasury, A Financial System That Creates Economic Opportunities: Nonbank Financials, Fintech, and Innovation, (July 2018). 28 Jelena McWilliams, FDIC Chairman, Remarks at the Institute of International Bankers’ Annual Washington Conference; Washington, D.C., (March 11, 2019). 29 Statement of Jelena McWilliams, FDIC Chairman, on Oversight of Financial Regulators before the United States Senate Committee on Banking, Housing, and Urban Affairs, (December 5, 2019). 30 American Banker, Regulators Must Issue AI Guidance or FDIC Will: McWilliams, (August 2, 2019); and American Banker, Blockchain crypto tech need clear rules of the road, (August 7, 2019). 31 Jelena McWilliams, FDIC Chairman, "Principles of Supervision and Your Value to our Nation's Banking System," delivered at the Banking Institute sponsored by the University of North Carolina School of Law; Charlotte, North Carolina, (March 21, 2019). 158 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Institutions Examination Council (FFIEC) 32 to promote uniformity in the supervision of financial institutions. FDIC Chairman McWilliams recently noted her concern about the time required for regulators to reach consensus on artificial intelligence guidance and indicated that the FDIC may choose to issue its own guidance if regulators cannot agree on joint guidance. 33 In October 2018, the FDIC announced the development of a new FDIC Tech Lab to centralize the FDIC’s knowledge of technology in order to focus on technologies in the financial services sector, help the FDIC understand how innovation can contribute to the expansion of banking services, and promote the adoption of technology. As of January 2020, the FDIC continued to implement the operational foundation for the Tech Lab, including developing governing policies and procedures and searching for a Chief Innovation Officer to lead this effort. 34 In addition, the FDIC is seeking a range of other technologists—including data scientists, process engineers, software developers, and network security experts—to join the agency. 35 We are monitoring the FDIC’s progress in standing up the Tech Lab. Ensuring Examinations Identify and Mitigate Technology Risks According to the Interagency Guidelines Establishing Information Security Standards, 36 a financial institution is responsible for the cybersecurity of its own information technology (IT) systems. Similarly, responsibility for compliance with consumer protection laws and regulations lies with the financial institution, regardless of whether the institution or a third-party service provider controls the information. 37 The FDIC assesses whether bank management has appropriate controls in place to mitigate cybersecurity risks and enhance consumer protections. According to the OCC, bank examiners note that “the most common specific control deficiencies” at banks relate to: Patch Management, Network Configuration, and Access Management. 38 In addition, banks and service providers report that some of the common attacks against institutions include: Phishing incidents; Compromised credentials; and Automated Teller Machine exploits. Since 2016, the FDIC has used the Information Technology Risk Examination (InTREX) work program to conduct bank IT examinations and assess financial institutions’ management of third-party service providers. The FDIC developed InTREX to enhance IT supervision by providing examiners with risk-focused examination procedures. 39 Examiners use work programs to observe and document processes, and test controls. The FDIC may undertake 32 The FFIEC was established on March 10, 1979, pursuant to title X of the Financial Institutions Regulatory and Interest Rate Control Act of 1978, Public Law 95-630. The Council is an interagency body empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System, the FDIC, the National Credit Union Administration, the OCC, and the Bureau of Consumer Financial Protection and to make recommendations to promote uniformity in the supervision of financial institutions. 33 Regulators Must Issue AI Guidance or FDIC Will: McWilliams, American Banker, (August 2, 2019). There is also a need for regulatory clarity for blockchain and cryptocurrency. See Blockchain crypto tech need clear rules of the road, American Banker, (August 7, 2019) 34 American Banker, FDIC Chairman, Regulators Need New Approach to Innovation, (October 4, 2019). 35 American Banker, FDIC Chairman, Regulators Need New Approach to Innovation, (October 4, 2019). 36 These Interagency Guidelines can be found in the FDIC Rules and Regulations, Part 364, Appendix B. 37 12 C.F.R. Part 364, Appendix B. The FDIC, OCC, and Board of Governors of the Federal Reserve issued the Interagency Guidelines Establishing Information Security Standards. Financial Institution Letter 44-2008, Guidance for Managing Third-Party Risk (June 6, 2008). 38 OCC, Semiannual Risk Perspective, (Fall 2019). 39 Financial Institution Letter 43-2016, Information Technology Risk Examination (InTREX) Program, (June 30, 2016). APPENDICES 159 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) enforcement actions when examiners identify IT risks and weak management practices at the institutions. From 2016 to 2018, the FDIC conducted more than 3,000 IT examinations. Examiners establish the scope of an IT examination consistent with a bank’s IT complexity and risk. For example, the IT examination scope could be larger if new technology has been introduced, a new material third-party technology service provider is added, or bank information security testing identified material deficiencies. Banks have expanded their use of advanced technologies such as person-to-person payments, cloud computing, and blockchain. These developments increased the overall IT risk profile of the banking industry and the complexity of FDIC IT examination work. As a result, the FDIC has devoted an increasing number of examination hours to IT supervision. For example, according to FDIC data for IT examinations completed by the FDIC between January 2017 and August 2018, the average number of hours per examination increased 11 percent. For that same period, the average IT examination hours for FDIC-identified banks with the highest IT risk increased 46 percent. The increase in IT examination hours has led to geographic examiner resource gaps requiring examiners from one region to supplement examiners in another region. For example, the New York Regional Office noted that it has shortages of examiners qualified to complete IT examinations and required the assistance from other Regional Offices. The FDIC has a nationwide IT On-The-Job training program to increase the pool of qualified examiners for intermediate and advanced examinations. We have ongoing work to evaluate the FDIC’s process for allocating examination staff, including examiner IT subject-matter experts, to safety and soundness examinations. Also, we plan to conduct a review of the FDIC’s InTREX examination program. Mitigating Risks Associated With Third-Party Service Providers According to the OCC, “[b]anks increasingly rely on third-party service providers for technology and other solutions to compete in a rapidly evolving financial marketplace.” 40 In addition, “cyber crime and espionage increasingly target third-party service providers because of the potential to access multiple networks from a single point.” 41 For example, in July 2019, an employee of a third-party provider of Capital One exploited a firewall and gained access to sensitive information for approximately 106 million U.S. and Canadian customers. 42 The OCC also noted that banks are relying on the same pool of third-party service providers for critical services such as payments, transaction processing, and maintenance of sensitive information. “[C]onsolidation in the bank technology service provider industry has resulted in fewer entities providing certain critical services.” 43 Thus, if one third-party provider experiences a service disruption, operations at many banks may be affected. The FDIC—through its supervisory examination processes—evaluates banks’ monitoring of the security programs of their third-party providers. Bank management must exercise due diligence before entering into third party relationships. Due diligence includes, for example, 40 OCC, Semiannual Risk Perspective, (Fall 2019). OCC, Semiannual Risk Perspective, (Spring 2019). 42 CyberScoop, Capital One is a cautionary tale for companies rushing to embrace new tech, (July 31, 2019). 43 OCC, Semiannual Risk Perspective, (Fall 2019). 41 160 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) understanding the third-party’s risk and security controls, and ensuring clear lines of responsibility between the third-party and the bank on actions to be taken in the case of an incident. According to Banking Technology Vision 2019 by Accenture, 69 percent of 784 banking and IT executives surveyed did not know about the security at their third-party service providers. 44 We plan to conduct a review to assess whether FDIC examination processes evaluate institutions’ monitoring and management of risks associated with third-party relationships. The FDIC should understand risks associated with emerging technology to provide banks with implementation guidance that balances banking sector safeguards with innovation. The FDIC should also ensure that examinations effectively address technology risks. 2| ENHANCING THE FDIC’S INFORMATION TECHNOLOGY SECURITY PROGRAM The FDIC continues to increase its reliance on IT systems to fulfill its mission. As of June 2018, the FDIC had 338 IT systems that collect, store, or process Personally Identifiable Information (PII) and sensitive information. A total of 174 of the FDIC’s 338 IT systems contained what the Agency has determined to be “sensitive PII.” Further, the FDIC has legacy systems that are becoming difficult and expensive to maintain. The FDIC is in the process of modernizing its technology and must maintain the security of information within its systems as the IT environment evolves. According to the Office of Management and Budget (OMB), the Federal Government is a significant target of cyberattacks, and in Fiscal Year 2018, Federal agencies experienced 31,107 cybersecurity incidents. 45 A recent report issued by the data protection firm, Veritas, stated that “ransomware damage costs will reach $20 billion by 2021.” 46 Nearly 30 percent of Federal agency respondents to the Veritas survey had been directly affected by ransomware attacks in the past 3 years, and 80 percent of Federal respondents believed that ransomware and malware will be as great a concern—if not a greater concern—within the next 12 months. The report further noted that ransomware attacks at Federal agencies present risks to national security, employee productivity loss, prolonged loss of services, and loss of institutional trust. The Director of the Cybersecurity and Infrastructure Security Agency (CISA) 47 at the Department of Homeland Security (DHS) noted that ransomware attacks are “only getting worse.” 48 The actors are shifting their business models and going to more coordinated attacks. Also, in June 2019, a Senate Committee on Homeland Security and Governmental Affairs report 49 found that Federal agencies failed to comply with basic cybersecurity standards, 44 Accenture, Banking Technology Vision 2019, (May 7, 2019). Federal Information Security Modernization Act of 2014 Annual Report to Congress, (August 2019). Veritas, Ransomware Threats Is Your Agency Ready?, (December 2019). 47 On November 16, 2018, the President signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018 (Act). The Act established the Cybersecurity and Infrastructure Security Agency (CISA) within the DHS to, among other things, make the United States cyber and physical infrastructure more secure by sharing information at all levels of Government and the private and non-profit sectors. Cybersecurity and Infrastructure Security Act of th 2017, House Report 115-454, 115 Congress, (December 11, 2017). 48 FedScoop, Survey Indicates Federal Agencies Lack Adequate Planning to Recover from Ransomware Attacks, (December 6, 2019). 49 Federal Cybersecurity: America’s Data At Risk, United States Senate Committee on Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations, (June 2019). The Subcommittee reviewed the 45 46 APPENDICES 161 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) including deficiencies related to: Protecting PII; 50 Maintaining comprehensive and accurate lists of IT assets; Installing required security patches; and Ensuring systems had valid operating authorities. This Senate Report also noted that agencies were at increased risk when they rely on aging systems also called “legacy systems.” 51 These legacy IT systems are difficult to secure and costly to maintain. FDIC IT systems reflect a combination of legacy systems and new technologies. According to the Government Accountability Office (GAO), use of legacy systems increases the cybersecurity risk of those systems. 52 Further, the FDIC’s Chief Information Officer Organization recognized that the “burden of maintaining the legacy environment limits the ability of staff to develop and practice new skills and pursue innovation.” 53 The FDIC relies heavily on IT systems to carry out its responsibilities of insuring deposits, supervising banks, and performing its resolution and receivership activities. The FDIC maintains 338 IT systems that collect, store, or process PII and sensitive information. A total of 174 of the FDIC’s 338 IT systems contain what the agency has determined to be “sensitive PII.” 54 For example, in its capacity as receiver for failed banks, the FDIC collects and maintains a significant volume of PII such as names, home addresses, SSNs, dates and places of birth, bank account numbers, and credit card information. The FDIC also maintains business proprietary information that is sensitive, including banks’ information relating to internal operations regarding counterparties, vendors, suppliers, and contractors. In December 2019, the FDIC Chairman announced the departure of the Chief Information Officer (CIO) who led the FDIC’s IT strategic planning and modernization efforts. On January 16, 2020 the Chairman named the Deputy CIO as the new CIO to continue leadership of the implementation of the FDIC’s IT Modernization Plan. The appointment of the new CIO marks the FDIC’s eighth CIO or Acting CIO in the last decade. These senior management changes impact the direction of an organization because turnover affects management strategy, planning, budgets, and staffing. As noted by the GAO, a high turnover rate in CIOs negatively Department of Homeland Security, the Department of State, the Department of Transportation, the Department of Housing and Urban Development, the Department of Agriculture, the Department of Health and Human Services, the Department of Education, and the Social Security Administration. 50 PII is any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, Social Security Number (SSN), date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. 51 U.S. Government Accountability Office, Information Technology: Agencies Need to Develop Modernization Plans for Critical Legacy Systems, GAO-19-471, (June 2019). 52 U.S. Government Accountability Office, Information Technology: Agencies Need to Develop Modernization Plans for Critical Legacy Systems, GAO-19-471, (June 2019). 53 FDIC Chief Information Officer Organization, FDIC IT Modernization Plan 2020-2024. 54 According to FDIC Circular 1360.9, Protecting Sensitive Information, (October 2015), sensitive PII is a subset of PII that presents the highest risk of being misused for identity theft or fraud. Sensitive PII may be comprised of a single item of information, such as an SSN, or a combination of two or more items, such as full name along with financial, medical, criminal, or employment information. 162 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) impacts their effectiveness because there is limited time to put their agenda in place or form close working relationships with agency leadership. 55 Maturing the FDIC’s IT Security Program and Practices In our annual audit report, The FDIC’s Information Security Program—2019 (October 2019) (FISMA Report) and other OIG reports, we identified weaknesses that limited the effectiveness of the FDIC’s information security program and practices and placed the confidentiality, integrity, and availability of the FDIC’s information systems and data at risk. In particular, we identified the following weaknesses and deficiencies that pose the highest risks to FDIC IT systems: Network Firewalls. According to the National Institute of Standards and Technology (NIST) guidance, firewalls are essential devices or programs that help organizations protect their networks and information systems from hostile attacks, break-ins, and malicious software. 56 The FDIC deploys firewalls at both the perimeter and interior of its network. These firewalls control the flow of inbound traffic from the internet through the use of “ingress” rules that inspect traffic and permit or deny requests for access to FDIC systems. The firewalls also control the type of traffic allowed to flow out of the network using “egress” rules. Therefore, the FDIC’s firewalls are only as effective as the rules that the FDIC defines for them. In our audit report, Preventing and Detecting Cyber Threats (May 2019), we identified weaknesses in the effectiveness of both FDIC firewalls and the Security Information and Event Management tool that works in concert with firewalls to analyze network activity and detect cyber threats. The FDIC had inadequate firewall policies and procedures that led to firewall rules lacking documented justification, unnecessary firewall rules, and an ineffective process to periodically review firewall rules. Unnecessary firewall rules pose a security risk. The FDIC undertook significant steps to address these network firewall weaknesses. However, the FDIC had not yet completed actions to document all existing network firewall rules with an approval and mission/business need, including the duration of that need, or implemented a firewall policy consistent with NIST guidance. Privileged Account Management. The FDIC assigns certain network users “administrative accounts” that have privileged access to systems and network IT resources to perform maintenance and IT troubleshooting activities. The FDIC must carefully control and monitor administrative accounts because hackers and other adversaries often target them to perform malicious activity, such as exfiltrating sensitive information. In our audit report, Preventing and Detecting Cyber Threats, we found that the FDIC did not always require administrators to uniquely identify and authenticate when they accessed network firewalls. These vulnerabilities exposed the network firewalls to increased risk of unauthorized access or malicious activity. The FDIC corrected these vulnerabilities. Security Control Assessments. Agencies are required to test and evaluate information security controls periodically in order to ensure that they are effective. The 55 U.S. Government Accountability Office, Federal Chief Information Officers: Responsibilities, Reporting Relationships, Tenure, and Challenges, GAO-04-823, (July 2004). 56 NIST SP 800-41, Guidelines on Firewalls and Firewall Policy, (September 2009). APPENDICES 163 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) FDIC assessed its security controls following a risk-based schedule. However, in our audit, Security Configuration Management of the Windows Server Operating System (January 2019), we found instances in which security control assessors did not test the implementation of security controls, when warranted. Instead, assessors relied on narrative descriptions of controls in FDIC policies, procedures, and system security plans and/or interviews of FDIC or contractor personnel. Without testing, assessors did not have a basis for concluding on the effectiveness of security controls. We made eight recommendations, one of which remains unimplemented at the time of this report. Security and Privacy Awareness Training. FDIC policy requires employees and contractor personnel with network access to complete security and privacy awareness training within one week of employment, and annually thereafter. FDIC policy states that users who fail to comply with this requirement must have their network access revoked. We identified 29 network users who did not satisfy the FDIC’s awareness training requirement but still had access to the network. We found that the FDIC was not aware of the 29 users, among approximately 7,000 network users, because the system used to monitor training compliance did not track all users required to take the annual security and privacy awareness training. The FDIC must continue to modernize its IT systems and mature security controls to minimize risks of cyber incidents. Information security should remain a critical element of the FDIC’s plan to modernize its IT systems. 3| ENSURING THE FDIC’S READINESS FOR CRISES Banks face numerous significant risks that could affect the stability of the financial system, as well as the safety and soundness of institutions. Central to the FDIC’s mission is readiness to address crises impacting the banking system and mitigation of risk through supervision. The FDIC identified two important lessons learned following the recent financial crisis: (i) the importance of crisis readiness planning; and (ii) quickly addressing emerging supervisory risks. Crisis readiness best practices identify the principles and elements of effective preparedness that collectively provide a framework for crisis planning efforts. Adopting such a framework strengthens the FDIC’s ability to respond to a crisis in a timely and effective manner. The World Economic Forum identified five categories of risk to the world economy that also impact the banking sector: (1) Technological risks, such as widespread economic disruption, failure of the internet or satellites, or large-scale data fraud or theft; (2) Economic risks, such as unsustainable prices for housing or commodities that result in sudden price drops; (3) Environmental risks, such as extreme weather events, natural disasters, or man-made disasters; (4) Geopolitical events, such as terrorist attacks or weapons of mass destruction; and (5) Societal risks, such as infectious disease pandemics. 57 The FDIC plays an important role in supervising and regulating banks that may be affected by these risks. The FDIC helps to stabilize financial markets through its examination of banks, provision of deposit insurance, and resolution of failed banks. When the FDIC acts as the receiver of a failed institution, the FDIC assumes responsibility for recovering funds through the disposition of a bank’s assets. 58 The FDIC Chairman noted that during its 85-year history, the 57 58 164 th The World Economic Forum, The Global Risks Report 2018, 13 Edition. FDIC 2018-2023 Strategic Plan, Receivership Management Program. APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) FDIC “has resolved more than 2,700 institutions with assets of more than $1 trillion and almost $800 billion in deposits.” 59 Planning for Crises and Resolution of Failed Banks When early mitigation fails or events overtake mitigation efforts, the FDIC should be prepared to address bank failures. In 2017, the FDIC published a study of the Agency’s response to the financial crisis in 2008-2013. The FDIC study, Crisis and Response: An FDIC History, 20082013 (Crisis and Response Report), concluded that the financial crisis presented the FDIC with unprecedented challenges and demanded creative and innovative responses from the FDIC and other financial regulatory agencies. In addition, the crisis stretched the limits of the FDIC’s capacity to supervise problem institutions, manage the Deposit Insurance Fund, and implement orderly resolutions for failed financial institutions. The Crisis and Response Report concluded that “[i]n hindsight, it might have been more effective if the FDIC, as part of its readiness planning, had built a larger and more agile infrastructure—including staff, contracts, and [information technology] systems—during the lull between the end of the previous crisis and the start of this new one.” The Figure 1: OIG Compilation of Crisis Readiness Framework Crisis and Response Report indicated that, as a result, one of the most important lessons learned from the prior financial crisis was that “readiness planning is essential.”60 Crisis readiness best practices 61 identify seven elements of a readiness planning framework, as depicted in Figure 1. A crisis readiness framework identifies the principles and elements of Source: FDIC OIG. effective preparedness and promotes a shared understanding and a common, integrated perspective of readiness across all mission areas. 62 Specifically, the seven elements of a readiness framework that agencies such as the FDIC should have include: Policy and Procedures – Agencies should have a policy with defined readiness authorities, roles, and responsibilities, including a committee responsible for overseeing 59 Jelena McWilliams, FDIC Chairman, Keynote Remarks delivered at the 2018 Annual Conference of The Clearing House and Bank Policy Institute, (November 28, 2018). 60 The Crisis and Response Report indicated that, as part of maintaining readiness in a stable environment, the FDIC could explore how other agencies with highly variable resource demands address their resource challenges. The report cited FEMA as an example, noting the agency has developed readiness capabilities despite the unpredictable need for disaster relief. 61 OIG-identified best practices included the Department of Homeland Security, National Preparedness Guidelines (September 2007); Federal Emergency Management Agency (FEMA), FEMA Operational Planning Manual (FEMAP-1017) (June 2014); and the Organization for Economic Co-operation and Development, Strategic Crisis Management (December 2012). 62 FEMA, National Disaster Recovery Framework website summary page https://www.fema.gov/national-disasterrecovery-framework (October 2018). APPENDICES 165 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) readiness activities. This policy helps ensure that personnel understand and implement management directives for readiness. Agencies should also have procedures for a consistent crisis readiness planning process. Plans – Agencies should have an agency-wide all-hazards readiness plan as well as plans for specific hazards as needed based on risk. These plans improve the efficiency of the readiness planning process and provide management and personnel with a comprehensive understanding of readiness planning activities across an organization. Training – Agencies’ plans should incorporate training requirements to ensure that personnel understand the content of crisis readiness plans, including the task-related responsibilities for executing the plans. Exercises – Agencies should regularly test readiness plans, document the results of all readiness plan exercises, and consistently incorporate such exercise requirements within its plans. Lessons Learned – Agencies should have a process to monitor the implementation of lessons learned and related recommendations from readiness plan training, exercises and execution during a crisis. Maintenance – Agencies should regularly review and update their readiness plans and incorporate such maintenance requirements within their plans. Assessment and Reporting – Agencies should regularly assess and report on Agency-wide progress on crisis readiness plans and activities to key decision makers within an organization. We have work ongoing to assess the FDIC’s crisis readiness planning efforts in the context of this framework. Promptly Identifying and Mitigating Banking Risks An important step in avoiding crises is early risk identification and mitigation. In its review of the financial crisis, the Financial Crisis Inquiry Commission stated that “[i]n case after case after case, regulators continued to rate the institutions they oversaw as safe and sound even in the face of mounting troubles, often downgrading them just before their collapse.” 63 The FDIC adopted a Forward-Looking Supervision initiative to identify and mitigate risk before it impacts the financial condition of an institution. In our evaluation report, Forward-Looking Supervision 64 (August 2018) we found that for 41 examination reports sampled, examiners identified overall safety and soundness risk; however, only 27 percent of reports sampled (11 of 41) elevated concerns to the financial institution’s board of directors. Based on the financial institutions’ risk, we believe that a greater number of these concerns warranted board attention. Elevating concerns and recommendations provides greater visibility and awareness to the financial institution’s board of directors and senior management. 63 Financial Crisis Inquiry Commission, Final Report of the National Commission on the Causes of the Financial and Economic Crisis in the United States (January 21, 2011). Congress established the Financial Crisis Inquiry Commission as part of the Fraud Enforcement and Recovery Act (Public Law 111-21) to examine the causes of the financial crisis. 64 Forward-Looking Supervision, EVAL-18-004, (August 2018). 166 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) An institution’s financial condition may also change between examination intervals, making the most recent examination rating outdated or inaccurate. The FDIC’s Offsite Review Program (ORP) is designed for the early identification of emerging supervisory concerns and potential problems so that supervisory strategies can be adjusted quickly. The ORP includes models and other methodologies that review quarterly bank information 65 and produce the Offsite Review List (ORL) of institutions with potential emerging supervisory concerns. FDIC Regional Offices may add institutions that are not initially identified on the ORL based on Region-specific concerns. The ORP also includes a Supplemental Review List for new or emerging risks to be included in the quarterly offsite process. In our evaluation report, Offsite Reviews of 1- and 2-Rated Institutions (December 2019), we found that the ORP identified emerging issues concerning financial institutions’ rapid growth, use of noncore funding, and deteriorating financial trends, but the FDIC should evaluate additional methods and new technologies to identify financial institutions with other types of emerging supervisory concerns. For example, the FDIC should assess whether innovative technologies would provide predictive information on other types of emerging supervisory concerns, such as those related to banks’ internal controls, credit administration, and management practices. We recommended that the FDIC evaluate the feasibility of using new technologies to identify institutions with emerging supervisory concerns. The health of banks and the banking system depends upon the FDIC’s and other regulators’ early identification and mitigation of safety and soundness risk and the FDIC’s ability to respond to banking crises. Establishing a robust readiness framework ensures the FDIC has the organizational processes, individuals, resources, and integration necessary to respond to a crisis. 4|SHARING THREAT INFORMATION WITH BANKS AND EXAMINERS Federal Government agencies gather a substantial volume of information related to the safety and soundness of financial institutions in the United States, and thus, relevant to FDIC supervisory activities. For example, Government agencies collect information about cyber threats, money laundering, and illicit financing activity. Bankers need to receive actionable information in order to respond to threats in a timely manner. FDIC examiners responsible for supervised institutions should be aware of threats directed toward those institutions to understand their impact and make necessary supervisory adjustments. Further, examiners should understand the nature of threats to evaluate potential gaps and determine the depth and scope of an examination. FDIC policy makers should be aware of emerging threats to ensure that relevant threat information is disseminated to banks and examiners; in addition, policy makers can adjust examination policy and procedures and assess the need for supplementing or modifying the regulatory scheme. On April 30, 2019, the CISA identified consumer and commercial banking, and funding and liquidity services as National Critical Functions which are “so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” 66 The CISA 65 Banks reviewed through the ORP include FDIC-supervised institutions and institutions supervised by the Federal Reserve Board or the Office of the Comptroller of the Currency. 66 DHS Cybersecurity and Infrastructure Security Agency, National Critical Functions – An Evolved Lens for Critical Infrastructure and Security Resilience, (April 30, 2019). APPENDICES 167 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) further stated that a key focus to support these National Critical Functions is collecting and sharing threat information about natural occurrences or man-made actions that represent “the potential to harm life, information, operations, the environment, and/or property.” 67 Similarly, the FSOC noted, in its 2019 Annual Report, the critical importance to the financial sector of sharing timely and actionable threat information with Federal Government agencies and the private sector. The FSOC stated that Federal agencies should “carefully consider how to appropriately share information and, where possible, continue efforts to declassify (or downgrade classification) to the extent practicable, consistent with national security imperatives.” 68 FinCEN also stressed the importance of providing the financial sector with information about illicit activity to help sector participants identify and report such activities to law enforcement. 69 This information is especially important to identify illicit actors who use virtual currency to facilitate criminal activity, such as human or drug trafficking, child exploitation, fraud, terrorist financing, or to support rogue regimes and facilitate sanctions evasion. As shown in Figure 2, the GAO identified multiple sources of threat information. Figure 2: Sources of Threat Information for Financial Institutions. 67 Department of Homeland Security, DHS Risk Lexicon, (September 2008). FSOC 2019 Annual Report. 69 Financial Crimes Enforcement Network, Advisory on Illicit Activity Involving Convertible Virtual Currency, (May 9, 2019). 68 168 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Disseminating Threat Information to Banks The OCC noted that “[t]he potential for operational disruptions underscores the need for effective controls and operational resilience to help ensure the ongoing delivery of financial products and services in a safe and sound manner.” 70 The FFIEC provides instructions to examiners on how to examine financial institutions’ business continuity plans. These instructions note that threats should be analyzed “based upon the impact to the institution, its customers, and the financial market it serves.” 71 The FFIEC notes that financial institutions should have “a means to collect data on potential threats that can assist management in its identification of information security risks.” The FDIC is responsible for evaluating bank management’s processes to receive and assess threat information, and to act on such information in order to mitigate risks. The Cybersecurity Information Sharing Act (2015) required the Director of National Intelligence (DNI) and other agency heads to develop and issue procedures to facilitate and promote the sharing of cyber threat indicators and defensive measures. In February 2016, the DNI issued a report entitled Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government under the Cybersecurity Information Sharing Act of 2015 (Threat Sharing Procedures), which outlined the procedures for Federal agencies to share cybersecurity information with non-Federal entities such as financial institutions. 72 The Threat Sharing Procedures promote sharing unclassified and classified information, and best practices related to cyber security. According to the Threat Sharing Procedures, Federal Government agencies are to make every reasonable effort to share unclassified reports of cyber threats on a timely basis. The sharing of classified threat information is dependent on the recipient’s security clearance level and must protect sources, methods, operations, and investigations. The Threat Sharing Procedures encourage Federal agencies to “downgrade, declassify, sanitize or make use of tearlines to ensure dissemination of threat information to the maximum extent possible.” 73 Federal agencies may use Information Sharing and Analysis Centers (ISAC) to provide threat information to other government agencies or non-Federal entities. 74 The goal of ISACs is to provide members with accurate, actionable, and relevant information, and they are organized to share sector-specific threat and vulnerability information with members. The Financial Services Information Sharing and Analysis Center (FS-ISAC) was established to serve financial institutions. FS-ISAC has 7,000 members and its purpose is to share timely, relevant, and actionable security threat information. Federal financial-sector regulators encourage financial institutions to gain access to threat information through FS-ISAC membership. 75 Regulators also suggest that banks use other available resources from the Federal Bureau of Investigation, Department of Homeland Security, and U.S. Secret Service in 70 OCC, Semiannual Risk Perspective, (Fall 2019). FFIEC, Business Continuity Planning Booklet, Risk Assessment, (Available on the FFIEC website). 72 The Office of the Director of National Intelligence, The Department of Homeland Security, The Department of Defense, and The Department of Justice, Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government under the Cybersecurity Information Sharing Act of 2015, (February 16, 2016). 73 The Office of the Director of National Intelligence, The Department of Homeland Security, The Department of Defense, and The Department of Justice, Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government under the Cybersecurity Information Sharing Act of 2015, (February 16, 2016). 74 Presidential Policy Directive 63, Critical Infrastructure Protection, (May 22, 1998). 75 FFIEC, Cybersecurity and Threat and Vulnerability Monitoring and Sharing Statement, (November 3, 2014). 71 APPENDICES 169 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) order to identify and respond to cyber attacks. Bank “management is expected to monitor and maintain sufficient awareness of cybersecurity threats and vulnerability information so they may evaluate risk and respond accordingly.” 76 As part of the FDIC’s supervisory process, examiners evaluate banks’ processes for obtaining and assessing threat information. Examiners may face challenges in assessing the effectiveness of banks’ threat identification and mitigation processes when banks are not receiving threat information through FS-ISAC membership. Disseminating Threat Information to FDIC Policy Makers and Examiners FDIC policy makers should be aware of threats to ensure relevant threat information is provided to banks and examiners. Further, policy makers may need to adjust examination policy and procedures to address emerging threat issues and assess the need for additional regulation. FDIC examiners should be aware of threats directed toward those institutions to understand their impact and make necessary supervisory adjustments. Understanding the nature of threats to all banks provides context for examiners to evaluate potential gaps in an institution’s processes for threat information gathering and continuity planning. Further, threat information can assist examiners in prioritizing and focusing their work on emerging issues, and modifying the depth or scope of an examination. According to best practices, 77 recipients of threat information should have the following processes in place to assess the significance of the information and ensure that actionable information is disseminated to relevant parties: Acquiring Threat information. Threat information may be obtained from a variety of sources and methods, including information from open sources, confidential sources, law enforcement, intelligence, public and private entities, as well as investigations, assessments, and intelligence collection. Analyzing Threat Information. The significance of the threat must be assessed in the context of other threats and relevant information. Disseminating and Using Actionable Threat Information. This step includes distribution with a focus on timely delivery of relevant actionable threat information to the appropriate people. Further, information must be “marked” to ensure proper safeguarding and access restrictions. Providing Feedback on Threat information. Establishing processes for lessons learned improves the relevance, usefulness, and format of threat information. The FDIC has access to threat information held by various Government agencies, and should have formal processes to address the four steps, referenced above, for threat information assessment and sharing. Without formal processes, the FDIC leaves the collection of information, analysis, dissemination, and feedback to staff discretion, which may lead to inconsistencies, uncertainty, and a lack of uniformity in sharing threat information. 76 FFIEC, Cybersecurity and Threat and Vulnerability Monitoring and Sharing Statement, (November 3, 2014). OIG compilation based on a combination of DHS, Critical Infrastructure Threat Information Sharing Framework, A Reference Guide for the Critical Infrastructure Community, (October 2016); and SANS Institute, Cyber Threat intelligence Support to Incident Handling, (November 2017). 77 170 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) The FDIC is also challenged to set up the infrastructure needed to execute threat assessment and sharing processes. FDIC Headquarters staff has access to significant amounts of threat information held by the U.S. Government, and much of the information is confidential and highly sensitive. Given the volume of information, the FDIC faces challenges in having the appropriate number of personnel with the requisite security clearance levels to analyze, distill, and convey relevant and actionable threat information. The FDIC is also challenged to convey classified information to policy makers and examiners. In order to access, store, and handle classified information, FDIC policy makers and examiners must have relevant security clearances and secure facilities—or alternatively, the FDIC must have processes in place to declassify information in a timely manner. We have ongoing work to evaluate the effectiveness of the FDIC’s procedures for the collection and dissemination of threat information. Timely and actionable threat information allows bank management to thwart threats and the FDIC to quickly adjust supervisory strategies. Understanding the emerging threat landscape across all banks provides examiners with context to review a bank’s processes to defend against threats and provides perspective to adjust examination policies and procedures. Absent information sharing, bank management, policy makers, and examiners may be unaware of threats that could affect the safety and soundness of financial institutions. 5| STRENGTHENING THE GOVERNANCE OF THE FDIC Effective governance is critical to ensure proper oversight of the FDIC. The Federal Deposit Insurance Act vests the management of the FDIC to its Board of Directors (FDIC Board). The FDIC Board has operated without a full membership since 2015. The FDIC Board delegates authority to FDIC senior leaders to fulfill the Agency’s mission, including implementation of its Enterprise Risk Management (ERM) program. The FDIC should ensure that it is identifying and managing risks, and making data-driven acquisition decisions. According to Principles of Corporate Governance issued by the Organization for Economic Cooperation and Development (OECD Governance Principles), “[t]he purpose of corporate governance is to help build an environment of trust, transparency and accountability necessary for fostering long-term investment, financial stability, and business integrity, thereby supporting stronger growth, and more inclusive societies.” 78 As explained in the OECD Governance Principles, a governance framework should ensure strategic guidance, effective monitoring of management by the board, and the board’s accountability to stakeholders. One area of importance for boards is oversight of the organization’s ERM. Such oversight includes accountability and responsibilities for managing risks, specifying the types and degree of risk that an organization is willing to tolerate, and the management of risks through operations and relationships. ERM is a governance issue that falls within the oversight responsibility of boards of directors. 79 78 OECD, G20/OECD Principles of Corporate Governance, (2015). The Principles are presented in six different chapters. This document references two chapters: (1) Ensuring the basis for an effective corporate governance framework and (2) The responsibilities of the Board. 79 Harvard Law School Forum on Corporate Governance and Financial Regulation, Risk Management and the Board of Directors, (March 20, 2018). APPENDICES 171 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) The Federal Deposit Insurance Act 80 vests management of the FDIC in the FDIC Board. The FDIC Board consists of five members, all of whom are appointed by the President and confirmed by the Senate: the Comptroller of the Currency; the Director of the Consumer Financial Protection Bureau; and three “Appointive Directors,” including a Chairman and Vice Chairman. 81 No more than three members of the Board may be from the same political party, and one member “shall have State bank supervisory experience.” 82 Although the FDIC Board may delegate certain powers to officers of the FDIC, the FDIC Board members should exercise oversight, remain informed about FDIC activities, and review financial statements. 83 Maturing Enterprise Risk Management According to OMB Circular Number A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control, 84 Federal agencies face internal and external risks to achieving their missions, including “economic, operational, and organizational change factors.” 85 The OMB requires that Federal agencies implement ERM to assist agencies in identifying, assessing, and mitigating internal and external risks. The OMB defines ERM as “an effective Agency-wide approach to addressing the full spectrum of the organization’s external and internal risks by understanding the combined impact of risks as an interrelated portfolio, rather than addressing risks only within silos.” 86 The components of ERM include a risk governance structure; a methodology for developing an agency’s risk profile; and a process, guided by an organizations senior leadership, to consider risk appetite and risk tolerance levels that serve as a guide for the agency to establish strategy and select objectives. In June 2010, the FDIC hired a consulting firm to address five key issues regarding its ERM program. In response to the firm’s recommendations, the then-FDIC Chairman appointed a Risk Steering Committee to evaluate alternatives and recommend an organizational structure for risk management. The Risk Steering Committee recommended to the FDIC Board the establishment of an Office of Corporate Risk Management (OCRM), headed by a Chief Risk Officer (CRO), with total staffing of 16. The Board approved the recommended changes, which were intended to provide an office to review internal and external risks with a system-wide perspective; facilitate sharing of information regarding existing, emerging, and potential risks; and instill risk governance as part of the FDIC’s culture. From 2011 to 2016, the ERM program was headed by a CRO who reported directly to the thenChairman. In May 2016, the CRO retired, and only five ERM program staff remained at the 80 12 U.S.C. § 1812(a)(1) (2019). 12 U.S.C. § 1812(a)(1) (2019); FDIC, Bylaws of the FDIC, (2018). Technically designated the Chairperson and Vice Chairperson in the statute and bylaws, it is longstanding FDIC practice to refer to the positions as Chairman and Vice Chairman. 82 12 U.S.C. § 1812(a)(1) (2019). 83 Bylaws of the Federal Deposit Insurance Corporation, Adopted by the Board of Directors, (September 17, 2019); Wyoming Law Review, Director Oversight and Monitoring: The Standard of Care and the Standard of Liability PostEnron, (2006). 84 OMB Circular No. A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control, (July 15, 2016). 85 OMB Circular No. A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control, (July 15, 2016). 86 OMB Circular No. A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control, (July 15, 2016). 81 172 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) time. In June 2017, the FDIC reorganized the ERM program by placing the positon of CRO under the Division of Finance as a Deputy Director, eliminating OCRM and moving the ERM function to a newly constituted Risk Management and Internal Controls Branch. In October 2018, the FDIC revised its Enterprise Risk Management and Internal Control Policy (FDIC ERM Directive), which includes the ERM principles of OMB Circular Number A-123. 87 The FDIC ERM Directive vests the FDIC’s Operating Committee with oversight of the ERM program, including “establishment of the agency’s risk profile, regular assessment of risk, and development of appropriate risk response.” 88 The Operating Committee includes senior-level officials, but it is not a decision-making body. The FDIC ERM Directive instructs the CRO to work in partnership with FDIC Division and Office leaders to ensure enterprise-wide coordination, training, policy, and maintenance of ERM components (risk inventory, risk profile, and risk appetite statements). The FDIC ERM Directive states that implementation of ERM should facilitate efforts of the FDIC Board to identify, assess, and address risks. However, the FDIC ERM Directive does not envision an oversight role for the FDIC Board, nor does it describe regular reporting requirements or communications for the FDIC Board. In our recent audit, The FDIC’s Information Security Program–2019 (October 2019), we found that the ERM program developed a risk appetite statement establishing the amount of risk the FDIC is willing to accept in pursuit of its mission. However, as of the time of our report, the FDIC had not yet completed an inventory of risks facing the FDIC, or a risk profile to help manage and prioritize risk mitigation activities. Subsequent to our report, the FDIC completed a risk inventory and risk profile. FDIC management is in the process of integrating its ERM program into the FDIC’s budget, strategic planning, performance reporting, and internal control processes. We have ongoing work evaluating the FDIC’s ERM program to assess the extent to which the FDIC has implemented an effective ERM program consistent with guidance and best practices. Operating Without a Full FDIC Board The FDIC Board has been operating with four members since 2015. The Vice Chairman position on the FDIC Board of Directors has been vacant since April 30, 2018. 89 In addition, the FDIC has not had an independent Board member with “State bank supervisory experience” since 2012. 90 Nearly 80 percent of banks in the United States (approximately 4,400 institutions) are chartered by states, and the FDIC has authority to examine and supervise state-chartered banks that are not part of the Federal Reserve System. On January 30, 2019, a bipartisan group of fifteen Members of the House of Representatives submitted a letter to the White House expressing concern that no current sitting FDIC Board 87 FDIC Directive 4010.3, Enterprise Risk Management and Internal Control Program (2018). The FDIC is not required to follow OMB Circular No. A-123. 88 FDIC Directive 4010.3, Enterprise Risk Management and Internal Control Program (2018). 89 American Banker, Pressure Grows on Administration to Fill Fed, FDIC Seats, (November 3, 2019). 90 Former Comptroller of the Currency Thomas Curry, who served on the FDIC Board until May 2017, was formerly the Massachusetts Banking Commissioner, but did not meet the statutory requirement for an independent Board member with supervisory experience. See American Banker, FDIC Needs a State Regulator on Its Board, (August 17, 2018). APPENDICES 173 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) member satisfies the state banking supervisory experience requirement. 91 The Congressional Members noted in the letter that state bank supervisory experience is important because both state and FDIC regulators share concurrent responsibility for the safety and soundness of certain state-chartered banks. Most state banking agencies participate in an examination program under which certain examinations are performed on an alternating basis by the state agency and the FDIC. The Members of Congress stated they believe that “having an FDIC Board member with state bank experience is an important part of that coordination.” Overseeing Investment Decisions In order to properly oversee investment decisions at the FDIC, the FDIC Board and senior managers should have quality data and processes. The FDIC awarded 2,400 contracts valued at more than $1.5 billion over a 3-year period from 2016 to 2018. In our evaluation report, Contract Oversight Management (October 2019), we found that the FDIC was overseeing acquisitions on a contract-by-contract basis rather than on a portfolio basis and did not have an effective contracting management information system to readily gather, analyze, and report portfolio-wide contract information across the Agency. In addition, we found that the FDIC’s contracting system did not maintain certain key data in a manner necessary to conduct historical trend analyses, plan for future acquisition decisions, and assess risk in the FDIC’s awarded contract portfolio. As a result, FDIC Board members or other senior management officials were not provided with a portfolio-wide view or the ability to analyze historical contracting trends across the portfolio, identify anomalies, and perform ad hoc analyses to identify risk or plan for future acquisitions. In our audit report, The FDIC’s Governance of Information Technology Initiatives, (July 2018), we found that the FDIC faced a number of challenges and risks related to the governance of its IT initiatives. For example, the FDIC did not fully develop a strategy to move IT services and applications to the cloud or obtain the acceptance of key FDIC stakeholders before taking steps to initiate cloud migration projects. The FDIC also had not implemented an effective Enterprise Architecture to guide the three IT initiatives we reviewed or the FDIC’s broader transition of IT services to the cloud. The FDIC has taken action to address six of our eight recommendations and continues to work towards implementing the remaining two recommendations relating to: (1) revising IT Governance Processes into FDIC policies and procedures; and (2) identifying and documenting IT resources and expertise needed to execute the FDIC’s IT Strategic Plan. The FDIC Board’s oversight of FDIC senior management is a critical component to promptly identifying, assessing, and responding to risks to the FDIC, and overseeing contracting activities and IT investment decisions. 91 The letter is available here. Congressman Barry Loudermilk, Congressman Denny Heck, Congressman Peter King, Congressman Jim Hines, Congressman Frank Lucas, Congressman Scott Tipton, Congressman Tom Emmer, Congressman Steve Stivers, Congressman Lee Zeldin, Congressman Alex Mooney, Congressman Ted Budd, Congressman David Kustoff, Congressman Trey Hollingsworth, Congressman John Rose, and Congressman Denver Lee Riggleman III. 174 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) 6|OVERSEEING HUMAN RESOURCES The FDIC relies on the talents and skills of its employees to accomplish its mission. Within the next few years, the FDIC will need to navigate a potential wave of retirements, reverse attrition trends among its core examination workforce, and hire staff with skills to match technology innovation. Effective management of these challenges limits the impact of leadership and skill gaps, and the loss of institutional experience and knowledge due to retirements. The FDIC should position itself to recruit, retain, and develop future talent. In March 2019, the GAO recognized strategic human capital management as a continuing Government-wide area of high risk. 92 The GAO noted that 31.6 percent of the permanent Federal workforce on board as of September 30, 2017 would be eligible to retire within the next 5 years. 93 The GAO identified the need for Federal agencies to measure and address existing mission-critical skill gaps, and to use workforce analytics to predict and mitigate future gaps. 94 The GAO also identified five trends affecting the future Government workforce: (1) Technological advances that will change the way work is performed; (2) Increased reliance on contractors to achieve policy goals that will require new skills and competencies; (3) Fiscal constraints that will require agencies to review how they conduct business; (4) Evolving mission requirements that will require agencies to adapt their work and workforce; and (5) Changing demographics and shifting attitudes towards work. 95 Without careful attention to strategic and workforce planning and other approaches to managing and engaging personnel, reduced investments in human capital may have lasting effects on the capacity of an agency’s workforce to meet its mission. 96 Forty-two percent of current FDIC employees (on board as of July 31, 2019) are eligible to retire within the next 5 years. These retirement figures include retirement eligibility of 60 percent for FDIC Executives and 58 percent for its Managers. Although historical FDIC projections show that employees may not retire on their eligibility date, this wave of potential retirements could deplete the FDIC’s institutional experience and knowledge, especially during a crisis. Without proper succession planning strategies, these retirements can also result in leadership gaps. Further, the FDIC’s budget for 2019 marked the ninth consecutive year of lower annual staffing levels and operating budgets, reflecting the FDIC’s reduced bank failure workload. The FDIC’s authorized staffing level at the beginning of 2019 of 5,901 positions represented a net reduction of 182 positions from 2018 (approximately 3.1 percent) and the operating budget was reduced by 2.3 percent for the same period. 92 GAO, High-Risk Series: Substantial Efforts Needed to Achieve Greater Progress on High-Risk Areas, GAO-19157SP, (March 2019). 93 GAO, Federal Workforce: Talent Management Strategies to Help Agencies Better Compete in a Tight Labor Market, GAO-19-723T, (September 2019). 94 GAO, High-Risk Series: Substantial Efforts Needed to Achieve Greater Progress on High-Risk Areas, GAO-19157SP, (March 2019). 95 GAO, Federal Workforce: Key Talent Management Strategies for Agencies to Better Meet Their Missions, GAO19-181, (March 2019). 96 GAO, Federal Workforce: Key Talent Management Strategies for Agencies to Better Meet Their Missions, GAO19-181, (March 2019). APPENDICES 175 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Retirements and attrition can create opportunities for employees and allow organizations to restructure to meet program goals and fiscal realities. However, if turnover is not strategically monitored and managed, gaps can develop in an organization’s institutional knowledge and leadership. 97 Navigating the Upcoming Retirement Waves in the FDIC’s Primary Divisions Approximately 91 percent of all FDIC employees work in one of the FDIC’s nine primary and support Divisions. We analyzed the data regarding eligibility for retirement of the employees within these Divisions as illustrated in Table A. Based on our review, we found that 30 to 67 percent of the FDIC staff in these Divisions is eligible to retire in the next 5 years. Notably, all but one of the primary FDIC Divisions have retirement eligibility rates that are higher than the Federal Government average of 31.6 percent. FDIC Executives and Managers in the nine Divisions have retirement eligibility rates ranging from 29 to 76 percent. For example, more than three-quarters of FDIC Executives and Managers within the Division of Finance (76 percent) are eligible to retire in the next 5 years. Similarly, 70 percent of Executives and Managers in the Division of Resolutions and Receiverships can retire in the same timeframe. The 5-year retirement rates of Executive Managers and Corporate Managers could result in knowledge and leadership gaps at the FDIC. As recognized by the GAO, retirement waves may result in leadership gaps. 98 These mission-critical skills gaps could impede the capabilities of any agency to achieve its mission, unnecessarily delay decision-making, and reduce program management and oversight. 99 Table A: Retirement Eligibility Statistics for Key FDIC Divisions Division Staff Eligible to Retire in 2024 Division of Resolutions and Receiverships (DRR) Division of Finance (DOF) Legal Division Division of Administration (DOA) Division of Information Technology (DIT) Division of Risk Management Supervision (RMS) Division of Complex Institution Supervision & Resolutions (CISR) Division of Depositor and Consumer Protection (DCP) Division of Insurance and Research (DIR) Executives and Managers Eligible to Retire in 2024 67 percent 61 percent 56 percent 53 percent 46 percent 39 percent 35 percent 70 percent 76 percent 44 percent 57 percent 52 percent 63 percent 29 percent 33 percent 51 percent 30 percent 39 percent Source: OIG analysis of FDIC-provided data as of July 31, 2019. 97 GAO, Federal Workforce: Sustained Attention to Human Capital Leading Practices Can Help Improve Agency Performance, GAO-17-627T, (May 2017). 98 GAO, High-Risk Series: Progress on Many High-Risk Areas, While Substantial Efforts Needed on Others, GAO17-317, (February 2017). 99 Southern California Law Review, Vacant Offices: Delays In Staffing Top Agency Positions, (2008). 176 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) The FDIC faces significant risks regarding retirement eligibility in key Divisions involved in crises readiness efforts. For example, two-thirds of FDIC employees within DRR are eligible to retire by 2024. DRR staff is responsible for managing resolutions and receiverships when banks fail, including ensuring the prompt payment of deposit insurance funds to eligible bank customers. During the financial crisis, the FDIC had the benefit of experienced DRR employees. Absent seasoned employees with knowledge from past crises, the FDIC may not be sufficiently agile and could delay decisions and resolution determinations. DOF, the Legal Division, DOA, and DIT also play important roles to support DRR in a crisis situation when banks fail. These Divisions also face 5-year staff retirement eligibility rates ranging from 46 to 61 percent. DOF staff manages the liquidity of the Deposit Insurance Fund to ensure that money is available to DRR to pay depositors quickly in the event of a bank failure, and attorneys in the Legal Division assist DRR in structuring resolution agreements. DOA staff provides contracting support for DRR, including, for example, the rapid hiring of temporary personnel to address crisis staffing requirements, and DIT provides IT support for necessary computers and servers during bank failures and crises. A significant number of employees responsible for ensuring the safety and soundness of institutions and protecting consumers are also eligible to retire. Specifically, 39 percent of RMS staff is eligible to retire within 5 years, and more than 62 percent of its Executives and Managers may retire over the same period. CISR similarly addresses supervisory and resolution risks for banks with over $100 billion in assets. Staff in CISR has a 5-year retirement eligibility rate of 35 percent. In addition, DCP conducts examinations to ensure that banks meet certain requirements for consumer protection, anti-discrimination, and community reinvestment. Thirtythree percent of its staff is eligible to retire within 5 years, and 51 percent of its Executives and Managers may retire during this same timeframe. All supervision-related Divisions are supported by the banking-sector research and analysis performed by DIR, which has a retirement eligibility rate of 30 percent within the next 5 years. The FDIC should continue to ensure that the institutional knowledge of retirement-eligible employees is captured and passed on to new employees. The FDIC has programs underway to review succession planning and we will monitor those efforts. Navigating the Upcoming Retirement Wave in FDIC Regional Offices The FDIC has six Regional Offices located throughout the country. Regional Offices include members from all FDIC Divisions, but the largest representation of employees is RMS examination staff. The FDIC faces risk due to staff retirement eligibility rates within each of its Regional Offices. Similar to the above analysis regarding each of the FDIC Divisions, we also assessed the data regarding the eligibility for retirement of employees in the Regional Offices. Based on our analysis, as shown in Table B, we found that FDIC employees in these Regional Offices are eligible to retire in the next 5 years at rates ranging from 33 to 53 percent, and retirement rates for Executives and Managers range from 44 to 77 percent. For example, in the Dallas Regional Office alone, more than half of its staff is eligible to retire in the next 5 years, and more than three-quarters of its Executives and Managers can do the same. APPENDICES 177 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Table B: Retirement Eligibility Statistics for FDIC Regional Offices Region Staff Eligible to Retire in 2024 Executives and Managers Eligible to Retire in 2024 53 percent 40 percent 39 percent 37 percent 36 percent 33 percent 77 percent 44 percent 47 percent 58 percent 60 percent 74 percent Dallas New York Atlanta San Francisco Chicago Kansas City Source: OIG analysis of FDIC-provided data as of July 31, 2019. Regional Office personnel are the critical interface between the FDIC and bank management. Regional Office examiners evaluate bank management’s controls to maintain safety and soundness, mitigate cybersecurity risks, and minimize harm to consumers. Regional Office personnel also play a significant role during financial crises. The FDIC’s Dallas Regional Office houses operational capabilities for large-scale bank failures, and it has among the highest rates of retirement eligibility at the FDIC. Addressing Attrition Among FDIC Examiners As of July 31, 2019, 47 percent of FDIC employees were classified as examiners. These examiners are deployed to four FDIC Divisions: RMS, DCP, DIR, and CISR, and to the FDIC’s Corporate University. 100 As shown in Figure 3, at the end of 2019, 14 percent of examiners were eligible to retire. However, that number of retirement-eligible examiners jumps to 25 percent within 3 years (2022) and increases further to 33 percent (one-third of the examiner workforce) in 5 years (2024). Figure 3: FDIC Examiner Retirement Eligibility December 2019 383 (14%) December 2024 884 (33%) December 2022 660 (25%) Source: OIG analysis of FDIC retirement data. In addition, approximately 72 percent of all FDIC examiners are assigned to safety and soundness and IT examination positions within RMS. In 2018, 11 percent of RMS examiners resigned from their position, retired, or were promoted to non-examiners positions within the FDIC; this figure represents a 9-percent increase from the prior year. According to RMS surveys of managers of departing examiners, a significant portion of the attrition rate attributable to resigning examiners was dissatisfaction with the amount of travel required to conduct examinations. The FDIC has noted that safety and soundness examiners spent an average of 89 nights per year away from home, more than 24 percent of the year. 101 100 As of July 31, 2019, the FDIC’s Corporate University had 142 employees training for examiner commissions. Examiners are assigned to Corporate University during their first year of training. 101 Statement of Jelena McWilliams, FDIC Chairman, on Oversight of Financial Regulators before the United States Senate Committee on Banking, Housing, and Urban Affairs, (December 5, 2019). 178 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Examiner attrition is costly. The FDIC invests an average of $620,000 per person to train new hires to become commissioned examiners over the period of 4 years (an average of approximately $155,000 annually per examiner). 102 Historically, entry-level employees hired for examination positions must progress through the FDIC’s Corporate Employee Program (CEP) rotational year, be assigned to a Division, and then meet benchmarks, complete training, and meet technical requirements to become commissioned examiners. 103 During the 4-year examiner pre-commissioning, the FDIC loses between 7 and 8 percent of participants each year at an average cost of about $1.3 million per year. For example, according to RMS statistics, for the five CEP cohorts from 5 years ago (the class of 2014), 35 percent of participants departed before completion of the 4-year commissioning process. In August 2019, the FDIC announced changes to its approach for recruiting, hiring, and training examiners. The planned changes are aimed at improving the process for hiring new examiners and reducing the time for an examiner to attain commission by 6 to 8 months. We have ongoing work to evaluate the FDIC’s allocation and retention of human capital for the examination function. The FDIC should also align its human capital strategy to meet the challenges of rapidly changing bank technology. Community banking is increasingly dependent on a model that relies on technology provided by third-party partners, such as credit bureaus and payment networks, but it also includes new customer-facing and back-office collaborators. 104 The FDIC should have examination staff that understands new technology in order to examine risks. The FDIC should take a strategic approach to align its human capital management with current and future mission requirements, including technology changes. Addressing human capital holistically from planning through retirement allows the FDIC to maximize performance and manage the waves of retirements and attrition. 7|KEEPING FDIC FACILITIES, INFORMATION, AND PERSONNEL SAFE AND SECURE The FDIC is responsible for protecting approximately 6,000 employees and 3,000 contract personnel who work at 94 FDIC-owned or leased facilities throughout the country. The FDIC is also custodian of 338 systems containing sensitive information about banks and PII of employees, contractors, bank management, and bank deposit holders. A total of 174 of the FDIC’s 338 IT systems contain what the agency deems to be “sensitive PII.” The FDIC is challenged to have appropriate processes in place to safeguard facilities, information, and personnel. According to the Worldwide Threat Assessment of the US Intelligence Community 105 (2018) (Threat Assessment), foreign intelligence agencies, terrorist groups, and criminal organizations strive to gain access to proprietary information from the finance industry and attempt to recruit sources such as trusted insiders. 106 According to Verizon’s 2018 Data Breach Investigations 102 Average costs per examiner are based on RMS calculations for the five cohorts of new hires for 2014. The FDIC is eliminating the CEP program in 2020. 104 Accenture, Banking Technology Vision 2019. Governor Michelle W. Bowman, Community Banking in the Age of Innovation, at the “Fed Family” Luncheon at the Federal Reserve Bank of San Francisco, San Francisco, California, (April 11, 2019). 105 Statement for the Record: Worldwide Threat Assessment of the US Intelligence Community (February 13, 2018). 106 Statement for the Record: Worldwide Threat Assessment of the US Intelligence Community (February 13, 2018). 103 APPENDICES 179 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Report, one-third of all cyber breaches of government information is the result of privilege misuse and errors by insiders. 107 A Carnegie Mellon University paper entitled Analytic Approaches to Detect Insider Threats estimated the cost of an insider attack to be $445,000. 108 With an average of 3.8 insider attacks per organization per year across all industries, annual costs to an organization can reach $1.7 million. 109 According to the GAO, a background investigation program should ensure the identification and assessment of individuals with criminal histories and questionable behavior. 110 Background investigations “minimize the risks of unauthorized disclosures of classified information and … help ensure that information about individuals with criminal histories or other questionable behavior is identified and assessed.” 111 Also, Federal managers and supervisors are responsible for assessing facility risk, assigning facility security levels, and determining whether implemented countermeasures effectively mitigate risk. 112 Further, Federal agencies must protect the PII and sensitive information they possess. PII includes any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, Social Security Number (SSN), date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. PII protection includes information contained in IT systems as well as other forms. In March 2019, the GAO identified the protection of privacy and sensitive data as a major challenge for the Federal Government. 113 As of June 2018, the FDIC reported that it maintained 338 information systems containing PII, including 174 systems that contain what the agency deems to be “sensitive PII.” Implementing Risk-Based Physical Security Management The FDIC maintains 94 leased or owned facilities across the country that house approximately 9,000 FDIC employees and contractors. In our evaluation report, The FDIC’s Physical Security Risk Management Process (April 2019), we assessed whether physical security risk management processes met Federal standards and guidelines. We concluded that the FDIC had not established an effective physical security risk management process to ensure that it met ISC standards and guidelines. We found that the FDIC frequently did not document its decisions regarding facility security risks and countermeasures, and such decisions were not guided by defined policies or procedures. Instead, FDIC officials relied on a few experienced employees to make important decisions regarding physical security risks and countermeasures at facilities. Without documentation of 107 th Verizon, 2018 Data Breach Investigations Report, (11 Edition). Carnegie Mellon University Software Engineering Institute, Analytic Approaches to Detect Insider Threats, (December 9, 2015). 109 Carnegie Mellon University Software Engineering Institute, Analytic Approaches to Detect Insider Threats, (December 9, 2015). 110 GAO, High-Risk List: Substantial Efforts Need to Achieve Greater Progress on High-Risk Areas, GAO-19-157SP, (March 6, 2019). 111 GAO, GAO Adds Government-wide Personnel Security Clearance Process to “High Risk List,” GAO Press Release, (January 25, 2018). 112 In 1995, President Clinton, by Executive Order 12977 (October 19, 1995), created the Interagency Security Committee (ISC) in order to issue standards, policies, and best practices to enhance the quality and effectiveness of security in non-military Federal facilities in the United States. 113 GAO, High-Risk Series: Substantial Efforts Needed to Achieve Greater Progress on High-Risk Areas, GAO-19157SP, (March 6, 2019). 108 180 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) these decisions, FDIC executives and oversight bodies were unable to fully consider and review the decisions. We also found that the FDIC did not conduct key activities in a timely or thorough manner for determining facility risk level, assessing security protections in the form of countermeasures, mitigating and accepting risk, and measuring program effectiveness. For example, for one of its medium-risk facilities, the FDIC began, but did not complete, an assessment more than 2½ years after the FDIC occupied the leased space. Collectively, these weaknesses limited the FDIC’s assurance that it met Federal standards for physical security over its facilities. We made nine recommendations to address the weaknesses in the FDIC’s physical security risk management process, and five remained unimplemented at the time of this report. Securing Sensitive and Personally Identifiable Information During 2016, the FDIC reported a series of breaches to Congress as departing employees improperly downloaded sensitive PII, including SSNs, to removable media devices shortly before leaving the FDIC. Collectively, these breaches potentially affected over 121,000 individuals. We reported on the FDIC’s handling of these breaches and its associated controls in four prior reports. 114 In our audit report, The FDIC’s Processes for Responding to Breaches of Personally Identifiable Information (September 2017), we found that the FDIC had processes to evaluate the harm to individuals affected by a breach, but the FDIC did not adequately implement those processes. For example, it took the FDIC more than 9 months to notify individuals affected by a breach. Further, in our OIG Special Inquiry 115 (April 2018) report we noted systemic weaknesses that hindered the FDIC’s ability to respond to multiple information security incidents and breaches efficiently and effectively. The FDIC addressed the 20 recommendations we made in these two reports. In our audit report, The FDIC’s Privacy Program (December 2019), we assessed the effectiveness of the FDIC’s Privacy Program and practices by determining whether the FDIC complied with selected provisions in privacy-related statutes and OMB policy and guidance. 116 The FDIC’s Privacy Program was effective in certain areas. Specifically, the FDIC had implemented a privacy awareness and training program; identified its privacy staffing and budgetary needs; established privacy competency requirements for key staff; and took steps to ensure contractor compliance with privacy programs. However, we found that the FDIC’s controls and practices for its Privacy Program in four areas assessed were either partially effective or not effective, because they did not comply with all relevant privacy laws and/or OMB policy and guidance. Specifically, the FDIC did not: 114 See OIG Reports, The FDIC’s Process for Identifying and Reporting Major Information Security Incidents (FDIC OIG AUD-16-004) (July 2016, revised February 2017); The FDIC’s Processes for Responding to Breaches of Personally Identifiable Information (FDIC OIG AUD-17-006) (September 2017); Controls over Separating Personnel’s Access to Sensitive Information (FDIC OIG EVAL-17-007) (September 2017); and The FDIC’s Response, Reporting, and Interactions with Congress Concerning Information Security Incidents and Breaches (FDIC OIG-18-001) (April 2018). 115 OIG Special Inquiry Report, The FDIC’s Response, Reporting, and Interactions with Congress Concerning Information Security Incidents and Breaches (April 2018). 116 Privacy Act of 1974, 5 U.S.C. § 552a; Section 208 of the E-Government Act of 2002, Pub. L. No. 107-347, 116 Stat. 2899 (codified at 44 U.S.C. § 3501 note); Section 522 of the Consolidated Appropriations Act of 2005, Pub. L. No. 108-447, 118 Stat. 2809, amended by Consolidated Appropriations Act of 2008, Pub. L. No. 110-161, 121 Stat. 1844 (codified as amended at 42 U.S.C. § 2000ee-2); Designation of Senior Agency Officials for Privacy (OMB Memorandum M-05-08) (February 11, 2005); OMB Circular A-130, Managing Information as a Strategic Resource (July 28, 2016). APPENDICES 181 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Fully integrate privacy considerations into its risk management framework designed to categorize information systems, establish system privacy plans, and select and continuously monitor system privacy controls; Adequately define the responsibilities of the Deputy Chief Privacy Officer or implement Records and Information Management Unit responsibilities for supporting the Privacy Program; Effectively manage or secure PII stored in network shared drives and in hard copy, or dispose of PII within established timeframes; and Ensure that Privacy Impact Assessments 117 were always completed, monitored, published, and retired in a timely manner. Weaknesses in the FDIC’s Privacy Program increased the risk of PII loss, theft, and unauthorized access or disclosure, which could lead to identity theft or other forms of consumer fraud against individuals. In addition, weaknesses related to the management of Privacy Impact Assessments reduced transparency regarding the FDIC’s practices for handling and protecting PII. Our report contained 14 recommendations intended to strengthen the effectiveness of the FDIC’s Privacy Program and practices. In addition, in our audit report, The FDIC’s Information Security Program – 2019 (October 2019), we noted that the FDIC did not adequately control access to sensitive information and PII stored on its internal network and in hard copy. For example, we identified instances in which sensitive information stored on internal network shared drives was not restricted to authorized users. We also conducted unannounced walkthroughs of selected FDIC facilities and identified significant quantities of sensitive hard copy information stored in unlocked filing cabinets and boxes in building hallways. The majority of unsecured sensitive information we found was stored in unlocked filing cabinets and boxes in building hallways. Examples included: Confidential bank examination information, such as Reports of Examination; Suspicious Activity Reports; Sensitive PII, such as reports containing names, SSNs, and dates of birth; Legal documents, analyses, and correspondence pertaining to investigations, litigation, claims, and settlements; Portable storage media, including a computer hard drive and CDs/DVDs (one of which was marked confidential); and Contracting and procurement sensitive information. We recommended that employees and contractor personnel properly safeguard sensitive electronic and hardcopy information. The FDIC took immediate action to secure information identified by the OIG. 117 The E-Government Act of 2002 requires, among other things, that Federal agencies conduct Privacy Impact Assessments that analyze how personal information is collected, stored, shared, and managed in a Federal system. See Government Accountability Office, Privacy: Federal Law Should Be Updated to Address Changing Technology Landscape, GAO-12-961T, (July 31, 2012). 182 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Securing the FDIC’s Supply Chain Figure 4: Supply Chain Risk View According to the GAO, the supply chain is “the set of organizations, people, activities, and resources that create and move a product from suppliers to end users.” 118 As shown in Figure 4, an organization may have reduced visibility, understanding, and control of relationships with vendors who rely on second- and third-tier suppliers and service providers. Risks are realized when the supply chain exploits existing vulnerabilities though it may take years for such exploitation to occur or for an agency to discover the exploitation. 119 The GAO noted that key supply chain threats include: Source: NIST Publication 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations. Installation of hardware or software containing malicious logic causing significant damage by allowing attackers to take control of entire systems and read, modify, or delete sensitive information, disrupt operations, launch attacks against other organizations’ systems, or destroy systems. Installation of counterfeit hardware or software threatening the integrity, trustworthiness, and reliability of information systems because they fail more often and more quickly, and provide an opportunity to insert a back door to give an intruder remote access. Failure or disruption in the production or distribution of critical products, including manmade and natural disruptions of the supply of IT products critical to federal agencies. Reliance on a malicious or unqualified service provider who can use its access to systems and data to gain access to information, commit fraud, disrupt operations, or launch attacks against other computers or networks. Installation of hardware or software that contains unintentional vulnerabilities such that defects in code or misconfigurations can be exploited to gain access to information systems and data and disrupt service. 120 An example of supply chain risk is the Federal Government’s limitation on the purchase of telecommunications equipment from Huawei because of concern that the Chinese government can access phone calls and information. 121 The FDIC does not have a comprehensive, FDIC-wide supply chain risk policy. The FDIC’s Chief Information Officer Organization (CIOO) established a Policy on Supply Chain Risk Management in July 2019 that applies to CIOO employees who “participate, support, and are involved with the procurement and acquisition process of IT products.” Other FDIC Divisions and Offices are not bound by and may not be aware of the CIOO Policy. The FDIC established a Supply Chain Risk Management Steering Committee in 2019 to address this area of risk. We have work planned to assess the FDIC’s supply chain risk mitigation. 118 GAO, Information Security: Supply Chain Risks Affecting Federal Agencies, GAO-18-667T, (July 12, 2018). National Institute of Standards and Technology (NIST) Publication 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations. 120 GAO, Information Security: Supply Chain Risks Affecting Federal Agencies, GAO-18-667T, (July 12, 2018). 121 The New York Times, U.S. Moves to Ban Huawei From Government Contracts, (August 7, 2019). 119 APPENDICES 183 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Sustaining a Work Environment Free from Discrimination, Harassment, and Retaliation Federal facilities should also have working environments that are free from intimidating, hostile, or offensive behaviors. Employee behaviors such as sexual harassment can undermine an agency’s mission by creating a hostile work environment that lowers productivity and morale, affects the agency’s authority and credibility, and exposes the agency to litigation risk and costs. The FDIC reported receiving a total of just 9 allegations of sexual harassment over a 3½-year period (January 2015 to June 2018). However, when the Merit Systems Protection Board (MSPB) conducted a survey in 2016 (based on data from 2014 to 2016), the MSPB found that approximately 9 percent of the 427 FDIC employees who responded to the survey (40 employees) indicated they had experienced sexual harassment. We have ongoing work to review the FDIC’s program for addressing sexual harassment allegations. Conducting Background Investigations During late 2015 and early 2016, the FDIC experienced eight incidents as departing employees improperly took sensitive information shortly before leaving the FDIC. Seven incidents involved PII, including Social Security Numbers, and thus constituted data breaches. In the eighth incident, the departing employee took highly sensitive components of resolution plans submitted by certain large systemically important financial institutions without authorization. FDIC employees and contractors are subject to background investigations commensurate with the sensitivity of their positions, scope of responsibility, and access to classified National Security Information. 122 The FDIC’s Personnel Security and Suitability Program (PSSP) aims to ensure that FDIC employees and contractors have suitable character, reputation, honesty, integrity, and trustworthiness. A strong PSSP reduces the risk of employee or contractor information breaches and identifies potential issues for the FDIC’s Insider Threat Program. 123 The FDIC does not have a policy to ensure proper coordination and collaboration among its PSSP and its Insider Threat Program. As a result, program interconnections are made at the discretion of program personnel. Absent standard criteria for the referral of potential insider threat issues from the PSSP to the Insider Threat Program Manager, threat information may not be shared. We have an evaluation underway to assess the current state of the FDIC’s Personnel Security and Suitability Program. The protection of employees, contractors, facilities, and information is paramount for the execution of the FDIC’s mission and the protection of the privacy of FDIC personnel and contractors as well as financial institution customers and employees. The FDIC should ensure that it implements appropriate controls to assess the suitability of its employees and contractors and provide them with safe facilities in which to conduct their work. FDIC employees and contractors must also be responsible in protecting sensitive information and individual privacy. 122 FDIC Circular 1610.2, Personnel Security Policy and Procedures for FDIC Contractors; Circular 1600.3, National Security Program; and Circular 2120.1, Personnel Suitability Program. 123 Security Executive Agent Directive 3, Reporting Requirements for Personnel with Access to Classified Information or Who Hold a Sensitive Position, (June 12, 2017). 184 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) 8|ADMINISTERING THE ACQUISITION PROCESS The FDIC relies on contractors for day-to-day support of its mission. In 2018, the FDIC spent nearly $500 million on contracts, with the largest expenditures for IT and administrative support services. The FDIC currently oversees acquisitions on a contract-by-contract basis—rather than on a portfolio-wide basis—and it does not have an effective contracting management information system to readily gather, analyze, and report portfolio-wide contract information across the Agency and does not maintain certain key data elements. Therefore, FDIC officials cannot readily analyze historical contracting trends across the portfolio and identify anomalies. In addition, contracting demands are expected to increase as the FDIC modernizes its IT program and systems and moves to cloud computing. Further, FDIC contracting staff may experience significant spikes in contracting work during periods of crises. FDIC contract oversight should also include consideration of supply chain risks for acquired products and services. According to the GAO, about 40 percent of the Government’s discretionary spending is for goods and services contracts. 124 In Fiscal Year 2018, the Federal Government spent more than $550 billion on these contracts, an increase of more than $100 billion from 2015. The Administration found that major government acquisitions often failed to achieve their goals because of project management skill shortcomings among Federal procurement staff. 125 Similarly, the GAO found that Federal agencies continue to award management support service contracts but raised questions about agencies’ capacity to manage those contracts. 126 Specifically, the GAO identified three challenges aligned with the contracting life cycle: (1) requirements definition, (2) competition and pricing, and (3) contractor oversight. The GAO noted that heavy workloads of contract officials at one agency made it difficult for them to oversee contracts and ensure contractors’ adherence to contract terms. 127 The FDIC procures goods and services to augment its internal resources and help the Agency achieve its mission. FDIC contracting requirements increase significantly during times of crises to address the FDIC’s receivership responsibilities. The FDIC DOA Acquisition Services Branch (ASB) works with Oversight Managers (OMs) from FDIC Divisions and Offices to provide oversight of FDIC procurements. As shown in Figure 5, ASB awarded more than 2,400 contracts valued at over $1.5 billion over a 3-year period from 2016 to 2018. The average annual awarded amount per contract for these 3 years was more than $675,000. 124 GAO WatchBlog, Federal Government Contracting for Fiscal Year 2018 (infographic) posted May 28, 2019. GAO launched its WatchBlog in January 2014, as part of its continuing effort to reach its audiences—Congress and the American people—where they are currently looking for information. 125 President’s Management Agenda, (March 20, 2018). 126 GAO, Federal Acquisitions: Congress and the Executive Branch Have Taken Steps to Address Key Issues, but Challenges Endure, GAO-18-627, (September 2018). 127 GAO, Federal Acquisitions: Congress and the Executive Branch Have Taken Steps to Address Key Issues, but Challenges Endure, GAO-18-627, (September 2018) (Heavy workloads were noted for the Department of Veterans Affairs.) APPENDICES 185 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Figure 5: FDIC Total Dollar Value of Contract Awards 2016-2018 530,000,000 525,000,000 520,000,000 515,000,000 510,000,000 505,000,000 500,000,000 495,000,000 490,000,000 485,000,000 2016 2017 2018 Total Awarded Amount Source: FDIC Analysis of FDIC Contract Awards. In 2018, the FDIC’s DIT, DOA, and DRR accounted for over 96 percent of contracts and contracting dollar awards. The Chief Information Officer Organization identified specific acquisition strategies to sustain legacy systems, modernize information technology, and adapt to change. DIT expects to increase contracting activity as it implements the FDIC’s IT Modernization Plan. Strengthening FDIC Contract Oversight Our evaluation report, Contract Oversight Management (October 2019), concluded that the FDIC must strengthen its contract oversight management. We found that the FDIC needed to improve its contracting management information system, contract documentation, the training and certification of certain OMs, and workload capacity of OMs for one Division. Specifically, we found that the FDIC was overseeing acquisitions on a contract-by-contract basis rather than on a portfolio basis and did not have an effective contracting management information system to readily gather, analyze, and report portfolio-wide contract information across the Agency. For example, the FDIC's contracting system did not maintain certain key data in a manner necessary to conduct historical trend analyses, plan for future acquisition decisions, and assess risk in the FDIC's awarded contract portfolio. As a result, FDIC Board Members and other senior management officials were not provided with a portfolio-wide view or the ability to analyze historical contracting trends across the portfolio, identify anomalies, and perform ad hoc analyses to identify risk or plan for future acquisitions. Additionally, 20 percent of the contracts executed between 2013 and 2017 (1,518 of 7,786) did not have contract pricing arrangement information entered into the FDIC’s Automated Procurement System. Without complete data, the FDIC cannot readily analyze the contract pricing arrangements across the FDIC’s contract portfolio. We also found that contract files maintained by OMs were often incomplete, and that OMs were unable to produce the missing contract documentation, such as critical records relating to inspection and acceptance. Without this documentation, the FDIC could incur additional costs to recover or replace lost documentation and could have difficulty enforcing the contract in the event of contractor noncompliance. Further, OMs improperly uploaded contractor deliverable documentation containing PII to the FDIC’s contacting system known as CEFile for one of our four sampled contracts covering 186 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) property management services for failed bank properties. Because CEFile was not identified as a system to retain PII, the FDIC was not monitoring CEFile for PII. Therefore, there was a risk that the PII in CEFile could be improperly accessed, printed, and removed. The FDIC subsequently took action to remove the PII from CEFile. We also found that the workload for OMs in DIT was 67-percent higher than another FDIC Division with a similar-sized contract portfolio. DIT acknowledged that insufficient OM capacity put it at risk for ineffective oversight. We made 12 recommendations in the Contract Oversight Management report. In two previous OIG evaluation reports, we identified similar issues involving DIT oversight. In Payments to Pragmatics, Inc. (December 2018), we determined that about 10 percent of the labor charges we reviewed were not adequately supported or allowable under the contract and related task orders. The unsupported labor charges were for hours billed by two subcontractor employees who did not access the FDIC’s network or facilities on the days they charged the hours. In addition, we identified unallowable labor charges for work performed offsite, away from FDIC facilities. In the FDIC’s Failed Bank Data Services Project (March 2017), we reviewed transition costs ($24.4 million) of a 10-year project to replace the FDIC’s information systems for processing bank data for failed financial institutions. We found that the FDIC faced challenges related to defining contract requirements, coordinating contracting and program office personnel, and establishing implementation milestones. We reported that FDIC personnel did not fully understand the requirements for transitioning failed financial institution data and services to a new contractor, or communicate these requirements to bidders in a comprehensive transition plan as part of the solicitation. Further, the FDIC did not establish clear expectations in the contract documents and did not implement a project management framework and plans. Reviewing for Supply Chain Risk When an agency contracts for goods and services that will be introduced into its environment, the agency might encounter risks related to product and service supply chains. Management of supply chain risk requires “ensuring the integrity, security, quality, and resilience of the supply chain and its products and services.” 128 Supply chain risk is not limited to equipment. Contractor personnel also pose security risks to organizations, especially contractors involved in systems development. Contractors with malicious intent may be able to insert harmful hardware or malicious code into FDIC systems. NIST advises organizations to take a holistic, enterprise-wide approach to managing supply chain risks. 129 Organizational best practices include executive-level involvement in supply chain risk management decision-making and cross-functional leadership structures to break down silos. In addition, as required by statute, OMB has initiated a Federal Acquisition Security 128 NIST, Cyber Supply Chain Risk Management, (May 24, 2016). NIST Special Publication 800-161, Supply Chain Risk Management for Federal Information Systems and Organizations, (April 2015). 129 APPENDICES 187 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) Council to assist Federal agencies in determining supply chain risk, sharing supply chain risk information, and deciding on actions to mitigate risk. 130 As mentioned previously, the FDIC does not have a comprehensive, FDIC-wide supply chain risk policy. The FDIC’s CIOO has a supply chain risk policy applicable to CIOO IT procurements. Thus, FDIC personnel outside the CIOO are not currently required to consider or mitigate supply chain risks as part of procurement activities. Further, the responsibility of managing FDIC supply chain risk is not within the FDIC’s contracting staff but is a collateral duty for the FDIC’s Insider Threat Program Manager. As a result, supply chain risk management is not the focus of those involved in the contracting process. The FDIC established a Supply Chain Risk Management Steering Committee in 2019 to address this area of risk. We will be monitoring and assessing the FDIC’s efforts in this regard. Contracting is an important function at the FDIC because of the Agency’s reliance on outsourced services, especially during times of crises. In order to establish an effective contracting oversight program, the FDIC should maintain a contracting system that can readily provide an adequate portfolio-wide view of the Agency’s acquisitions. In addition, the FDIC should establish an effective program to manage and mitigate supply chain risks. 9|MEASURING COSTS AND BENEFITS OF FDIC REGULATIONS Financial regulations significantly affect banks and their customers. The FDIC does not currently have a consistent process in place to determine when and how to conduct cost benefit analysis in order to ensure that the benefits of a regulation justify its costs. Further, the FDIC does not have criteria in place to distinguish among rules which are sufficiently “significant” to require cost benefit analysis. Absent clear processes and criteria, demonstrating that FDIC regulations justify their costs remains a fundamental challenge. We also note that the FDIC does not conduct retrospective cost benefit analyses on existing rules. Performing such analyses would help the FDIC ensure that its rules are effective and achieve their intended objectives/outcomes. According to a study by the Federal Reserve Bank of St. Louis, regulatory compliance costs as a percentage of overall non-interest expense for small banks are nearly twice those of larger banks. 131 As shown in Figure 6, for the years of 2015 through 2017, small banks (less than $100 million in assets) incurred total compliance costs at 9.8 percent of their noninterest expenses. By comparison, banks with $1 to $10 billion in assets had compliance costs at 5.3 percent of their noninterest expenses for the same period. 130 Director of National Intelligence, Supply Chain Risk Management, National Supply Chain Integrity Month, (April 24, 2019). See also The Strengthening and Enhancing Cyber-capabilities by Utilizing Risk Exposure Technology Act of 2018, Public Law No. 115-390 (December 21, 2018) (“SECURE Technology Act”). Title II of the Act established the Federal Acquisition Security Council (FASC). 131 Federal Reserve Bank of St. Louis, Compliance Costs, Economies of Scale and Compliance Performance, Evidence from a Survey of Community Banks, (April 2018). 188 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) In August 2018, the FDIC Chairman stated that a top priority for the Agency was to review the regulatory burden on small banks. 132 She further emphasized the need to balance regulatory safety and soundness requirements without impeding banks’ ability to compete. The challenge, she indicated, is to ensure that FDIC regulations are appropriate to the size and complexity of the banks that the FDIC supervises. 133 Figure 6: Total Compliance Expenses as a Percentage of Noninterest Expenses Quantifying Costs and Benefits According to the FDIC’s Statement of Policy on the Development and Review of Regulations and Policies, the FDIC uses available information to evaluate the costs and benefits of reasonable and potential regulations or statements Source: Federal Reserve Bank of St. Louis, April 2018. of policy. Quantifying both the costs and benefits of significant financial regulations is challenging, and it often may be imprecise and unreliable. 134 Performing such analysis can be difficult, because it involves theory, modeling, statistical analysis, and other tools to predict future outcomes based on certain assumptions. 135 For example, it may be difficult to estimate the cost of a financial crisis and the benefits of regulations aimed to eliminate the crisis. 136 Congress acknowledged the difficulty in measuring costs and benefits when introducing the Independent Agency Regulatory Analysis Act (March 25, 2019). This Act requires agencies to “assess the costs and benefits of the intended rule and, recognizing that some costs and benefits are difficult to quantify, propose or adopt a rule only upon a reasoned determination that the benefits of the rule justify the costs.” 137 In our evaluation report, Cost Benefit Analysis Process for Rulemaking (February 2020), we evaluated whether the FDIC’s cost benefit analysis process for rules was consistent with best practices. We found that the FDIC’s cost benefit analysis was not consistent with best practices, because the FDIC did not: Establish and document a process to determine when and how to perform a cost benefit analysis; Leverage the expertise of its economists when rules were initially developed; Require the FDIC Chief Economist to concur on the cost benefit analyses performed; Disclose its cost benefit analyses to the public; and Perform cost benefit analyses after final rule issuance. 132 Wall Street Journal, New FDIC Leader Joins Push to Re-Evaluate Banking Rulebook, (August 6, 2018). Jelena McWilliams, FDIC Chairman, “Principles of Supervision,” delivered at the American Bar Association Banking Law Committee Annual Meeting (January 11, 2019). 134 Yale Law Review, Cost-Benefit Analysis of Financial Regulation: A Reply, (January 22, 2015). 135 Congressional Research Service, Cost-Benefit Analysis and Financial Regulator Rulemaking, (April 12, 2017). 136 The University of Chicago Journal of Legal Studies, Challenges for Cost-Benefit Analysis of Financial Regulation, (June 2014). 137 Independent Agency Regulatory Analysis Act, S. 869, United States Senate, (March 26, 2019). 133 APPENDICES 189 ANNUAL REPORT OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) The FDIC’s rulemaking process resulted in inconsistent practices for conducting cost benefit analyses. As shown in Figure 7, based on our review of rules promulgated by the FDIC from January 2016 to December 2018, we found that the FDIC performed cost benefit analyses on 37 percent of the final rules published in the Figure 7: Cost Benefit Analysis Performance Federal Register. The FDIC did not explain in the accompanying Federal Register notices why 15 rules needed a cost benefit analysis and the other 25 rules did not. These rules lacking a cost benefit analysis included both substantive rules and technical modifications. The FDIC also did not have an established process for determining how to perform cost benefit analyses. Based on our review, we found that the FDIC performed an in-depth cost benefit analysis 138 on only 10 percent of the final rules published in the Federal Register. Source: OIG analysis of FDIC rules published in the In addition, the depth of analysis that the FDIC Federal register. performed did not always align with the rule’s 139 degree of significance. We found substantive rules without corresponding cost benefit analyses, and less substantive rules with cost benefit analyses. The process used by the FDIC did not ensure that the Agency identified and defined a proposed rule’s degree of significance, and that the Agency appropriately and consistently analyzed costs and benefits. We also noted that the FDIC did not conduct retrospective cost benefit analyses on existing rules. 140 Without performing cost benefit analyses of existing rules, the FDIC may not identify duplicative, outdated, or overly burdensome rules in a timely manner. In addition, the FDIC may not ensure that its rules are effective and achieve their intended objectives/outcomes. We made five recommendations to the FDIC to improve the cost benefit analysis in its rulemaking process. 138 The OIG defines an “in-depth” cost benefit analysis as a cost benefit analysis that contains supporting quantitative and qualitative data and analysis of the proposed action and main alternatives identified. 139 Executive Order 12866 advises Federal agencies, not including the FDIC, to conduct in-depth cost benefit analyses for certain significant regulatory actions. The order defines significant regulatory action as any regulatory action that is likely to result in a rule that may: (1) have an annual effect on the economy of $100 million or more, or adversely affect in a material way the economy, or a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or State, local, or tribal governments or communities; (2) Create a serious inconsistency or otherwise interfere with an action taken or planned by another agency; (3) Materially alter the budgetary impact of entitlements, grants, user fees, or loan programs or the rights and obligations of recipients thereof; or (4) Raise novel legal or policy issues arising out of legal mandates, the President’s priorities, or the principles set forth in this order. 140 Under the Economic Growth and Regulatory Paperwork Reduction Act of 1996 (EGRPRA) (12 U.S.C. § 3311 (1996)), the FFIEC and certain member agencies (Federal bank regulators – FDIC, OCC, and FRB), and the NCUA (as a participating member), are directed to conduct a joint review of their regulations every 10 years and to consider whether any of those regulations are outdated, unnecessary, or unduly burdensome. Since Congress enacted EGRPRA in 1996, the FDIC (jointly with other agencies under the FFIEC) has completed two reviews and submitted two reports to Congress – the first report was submitted in 2007 and the second report was submitted in 2017. The FDIC performed these reviews over a period of several years, and commenced the second EGRPRA review in 2014. The FDIC’s EGRPRA review process was a reactive review process that relied solely on public comments to identify and initiate Agency action on rules that may be outdated, unnecessary, or unduly burdensome. 190 APPENDICES 2019 OFFICE OF INSPECTOR GENERAL’S ASSESSMENT (continued) On December 3, 2019, the FDIC issued a Request for Information seeking comment on approaches to analyzing the effects of its regulatory actions and alternatives. In addition, on November 4, 2019, the FDIC announced a reorganization that moved the regulatory analysis function from the Office of the Chief Economist to the Research and Regulatory Analysis Branch, which also houses the FDIC’s Center for Financial Research. We will continue to monitor this realignment. The FDIC should accurately measure costs and benefits to ensure that regulations strike the proper balance between the safety and soundness at institutions and regulatory burden. Also, the FDIC should have transparent processes in place to obtain and assess reliable information to measure the impact of regulatory action. Absent such processes, FDIC rules may impose burdensome costs on banks and consumers. APPENDICES 191 ANNUAL REPORT D. ACRONYMS AND INITIALISMS ACLs Allowances for Credit Losses CIO Chief Information Officer AEI Alliance for Economic Inclusion CIOO Chief Information Officer Organization AFS Available-For-Sale CISR AHDP Affordable Housing Disposition Program Division of Complex Institution Supervision and Resolution CMG Crisis Management Group ALLL Allowance for Loan and Lease Losses CMP Civil Money Penalty AML Anti-Money Laundering ComE-IN ANPR Advanced Notice of Proposed Rulemaking Advisory Committee on Economic Inclusion CRA Community Reinvestment Act ASBA Association of Supervisors of Banks of the Americas CSBS Conference of State Bank Supervisors ASC Accounting Standards Codification CSRS Civil Service Retirement System BCBS Basel Committee on Banking Supervision D&I Diversity and Inclusion DCP BDC Backup Data Center Division of Depositor and Consumer Protection BoA Bank of America DFA Dodd-Frank Act BSA Bank Secrecy Act DHS Department of Homeland Security BSA/AML Bank Secrecy Act/ Anti-Money Laundering DIF Deposit Insurance Fund DIR Division of Insurance and Research Call Report Consolidated Reports of Condition and Income DIT Division of Information Technology DOA Division of Administration CAMELS adequacy of Capital, quality of Assets, capability of Management, quality and level of Earnings, adequacy of Liquidity, and Sensitivity to market risk DOJ Department of Justice DRR Designated Reserve Ratio DRR (FDIC) Division of Resolutions and Receiverships EAC Executive Advisory Council EDIE Electronic Deposit Insurance Estimator EGRPRA Economic Growth and Regulatory Paperwork Reduction Act of 1996 CBAC Advisory Committee on Community Banking CBLR Community Bank Leverage Ratio CCP Central Counterparties CDFI Community Development Financial Institution EGRRCPA CECL Current Expected Credit Losses Economic Growth, Regulatory Relief, and Consumer Protection Act CEO Chief Executive Officer EU European Union CEP Corporate Employee Program ERM Enterprise Risk Management CFI Complex Financial Institution FAQ Frequently Asked Questions CFO Act Chief Financial Officers’ Act FASB Financial Accounting Standards Board CFPB Consumer Financial Protection Bureau FBIIC Financial and Banking Information Infrastructure Committee CFR Center for Financial Research FBO Foreign Bank Organization CFTC Commodity Futures Trading Commission FCA Farm Credit Administration 192 APPENDICES 2019 FDI Act Federal Deposit Insurance Act G-SIBs Global Systemically Important Banks FDIC Federal Deposit Insurance Corporation HVCRE FDiTech FDIC Tech Lab High Volatility Commercial Real Estate FEHB Federal Employees Health Benefits HMDA Home Mortgage Disclosure Act FEMA Federal Emergency Management Agency IADI International Association of Deposit Insurers FERS Federal Employees Retirement System IDI Insured Depository Institution FFB Federal Financing Bank IHCs Intermediate Holding Companies FFIEC Federal Financial Institutions Examination Council IMF International Monetary Fund IMM Internal Models Method FFMIA Federal Financial Management Improvement Act InTREx Information Technology Risk Examination Program FHFA Federal Housing Finance Agency ISM Information Security Manager FICO Financing Corporation IT Information Technology FIL Financial Institution Letter LBSB Large Bank Supervision Branch FinCEN Financial Crimes Enforcement Network LCFIs FINRA Financial Industry Regulatory Authority Large and Complex Financial Institutions LIBOR London Inter-bank Offered Rate FinTech Financial Technology LIDI Large Insured Depository Institution FIRREA Financial Institutions Reform, Recovery and Enforcement Act LURA Land Use Restriction Agreement FIS Financial Institution Specialists MDI Minority Depository Institutions FISMA Federal Information Security Modernization Act of 2014 MOL Maximum Obligation Limitation MOU Memoranda of Understanding FMFIA Federal Managers’ Financial Integrity Act MRBA Matters Requiring Board Attention MWOB Minority- and Women-Owned Business FRB Board of Governors of the Federal Reserve System MWOLF Minority-and Women-Owned Law Firms FRF FSLIC Resolution Fund NCUA National Credit Union Administration FSB Financial Stability Board NIST FS-ISAC Financial Services Information Sharing and Analysis Center National Institute of Standards and Technology NPR Notice of Proposed Rulemaking FSLIC Federal Savings and Loan Insurance Corporation NSFR Net Stable Funding Ratio OCC FSOC Financial Stability Oversight Council Office of the Comptroller of the Currency FTE Full-Time Equivalent OCFI GAAP Generally Accepted Accounting Principles Office of Complex Financial Institutions OIG Office of the Inspector General GAO U.S. Government Accountability Office OJT On-the-Job Training GPRA Government Performance and Results Act OLF Orderly Liquidation Fund OMB U.S. Office of Management and Budget APPENDICES 193 ANNUAL REPORT OMWI Office of Minority and Women Inclusion SBA Small Business Administration OO Office of the Ombudsman SEC Securities and Exchange Commission OPM U.S. Office of Personnel Management SIFI Systemically Important Financial Institution OTACs One-Time Assessment Credits SLA Shared-Loss Agreement OTS Office of Thrift Supervision SMS Systemic Monitoring System P&A Purchase and Assumption SNC Shared National Credit Program PCM Privacy Continuous Monitoring SOC Security Operations Center PII Personally Identifiable Information SORNs System of Record Notices PTFA Protecting Tenants at Foreclosure Act SRAC Q&A Questions and Answers Systemic Resolution Advisory Committee QBP Quarterly Banking Profile SRR SIFI Risk Report REFCORP Resolution Funding Corporation SSGN Structured Sale of Guaranteed Note REMA Reasonably Expected Market Area TILA Truth in Lending Act ReSG FSB’s Resolution Steering Group TRID RESPA Real Estate Settlement Procedures Act TILA RESPA Integrated Disclosure Rule RMIC Risk Management and Internal Controls TSP Federal Thrift Savings Plan RMS Division of Risk Management Supervision RTC Resolution Trust Corporation SA-CCR Standardized Approach for Counterparty Credit Risk 194 TSP (IT-related) Technology Service Providers URSIT Uniform Rating System for Information Technology VIEs Variable Interest Entities WARM Weighted Average Remaining Maturity YSP Youth Savings Program APPENDICES N OT E S NOT E S 2019 Federal Deposit Insurance Corporation This Annual Report was produced by talented and dedicated staff. To these individuals, we would like to offer our sincere thanks and appreciation. Special recognition is given to the following for their contributions: ❏ Jannie F. Eaddy ❏ Barbara A. Glasby ❏ Financial Reporting Section Staff ❏ Division and Office Points-of-Contact FEDERAL DEPOSIT INSURANCE CORPORATION H H H FEDERAL DEPOSIT INSURANCE CORPORATION 550 17th Street, N.W. Washington, DC 20429-9990 www.fdic.gov FDIC-003-2020 H H H