|
 |
 |
 |
 |
|
The FDIC, the other federal financial institution regulatory agencies, the Securities and Exchange Commission, and the Federal Trade Commission have jointly published the attached final rules to implement the affiliate marketing provisions of the Fair Credit Reporting Act (FCRA) as amended by the Fair and Accurate Credit Transactions Act (FACT Act.) The final rules implement Section 214 of the FACT Act, which generally prohibits a person from using information received from an affiliate to make a solicitation for marketing purposes to a consumer, unless the consumer
The Federal Deposit Insurance Corporation (FDIC) today approved the final rule implementing the Advanced Approaches of the Basel II Capital Accord. The new rules are a significant change in regulatory practice, in that they require some large banks to calculate capital requirements using their own internal, model-driven risk estimates.
Summary: The FDIC is requesting comments on the attached proposed amendments to Part 363 of its regulations, which sets forth annual independent audit and reporting requirements for insured institutions with $500 million or more in total assets.
Summary: The Department of the Treasury's Office of Foreign Assets Control has added new entries to its Specially Designated Nationals and Blocked Persons list.
The federal financial institution regulatory agencies and the Federal Trade Commission have sent to the Federal Register for publication final rules on identity theft “red flags” and address discrepancies. The final rules implement sections 114 and 315 of the Fair and Accurate Credit Transactions Act of 2003. The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft
Final Regulation R-Exceptions and Exemptions for Banks from the Definition of "Broker" FIL-92-2007, October 25, 2007 Summary: On October 3, 2007, the Board of Governors of the Federal Reserve System (Board) and the U.S. Securities and Exchange Commission (SEC) published the attached final rules that implement provisions of the Gramm-Leach-Bliley Act (GLBA) that except banks from the definition of "broker" under the Securities Exchange Act of 1934 when they conduct certain securities transactions.
The federal financial regulatory agencies issued final rules today that provide consumers with an opportunity to "opt out" before a financial institution uses information provided by an affiliated company to market its products and services to the consumer. The final rules on affiliate marketing implement section 214 of the Fair and Accurate Credit Transactions Act of 2003, which amends the Fair Credit Reporting Act (FCRA).
The FDIC Advisory Committee on Economic Inclusion (ComE-IN) will convene on October 24 to examine money services businesses (MSBs) and their access to banking services. The committee will hear from experts on the challenges facing the MSB industry as well as from bankers who have successful relationships with MSBs.
The federal bank and thrift agencies issued final rules on Friday expanding the range of small institutions eligible for an extended 18-month on-site examination cycle. The final rules allow well-capitalized and well-managed banks and savings associations with up to $500 million in total assets and a composite CAMELS rating of 1 or 2 to qualify for an 18-month (rather than a 12-month) on-site examination cycle.
Summary: The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in areas of Illinois that suffered major damage from storms and flooding.
Summary: In an update to FIL-75-2007, the Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in additional areas of Ohio and Wisconsin that are suffering from storms and flooding.
Summary: In an update to FIL-61-2007 and FIL-68-2007, the Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in additional areas of Oklahoma that are suffering from storms and flooding.
Summary: The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in areas of Minnesota, Wisconsin and Ohio that have suffered major damage from storms and flooding.
Fraudulent letters claiming to be from the Office of the Comptroller of the Currency are being sent to U.S. bank customers in an attempt to elicit funds. The Office of the Comptroller of the Currency (OCC) has notified the Federal Deposit Insurance Corporation (FDIC) that fraudulent letters are in circulation that concern the release of funds supposedly under the control of the International Monetary Unit (IMU) of the European Commission in Belgium. The letter is being sent to U.S. bank customers and indicates that in accordance with international monetary policy, monies are being held until the recipient can produce the necessary documents, which include a Money Laundering/Drug Free Clearance Certificate and an Anti-Terrorist Clearance and Capital Transfer Certificate. According to the European Commission's recent warning, victims are directed to pay approximately $25,000 (U.S. dollars) to obtain these bogus documents.
Summary: The Federal Financial Institutions Examination Council (FFIEC) released the revised Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual on August 24, 2007. Highlights:
Summary: The federal financial regulatory agencies have issued the attached statement setting forth the policy for enforcing specific anti-money laundering (AML) requirements of the Bank Secrecy Act (BSA). Highlights:
In an update to FIL-61-2007, dated July 6, 2007, the Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in additional areas of Texas and Oklahoma that are suffering from storms and flooding. Highlights: * Severe storms, tornadoes and flooding have caused significant damage to areas of Texas and Oklahoma. * In Texas, 33 counties have now been declared federal disaster areas, with the addition of Guadalupe, Henderson, Nueces, Van Zandt, Walker and Zavala counties on August 7, 2007.
FDIC Chairman Sheila C. Bair today commented on an agreement in principle that has been reached between The Federal Reserve, the Office of the Comptroller of the Currency, the Office of Thrift Supervision and the Federal Deposit Insurance Corporation regarding the implementation of Basel II in the United States. The agreement resolves major outstanding issues and will now lead to finalization of a rule implementing the advanced approaches for computing large banks' risk-based capital requirements.
The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in areas of Oklahoma and Texas that suffered major damage from storms and flooding that started in May and continued through June
The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in areas of Nebraska, Missouri and Kansas that suffered major damage from storms and flooding that started in May and have continued into early July
Fraudulent correspondence bearing the FDIC's name continues to be mailed, faxed and e-mailed. This correspondence is being used in illegal schemes to collect sensitive personal information, such as bank account numbers, and to steal money and other assets.
The Office of the Comptroller of the Currency reports fraudulent letters that appear to be faxed by the Federal Deposit Insurance Corporation are circulating to financial institutions worldwide.
The Financial Crimes Enforcement Network (FinCEN) has issued guidance to financial institutions to address law enforcement agency requests to keep open particular accounts.
The Financial Crimes Enforcement Network (FinCEN) has issued guidance reminding financial institutions to provide all documentation supporting the filing of a Suspicious Activity Report (SAR) upon request by FinCEN, appropriate law enforcement or a supervisory agency.
Starting July 9, 2007, the FDIC will provide participating state bank regulators access to the FDICconnect Examination File Exchange system.
FDIC Chairman Sheila C. Bair today issued the following statement about Treasury Secretary Henry Paulson’s Remarks on Protecting the Financial System and Effective Implementation of the Bank Secrecy Act at the offices of the Financial Crimes Enforcement Network (FinCEN)
Topics addressed in this issue include: A discussion of the risks associated with third-party relationships and the effect failure to manage those risks can have on a financial institution An overview of factors that have led to an increase in mortgage fraud, highlights of actual mortgage fraud cases in FDIC-insured institutions and mitigation steps t
How banks can manage risks associated with third-party arrangements for products and services is reported in the FDIC's summer 2007 issue of Supervisory Insights, released today. Other topics covered are the need for vigilance toward mortgage fraud, challenges in maintaining wind insurance, the electronic exchange of documentation in bank examinations, and recent decisions affecting the accounting for split-dollar life insurance.
The Financial Crimes Enforcement Network (FinCEN) has announced delayed implementation of the revised Suspicious Activity Report by Depository Institutions (SAR-DI) form. The revised form was scheduled to take effect on June 30, 2007, and become mandatory on December 31, 2007.
Statement Of Sheila C. Bair, Chairman, Federal Deposit Insurance Corporation on Improving Credit Card Consumer Protection: Recent Industry And Regulatory Initiatives before the Subcommittee On Financial Institutions and Consumer Credit of the Financial Services Committee,
Fraudulent letters that claim to be from the FDIC are being faxed to financial institutions. The letters request that the financial institution provide a copy of its certification of foreign correspondent accounts.
The following items were recently posted to the Federal Deposit Insurance Corporation’s (FDIC) Office of Inspector General (OIG) Web site: http://www.fdicig.gov/ under Publications. In cases where an OIG report includes sensitive or confidential information, the OIG may redact certain information in the report, and the report will be marked as such. In some instances because of the highly sensitive nature of the entire report, the OIG may not make the report publicly available and instead, a brief summary of the report is posted to the Web site.
The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in areas of South Dakota that suffered major damage from storms and flooding, which started on May 4, 2007.
The U.S. Departments of Treasury, Justice, and Homeland Security have jointly released the 2007 National Money Laundering Strategy, which responds directly to the first U.S. Money Laundering Threat Assessment, released in December 2005.
New technologies are constantly adding speed, convenience and flexibility to practically everything we do -- including how we bank and pay for goods and services. The latest FDIC Consumer News (Spring 2007), published by the Federal Deposit Insurance Corporation, features a look at some revolutionary new ways to conduct daily financial transactions using high-tech cards and cell phones, along with tips for choosing and using these services. Also in this issue: advice for adjustable-rate mortgage (ARM) borrowers that may help them avoid losing their home if they are unable to make monthly payments when the interest rate goes up, and tips for avoiding inappropriate or fraudulent investments. Speed Banking and Paying: The newsletter focuses on three new forms of technology that can make paying and banking faster and easier -- cards with a pre-loaded value, such as gift cards for purchases at stores and pre-paid debit cards for use at businesses as
The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in Kiowa County, Kansas, which suffered major damage from tornadoes on May 4, 2007.
Summary: The Wolfsberg Group and The Clearing House Association L.L.C. have issued the attached joint statement endorsing measures to enhance the transparency of international wire transfers. Financial Institution Letter FIL-37-2007 Highlights: To promote the effectiveness of global anti-money laundering and anti-terrorist financing programs, The Wolfsberg Group and The Clearing House Association L.L.C. have announced a statement for change in international wire transfer practices.
Letters fraudulently claiming to be from the FDIC are requesting that financial institutions deposit official or cashier's checks into customer accounts.
The Federal Deposit Insurance Corporation (FDIC) has become aware of letters that appear to be sent from the FDIC to financial institutions in the United States and other countries. The letters instruct the financial institution to deposit an enclosed official or cashier's check into a customer's account. The letters include "DEPOSIT ACCLERATION" directly below the letterhead and display the forged signatures of "Sandra L. Thompson, Director" and "Christopher J. Spoth, Acting Director 2." The letters are fraudulent and were not sent by the FDIC.
The Federal Deposit Insurance Corporation (FDIC), a participant in the government-wide Identity Theft Task Force, will provide a direct link to the new, centralized government Web site on identity theft.
The new site, www.idtheft.gov, was launched today. Initially, the site will provide the Task Force's Strategic Plan. The Plan, which represents the input of 17 Federal agencies, including the FDIC, sets out recommendations to prevent identity theft, to assist identity theft victims in recovering from those crimes, and to prosecute and punish identity theft-related criminals. The Plan will be made public today. The taskforce was created on May 10, 2006, by Executive Order to strengthen Federal efforts to protect against identity theft.
For more information on the site, you can visit either www.idtheft.gov or www.fdic.gov.
The Federal Deposit Insurance Corporation (FDIC) has announced a series of steps intended to provide regulatory relief to financial institutions and to facilitate recovery in counties most affected by recent severe storms and tornadoes in eastern New Mexico. Highlights:
* Severe storms and tornadoes that occurred on March 23 and 24 have resulted in significant damage in Curry County and Quay County, New Mexico.
* Curry County and Quay Country were declared Federal Disaster Areas on April 2.
* The FDIC is encouraging banks to work constructively with borrowers who are experiencing difficulties beyond their control because of damage caused by the storms.
* Extending repayment terms, restructuring existing loans or easing terms for new loans, if done in a manner consistent with sound banking practices, can contribute to the health of the community and serve the long-term interests of the lending institution.
* The FDIC will also consider regulatory relief from certain filing and publishing requirements for banks in the affected areas.
Summary: The FDIC, the other federal financial institution regulatory agencies, the Securities and Exchange Commission, the Federal Trade Commission, and the Commodity Futures Trading Commission (the agencies) have jointly published the attached Notice of Proposed Rulemaking (NPR) seeking comment on a model privacy form that financial institutions could use to satisfy the privacy notice requirements of the Gramm-Leach-Bliley Act (GLBA). The proposed privacy form would also provide consumers with the opportunity to limit certain information-sharing practices, as permitted by the GLBA and the Fair Credit Reporting Act. Comments on the proposed rule are due by May 29, 2007.
Identity theft is fraud committed or attempted by using the identifying information of another person without his or her authority. Identifying information may include such things as a Social Security number, account number, date of birth, driver's license number, passport number, biometric data and other unique electronic identification numbers or codes. As more financial transactions are done electronically and remotely, and as more sensitive information is stored in electronic form, the opportunities for identity theft have increased significantly. 1 This policy statement describes the characteristics of identity theft and emphasizes the FDIC's well-defined expectations that institutions under its supervision detect, prevent and mitigate the effects of identity theft in order to protect consumers and help ensure safe and sound operations.
The federal bank and thrift agencies on Tuesday requested public comment on proposed interim rules expanding the range of small institutions eligible for an extended 18-month on-site examination cycle. The proposed interim rules allow well-capitalized and well-managed banks and savings associations with up to $500 million in total assets and a composite CAMELS rating of 1 or 2 to qualify for an 18-month (rather than a 12-month) on-site examination cycle. Until recently, only institutions with less than $250 million in total assets could qualify for an extended 18-month on-site examination cycle. The proposed interim rules also revise the provisions governing the on-site examination cycle for the U.S. branches and agencies of foreign banks.
Highlights: - Severe thunderstorms and tornadoes have resulted in significant damage in Sumter County, Georgia, and Coffee County, Alabama. - The FDIC is encouraging banks to work constructively with borrowers who are experiencing difficulties beyond their control because of damage caused by the storms. - Extending repayment terms, restructuring existing loans or easing terms for new loans, if done in a manner consistent with sound banking practices, can contribute to the health of the community and serve the long-term interests of the lending institution. - The FDIC will also consider regulatory relief from certain filing and publishing requirements.
The Financial Crimes Enforcement Network (FinCEN) and the federal banking agencies announced Thursday that the format for the Suspicious Activity Report by Depository Institutions (SAR-DI) has been revised to support a new joint filing initiative, which will reduce the number of duplicate SARs filed for a single suspicious transaction. The revisions are the result of a joint effort by FinCEN and the federal banking agencies.
Eight federal regulators on Wednesday released a notice of proposed rulemaking (NPR) requesting comment on a model privacy form that financial institutions can use for their privacy notices to consumers required by the Gramm-Leach-Bliley Act (GLB Act). The privacy notices must describe an institution's information sharing practices, and, for certain types of sharing, consumers have the right to opt out. The notices must be provided when a consumer first becomes a customer of a financial institution and then annually for as long as the customer relationship lasts. Last October, President Bush signed into law the Financial Services Regulatory Relief Act of 2006, amending the GLB Act to require the agencies to propose a model form that is succinct and comprehensible to consumers, allows consumers easily to compare privacy practices of financial institutions, and uses easily readable type font.
The OCC, Board, FDIC, OTS, NCUA, FTC, CFTC, and SEC (the Agencies) are proposing amendments to their rules that implement the privacy provisions of the Gramm-Leach-Bliley Act (GLB Act), Title V, Subtitle A. These rules require financial institutions to provide initial and annual privacy notices to their customers. As required under Section 728 of the Financial Services Regulatory Relief Act of 2006 (Regulatory Relief Act or Act), the Agencies are proposing a safe harbor model privacy form that financial institutions may use to provide disclosures under the privacy rules.
Summary: The federal bank and thrift regulatory agencies are seeking comment on the attached proposed guidance describing current agency expectations for banking organizations that would adopt the Advanced Internal Ratings-Based Approach (IRB) for credit risk and the Advanced Measurement Approaches (AMA) for operational risk under the proposed new Basel II capital framework. The proposed guidance also establishes the process for supervisory review and the implementation of the capital adequacy assessment process under Pillar 2 of the Basel II framework. The FDIC will accept comments on the proposed guidance through May 29, 2007.
The Federal Deposit Insurance Corporation (FDIC) recognizes the serious impact of the recent severe storms and tornadoes in central Florida on the operations of financial institutions and will provide regulatory assistance to institutions subject to its supervision. These initiatives are being taken to provide regulatory relief and facilitate recovery. The FDIC encourages depository institutions in the affected disaster areas to meet the financial service needs of their communities.
E-mails fraudulently claiming to be from the FDIC or VeriSign, Inc. are attempting to deceive financial institutions in to installing unknown software on their computer networks. The Federal Deposit Insurance Corporation (FDIC) has become aware of e-mails that appear to be sent from the FDIC or VeriSign, Inc. and ask recipients to run a "security guard script" to secure Web sites. Currently, the e-mails are purportedly from "FDIC Legal Information Technology," "FDIC Information Security," or "Verisign Inc." and the subject lines include the phrase "Regular Security Maintenance" or "Regular Hosting Security Maintenance." The e-mails are fraudulent and were not sent by the FDIC or VeriSign, Inc.
The federal bank and thrift regulatory agencies on Thursday announced that they will seek public comment on three proposed supervisory guidance documents related to the September 2006 notice of proposed rulemaking (NPR) on new risk-based capital requirements in the United States for large, internationally active banking organizations. The September 2006 NPR detailed the agencies' proposal for implementing the new capital framework issued by the Basel Committee on Banking Supervision in 2004 (Basel II). The proposed U.S. Basel II capital framework would be mandatory for large, internationally active U.S. banking organizations and optional for other institutions. The Basel II NPR includes requirements that banking organizations would need to satisfy to calculate their risk-based capital under the proposed new capital framework. The proposed supervisory guidance provides information to assist bankers, as well as supervisors, in addressing the Basel II qualification requirements.
The federal financial regulatory agencies have jointly issued the attached reminder of Supervisory Guidance for Financial Institutions Affected by Hurricane Katrina (Katrina Guidance Reminder). The Katrina Guidance Reminder reemphasizes that working constructively with borrowers is in the long-term best interest of both the financial institution and the customer. Highlights: The Katrina Guidance Reminder recognizes that many communities and families may need an extended period of time to recover from the unprecedented magnitude of the devastation caused by Hurricane Katrina.
The FDIC is notifying FDIC-supervised banks of the attached joint proposed rulemaking by the Securities and Exchange Commission (SEC) and the Board of Governors of the Federal Reserve System that would implement the statutory exceptions from the definition of "broker" contained in the Gramm-Leach-Bliley Act (GLBA). The proposed regulation was drafted in consultation with the FDIC, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision, and is designed to protect investors in a manner that does not unduly disrupt current bank business practices. Comments are due to the SEC or the Federal Reserve by March 26, 2007.
Summary: The FDIC has revised its Compliance Examination Handbook. The new handbook contains the FDIC's compliance examination policies and procedures in effect as of June 2006. It also includes revised Community Reinvestment Act (CRA) examination procedures and performance evaluations. The handbook will be available in electronic format only and can be accessed on the FDIC's Web site at http://www.fdic.gov/regulations/compliance/handbook/index.html.
The Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) has prepared an assessment of mortgage loan fraud, which it based on its analysis of Suspicious Activity Reports (SARs). Financial institutions offering mortgage loan products may find the assessment useful. The assessment, entitled "Mortgage Loan Fraud," is available on FinCEN's Web site at http://www.fincen.gov/mortage_fraud.html.
Summary: The FDIC, along with the other federal banking agencies and the Securities and Exchange Commission, is issuing the attached final Interagency Statement on Sound Practices Concerning Elevated Risk Complex Structured Finance Activities (Final Statement). The Final Statement describes the types of internal controls and risk-management policies and procedures that the agencies have found to be useful in identifying, managing and addressing the potentially heightened legal or reputational risks that may arise from certain complex structured finance transactions.
How a financial institution can create an effective incident response program to mitigate a data security breach is reported in the FDIC's winter 2006 edition of Supervisory Insights, released today. Other topics covered in today's edition are: an update on CRE lending nationwide, with a look at best practices in CRE concentrations, particularly for identifying, monitoring and controlling risk in this lending area; the increasing number of unfair or deceptive acts or practices, and how examiners identify and address those violations; and highlights of recent USA PATRIOT Act changes and the types of Bank Secrecy Act (BSA)-related violations that examiners are citing.
The FDIC Board of Directors has approved the attached final rule to amend Part 327 of the FDIC Rules and Regulations. The amendments are being made simultaneously with amendments implementing the Federal Deposit Insurance Reform Act of 2005, and are intended to make the deposit insurance assessment system react more quickly and more accurately to changes in institutions' risk profiles and to ameliorate several causes for complaint by insured depository institutions. The final rule takes effect on January 1, 2007.
The Federal Deposit Insurance Corporation (FDIC) today adopted final regulations that implement the Federal Deposit Insurance Reform Act of 2005 passed by Congress earlier this year to create a stronger and more stable insurance system. Among the final regulations is a new rule on the risk-based assessment system that will enable the FDIC to more closely tie each bank's premiums to the risk it poses to the deposit insurance fund. In addition, the FDIC has new flexibility to manage the deposit insurance fund's reserve ratio within a range, which in turn will help prevent sharp swings in assessment rates that were possible under the design of the former system. "Throughout the FDIC's push for deposit insurance reform, our goals have been to provide for long-term stability and less procyclicality in the deposit insurance system," said FDIC Chairman Sheila C. Bair. "This new system will enable the FDIC to achieve our goals, and also will add incentives for good risk management at insured institutions."
FDIC Chairman Sheila C. Bair announced today that Sandra L. Thompson has been named Director of the Federal Deposit Insurance Corporation's Division of Supervision and Consumer Protection (DSC). In addition, Christopher J. Spoth has been named Senior Deputy Director, Supervisory Examinations; and John Lane will assume leadership of a newly created unit dedicated to large, complex financial institutions. "I am very pleased to make this announcement today," said Chairman Bair. "Sandra Thompson has repeatedly demonstrated her strengths and capability as a senior FDIC executive. Since she was named Acting Director of DSC in February of this year, she has shown exceptional leadership skills and vision. I am confident she will ensure the FDIC continues to fulfill its supervision and consumer protection mandates. Chris and John have also proven themselves to be effective leaders with many years of supervisory experience. Working under Sandra's leadership, they will continue the proud tradition of the FDIC examination corps for excellence and professionalism."
FDIC Chairman Sheila C. Bair today announced the appointment of Jesse O. Villarreal, Jr., as her Chief of Staff, effective October 24, 2006. As Chief of Staff, Mr. Villarreal will oversee all of the day-to-day operations of the Chairman's office. "I am very pleased that Jesse has agreed to serve as my Chief of Staff," said Chairman Bair. "Jesse has served with distinction throughout his career, most recently as Senior Advisor to the Assistant Secretary for Financial Markets at the Department of the Treasury. During my tenure as Assistant Secretary for Financial Institutions at Treasury, Jesse served as my Special Assistant. So I am well aware of his strong leadership skills, sound judgment and extensive government experience, particularly in the financial services field. With these attributes, Jesse will certainly be a valuable asset to me and to our entire management team."
The Federal Deposit Insurance Corporation (FDIC) has become aware of fraudulent e-mails appearing to be from the FDIC. The e-mails ask recipients to click on a hyperlink titled "Take the Corrective Action – Implement the LinkBank System." When accessed, the hyperlink takes the individual to a "spoofed" FDIC Web page. At that point, the individual is directed to provide online banking information, including bank name, username, and password. The fraudulent e-mails appear in "memo format" and are purportedly from "Russell A. Rau, Assistant Inspector General for Audits." The e-mails include a "Subject" line that states: "Division of Supervision and Consumer Protection's Risk-Focused Compliance Examination Process for [recipient's name inserted] (Report No. 05-038)."
The Federal Deposit Insurance Corporation (FDIC) has announced that it will hold its next symposia on the importance of consumer confidence in e-commerce on October 5th in Mesa, Arizona, and on October 25th in Miami Beach, Florida. The half-day meetings will bring together experts from government and the private sector to discuss ways to combat online identity theft and help maintain public confidence in e-commerce. Opening the October 5th meeting will be keynote speaker Kelvin Boston, financial journalist, author and entrepreneur, and host of PBS's Moneywise with Kelvin Boston. Mr. Boston will provide an overview of the challenges and opportunities that businesses and consumers face in e-commerce. Panel discussions will follow with topics that include: Ensuring Integrity in Payment Systems; Building Confidence by Managing Risk in E-Commerce; and Consumer Rights and Resources in an E-Commerce World.
Statement of Sheila C. Bair Chairman Federal Deposit Insurance Corporation on the Interagency Proposal Regarding the Basel Capital Accord; before the Committee on Banking, Housing and Urban Affairs; U.S. Senate; 10:00 A.M.; Room 538, Dirksen Senate Office Building September 26, 2006 Chairman Shelby, Senator Sarbanes and members of the Committee, I appreciate the opportunity to testify on behalf of the Federal Deposit Insurance Corporation (FDIC) concerning the Basel II international capital accord. The U.S. banking system is a network of institutions that are highly leveraged and whose financial health bears directly on the health of our broader economy. Significant problems or a lack of financial flexibility at many small banks, or at one or more large systemically important banks, can have contagion effects that impose significant costs on the deposit insurance funds and the overall economy.
Summary: The federal bank and thrift regulatory agencies have jointly issued the attached notice of proposed rulemaking (NPR) on possible modifications to the risk-based capital standards for market risk. The proposed rule would incorporate improvements to the current trading book regime as proposed by the Basel Committee on Bank Supervision and the International Organization of Securities Commissions in the joint document The Application of Basel II to Trading Activities and the Treatment of Double Default Effects, published in July 2005. The proposed rule would also apply to certain savings associations, which currently are not covered under the rule. The FDIC will accept comments on the NPR through January 23, 2007. Highlights:
- Applies to banks with aggregate trading assets and liabilities equal to 10 percent or more of quarter-end total assets as reported on the most recent quarterly Call Report or Thrift Financial Report, or equal to $1 billion or more.
Summary: The federal bank and thrift regulatory agencies have jointly issued and are seeking comment on the attached notice of proposed rulemaking (NPR) concerning the domestic application of selected elements of the Basel II capital framework. The proposed rule would require some core banks, and permit other banks, to use an internal ratings-based approach to calculate regulatory credit risk capital requirements and an advanced measurement approach to calculate regulatory operational risk capital requirements. The FDIC will accept comments on the proposal through January 23, 2007. Highlights: In the attached NPR, the agencies: - Propose to apply the rule to banking organizations that (i) have consolidated assets equal to $250 billion or more; (ii) have consolidated total on-balance sheet foreign exposures of $10 billion or more; (iii) elect to use the proposed rule; or (iv) are subsidiaries of a bank or bank holding company that uses the proposed rule.
E-mails fraudulently claiming to be from the FDIC are attempting to trick recipients into installing unknown software on personal computers. These e-mails falsely indicate that recipients should install software that was developed by the FDIC and other agencies. The software may be a form of spyware or malicious code and may collect personal or confidential information. The Federal Deposit Insurance Corporation (FDIC) is aware of e-mails appearing to be sent from the FDIC that are asking recipients to install unknown software on personal computers. Currently, the subject line of the e-mail includes the phrase "Urgent Notification - Security Reminder." The e-mail is fraudulent and was not sent by the FDIC.
The federal bank and thrift regulatory agencies announced today that they will request public comment on a notice of proposed rulemaking (NPR) that would implement new risk-based capital requirements in the United States for large, internationally active banking organizations. The NPR details the agencies' plans for implementing the Basel Committee on Banking Supervision's (BCBS) new capital accord (Basel II) that was issued in 2004. The agencies also will request comment on proposed Basel II supervisory reporting templates. The Federal Reserve Board (Board), the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC) and the Office of Thrift Supervision (OTS) first adopted risk-based capital standards in 1989. Those standards were based on the Basel Capital Accord that the BCBS originally issued in 1988 (Basel I). For banking organizations that meet qualifying criteria, the Basel II NPR would replace U.S. rules implementing Basel I. The proposed framework would be mandatory for large, internationally active banking organizations and optional for others.
The FDIC is enhancing the protection of examination information and other sensitive data, and has issued updated procedures to its examination staff on safeguarding this information. Highlights: The updated procedures provide additional protection to bank data that may be sensitive as defined by the Gramm-Leach-Bliley Act. The procedures specify minimum standards for the technical, physical and administrative safeguards used to protect examination information. The procedures provide guidance for the implementation of an Information Security Incident Response Program.
E-mails to financial institution customers that fraudulently claim to be from the FDIC attempt to obtain highly sensitive personal information, including bank account information. These e-mails falsely indicate that consumers can enroll in an "FDIC protection system" to insure bank accounts against certain types of fraudulent activities. The Federal Deposit Insurance Corporation (FDIC) has received numerous notifications from consumers of an e-mail that has the appearance of being sent from the FDIC. The "From" line of the e-mail displays the name "Federal Deposit Insurance Corporation" and the subject includes the phrase "IMPORTANT: Notification of Federal Deposit Insurance Corporation."
The FDIC Board of Directors is seeking comment on the three attached proposed rules. The first proposed rule would create a new system for risk-based assessments. The second proposed rule would set the designated reserve ratio (DRR) at 1.25 percent. The third proposed rule would govern the penalties for failure to pay assessments. The Federal Deposit Insurance Reform Act of 2005 requires the FDIC to prescribe final regulations by November 5, 2006. Comments on the first two proposed rules are due by September 22, 2006; comments on the third rule are due by September 18, 2006. Assessments Risk Categories: The FDIC proposes to consolidate the existing nine assessment rate categories into four. Small well-capitalized, well-managed institutions: The FDIC proposes to combine CAMELS component ratings with current financial ratios to determine assessment rates applicable to a small well-capitalized, well-managed institution.
The FDIC Board of Directors has approved the attached notice of proposed rulemaking to replace the two separate official FDIC signs - one for insured banks, and the other for insured savings associations - with one new official sign that all FDIC-insured depository institutions would be required to display where deposits are received. The notice of proposed rulemaking would also require both banks and savings associations to use the official advertising statement ("Member FDIC") in advertisements that specifically promote deposit products and services or generally promote banking services. The proposed rulemaking would revise Part 328 of the FDIC Rules and Regulations, which governs official FDIC signs and advertising of FDIC membership. Comments on these proposals and related matters are due by September 15, 2006.
The FDIC's Board of Directors today approved for public comment two proposed rules governing deposit insurance assessments under the Federal Deposit Insurance Reform Act of 2005. One proposal would create a new system that would more closely tie what banks pay for deposit insurance to the risks they pose. It also would adopt a new base schedule of rates that the FDIC Board could adjust up or down, depending upon the revenue needs of the insurance fund. The second proposal issued today would continue to set the designated reserve ratio (DRR) for the fund at 1.25 percent of estimated insured deposits. "The proposed new system of risk-based assessments would allow the FDIC to adhere more closely to sound insurance principles because the safer an institution is, the less it will pay for deposit insurance," said FDIC Chairman Sheila Bair. "We hope that most FDIC-insured institutions will find our proposals reasonable and fair, and we look forward to receiving comments."
"Operational risk management" increasingly viewed as distinct discipline due to growing complexity of the industry, recent large operational losses The increasing importance of banks' "operational risk management" (ORM) processes and how ORM is evolving as a distinct discipline are highlighted in the FDIC's summer 2006 issue of Supervisory Insights released today. Other topics covered include disaster planning for banks, with a look back at some of the challenges banks faced during the hurricane seasons of 2004 and 2005, and enforcement actions taken against individuals in 2005, with a particular focus on bank losses resulting from insider misconduct or fraud.
The tenth (May 2006) issue of The SAR Activity Review – Trends, Tips, & Issues, published by the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), is now available. Highlights: - On May 31, 2006, FinCEN released the tenth edition of The SAR Activity Review – Trends, Tips & Issues. This issue focuses on the money services business (MSB) industry. - Article topics include the use of Suspicious Activity Reports (SARs) to detect unregistered MSBs and guidance on registration and deregistration of a business as an MSB. - This issue also identifies current trends in mortgage loan fraud, as well as filing activity and detection of unlicensed/unregistered MSBs.
Sheila C. Bair was sworn in today as the 19th Chairman of the Federal Deposit Insurance Corporation (FDIC). Martin J. Gruenberg, Vice Chairman of the FDIC, had served as Acting Chairman since Donald E. Powell resigned on November 15, 2005. "I am pleased to be joining the FDIC at such an important time. There are many critical issues facing the agency – from implementation of deposit insurance reform to our ongoing work on Basel II and IA," said Chairman Bair. "I've spent most of my career in the financial services arena, focusing on the banking sector in recent years, so I am very familiar with the FDIC's important work. I am looking forward to the challenges that lie ahead, and working closely with our highly experienced Board and excellent staff.
Financial institutions have traditionally used domestic third-party service providers to handle their technology, data processing and other needs, such as call center services. However, with increasing frequency, institutions have been presented with opportunities to enter into contractual arrangements with foreign-based third-party service providers (FBTSPs) to fulfill those needs. Moreover, U.S.-based third-party service providers are subcontracting substantial portions of their operations to entities located outside of the United States. In its 2004 study of offshore outsourcing of data services to identify both consumer and safety and soundness risks associated with offshore data processing,[1] the FDIC learned that financial institutions may be unaware of such subcontracting arrangements or, if they are aware, are not adequately monitoring the relationship. The increased use of FBTSPs by U.S. financial institutions and U.S. third-party service providers is due, in large part, to the potential cost savings that are achievable as low-wage, yet highly qualified, labor pools are tapped in foreign countries. However, as with any sound business decision, financial institutions cannot accept the benefits while ignoring the potential risks.
The Federal Emergency Management Agency (FEMA) has issued the attached revised Standard Flood Hazard Determination Form, which includes a new Office of Management and Budget (OMB) control number and a revised expiration date of October 31, 2008. The form's format and content have not changed. The updated form must be used beginning July 1, 2006. Highlights: · FDIC-supervised banks must use FEMA's Standard Flood Hazard Determination Form when determining whether a building or mobile home offered as security for a loan will be located in a · Special Flood Hazard Area. This requirement is pursuant to the National Flood Insurance Reform Act of 1994 and FDIC regulations (12 CFR 339.6).
The FDIC received an award June 15 for its innovative use of technology to support employees who telecommute. The Telework Exchange, a public-private partnership focused on eliminating telework gridlock, recognized the FDIC with a 2006 Telework Exchange Tele-Vision Award. The award was conferred in the category of Innovative Application of Technology to Support Telework. The FDIC provides an array of remote access services to support its telecommuting and mobile users. Services include a Remote Client Network (RCN), a Virtual Private Network (VPN) and a dial-up service. A recent addition to the FDIC's services is a "token" employees can use with any computer that has Internet access and a Web browser. This service—the Web Enabled Remote Client Network (WebRCN)—provides employees with secure access to commonly used software applications from their home computers, FDIC-issued laptop computers, conference computer-cafes and cybercafés. The token generates random alphanumeric passwords each time the device is turned on—a password is good for one logon. This feature enables virtually every eligible FDIC employee with access to a computer to participate in the FDIC's Telework Program.
Preparing Your Institution for a Catastrophic Event The member agencies of the Federal Financial Institutions Examination Council (FFIEC) and the Conference of State Bank Supervisors today announced the release of LESSONS LEARNED FROM HURRICANE KATRINA: Preparing Your Institution for a Catastrophic Event. The booklet relays financial institutions' experiences and lessons learned in the aftermath of Hurricane Katrina that other institutions may find helpful in considering their readiness for a catastrophic event.
FDIC Consumer Call Centers in Kansas City, Missouri, and Washington, D.C., have begun receiving a large number of complaints by consumers who received an e-mail that has the appearance of being sent from the FDIC. The e-mail informs the recipient that Department of Homeland Security Director Tom Ridge has advised the FDIC to suspend all deposit insurance on the recipient’s bank account due to suspected violations of the USA PATRIOT Act. The e-mail further indicates that deposit insurance will be suspended until personal identity, including bank account information, can be verified. This e-mail was not sent by the FDIC and is a fraudulent attempt to obtain personal information from consumers. Financial institutions and consumers should NOT access the link provided within the body of the e-mail and should NOT under any circumstances provide any personal information through this media.
The FDIC insures bank and savings association deposits to help ensure stability and public confidence in the U.S. financial system. The deposit insurance funds must remain viable so that adequate funds are available to protect insured depositors if an institution fails. When an insured institution fails, the FDIC is responsible for ensuring that the institution's customers have timely access to their insured deposits.
The Federal Financial Institutions Examination Council (FFIEC) Task Force on Consumer Compliance has approved the attached examination procedures to assess compliance with the medical information regulations that became effective on April 1, 2006. The regulations implement the Protection of Medical Information provisions of the Fair Credit Reporting Act (FCRA), as amended by the Fair and Accurate Credit Transactions Act of 2003 (FACT Act). The new procedures are effective with the issuance of this FIL. Highlights: - The attached examination procedures for the medical information regulations are the first in a series of amendments to FCRA examination procedures that were released with FIL-18-2006 on February 22, 2006.
Richard W. Hartt has been named Deputy Director of the Federal Deposit Insurance Corporation's (FDIC) Division of Information Technology (DIT). Mr. Hartt will head the division's Enterprise Technology Branch. "Rick has an extensive background in all areas of information technology, including strategic planning, enterprise architecture, data architecture, and performance measurement," said Michael Bartell, CIO and DIT Director. "Rick brings significant experience to the FDIC and the IT division and I am excited to have him on our executive team."
On May 22, 2006, the U.S. Department of Veteran Affairs (VA) published a notice that electronic data on approximately 26.5 million veterans and some spouses may have been compromised. The VA is working with law enforcement, Congress, the media, veteran services, and other government agencies to ensure that veterans and their families are protected against potential misuse of that data. Please refer to the VA Web site at www.va.gov for additional information on this security incident. While no specific fraud related to the VA incident has been detected, the growing trend of data breaches occurring in both the private and public sectors raises concerns that personal information may be used to commit identity theft. The FDIC, as a member of the President's Identity Theft Task Force, urges financial institutions to be vigilant against the misuse of personal information for both new and existing customers. Additionally, financial institutions have an obligation to verify the identity of persons seeking to open new accounts and to safeguard customer information against unauthorized access or use.
In a speech today before the Conference of State Bank Supervisors in Norfolk, Virginia, Federal Deposit Insurance Corporation Acting Chairman Martin Gruenberg outlined overall capital objectives contained in the proposed rule for proceeding with Basel II in the U.S. Basel II is a new, international standard for the way the largest banks calculate their capital levels. "Basel II was intended to bring about technical improvements in the risk-sensitivity of bank capital in the United States while broadly maintaining the overall level of risk-based capital requirements," Acting Chairman Gruenberg told the group. "I think those are both worthy goals, and the achievement of both goals is essential for the safety and soundness of the U.S. banking system."
The FDIC Board of Directors is seeking comment on the attached three proposed rules governing deposit insurance assessments under the Deposit Insurance Reform Act of 2005. The proposed rules would implement a one-time assessment credit, dividends, and procedural and operational changes to the assessment regulations. The Reform Act requires the FDIC to prescribe the credit and dividend regulations by November 5, 2006. Comments on the three proposed rules are due by July 17, 2006. Highlights: - One-Time Assessment Credit: The Reform Act mandates a one-time assessment credit of approximately $4.7 billion to be allocated to each "eligible insured depository institution" or its "successor" to acknowledge contributions by institutions to build up the Bank Insurance Fund (BIF) and the Savings Association Insurance Fund (SAIF). The first proposed rule would define "successor" as the resulting institution in a merger or consolidation involving an institution that was eligible for the one-time credit. The proposed rule also seeks comment on alternative definitions of successor. The FDIC has developed a Web-based search tool, accessible through www.fdic.gov/deposit/insurance/reform.html, which allows an institution to find its preliminary estimated one-time assessment credit amount based on the notice of proposed rulemaking.
While most people have a pretty good idea about how FDIC insurance works, a surprisingly large number of consumers have potentially costly misconceptions. The biggest concern: Some depositors who believe that their funds are fully insured may inadvertently have some money over the insurance limits and risk losing that portion if their bank fails. The Spring 2006 FDIC Consumer News, published by the Federal Deposit Insurance Corporation, offers a guide to understanding FDIC insurance coverage and making sure that all of a family's accounts are fully protected. It features: The "Top 10" misconceptions about FDIC insurance. The Number 1 fallacy: The most a consumer can have insured is $100,000. In fact, a person may qualify for more than $100,000 in coverage at each insured bank if the funds are deposited in different "ownership categories," such as individual accounts, joint accounts, and certain trust and retirement accounts. Depending on the circumstances, a family of four could have well over $1 million in deposit insurance coverage at the same bank -- and that coverage is separate from what is FDIC-insured at any other institution.
The FDIC, along with the other federal banking agencies and the Securities and Exchange Commission, is issuing the attached statement for public comment. The statement informs financial institutions of the internal controls and risk-management procedures that should be used to identify, manage and address the heightened legal or reputational risks that may arise from their involvement in certain complex structured finance transactions. The FDIC will accept comments on this statement through June 15, 2006. Highlights: The attached interagency statement: - Focuses on complex structured finance transactions entered into by institutions when the transactions > circumvent regulatory or financial reporting requirements or > evade tax liabilities or involve other illegal and/or improper behavior
Fred S. Carns has been named Director of the FDIC's Office of International Affairs (OIA), replacing Michael Zamorski, who retired from the FDIC after 29 years of service. Mr. Carns will be responsible for coordinating the FDIC's international banking activities with a focus on building strong relationships with foreign regulators and deposit insurers, U.S. government entities and international organizations. OIA coordinates the FDIC's technical assistance and outreach activities that are provided to foreign entities in order to promote the development and maintenance of sound banking and deposit insurance systems.
Five federal agencies today requested public comment on a revised proposed statement on the complex structured finance activities of financial institutions. The revised statement describes the types of internal controls and risk management procedures that should help financial institutions identify, manage and address the heightened legal and reputational risks that may arise from certain complex structured finance transactions. The agencies have modified the revised statement in several important respects in light of the comments received on the original proposed statement, which was issued for comment on May 19, 2004. For example, the agencies have reorganized, streamlined and modified the statement to make the document more principles-based and focused on those complex structured finance transactions that may pose heightened levels of legal or reputational risk to a financial institution.
Pursuant to the provisions of the "Government in the Sunshine Act" (5 U.S.C. 552b), notice is hereby given that the Federal Deposit Insurance Corporation's Board of Directors will meet in open session at 2:00 p.m. on Tuesday, May 9, 2006, to consider the following matters: Summary Agenda: No substantive discussion of the following items is anticipated. These matters will be resolved with a single vote unless a member of the Board of Directors requests that an item be moved to the discussion agenda. - Disposition of minutes of previous Board of Directors' meetings. - Summary reports, status reports, and reports of actions taken pursuant to authority delegated by the Board of Directors. - Memorandum and resolution re: Interagency Statement on Sound Practices Concerning Elevated Risk Complex Structured Finance Activities.
Summary: The Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued the attached advisory to U.S. financial institutions to guard against potential money laundering threats involving the smuggling of bulk U.S. currency into Mexico and the possible abuse of their financial services by certain Mexican financial institutions, including Mexican "casas de cambio." Highlights: - On April 28, 2006, FinCEN issued the attached advisory to U.S. financial institutions about a potential money laundering threat concerning the smuggling of U.S. currency into Mexico and the potential misuse of relationships with U.S. financial institutions by certain Mexican financial institutions, including Mexican casas de cambio.
Summary: The Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) is seeking public comment on the attached Advance Notice of Proposed Rulemaking (ANPR) regarding the impact of Bank Secrecy Act (BSA) regulations on the ability of money services businesses (MSBs) to open and maintain accounts and obtain other banking services at banks and other depository institutions. Highlights: - FinCEN has issued the attached ANPR seeking comments from the public, MSBs, and the banking industry regarding the BSA's impact on MSBs ' ability to obtain appropriate access to banking services. - MSBs have experienced obstacles in opening and maintaining deposit accounts with banks.
FinCEN is soliciting updated facts about this issue as well as feedback on whether additional guidance or regulatory action under the BSA might address these concerns.
Summary: The Financial Crimes Enforcement Network (FinCEN) has issued the attached final rule extending, in part, the applicability dates for implementing the international correspondent banking provisions and the private banking provisions of Section 312 of the USA PATRIOT Act. Highlights: On January 4, 2006, FinCEN issued a final regulation implementing Section 312 of the USA PATRIOT Act. The final rule took effect on February 3, 2006, and superseded the interim final rule issued on July 23, 2002. The final rule requires U.S. financial institutions to apply due diligence to correspondent accounts maintained for certain foreign financial institutions and private banking accounts maintained for foreign individuals. Regarding correspondent banking, generally, the rule establishes the scope of U.S. financial institutions to which the rule applies and outlines general due diligence requirements to mitigate exposure to potential money-laundering activities.
Summary: The FDIC has issued revised compliance examination procedures that update the procedures issued in 2003. The new examination procedures incorporate banker feedback and results of internal reviews. Highlights:
- The FDIC also gathered information about how well the procedures were meeting its objectives. - These included focusing increased attention on a bank's compliance management system, and conducting more of the review process off-site, where appropriate. - Bankers were generally pleased with the revised procedures issued in 2003, particularly the focus on compliance management systems. However, they made several suggestions to improve the examination process while reducing burden. - As a result of banker input, the FDIC has made a number of changes to the compliance examination procedures. - Revised worksheets have been distributed to examiners to support the latest version of the compliance examination procedures.
As the nation's 76 million "baby boomers" (born between 1946 and 1964) enter their sixties, they will come face-to-face with the challenges of financing their retirement and will reshape U.S. markets for housing and financial services, according to the Spring 2006 issue of the FDIC Outlook. Taking the long view on forces shaping the financial services landscape, FDIC analysts report on how long-run demographic trends are affecting the funding of pension plans; how a large and relatively affluent baby boom generation is influencing the demand for housing; and how demographic shifts may also alter the mix of financial products and services offered by FDIC-insured institutions.
Beginning June 1, 2006, the Federal Deposit Insurance Corporation (FDIC) will change its primary method of distributing Special Alerts (SAs) to insured financial institutions from paper-copy delivery through the U.S. Postal Service to electronic delivery through the FDIC's free secure Web site, FDICconnect. The change is expected to provide institutions with a number of benefits, including: - An immediate e-mail notification that a SA has been issued. There will be no need for routine manual checks of FDICconnect to determine whether a new SA has been issued. - The immediate availability of the SA. Through the traditional mail system, receipt of the paper copy typically takes a week or longer. - Secure transmission of the SA attachments, which are often electronic copies of fraudulent and genuine instruments.
The FDIC, the other federal financial institution regulatory agencies and the Federal Trade Commission have jointly published the attached Advance Notice of Proposed Rulemaking (ANPR) inviting comment to gather information that is useful for developing guidelines and regulations to implement section 312 of the Fair and Accurate Credit Transactions Act (FACT Act). Comments are due by May 22, 2006. The Fair Credit Reporting Act (FCRA) contains a number of provisions designed to enhance the accuracy and integrity of data in consumer reports. In 2003, the FCRA was amended by the FACT Act to, among other things, enhance the ability of consumers to combat identity theft and increase the accuracy of consumer reports. Section 312 of the FACT Act requires the federal financial institution regulatory agencies and the Federal Trade Commission to issue guidelines and regulations concerning the accuracy and integrity of information furnished to credit bureaus.
The FDIC established and implemented C&A policies, procedures, and practices that were satisfactory and consistent with federal standards and guidelines. The FDIC continued to build its C&A program during 2005 in response to evolving National Institute of Standards and Technology guidance, and additional improvements were underway at the close of our field work. Further, the FDIC had undertaken action to address certain C&A-related matters previously identified in the OIG’s September 2005 security evaluation report required by FISMA. The FDIC can further strengthen its C&A program by: - enhancing system sensitivity assessment guidance to describe how final security categorizations are determined; - ensuring that application security plans adequately describe how common security controls and general support systems critical to the security of the application are considered in the application's C&A; - ensuring the cost-benefit of alternative control solutions for reducing or eliminating vulnerabilities; - enhancing written procedures for defining the nature and scope of testing, managing system-level plans of action and milestones, accepting risks associated with system security weaknesses, and issuing interim systems authorizations; and - establishing formal milestone reviews at key points in the C&A process to ensure that critical documentation is current, accurate, and complete. These program enhancements will provide FDIC management with greater assurance that system security risks are effectively managed and that C&A practices are consistently applied throughout the Corporation. We also performed benchmarking with other federal agencies and included the results in this report.
This report presents the results of our audit of the FDIC’s consideration of risk in determining the deposit insurance premiums paid to the Bank Insurance Fund (BIF) and the Savings Association Insurance Fund (SAIF). To assess semiannual premiums on financial institutions, the FDIC uses the Risk-Related Premium System (RRPS) and considers capital levels, safety and soundness examination results, and other pertinent information to assign insured institutions to one of three Capital Groups and to one of three Supervisory Subgroups for the purpose of determining an insurance assessment risk classification | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
