Compliance - Part I Flashcards

Question 1

Q

How does the FDIC promote compliance? [II-1.1 Overview of Compliance Examinations]

Answer

A

The Federal Deposit Insurance Corporation (FDIC) promotes compliance with federal consumer protection laws, fair lending statutes and regulations, and the Community Reinvestment Act through supervisory and outreach programs.

Question 2

Q

What are the three types of supervisory activities that the FDIC conducts? [II-1.1 Overview of Compliance Examinations]

Answer

A

compliance examinations
visitations
investigations

Question 3

Q

What is the compliance examination review period scope? [II-1.1 Overview of Compliance Examinations]

Answer

A

The compliance examination review period or
scope typically covers bank activities conducted over a
discrete period of time from the start date of the prior
examination through the start date of the current examination.

Question 4

Q

Why does the FDIC conduct visitations? [II-1.1 Overview of Compliance Examinations]

Answer

A

The FDIC conducts visitations for a variety of reasons: to 1) review the compliance posture of newly-chartered institutions or those converting to state non-member status; 2) to review progress on corrective actions or compliance with an enforcement action in the interval between examinations; or 3) to investigate problems brought to the attention of the FDIC. Visitations are usually targeted events aimed at specific operational areas, or an entire compliance management system (CMS) previously identified as significantly deficient (within corrective action/compliance?) Compliance examinations and visitations may also be considered during the review of an application submitted to the FDIC (e.g., application for deposit insurance or establishing a branch).

Question 5

Q

When are investigations conducted? [II-1.1 Overview of Compliance Examinations]

Answer

A

Finally, investigations are conducted primarily to follow-up on particular consumer inquiries or complaints, including fair lending complaints.

Question 6

Q

What are the purposes of compliance examinations? [II-1.1 Overview of Compliance Examinations]

Answer

A

1) assess the quality of an FDIC-supervised institution’s CMS (see “Evaluating the Compliance Management System”) for
implementing federal consumer protection statutes and regulations;
2) • review compliance with relevant laws and regulations; and
3) • initiate effective supervisory action when elements of an institution’s CMS are deficient and/or when violations of
law are found.

Question 7

Q

What examination approach do FDIC compliance exams take? [II-1.1 Overview of Compliance Examinations]

Answer

A

Examination Approach FDIC compliance examinations blend 1) risk-focused and 2) process-oriented approaches. Risk-focusing involves using
information gathered about a financial institution to direct FDIC examiner resources to those operational areas where compliance errors present the greatest potential risks of having a negative impact on bank customers, resulting in consumer harm (See the Evaluating Impact of Consumer Harm section
of this manual at page II-2.1 for additional information.) Concentrating on the institution’s internal control
infrastructure and methods, or the “process” used to ensure compliance with federal consumer protection laws and regulations, both acknowledges that the ultimate responsibility for compliance rests with the institution and encourages examination efficiency.

Question 8

Q

What does risk-focusing involve? [II-1.1 Overview of Compliance Examinations]

Answer

A

Risk-focusing involves:
• developing a compliance risk profile for an institution using various sources of information about its products, services, markets, organizational structure, operations, and past supervisory performance;
• assessing the quality of an institution’s CMS in light of the inherent risks associated with the level and complexity of its business operations and product and service offerings; and (wouldn’t this be the process portion?)
• testing selected transactions based on risk such as when an operational area is determined to have a high risk of consumer harm and the institution’s compliance management efforts appear weak.

Question 9

Q

How is an institution’s CMS evaluated? [II-1.1 Overview of Compliance Examinations]

Answer

A

Compliance examinations start with a top-down, risk focused process to comprehensively analyze and review an institution’s CMS.

Question 10

Q

What factors does an examiner review when evaluating an institution’s CMS? [II-1.1 Overview of Compliance Examinations]

Answer

A

Board and management oversight:
-Oversight and commitment
-Change management
-Comprehension, identification, and management of risk
-Corrective action and self-identification

Compliance Program:
-Policies and Procedures
-Monitoring and or Audit
-Training
-Consumer Complaint Response
Third Party Relationship Program Management (never seen this before?)

Question 11

Q

What will examiners determine as a result of their evaluation of an institution’s CMS? [II-1.1 Overview of Compliance Examinations]

Answer

A

Based on the results of this review, the examiner may
conclude that weaknesses in the institution’s CMS may result in current or future noncompliance with federal consumer protection laws, regulations, or policy statements, thereby resulting in potential consumer harm. The examiner must determine, based on this analysis, whether transaction testing is warranted to further study particular risk in an entire operational area or regulation, or only a limited aspect of an area or regulation.

current or future non-compliance –> potential consumer harm –> TT –> overall operational area –> limited access of area of Reg

Question 12

Q

What do risk and process focused exams promote? [II-1.1 Overview of Compliance Examinations]

Answer

A

Managing the examination based on risk maximizes examiner efficiency and may reduce the on-site examination presence or examination timeframe, while emphasizing areas requiring elevated supervisory attention. By focusing on the CMS, examiners will be able to identify the root causes of deficiencies and suggest appropriate corrective actions designed to address the problem and prevent recurrence.

Question 13

Q

What must conclusions about a bank’s CMS be based on? [II-1.1 Overview of Compliance Examinations]

Answer

A

Conclusions about the adequacy of a bank’s CMS
must be based on the effectiveness of those elements that are in place, taken as a whole, for that bank’s particular operations.

For example, assume two institutions – a large, complex bank and a small, non-complex bank – each has a record of strong compliance with all regulations that apply to the products and services it offers. Because of the complex nature of its operations, the large bank’s CMS includes comprehensive external audits and formalized training from third-party
vendors. The smaller bank’s CMS includes no internal or external audits and no formalized training except for the compliance officer, who trains bank staff individually when needed. After reviewing all relevant material available, the examiner finds no significant deficiencies in the small bank’s
CMS and no reason to believe that the adoption of an audit function or formalized training is necessary to e ensure ongoing compliance. The examiner would not criticize the small bank for the absence of audit (or formal training). Nor should the examiner feel obliged to assign a higher rating to the larger bank simply because its CMS has more elements than the
smaller bank. This is because each bank has a CMS that is adequate for the compliance responsibilities that are incumbent upon it due to its operating environment.

Question 14

Q

What is the purpose of the CMS elements in the Manual? [II-1.1 Overview of Compliance Examinations]

Answer

A

The descriptions of CMS elements provided in the Manual will assist the examiner in evaluating the element if one exists and in suggesting content if he or she determines that management should consider adopting an element.

Question 15

Q

What is the role/importance of a compliance examiner? [II-1.1 Overview of Compliance Examinations]

Answer

A

Importance: Compliance examiners play a crucial role in the supervisory process. The compliance examination, and follow-up supervisory attention to an institution’s compliance program deficiencies and violations, helps to ensure that consumers and businesses obtain the benefits and protections afforded them under federal law. To this end, an examiner’s efforts should help the financial institution improve its compliance posture and prevent future violations.
Role:

-establish an examination scope focused on areas of highest consumer harm risk;
-evaluate an institution’s CMS;
-conduct transaction testing where risks intersect with
weaknesses in the CMS or uncertainties about aspects of that system; and
- report findings to the Board of Directors and management of the institution.

Question 16

Q

What are other expectations of examiners during the examination process? [II-1.1 Overview of Compliance Examinations]

Answer

A

take a reasoned, common sense approach to examining and use sound judgment when making decisions;
maintain ongoing communication with financial institution management throughout an examination;
assist an institution to help itself improve performance by providing management with sound recommendations for enhancing its CMS;
share experiences and knowledge of a successful CMS; and
provide guidance regarding the various consumer protection and fair lending laws and regulations.

Question 17

Q

What is the bank’s consumer compliance exam approach based on? [II-2.1 Evaluating Consumer Harm]

Answer

A

The FDIC has a risk-focused consumer compliance
examination approach, based on the potential for compliance errors to have an adverse impact on banking customers.

Question 18

Q

Why is the FDIC’s consumer compliance exam process risk-focused? [II-2.1 Evaluating Consumer Harm]

Answer

A

The FDIC’s consumer compliance examination process is risk focused based on the potential for consumer harm.

Question 19

Q

What is consumer harm? [II-2.1 Evaluating Consumer Harm]

Answer

A

“Consumer Harm” is an actual or potential injury or loss to a consumer, whether such injury or loss is economically quantifiable (e.g., overcharge) or non-quantifiable (e.g., discouragement).

Question 20

Q

What can lead to (actual or potential; economically quantifiable or not) consumer harm? [II-2.1 Evaluating Consumer Harm]

Answer

A

It may be caused by a financial institution’s violation of a federal consumer protection law or regulation directly or through a third party or reflects weaknesses in a financial institution’s compliance management system.

Question 21

Q

In what way can consumer harm occur? [II-2.1 Evaluating Consumer Harm]

Answer

A

-Quantifiable harm
-Non-quantifiable harm
-Potential harm (actual)

Question 22

Q

What is quantifiable consumer harm? [II-2.1 Evaluating Consumer Harm]

Answer

A

Economic harm to a consumer where the injury or loss can be measured.

i.e. pricing discretion

Question 23

Q

What is non-quantifiable consumer harm? [II-2.1 Evaluating Consumer Harm]

Answer

A

Injury or loss to the consumer that cannot be measured, or is very difficult to measure, yet the consumer may suffer some form of economic or other harm.

i.e. denied or discouraged applications

Question 24

Q

What is potential consumer harm? [II-2.1 Evaluating Consumer Harm]

Answer

A

Involves financial institution activities (or failure to take action) that create the possibility that a consumer may be harmed.

i.e. flood violations before a flood actually occured

Question 25

Q

What are some key points related to consumer harm? [II-2.1 Evaluating Consumer Harm]

Answer

A

Consumer harm is a broad concept and the examples provided here are not exhaustive. Among key points are that consumer harm is not limited to monetary loss, can be quantifiable or non-quantifiable, can be actual harm or potential harm, and may be caused by activities conducted through third-party relationships.

Question 26

Q

How is the FDIC’s mission best-served? [II-2.1 Evaluating Consumer Harm]

Answer

A

The FDIC’s mission of promoting public confidence in the financial system is best served through a supervisory approach focused on identifying, addressing, and preventing consumer harm

Question 27

Q

What are supervisory and examination activities driven by? [II-2.1 Evaluating Consumer Harm]

Answer

A

Supervisory and examination activities are
driven by a focus on identifying the inherent risk of
consumer harm that may occur in a financial institution’s
business activity

Question 28

Q

What is inherent risk (identified during the supervisory stage)? [II-2.1 Evaluating Consumer Harm]

Answer

A

Inherent risk is the compliance risk associated with product and service offerings, practices, or other activities that could directly or indirectly result in
significant consumer harm or noncompliance with
consumer protection rules and regulations. For example, a new loan product, a change to deposit account terms, or a third party relationship all represent inherent risk.

Question 29

Q

How do examiners address identified inherent risk? [II-2.1 Evaluating Consumer Harm]

Answer

A

When inherent risks of consumer harm are identified, examiners will ensure the institution takes appropriate action to address or mitigate these risks. Corrective action for violations of law and regulations should remediate consumer harm when it occurs and remove underlying incentives to engage in practices harmful to consumers. Where there is a violation of law or regulation, the extent and severity of consumer harm informs the type and scope of enforcement action sought to correct the violation.

Question 30

Q

How can management prevent (and examiners recommend that management prevent) [II-2.1 Evaluating Consumer Harm]

Answer

A

Mitigating factors are the strength of the compliance management system (CMS) to mitigate inherent risk. Examples of mitigating factors include strong management controls, effective training programs, and on-going monitoring efforts. Supervisory efforts should encourage institutions to have an effective CMS to avoid and mitigate risks of consumer harm. To support that effort, examination and other staff communicate information and best practices in a variety of settings to assist institutions in managing risks of consumer harm when conducting their business. Identifying, addressing, and preventing consumer harm is an important consideration in all examination and enforcement activities, as identified in the following diagram and discussed below.

Question 31

Q

What do the FDIC’s supervisory strategies do? [II-2.1 Evaluating Consumer Harm]

Answer

A

The FDIC’s supervisory strategies are designed to promote compliance with consumer protection laws and regulations in FDIC-supervised institutions.

Question 32

Q

What activities are used to implement supervisory strategies? [II-2.1 Evaluating Consumer Harm]

Answer

A

Activities used to implement FDIC supervisory strategies include examinations, targeted reviews, visitations, investigations, and offsite analysis of how
the bank manages its consumer compliance responsibilities. The timing and frequency of these activities can be adjusted based upon indications of risk of consumer harm, such as consumer complaints, referral from other divisions or agencies, changes in the institutions’ products, services, or markets, or
reliance on third parties to offer products and services to consumers. Supervisory strategies should be flexible to respond to indications of increasing or decreasing risk of consumer harm.

Question 33

Q

What does the risk-scoping process consider? [II-2.1 Evaluating Consumer Harm]

Answer

A

All applicable federal consumer compliance laws and
regulations are considered in connection with any bank compliance examination through the risk scoping process. However, the FDIC’s supervisory approach apportions resources to areas of higher risk for consumer harm rather than to uncovering technical issues in meeting regulatory requirements. This approach also results in the identification of
the most serious violations of federal consumer compliance laws and regulations during the examination. If financial institutions understand the potential for consumer harm and choose to develop and implement institution-specific plans, policies, and processes to prevent and mitigate consumer harm
based on their risk profiles, it may assist institutions in avoiding risk and promoting compliance with the federal consumer protection regulations.

Question 34

Q

What do examiners consider when identifying risks of consumer harm? [II-2.1 Evaluating Consumer Harm]

Answer

A

Examiners have several tools available to assist them in
identifying risks of consumer harm. Examiners evaluate risks of consumer harm through an analysis of an institution’s historical CMS, the products and services currently offered, the markets served, and existing and new third-party relationships.

Question 35

Q

What is the most critical aspect of properly evaluating an institution’s risk profile? [II-2.1 Evaluating Consumer Harm]

Answer

A

Examiner judgment is the most critical aspect of properly evaluating an institution’s risk profile. The FDIC’s approach tailors the examination to focus primarily on those areas that present the highest risk of consumer harm, as examiners are unable to review all aspects of an institution’s CMS at any given examination. The pre-examination planning process,
which includes review of the pre-exam questionnaire with bank management and preparation of the automated Compliance Information and Document Request (CIDR), guides examiners in requesting
the information necessary to identify areas of the greatest risk of potential consumer harm

Question 36

Q

What does inherent risk refer to? [II-2.1 Evaluating Consumer Harm]

Answer

A

Inherent risk refers to the risk that a product, service, practice, or other activity would pose if no controls or other mitigating factors were in place.

Question 37

Q

When is residual risk present? [II-2.1 Evaluating Consumer Harm]

Answer

A

Examiners also focus on whether a bank is effectively and independently managing or mitigating the risk of consumer harm that comes from the products and
services the institution offers and markets in which they serve. After considering an institution’s inherent risks, and the strength of its CMS, residual risk exposure may remain.

Question 38

Q

What is residual risk? [II-2.1 Evaluating Consumer Harm]

Answer

A

Residual risk refers to the risk exposure that remains after identifying the level of inherent risk and factoring in the strength of the mitigating factors to control that risk. The guiding principle is a risk scoping formula: inherent risk – mitigating factors = residual risk. For example, a bank introduces a new overdraft program with no due diligence, no monitoring or auditing, and numerous customer inquiries. This example represents a high risk product without effective CMS
elements to mitigate inherent risk; therefore, a higher level of residual risk remains, and this product warrants review and transaction testing during an examination. As part of the examination scoping process, examiners focus on areas where residual risk is elevated and not on areas where risk is well controlled and residual risk of consumer harm is low.

Question 39

Q

How are examination procedures drafted and implemented? [II-2.1 Evaluating Consumer Harm]

Answer

A

Examination procedures are drafted and implemented in a manner to guide examiners in assessing the risk of consumer harm in the conduct of the examination. Well-crafted examination procedures that are focused on risks and potential for consumer harm promote the efficient use of resources, identification of root causes of deficiencies, and allocation of resources to areas presenting the highest risk, while avoiding unnecessary review of areas with little or no risk of consumer harm. As an example, examination procedures regarding overdraft programs differentiate the type and extent of review
based on the type of overdraft program offered (e.g.,
automated versus ad hoc) and further reserves more detailed transaction testing to situations where examiners have identified specific risks or weaknesses.

Question 40

Q

What do examiners consider this section as they assess
institutions’ compliance with the federal consumer protection laws and regulations. [II-2.1 Evaluating Consumer Harm]

Answer

A

The Federal Financial Institutions Examination Council’s Uniform Interagency Consumer Compliance Rating System (CC Rating System), which is a supervisory policy for evaluating financial institutions’ adherence to consumer compliance requirements, includes a section titled Violations of Law and Consumer Harm. The CC Rating System
emphasizes the importance of institution’ compliance
management systems, with emphasis on compliance risk management practices designed to manage consumer compliance risk, support compliance, and prevent consumer harm.

Question 41

Q

What role does the Report of Exam play? [II-2.1 Evaluating Consumer Harm]

Answer

A

The Report of Examination plays an important role in
communicating the FDIC’s assessment of the CMS to the institution. The FDIC classifies violations of federal consumer laws based, in part, on the level of risk of consumer harm. In the event violations are identified in the Report of Examination, this classification process serves to communicate to banks the FDIC’s conclusions about the severity, extent, or potential consumer harm caused by the violation. The
expectation is that FDIC-supervised institutions will prioritize corrective action and on-going management of their CMS to correct errors and mitigate risks of consumer harm.

Question 42

Q

What supervisory action does the FDIC take? [II-2.1 Evaluating Consumer Harm]

Answer

A

Effective supervision includes requiring institutions to take corrective action when weaknesses in the CMS or violations are identified. Appropriate corrective action considers the overall effectiveness of the institution’s CMS, the root cause(s) of the deficiencies as well as the extent and impact of consumer harm. When there is a violation of law or regulation
that results in consumer harm, the FDIC will seek corrective action, which may include restitution to consumers as part of an appropriate enforcement action. Civil money penalties (CMPs) may also be assessed to sanction an institution or an
institution-affiliated party according to the degree of
culpability. Other factors examiners consider include intent and severity of the violation of law or regulation, breach of fiduciary duty, and/or whether a practice is unsafe or unsound. CMPs are also assessed to deter future misconduct.

Question 43

Q

What is another important component in the FDIC’s supervisory approach in preventing consumer harm? [II-2.1 Evaluating Consumer Harm]

Answer

A

Communication and technical assistance to supervised institutions is an important component of the FDIC’s supervisory approach in preventing consumer harm by supporting institutions’ efforts to maintain an effective CMS. Communication is especially important during periods of regulatory change and transition. The FDIC communicates
through a number of channels, including national and regional bankers’ teleconferences on emerging topics; speaking engagements at national, regional, state, and local conferences and conventions; a web-based regulatory calendar; Supervisory Insights Journal articles; regional newsletters; banker and
bank director trainings and online technical assistance videos; meetings with industry trade groups; and issuance of guidance through Financial Institution Letters. Communicating the focus of FDIC examination efforts and supervisory priorities
through these diverse channels assists bankers in identifying and reviewing key areas of concern and addressing deficiencies promptly, prior to and unrelated to a specific examination activity. In addition, examiners can provide certain types of technical assistance to community bankers
during the course of an examination that may enable an institution to reduce the risk of consumer harm in the operation of its business. These communication and technical assistance efforts provide bankers with tools to address issues that may pose risk of consumer harm.

Question 44

Q

What forces combine to create inherent risk? [II-3.1 Compliance Management System]

Answer

A

Financial institutions operate in a dynamic environment influenced by industry consolidation, convergence of financial services, emerging technology, and market globalization. To remain profitable in such an environment, financial institutions continuously assess and modify their product and service offerings and operations in the context of a business strategy. At the same time, new legislation may be enacted to address developments in the marketplace. All these forces combine to create inherent risk.

Question 45

Q

What must a financial institution do to address inherent risk? [II-3.1 Compliance Management System]

Answer

A

To address this risk, a financial institution must develop and maintain a sound compliance management system (CMS) that is integrated into the overall risk management strategy of the institution. Ultimately, consumer compliance should be part of the daily routine of management and employees of a financial
institution.

Question 46

Q

What is the CMS? [II-3.1 Compliance Management System]

Answer

A

A CMS is how an institution:
learns about its consumer compliance responsibilities;
• ensures that employees understand these responsibilities;
• ensures that requirements are incorporated into business processes;
• reviews operations to ensure responsibilities are carried out and requirements are met; and
• takes corrective action and updates materials as necessary.

Question 47

Q

Who is ultimately responsible for administering the CMS? [II-3.1 Compliance Management System]

Answer

A

The Board of a financial institution is ultimately responsible for developing and administering a CMS that ensures compliance with federal consumer protection laws and regulations. To a large degree, the success of an institution’s CMS is founded on the actions taken by its Board and management.

Question 48

Q

What are key actions that Board and management may take to demonstrate their commitment to maintaining an effective CMS and to set a positive climate for compliance? [II-3.1 Compliance Management System]

Answer

A

• demonstrating clear and unequivocal expectations about consumer compliance, not only within the institution, but also to third-party providers;
• adopting clear policy statements;
• appointing a compliance officer with authority and
accountability;
• allocating resources to compliance functions commensurate with the level and complexity of the institution’s operations;
• anticipating and evaluating changes in the institution’s operating environment and implementing responses across impacted lines of business;
• identifying compliance risk in the institution’s products, services, and other activities, and responding to deficiencies and violations;
• conducting periodic compliance audits; and
• providing for recurrent reports by the compliance officer to the Board.

Question 49

Q

What is the expectation surrounding leadership on Compliance by the Board and management of an institution? [II-3.1 Compliance Management System]

Answer

A

Leadership on consumer compliance by the Board and management sets the tone in an organization. The Board and management should discuss compliance topics during their meetings. They should include compliance matters in their communications to institution personnel and the general
public. Institution management and staff should have a clear understanding that compliance is important to the Board and management, and that they are expected to incorporate compliance in their daily operations.

Question 50

Q

What is the first step Board and management should take in providing for the administration of the compliance program regardless of size or institution complexity? [II-3.1 Compliance Management System]

Answer

A

Regardless of size or institution complexity, the first step
Board and management should take in providing for the
administration of the compliance program is the designation of a compliance officer.

Question 51

Q

What must must the Board and management grant a compliance officer sufficient authority and independence to do? [II-3.1 Compliance Management System]

Answer

A

• cross departmental lines;
• have access to all areas of the institution’s operations; and
• effect corrective action.

Question 52

Q

Describe the role of a compliance committee? [II-3.1 Compliance Management System]

Answer

A

A compliance committee, as an alternative to or in addition to a full-time compliance officer, could be formed consisting of the compliance officer, representatives from various departments, and member(s) of management or the Board. However, the ultimate responsibility of overall compliance
with all statutes and regulations resides with the Board.

Question 53

Q

Describe the role of the compliance officer? [II-3.1 Compliance Management System]

Answer

A

A qualified compliance officer will have knowledge and understanding of all consumer protection laws and regulations that apply to the business operations of the financial institution. The compliance officer should also have general knowledge of the overall operations of the institution and interact with all of the departments and branches to keep abreast of changes (e.g., new products, services or business
practices; personnel turnover) that may require action to manage perceived risk. In larger or more complex institutions the compliance officer may devote all of his or her time to compliance activities. In smaller or less complex institutions, where staffing is limited, a full-time compliance officer may not be necessary; instead, the compliance responsibilities may
be divided between various individuals by type of regulation, such as loan-related or deposit-related regulations. In some instances, several banks may share a compliance officer.

Question 54

Q

What do a compliance officer’s general responsibilities include? [II-3.1 Compliance Management System]

Answer

A

A compliance officer’s general responsibilities, regardless of the size or complexity of the institution’s operations, include:
• developing compliance policies and procedures;
• training management and employees in consumer protection
laws and regulations;
• reviewing policies and procedures for compliance with applicable laws and regulations and the institution’s stated
policies and procedures;
• assessing emerging issues or potential liabilities;
• coordinating responses to consumer complaints;
• reporting compliance activities and audit/review findings to the Board; and
• ensuring that corrective actions are implemented in a timely fashion and are effective at preventing recurrence.

Question 55

Q

What must a compliance officer be provided with to be effective at the job? [II-3.1 Compliance Management System]

Answer

A

To be effective at overseeing compliance and maintaining a strong compliance posture, a compliance officer must be: provided with ongoing training, as well as sufficient time and adequate resources to do the job. The compliance officer may utilize third-party service providers or consultants to help administer the compliance program or audit functions. However, the compliance officer should perform sufficient due diligence to verify that the provider is qualified, because ultimately the institution’s Board and management are responsible for identifying and controlling compliance risks
arising from third-party relationships, to the same extent as if the third-party activity was handled within the institution.

Question 56

Q

What does third-party oversight entail? [II-3.1 Compliance Management System]

Answer

A

If an institution engages the services of a third party, the Board and management must ensure that the third-party operations, products, services, and activities are reviewed for compliance with consumer protection laws and regulations. An effective
compliance risk management process will vary depending on the complexity and risk potential of the third-party relationship, but generally includes risk assessment, due diligence in selecting the third-party provider, appropriate contract structuring and review, and sufficient oversight of third-party activities, including adequate quality control over products or services provided.

Question 57

Q

What is the objective of PEP?

Answer

A

The objective of the pre-examination planning process is to collect necessary information to understand an institution and the risks of consumer harm prior to the start of an examination. This information allows the Examiner-in Charge (EIC) and the examination team to plan and conduct the examination, to develop the scope of the examination, and to accomplish supervisory objectives in an efficient and
effective manner.

Question 58

Q

What are the three phases of PEP?

Answer

A

Information Package (IP)
Pre-Examination Planning Phase 1 (PEP-1)
Pre-Examination Planning Phase 2 (PEP-2)

Question 59

Q

How does the examination process start?

Answer

A

The examination planning process begins with the Field Supervisor (FS) or the Supervisory Examiner (SE) calling the institution’s management to inform them of the projected start date of the examination, explain that an IP will be sent, and discuss how the IP will be provided .

Question 60

Q

What is the timing of the IP stage of PEP?

Answer

A

The FS or SE submits the IP to the institution no less than 90 calendar days before the projected start date of the examination.

Question 61

Q

What is the point of the IP?

Answer

A

The IP is designed to increase banker awareness of the examination process prior to the examination; to promote open communication with examination staff; and to ensure that the institution’s management team knows what to expect during the examination and where to go in the event their expectations are not met. The FS or SE explains that the IP includes a list of interview questions, which will help the EIC develop an examination plan and an information and
document request list tailored specifically to the institution’s activities. The interview questions are provided early so the institution’s management team can prepare to discuss them with the EIC and can invite the appropriate persons to participate in the pre-examination interview that occurs several weeks before the examination start date.

Question 62

Q

What is the guidance on requiring written responses to the IP?

Answer

A

The institution may elect to provide written responses to the pre-examination interview questions; however, the FS, SE, EIC, or other examination staff should not request or require written responses from the institution.

Question 63

Q

After calling the institution, what should the FS/SE do?

Answer

A

After contacting institution management, the FS, SE, or designee submits the IP to the institution according to the previously stated timing requirements. To facilitate efficient and secure exchange of information, the FS or SE should
determine the institution’s willingness to use applications, such as the Enterprise File Exchange (EFX), that provide a secure method for financial institutions to exchange information with the FDIC.
When the institution is willing to use such applications, the FS, SE, or designee should initiate a session and electronically submit the IP to the
institution. When the institution is unwilling to use secure applications for the electronic exchange of examination related information, the FS, SE, or designee should use an alternative delivery method (e.g., encrypted e-mail, express mail courier service) that meets the security measures discussed in the FDIC’s policies for the exchange, use, and
storage of information. Each field office will establish
procedures to ensure the FS, SE, or designee (1) provides the IP to the institution in a timely manner; (2) records the IP sent date in the System of Uniform Reporting of Compliance and CRA Examinations (SOURCE); and (3) if applicable, records any reasons for timing delays in SOURCE.

Question 64

Q

How is the IP produced?

Answer

A

The IP module in the PEP System is used to produce the IP, which includes a standardized introductory letter that provides an overview of the examination process; discusses various resources available that explain the examination process; identifies the appropriate communication channels for any concerns about the examination process or the
resultant ratings; and provides contact information for the FS and/or the SE.

Answer 65

A

The IP letter has been standardized and automated within the PEP System and should be consistently used by all field offices without changes. A sample IP letter is included in this Manual (see Section III). If electronically submitting the IP to the institution, the FS, SE, or designee should convert the IP letter to an Adobe portable document format (.pdf). Supervisors should also follow any national or regional instructions governing the use of electronic signatures for examination-related documents. In the absence of such instructions, a supervisor can either use his or her typed name as an electronic signature, using the same font as the body of the letter, or use Adobe’s “Fill & Sign” feature.

Answer 66

A

Lastly, as part of the examination planning process, the FS or SE schedules examiners for PEP-1 and PEP-2. In particular, the FS or SE will select the EIC and schedule sufficient dedicated time for the EIC to conduct all activities of PEP-1 and PEP-2 prior to the examination start date. As a general rule, the EIC (or Acting EIC) should conduct PEP activities to have sufficient time to learn about the institution and
prepare an examination plan tailored to the institution’s areas of highest risk. Other examiners may conduct PEP activities on a limited basis when scheduling conflicts arise or limited staffing resources exist. Additionally, if examiners other than the EIC will perform the CRA or fair lending reviews, then those staff members should be scheduled sufficient
dedicated time, when possible, to perform CRA- and fair lending-related examination planning activities so that the results are available for the EIC’s review and consideration.

Answer 67

A

For the largest Home Mortgage Disclosure Act (HMDA) reporters (over 500 LAR lines) and/or Community Reinvestment Act (CRA) reporters, validation testing should be conducted in advance of scheduled fair lending and CRA examinations. This
approach will allow the institution to resolve any data errors so the examination can proceed without significant delay. In addition, validation testing must be conducted for HMDA Outlier reviews prior to the start of the examination. For examinations of all other reporters, the validation testing will generally be conducted during the examination. However, a
field office has the option to perform a data validation prior to the examination start date for other institutions if the field office has sufficient resources to complete it. The HMDA validations should be conducted following the FDIC HMDA validation procedures, considering the scale and complexity
of the institution’s mortgage lending activities and an overall assessment of the institution’s prior practices and compliance risk profile.

Answer 68

A

A HMDA/CRA Validation Letter is to be provided to
institutions when data validations occur prior to any
examination. A data validation letter has been standardized and included in the IP module of the PEP System and should be used consistently. This letter is either sent with or after the IP to allow sufficient time for the data validation process.
The letter should be sent using the same secure delivery method established for providing the IP. If HMDA Data Analysts will be used for the validation process, the FS or SE should communicate this with the institution, either verbally or in the letter.

Answer 69

A

The risk assessment of the institution begins during PEP-1.

Answer 70

A

Every institution has inherent risk based on strategic plans, products and services offered, past supervisory actions, business activity, and other factors.

Answer 71

A

PEP-1 starts the process of identifying and documenting risk based on the institution’s structure, supervisory history, financial performance, and market area. The various activities performed during PEP-1 are meant to promote critical thinking about the possible inherent risks in the institution being examined.

Answer 72

A

• 2) Gathering information about the institution from
both internal and external sources;
• 1) Contacting the institution to conduct the pre-examination interview (PEP interview); –> (3. conducting the PEP Interview)
• 4) Preparing and sending the Entry Letter to the
institution along with the Compliance Information
and Document Request (CIDR) that primarily
requests CMS-related information and documents;
and
• 5) Beginning Section 1 of the Assessment of Risk of
Consumer Harm (ARCH) and Section 1 of the Fair
Lending Scope and Conclusions memo (FLSC).
This activity is optional during PEP-1. The ARCH
and FLSC can be started to the extent possible and
when time or examination scheduling permits it;
however, most work on the ARCH will occur
during PEP-2 and most work on the FLSC will
occur during PEP-2 and the examination.

Answer 73

A

The EIC should begin PEP-1 no less than 45 calendar days prior to the scheduled start date of the examination. However, institutions must have at least 30 calendar days to complete the CIDR and provide requested documents. Longer time periods may be necessary based on the institution’s size, resources, and complexity. The EIC should communicate with the institution’s management during the PEP interview to determine a sufficient amount of time to provide the requested materials. This timeframe is
also discussed in the Entry Letter.

Answer 74

A

The EIC should first concentrate on gathering as much of the information as possible from FDIC records and databases and from publicly available sources before obtaining information from the financial institution. The following is a list of some key documents and information the EIC should obtain for review because of their relevance to the financial institution’s compliance posture:

FDIC Records/Databases:
• Data Gathering Tool, which compiles institution,
examination, supervisory, and financial information
from multiple FDIC systems and databases
• Prior ARCH, FLSC, and other information from
SOURCE or the Regional Automated Document
Distribution (RADD)
• Previous Reports of Examination (ROEs) and
supporting workpapers for compliance, risk
management, trust, and information systems
• Prior corrective actions (such as restitution) and
responses to ROEs
• Supervisory plans (for large and/or complex
institutions, or others, as available)
• CRA Performance Evaluations
• Demographic data for CRA assessment area(s) or
market area(s)
• Uniform Bank Performance Reports (UBPRs) and
Reports of Condition and Income (Call Reports)
• FDIC monitoring reports
• Complaint and correspondence files
• Applications in process

Publicly Available (External) Sources:
Previous years’ HMDA and CRA data disclosure
reports
• Content of the financial institution’s website
• Public records, such as securities filings
• Newspaper or website articles that raise potential
examination-related issues
• Community contacts (for CRA evaluations)

Answer 75

A

The PEP interview questions are maintained in the
Compliance Pre-Examination Request Package (C-PREP) module of the PEP System and updated on a periodic basis. The EIC will contact the institution and arrange a PEP interview to be conducted either by telephone, a secure communication platform (such as Microsoft Teams or another FDIC-approved system), or through an in-person discussion.

Answer 76

A

The purpose of the interview is to gather current information to understand the institution’s risk profile, size,
complexity, and the types of products or services offered. The interview questions are provided to the institution with the IP discussed previously. Staff cannot require the institution to provide written answers to the interview questions in advance. If the institution elects to provide written answers, the EIC is still expected to conduct an interview to verify and clarify responses received. While examiners cannot add, revise, or delete interview questions
in the PEP System, the EIC should tailor interview questions based on what is learned about the institution through the internal and external data gathering process. This demonstrates that the EIC has performed research to become familiar with the institution. The EIC should also ask any
necessary follow-up or additional questions during the PEP interview to understand the institution’s profile and to determine inherent risk.

Answer 77

A

The EIC should also use the interview as an opportunity to answer the institution’s questions about the examination process and to discuss the timing and logistics of the examination. Additionally, the EIC should determine the applicability of the FDIC’s e-Exam Policy, should confirm previously discussed electronic document/data access
requirements and delivery method(s) with the institution’s management; and determine off-site examination capabilities. The PEP interview also provides an opportunity to identify the institution’s staff members who will need to be available to the examination team during the examination. This will allow the institution to take steps to ensure, to the
extent possible, that those persons are available when needed.

Answer 78

A

Director Involvement: During the PEP interview, the EIC should also inform management that members of the institution’s Board of Directors are welcome to participate in regularly scheduled meetings with examiners or to schedule individual meetings with the EIC, if desired. The EIC should emphasize that such participation is purely voluntary and that
a lack of participation will not be viewed negatively. As stated in the memorandum announcing this initiative, “The primary objectives are to improve communication with outside Directors, increase director knowledge of the examination process, provide an opportunity for Directors to
discuss their views with examiners on banking-related matters, and give examiners the opportunity to gain further insight into the experience levels and leadership qualities of bank management.”

Answer 79

A

The C-PREP module in the PEP System is used to produce the Entry Letter and Electronic Data Download Instructions and the CIDR. These documents must be tailored, as appropriate, for each institution.

Answer 80

A

After conducting the information gathering and PEP
interview outlined above, the EIC (or a designee with whom he or she communicates closely) is required to use C-PREP to customize and create the CIDR based on an institution’s products and services.

Answer 81

A

The interview responses must be
input to the PEP System to ensure the CIDR is tailored to request only what is necessary to conduct the examination. C-PREP filters the CIDR to make available certain items based on the institution’s responses to the PEP interview questions. The CIDR created during PEP-1 primarily requests information and documents to assess the CMS, as well as information and some documents to understand the
characteristics of products or services offered. The majority of transaction-level documentation will be requested during PEP-2.

Answer 82

A

The institution’s response to the initial CIDR will
provide the EIC with enough information to properly scope the examination and to identify products, services, and regulations (PSRs) on the ARCH that exhibit inherent risk not sufficiently mitigated by the institution’s CMS (i.e., residual risks). These residual risks will be the basis for requesting transaction testing-related documentation (e.g., disclosures, loan files) during PEP-2. Also, requesting fair
lending-related information through the CIDR will allow the examiner conducting the fair lending review to complete the majority of Section 1 of the FLSC prior to the start of the examination. Thus, the EIC should ensure all applicable fair lending-related information is requested through the CIDR
so the examiner conducting the fair lending review has access to this information during the scoping process.

Answer 83

A

When completing the CIDR and requesting items such as minutes, training records, or reports, the EIC indicates the timeframe for the review (e.g., since the previous examination, in the past year, in the last two years). This will help the institution avoid the submission of voluminous information or data not relevant to the examination. Additional information about how to use C-PREP can be obtained from the user guide available within the PEP System

Answer 84

A

The Entry Letter and CIDR should be provided to the
institution in either a paper-based format or an electronic format using the secure delivery method previously established for the examination process. As discussed previously, if electronically providing the Entry Letter to the institution, the EIC (or designee) should convert it to an Adobe portable document file (.pdf). The EIC (or designee)
should also follow any national or regional instructions governing the use of electronic signatures for examination related documents. In the absence of such instructions, the EIC (or designee) can either use his or her typed name as an
electronic signature, using the same font as the body of the letter, or use Adobe’s “Fill & Sign” feature.

Answer 85

A

The Entry Letter instructs the institution on how to deliver the materials to the EIC or examination team and in what format. As previously discussed, institutions must have at least 30 calendar days to complete the CIDR and provide requested documents. The timing of the request and the
turnaround must ensure that the institution has sufficient time to assemble the requested information and the examination team has sufficient time to adequately review the materials. The FDIC prefers the use of applications, such as EFX, that
provide a secure method for financial institutions to
exchange examination files and information electronically with the FDIC. However, where appropriate and with supervisor approval, the EIC may visit the institution prior to the official start date either to pick up the documents or to review any documents that are confidential or too bulky to
duplicate.

Answer 86

A

ARCH and FLSC – Sections 1
The ARCH documents the scope of the examination and assists with prioritization of efforts, time, and resources toward those PSRs with the highest residual risk of consumer harm. The FLSC documents the fair lending review conducted in accordance with the Federal Financial Institutions Examination Council’s Fair Lending Examination Procedures. After conducting the PEP interview and recording the institution’s responses in the PEP System, the ARCH and FLSC can be created in the PEP System. In an effort to make the PEP process more efficient,
Sections 1 of the ARCH and FLSC have been coordinated with and linked to the PEP interview. Several responses for Sections 1 of the ARCH and FLSC will pre-populate based on what is entered into C-PREP from the PEP interview. However, the EIC should review the pre-populated questions
and answers to ensure they are correct.

Answer 87

A

The EIC has the option to begin Sections 1 of the ARCH and FLSC during PEP-1 using available information gathered. A series of questions help document various risks identified during examination planning. The ARCH was developed to engage examiner’s critical thinking skills and to focus examination resources on areas presenting the highest degree of consumer harm risk. Additional information about preparing the ARCH is included in this Manual (see Section II – Review and Analysis). Examiners can also find information about how to use the ARCH and FLSC modules in the user guides available within the PEP System.

Answer 88

A

The review and analysis phase of the consumer compliance examination starts with a top down, comprehensive evaluation of the compliance
management system(CMS) used by the financial institution to identify, monitor, and manage its compliance responsibilities and risks.

Answer 89

A

The Examiner-in-Charge (EIC) reviews and analyzes the material gathered from FDIC, third parties, and the institution in response to the Compliance Information and Document Request (CIDR) in order to develop the scope memorandum and plan the examination. This review and analysis should be broad enough to obtain an understanding of the organizational structure of the institution, its related activities, and compliance risks associated with each of its activities.

Answer 90

A

The review should be used to preliminarily determine whether the institution’s Board of Directors (Board) and management identify, understand, and adequately control the elements of risks facing the financial institution. In general, management
and Directors are expected to have a clearly defined system of risk management controls governing the institution’s compliance operations, including those activities conducted by affiliates and third party vendors. During this review the EIC should consider what types of questions should be asked during
the examination to test whether the institution’s written policies and procedures accurately reflect actual operations.

Answer 91

A

The goal of a risk-focused, process-oriented examination is to direct resources toward areas with higher degrees of risk of consumer harm.

Answer 92

A

To accomplish this goal, the examiner must
assess the financial institution’s CMS as it applies to key operational areas and evaluate the risk of non-compliance with applicable laws and regulations. This process is documented by the examiner in a scoping memorandum, the Assessment of Risk of Consumer Harm (ARCH), which is reviewed and approved by the supervisor. The ARCH is developed during the pre-examination planning process and utilizes historical data, information obtained from the interview with the institution, and documents and information submitted by the institution in response to the CIDR. The
ARCH describes the focus of the examination, including issues to be investigated and the products, services, or regulations that exhibit inherent risk not sufficiently mitigated by the institution’s CMS. The identified areas with residual risk will be further reviewed or transaction tested during the
examination.

Answer 93

A

-Institution structure
-Supervisory History
-Operational Areas - Product/Service/Regulation (PSR) Risk

Answer 94

A

Conducting key meetings, including exit/Board meetings, and significant conversations with bank officers about potential consumer harm, possible downgrades, enforcement actions, significant fair lending discussions (e.g. criteria
interviews), Unfair or Deceptive Acts or Practices concerns, and the CMS interview for higher-risk institutions.
• Training and instilling FDIC culture for pre-commissioned examiners and interns [note: this can be done with a combination of off-site in the field office and on-site at the bank]
• Observing situations that could lead to further
investigation/examination activities (e.g. detecting internal control weaknesses, potential fraud, dominant officer situation, etc.)
• Training on first-time significant benchmarks to provide a more collaborative and hands-on development experience [note: the trainee and coach should generally work on-site together, in the bank and/or field office, as appropriate, while completing the benchmark]
• Working side-by-side for Acting EIC assignments [note: Signing EIC and Acting EIC should be together to complete relevant portions of the exam for the EIC to observe and coach the Acting EIC on examination oversight either in the bank and/or field office]
• Conducting transaction testing for high-risk PSRs, or when remote access is not available

Answer 95

A

During the pre-examination planning stage, the EIC should schedule a meeting with senior management (e.g., the president, chief executive officer, compliance officer, and if they wish, members of the Board). This meeting should take place as soon as possible after beginning the examination and should facilitate the discussion of various administrative items and the scope of the examination. Matters to be discussed during the entrance meeting include:
• An overview of the examination process, including the use of information collected during pre-examination planning and its impact on the scope of the examination
• The names of FDIC examiners on the examination and whether they will be working on-site or off-site
• Anticipated length of the examination
• Activities expected to be conducted on-site and off-site, and communicating that adjustments may be made based on risk
• The EIC’s accessibility throughout the examination to discuss any issues relating to the examination and/or FDIC policy and practices and communication preferences
• The identity of the individual(s) who is/are the primary contact person(s) for examination related issues and communication preferences for both on-site and off-site examiners
• Any issues identified during off-site review and analysis, particularly areas of significant risk of consumer harm that will be receiving close attention
The materials requested during pre-examination planning
that were not provided by the financial institution prior to
the examination start date
• An explanation of the closing management meeting
procedures
• The date of the next Board/trustees meeting (Management should be advised that depending upon the examination findings, the FDIC may need to attend the regularly scheduled meeting or call for a
special Board meeting.)
• Any issues related to the CRA evaluation and fair lending review

Answer 96

A

Communication between financial institution management, Board, institution staff, and FDIC examination staff is a major component of an effective examination or visitation. Open communication should be maintained with management during the course of the examination. To the extent possible, all issues of concern should be discussed with management as
they arise. This allows management time to provide additional relevant information or to begin correcting problems where appropriate.

Answer 97

A

The financial institution’s Directors/trustees are encouraged to participate in regularly scheduled meetings with examiners. However, examination findings should be discussed with management prior to discussing with Board members. Also,
the EIC should notify the financial institution’s management as early as possible of any plans to meet with the Board to present examination findings. This will provide Directors/trustees with an opportunity to forego meetings during the examination, if that is their preference.

Answer 98

A

Determine the quality of the institution’s CMS, including the degree to which management has taken a proactive approach to compliance and whether management can demonstrate its ability to assure compliance with federal consumer laws and regulations
• Assess whether the CMS is effective at facilitating
compliance
• Identify potential deficiencies in the CMS and areas of greatest risk of consumer harm
• Determine where transaction testing is necessary

Answer 99

A

Material to be reviewed during completion of this section will
include, at a minimum:
•The examiner-determined risk profile of the financial
institution as it relates to management oversight
• Prior Reports of Examination, including Consumer
Compliance, Risk Management, and specialty examinations (with a focus on the management component of each)
• Minutes of the meetings of the Board, Compliance
Committee, Discount Committee, etc.
• New, modified or amended compliance-related policies, procedures, and other internal memoranda
• All files related to the receipt and resolution of compliance related consumer complaints archived by the institution or the FDIC, including information from the FDIC’s automated complaint tracking system managed by the FDIC’s Consumer Response Unit
• Written management and Board response and follow-up to internal monitoring and to internal and external audits, if applicable
• Agreements with third parties to provide products or
services, such as an outside vendor to provide compliance services and educational materials or with a networking broker/dealer to provide brokerage services
• Institution organizational chart and management résumés
• Examiner notes from discussions with the compliance officer, managers, etc.

Answer 100

A

Examiners are to determine whether the institution’s policies and procedures are appropriate to the risk in the products, services, and markets of the institution. Material to be reviewed during completion of this section will include, at a minimum:
• The examiner-determined risk profile of the financial
institution as it relates to policies and procedures, including the institution’s business strategy, product offering, branches, third party relationships, etc.
• Compliance-related policies and other written compliance procedures
• Board minutes, Compliance Committee minutes, and other committee minutes, as applicable
• Examiner notes from discussions with the compliance officer, senior managers, etc.

Answer 101

A

Compliance policy
-Lending policy
-Deposits
-E-Banking policy
-Privacy
-NDIP
-Branch closing
-TIL
-FCRA
-ODs

Answer 102

A

Examiners communicate Matters Requiring Board Attention (MRBAs) when significant issues are identified requiring an institution’s Board and management to take prompt corrective action on behalf of the institution and elevated supervisory attention is necessary.

Examiners also provide recommendations to management when issues are identified that have a lower risk of consumer harm and are correctable by
management in the normal course of business. If institutions take recommended actions, their CMS generally improves, and subsequent supervisory attention may not be necessary.

Answer 103

A

An exit meeting is held with management at the conclusion of a consumer compliance and CRA examination or review. When practical, at least two FDIC representatives should be present at
the exit meeting. Attendance by financial institution
representatives other than management is at the discretion of management. These participants may include: consultants, agents, counsel, accountants, holding company officers, directors, and employees who work directly with consumer protection laws or CRA. The presence of the aforementioned representatives should only be during segments that pertain to their area of responsibility. Third party participants must be under contract with the bank, with appropriate confidentiality language, in order to attend the exit meeting

Answer 104

A

During concurrent examinations with Risk Management Supervision (RMS), DCP’s Examiner-in-Charge (EIC) coordinates with RMS examiners to schedule the exit and Board meetings in an effort to ensure that all necessary attendees are present and that the bank’s and FDIC staff’s time is used efficiently. Reasonable requests from management, such as for separate meetings, are considered and accommodated, if
practical.

Answer 105

A

Examination findings, including consumer compliance and CRA ratings, are not final until the appropriate reviews are conducted by review staff, and/or the Regional or Washington Offices, as applicable. Prior to the exit meeting, Regional Offices generally consult with examiners and approve enforcement action recommendations.

Answer 106

A

Summarize review or examination findings. All critical issues are discussed. If significant issues arise subsequently, they are discussed with management either in person, virtually, or by telephone. If management presents significant, new information at the exit meeting, additional review by the examiner may be required. In such instances, the examination
process is left open for further review of applicable regulatory issues and the institution’s records. A second meeting with management may be necessary to discuss any additional matters.
• Discuss, when appropriate, positive findings to acknowledge the effectiveness of the institution’s consumer compliance or CRA efforts.
• Provide recommendations to address noted weaknesses or deficiencies.
• Recommend actions that would strengthen or enhance the financial institution’s CMS, as applicable.
• Obtain management’s response(s) and commitment(s) for corrective action for deficiencies identified in the CMS, including recommendations, and for cited violations and the resulting consumer harm.
• Advise management of recommended consumer compliance and CRA ratings, as well as any recommendations for formal or informal enforcement actions.

Answer 107

A

The agenda for the exit meeting lists the discussion items in the order of their significance in relation to the overall conclusions. The agenda also includes a tentative listing of Level 3 and Level
2 violations, and to the extent possible, draft copies of the pertinent violation sections of the ROE. At the exit meeting, examiners also provide management with a copy of the Level 1 violations, if applicable. A copy of the agenda is provided to management and included in the examination workpapers.

*Question: What is meant by “tentative listing of L2 and L3 violations? Aren’t L2 and L3 includes as headers in Agenda but discussed orally, then any L1 violations are distributed?

Answer 108

A

The purpose of a meeting with the financial institution’s Board is to convey the pertinent findings of the examination directly to persons ultimately responsible for the operating policies and
procedures of the institution. Board meetings are conducted after the exit meeting with management, and are planned for regularly scheduled Board meetings, whenever possible. When significant issues requiring consultation with the Regional Office are present, the FDIC’s Consultation Policy is followed
prior to scheduling the Board meeting.
*Question: I thought that for DCP, an Exit does not have to have the Board (i.e. for RMS a wrap up is just with management and an Exit is with management and the Board); here, we can have an Exit with just management, but if the Board wants to attend that has to be separate? What if just one member of the Board wants to attend?

Answer 109

A

Board meetings must be attended by at least a quorum of Directors/Trustees. The EIC, Field Supervisor, Supervisory Examiner, and/or Review Examiner or senior member of the Regional Office staff attend, as deemed appropriate.

Answer 110

A

Board meetings may be appropriate in a variety of situations, but are required under one or more of the following circumstances:
• An informal or formal enforcement action is recommended
• The proposed consumer compliance rating is “3,” “4,” or “5”
• The proposed composite CRA rating, state rating, or multistate rating is “Needs to Improve” or “Substantial
Noncompliance”
• The institution’s management or Board requests such a meeting

Answer 111

A

A Board meeting is not required for:
• Visitations;
• Consumer Complaint Investigations; or
• Other Special Reviews.

Answer 112

A

The ROE is a consumer compliance examination’s principal document of record. It communicates the results of an examination to the Board and management of the financial institution. The ROE highlights the strengths and weaknesses
of a financial institution’s CMS and cites violations (if any) in order of significance. The ROE may also include pages that inform the institution about MRBAs, compliance with enforcement actions, or other matters. The ROE offers recommendations for addressing deficiencies and improving
future compliance management performance. Compliance examiners develop the ROE’s content and its findings based on bank information reviewed during the supervisory process, FDIC examination policies and procedures, and examiner experience and professional judgment.

Answer 113

A

Transmittal Letter
• Report Cover
• Examiner’s Comments and Conclusions
o Consumer Compliance Examination Scope and Rating
o Compliance Management System
 Board and Management Oversight
 Compliance Program
o Optional headers to address significant findings (if
applicable), such as Third Party Oversight, Fair Lending,
etc.
o Violations of Law and Consumer Harm
o Community Reinvestment Act Scope and Rating (if
applicable)
o Enforcement Action(s) (if applicable, including proposed
enforcement actions)
o Matters Requiring Board Attention (if applicable)
o Recommendation(s)
o Meeting with Management
o Meeting with Board of Directors (if applicable)
Matters Requiring Board Attention (if applicable)
• Compliance with Enforcement Actions (if applicable)
• Level 3/High Severity Violations (if applicable)
• Level 2/Medium Severity Violations (if applicable)
• Other Matters (if applicable)
• Compliance - Supervisory Section (if applicable)

-What about the banker survey?
-I didn’t think we did the transmittal letter?

Answer 114

A

Transmittal Letter
A transmittal letter accompanies a ROE to a financial
institution’s Board. The transmittal letter requires the
institution, within a timeframe established by the applicable Regional Office, to send a letter or letters to the appropriate FDIC office notifying it, in sufficient detail, of the actual resolution of the MRBAs, recommendations, and Level 3 and Level 2 violations.
Appropriate staff at the Regional Office reviews an institution’s
response and determines whether the response sufficiently
addresses the issues. The Regional Office maintains a tracking
system to ensure responses are received and corrective actions
are completed in a timely manner. In cases where an
enforcement action is pursued against an institution,
examination staff will follow established monitoring procedures.

Answer 115

A

The guiding principle for completing the ROE is that it contains all information that is necessary and useful for the institution’s Board and management to understand the scope and conclusions of the examination and any corrective actions that may be necessary to achieve compliance or address consumer harm. The ROE should aid the Board and management in developing an action plan to address any findings or supervisory concerns. Examiners exercise judgment and discretion when determining the amount of information and detail to include in the ROE.
Factors examiners could consider when determining the amount
of detail include significant CMS structure or management changes, significant changes in business strategy that impact the consumer harm risk profile, changes in ratings or adverse ratings, CMS weaknesses, violations resulting in significant consumer harm, civil money penalties, de novo or charter conversion status, complex or unusual programs or products, or management disagreement with ratings.

Answer 116

A

The Fair Credit Reporting Act (FCRA) is U.S. Code 15 USC 1681 and became effective in 1971.

Answer 117

A

The FCRA is a part of acts contained in the Federal Consumer Protection Act, such as TIL and FDPA (15 USC §1601 et seq)

Answer 118

A

Subsequent to passing FCRA, Congress passed the Consumer Credit Reporting Reform Act of 1996, which substantially revised the FCRA - mostly effective in 1997

Answer 119

A

Minor amendments to the FCRA were made in 1997 and 1998

Answer 120

A

The Gramm-Leach-Bliley Act (Pub. L. No. 106-102, 113 Stat.
1338 (1999)) made additional changes, including provisions
removing a previous statutory prohibition against conducting
routine FCRA examinations, and permitting regulations to be
adopted to implement the requirements of the FCRA; The FCRA was substantively amended in 2003 upon the
passage of the FACT Act (Pub. L. No. 108-159, 117 Stat.
1952). The FACT Act created many new responsibilities for
consumer reporting agencies and users of consumer reports. It
contained many new consumer disclosure requirements as well
as provisions to address identity theft. In addition, it provided
free annual consumer report rights for consumers and
improved access to consumer report information to help
increase the accuracy of data in the consumer reporting
system.

Answer 121

A

Regulation V implements FCRA.

Answer 122

A

12 CFR 1022

Answer 123

A

The FCRA contains significant responsibilities for business entities that are consumer reporting agencies and lesser responsibilities for those that are not. Generally, financial
institutions are not considered to function as consumer reporting agencies; however, depending on the degree to which their information sharing business practices approximate those of a consumer reporting agency, they can
be deemed as such.

Answer 124

A

In addition to the requirements related to financial institutions acting as consumer reporting agencies, FCRA requirements also apply to financial institutions that operate in the following capacities:
1. Procurers and users of information (for example, as credit
grantors, purchasers of dealer paper, or when opening
deposit accounts);
2. Furnishers and transmitters of information (by reporting
information to consumer reporting agencies or other third
parties, or to affiliates);
3. Marketers of credit or insurance products; or
4. Employers.

Answer 125

A

“Adverse Action” has the same meaning as used in section
701(d)(6) [15 USC1691(d)(6)] of the Equal Credit
Opportunity Act (“ECOA”). Under the ECOA, it means a
denial or revocation of credit, a change in the terms of an
existing credit arrangement, or a refusal to grant credit in
substantially the same amount or on terms substantially similar
to those requested. Under the ECOA, the term does not
include a refusal to extend additional credit under an existing
credit arrangement where the applicant is delinquent or
otherwise in default, or where such additional credit would
exceed a previously established credit limit.
The term has the following additional meanings for purposes
of the FCRA:
1. A denial or cancellation of, an increase in any charge for,
or a reduction or other adverse or unfavorable change in the terms of coverage or amount of, any insurance,
existing or applied for, in connection with the
underwriting of insurance;
2. A denial of employment or any other decision for
employment purposes that adversely affects any current or
prospective employee;
3. A denial or cancellation of, an increase in any charge for,
or any other adverse or unfavorable change in the terms
of, any license or benefit described in section 604(a)(3)(D)
[15 USC §1681b(a)(3)(D)]; and
4. An action taken or determination that is (a) made in
connection with an application made by, or transaction
initiated by, any consumer, or in connection with a review
of an account to determine whether the consumer
continues to meet the terms of the account, and (b) adverse
to the interests of the consumer.

Answer 126

A

Consumer reporting agencies have a significant amount of personal information about consumers. This information is invaluable in assessing a consumer’s creditworthiness for a
variety of products and services, including loan and deposit accounts, insurance, and utility services, among others. Access to this information is governed by the Fair Credit Reporting
Act (FCRA) to ensure that it for permissible purposes and not exploited for illegitimate purposes; The FCRA requires any prospective “user” of a consumer report, for example a lender, insurer, landlord, or employer, among others, to have a legally permissible purpose to obtain a report.

Answer 127

A

Section 604 Permissible Purposes of Consumer Reports: Legally Permissible Purposes. The FCRA allows a consumer reporting agency to furnish a consumer report for the
following circumstances and no other:
1. In response to a court order or Federal Grand Jury subpoena.
2. In accordance with the written instructions of the consumer.
3. To a person, including a financial institution, which it has
reason to believe:
a. Intends to use the report in connection with a credit
transaction involving the consumer (includes extending, reviewing, and collecting credit);
b. Intends to use the information for employment purposes;
c. Intends to use the information in connection with the underwriting of insurance involving the consumer;
d. Intends to use the information in connection with a determination of the consumer’s eligibility for a
license or other benefit granted by a governmental instrumentality that is required by law to consider an
applicant’s financial responsibility;
e. Intends to use the information, as a potential investor or servicer, or current insurer, in connection with a
valuation of, or an assessment of the credit or prepayment risks associated with, an existing credit obligation; or
f. Otherwise has a legitimate business need for the information:
i. In connection with a business transaction that is initiated by the consumer; or
i. To review an account to determine whether the consumer continues to meet the terms of the account.
4. In response to a request by the head of a State or local child support enforcement agency (or authorized
appointee) if the person certifies various information to the consumer reporting agency regarding the need to obtain the report. (Generally, this particular purpose does not impact a financial institution that is not a consumer reporting agency.)

Answer 128

A

Prescreened Consumer Reports. Users of consumer reports,
such as financial institutions, may obtain prescreened consumer reports to make firm offers of credit or insurance to consumers, unless the consumers have elected to opt out of
being included on prescreened lists. The FCRA contains many
requirements, including an opt out notice requirement when
prescreened consumer reports are used. In addition to defining
prescreened consumer reports, Module 3 covers these
requirements.

Answer 129

A

Investigative Consumer Reports. Section 606 contains
specific requirements for use of an investigative consumer
report. This type of consumer report contains information
about a consumer’s character, general reputation, personal
characteristics, or mode of living that is obtained in whole or
in part through personal interviews with neighbors, friends, or
associates of the consumer. If a financial institution procures
an investigative consumer report, or causes one to be prepared,
the institution must meet the following requirements:

Answer 130

A

The institution clearly and accurately discloses to the
consumer that an investigative consumer report may be
obtained.
The disclosure contains a statement of the consumer’s
right to request other information about the report, and a
summary of the consumer’s rights under the FCRA.
The disclosure is in writing and is mailed or otherwise
delivered to the consumer not later than three business
days after the date on which the report was first requested.
The financial institution procuring the report certifies to
the consumer reporting agency that it has complied with
the disclosure requirements and will comply in the event
that the consumer requests additional disclosures about the
report.

Answer 131

A

Institution Procedures. Given the preponderance of electronically available information and the growth of identity theft, financial institutions should manage the risks associated
with obtaining and using consumer reports. Financial institutions should employ procedures, controls, or other
safeguards to ensure that consumer reports are obtained and used only in situations for which there are permissible purposes. Access to, and storage and destruction of this
information is dealt with under an institution’s Information Security Program; however, obtaining consumer reports initially must be done in compliance with the FCRA.

Answer 132

A

Examination documentation should demonstrate a clear trail of decisions and supporting logic within a given area. Documentation should provide a written record of the examiner’s decisions and analysis and provide support for assertions of fact or opinion in the Consumer Compliance
Report of Examination (ROE). A well-constructed examination documentation file will provide sufficient data to reconstruct the
examiner’s decision process for each step of the examination. This includes support for the examiner’s decision to include or exclude a regulation or area of review from the scope of the examination, as well as providing documentation of significant
findings, including Level 3 and Level 2 violations.

Answer 133

A

Review of the ROE;
• Expanded explanations of Level 3 and Level 2 violations
in the event of subsequent enforcement action or appeals
of supervisory determinations;
• Development of a supervisory plan;
• A current risk profile; and
• Developing the scope of future examinations and limiting
future information and document requests of the
institution.• Review of the ROE;
• Expanded explanations of Level 3 and Level 2 violations
in the event of subsequent enforcement action or appeals
of supervisory determinations;
• Development of a supervisory plan;
• A current risk profile; and
• Developing the scope of future examinations and limiting
future information and document requests of the
institution.

Answer 134

A

The Assessment of Risk of Consumer Harm (ARCH) is
used to identify and document inherent risk. Some areas of risk will be eliminated from further review
during pre-examination planning based on their low level of inherent and/or residual risk. Section 3 of the
ARCH should explain why areas are eliminated from review. Comments should be concise but specific
enough to indicate why consumer harm risk is low and how CMS factors mitigate the inherent risk. 2. The ARCH also is also used to identify and documents the areas with moderate or high level of potential
consumer harm risk that are not mitigated by the strength of the CMS. Section 3 of the ARCH also
establishes specific products, services, or regulations
(PSRs) for review or transaction testing. As discussed
in this manual, PSRs are based on residual consumer harm risk and only PSRs exhibiting such residual risk
are included in the examination scope. There may be certain situations in which transaction
testing or other review procedures will be necessary but is not predicated upon residual consumer harm risk. These types of reviews should be addressed in Section 4 of the ARCH but in the Other Areas for Review section rather than as a PSR. Training and development needs are one example.[II-7.1 Documenting the Examination]

Answer 135

A

An Examiner Summary workpaper should be prepared for each area selected for transaction testing or other review procedures. The Examiner Summary should support examination findings, conclusions, and recommendations and discuss applicable strengths and weaknesses relevant to inherent risk and how effectively the bank is identifying, addressing, and preventing
consumer harm. The Examiner Summary, in conjunction with the ARCH and the ROE, will allow subsequent readers to clearly identify the scope of work performed
and the basis for the examiner’s conclusion.

Answer 136

A

A statement indicating the scope of the review and describing the examination procedures used. Copies
of the procedures, marked to indicate the portions used, may be substituted for the description.
• Examiner Summaries should include (1) significant
findings and their impact on the CMS rating and
(2) any deficiencies or violations noted during the
examination that are not contained in the ROE.
• Generally, the examiner should maintain all discussion notes and all copies of bank documentation
obtained during the examination. Exceptions can be made for irrelevant material or bulky items that have
limited audit trail value. A copy of any document which is being directly criticized, or which supports a
criticism made during the examination, must be maintained in the workpapers. Again, Examiner Summaries are only necessary for
areas selected for transaction testing or other review procedures. The ARCH will be used to provide a
summary of the other areas not reviewed.

Answer 137

A

When a violation of a specific regulation has been identified, then:
–> Ensure the appropriate workpapers are fully completed and that supporting documentation is attached. The use of standardized workpapers is required. The examiner is required to download the most current version of the standardized workpaper
prior to the start of the current examination. The workpaper and documentation should be sufficient to
enable an examiner having no previous connection with the examination to ascertain the evidence
supporting the significant conclusions, judgments, cited violations, and compliance with any outstanding enforcement action.
–> Assign a violation code to each violation identified during the examination. All violation codes,
regardless of whether or not they were detailed in the ROE, should be uploaded through the System of
Uniform Reporting of Compliance and CRA Examinations (SOURCE) at the completion of the examination

Answer 138

A

Ensure the workpapers include clear and legible notes from discussions with management. All responses to examiner questions should be readily attributable to
specific members of management. Specific comments made by management that are relevant to a significant finding should be marked or highlighted accordingly.

Answer 139

A

Attach to the relevant workpapers the documents supporting each finding noted in the ROE. For example:
• A copy of the relevant portion of the bank’s compliance policy which stipulates procedures that are in contradiction to the procedures actually performed.
• Copies of notes and related disclosure statements for violations of Regulation Z, Truth in Lending.
• Copies of adverse action notifications for violations of Fair Credit Reporting Act and/or Regulation B, Equal
Credit Opportunity.
• Copies of completed hold notices where the financial institution failed to make $200 available at the start of
the next business day in violation of Regulation CC, Expedited Funds Availability. NOTE: For any violations cited as systemic or a pattern
or practice, the examiner need only attach enough copied documents to support this conclusion. Additionally, any violations cited in the ROE that
contain examples of specific transactions should have corresponding evidence in the examination file. Furthermore, any violation that results in the imposition
of a civil money penalty should be supported with all applicable documentation.

Answer 140

A

The EIC is responsible for ensuring that all appropriate documents are uploaded according to national standardized workpapers filing schema for the areas reviewed during the examination and ensuring the documents are complete and
legible. The EIC can assign this responsibility to team members,
as appropriate (e.g., the examiner reviewing an area could be
assigned responsibility to upload the appropriate documents in that specific review).

The EIC (or designee) should:
• Review workpapers to ensure that they are accurate, legible, and complete.
• Determine that appropriate bank documentation, where applicable, has been attached and retained in
the workpapers.
• Confirm that mandatory workpapers are appropriately organized and uploaded to electronic storage.
• Close the examination in the electronic storage
database after the EIC has been informed that the
RE review process is complete.

Answer 141

A

The EIC, or designee, should upload
workpapers into the electronic storage database:
a. Check to make sure that you are not
overwriting a more current version of the document;
b. Do a quality control check to ensure that the documents are legible and that all pages have been included (front and back).
2. Workpapers are generally not changed after the conclusion of an examination. However, if revising a
workpaper in any manner after the completion of an examination is necessary, such revisions should be
clearly documented on the workpaper.
3. Some checklists in this manual have been incorporated into the national standardized workpapers and are required to be completed in
conjunction with the review of an area. In situations where the national standardized workpapers have not
incorporated the checklists within the manual, or if a checklist is obtained elsewhere, the completion of
these checklists is optional. The examiner has the option of completing relevant portions of the checklists or using them merely as a guide. If used,
they should be maintained in the workpapers, as they help document the procedures performed during the examination.
4. Documents added into the electronic storage database are only those not required to be uploaded to SOURCE.

Answer 142

A

Retain workpapers for a period of at least two years or until the next examination, whichever is later. Retain workpapers for longer periods in the following instances, until corrective
action or other resolution is complete:
• Truth in Lending violations requiring reimbursement;
Fair lending violations resulting in referrals to the Department of Justice or Department of Housing and
Urban Development;
• Any type of enforcement action that has been placed on or remains outstanding against the financial institution;
• A criminal referral has been made regarding the institution or any of its directors, trustees, management,
or employees; and
• Other reasons, at the discretion of the Regional Director or Field Supervisor, for which the retention of
documents and workpapers is required.

Consult the FDIC Records Schedule directives for further
information.

Answer 143

A

SOURCE is the system of record for the compliance and CRA examination program and is extensively used by compliance field supervisors, examiners, review examiners, and
Washington Office staff. SOURCE is used to support reporting requirements, provides substantial task support for staff, and is a management support and decision tool. Among
other functions, SOURCE:
• Generates examination schedules that are used to support workload projections by incorporating quarter planning and benchmark hours;
• Provides information to facilitate the pre-exam process;
• Captures examination summary information;
• Attaches examination documents for divisional sharing
and historical reference;
• Tracks information through the consultation process; and
• Facilitates the reporting of examination data for
legislatively mandated reporting.

Answer 144

A

Information in SOURCE should be complete, accurate, and
timely.
• Examiners and reviewers should ensure that the most
current versions of documents are attached and labeled
correctly. For example, and when applicable:
o Transmittal Letter;
o Cover Page;
o Examiner’s Comments and Conclusions;
o CRA Performance Evaluation;
o Supervisory Comments;
o Level 1, Level 2, and Level 3 Violations Pages;
o Final examination scoping documents for
compliance and fair lending (i.e., ARCH and FLSC).
• Examiners and reviewers should ensure that all required information fields are completed at the conclusion of the examination;
• Supervisors should plan examinations and visitations in advance and indicate the quarter for which the activity is planned; and
• EIC, or designees, should update required dates, such as the examination On-Site Date, as soon as possible.

Answer 145

A

Consumer complaint investigations are generally handled by Consumer Response Unit staff. Examiners will be requested to assist if deemed necessary. As with all sensitive matters, close cooperation between staff in the field office, region, and
Washington is essential to a prompt and appropriate resolution
of a complaint.

Answer 146

A

Informal actions represent the final
supervisory step before formal enforcement proceedings are
initiated. [II-9.1 Enforcement Actions]

Answer 147

A

The FDIC has broad enforcement powers under the Federal Deposit Insurance (FDI) Act to issue formal
enforcement actions. [II-9.1 Enforcement Actions]

Answer 148

A

Board Resolution: Informal commitments developed and
adopted by a financial institution’s Board of Directors/trustees, often at the request of an FDIC Regional Director, directing the institution’s personnel to take corrective action regarding specific noted deficiencies. The FDIC is not a party to the resolution, but approves and accepts the resolution as a means to initiate corrective
action. [II-9.1 Enforcement Actions]

Answer 149

A

Memorandum of Understanding: Informal agreement between an institution and the FDIC that is drafted by the Regional Office staff to address and correct identified weaknesses in an institution’s compliance or CRA posture. A Memorandum of Understanding is generally used in
place of a Board Resolution when the FDIC has reason to believe that a Board Resolution would not adequately
address the deficiencies noted during the examination. [II-9.1 Enforcement Actions]

Answer 150

A

Formal enforcement actions are those taken pursuant to the powers granted to the FDIC’s Board of Directors under
Section 8 of the FDI Act. Each situation and circumstance determines the most appropriate action(s) to be taken. It is of note that formal enforcement actions are publicly available records. [II-9.1 Enforcement Actions]

Answer 151

A

-Termination of Insurance: Section 8(a).
-Cease-and-Desist Order: Section 8(b): Issued to halt
violations of laws or regulations as well as to require
affirmative action to correct any condition resulting from
such violations. By ordering an institution or an institution
affiliated party (IAP), including an individual officer or
director of an institution, to cease and desist from practices
and/or take affirmative actions, the FDIC may prevent the
problems facing the institution from reaching such serious
proportions as to require more severe enforcement actions.
If an institution voluntarily agrees to the entry of a Cease -
and- Desist Order, it is entitled a “Consent Order.”
-• Order for Restitution: Section 8(b)(6): Issued to require an
institution or IAP to disgorge any unjust enrichment to
consumers and/or take other affirmative action to redress
consumer harm.
-Temporary Cease-and-Desist Order: Section 8(c): Issued in
the most severe situations to halt particularly egregious
practices pending a formal hearing on permanent Cease and-Desist Orders issued pursuant to Section 8(b).
-Removal and Prohibition Order: Section 8(e)(1): The FDIC has the authority to order the removal of an IAP, i.e., director, officer, employee, controlling stockholder other than a bank holding company, or agent for an insured depository institution. The prohibition may be for specific
activities or may be industry-wide
-Temporary Suspension Order: Section 8(e)(3): The FDIC may order the temporary suspension of an IAP pending a hearing on an Order of Removal if the individual’s
continued participation poses an immediate threat to the institution or to the interests of the institution’s depositors.
-Suspension Order: Section 8(g): Issued to IAPs who are charged with felonies involving dishonesty or a breach of trust pending the disposition of the criminal charges.
-Civil Money Penalties: Section 8(i)(2): CMPs are assessed to sanction an institution, IAP, or an individual for a
violation, breach of a fiduciary duty, and/or practice. They are also assessed to deter future occurrences. In the case of a CMP assessed to an institution or IAP, twelve factors that
measure the breadth and severity of the problem are considered, including consumer harm, cooperation, and
supervisory history. Additionally, the asset size of the institution is taken into account. In the case of a CMP assessed to an individual, a similar
analysis is performed. The FDIC utilizes separate matrices for institutions and individuals. In both cases, the CMP matrices are guidance
intended to promote consistency in the assessment of CMPs. The matrices aid the examiner in determining the
appropriateness and/or level of CMPs. Each CMP matrix is included at the end of this section [II-11.1 Appeals]

Answer 152

A

Section 309(a) of the Riegle Community Development and Regulatory Improvement Act of 1994 (Public Law 103-325, 108 Stat.2160) (Riegle Act) required the Federal Deposit Insurance Corporation (FDIC) to establish an independent intra-agency appellate process to review material supervisory determinations made at insured depository institutions that it supervises. The Guidelines for Appeals of Material Supervisory Determinations (“guidelines”) describe the types of determinations that are eligible for review and the process by which appeals will be considered and decided. The procedures set forth in these guidelines establish an appeals process for the review of material supervisory determinations by the Supervision Appeals Review Committee (“SARC”). [II-11.1 Appeals]

Answer 153

A

Institutions Eligible To Appeal
The guidelines apply to the insured depository institutions that the FDIC supervises (i.e., insured State nonmember banks, insured branches of foreign banks, and state savings associations) and to other insured depository institutions with respect to which the FDIC makes material supervisory determinations. [II-11.1 Appeals]

Answer 154

A

Determinations Subject To Appeal
An institution may appeal any material supervisory determination pursuant to the procedures set forth in these guidelines. Material supervisory determinations include:
a. CAMELS ratings under the Uniform Financial Institutions Rating System;
b. IT ratings under the Uniform Interagency Rating System for Data Processing Operations;
c. Trust ratings under the Uniform Interagency Trust Rating System;
d. CRA ratings under the Revised Uniform Interagency Community Reinvestment Act Assessment Rating System;
e. Consumer compliance ratings under the Uniform Interagency Consumer Compliance Rating System;
f. Registered transfer agent examination ratings;
g. Government securities dealer examination ratings;
h. Municipal securities dealer examination ratings;
i. Determinations relating to the adequacy of loan loss reserve provisions;
j. Classifications of loans and other assets in dispute the amount of which, individually or in the aggregate, exceed 10 percent of an institution’s total capital;
k. Determinations relating to violations of a statute or regulation that may affect the capital, earnings, or operating flexibility of an institution, or otherwise affect the nature and level of supervisory oversight accorded an institution;
l. Truth in Lending (Regulation Z) restitution;
m. Filings made pursuant to 12 CFR 303.11(f), for which a Request for Reconsideration has been granted, other than denials of a change in bank control, change in senior executive officer or board of directors, or denial of an application pursuant to section 19 of the Federal Deposit Insurance Act (“FDI Act”), 12 U.S.C. §1829 (which are contained in 12 CFR §308, subparts D, L, and M, respectively), if the filing was originally denied by the DCP Director, Deputy Director or Associate Director; and
n Decisions to initiate informal enforcement actions (such as memoranda of understanding):
o. Determinations regarding the institution’s level of compliance with formal enforcement action; however, if the FDIC determines that the lack of compliance with an existing formal enforcement action requires additional enforcement action, the proposed new enforcement action is not appealable;
p. Matters requiring board attention; and
q. Any other supervisory determination (unless otherwise not eligible for appeal) that may affect the capital, earnings, operating flexibility, or capital category for prompt corrective action purposes of an institution, or otherwise affect the nature and level of supervisory oversight accorded an institution. [II-11.1 Appeals]

Answer 155

A

Material supervisory
a. Decisions to appoint a conservator or receiver for an insured depository institution;
b. Decisions to take prompt corrective action pursuant to section 38 of the FDI Act, 12 U.S.C.§1831o;determinations do not include: [II-11.1 Appeals]
c. Determinations for which other appeals procedures exist (such as determinations of deposit insurance assessment risk classifications and payment calculations); and
d. Formal enforcement-related actions and decisions, including determinations and the underlying facts and circumstances that form the basis of a recommended or pending formal enforcement action. [II-11.1 Appeals]

Answer 156

A

A formal enforcement-related action or decision commences, and becomes unappealable, when the FDIC initiates a formal investigation under 12 U.S.C. §1820(c) or provides written notice to the institution of a recommended or proposed formal enforcement action under applicable statutes or published enforcement-related policies of the FDIC, including written notice of a referral to the Attorney General pursuant to the Equal Credit Opportunity Act (“ECOA”) or a notice to the Secretary of Housing and Urban Development (“HUD”) for violations of the ECOA or the Fair Housing Act (“FHA”). For the purposes of these Guidelines, remarks in a Report of Examination do not constitute written notice of a recommended or proposed enforcement action. A formal enforcement-related action or decision does not affect the appeal of any material supervisory determination that is pending under these Guidelines. [II-11.1 Appeals]

Answer 157

A

Additional SARC Rights
a. In the case of any written notice from the FDIC to the institution of a recommended or proposed formal en-forcement action, including a draft consent order, is not pursued within 120 days of the written notice, SARC ap-peal rights will be made available pursuant to these guide-lines. The FDIC may extend this 120-day period, with the approval of the SARC Chairperson, if the FDIC notifies the institution that the relevant Division Director is seek-ing formal authority to take an enforcement action.
b. In the case of a referral to the Attorney General for viola-tions of the ECOA, if the Attorney General returns the matter to the FDIC and the FDIC does not initiate an en-forcement action within 120 days of the date the referral is returned, SARC appeal rights will be made available pur-suant to these guidelines.
c. In the case of providing the notice to HUD for violations of the ECOA or the FHA, if the FDIC does not initiate an enforcement action within 120 days of the date the notice is provided, SARC appeal rights will be made available under these guidelines.
d. Written notification of SARC rights will be provided to the institution within 10 days of a determination that such rights have been made available.
e. The FDIC and an institution may mutually agree to extend the timeframes in paragraphs (a), (b), and (c) if the parties deem it appropriate in order to reach a mutually agreeable solution.
[II-11.1 Appeals]

Answer 158

A

An institution should make a good faith effort to resolve any dispute concerning a material supervisory determination with the on-site examiner and/or the appropriate Regional Office. The on-site examiner and the Regional Office will promptly respond to any concerns raised by an institution regarding a material supervisory determination. Informal resolution of disputes with the on-site examiner and/or the appropriate Regional Office is encouraged, but seeking such a resolution is not a condition to filing a request for review with the Division of Depositor and Consumer Protection or an appeal to the SARC under these guidelines. [II-11.1 Appeals]

Answer 159

A

An institution may file a request for review of a material supervisory determination with the Director, Division of Depositor and Consumer Protection, 550 17th Street, NW, Room F-4076, Washington, DC 20429, within 60 calendar days following the institution’s receipt of a report of examination containing a material supervisory determination or other written communication of a material supervisory determination. [II-11.1 Appeals]

Answer 160

A

A request for review must be in writing and must include:
a. A detailed description of the issues in dispute, the surrounding circumstances, the institution’s position regarding the dispute and any arguments to support that position (including citation of any relevant statute, regulation, policy statement or other authority), how resolution of the dispute would materially affect the institution, and whether a good faith effort was made to resolve the dispute with the on-site examiner and the Regional Office; and
b. A statement that the institution’s board of directors has considered the merits of the request and has authorized that it be filed.
The Division Director will review the appeal for consistency with the policies, practices, and mission of the FDIC and the overall reasonableness of, and the support offered for, the positions advanced. The Division Director will issue a written determination on the request for review, setting forth the grounds for that determination, within 45 days of receipt of the request. No appeal to the SARC will be allowed unless an institution has first filed a timely request for review with the appropriate Division Director.

Answer 161

A

An appeal to the SARC will be considered filed if the written appeal is received by the FDIC within 30 calendar days from the date of the Division Director’s written determination or if the written appeal is placed in the U.S. mail within that 30-day period. If the 30th day after the date of the Division Director’s written determination is a Saturday, Sunday, or Federal holiday, filing may be made on the next business day. The appeal should be sent to the address indicated on the Division Director’s determination being appealed. [II-11.1 Appeals]

Answer 162

A

The appeal should be labeled to indicate that it is an appeal to the SARC and should contain the name, address, and telephone number of the institution and any representative, as well as a copy of the Division Director’s determination being appealed. If oral presentation is sought, that request should be included in the appeal. Only matters previously reviewed at the division level, resulting in a written determination or direct referral to the SARC, may be appealed to the SARC. Evidence not presented for review to the Division Director may be submitted to the SARC only if authorized by the SARC Chairperson. The institution should set forth all of the reasons, legal and factual, why it disagrees with the Division Director’s determination. Nothing in the SARC administrative process shall create any discovery or other such rights. [II-11.1 Appeals]

Answer 163

A

The burden of proof as to all matters at issue in the appeal, including timeliness [II-11.1 Appeals]

Answer 164

A

An appeal may be dismissed by the SARC if it is not timely filed, if the basis for the appeal is not discernable from the appeal, or if the institution moves to withdraw the appeal. An appeal may be rejected if the right to appeal has been cut off. [II-11.1 Appeals]

Answer 165

A

The SARC will review the appeal for consistency with the policies, practices and mission of the FDIC and the overall reasonableness of and the support offered for the positions advanced. The SARC will notify the institution, in writing, of its decision concerning the disputed material supervisory determination(s) within 45 days from the date the SARC meets to consider the appeal, which meeting will be held within 90 days from the date of the filing of the appeal. SARC review will be limited to the facts and circumstances as they existed prior to, or at the time the material supervisory determination was made, even if later discovered, and no consideration will be given to any facts or circumstances that occur or corrective action taken after the determination was made. The SARC may reconsider its decision only on a showing of an intervening change in the controlling law or the availability of material evidence not reasonably available when the decision was issued. [II-11.1 Appeals]

Answer 166

A

SARC decisions will be published as soon as practicable, and the published decisions will be redacted to avoid disclosure of exempt information. In cases in which redaction is deemed to be insufficient to prevent improper disclosure, published decisions may be presented in summary form. Published SARC decisions may be cited as precedent in appeals to the SARC. Annual reports on Division Directors’ decisions with respect to institutions’ requests for review of material supervisory determinations also will be published. [II-11.1 Appeals]

Answer 167

A

Appeals to the SARC will be governed by these guidelines. The SARC will retain the discretion to waive any provision of the guidelines for good cause. The SARC may adopt supplemental rules governing its operations; order that material be kept confidential; and consolidate similar appeals. [II-11.1 Appeals]

Answer 168

A

The subject matter of a material supervisory determination for which either an appeal to the SARC has been filed, or a final SARC decision issued is not eligible for consideration by the Ombudsman. [II-11.1 Appeals]

Answer 169

A

In the event that a material supervisory determination subject to a request for review is the joint product of the FDIC and a State regulatory authority, the Director, Division of Depositor and Consumer Protection, will promptly notify the appropriate State regulatory authority of the request, provide the regulatory authority with a copy of the institution’s request for review and any other related materials, and solicit the regulatory authority’s views regarding the merits of the request before making a determination. In the event that an appeal is subsequently filed with the SARC, the SARC will notify the institution and the State regulatory authority of its decision. Once the SARC has issued its determination, any other issues that may remain between the institution and the State authority will be left to those parties to resolve. [II-11.1 Appeals]

Answer 170

A

The FDIC conducts examinations of institutions it supervises at intervals established by FDIC policy. Generally, newly chartered insured institutions or institutions that changed charters and are newly supervised by the FDIC receive a visitation within the first 12 months of operation/conversion and a full-scope examination within the first 24 months. To foster open dialogue and early communication during the initial stage of operations as a FDIC-supervised institution, the institution’s supervisory region will arrange an introductory meeting with management prior to the initial visitation. After the first examination, the institution will follow the Standard Examination Frequency Schedule. [II-12.1 Examination and Visitation Frequency]

Answer 171

A

The FDIC will conduct examinations at other institutions at intervals outlined in the Standard Examination Frequency Schedule that sets examination intervals by an institution’s total asset size and the ratings assigned during the most recent Compliance examination and Community Reinvestment Act (CRA) evaluation. [II-12.1 Examination and Visitation Frequency]

Answer 172

A

When scheduling an examination, the objectives are to:
• Target examinations and supervisory efforts where risk of consumer harm is greatest;
• Allocate appropriate examination resources; and
• Conduct concurrent examinations, when requested by the bank, if practical. [II-12.1 Examination and Visitation Frequency]

Answer 173

A

This Manual presents the Initial Examination Frequency Schedule below in Table 1, the Standard Examination Frequency Schedule for institutions with total assets of $250 million or less in Table 2, and the Standard Examination Frequency Schedule for institutions with total assets of greater than $250 million in Table 3. Examinations become subject to the greater than $250 million threshold when an institution’s reported total assets are in excess of $250 million as of December 31 for the prior two calendar years. The examination interval is measured as the period between the date one examination report was transmitted to the institution and the start date of the subsequent examination at the same institution.
Regional and/or field management may schedule visitations at its discretion. Typically, Consumer Compliance and CRA ratings will not change at a visitation, but if the visitation does result in a rating change, the Standard Examination Frequency Schedule noted below will still apply. Regional and/or field management may also schedule examinations earlier than the standard schedule when warranted dependent upon supervisory concern or other factors. For example, for institutions rated “Needs to Improve” or “Substantial Noncompliance” for CRA, field management, at its discretion, may schedule a targeted CRA examination or a concurrent Compliance and CRA examination based upon the risk factors involved.
Additionally, under certain circumstances, field management will need to be proactive in manually adding a supervisory activity to avoid potentially lengthy gaps in examinations. This could occur, for example, when a Compliance and CRA Examination for an institution with assets of $250 million or less results in a “3” Consumer Compliance rating and a “Satisfactory” or “Outstanding” CRA rating and field management schedules a Compliance-only examination at the 12-month point. If the Compliance-only examination results in an upgrade to the rating, the institution would not, per the following table, be subject to another examination until the next Compliance and CRA activity. Consequently, field management should manually schedule another Compliance-only activity to occur between the 30-36-month timeframe.
Under the Gramm-Leach-Bliley Act, a financial institution with aggregate assets of $250 million or less may be subject to more or less frequent CRA examinations because of a determination of “reasonable cause.” Examples of “reasonable cause” may include, among other things, identification of significant fair lending violations during a Compliance-only examination that would affect overall CRA performance, receipt of credible complaints indicating deterioration in the bank’s CRA performance, or requests from affiliated institutions to be examined concurrently. [II-12.1 Examination and Visitation Frequency]

Answer 174

A

The FDIC conducts concurrent Compliance/CRA, risk management, and specialty examinations to accommodate the preferences of the bank, unless doing so would be impractical or inefficient. Examinations of banks subject to Consumer Financial Protection Bureau (CFPB) supervision will be coordinated with the requirements of Section 1025(e) of the Dodd-Frank Act. [II-12.1 Examination and Visitation Frequency]

Answer 175

A

The FDIC assigns consumer compliance ratings to institutions it supervises pursuant to the Uniform Interagency Consumer Compliance Rating System (CC Rating System) approved by the Federal Financial Institutions Examination Council (FFIEC) in 2016 and effective on March 31, 2017. [II-13.1]

Answer 176

A

The CC Rating System is a supervisory policy for evaluating financial institutions’ adherence to consumer protection requirements. It is composed of guidance and definitions which are contained in this section of the manual. [II-13.1]

Answer 177

A

The primary purpose of the CC Rating System is to ensure that regulated financial institutions are evaluated in a comprehensive and consistent manner and that supervisory resources are appropriately focused on areas exhibiting risk of consumer harm and on institutions that warrant elevated supervisory attention. The CC Rating System serves as a useful tool for summarizing the compliance position of individual institutions. [II-13.1]

Answer 178

A

Under the CC Rating System, each financial institution is assigned a consumer compliance rating. The CC Rating System is based upon a scale of 1 through 5 in increasing order of supervisory concern. [II-13.1]

Answer 179

A

The CC Rating System is composed of guidance and definitions. The guidance provides examiners with direction on how to use the definitions when assigning a consumer compliance rating to an institution. The definitions consist of qualitative descriptions for each rating category and include compliance management system (CMS) elements reflecting risk control processes designed to manage consumer compliance risk and considerations regarding violations of laws, consumer harm, and the size, complexity, and risk profile of an institution. The consumer compliance rating reflects the effectiveness of an institution’s CMS to ensure compliance with consumer protection laws and regulations and reduce the risk of harm to consumers. [II-13.1]

Answer 180

A

risk-based; 2. transparent; 3. actionable; 4. intent compliance Risk-based. Recognize and communicate clearly that CMS vary based on the size, complexity, and risk profile of super- vised institutions.
Transparent. Provide clear distinctions between rating catego- ries to support consistent application by the Agencies across supervised institutions. Reflect the scope of the review that formed the basis of the overall rating.
Actionable. Identify areas of strength and direct appropriate attention to specific areas of weakness, reflecting a risk-based supervisory approach. Convey examiners’ assessment of the effectiveness of an institution’s CMS, including its ability to prevent consumer harm and ensure compliance with consumer protection laws and regulations.
Incent Compliance. Incent the institution to establish an effec- tive consumer compliance system across the institution and to identify and address issues promptly, including self- identification and correction of consumer compliance weak- nesses. Reflect the potential impact of any consumer harm identified in examination findings. [II-13.1]

Brainscape's Knowledge GenomeTM

Compliance - Part I Flashcards

Brainscape's Knowledge Genome^TM