1. Corporate Governance in Insured Depository Institutions

Corporate governance is generally defined as the fulfillment of the broad stewardship responsibilities entrusted to the Board of Directors, officers, and external and internal auditors of a corporation. A number of well-publicized announcements of business and accountability failings, including those of financial institutions, have raised questions about the credibility of management oversight and accounting practices in the United States. In certain cases, board members and senior management engaged in high-risk activities without proper risk management processes, did not maintain adequate loan policies and procedures, and circumvented or disregarded various laws and banking regulations. In an increasingly consolidated financial industry, effective corporate governance is needed to ensure adequate stress testing and risk management processes covering the entire organization. Adequate corporate governance protects the depositor, institution, nation's financial system, and FDIC in its role as deposit insurer. A lapse in corporate governance can lead to a rapid decline in public confidence, with potentially disastrous results to the institution.

The Sarbanes-Oxley Act of 2002 has focused increased attention on management assessments of internal controls over financial reporting and the external auditor attestations of these assessments. Strong stewardship along with reliable financial reports from insured depository institutions are critical to FDIC mission achievement. Supervision and insurance aspects of the Corporation's mission can be complicated and potentially compromised by poor quality financial reports and audits. In the worst case, illegal and otherwise improper activity by management of insured institutions or their boards of directors can be concealed, resulting in potential significant losses to the FDIC insurance funds.

The FDIC has initiated various measures designed to mitigate risks posed by these concerns, such as reviewing the bank's board activities and ethics policies and practices and reviewing auditor independence requirements. In fact, many of the Sarbanes-Oxley Act requirements parallel those already applicable to the FDIC. The FDIC also reviews publicly traded companies' compliance with Securities and Exchange Commission regulations and the policies of the Federal Financial Institutions Examination Council to help ensure accurate and reliable financial reporting through an effective external auditing program and on-site FDIC examination. Other corporate governance initiatives include issuing Financial Institution Letters, allowing bank directors to participate in regular meetings between examiners and bank officers, maintaining a "Directors' Corner" on the FDIC Web site, and expanding the Corporation's "Directors' College" program, as well as expanding examiner guidance on the risks posed by dominant officials. The FDIC has made significant strides; however, achieving sound corporate governance without undue regulatory burden remains a management challenge.

The assessment of management is one of the most important aspects of a bank examination. Failure to appropriately evaluate management risks increases the opportunity for fraud or mismanagement to go undetected and uncorrected and could ultimately cause an institution to fail. Independent boards of directors, effective security programs, and strong commitments to sound internal control, and compliance with laws and regulations, all complement the FDIC's supervision and monitoring of insured depository institutions.

Our investigative work is one way of addressing corporate governance issues. In a number of cases, financial institution fraud is a principal contributing factor to an institution's failure. Unfortunately, the principals of some of these institutions-that is, those most expected to ensure safe and sound corporate governance-are at times the parties perpetrating the fraud. Our Office of Investigations plays a critical role in addressing such activity. (See the Investigations section of this report for specific examples of bank fraud cases involving corporate governance weaknesses.)

2. Management and Analysis of Risks to the Insurance Funds

A primary goal of the FDIC under its insurance program is to ensure that its deposit insurance funds do not require augmentation by the U.S. Treasury. Achieving this goal is a challenge that requires effective communication and coordination with the other federal banking agencies. The FDIC engages in an ongoing process of proactively identifying risks to the deposit insurance funds and adjusting the risk-based deposit insurance premiums charged to the institutions.

Recent trends and events continue to pose risks to the funds. The consolidations that have occurred and may continue to occur among banks, securities firms, insurance companies, and other financial services providers resulting from the Gramm-Leach-Bliley Act involve increasingly diversified activities and associated inherent risks. The bank mergers have created "large banks," which are generally defined as institutions with assets of over $25 billion. For many of these institutions, the FDIC is the insurer but is not the primary federal regulator.

In addition, the FDIC is the primary federal regulator for a number of industrial loan companies (ILCs), which are insured depository institutions owned by organizations that are subject to varying degrees of federal regulation. ILC charters allow mixing of banking and commerce, which is otherwise prohibited for most other depository institutions owned by commercial firms. The FDIC has instituted controls in its processes for deposit insurance applications, safety and soundness examinations, and offsite monitoring for supervising ILCs and their parent companies, particularly in cases where consolidated supervision is not provided by another federal regulator.

The failure of a large bank, along with the potential closing of closely affiliated smaller institutions, could result in losses to the deposit insurance funds that require significant increases in premium assessments from all insured institutions. To address the risks associated with large banks for which the FDIC is the insurer but is not the primary federal regulator, the FDIC initiated, in 2002, the Dedicated Examiner Program for the largest banks in the United States. One senior examiner from the FDIC is dedicated to each institution and participates in targeted reviews or attends management meetings. Additionally, case managers closely monitor such institutions through the Large Insured Depository Institutions Program's quarterly analysis and executive summaries and consistently remain in communication with their counterparts at the other regulatory agencies, frequently attending pre-examination meetings, post-examination meetings, and exit board meetings.

Large banks may pose greater risks to the insurance funds as a result of the Basel II capital accord, which aims to align capital reserves more closely with the risks faced by banks and thrifts operating internationally. The Basel II standard is mandatory for large internationally active banks that have either total commercial bank assets of $250 billion or more or foreign exposure of $10 billion or more. Basel II will have far-reaching effects on the management and supervision of the largest, most complex banking organizations in the world. The United States has an important role in Basel II implementation because it supervises more bank assets than the other accord participants. Issues that must be addressed before the United States implements the Basel II accord are: (1) assuring appropriate minimum capital standards for banks regardless of the results of proposed capital models, (2) establishing a consistent supervisory process for ensuring that banks' internal risk estimates are sound and conservative, and (3) vetting any potential anti-competitive effects with all interested parties.

There is also ongoing consideration to merging the Bank Insurance Fund (BIF) and Savings Association Insurance Fund (SAIF). The merged fund would not only be stronger and better diversified but would also eliminate the concern about a deposit insurance premium disparity between the BIF and the SAIF. Assessments in the merged fund would be based on the risk that institutions pose to that fund. The Corporation has worked hard to bring about deposit insurance reform, and during the reporting period the FDIC Chairman again testified on deposit insurance reform before the House Financial Services Committee, Subcommittee on Financial Institutions and Consumer Credit.

As the banking industry has become more sophisticated, the FDIC has developed cutting edge risk-management techniques to identify, measure, and manage risk to the insurance funds. In 2003 the FDIC created its Risk Analysis Center to better coordinate risk monitoring and action plans among the various business units in the FDIC. The Risk Analysis Center represents a best practice that brings together economists, examiners, financial analysts, and others involved in assessing risk to the banking industry and the deposit insurance funds.

Tracking and Evaluating MERIT Guidelines

In an audit conducted during the reporting period, we assessed the adequacy of processes, reports, and other data that DSC uses in monitoring MERIT examination coverage of financial institutions. We determined that DSC collects and evaluates readily available information related to the efficiency, quality, and integrity of all examinations, including those conducted under the MERIT guidelines. This information shows that application of the MERIT guidelines for well-rated and well-capitalized institutions has increased examination efficiency primarily as the result of fewer loans being reviewed compared to prior risk-focused examinations. Further, DSC has risk management processes and monitoring systems in place for monitoring its overall examination program and the risks to individual institutions and the industry as a whole.

However, we reported that DSC could benefit from a monitoring process that specifically evaluates, in terms of risk, the outcome of the reduced loan penetration at MERIT examinations, either at the institution level or, more broadly, at the regional or national level. Such ongoing analysis would assist DSC in determining whether recommended loan penetration ranges under MERIT are commensurate with the risk associated with various types of loan portfolios in low-risk institutions. We made a recommendation to that effect. We also found that examiners are required to justify loan penetration levels above, but not below, MERIT-recommended ranges. We recommended a clarification of this policy to promote the balance DSC is seeking to achieve in providing risk-based coverage under MERIT and to ensure that reduced loan penetration is adequately supported.

In response to our draft report, DSC provided additional information on its existing and planned monitoring processes that satisfy the first recommendation. DSC concurred with the second recommendation regarding justification of reduced loan penetration ratios.

3. Security Management

The FDIC relies heavily upon automated information systems to collect, process, and store vast amounts of banking information. Much of this information is used by financial regulators, academia, and the public to assess market and institution conditions, develop regulatory policy, and conduct research and analysis on important banking issues. Ensuring the confidentiality, integrity, and availability of this information in an environment of increasingly sophisticated security threats requires a strong, enterprise-wide information security program. It also requires compliance with applicable statutes and policies aimed at promoting information security throughout the federal government. One such statute is Title III of the E-Government Act of 2002, commonly referred to as the Federal Information Security Management Act of 2002 (FISMA).

As a result of focused efforts over the past several years, the FDIC has made significant progress in improving its information security controls and practices and addressing current and emerging information security requirements mandated by FISMA. However, the FDIC recognized that continued improvements in its information security program and practices were needed. In its 2004 annual report, the FDIC identified information security as a high vulnerability issue within the Corporation. The FDIC also identified improvements in its information security program as a major corporate priority in its 2004 Annual Performance Plan. Actions taken as a result have strengthened the program and contributed to the removal of information systems security as a reportable condition in the Government Accountability Office's (GAO) financial statement audit of the insurance funds.

Although progress in strengthening the FDIC's information security program and practices has been notable, additional control improvements and associated implementation activities are necessary. This is challenging because as a result of the Division of Information Technology's (DIT) transformation initiatives, a large number of staff will be leaving, and DIT will be seeking to become more aligned, focused, and efficient. Continued management attention is needed to ensure that the FDIC's information security risk management program and practices are consistent with National Institute of Standards and Technology standards and guidance and current best practices in the industry. The FDIC also needs to ensure the effectiveness of its oversight of contractors with access to sensitive data, ensure the security of its network resources, and ensure that its enterprise security architecture is fully defined and integrated with corporate business and information technology operations. Security-related threats include those focusing on disrupting the economic security of our nation. The FDIC and insured depository institutions need to ensure sound disaster recovery and business continuity planning is present to safeguard depositors, investors, and others that depend on the financial services.

Security Controls Over the FDIC's E-mail Infrastructure

E-mail is an integral aspect of the FDIC's business operations. During the reporting period we issued the results of an audit conducted on our behalf by International Business Machines (IBM) Business Consulting Services related to e-mail security. We concluded that the FDIC had implemented many of the security controls recommended by government-wide standards. However, the FDIC needed to take additional steps to ensure adequate confidentiality, integrity, and availability of data stored and transmitted in e-mail. Our report included a total of eight recommendations to strengthen technical security controls, improve the vulnerability scanning process, and ensure retention of electronic records when employees leave the Corporation. The Corporation's response adequately addressed our concerns.

Security of the ViSION Application

The Virtual Supervisory Information on the Net application (ViSION) is a major application that provides access to financial, examination, and supervisory information on financial institutions. The information contained in the application is highly confidential and not available to the public.

We audited the adequacy of the progress that the FDIC has made in implementing the agreed-to corrective actions from our prior report entitled, FDIC's Virtual Supervisory Information on the Net Application, issued on July 30, 2004. In that report we had concluded that key management and operational controls provided only limited assurance of adequate security and made six recommendations to address our concerns. In our follow-up report, we concluded that the Corporation had made substantial progress in implementing corrective actions on our earlier recommendations. Five of the six recommendations were closed and the remaining corrective action was to be completed by March 31, 2005.

The OIG has begun its 2005 work pursuant to the FISMA. As in past evaluations, we will evaluate the effectiveness of the FDIC's security program and practices, including its compliance with FISMA and related policies, procedures, standards, and guidelines. We will assess progress made relative to the baseline established in our 2004 report as well. We expect to report our results in our next semiannual report.

4. Money Laundering and Terrorist Financing

The nation continues to face the global threat of terrorism. In response to this threat, the Congress enacted the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Public Law 107-56 (USA PATRIOT Act), which expands the Treasury Department's authority initially established under the Bank Secrecy Act of 1970 (BSA) to regulate the activities of U.S. financial institutions, particularly their relations with individuals and entities with foreign ties.

Specifically, the USA PATRIOT Act expands the BSA beyond its original purpose of deterring and detecting money laundering to also address terrorist financing activities. In today's global banking environment, where funds are transferred instantly and communication systems make services available internationally, a lapse at even a small financial institution outside of a major metropolitan area can have significant implications across the nation. The reality today is that all institutions are at risk of being used to facilitate criminal activities, including terrorist financing.

Through its examiners, the FDIC seeks to ensure that institutions have a strong BSA program to address money laundering and terrorist financing concerns. While many FDIC-supervised institutions are diligent in their efforts to establish, execute, and administer effective BSA compliance programs, there have been instances where controls and efforts were lacking. When such instances are identified in the course of examinations, the FDIC may request bank management to address the deficiencies in a written response to the FDIC, outlining the corrective action proposed and establishing a timeframe for implementation, or the FDIC may pursue an enforcement action. The FDIC needs to strengthen its follow-up process for BSA violations. The FDIC is taking action to expand its pool of BSA specialists, ensure adequate coverage of BSA compliance in state examinations, and update its BSA examination in conjunction with other federal regulators.

In addition, in September 2004, the Financial Crimes Enforcement Network (FinCEN), an arm of the U.S. Treasury Department, signed an information-sharing Memorandum of Understanding with the Federal Banking Agencies (FBAs), including the FDIC. The Memorandum of Understanding requires an increased level of BSA reporting and accountability between the FBAs and FinCEN. Specifically, the FBAs will notify FinCEN of significant violations of BSA laws and regulations by institutions, enforcement actions taken, and resolution of enforcement actions. Similarly, FinCEN, based on its analyses of BSA violations, will notify FBAs of common BSA compliance deficiencies, patterns, and best practices; and assist FBAs in identifying BSA compliance deficiencies within banking organizations.

The continuing challenge facing the FDIC is to ensure that banks maintain effective BSA programs that will ultimately create an environment where attempts to use the American financial system for money laundering or terrorist financing will be identified and thwarted. The FDIC anti-money laundering supervision program is a matter for continued monitoring in the Corporation's 2004 annual report.

OIG Audits the FDIC's Supervision of an Institution's Compliance with BSA

During the reporting period, we issued a report on the FDIC's supervision of a specific institution's compliance with BSA. The audit included a review of selected institutions whose assets and insured deposits had been sold by the FDIC to the institution that was the principal focus of our audit.

We conducted this audit in response to a letter from the Chairman of the Senate Committee on Banking, Housing, and Urban Affairs, requesting our independent assessment of the circumstances related to the institution's BSA violations. We provided copies of the report to the Committee Chairman and Ranking Member concurrent with release of the report to the Corporation. The audit report contains extensive examination-related and other sensitive information and will be made publicly available only in summary fashion.

We reported that responsibilities to ensure compliance with the BSA were not adequately fulfilled by either institution management or the FDIC. Corporate governance at the financial institution and two former institutions was not sufficient to ensure that they met BSA requirements. The FDIC's examinations identified significant BSA violations and deficiencies, but the examinations generally lacked sufficient follow-up on corrective measures promised but not implemented by institution management. Consequently, weak BSA compliance programs persisted for extended periods. In addition, the FDIC should have more thoroughly considered the impact of BSA compliance violation and deficiency histories in connection with the Corporation's decision to qualify the potential acquirers of a failed institution.

Our report made the following recommendations to FDIC management:

• Propose a requirement to the Treasury and the other federal banking regulators that institution management periodically certify the implementation and oversight of an institution's BSA compliance program.
  
  
• Emphasize institution compliance with BSA requirements through continued outreach to the financial services industry on the requirements of the BSA, the USA PATRIOT Act, and the implementing regulations.
  
  
• Require transaction testing in all BSA compliance examinations by expanding core procedures to include transaction testing.
  
  
• Require examiners to perform at least the core and expanded BSA examination procedures at FDIC-supervised institutions if any one of a defined set of BSA assessment factors is present.
  
  
• Ensure that the adequacy of the BSA compliance program is a key component in the assignment of the management rating for safety and soundness examinations.
  
  
• Assess, in conjunction with the other federal banking regulators, the merits of a numeric rating system for BSA compliance.
  
  
• Issue BSA supervisory and enforcement action guidance that outlines how the BSA assessment factors will be considered in determining appropriate action to be taken as part of the BSA examination process.
  
  
• Develop an internal control process to verify that all BSA violations are promptly included in the systems used to report this information to the Treasury.
  
  
• Establish an inter-divisional task force to revise FDIC policies and procedures to define the process to be used during franchise marketing to ensure that BSA compliance issues are appropriately considered.
  
  
• Clarify policies and procedures regarding information that should be specifically considered in approving purchase and assumption transactions.
  
  
• Establish procedures to eliminate institutions with inadequate BSA compliance programs from consideration for eligibility to bid on franchises or failed bank assets.

The FDIC concurred with our findings and is making significant improvements in its supervision of institution BSA compliance programs in response to our recommendations and its own initiatives.

5. Protection of Consumers' Interests

In addition to its mission of maintaining public confidence in the nation's financial system, the FDIC also serves as an advocate for consumers through its oversight of a variety of statutory and regulatory requirements aimed at protecting consumers from unfair and unscrupulous banking practices. The FDIC is legislatively mandated to enforce various statutes and regulations regarding consumer protection and civil rights with respect to state-chartered, non-member banks and to encourage community investment initiatives by these institutions.

The FDIC accomplishes its mission of protecting consumers under various laws and regulations by conducting compliance examinations and Community Reinvestment Act (CRA) evaluations. The FDIC takes enforcement actions to address compliance violations, encourages public involvement in the community reinvestment process, assists financial institutions with fair lending and consumer compliance through education and guidance, and provides assistance to various parties within and outside of the FDIC. The Corporation has also developed a program to examine institution compliance with privacy laws.

The FDIC also has a Community Affairs program that provides technical assistance to help banks meet their responsibilities under the CRA. The Corporation will need to remain diligent in its efforts to work with the other federal banking regulators to develop uniform policy changes for CRA. A challenge facing the FDIC and other regulators is the protection of consumer interests while minimizing regulatory burden.

Another area of current emphasis is financial literacy, aimed specifically at low- and moderate-income people who may not have had banking relationships. The Corporation's "Money Smart" initiative is a key outreach effort. The FDIC also continues to maintain a Consumer Affairs program by investigating consumer complaints against FDIC-supervised institutions, answering consumer inquiries regarding consumer protection laws and banking practices, and providing data to assist the examination function. Further, the Corporation's deposit insurance program promotes public understanding of the federal deposit insurance system and seeks to ensure that depositors and bankers have ready access to information about the rules for FDIC insurance coverage.

Protecting consumers from unscrupulous banking practices also continues to be a challenge. For example, "predatory lenders" knowingly lend more money than a borrower can afford to repay; charge high interest rates to borrowers based on their race or national origin and not on their credit history; charge fees for unnecessary or nonexistent products and services; pressure borrowers to accept higher-risk loans such as balloon loans, interest only payments, and steep pre-payment penalties; and "strip" homeowners' equity by convincing them to refinance again and again when there is no benefit to the borrower. These practices ultimately put borrowers at risk of losing their homes and other investments.

A number of new consumer protection regulations have been introduced over the past several years. The emergence and continued expansion of electronic banking presents a challenge for ensuring that consumers are protected. The number of reported instances of identity theft has ballooned in recent years. The Corporation will need to remain vigilant in conducting comprehensive, risk-based compliance examinations that ensure the protection of consumer interests, analyzing and responding appropriately to consumer complaints, and educating individuals on money management topics, including identity protection and how to avoid becoming victims of "phishing" scams.^{[ 1 ]}

Our Office of Investigations' Electronic Crimes Unit has been involved in investigating e-mail "phishing" identity theft schemes that have used the FDIC's name in an attempt to obtain personal data from unsuspecting consumers who receive the e mails. Our investigations have also uncovered multiple schemes to defraud depositors by offering them misleading rates of return on deposits. These abuses are often effected through the misuse of the FDIC's name, logo, abbreviation, or other indicators suggesting that the products are fully insured deposits. Such misrepresentations induce the targets of schemes to invest on the strength of FDIC insurance while misleading them as to the true nature of the investments being offered.

Our experience with such cases prompted us on March 4, 2003, to submit to the House Financial Services Committee Chairman, Michael Oxley, a legislative proposal to prevent misuse of the Corporation's guarantee of insurance. This proposal was incorporated in H.R. 1375: Financial Services Regulatory Relief Act of 2003. On March 24, 2004, H.R. 1375 was passed by the House of Representatives and referred to the U.S. Senate. Section 615 of H.R. 1375, as we suggested, would provide the FDIC with enforcement tools to limit misrepresentations regarding FDIC deposit insurance coverage. We appreciate past Congressional support of this measure and encourage continued consideration of such a proposal.

The OIG has undertaken an audit of predatory lending, which is now in process. Our objective is to determine whether DSC has established and implemented an adequate program for identifying, assessing, and addressing the risks posed to institutions and consumers from predatory lending practices. We will issue our results in our next semiannual report.

6. Corporate Governance in the FDIC

Corporate governance within the FDIC is the responsibility of the Board of Directors, officers, and operating managers in fulfilling the Corporation's broad mission functions. It also provides the structure for setting goals and objectives, the means to attaining those goals and objectives, and ways of monitoring performance. Management of the FDIC's corporate resources is essential for efficiently achieving the FDIC's program goals and objectives.

Also, the Administration has outlined management initiatives for departments and major agencies in the President's Management Agenda (PMA). These initiatives are (1) strategic management of human capital, (2) competitive sourcing, (3) improved financial management, (4) expanded electronic government, and (5) budget and performance integration. Although the FDIC is not subject to the PMA, it has given priority attention to continuing efforts to improve operational efficiency and effectiveness, consistent with the PMA. The initiatives taken and opportunities for improvement are discussed below along with other issues that pose significant elements of risk to attaining the FDIC's program goals and objectives.

Management of Human Capital

The FDIC, like other organizations, continues to be affected by changing technology, market conditions, initiatives designed to improve its business processes, an aging workforce, and the unknown. Such events impact needed staffing levels and required skills going forward. Since 2002, the FDIC has been working to create a flexible permanent workforce that is poised to respond to sudden changes in the financial sector. FDIC executives announced workforce planning initiatives providing for human resources flexibilities, the establishment of a Corporate Employee Program, a Buyout Program, and reductions-in-force. Designing, implementing, and maintaining effective human capital strategies-including developing a coherent human capital blueprint that comprehensively describes the FDIC's human capital framework and establishes a process for agency leaders to systematically monitor the alignment and success of human resources-related initiatives-are critical priorities and must continue to be the focus of centralized, sustained corporate attention. The FDIC's training and development function, known as the FDIC Corporate University, will be a key ingredient in the successful implementation of the FDIC's Corporate Employee Program and other corporate efforts to address skill and competency requirements. Workforce management is a matter for continued monitoring in the Corporation's 2004 annual report.

During the reporting period, we reviewed such efforts related to DSC because it accounts for more than one half of all FDIC employees and because it is a primary business line responsible for ensuring the safety and soundness of insured financial institutions and for protecting consumers' rights.

We assessed DSC's efforts to: (1) determine critical skills and competencies needed to achieve current and future corporate goals and objectives, (2) identify gaps in skills and competencies that need to be addressed, and (3) develop strategies to address current gaps in skills and competencies and future workforce needs. We used Office of Personnel Management (OPM) and GAO guidance to evaluate DSC's workforce planning efforts.

We determined that DSC is engaging in workforce planning activities consistent with OPM and GAO guidance. Nevertheless, more work is needed to finalize and communicate DSC's workforce planning efforts to DSC employees and others. Considering the efforts that DSC had underway, and expanding on those, we made five recommendations related to the following: incorporating the Corporate Employee Program into the staffing strategy and communicating that strategy, validating the model DSC is developing and determining how it will be used, evaluating the benefits of a skills assessment to identify competency gaps, determining whether DSC's existing training system can be used as a corporate repository, and defining how existing mechanisms interrelate and how the success of each will be monitored and measured. DSC generally concurred with our five report recommendations to enhance its on-going efforts.

While workforce planning is a fundamental component of DSC's overall management process, DSC will need to ensure that its workforce planning strategy and initiatives fit into the FDIC's overall corporate workforce plan. In this regard, the FDIC's Division of Administration (DOA) plans to issue guidance that FDIC divisions and offices can use to facilitate workforce planning efforts.

Competitive Sourcing

The FDIC recently awarded long-term contracts to consolidate outsourced information technology activities. While these contracts permitted the FDIC to solicit among well-qualified sources under task orders, the FDIC's ability to compete was generally limited to a small number of firms. Attaining the desired services at competitive prices presented a significant challenge for the FDIC.

We issued the results of a preaward audit that we conducted related to the information technology contracts. We found no significant exceptions in doing our work.

Improved Financial Management

The FDIC plans to field a new financial management system during 2005 that will consolidate the operations of multiple systems. Named the New Financial Environment (NFE), this initiative will modernize the FDIC's financial reporting capabilities. Implementing NFE and interfacing other systems with NFE has and will continue to require significant efforts and poses major challenges.

We conducted an audit of management controls over the re-baselined NFE project and issued the results of that effort during the reporting period. We reported that the FDIC has established and implemented adequate management controls for the re-baselined project.

However, project planning for NFE system implementation did not adequately cover post-installation activities as recommended by federal guidance. Specifically, the transition and data conversion plans and design documents do not provide policies and procedures or assignments of responsibility and accountability to ensure that post-installation tasks such as verifying data integrity, handling final disposition of the legacy system data, and monitoring of the first reporting cycle are adequately performed. The lack of planning for these activities limits the FDIC's preparedness for resolving problems and abnormalities that could affect reliability and availability of the operational NFE system.

We recommended that the FDIC develop a plan or modify existing plans for NFE system implementation to address post-installation tasks and related controls, including policies, procedures, and assignments of responsibility and accountability. FDIC management agreed with the recommendation and will expand NFE project planning to further address post-installation tasks and related controls.

We had two other audits of NFE ongoing during the reporting period. In one, we examined NFE testing. We issued a draft report on that assignment and will issue final results in our upcoming semiannual report. As for the second audit, we were seeking to review NFE system and data conversion activities. Our audit objective was to determine whether systems and data conversion plans and activities are adequate to minimize the risk of errors and omissions during NFE implementation. However, we terminated that assignment because we were not able to collect sufficient, competent, and relevant evidence in a timely manner as required by generally accepted government auditing standards to provide a reasonable basis for audit conclusions related to our objective. We advised management of some of the concerns we identified and will issue a report on work performed up to the time of termination. We will also provide audit coverage of NFE implementation after the system is deployed.

E-Government

The FDIC's E-government strategy is a component of the enterprise architecture which focuses on service delivery for the external customers of the FDIC. The FDIC issued Version One of its E-government Strategy in November 2002 and is in the process of establishing a task force to update the strategy. The FDIC has initiated a number of projects that will enable the FDIC to improve internal operations, communications, and service to members of the public, businesses, and other government offices. The projects include: Call Report Modernization, Virtual Supervisory Information on the Net, Asset Servicing Technology Enhancement Project, NFE, Corporate Human Resources Information System, and FDIConnect. The risks of not implementing E-government principles are that the FDIC will not efficiently communicate and serve its internal and external customers.

The OIG is currently auditing the Corporation's E-government strategy and will issue the results of that work in the next semiannual reporting period. This work is examining whether the FDIC adequately implemented E-government principles in its operations and information exchanges with FDIC-insured financial institutions and complied with applicable portions of the Government Paperwork Elimination Act.

Risk Management and Assessment of Corporate Performance

Within the business community, there is a heightened awareness of the need for a robust risk management program. Because of past corporate governance breakdowns at some major corporations, organizations are seeking a "portfolio" view of risks and the launch of proactive measures against threats that could disrupt the achievement of strategic goals and objectives. To address these needs, a best practice has developed--enterprise risk management (ERM). ERM is a process designed to: identify potential events that may affect the entity, manage identified risks, and provide reasonable assurance regarding how identified risks will affect the achievement of entity objectives. In April 2004, the FDIC's Chief Financial Officer changed the name of the Office of Internal Control Management to the Office of Enterprise Risk Management (OERM) and the OERM has begun developing an ERM program for the FDIC. The migration from internal control to enterprise risk management perspectives and activities presents challenges and opportunities for the FDIC.

In the spirit of the Government Performance and Results Act of 1993 (GPRA), the FDIC prepares a strategic plan that outlines its mission, vision, and strategic goals and objectives within the context of its three major business lines; an annual performance plan that translates the vision and goals of the strategic plan into measurable annual goals, targets, and indicators; and an annual performance report that compares actual results against planned goals. In addition, the FDIC Chairman develops a supplemental set of "stretch" annual corporate performance objectives based on three strategic areas of focus that cut across the Corporation's three business lines: Sound Policy, Stability, and Stewardship. The Division of Finance monitors the Corporation's success in meeting both sets of performance objectives and develops quarterly reports on the FDIC's progress. Executive and managerial pay are linked to performance on both the Chairman's objectives and those in the annual performance plan.

The Corporation is continually focused on establishing and meeting annual performance goals that are outcome-oriented, linking performance goals and budgetary resources, implementing processes to verify and validate reported performance data, and addressing cross-cutting issues and programs that affect other federal financial institution regulatory agencies.

OIG efforts addressing risk management and corporate performance assessment during the reporting period included the following.

Security of Critical Infrastructure

To effectively protect critical infrastructure, the FDIC's challenge in this area is to implement measures to mitigate risks, plan for and manage emergencies through effective contingency and continuity planning, coordinate protective measures with other agencies, determine resource and organization requirements, and engage in education and awareness activities. The FDIC will need to continue to work with the Department of Homeland Security and the Finance and Banking Information Infrastructure Committee, created by Executive Order 23231 and chaired by the Department of the Treasury, on efforts to improve security of the critical infrastructure of the nation's financial system. To address this risk, the FDIC is sponsoring outreach conferences for the Financial and Banking Information Infrastructure Committee and Financial Services Sector Coordinating Council through 2005, which will address protecting the financial sector.

On December 17, 2003, the President signed Homeland Security Presidential Directive (HSPD) - 7, Critical Infrastructure Identification, Prioritization and Protection. HSPD - 7 established a national policy for federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist acts. On June 17, 2004, OMB issued Memorandum M-04-15, Development of the HSPD-7 Critical Infrastructure Protection Plans to Protect Federal Critical Infrastructures and Key Resources. The memorandum provides guidance regarding the format and content of critical infrastructure protection plans that federal agencies are required to submit to the OMB. Although the FDIC has determined that it does not maintain critical infrastructure or key resources as intended by HSPD - 7, the FDIC is required to report to OMB on its ability to ensure the continuity of its business operations in the event of a physical or cyber attack. The FDIC provided its Critical Infrastructure Protection plan to OMB in August 2004. However, the FDIC will need to ensure that the Plan is kept current and up-to-date, particularly in light of transformation activities in DIT.

With respect to information technology contingency planning, the FDIC has continued capability to recover its mainframe and server platforms necessary to restore operations in the event of a disaster. However, testing for data restoration needs to be done continually. The FDIC's Business Continuity Plan (BCP) addresses critical business functions in key divisions and offices, and the Corporation has completed an updated business impact analysis and revised the plan accordingly. Continued testing and updates of the plan must be part of a sound BCP process. The OIG will be conducting work to monitor business continuity efforts going forward.

Management of Major Projects

Project management involves defining, planning, scheduling, and controlling the tasks that must be completed to reach a goal and allocating resources to perform those tasks. The FDIC has engaged in several multi-million dollar projects, such as the NFE project discussed earlier, Central Data Repository, and Virginia Square Phase II Construction. Without effective project management, the FDIC runs the risk that corporate requirements and user needs may not be met in a timely, cost-effective manner. Particularly in light of downsizing, the FDIC needs to be vigilant in overseeing major projects and related costs. Project management is a matter for continued monitoring in the Corporation's 2004 annual report.

In September 2002, the FDIC established the Capital Investment Review Committee (CIRC) as the control framework for determining whether a proposed investment is appropriate for the FDIC Board of Directors' consideration, overseeing approved investments throughout their life cycle, and providing quarterly capital investment reports to the Board. The CIRC generally monitors projects valued at more than $3 million. The FDIC also developed the Chief Information Officer's Council to recommend and oversee technology strategies, priorities, and progress. The work of the Council encompasses the entire portfolio of technology projects, including those below the threshold addressed by the CIRC.

Beginning with the 2003 budget, the FDIC began budgeting and tracking capital investment expenses as a separate component of the budget to enhance management's ability to focus on such projects. Project funds established within the investment budget are to be available for the life of the project rather than for the fiscal year. Final responsibility for approving the initial creation or modification of a project's capital investment budget rests with the FDIC's Board of Directors. In addition, DIT has recently adopted the Rational Unified Process system development life cycle model and has established a Project Management Office. Both of these initiatives should result in additional oversight and control mechanisms for corporate projects.

The FDIC's System Development Life Cycle (SDLC) methodology and the related control framework can benefit from implementing identified best practices. The FDIC has selected a risk-based SDLC methodology and developed a statement of work to implement the new methodology. Also, issuing detailed information technology enterprise architecture guidance can help implement higher-level policy and general guidance. As these initiatives are addressed, the FDIC should promptly implement the necessary control framework. Doing so would; provide the Corporation with greater assurance that major projects meet cost, schedule, and quality goals; the development process continually improves; all system development projects are consistent with the FDIC enterprise architecture; and effective security controls exist in all completed systems.

Cost Containment and Procurement Integrity

As steward for the BIF, SAIF, and the Federal Savings and Loan Insurance Corporation Resolution Fund, the FDIC strives to identify and implement measures to contain and reduce costs, either through more careful spending or by assessing and making changes in business processes to increase efficiency. A key challenge to containing costs relates to the contracting area. To assist the Corporation in accomplishing its mission, contractors provide services in such areas as information technology, legal matters, loan servicing, and asset management. To contain costs, the FDIC must ensure that its acquisition framework-its policies, procedures, and internal controls-is marked by sound planning; consistent use of competition; fairness; well-structured contracts designed to result in cost-effective, quality performance from contractors; and vigilant oversight management to ensure the receipt of goods and services at fair and reasonable prices.

DIT and DOA were working on Statements of Work for the regional offices and Virginia Square to compete contract award for local calling service. In addition, DIT had begun discussions with the General Services Administration regarding contracting options and telecommunication programs available to the FDIC. DIT personnel indicated that the FDIC could reduce monthly local telecommunications costs by about 10 to 25 percent through long-term service agreements, increased competition, and alternative programs offered by the General Services Administration.

Based on an annual budget of $1.3 million for local calling plans, we determined that the FDIC could save about $130,000 to $325,000 per year by implementing a strategy. The FDIC may also realize process efficiencies by consolidating local telecommunications billings. The report identified funds put to better use of $390,000 to reflect recurring savings over a 3-year period (i.e., $130,000 x 3). FDIC management agreed to conduct an evaluation but felt that projecting this amount was premature and could neither agree nor disagree with the OIG estimate at the time we issued the report.

The Corporation planned corrective action that is responsive to our recommendation. We consider the $1,967,863 as questioned costs.

We reported that DOA had not developed a formal strategic approach for its procurements and, as a result, may not be taking full advantage of opportunities to reduce costs and maximize procurement efficiencies. Based on a savings rate comparable to that of the Department of Veterans Affairs, we estimated that the FDIC could save about $8.8 million (funds put to better use) over the next 3 years by developing a strategic approach, including performing spend analysis, for the procurement of such goods and services. In addition, DOA had not sufficiently established goals and performance measures for the procurement process. Therefore, DOA could not adequately evaluate the overall efficiency of its procurements or the impact of its procurement initiatives.

We made two recommendations to address these issues and the Corporation generally agreed with them.

Overall, we concluded that the controls over the FDIC's use of consultants could be improved. Our report contains two recommendations for actions to strengthen the administration of specific contracts, and one recommendation to generally strengthen the controls over the FDIC's use of consultants. We again highlighted a lack of contract file documentation as a matter for further management attention. The Corporation was responsive to our recommendations.

Other work related to this challenge during the reporting period included three post-award contract billing audits and one pre-award contract audit. The billing reviews identified $354,153 in questioned costs and $361,430 in funds put to better use. Management is currently addressing the findings in those audits.

7. Resolution and Receivership Activities

One of the FDIC's responsibilities is planning and efficiently handling the resolution of failing FDIC-insured institutions and providing prompt, responsive, and efficient administration of failed financial institutions. These activities help maintain confidence and stability in our financial system.

The Division of Resolutions and Receiverships (DRR) has outlined primary goals for three functional areas (listed below) that are relevant to the three major phases of its work: Pre-Closing, Closing, and Post-Closing of failed institutions. Each is accompanied by significant challenges.

In addition to the challenges inherent in the three major phases of DRR work, DRR also faces challenges from a significant downsizing of its current staffing levels. Notwithstanding corporate restructuring, adequate resources are needed for DRR to perform its mission. Further, DRR is pursuing an information system enhancement project, the Asset Servicing Technology Enhancement Project (ASTEP), which is intended to create an integrated solution to meet the FDIC's current and future asset servicing responsibilities based on industry standards, best practices, and adaptable technology. Successfully implementing ASTEP is an important aspect of DRR mission achievement.

OIG Work Addressing Resolution and Receivership Issues

Three of our audit reports this reporting period addressed resolution and receivership activities, as discussed below.

We conducted an audit to determine whether DRR is adequately and efficiently managing and processing internally serviced loans. We found that DRR has an adequate management control process to ensure that funds from internally serviced loans and related transactions are properly reported and credited to the FDIC. However, in the interest of ensuring more efficient and effective loan servicing, we recommended that the Director, DRR, require a prompt supervisory review for internally serviced receivership loans assigned to account officers who are detailed or otherwise unable to manage their loan portfolios. FDIC management generally agreed with the recommendation and has taken or planned actions to address it.

We reported that DRR has established and implemented adequate controls over the receivership dividend payment process. However, we also found that from January 1, 2003 through December 31, 2004, the FDIC issued 18,339 paper checks to receivership dividend recipients. In our view, the FDIC could achieve savings associated with efficiency gains by moving to an electronic payment method.

We therefore recommended that DRR assess the feasibility of making electronic payments to recipients of receivership dividends and take steps to request recipient bank routing information for future electronic receivership dividend payments. FDIC management agreed with the recommendations and has planned actions to address them.

We conducted an audit to determine whether DRR's decisions for writing off assets from failed financial insured depository institutions were properly justified and adequately supported. Our audit scope included 435 write-off cases, valued at $292 million. We reviewed a sample of 24 write-off cases valued at about $95 million.

We reported that the FDIC has established a sound internal control process and procedures for writing off receivership assets in conformity with DRR delegations of authority. For the 24 write-off cases we sampled, the decisions to write off receivership assets from failed depository institutions were justified and adequately supported. We also found, however, eight write-off cases totaling $31 million in debt for which DRR had not issued Forms 1099-C in compliance with FDIC and Internal Revenue Service policies and directives. As a result, the government may have been deprived of significant tax revenue.

We recommended that DRR improve procedures related to reporting discharges of debt, issue Forms 1099-C for the write-off cases identified in the report, and review all write-off cases for 2003 and 2004 to ascertain whether reporting of additional discharges of debt is warranted. DRR concurred with two of our recommendations and partially concurred with the third recommendation. Regarding the partial concurrence, DRR agreed to issue Forms 1099-C for the seven write-off cases that involved loans to foreign debtors and loans discharged in corporate bankruptcies. DRR initially did not agree to issue the forms for the remaining case because the taxable event occurred before bank failure, and DRR stated that it is not its policy to issue a Form 1099-C in this circumstance. It was later determined that DRR should issue the forms.

Investigations: Making an Impact

Investigative Statistics October 1, 2004 – March 31, 2005 Judicial Actions: Number Indictments/Informations 13 Convictions 8 OIG Investigations Resulted In: Amount Fines of $32,500 Restitution of $4,674,998 Other Monetary Recoveries of $19,420,848 Total $24,128,346 Cases Referred to the Department of Justice (U.S. Attorney) 13 Referrals to FDIC Management 3 OIG Cases Conducted Jointly with Other Agencies 65 The Office of Investigations (OI) is responsible for carrying out the investigative mission of the OIG. Agents in Washington, D.C.; Atlanta; Dallas; and Chicago conduct investigations of alleged criminal or otherwise prohibited activities that may harm or threaten to harm the operations or integrity of the FDIC and its programs. OI also operates an Electronic Crimes Unit (ECU) and laboratory in Washington D.C. The ECU is responsible for conducting computer-related investigations impacting the FDIC, including employee cases involving computer abuse, and providing computer forensic support to OI investigations nationwide. OI also manages the OIG Hotline for employees, contractors, and others to report allegations of fraud, waste, abuse, and mismanagement via a toll-free number or e mail. Currently, the majority of OI's caseload is comprised of investigations involving major financial institution fraud. OI's work in this area targets schemes that result in significant losses or vulnerabilities for the institution(s), and/or involves institution officers or insiders, multiple subjects and institutions, obstruction of bank examinations; and/or misrepresentation of FDIC-insurance or affiliation. It also includes investigations of fraud resulting in significant monetary losses and institution failures. (See highlighted write-up) [ D ] In addition to pursuing financial institution-related cases, the OIG commits resources to investigations that target fraud by FDIC debtors seeking to conceal their assets from the FDIC. These cases made up 20 percent of our caseload as of March 31, 2005. These cases are of great significance to the FDIC, which was owed more than $1.7 billion in criminal restitution as of September 30, 2004. In most instances, the individuals subject to these restitution orders do not have the means to pay. The focus of OIG investigations in this area is on those individuals who do have the means to pay, but hide their assets and/or lie about their ability to pay. OI works closely with the Division of Resolutions and Receiverships (DRR) and the Legal Division in aggressively pursuing investigations of these individuals. Although currently only about 4 percent of our caseload, the OIG must always be prepared to commit resources to investigations of criminal or serious misconduct on the part of FDIC employees. These are among the most sensitive of OIG cases and are critical to ensure the integrity of and public confidence in FDIC operations. Attention during the reporting period focused on several employee cases related to inappropriate use of computers. Joint Efforts The OIG works closely with U.S. Attorneys' Offices throughout the country in attempting to bring to justice individuals who have defrauded the FDIC. The prosecutorial skills and outstanding direction provided by Assistant U. S. Attorneys with whom we work are critical to our success. The results we are reporting for the last 6 months reflect the efforts of U.S. Attorneys' Offices in the Southern District of Florida, District of Connecticut, District of Minnesota, Central District of Illinois, Northern District of Illinois, Southern District of Illinois, Southern District of Iowa, Eastern District of Texas, Southern District of New York, District of New Hampshire, and the Northern District of Texas. In addition to local U.S. Attorneys' Offices, the OIG worked with Trial Attorneys from the Fraud Section of the U.S. Department of Justice and from the State of Missouri. Support and cooperation among other law enforcement agencies is also a key ingredient for success in the investigative community. We frequently "partner" with the Federal Bureau of Investigation (FBI), the Internal Revenue Service Criminal Investigation Division, and other law enforcement agencies in conducting investigations of joint interest. Also vital to our success is our partnership with FDIC program offices. We coordinate closely with the FDIC's Division of Supervision and Consumer Protection (DSC) in investigating fraud at financial institutions, and with DRR and the Legal Division in investigations involving failed institutions and fraud by FDIC debtors. Our ECU coordinates closely with the Division of Information Technology (DIT) in carrying out its mission. The successes highlighted for the period would not have been possible without the collaboration of these offices. In addition to carrying out its direct investigative responsibilities, the OIG is committed to providing training and sharing information with FDIC components and other regulators based on "lessons learned" regarding red flags and fraud schemes identified through our investigations. OI agents provide training and frequently give presentations to FDIC staff during regional and field meetings. OI is also called upon by the Federal Financial Institutions Examination Council, state banking regulatory agencies, and law enforcement agencies to present case studies. Results Over the last 6 months OI opened 24 new cases and closed 20 cases, leaving 115 cases underway at the end of the period. Our work during the period led to indictments or criminal charges against 13 individuals and convictions of 8 defendants. Criminal charges remained pending against 31 individuals as of the end of the reporting period. Fines, restitutions, and recoveries resulting from our cases totaled almost $24,128,346. The following are highlights of some of the results from our investigative activity over the last 6 months: Fraud Arising at or Affecting Financial Institutions Former Community Bank Executives, Excavating Company Owner Convicted of Defrauding Community Bank " Corporate executives are subject to the same laws as others, and this crime was simply another way of 'robbing a bank' and will be met with severe consequences of federal prison. Today's victory sends the message that we will invest the time, money and resources it takes to pursue complex white collar fraud. " U.S. Attorney Alice H. Martin, commenting on Community Bank verdict After a 6-week jury trial in the Northern District of Alabama, Birmingham, the former chairman and chief executive officer (CEO) of Community Bank, Blountsville, Alabama, was found guilty on 15 counts of conspiracy, bank fraud, causing false entries in bank records, and filing false income tax returns. He was found not guilty of six counts relating to a false loan application. The government had sought a civil forfeiture of $3.45 million from the former chairman and CEO by placing a lien on his 17,000-square-foot house, known as Heritage Valley Farms. The government released this lien prior to trial in order for Community Bank to obtain a clear title and foreclose on the property. Community Bank's former vice president of construction and maintenance was also found guilty on 13 counts of conspiracy, bank fraud, and causing false entries in bank records. Additionally, the owner of J&M; Materials, a contractor to Community Bank, was found guilty of seven counts of conspiracy, bank fraud, and causing false entries in bank records. By way of explanation of the three individuals' roles in the fraud, the former Community Bank vice president of construction acted as the general contractor and was responsible for receiving and approving construction invoices on Community Bank projects. The owner of J&M; Materials provided construction services on commercial and residential construction projects, including Community Bank, and the former chairman and CEO's personal projects. The indictment alleged that the defendants conspired and used $2.15 million in bank funds for construction work on the former CEO's personal projects, including the construction of his residence, Heritage Valley Farms. The indictment further alleged that the former CEO obtained more than $5 million in bank loans to build the house but used more than $1.34 million of those funds for other purposes. The investigation of suspected fraud involving Community Bank was conducted by agents from the FDIC OIG, FBI, and Internal Revenue Service Criminal Investigation Division. Prosecution of the case is being handled by trial attorneys from the Department of Justice, Washington, D.C. FDIC to Receive $4.2 Million in Restitution as a Result of Federal and State Efforts Investigating the Failure of Sinclair National Bank At the end of the reporting period, the former CEO of Stevens Financial Group (SFG) was sentenced in U.S. District Court for the Western District of Missouri to 5 years in prison and ordered to pay $4.2 million in restitution to the FDIC. The federal judge also sentenced one of the former bank owners who was also a board member (the defendant) of Sinclair National Bank (SNB), Gravette, Arkansas. The defendant, who resides in Germany, was sentenced to 2 years' probation, fined $5,000, and was ordered to surrender her passport. After a 2-week trial in August 2004, a federal jury returned guilty verdicts against the former CEO and the defendant. The former CEO was a business partner of the defendant and her ex-husband. The two were earlier indicted based on evidence developed during our investigation into the fraud scheme that led to SNB's failure after only 18 months of ownership by the defendant and her ex-husband. The defendant's ex-husband was also indicted but died in December 2003 while awaiting trial. The FDIC was named receiver, and SNB's failure caused a loss of approximately $4.5 million to the Bank Insurance Fund. Through his company, SFG, the former CEO sold over $15 million worth of sub prime loans to SNB. He was found guilty of conspiring with the defendant's ex husband to defraud SNB in the purchase of these sub-prime loans. "I can tell you it was a good feeling seeing the former CEO's hands placed in cuffs. I think it's important to show that white-collar criminals are not above the law."Corporate executives are subject to the same laws as others, and this crime was simply another way of 'robbing a bank' and will be met with severe consequences of federal prison. Today's victory sends the message that we will invest the time, money and resources it takes to pursue complex white collar fraud." Assistant Attorney General Ron Carrier, commenting on sentencing of SFG's former CEO The defendant was found guilty of conspiracy to submit a false statement and making a material false statement to the Office of the Comptroller of the Currency (OCC). In December 1999, the defendant and her ex-husband made an application to the OCC for the purchase of Northwest National Bank. The two failed to list substantial assets and liabilities on their application to the OCC. The OCC relied on the fraudulent misrepresentations and approved the application. The former in-house counsel for SNB and SFG also played a part in deceiving OCC examiners. In November 2004, the former in-house counsel was sentenced both in state and federal court to 5 years' probation and was ordered to surrender his law license. He had previously pleaded guilty to criminal information(s) that charged him with creating and backdating documents and making false statements in order to deceive OCC examiners. He backdated documents that raised issues of "potential self-dealing" by SNB's former chairman, who owned SFG before selling it in October 1999. Former CEO Also Sentenced in State Court Also during the reporting period, after a sentencing hearing in the Greene County Missouri State Court, the former CEO of SFG was sentenced to prison for 2 years on each of the five counts for which he was convicted on September 24, 2004. After a 2 week trial, he was convicted on five felony counts of making false and misleading statements to the Missouri Division of Securities. He was found not guilty on six counts of Missouri securities fraud. By fraudulently submitting documents to the State of Missouri Secretary of State's Office, the former CEO artificially inflated the true net worth of the company. In order to accumulate cash, the former CEO and defendant's ex-husband sold "time certificates" that raised approximately $100 million from investors in Missouri. The sales of the securities were structured to avoid federal securities regulations as enforced by the Securities and Exchange Commission (SEC). Consequently, the securities were sold only within the State of Missouri and some of the funds raised from this scheme furnished the money used by one of the former owners to purchase SNB. The loans that secured these securities were also used in the fraudulent activity involving SNB. Also in the state investigation, in a negotiated plea agreement, a certified public accountant for the former SFG and SNB, pleaded guilty to one count of false statements and one count of perjury in the Greene County Circuit Court, Springfield, Missouri. He admitted that he and others created false and misleading documents to inflate over $10 million of the net worth of SFG. Over 3,000 investors lost over $60 million when SFG's true financial condition was exposed in 2001. The federal case was prosecuted by the Fraud Section of the U.S. Department of Justice, Washington, D.C. The state case was prosecuted by the Missouri Attorney General's Office. The case was investigated by the FDIC OIG, FBI, Treasury Office of Inspector General, and the Missouri Secretary of State's Office. President and Director of Hamilton Bancorp Admits Guilt in Hamilton Bank Investigation On February 9, 2005, the president (who was also a director) of Hamilton Bancorp and Hamilton Bank pleaded guilty to two counts of securities fraud before a U.S. District Court Judge in the Southern District of Miami. The defendant faces a maximum statutory term of imprisonment of 10 years on each of these counts. He also faces a maximum fine of $1 million, as well as restitution. This plea followed the president's June 2004 indictment. Also named in the 42-count indictment in June 2004 were the following: the former chairman of the board and CEO; and the former senior vice president and chief financial officer. The indictment charged the defendants with conspiracy, wire fraud, securities fraud, false filings with the SEC, false statements to accountants, obstruction of an examination of a financial institution, and making false statements to the OCC. The former chairman of the board and CEO was also charged with insider trading. To explain the nature of the fraud, the indictment alleged that, in 1998 and 1999, the defendants fraudulently inflated the reported results of operations and financial condition of Hamilton Bancorp and defrauded the investing public and the bank and securities regulators, so that the accused would unjustly enrich and benefit themselves through higher salaries, bonuses, and stock options, and would facilitate an upcoming registered securities offering to the investing public. The former chairman of the board and CEO made nearly $2 million in bonuses. The former president and director and the former senior   vice president and chief financial officer each made more than $100,000 in bonuses while the fraud was concealed. The indictment further alleged that the defendants participated in a fraudulent scheme whereby they falsely inflated the results of operations and financial condition of Hamilton Bancorp in the SEC filings; obstructed OCC's examination of Hamilton Bank; and lied to the investing public, the bank and securities regulators, and their accountants regarding the true financial health of Hamilton Bancorp and Hamilton Bank. The indictment charged that, in 1998 and 1999, the three defendants engaged in swap transactions (or "adjusted price trades") to hide Hamilton Bank's losses, including $22 million-plus losses in 1998, and falsely accounted for the transactions to make it appear that no losses had been incurred. While the defendants falsely reported the nature of the swap transactions to the investing public and the regulators, the indictment revealed recorded conversations in which the defendants openly discussed the transactions as swaps. In addition, the indictment charged that while the fraud was concealed, the former chairman of the board and CEO engaged in illegal insider trading in Hamilton Bancorp's stock through the use of trust accounts. During 1998, Hamilton Bancorp had a market capitalization of more than $300 million. Also during the reporting period, a new indictment was filed adding a fourth defendant to the conspiracy count, an investment banker in London. This defendant is the former managing director of Deutsche Morgan Grenfell and was an advisor to the Hamilton Bancorp Board of Directors. He was charged for his role in allowing the use of Deutsche Morgan Grenfell as a conduit in several Russian loan transactions in an effort to disguise the true nature of certain transactions. He has pleaded not guilty. Hamilton Bank was South Florida's highest profile trade finance bank before it ran into trouble with its regulator, the OCC, over the questionable loan swaps that allowed the bank to hide $22 million in losses in 1998. The OCC closed the bank in January 2002 and the FDIC took on liquidation responsibilities as receiver. This case is being investigated by the FDIC OIG and the Department of Treasury OIG. The case is being prosecuted by the U.S. Attorney's Office for the Southern District of Florida. Trial is scheduled for June 27, 2005. Former Chairman of the Connecticut Bank of Commerce Sentenced On January 24, 2005, the former chairman of the board of directors, Connecticut Bank of Commerce (CBC) was sentenced in the U.S. District Court, New Haven, Connecticut, to 51 months' incarceration and 36 months' supervised release. No criminal restitution was ordered by the court because the parties agreed that the former chairman's payment of $8.5 million to the FDIC as part of his settlement of the agency's administrative charges satisfied all losses directly related to his criminal conduct. On October 4, 2004, the former chairman pleaded guilty to a one-count criminal information charging him with misapplication of bank funds. According to the information, the former chairman caused the president of CBC to prepare and present for approval to the CBC board of directors a proposed $1.3 million unsecured loan to a firm known as Triumph Financial, LLC (Triumph). The CBC board of directors, including the former chairman, voted to approve the loan. The information charged that the former chairman knew Triumph did not have the liquidity to repay the loan and that the loan did not meet prudent underwriting standards. This case was investigated by the FDIC OIG, the FBI, and the Internal Revenue Service Criminal Investigation Division. The case was prosecuted by the U.S. Attorney's Office for the District of Connecticut. Former Executive Vice President Pleads Guilty to Conspiracy to Commit Bank Fraud On January 14, 2005, a former executive vice president and chief loan officer for Minnwest Bank South, Tracy, Minnesota, pleaded guilty to conspiracy to commit bank fraud in the U.S. District Court of Minnesota. In addition to his role as a bank officer, the defendant owned and operated a cattle-feeding venture. In 1997, he began experiencing financial problems with the cattle business and was unable to obtain financing at other banks. The defendant used his position at the bank to help his financially troubled business by making nominee loans to three bank customers. The borrowers never received the loan funds, and they did not make payments on the loans. The loan proceeds went directly to the defendant, and he used the money for his cattle business, thus preventing its failure. The defendant also created the false appearance that these nominee loans were being repaid, when in fact the purported payments were made by funds from new nominee loans. This loan kiting scheme gave the defendant use of more than $590,000 in loan proceeds that he would not otherwise have had access to. The defendant falsified loan notes and related bank records to conceal this scheme. This case is being worked jointly by the FDIC OIG and FBI. Prosecution is being handled by the U.S. Attorney's Office for the District of Minnesota. Former Bank Employee Sentenced for Bank Fraud On March 9, 2005, a former employee of Soy Capital, Decatur, Illinois, was sentenced in the U.S. District Court for the Central District of Illinois, to 10 months' home confinement and 5 years' supervised release. She was also ordered to pay $71,460 in restitution to Soy Capital Bank and $1,000 to Citizens Community Bank. The sentence was the result of the defendant's guilty plea to one count of embezzlement. The investigation leading to her guilty plea found that the employee had embezzled almost $71,000 in funds. On more than 100 occasions over a 1½ year period, she obtained funds from bank tellers by fa lsely representing that the cash was needed to pay customers who did not receive the proper amount of cash from Soy ATM machines. The investigation of this matter further determined that the employee also defrauded Citizens Community Bank, where she obtained a branch manager position after being terminated from employment at Soy Capital Bank. As a service to its customers, Citizens Community Bank accepted certain telephone and utility payments at the bank, and customers were assured that such payments would be immediately credited to the customers' accounts. The telephone and utility payments were set up through American Payment Systems. The defendant removed $1,000 in funds paid by customers who intended to pay telephone and utilities bills, hid her activity by altering the bank's teller machine ticket for American Payment Systems payments, wrote over the figures on the teller tape, or sometimes tore the tape thereby removing certain transactions. This case was investigated by the FDIC OIG and the FBI. Prosecution was handled by the U.S. Attorney's Office for the Central District of Illinois. Former State of Minnesota Representative Indicted on Fraud Charges On October 19, 2004, a federal grand jury for the District of Minnesota returned a seven-count indictment against a former State of Minnesota Representative. The grand jury charged the defendant with four counts of mail fraud, one count of conspiracy, and two counts of money laundering in connection with his activity with the former Town & Country Bank of Almelund (T&C; Bank), Minnesota. During the defendant's tenure in the Minnesota House of Representatives, he served as the chairman of the House Regulated Industries Committee, which oversaw legislation regarding utility companies. According to the indictment, the defendant used his position to enact legislation permitting utility companies to use energy conservation funds for research and development projects. Once the legislation was enacted, the defendant used his position to coerce the utility companies to pay $650,000 in grants to Northern Pole, a Minnesota corporation created to recycle old utility poles. The defendant had a significant equity stake in Northern Pole. The defendant had a personal and business relationship with the former president of T&C; Bank. The defendant met the former president as a borrower from T&C; Bank and developed a personal relationship when the former president worked on the defendant's various election campaigns for public office. T&C; Bank failed in July 2000, at which time the FDIC was appointed receiver. The failure of T&C; Bank resulted in an estimated loss of $3.4 million to the FDIC Bank Insurance Fund. As alleged in the indictment, the defendant and the former president of T&C; Bank devised a scheme whereby the defendant would invest in Northern Pole, a troubled creditor of T&C; Bank. The scheme involved borrowing money from T&C; Bank in the name of the defendant's other businesses, diverting those funds to Northern Pole and other troubled creditors of the bank, and using State of Minnesota grant money to pay back the defendant's debt service on the loans. According to the indictment, in 1997 and 1998, the defendant borrowed a total of $670,000 from T&C; Bank and loaned the funds to Northern Pole. In addition to being Northern Pole's primary creditor, the defendant and the former president agreed that the defendant would have an equity stake in the future revenues of Northern Pole. To conceal both his creditor and equity status in Northern Pole, the defendant arranged for the loans to be made in the name of his other businesses and purposely was not named as owner, officer, or employee of Northern Pole. Subsequently, the defendant used his position to amend the laws of Minnesota and persuaded the utility companies to issue grant money to Northern Pole. From late 1999 to early 2002, Northern Pole obtained $650,000 in grants from Minnesota utility companies. Upon receiving the various grants, Northern Pole used approximately $273,559 to pay debt service on the defendant's loans at T&C; Bank. The former president of T&C; Bank pleaded guilty in September 2003 to charges of bank fraud, money laundering, false bank entries, and conspiracy for his role in the fraud that led to T&C; Bank's failure. The former president has been cooperating in the investigation and is yet to be sentenced. This case is the result of an investigation by the FDIC OIG, the FBI, and the Internal Revenue Service Criminal Investigation Division. The U.S. Attorney's Office for the District of Minnesota is prosecuting the case. Former Officer of Consumer Alliance, Inc. Arrested on Fraud Charges On December 12, 2004, a Canadian citizen and former officer of Consumer Alliance, Inc., was indicted by a federal grand jury in the Southern District of Illinois on charges of mail fraud, wire fraud, conspiracy, and using a fictitious address in furtherance of a mail fraud. The subject was one of four individuals named in a criminal complaint filed earlier last year for allegedly participating in a telemarketing fraud scheme that defrauded thousands of U.S. consumers out of several million dollars by selling phony credit card protection. The credit card transaction activities of Consumer Alliance contributed to the December 2000 failure of the National State Bank, Metropolis, Illinois, causing losses to National State Bank of approximately $1.6 million. A warrant for the subject's arrest was issued at the time the criminal complaint was filed. On November 24, 2004, the subject was arrested at the port of entry in Buffalo, New York, by U.S. Customs and Border Protection inspectors. The three other wanted Consumer Alliance principals remain at-large. This case is being jointly investigated by the FDIC OIG and the U.S. Postal Inspection Service. Prosecution is being handled by the U.S. Attorney's Office for the Southern District of Illinois. Three Defendants Indicted in $10 Million Fraud at Universal Federal Savings Bank A federal grand jury in the Northern District of Illinois returned a six count indictment charging Universal Federal Savings Bank's (Universal) former chief operations officer (COO); her brother, a certified public accountant and principal in a now-defunct business; and a Universal customer and client of the defunct business. The indictment charged the three defendants with conspiracy, aiding and abetting, misapplication of bank funds, making false entries in bank records, wire fraud, and bank fraud. The indictment relates to the activities surrounding the failure of Universal, Chicago, Illinois, on June 27, 2002. The indictment alleged that from December 2001 through June 2002, the former COO and bank customer conspired to misapply millions of dollars of Universal's funds. Throughout the 6-month period, the bank customer allegedly engaged in a check-kite using the defunct business account at Universal and Universal's correspondent account at another bank. During that time, the bank customer made approximately 138 deposits of insufficient fund (NSF) checks into Universal's correspondent account. The NSF checks were drawn on the defunct business account and totaled more than $200 million. The former COO and bank customer also allegedly conspired to make false entries in the books and records of Universal to deceive the bank's chairman. The certified public accountant played a role in the conspiracy by falsifying copies of checks. In addition, the bank customer allegedly used the fraudulently inflated balances in an account at Universal to write checks to third parties and pay for wire transfers to online gambling businesses and casinos. In all, he diverted approximately $9 million in funds credited to the defunct business account for gambling.   As part of the scheme, the bank customer allegedly provided benefits to the former COO to induce her to continue their arrangement. Among other things, in March 2002, the bank customer purchased a new BMW for the former COO with an NSF check. In April 2002, the bank customer and the former COO entered into an agreement by which the bank customer would provide unidentified consulting services for one of the bank customer's companies. The agreement called for the former COO to be paid $80,000 per year and receive a $25,000 annual bonus. The bank fraud count against the former COO alleged that she fraudulently deprived Universal of her honest services by failing to disclose her activities related to the fraud and the benefits she had received.The indictment also alleged that the bank customer engaged in a Ponzi scheme by telling several business associates and their representatives that he was involved in the medical equipment business, and that, if they loaned him money, he would invest their money in his business and repay them substantial amounts of interest in a very short period of time. The bank customer allegedly used the inflated balances in the defunct business account to repay the investments. Some of the investors again loaned the bank customer money, which he never repaid, resulting in a loss of more than $500,000 to approximately five investors. The indictment also seeks forfeiture of at least $10 million from the former COO and bank customer. Also during this reporting period, two separate Settlement and Release Agreements were signed by the FDIC and individuals connected to the FDIC OIG investigation of Universal's failure. The investigation revealed that $350,000 of funds obtained by the bank customer from Universal was given to a businessman as an investment in a start-up business. The businessman returned $186,301 to the FDIC, minus expenses, as part of a negotiated settlement. The bank customer also paid the FDIC $112,800 for money he diverted from Universal to pay housing expenses. OIG and FDIC Benefit from Cooperative Financial Institution Fraud Casework Since January 2002, OIG investigations have resulted in over 106 indictments; 75 convictions; and fines, restitution, and recoveries of over $998 million. Most of these results come from OIG investigations of financial institution fraud, which now comprise 68 percent of the Office of Investigation's (OI) caseload. The focus of our work in this area is on: FDIC-Supervised Institutions Fraud by Officers, Directors, or Insiders Obstruction of Examinations Fraud that Led to the Failure of the Institution Fraud Impacting Multiple Institutions Fraud Involving Monetary Losses that Could Significantly Impact the Institution Over 50 percent of our financial institution fraud caseload is generated based on referrals from the FDIC (43 percent from the Division of Supervision and Consumer Affairs (DSC); 14 percent from the Legal Division). The Department of Justice (DOJ) is the other primary source of referrals for our work in this area (14 percent DOJ; 22 percent the Federal Bureau of Investigation). In many of these cases, the FDIC is pursuing parallel enforcement and/or civil actions. OI strives to work closely with DSC, the Legal Division and other FDIC offices to maximize the benefits that can be derived as we each pursue our individual missions. While the OIG's focus in these cases is on seeking the successful prosecution of those responsible for the fraud, we are mindful as we pursue these criminal investigations of the regulatory concerns and interests of the FDIC. While there are many restrictions on the sharing of information obtained in a criminal investigation, we attempt to keep impacted FDIC offices as fully informed as the law allows. For instance, We notify DSC when opening any investigation of financial institution fraud and keep DSC informed of the status of the investigation. This includes issuing quarterly reports to designated DSC officials apprising them of the status of all OIG financial institution fraud cases and final reports apprising DSC and other impacted divisions of case outcomes. When information is obtained through the grand jury process that could be of significant concern to the FDIC, the OIG seeks court orders to allow the sharing of information for the FDIC to consider appropriate enforcement or other corrective action. We coordinate with DSC and the Legal Division in attempting to structure plea agreements to include a stipulation to an Order of Prohibition. This information sharing is never a "one-way" street. Information provided by DSC, Legal, and the Division of Resolutions and Receiverships has been instrumental in the successful prosecution of many of our cases. DSC examiners have provided critical testimony as witnesses in some of our most significant cases. The mutual collaboration and cooperation between OI, DSC, and other FDIC offices has contributed to our successful case work, as illustrated in many of the case write ups for the current semiannual reporting period. The OIG appreciates the solid working relationships established over the years and is committed to continuing these mutually beneficial efforts with the Corporation. OIG Agent Facilitates Stipulation Agreement Following our criminal investigation into the failure of Hartford-Carlisle Savings Bank (HCSB), the special agent assigned to this investigation worked with the FDIC Legal Division to facilitate a Stipulation of Agreed Judgment against a former shareholder, who was also the mother of the former bank president, in the amount of $413,911. The OIG investigation revealed that fraudulent loan activity by HCSB's president and shareholders of the bank holding company resulted in the failure of the institution. The criminal investigation and prosecution resulted in the conviction of five former shareholders of Wildcat, Inc., the bank holding company. On September 18, 2003, a civil suit for collection of $413,732, plus interest, was filed by the Civil Division of the U.S. Attorney's Office on behalf of the FDIC against the mother of the former bank president. This debt was incurred by her for the purchase of Wildcat, Inc. stock. This stipulation settles that debt. HCSB was an FDIC-supervised institution that was closed on January 14, 2000, by the Iowa Division of Banking. Subsequently, the FDIC OIG and the FBI conducted a joint investigation regarding suspected illegal activities that led to its closure. The U.S. Attorney's Office for the Southern District of Iowa handled prosecution of this case. Restitution and Other Debt Owed to the FDIC FDIC Debtor Makes Full Payment of Restitution On February 14, 2005, a Dallas resident who had been ordered to pay the FDIC $500,000 in restitution as a result of a 1994 bank fraud conviction appeared in the Financial Litigation Unit of the U.S. Attorney's Office for the Eastern District of Texas, and paid the remaining restitution balance of $472,450. This payment was made pursuant to an understanding, made in coordination with DRR and the Legal Division, that the U.S. Attorney's Office and the OIG would discontinue their fraud investigation of the individual if full restitution was paid. Our investigation, prompted by a referral from the Legal Division, had developed evidence that the defendant had illegally concealed assets in an attempt to avoid payment of his restitution. The defendant had previously submitted personal financial statements to the Financial Litigation Unit, in which he claimed a small monthly income and stated he could not pay toward his restitution. However, our investigation determined that the defendant owned and operated a successful home building business in Dallas and over a 3-year period placed approximately $892,000 in business profits into a hidden bank account. These funds were used to pay the defendant's personal living expenses, including his monthly dues to a local golf and country club. He also used the funds to pay the mortgage on his father's personal residence. Owner of Company that Owed Over $3 Million to the Former First New York Bank Sentenced On March 9, 2005, one of the owners of a company that had borrowed over $5 million from the now-defunct First New York Bank for Business (First New York) was sentenced in the Southern District of New York to 10 months' in prison and 3 years' supervised release; he was also ordered to pay restitution in the amount of $103,600 to the FDIC. The sentence was a result of the defendant's guilty plea to conspiracy to commit bank fraud in relation to his actions to divert money from the former First New York and the FDIC as receiver for First New York. The defendant's brother, who was a co-owner of the company, had also agreed to plead guilty in the case, but passed away prior to entering his plea. The two brothers had previously been indicted by a federal grand jury on charges of defrauding and conspiring to defraud the former First New York. The FDIC was appointed to act as the receiver for the First New York following its closure by the State of New York Banking Department in November 1992. As alleged in the indictment, beginning in March 1990, the defendants entered into a series of loan agreements, guarantees, and promissory notes on behalf of their company with First New York. In 1992, the defendants acknowledged they had defaulted on the loans and entered into repayment agreements with First New York in which, among other things, they agreed to repay the loans by granting First New York the right to clear all payments made by the company's customers. The defendants also agreed to direct all present and future customers to make their payments directly to First New York. However, unbeknownst to First New York, between July 1992 and August 1995, the defendants deposited accounts-receivable payments owed to First New York pursuant to the agreements into an account they had set up at another bank. The indictment also alleged that, in furtherance of their scheme, they formed a series of shell companies, which they used to falsely hide business activities between the company and its customers, thereby circumventing the repayment agreement with First New York. The OIG initiated this investigation based on a referral from the FDIC Legal Division, which became aware of questionable transfers during the discovery phase of civil litigation with the company over its debt. The case was prosecuted by the U.S. Attorney's Office for the Southern District of New York. Debtor Pays the FDIC $200,000 On March 7, 2005, an FDIC debtor from Waterbury, Connecticut, agreed to pay the FDIC $200,000 in settlement of claims by the FDIC. This payment was made pursuant to negotiations between the U.S. Attorney's Office and the debtor's counsel at a hearing in the U.S. District Court in Bridgeport, Connecticut. In June 2001, the FDIC originally signed a settlement agreement with the debtor wherein he paid the FDIC $491,000 and stipulated to three judgments related to his then outstanding debt obligations to the FDIC. In exchange, the FDIC agreed not to enforce the judgments unless any financial information provided by him was false or misleading. The OIG subsequently initiated an investigation based on allegations referred by DRR that the debtor may have fraudulently transferred assets to conceal them from the FDIC. The OIG investigation developed evidence that the debtor was the manager of significant real estate holdings owned by his wife and children. He did not disclose these holdings or his role in their management to the FDIC in the financial statements that he had submitted to the FDIC during the original settlement process. In addition to investigating the debtor's alleged false statements, the OIG coordinated with DRR and the Legal Division in connection with the negotiations to assist the U.S. Attorney's Office in making this collection. Former Debtor Sentenced to Prison On October 4, 2004, an FDIC debtor from Concord, New Hampshire, was sentenced in the U.S. District Court for the District of New Hampshire to 1 year in prison and 4 years' supervised release. He was also ordered to pay restitution in the amount of $292,740 to the FDIC and fined $10,000. The sentence was the result of the debtor's guilty plea in October 2003 to two counts of providing false financial information to the FDIC for the purpose of settling a $4.5 million judgment against him. The FDIC obtained the judgment based on the debtor's failure to pay two loans from the former Dartmouth Bank, which failed in 1991. Relying on the personal financial statement that the debtor provided to the FDIC indicating his inability to repay loans, the FDIC sold the $4.5 million judgment to a third party for $160,000. In his guilty plea, the debtor admitted he provided false financial statements and a false affidavit of his financial condition to the FDIC. He also admitted that he had hidden several hundred thousand dollars worth of assets in companies he had incorporated in Nevada. The FDIC OIG investigation was initiated based on a referral from the FDIC Legal Division. Prosecution of the case was handled by the U.S. Attorney's Office for the District of New Hampshire. Obstruction of an Examination of a Financial Institution Former Bank President Pleads Guilty On October 19, 2004, the former president of Heritage Savings Bank, Terrell, Texas, pleaded guilty in the Northern District of Texas, to aiding and abetting the obstruction of an examination of a financial institution. The former president was indicted on March 24, 2004, along with the two co-owners of San Clemente Securities (SCS) and United Custodial Corporation, located in San Clemente, California, and a supervisory broker at SCS. The former president was charged with conspiracy, assisting the bank fraud, making false entries in the books and records of a financial institution, and obstructing the examination of a financial institution. The former president of Heritage, in concert with the defendants from SCS and United Custodial Corporation, allegedly defrauded the bank by causing it to purchase investments from SCS from which the former president and the others subtracted substantial undisclosed fees and commissions ranging from 3 to 57 percent. During July and August 1998, the Office of Thrift Supervision (OTS) conducted an examination of Terrell Federal Savings and Loan (name later changed to Heritage). During the examination the defendant was asked by OTS to confirm liquidation values of nine zero-coupon certificates of deposit he purchased from a supervisory broker at SCS. The broker prepared a spread-sheet purporting to represent present liquidation values for the certificates of deposit. The defendant admitted he knew the values represented on the spread-sheet did not disclose or reflect the amounts of premiums that had been deducted by SCS from the amounts paid for the assets by Heritage. The defendant and broker had intended to conceal the premium amounts from the OTS also. The former president of Heritage is cooperating with the investigation against the other defendants. The case was investigated by the FDIC OIG and the FBI. The case is being prosecuted by the U.S. Attorney's Office for the Northern District of Texas. Electronic Crimes Unit Investigates Computer Misuse Actions Taken Against FDIC Employees for Inappropriate Use of Computers During the reporting period, one FDIC employee resigned in lieu of adverse action for inappropriate use of a government computer. Another employee received a 3-day suspension for similar behavior. The difference in outcome relates to the volume and nature of the inappropriate use of the computers. The Electronic Crimes Unit (ECU) conducted an investigation into allegations that the FDIC employees had used their computers to access pornographic images and possibly child pornographic images. While working these two separate cases, the ECU obtained forensic images of the employees' hard drives, which were analyzed and checked for the existence of child pornography images. All imaged files were compared to known child pornographic images maintained by the National Child Victim Identification Program. The analysis found that the hard drives contained no known child pornographic images. The ECU's forensic analysis of the hard drive of the first employee confirmed that the employee had accessed adult pornographic Web sites and downloaded numerous pornographic images and video files onto his hard drive. Based on the results of the investigation, the FDIC was in the process of proposing adverse administrative action when the employee submitted his resignation. With respect to the second employee, his desktop and laptop hard drives were examined. There was evidence that this employee had accessed adult pornographic Web sites, and adult pornographic images were found on both the laptop and desktop hard drives. Electronic Crimes Unit Holds an Open House to Showcase Its New Computer Forensic Lab The ECU held an Open House to showcase its new Computer Forensic Lab. The Open House was well attended by headquarters OIG staff as well as FDIC Executives and their staff. The ECU provided demonstrations of OI's equipment and forensic software and answered questions from the invitees. Other Highlights Electronic Crimes Unit Special Agent Receives Award from the U.S. Attorney for the Eastern District of Virginia On December 8, 2004, Special Agent Stephen J. Murphy received an award from the U.S. Attorney's Office for the Eastern District of Virginia for work relating to a bomb-sniffing dog investigation. The subject in this case was convicted on a 25 count indictment and sentenced to 7 years in prison for fraud in connection with false assertions to the U.S. government about certifications and his dogs' abilities to detect explosives. Special Agent Ed Slagle Receives Letter of Commendation from Treasury OIG Special Agent Ed Slagle received a letter of commendation signed by the Assistant Inspector General for Investigations, OIG Department of the Treasury. The commendation recognized Special Agent Slagle for his outstanding efforts during the investigation and subsequent trial of the defendants in the Sinclair National Bank case. OI Training Conference The OIG's OI training conference in March 2005 provided an opportunity for OI's special agents to fulfill the training required of law enforcement personnel at OIGs with statutory law enforcement authority. The classroom portion of the conference focused on legal education sessions addressing updates in judicial case law affecting federal law enforcement officers. This section of the training was provided by Federal Law Enforcement Training Center legal personnel from Glynco, Georgia. Another portion of the conference focused on OI's investigative operations. The group discussed the activities of the OIG's Electronic Crimes Unit in the area of "phishing" schemes. The group very much appreciated that representatives from DRR and DSC (pictured to the right) were able to participate by speaking of the work of their respective divisions and the joint activities that the OIG has conducted with them in pursuing restitution cases and combating financial institution fraud. OIG Organization: Pursuing OIG Goals Our office continued to aggressively pursue our four main OIG goals and related objectives during the reporting period. These goals and objectives form the blueprint for our work. While the audit, evaluation, and investigative work described in the earlier sections of this report drives our organization and contributes very fundamentally to the accomplishment of our goals, a number of other activities and initiatives complement and support these efforts and enhance the achievement of our goals. Some examples follow. Value and Impact OIG products will add value by achieving significant impact related to addressing issues of importance to the Chairman, the Congress, and the public. This goal means that we contribute to ensuring the protection of insured depositors, safety and soundness of FDIC-supervised institutions, protection of consumer rights, achievement of recovery to creditors of receiverships, and effective management of agency resources. Efforts in support of this goal and related objectives include the following: Issued 17 audit and evaluation reports containing $11.9 million in potential monetary benefits and 37 nonmonetary recommendations. As discussed earlier in this report, these reports address the management and performance challenges facing the Corporation. Conducted investigations that resulted in 13 indictments/informations; 8 convictions; and approximately $24.1 million in total fines, restitution, and other monetary recoveries. Performed 19 policy analyses on proposed FDIC directives or proposed revisions to directives. We raised three policy suggestions regarding the draft directives, specifically in the areas of training and development, the Privacy Counterparts Group, and information technology (IT) security risk management. We also offered other suggestions to strengthen or clarify the draft policies. Reviewed and provided comments to the Division of Information Technology (DIT), at their request, on the FDIC's sensitivity questionnaire, which is used to categorize the FDIC's information systems. Reviewed and provided comments to the Government Accountability Office (GAO) on the internal control portion of their opinions on the FDIC's 2004 financial statements. Advised the Corporation of areas of high vulnerability and those warranting continued monitoring for the Corporation's preparation of its 2004 Statement on Internal Accounting and Administrative Controls. Continued coordination of our Electronic Crimes Unit (ECU) with the Division of Supervision and Consumer Protection (DSC), Legal Division, and DIT officials to establish appropriate processes in addressing cyber crimes, including computer intrusion, phishing and spoofing schemes, and investigations of computer misuse by FDIC employees and contractors. Also continued to work with these officials on developing procedures for preserving electronic media at bank closings. Provided a case presentation by the ECU to the FDIC Vice Chairman and other senior FDIC officials regarding a phishing scheme involving the FDIC. Participated in an advisory capacity at meetings of the Audit Committee's IT Security Subcommittee and FDIC Chief Information Officer's Council. Briefed Senate Banking Committee staff on the progress of our work related to the FDIC's supervision of an institution's compliance with the Bank Secrecy Act (BSA). This work was done in response to the Committee Chairman's request that we determine whether the FDIC adequately fulfilled its responsibilities to monitor and assure the institution's compliance with BSA. We later provided a copy of our report to the Chairman and Ranking Member of the Committee. Provided the Corporation with the OIG's assessment of the most significant management and performance challenges facing the FDIC, in the spirit of the Reports Consolidation Act of 2000. The Act calls for these challenges to be included in the consolidated performance and accountability reports of those federal agencies to which it applies. We also provided our assessment to the Chief Financial Officer (CFO) and a summary of the challenges to the Office of Enterprise Risk Management for inclusion in the 2004 Annual Report. We had earlier shared a draft listing of the challenges with the divisions and offices and also briefed the Audit Committee. Developed action steps to address issues and concerns from our sixth client survey as well as other opportunities for improvement identified in the report. Our periodic surveys of senior executives in the Corporation obtain their views of OIG products, processes, and services. Briefed the Operating Committee on the results of the survey and our responsive actions. Provided advisory comments to the Division of Finance on the draft of the FDIC 2005 Annual Performance Plan. Comments related to (1) improving the performance plan's linkage to the 2005 Corporate Performance Objectives, (2) considering performance goals for key resource management activities, (3) clarifying certain performance targets, and (4) improving internal control and information security program discussions. Provided an informational analysis of the Government Performance and Results Act (GPRA) performance goals and the Chairman's corporate performance objectives to assist the Corporation in any future efforts to integrate the two. Worked closely with the FDIC developing presentations on lessons learned/red flags based on the OIG's experience in investigating major fraud at financial institutions. Such presentations explain the investigative process, alert examiners to possible red flags or signs of fraud and/or obstruction, and provide guidance on making referrals and coordinating with the OIG on suspected fraud. Our Office of Investigations (OI) provided these types of presentations at training conferences, Federal Financial Institutions Examination Council seminars, and DSC Field Office meetings. Also, at the request of DSC, OI provided input for a presentation DSC was developing on fraud and pursuing 8(e) actions. Attended two quarterly meetings of the Federal Savings and Loan Insurance Corporation Resolution Fund Dissolution Task Force. Organized and provided a TeamMate demonstration to staff of DSC's Internal Control and Review Section who are considering electronic working papers for their office. Communication and Outreach Communications between the OIG and the Chairman, the Congress, employees, and other stakeholders will be effective. We seek to foster effective agency relations and communications, congressional relations and communications, OIG employee relations and communications, and relations and communications with other OIG stakeholders. Efforts in support of this goal and related objectives include the following: Cosponsored an Emerging Issues in Banking symposium along with the Federal Reserve Board and Department of the Treasury OIGs. This forum brought together representatives from the financial regulatory agency OIGs, GAO, Securities and Exchange Commission, Pension Benefit Guaranty Corporation, Federal Housing Finance Board, and others to hear from leading experts about emerging issues that impact our collective and individual work and responsibilities. Hosted an interagency meeting of the IT Security Committee. This committee was created by the Inspector General (IG) community's Federal Audit Executive Council to promote interagency coordination of independent security evaluations conducted pursuant to the Federal Information Security Management Act of 2002 (FISMA). Individuals from 18 federal agencies attended the meeting, including representatives from the House of Representatives Government Reform Committee, Office of Management and Budget (OMB), GAO, and National Institute of Standards and Technology. Discussed were lessons learned from the 2004 evaluations, ongoing efforts to standardize agency evaluations, and committee priorities for the remainder of 2004 and 2005. Special Agent Cindy Van Noy returned to the FDIC OIG during the reporting period following an assignment in Baghdad, Iraq. The Coalition Provisional Authority Office of Inspector General (CPA OIG), now called the Special Inspector General for Iraq Reconstruction, approached our office for assistance, and in May 2004, Special Agent Van Noy was detailed to Baghdad, Iraq to help. The CPA OIG is charged with reviewing and investigating allegations of fraud, waste, and abuse relating to the use of Iraq Relief and Reconstruction Funds. The CPA OIG was created by statute to promote economies and efficiency in the use of $18.7 billion provided by the U.S. government for Iraq's post-war rehabilitation. While on assignment, Special Agent Van Noy investigated several allegations of contractor fraud pertaining to the funding for Iraq's post-war rehabilitation. Former IG Gianni attended the fall conference of the Inspectors General Association. This group consists of Inspectors General and professional staff in their agencies, as well as other officials responsible for inspection and oversight of public, not-for-profit, and independent sector organizations. Topics covered at the conference included Strengthening Communication and Collaboration, A Multi-Organizational Task Force Approach to Fraud, White Collar Crime, Using Data Analysis Tools, and Fraud Auditing. Presented information security-related topics to members of the President's Council on Integrity and Efficiency (PCIE). Assistant Inspector General for Audits (AIGA) Rus Rau spoke to the group in his role as Chair of the IT Security Committee of the Federal Audit Executive Council. Mr. Rau's presentation covered activities of the Committee in the areas of policy review, evaluation guidance, implementation, and reporting. He also highlighted some current issues under discussion, including interpretation of key terms, attention to interagency security issues, and alignment of FISMA and CFO reporting dates. Spoke at the Performance Institute's conference on Measuring and Improving Financial Management in Government. The conference focused on helping financial managers develop a financial management framework, complete with management standards and performance measures that cut across multiple functions for financial performance. Financial managers from federal, state, and local government organizations attended the conference sessions. Mr. Ross Simms from our Office of Audits discussed the importance of integrating risk management and internal control in financial reporting. He also provided the participants with best practices to consider and discussed how financial managers can work with auditors to identify risks and areas where internal control can be strengthened. Played an active role in the Federal Audit Executive Council. As referenced earlier, our AIGA is the Chair of the FISMA/Information Security Committee of the Council, and in that capacity was called upon to speak at several professional forums. Additionally, our Office of Audits is taking the lead role in planning the annual Federal Audit Executive Council conference to be held in April 2005. Participated at and helped organize the Institute of Internal Auditors' 2005 Government Auditing Conference, the theme of which was Changing World: Issues, Challenges, and Practices. Former IG Gianni and Deputy AIGA Sharon Smith helped spearhead planning efforts. The agenda included presentations on such topics as Keeping Pace with Change, Identity Theft, Financial Management, E-Government, Human Capital, Using the Internet to Improve Auditing, Sarbanes-Oxley Considerations, and FISMA. Distinguished speakers included the Comptroller General; the Auditor General of the World Bank; Inspectors General from the Department of Commerce, Department of Agriculture, and Department of Justice; and other representatives from GAO, OMB, National Institute of Standards and Technology, and several private-sector professional services firms. Hosted an Open House in our Electronic Crimes Unit laboratory for FDIC executives and their staffs, at which demonstrations on ECU equipment and forensic software were provided. Provided input to Kansas City DSC as it prepared a presentation for the FDIC Risk Analysis Center related to Fraud-An Examiner's Perspective on Successful 8(e) Investigations. Participated in quarterly meetings with other OIGs to share common human resource issues and topics. Met with financial regulatory Inspectors General to share and discuss issues of common interest. Held quarterly meetings with financial regulatory Assistant Inspectors General to share best practices and ideas on issues of mutual concern. Attended PCIE Roundtable meetings on both GPRA and Inspections and Evaluations. Former IG Gianni served as Vice Chair of the PCIE during the first half of the reporting period, and in that capacity, he chaired monthly Council meetings and welcomed guest speakers from OMB, GAO, the Administration, and individual OIGs to discuss issues of importance to the IG community. With the former FDIC IG's retirement, we have worked with the new Vice Chair's office to transfer leadership responsibilities. Continued ongoing meetings between the Executives of the OIG and the FDIC's Division and Office Heads in both headquarters and regional offices to foster and sustain successful cooperation and communication in all aspects of our audit, evaluation, and investigative activities. Participated in meetings of the Interagency Bank Fraud Working Group in headquarters and the regions. Coordinated with IGs, Assistant Inspectors General for Audits, and Assistant Inspectors General for Investigations of federal financial institution regulatory agencies. Communicated with congressional staff of the House and Senate Oversight Committees regarding FDIC's new Acting IG and reports issued by the OIG. Coordinated with the Corporation's Office of Legislative Affairs with respect to such interaction with the Congress. Provided weekly highlights reports to the FDIC Chairman to keep him informed of significant OIG events. Presented the results of OIG audit and evaluation work at monthly meetings of the Audit Committee. Audit Committee members include the FDIC Vice Chairman, the CFO, and the Director of the Office of Thrift Supervision. These meetings bring senior management attention to OIG findings, recommendations, and related issues of significance. Human Capital The OIG will align its human resources to support the OIG mission. We aim to enhance our workforce analysis and planning, competency investments, leadership development, and the development of a results-oriented, high-performance culture. Efforts in support of this goal and related objectives include the following: Held an Office of Audits (OA) Training Conference for OA staff to prepare for the coming year of assignments and sharpen skills and knowledge related to such areas as report writing, automated working papers, quality control techniques, and communication. All OA staff received the FDIC's Ethics training at the conference as well. Held an OI Training Conference to provide an opportunity for OIG agents to fulfill the rigorous training required of law enforcement personnel in the IG community. Much of the conference focused on legal education sessions. The group also discussed the activities of the OIG's Electronic Crimes Unit in the area of phishing schemes. DSC and Division of Resolutions and Receiverships representatives spoke of the work of their respective divisions and the joint activities that the OIG has engaged in with them in combating financial institution fraud and working restitution cases. Met with the OIG's Employee Advisory Group. This group provides feedback to the IG/Acting IG on the working conditions and business processes of the office and keeps OIG staff informed of current issues of employee concern. Held Celebrating the OIG event to recommit to the OIG mission and acknowledge the diverse skills and talents of OIG staff. Emphasis was placed on the many talents and qualities that staff have cultivated outside the office and bring to bear on their work at the FDIC. Provided OIG input to the Corporation's annual diversity report. Participated in the IG Management Institute's Applied Management Studies training program, tailored to address IG community training needs. Sponsored participation of two OIG employees in leadership training held for the PCIE by the Federal Executive Institute in Charlottesville, Virginia. Made arrangements to participate in the IG Community's pilot implementation of e-learning through SkillSoft. By leveraging technology, this program is designed to offer quality training to OIG staff in a cost-effective, efficient manner. Productivity The OIG will effectively manage its resources. We have taken steps to contain OIG costs and undertook several initiatives to ensure that our processes are efficient and that our products meet quality standards. Efforts in support of this goal and related objectives include the following: Included the OIG's budget for $29,965,000 ($160,000 less than the Congress appropriated for fiscal year 2005) in the fiscal year 2006 budget that the President sent to the Congress. This is the amount agreed to by the Chairman and former IG Gianni and supports an authorized staffing level of 160. The budgeted amount absorbs higher projected expenses for salaries, employee benefits, and other costs by reducing funds for travel, contracts, and equipment purchases. The 2006 budget represents the OIG's tenth consecutive budget decrease after adjusting for inflation. Issued the OIG's FY 2005 Performance Plan identifying 39 specific annual performance goals designed to help us achieve our strategic goals and objectives. The plan reflects the OIG's emphasis on (1) adding value by achieving impact on issues of importance to the Corporation and our other stakeholders; (2) fostering effective communications with our stakeholders; (3) aligning human resources to support the OIG mission; and (4) managing our resources effectively. In addition, the plan reflects linkages to the FDIC Strategic Plan, the OIG-identified Management and Performance Challenges Facing the FDIC, the Office of Audits' Assignment Plan, and the OIG Human Capital Strategic Plan. Enhanced OIGnet, our internal Web-based resource to improve its usefulness. With the redesign, most items can be retrieved directly from the site's first page, including policies, forms, contacts, and plans. All OIG publications are linked to the page and can be easily retrieved for reference. Made refinements to the OIG's Dashboard, an executive information system to improve the efficiency of OIG management oversight of internal operations. The Dashboard provides timely information on key OIG performance measures, the budget and monthly spending reports, staffing, and annual performance goals. Completed an internal quality control review of one audit/evaluation directorate. All significant matters have been resolved. Points of Contact Title Name Telephone Number  Acting Inspector General Patricia M. Black 202-416-2026   Deputy Inspector General Patricia M. Black 202-416-2026   Counsel to the Inspector General Fred Gibson 202-416-2917    Assistant Inspector General for Audits Russell Rau 202 416-2543       Deputy Asst. Inspector General for Audits    Stephen Beard 202-416-4217       Deputy Asst. Inspector General for Audits    Sharon Smith 202-416-2430    Assistant Inspector General for Investigations Samuel Holland 202-416-2912    Assistant Inspector General for    Management and Congressional Relations Rex Simmons 202-416-2483    Assistant Inspector General for    Quality Assurance and Oversight Robert McGregor 202-416-2501 OIG Counsel Activities (October 2004 – March 2005) Period The Mission of the Office of Counsel The Office of Counsel provides independent legal advice and assistance to the Inspector General and the staff of the OIG. The Office litigates personnel and other cases; provides advice on matters arising during the course of audits, investigations, and evaluations, including reviewing reports for legal sufficiency; manages the OIG's Ethics process; reviews, analyzes, and comments on proposed or existing regulations or legislation, including banking legislation and implementing regulations; communicates and negotiates with other entities on behalf of the OIG; responds to Freedom of Information Act (FOIA) and Privacy Act requests and appeals; prepares and enforces subpoenas for issuance by the Inspector General; and coordinates with the Legal Division, the Department of Justice, and other agency and governmental activities. Examples from the reporting period include: Litigation Counsel's Office represented the OIG in cases before the Equal Employment Opportunity Commission and before the District Court for the District of Columbia. The Office of Counsel was involved in 22 litigation matters, two of which were resolved during the period, and the remainder of which are awaiting further action by the parties or rulings by the court. Advice and Counseling Counsel's Office provided advice and counsel, including written opinions, on issues involving the statutory authority of the Inspector General; E-government initiatives; protection of sensitive information; Federal Information Security Management Act’s external auditor provision; bank supervision matters involving aspects of the USA PATRIOT Act, the Bank Secrecy Act, and the Bank Merger Act; closed bank matters including dividend payments and asset write-offs for receiverships; contract interpretations; investigative matters; and various ethics-related matters. In addition, Counsel's Office provided comments relative to the legal accuracy and sufficiency of more than 15 audit and evaluation reports. Legislation/Regulation Review During this reporting period, Counsel's Office reviewed and commented upon proposed FOIA legislation entitled The OPEN Government Act, and reviewed three proposed formal FDIC regulations. Counsel's Office also commented on six proposed or final directives and various policies. Subpoenas Counsel's Office prepared four subpoenas for issuance by the Inspector General or Acting Inspector General during this reporting period. Freedom of Information Act/Privacy Act Counsel's Office responded to nine requests under the FOIA, one FOIA appeal, and assisted FDIC Counsel in a FOIA-related lawsuit. Table 1: Significant OIG Achievements (October 2004 – March 2005) ACHIEVEMENT NUMBER Audit and Evaluation Reports Issued 17 Questioned Costs and Funds Put to Better Use $11.9 million Investigations Opened 24 Investigations Closed 20 OIG Subpoenas Issued 4 Convictions 8 Fines, Restitutions, and Monetary Recoveries $24.1 million Hotline Allegations Referred 10 Proposed Regulations and Legislation Reviewed 4 Proposed FDIC Policies Reviewed 19 Responses to Requests and Appeals under the Freedom of Information Act and/or Privacy Act 10 Table 2: Nonmonetary Recommendations TIME PERIOD NUMBER October 2002 – March 2003 90 April 2003 – September 2003 103 October 2003 – March 2004 51 April 2004 – September 2004 86 October 2004 – March 2005 37 [ D ] [ D ] [ D ] Reporting Terms and Requirements Index of Reporting Requirements - Inspector General Act of 1978, as amended Reporting Requirement Section 4(a)(2): Review of legislation and regulations Section 5(a)(1): Significant problems, abuses, and deficiencies Section 5(a)(2): Recommendations with respect to significant problems, abuses, and deficiencies Section 5(a)(3): Recommendations described in previous semiannual reports on which corrective action has not been completed Section 5(a)(4): Matters referred to prosecutive authorities Section 5(a)(5) and 6(b)(2): Summary of instances where requested information was refused Section 5(a)(6): Listing of audit reports Section 5(a)(7): Summary of particularly significant reports Section 5(a)(8): Statistical table showing the total number of audit reports and the total dollar value of questioned costs Section 5(a)(9): Statistical table showing the total number of audit reports and the total dollar value of recommendations that funds be put to better use Section 5(a)(10): Audit recommendations more than 6 months old for which no management decision has been made Section 5(a)(11): Significant revised management decisions during the current reporting period Section 5(a)(12): Significant management decisions with which the OIG disagreed Reader’s Guide to Inspector General Act Reporting Terms What Happens When Auditors Identify Monetary Benefits? Our experience has found that the reporting terminology outlined in the Inspector General Act of 1978, as amended, often confuses people. To lessen such confusion and place these terms in proper context, we present the following discussion: The Inspector General Act defines the terminology and establishes the reporting requirements for the identification and disposition of questioned costs in audit reports. To understand how this process works, it is helpful to know the key terms and how they relate to each other. The first step in the process is when the audit report identifying questioned costs is issued to FDIC management. Auditors question costs because of an alleged violation of a provision of a law, regulation, contract, grant, cooperative agreement, or other agreement or document governing the expenditure of funds. In addition, a questioned cost may be a finding in which, at the time of the audit, a cost is not supported by adequate documentation; or, a finding that the expenditure of funds for the intended purpose is unnecessary or unreasonable. The next step in the process is for FDIC management to make a decision about the questioned costs. The Inspector General Act describes a “management decision” as the final decision issued by management after evaluation of the finding(s) and recommendation(s) included in an audit report, including actions deemed to be necessary. In the case of questioned costs, this management decision must specifically address the questioned costs by either disallowing or not disallowing these costs. A “disallowed cost,” according to the Inspector General Act, is a questioned cost that management, in a management decision, has sustained or agreed should not be charged to the government. Once management has disallowed a cost and, in effect, sustained the auditor’s questioned costs, the last step in the process takes place which culminates in the “final action.” As defined in the Inspector General Act, final action is the completion of all actions that management has determined, via the management decision process, are necessary to resolve the findings and recommendations included in an audit report. In the case of disallowed costs, management will typically evaluate factors beyond the conditions in the audit report, such as qualitative judgments of value received or the cost to litigate, and decide whether it is in the Corporation’s best interest to pursue recovery of the disallowed costs. The Corporation is responsible for reporting the disposition of the disallowed costs, the amounts recovered, and amounts not recovered. Except for a few key differences, the process for reports with recommendations that funds be put to better use is generally the same as the process for reports with questioned costs. The audit report recommends an action that will result in funds to be used more efficiently rather than identifying amounts that may need to be eventually recovered. Consequently, the management decisions and final actions address the implementation of the recommended actions and not the disallowance or recovery of costs. It is important to note that the OIG does not always expect 100 percent recovery of all costs questioned. Statistical Information Required by the Inspector General Act of 1978, as amended Table I: Significant Recommendations From Previous Semiannual Reports on Which Corrective Actions Have Not Been Completed This table shows the corrective actions management has agreed to implement but has not completed, along with associated monetary amounts. In some cases, these corrective actions are different from the initial recommendations made in the audit reports. However, the OIG has agreed that the planned actions meet the intent of the initial recommendations. The information in this table is based on (1) information supplied by the FDIC’s Office of Enterprise Risk Management (OERM) and (2) the OIG’s determination of closed recommendations for reports issued after March 31, 2002. These 7 recommendations from 7 reports involve improvements in operations and programs. OERM has categorized the status of these recommendations as follows: Management Action in Process: (7 recommendations from 7 reports) Management is in the process of implementing the corrective action plan, which may include modifications to policies, procedures, systems or controls; issues involving monetary collection; and settlement negotiations in process. Table I: Significant Recommendations From Previous Semiannual Reports on Which Corrective Actions Have Not Been Completed Report Number, Title & Date Significant Recommendation Number Brief Summary of Planned Corrective Actions and Associated Monetary Amounts Management Action In Process EVAL-01-002 FDIC’s Background Investigation Process for Prospective and Current Employees August 17, 2001 3 Re-designate position sensitivity levels for examiner positions to reflect their public trust responsibilities. EVAL-04-005 FDIC’s Strategic Alignment of Human Capital January 23, 2004 2 Develop a coherent human capital blueprint that describes the FDIC’s human capital framework and establishes a process for agency leaders to monitor the alignment and success of the initiatives relative to the goals. 04-008 Evaluation of FDIC’s Unix Systems Security February 13, 2004 1 Centralize Unix administration under one Division of Information Resources Management organization. (Note: This Division is now the Division of Information Technology.) 04-009 Evaluation of FDIC’s Intrusion Detection and Incident Response Capability February 13, 2004 4 Research and investigate solutions and tools for aggregating event information from different security logging devices to better distinguish malicious activity from normal network traffic to reduce false positives. 04-016 FDIC’s Personnel Security Program March 30, 2004 3 Review all employees in moderate risk-level positions to ensure that appropriate background investigations have been performed. 04-017 Supervisory Actions Taken for Bank Secrecy Act (BSA) Violations March 31, 2004 1 Re-evaluate and update examination guidance to strengthen monitoring and follow-up processes for BSA violations. 04-028 FDIC’s IT Security Risk Management Program – Overall Program Policies and Procedures and the Risk Assessment Process July 30, 2004 1 Revise FDIC Circular 1310.3 to delineate the FDIC’s complete IT Security Risk Management Program. The revision should be consistent with the National Institute of Standards and Technology Special Publication 800-26 methodology. The OIG has not yet evaluated management’s actions in response to OIG recommendations. The OIG has requested additional information to evaluate management’s actions in response to OIG recommendations. Table II: Audit Reports Issued by Subject Area Audit Report Number & Date Audit Report Title Total Questioned Costs Unsupported Questioned Costs Funds Put to Better Use Supervision and Insurance 05-008 March 2, 2005 FDIC’s Supervision of an Institution’s Compliance With the Bank Secrecy Act EVAL-05-012 March 18, 2005 Division of Supervision and Consumer Protection’s Process for Identifying Current and Future Skill and Competency Requirements 05-015 March 31, 2005 DSC’s Process for Tracking and Evaluating the Impact of MERIT Guidelines Receivership and Legal Services 05-009 March 1, 2005 DRR’s Internal Loan Servicing 05-013 March 22, 2005 Receivership Dividend Payments 05-014 March 31, 2005 FDIC’s Process for Writing Off Assets Systems Management EVAL-05-001 December 17, 2004 FDIC’s Local Telecommunications Service $390,000 05-004 January 18, 2005 Follow-up Audit of the FDIC’s Virtual Supervisory Information on the Net Application 05-007 February 18, 2005 Management Controls Over the Re-baselined New Financial Environment Project Information Assurance 05-016 March 31, 2005 Security Controls Over the FDIC’s Electronic Mail (E-Mail) Infrastructure Resources Management 05-002 January 13, 2005 Price Reduction on Laptop Computers $1,967,863 EVAL-05-003 January 18, 2005 FDIC’s Use of Consultants 05-005 January 21, 2005 FDIC’s Procurement of Administrative Goods and Services $8,800,000 Post-award Contract Audits 05-006 January 28, 2005 Post-award Contract Audit $80,000 $40,000 $60,000 05-010 March 9, 2005 Post-award Contract Audit $154,543 $7,665 $301,430 05-017 March 31, 2005 Post-award Contract Audit $119,610 Pre-award Contract Audits 05-011 March 14, 2005 Pre-award Contract Audit Totals for the Period $2,322,016 $47,665 $9,551,430 Table III: Audit Reports Issued with Questioned Costs Item Number of Questioned Costs Total Questioned Costs Unsupported Questioned Costs A. For which no management decision has been made by the commencement of the reporting period. 1 $110,915 $0 B. Which were issued during the reporting period. 4 $2,322,016 $47,655 Subtotals of A & B 5 $2,432,931 $47,665 C. For which a management decision was made during the reporting period. 2 $2,078,778 $0 (i) dollar value of disallowed costs. 1 $1,967,863 $0 (ii) dollar value of costs not disallowed. 1 $110,915 $0 D. For which no management decision has been made by the end of the reporting period. 3 $354,153 $47,665 Reports for which no management decision was made within 6 months of issuance. 0 $0 $0 Table IV: Audit Reports Issued with Recommendations for Better Use of Funds Item Number Dollar Value A. For which no management decision has been made by the commencement of the reporting period. 2 $51,084,587 B. Which were issued during the reporting period. 4 $9,551,430 Subtotals of A & B 6 $60,636,017 C. For which a management decision was made during the reporting period. 4 $60,274,587 (i) dollar value of recommendations that were agreed to by management. 1 $602,438 - based on proposed management action. 1 $602,438 - based on proposed legislative action. 0 0 (ii) dollar value of recommendations that were not agreed to by management. 4 $59,672,149 D. For which no management decision has been made by the end of the reporting period. 2 $361,430 Reports for which no management decision was made within 6 months of issuance. 0 0 One of the reports included on the line for recommendations not agreed to by management is also included on the line for recommendations agreed to by management because management did not agree with some of the funds put to better use. Table V: Status of OIG Recommendations Without Management Decisions During this reporting period, there were no recommendations more than 6 months old without management decisions. Table VI: Significant Revised Management Decisions During this reporting period, there were no significant revised management decisions. Table VII: Significant Management Decisions with Which the OIG Disagreed In our report entitled FDIC’s Allocation of Records Storage Costs (Report No. 04-044, issued on September 29, 2004), we recommended that the Director of the Division of Finance (DOF) adjust prior Bank Insurance Fund (BIF), Savings Association Insurance Fund (SAIF), and Federal Savings and Loan Insurance Corporation Resolution Fund (FRF) balances to address the disproportionate distribution of costs to the BIF and SAIF for records storage properly chargeable to the FRF. DOF did not agree with the OIG that there were allocation errors for prior periods that required correction. We also recommended that the Director of DOF determine whether prior-year adjustments should be made to the funds’ financial statements due to the magnitude of the reallocation of records storage costs to the FRF. DOF also did not agree with this recommendation and stated that it had assessed the materiality of the cost that the OIG recommended be charged to the FRF and had determined that the amount was below the materiality threshold for the FRF. The OIG’s position was that while financial statements for prior years may not need to be restated, the FDIC still needed to make the appropriate adjustments to the BIF, SAIF, and FRF balances to properly account for the costs. The Vice Chairman, acting as Chair of the FDIC Audit Committee, advised us on January 7, 2005, of the management decision to accept the DOF position on the recommendations. The Vice Chairman noted that DOF committed to periodic reviews of the methodology employed to allocate records storage costs in the future as the final action with regard to the audit recommendations. DOF was required to make appropriate changes in future allocations based on its review of the allocation methodology and report those changes to the Audit Committee. We consider this management decision to be significant because we estimated that over $34 million in records storage costs was not properly allocated to the respective funds. We disagreed with the decision as it did not, in our opinion, achieve an accurate accounting for the costs. Table VIII: Instances Where Information Was Refused During this reporting period, there were no instances where information was refused. Farewell to OIG Retirees Charles Becker Charles Becker, Senior Special Agent, retired after a 30 year federal career. As a Senior Special Agent, he participated in a number of the office’s most difficult financial fraud investigations. Over the last few years, he helped develop an electronic database for compiling numerous contacts to the FDIC OIG Hotline. His work in researching and developing this system has benefited the public; FDIC divisions and offices; and other state, local, and federal agencies. Prior to joining the FDIC, Charlie served as an auditor and accountant with the Department of Housing and Urban Development, the Department of the Treasury, the Department of Commerce, and as a systems accountant for the Department of Health and Human Services. Nora Davis Nora Davis, Audit Specialist, retired after 29 years of federal service. Her government career included service at the Department of Veterans Affairs and the FDIC. Serving as a Secretary in the FDIC Division of Research, she played a key role in an administrative capacity. Later, as an Auditor in the FDIC Office of Corporate Audits and Internal Investigations (prior to its becoming the Office of Inspector General), she played a key role in conducting onsite reviews of the FDIC Consolidated Offices. As an Audit Specialist in the Office of Audits, she participated in audits of corporate programs in the FDIC Division of Supervision and Consumer Protection. Ann Gray Ann Gray, Audit Specialist, retired after 29 years of federal service. Her government career included service at the General Services Administration, National Archives, Resolution Trust Corporation, and the FDIC. Serving as a Management Analyst and Audit Specialist, she was a part of teams conducting reviews of the FDIC’s contract operations, contractor billings, records management, and records storage costs. Her efforts aided in identifying monetary benefits and recommendations that improved the efficiency and effectiveness of FDIC operations. Charles Thompson Charles Thompson, Audit Specialist, retired after 21 years of federal service. His government career also included service at the Internal Revenue Service and the Department of Education. For a number of years, Charles was a valuable member of the joint FDIC/GAO team conducting the Corporation’s financial statement audit. His efforts in assessing internal controls over cash receipts and disbursements and reviewing contractor oversight and income and expense items contributed greatly to the success of that important undertaking. As an Audit Specialist, he later played a key role in conducting reviews of the FDIC’s contract operations, contractor billings, and receivership operations. Gaston L. Gianni, Jr. The OIG celebrated Gaston Gianni’s retirement both with his FDIC colleagues and with his family, friends, and former colleagues from throughout the federal government. Vice Chairman John Reich acknowledged Mr. Gianni’s work and leadership at the FDIC. The Comptroller General also attended one of Mr. Gianni’s receptions and acknowledged his many contributions to our country—both while at the GAO and at the FDIC. Mr. Gianni was also presented with an American flag that was flown over the Capitol on the last day of his 40½ year federal career. The inscription on the flag case epitomizes our former IG: "true public servant; champion of honor and integrity; tireless, unselfish leader" Former IG Gianni received the following praise in letters from Members of the Congress "It has always been my firm belief that public service is one of the most honorable callings, one that demands the very best, most dedicated efforts of those fortunate enough to serve their fellow citizens. Your colleagues attest and pay tribute to your high standards and important accomplishments, and our country is a better place because of your commitment." Senator Paul Sarbanes "Besides your devotion to the Inspector General mission, I know the community will also miss your good humor, ‘can do’ attitude, and gentle demeanor. The Federal government was truly fortunate to have had the energy and insights of such a dedicated public servant." Former Senator John Glenn "Congress envisioned IGs as permanent, independent, non-partisan, and objective and your efforts exemplify this vision. Your work, and the work of all inspectors general across government, adds an important balance to our system of separation of powers. The efforts of inspectors general can be tied to billions of dollars in savings, thousands of successful criminal prosecutions, and agencies and IGs working together to make government more effective and more accountable." Tom Davis, Chairman, House Committee on Government Reform; and Todd Platts, Chairman, Subcommittee on Efficiency and Financial Management Abbreviations and Acronyms Term AIGA Assistant Inspector General for Audits ASTEP Asset Servicing Technology Enhancement Project BCP Business Continuity Plan BIF Bank Insurance Fund BSA Bank Secrecy Act CBC Connecticut Bank of Commerce CEO Chief Executive Officer CFO Chief Financial Officer CIRC Capital Investment Review Committee COO Chief Operations Officer CPA OIG Coalition Provisional Authority Office of Inspector General CRA Community Reinvestment Act DIT Division of Information Technology DRR Division of Resolutions and Receiverships DSC Division of Supervision and Consumer Protection ERM Enterprise Risk Management FBI Federal Bureau of Investigation FDIC Federal Deposit Insurance Corporation FinCEN Financial Crimes Enforcement Network FISMA Federal Information Security Management Act of 2002 FOIA Freedom of Information Act FRF Federal Savings and Loan Insurance Corporation Resolution Fund GAO Government Accountability Office GPRA Government Performance and Results Act HCSB Hartford-Carlisle Savings Bank HSPD Homeland Security Presidential Directive IBM International Business Machines IG Inspector General ILC industrial loan company IRS-CI Internal Revenue Service Criminal Investigation MERIT Maximum Efficiency, Risk-Focused, Institution Targeted Examinations Program NFE New Financial Environment NMSC North Mississippi Supply Company OA Office of Audits OCC Office of the Comptroller of the Currency OERM Office of Enterprise Risk Management OI Office of Investigations OIG Office of Inspector General OMB Office of Management and Budget OPM Office of Personnel Management OTS Office of Thrift Supervision PCIE President’s Council on Integrity and Efficiency PMA President’s Management Agenda RTC Resolution Trust Corporation SAIF Savings Association Insurance Fund SCS San Clemente Securities, Inc. SDLC System Development Life Cycle SFG Stevens Financial Group SNB Sinclair National Bank T&C Bank Town & Country Bank USA PATRIOT ACT Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 VISION Virtual Supervisory Information on the Net The Office of Inspector General (OIG) Hotline is a convenient mechanism employees, contractors, and others can use to report instances of suspected fraud, waste, abuse, and mismanagement within the FDIC and its contractor operations. The OIG maintains a toll-free, nationwide Hotline (1-800-964-FDIC), electronic mail address (IGhotline@FDIC.gov), and postal mailing address. The Hotline is designed to make it easy for employees and contractors to join with the OIG in its efforts to prevent fraud, waste, abuse, and mismanagement that could threaten the success of FDIC programs or operations. To learn more about the FDIC OIG and for more information on audit and evaluation reports discussed in this Semiannual Report, visit our homepage: http://www.fdicig.gov Federal Deposit Insurance Corporation Office of Inspector General 801 17th St., NW Washington, D.C. 20434