Posted by: David Schneier
Audit, bank, banking, compliance, credit union, CU, exam, examiner, FDIC, GLBA, NCUA, OCC, oversight, regulations, regulatory, Regulatory Compliance
I was catching up on my industry emails the other day and buried in my FDIC email folder was Financial Institution Letter FIL-13-2011, sent out on March 1st. Truthfully I usually pay close attention to their Friday afternoon blasts regarding bank closings and only skim the rest. But this one jumped right off the screen because it addresses one of the great mysteries I’ve struggled with in this industry.
Whenever I’ve been engaged by a banking client to help them resolve findings surfaced during an exam, my first question almost always is “What did the examiner suggest you do about this?” which is usually met with a blank stare. When new or modified regulations are issued and go into effect, I’m fond of recommending to my clients that they contact their examiner for guidance on how best to address it. Again, the typical response is either a strange look or they pretend I didn’t say anything at all. Why is it that financial institutions are so reluctant to engage in dialogue with their examiners?
That was the spirit of the FDIC FIL. It was titled “Reminder on FDIC Examination Findings” and it was intended to remind their member institutions to work with them when dealing with findings and establish a dialogue. It pointed out that “an open dialog with bank management is critical to ensuring the supervisory process is effective in promoting an institution’s strong financial condition and safe-and-sound operation.” It further went on to point out that “if an institution disagrees with examination findings, it should address those concerns through communication with the examiner, field office management, or the appropriate regional office staff.” Good advice, but likely words falling on deaf ears (or blind eyes).
I’ve only conducted audits in my career, as I’ve never been an examiner for any of the oversight bodies. But one thing I can tell you is that when I detail a finding in an audit report it’s always accompanied by recommendations for remediation along with suggestions on how best to approach managing the work. I would never write up anyone or something where I didn’t have a clear idea about how it should be working along with a solid approach for getting there. I can assure you that by and large the same is true for your examiners. They are not only experts on measuring and assessing procedures and controls, but because they see such a wide range of solutions during their travels, they are uniquely positioned to provide guidance on how you should be doing things.
If you disagree with a finding, you need to let your examiner know. But you will need to qualify your position and articulate it in such a way so that they can consider compensating factors that they might have missed.
A few years back I coined the following definitions: an auditor is someone who knows if your answer addresses the question, a good auditor is someone who knows if you gave the right answer to the question and a great auditor is someone who knows if you offered your best answer to the question. I’m always amazed by how many findings I’ve encountered in my career where there were clear compensating controls in place to mitigate the associated risk that no one ever took into consideration. I’m also often amazed how despite a clients being aware that an examination finding doesn’t hold up under scrutiny, for similar reasons makes no attempt to discuss it with their examiner. It’s almost as if though they’re afraid to engage them in conversation lest they find even more issues to report.
The problem I suspect is rooted in the basic fear that the examiners are looking for something to write about in their reports and so the less attention you bring upon yourself or your institution the better off you are. The reason so few institutions dispute what they consider questionable findings is that no one wants to anger the person writing the report, lest they seek revenge the next time around. Of course that’s all remarkably flawed logic.
Let me share a secret with you; my favorite audits are those where I find a cooperative staff and a management team committed to running things right. It sort of inspires me to do my best work and only present them with findings that are relevant and which will help them strengthen their infrastructure in a meaningful way; and I’m certain a vast majority of examiners for the FDIC and their oversight partners are the same exact way (in large part because I know a few of them). If you seek to forge a partnership with them you’ll find a productive relationship that winds up benefiting both sides. However, if you continue to perceive the relationship as somewhat adversarial, that’s what you’ll be burdened with.
The examination process and the people who staff the function play an important role in helping keep the industry running right. At a minimum they’re there to measure and assess their member institutions to identify issues before they grow into problems. What they’re really there to do is help you figure out how to manage things more effectively to protect depositors that fall under their jurisdiction. Fundamentally that’s what you’re supposed to be doing and so it only makes sense that you work together.
Am I advocating that “examiners are your friends, don’t be afraid?” No. I am recommending that you engage their knowledge and expertise and trust that they want to work with you. Odds are quite high that it will result in a less painful examination process and one where everyone comes out ahead. Oh and one more thought, if they recommend you manage something a certain way, it’s almost a guaranteed pass on the exam because they’re likely to think what you did was pure genius.