Top Management and Performance Challenges Facing the Federal Deposit Insurance Corporation
February 19, 2021 / Source: FDIC OIG
Thursday, February 18, 2021
The Office of Inspector General (OIG) at the Federal Deposit insurance Corporation (FDIC) has issued its report identifying the Top Management and Performance Challenges (TMPC) facing the FDIC. The purpose of this document is to summarize the most serious challenges facing the agency, and to briefly assess its progress to address them.
The TMPC document is based on the OIG’s experience and observations from our oversight work, reports by other oversight bodies, review of academic and relevant literature, perspectives from Government agencies and officials, and information from private-sector entities. This year, we identified the following 10 Top Challenges facing the FDIC:
- Ensuring Readiness in a Pandemic Environment: The FDIC should continue to stand ready to fulfill its mission to maintain financial stability in the banking system, and to identify and mitigate risks through examinations. The FDIC should also prepare for bank failures in the event that losses overwhelm banks. Further, the FDIC should review banks’ adherence to Government-guaranteed loan program requirements (such as the Paycheck Protection Program) and identify risks that may affect the safety and soundness of a financial institution.
- Mitigating Cybersecurity Risks in the Banking Sector: In recent months, cyberattacks against banks have increased with growing frequency and severity, and may intensify during the pandemic. The FDIC should ensure that it has IT examination processes and staff with the requisite skills to identify and mitigate cybersecurity risks at banks, including those associated with third-party service providers.
- Improving IT Security Within the FDIC: Federal agencies face a growing risk of cybersecurity incidents. The rapid transition to remote work in response to pandemic protocols amplifies the Government’s reliance on IT systems and accelerates implementation of technologies. The FDIC must have robust controls to secure its systems and ensure the protection of its information and data.
- Securing FDIC Personnel, Facilities, and Information: The FDIC is responsible for protecting a workforce of approximately 5,800 employees and 1,600 contract personnel who work at 94 FDIC facilities throughout the country. The FDIC should continue to strengthen its programs to ensure that its facilities are secure, that staff meet suitability requirements, and that the FDIC work environment is safe and free from discrimination and harassment. The FDIC should also maintain the security of its IT systems and hard-copy records containing sensitive information about banks and PII of employees, contractors, bank management, and bank deposit holders.
- Ensuring and Aligning Strong Governance at the FDIC: Effective governance is critical to ensure that the FDIC assesses risks and consistently implements its policies. The FDIC should ensure the establishment and proper function of its governance processes, including an Enterprise Risk Management program. Quality data is also a critical component of FDIC governance to allow the Board, Executives, and Managers to assess the effectiveness of FDIC programs.
- Augmenting the FDIC’s Sharing of Threat Information: Sharing threat information is critical to ensuring that banks and examiners have the necessary information to protect financial institutions, the banking sector, and the economy. Timely and actionable threat information allows bank management to mitigate risks and thwart dangers, and prompts the FDIC to adjust supervisory strategies in a timely fashion. Without effective threat information sharing, policy makers, bank examiners, and bank management may be unaware of threats that could affect the integrity, safety, and soundness of financial institutions.
- Supporting Diversity in Banking: Minority communities and businesses have suffered significantly during the pandemic. The FDIC plays an important role to support Minority Depository Institutions that serve and promote minority and low- and moderate-income communities. This work can be enhanced with the FDIC’s continued commitment to diversity and inclusion in the Federal regulatory process, which is critical for the FDIC to foster greater financial inclusion for all Americans.
- Managing Human Resources and Planning for the Future Workforce: Forty-two percent of FDIC employees (nearly 2,400 individuals) are eligible to retire within 5 years. The FDIC faces retirement rates of almost 60 percent among FDIC Executives and Managers over that same time period. The FDIC should continue to manage the agency’s exposure to gaps in leadership and mission-critical skills, especially given the significant investments in, and time required for, bank examiner commissioning.
- Overseeing Contracts and Managing Supply Chain Risk: The FDIC’s contracting budget for 2021 is approximately $549 million, including an increase from 2020 of more than $166 million (43 percent) for contractor-provided services. The FDIC should execute a contracting program that ensures effective oversight of its acquisition of goods and services. In addition, the FDIC should ensure that it adequately manages and mitigates supply chain risks associated with such contracts.
- Enhancing Rulemaking at the FDIC: The FDIC should have a transparent rulemaking process that balances the need for regulation and the burden on financial institutions’ compliance. A foundational component of rulemaking is reliable information to measure a regulation’s costs and benefits.