National RAAW Conference

1
New Approach for Examination

• National RAAW Conference
• August 28, 2006
• Tom McKenzie
• Roger Paulsen
• Chet Slipek
• Office of Examination

2
Todays Topics

• Fundamental Changes to Examination Philosophy and
  Approach
• New Risk Assessment Process
• National (Horizontal) Examination Activities

3
Portfolios and OE Structure
4
FCS Oversight
Regulations, Board Actions, Policy Positions,
Interpretations, Bookletters, etc.
Exam Guidance, Info. Memos, FCS Meetings, Sharing
Best Practices and Expectations, Systemic Risk
Analysis, etc.
Examination Activities, National Exam Activities,
Internal Control Validation, Institutional Safety
Soundness Assessments, FIRS Ratings, and
Communications with Boards, etc.
5
Strategies for Risk-Based Oversight

• Top Down Approach (Materiality or Importance to
  Mission)
• National Strategic Oversight Initiatives
• Internal Controls
• Governance
• Risk Management Systems
• Mission Accomplishment
• Oversight Activities
• National Exams
• Summary of OE Activities to FCA Risk Committee
• Emerging Interpretive and Policy Issues

6
Changing ProcessesEXAMINATION ? REPORT OF EXAM

• Movement From Traditional as of Examinations to
  Ongoing Targeted Risk Areas Based on Risk
  Assessment
• (Base Oversight Activities and Risk Pools for
  determining examiner resources)
• Quarterly FIRS Rating
• Ongoing Examination Communications Emphasized
• New Risk Assessment Process

7
Assessing Risk in New Ways

• Roger Paulsen, Director
• Risk Supervision
• Office of Examination

8
Risk Assessment Process

• Assesses 7 Risk Categories
• Credit
• Interest Rate
• Liquidity
• Operational
• Compliance
• Strategic
• Reputation
• Assesses Quantity and Quality of Management
• Assesses Prospectively (Based on current
  conditions and a reasonable assessment of
  possible future events or planned activities)
• Complements FIRS Ratings

9
Defining Risks Differently

• Credit Risk -- the risk to earnings or capital
  arising from an obligor's failure to meet the
  terms of any contract with the institution or
  otherwise fail to perform as agreed
• Interest Rate Risk -- the risk to earnings or
  capital arising from movements in interest rates
• Liquidity Risk -- the risk to earnings or
  capital arising from an institutions inability
  to meet its obligations when they come due,
  without incurring unacceptable losses
• Operational Risk -- the risk to earnings or
  capital arising from problems with service or
  product delivery

10
Defining Risks Differently, cont.

• Compliance Risk -- the risk to earnings or
  capital arising from violations of, or
  noncompliance with, laws, rules, regulations,
  prescribed practices, or ethical standards
• Strategic Risk -- the risk to earnings or capital
  arising from adverse business decisions or
  improper implementation of those decisions
• Reputation Risk -- the risk to earnings or
  capital arising from negative public opinion

11
Quantity vs. Quality

• Process includes assessing how much risk the
  institution is assuming and how well that risk is
  managed
• Focuses on risks assumed - Quantity of risks
• How well risks are managed - Quality of risk
  management

Quantity
Quality
Aggregate Risk


12
Rating Aggregate Risk

• Low, Moderate or High Risk
• Based on Level of Risk to Earnings and Capital

13
Assessing Risk Trends

• After rating each risk factor, an indicator
  reflecting the expected risk trend over the next
  36-month period is assigned

Increasing
Stable
Declining
14
Developing The Risk Profile
15
Factoring Internal Control Environment Into
Assessments
Internal Control Backdrop
16
Using Risk Assessments

• 36 - Month Oversight Plan
• Also, used for
• OE Operating Plan
• OE Business/Staffing Plan
• FCA Risk Committee
• FCA Board Oversight

17
Whats Next?

• Development and Validation Continues
• Current Working Draft Final by January 2007
• Share and Discuss Assessments with FCS
  Institutions

18
National Examinations

• Chet Slipek, Director
• Core Examination Team
• Office of Examination

19
National Examination Activity in 2006

• Information Technology (IT)
• What are we doing?
• Why this approach?
• How will it work?
• Who is involved?
• What other national activities are planned?

20
What Are We Doing?

• Nationally Focused Examination of IT Essential
  Practices
• Focus on
• Business Continuity
• Information Security
• Timeframes
• July - onsite/offsite examination activities
• August - results analyzed and summarized
• September - results communicated
• Combines Onsite Examination with Ongoing
  Oversight

21
Why This Approach?

• Leverages IT Expertise and Resources
• Broadens Examiners Experience and Expertise
• Improves Consistency and Quality of Analysis
• Identifies Best Practices
• Improves Communications
• Retains EIC/Lead Examiner as the Main Point of
  Contact

22
How Will It Work?

• Provide Advance Letter
• Analyze Previous Examination Results
• Examine Selected Institutions
• Focus on internal audit scope
• Summarize Overall Results
• Communicate Results to Sampled Institutions
• Share General Results, Recommendations, and Best
  Practices with All FCS Institutions
• Follow-up Through Ongoing Oversight (EIC)

23
Who Is Involved?

• FCS
• 28 total FCS institutions
• Large and small institutions
• All banks and most service providers
• 20 Associations
• FCA
• Project Leader - Melinda Huber, CISA
• Examination - IT Examiners and others
• Communications and corrective action
• follow-up EICs/Lead Examiners

24
What Other National Activities Are Planned?

• Shared Assets
• Asset Growth and New Markets
• Internal Controls and Audit Programs
• Compliance
• Finance (investments, derivatives, interest rate
  risk, etc.)
• Information Technology

25
Summary andParting Thoughts

• Summary
• Overview of FCAs Changes to Examination
  Philosophy and Approach
• Risk Assessment Process Added to Help Us Focus on
  Potential and Material Risks Nationally
• Horizontal and National Examination Activities
  Are Being Implemented
• Issues on Our Radar Screen

26
New Approach for Examination

• Thank You,Questions and Discussion?