Objective: To communicate examination findings and initiate appropriate corrective action.
Provide the EIC with conclusion of findings, focusing on:
The bankís policies, management information systems, controls, and their impact on the bankís capacity to operate in a safe and sound manner.
Compliance with established laws, rules, and regulations.
The quality and effectiveness of the bankís insider policies and procedures and the bankís vulnerability to insider abuse.
The adequacy of audit coverage of insider activities.
Any corrective action needed for deficient policies, practices, procedures, internal controls, or violations of law. In determining appropriate corrective action, consider whether deficiencies:
Reflect a lax attitude or lack of understanding of insider issues by management.
Resulted from bank personnelís lack of familiarity with the laws, rulings, and regulations, or bank-established policy.
Reflect a failure by bank management to implement corrective action for deficiencies cited at previous bank or regulatory reviews.
Resulted from specific weaknesses in the bankís systems.
Are technical and not expected to recur because adequate systems exist.
Determine the impact on aggregate risk and the direction of risk assessments for any risks identified when performing the above procedures. Examiners should refer to guidance provided under the OCCís large and community bank risk assessment programs.
Risk Categories: Compliance, Credit, Reputation, Strategic
Risk Conclusions: High, Moderate, or Low
Risk Direction: Increasing, Stable, or Declining
Determine, in consultation with the EIC, whether the risks identified are significant enough to merit bringing them to the boardís attention in the report of examination. If so, prepare items for inclusion under the heading Matters Requiring Attention (MRA). Use the following guidelines when preparing these items:
An MRA is a bank practice that:
Deviates from sound fundamental governance, internal control, and risk management principles, which may adversely impact the bankís earnings or capital, risk profile, or reputation if not addressed.
Results in substantive noncompliance with laws or internal policies or processes.
While there is no specific format for MRAs, when composing an MRA you should provide the following details:
Description of MRA;
Factors contributing to the problem, including its root cause;
Consequences of inaction;
Managementís commitment to corrective action; and
The time frame for corrective action and the person(s) responsible for taking such action.
Determine in consultation with appropriate OCC personnel whether any enforcement action should be recommended (e.g., formal agreement, cease and desist order, civil money penalty) or a Suspicious Activity Report should be filed.
Discuss findings with management, including:
Overall conclusions, specifically regarding applicable risks.
Violations of law or regulation and non-conformance with bank policy.
If applicable, commitment from management to correct violations of law and/or Matters Requiring Attention.
As appropriate, prepare an insider activities comment for inclusion in the Report of Examination.
Advise appropriate OCC offices of any insider borrowings in this institution that may affect insiders in another national bank (12 USC 1972(2)). Also advise the district office of similar situations that may affect state banks.
Update the OCC supervisory database and any applicable Report of Examination schedules or tables. When appropriate, add information regarding insider borrowings at other banks.
Organize and reference working papers in accordance with OCC guidance. Prepare a memorandum or update the work program with any information that will facilitate future examinations.