I am pleased to present the OCC’s financial statements as an integral part of the Annual Report Fiscal Year 2016. For FY 2016, our independent auditors again have rendered an unmodified opinion.
This unmodified opinion reflects the OCC’s ability to maintain its strong internal control environment, which is the foundation of accurate financial reporting and the safeguarding of agency assets. The OCC continuously strives for strong internal controls by carrying out the guidance contained in Office of Management and Budget (OMB) Circular A-123, “Management’s Responsibility for Enterprise Risk Management and Internal Control.”
The OCC provides additional assurances under other government requirements to demonstrate its strong internal control environment, supported by activities that track, maintain, and safeguard OCC resources. For example, the OCC provides assurances that its system security program substantially complies with the requirements of the Federal Information Security Management Act of 2002 (FISMA) and that the agency has sufficient controls in place to minimize improper or erroneous payments, in compliance with the Improper Payments Elimination and Recovery Improvement Act of 2012 (IPERIA).
The OCC is a nonappropriated agency and receives the majority of its funding through assessments and fees paid by banks. The OCC uses these monies to fund its operating costs, which include personnel, travel, and training. These three items represent 77.7 percent of the OCC’s total annual operating budget.
The agency’s budget and planning processes support the OCC’s strategic goal of “One OCC,” which focuses on collaboration, innovation, and process efficiency. The OCC’s efforts in this area included horizontal reviews of the agency’s resources, which supplemented the agency’s new program-costing structure and were designed to capture meaningful data on the use of agency resources. In addition, the OCC implemented an enterprise-wide workforce planning process, aligned with the FY 2017 budget process, to improve the agency’s allocation of resources for risk-based supervision and operational efficiency. Aligning the workforce requirements with the OCC’s strategic plan enables the agency to keep pace with the changing landscape of the banking industry and labor market.
In FY 2016, leadership development was a key OCC priority. After a thorough review of the agency’s Human Capital organization and the practices of other government agencies, the OCC established a new organization within the Office of Management (OM). The newly created Leadership, Executive, and Organizational Development organization aligns the functions of Organizational Development and Leadership Development, combining the strengths of both groups, while expanding executive development and resources. The new organization is responsible for advancing the OCC’s Leadership Vision, which describes the ideal attributes and behaviors of an OCC leader, guides the development of leadership competencies, and serves as a compass for current and developing leaders. The OCC cultivates this vision by developing employees who embody the agency’s core values of integrity, expertise, collaboration, and independence.
The agency’s OM reorganized its acquisition management, workplace services, and security office business units into a new Administrative Operations department. This realignment provides Deputy Comptroller-level strategic management over key administrative operations and services. It is consistent with other government agencies’ organizational structures, and it places the OCC’s administrative operations and transactional support services under a senior manager.
In FY 2015, the OCC launched an effort to gather information on current workspace conditions, discuss lease-related issues, and meet with building management when necessary to discuss opportunities for improving the workspace. As of September 2016, assessments of two district offices, 22 field offices, and 11 satellite offices had been completed. The OCC is committed to safeguarding employees’ personal data and sensitive banking information. The agency continues to invest in cybersecurity staffing, security technologies, and multiyear continuous monitoring and compliance authorization initiatives, including awarding a new contract for an around-the-clock cyber defense center with expanded capabilities. The OCC also implemented a data loss prevention program focused on employee training and culture, continuously improving processes, and making technology enhancements. The agency is executing its multiyear strategy for disaster recovery and business continuity, and has awarded a managed disaster recovery service contract and is moving forward with its implementation. The solution provides coverage for the OCC’s business-critical applications and their supporting infrastructure.
To maintain regulatory compliance, the OM compliance team worked with the OCC’s legal department and OM leaders to identify new regulatory requirements and coordinate efforts to strengthen compliance with those requirements. These included an evaluation of the Federal Information Technology Acquisition Reform Act (FITARA) to identify compliance requirements that are applicable to the OCC, and implementation of new e-mail records management requirements issued by the National Archives. The compliance team also worked with OM units to resolve and close all open audit findings and to enhance controls within business processes. The team initiated a comprehensive review of OM policies, resulting in revision and reissuance of approximately 25 percent of all policies. The policy revision program will continue into FY 2017. OM coordinated with the OCC’s Enterprise Governance organization to enhance quality control functions across the agency and expand the tracking of key metrics.
Moving into FY 2017, the OCC will continue its commitment to preserving and enhancing its strong internal control environment, one that supports the agency’s core mission: ensure that banks operate in a safe and sound manner, provide fair access to financial services, treat customers fairly, and comply with applicable laws and regulations.