An important part of the examination and inspection of banking organizations is the communication of findings to the directors and senior management. Examination and inspection findings may be communicated in writing through formal reports, through letters summarizing the results of targeted reviews or a roll-up of those reviews, or through some combination thereof, depending upon the size and complexity of the organization. These written communications are generally directed to the board of directors, an executive level committee, or senior management, as appropriate.
To be effective, the communication of examination and inspection findings must be: (1) written in clear and concise language; (2) prioritized based upon importance; and, (3) focused on any significant matters that require attention. In addition, written communications to a board of directors should clarify whether the action must be taken directly by the board or whether the action may be delegated by the board even though the board would continue to be held accountable.
To improve the consistency and clarity of written communications, the Federal Reserve will use standardized terminology to differentiate among:
In written communications to the organization, Matters Requiring Immediate Attention (MRIA) encompass the highest priority concerns and include matters that have the potential to pose significant risk to the organization’s safety and soundness or that represent significant instances of noncompliance with laws and regulations. These concerns must be addressed immediately by the board of directors or senior management. The action required to address the concern may be a single, short-term event such as injecting capital or it may involve the development of an action plan with remedial actions identified within a specified timeframe. All MRIAs must specify a timeframe for completion. The key element is that action to address the concern must begin immediately. Examples of MRIAs include replenishing loan loss reserves to adequate levels, updating critical operating policies after a significant expansion of operations, correcting significant violations of substantive provisions of laws or regulations or major program deficiencies that significantly contributed to or caused the violations, and making restitution to borrowers as may be required in connection with certain violations of Regulation Z.
Matters Requiring Attention (MRA) have a lower priority than MRIAs, but nonetheless are matters that, based upon current information, must be addressed over time to preclude a significant issue. While issues giving rise to MRAs must be addressed to ensure the long-term operation of the organization in a safe and sound, and compliant manner, the threat to safety and soundness is less immediate than with issues giving rise to MRIAs. Examples of MRAs could include developing management succession plans, correcting violations of the technical disclosure requirements of consumer protection laws or regulations, or addressing information technology (IT) system upgrades or compliance management system enhancements that a banking organization may need to make as it expands its business over time. The key distinction between MRIAs and MRAs is the immediacy with which the board of directors or senior management must begin and accomplish remediation.
Reserve Banks must formally communicate MRIAs and MRAs to the organization in writing through an examination or inspection report or a letter summarizing the results of a target review or a roll-up of such reviews. When included in a safety and soundness examination or inspection report, MRIAs and MRAs should be noted on the Matters Requiring Attention page. In the case of findings from consumer compliance examinations, MRIAs and MRAs should be reflected in the Executive Summary and Examination Ratings section of the Consumer Affairs Report of Examination.
Observations may be communicated within the body of the reports or conveyed informally to the organization. For example, Observations related to enhancement to funds management policies or practices could be included in the segment on Liquidity Risk Management or discussed with appropriate management personnel. Similarly, Observations pertaining to consumer compliance issues, such as a suggestion that the bank augment the training program to take into account upcoming changes to a consumer protection law or regulation, could be included in the written report or addressed through informal communications with management.
Communications must specify a timeframe in which the banking organization must complete the action. The expected timeframe for addressing MRIAs is generally short, and may be “immediate.” In the case of safety and soundness findings, corrective actions should be completed within an examination cycle. With respect to consumer compliance deficiencies, corrective actions should be fully implemented within twelve months or sooner, as directed. Supervisory staff should work with senior bank management on the timeframe; however, safety and soundness and consumer compliance risk concerns will remain a priority. For MRIAs that are necessary to preserve or restore the viability of a banking organization, the timeframe should take into account potential loss to the Federal Deposit Insurance Corporation and whether a delay in action will increase the potential for loss or the cost of resolution.
Communications must also specify a timeframe for MRAs. The timeframe, at least initially, may be imprecise because the organization may first need to complete preliminary planning. The supervisory team may establish the timeframe; however, in some instances, it may be appropriate to request that the institution set forth a reasonable timeframe, subject to supervisory staff concurrence. Timeframes for MRAs are likely to become more precise over time or as circumstances change. Timeframes that span more than one examination cycle for safety and soundness issues should include precise or estimated interim targets or thresholds. Similarly, timeframes that exceed twelve months for consumer compliance issues should include appropriate interim reporting requirements.
As a general rule, examiners should expect fewer MRIAs or MRAs in stronger organizations than in weaker ones. However, the presence of MRIAs or MRAs does not preclude a strong or satisfactory rating. For example, while correction of any violation of law is essential, the presence of inadvertent violations that do not expose the organization to significant risk (such as insufficient Federal Reserve stock shortly after a capital injection or a technical exception) would not preclude a strong rating if all other factors supported that rating. Conversely, the presence of a large number of examination findings that give rise to MRIAs or MRAs that represent a threat to the safety and soundness of the organization or that signify an elevated consumer compliance risk exposure would generally preclude a satisfactory rating and may require consideration of an enforcement action. For institutions between these extremes, examiners should determine the impact of MRIAs and MRAs on ratings and assess the need for an enforcement action by considering the severity of these weaknesses and their relative importance in light of all the factors influencing the assessment of the organization. The Federal Reserve is adopting this common terminology to enhance the focus and efficiency of communicating supervisory expectations and overseeing their implementation. The adoption of this standardized terminology does not alter the Federal Reserve’s well-established risk-focused process by which it assesses and rates the condition of banking organizations.
Reserve Banks are encouraged to include descriptions of the three categories of findings in the document communicating findings.1 Regardless of whether a finding is a MRIA or MRA, the communication should be clear as to whether the board of directors or senior management is accountable for implementing remedial action. Additional details surrounding each of the three categories of findings are discussed in the attachment.
Reserve Banks should incorporate the standardized terminology into the communication of examination and inspection findings, beginning immediately.2 Over the next eighteen to twenty-four months, the implementation of the standardized terminology will be evaluated for effectiveness and reviewed for compliance with this SR/CA letter. The Supervision Committee’s Subcommittee on Supervisory Administration and Technology (SSAT) will sponsor the development of a database to enable System tracking of examination and inspection findings. Questions pertaining to this letter should be addressed to Nancy Perkins, Assistant Director, BS&R at (202) 973-5006, or Timothy R. Burniston, Assistant Director, DCCA (202) 452-3488.