Skip to main content
OCC Flag

An official website of the United States government

Appeal of Matters Requiring Attention and Component Rating (Third Quarter 2018)

Background

A bank supervised by the Office of the Comptroller of the Currency (OCC) appealed to the Ombudsman the conclusions from its most recent report of examination (ROE) issued by the supervisory office (SO). Specifically, the bank appealed the

  • Past-due designation assigned to the Allowance for Loan and Lease Loss (ALLL) Matter Requiring Attention (MRA);
  • Information Technology (IT) Reporting and Governance MRA;
  • the Staffing Levels MRA; and
  • the component rating of "3" for management.

Discussion

The appeal asserted that the past-due designation assigned to the ALLL MRA was not appropriate and the MRA should have been closed. The appeal states that the past-due designation was driven by management's timing of a charge-off for a collateral-dependent impaired loan. The appeal argued that management addressed the concerns designated as past due by implementing the required corrective actions to (a) update the policy and procedures to establish appropriate appraisal requirements for commercial impaired loan analysis and (b) detail the process to adjust, discount, and determine the net collateral value for impairment calculations.

The appeal disagreed with the IT Reporting and Governance MRA requiring management to provide a comprehensive annual information security report to the board as required by 12 CFR 30 appendix B, "Interagency Guidelines Establishing Information Security Standards," and to resume meetings of the bank's IT Steering Committee. The appeal argued that the bank met the information security reporting requirements and there is no requirement for the bank to have IT Steering Committee meetings, particularly if the board and management were properly advised of IT activities.

With respect to the Staffing Levels MRA, the appeal contended that staffing was not the root cause of the criticisms documented in the ROE and there was no support for the conclusion that staffing was inadequate or caused the issues. The appeal further argued that staffing discussions with the SO focused on the cost of employee compensation based on asset size and the SO did not consider the bank's use of third parties to achieve cost efficiencies.

Regarding the management rating, the appeal asserted that the criticisms cited in the ROE did not support the rating downgrade to a "3." The appeal argued that the concerns were not related to inadequate staffing or lack of oversight provided by management or the board.

Supervisory Standards

The Ombudsman conducted a comprehensive review using the following supervisory standards:

  • 12 CFR 30, appendix B, "Interagency Guidelines Establishing Information Security Standards"
  • "Bank Supervision Process" booklet of the Comptroller's Handbook, September 2007, updated in October 2017
  • "Corporate and Risk Governance" booklet of the Comptroller's Handbook, July 2016
  • "Internal and External Audits" booklet of the Comptroller's Handbook, December 2016
  • "Rating Credit Risk" booklet of the Comptroller's Handbook, April 2001
  • OCC Bulletin 2009-32, "Guidance on Prudent Commercial Real Estate Loan Workouts"
  • OCC Bulletin 2010-42, "Interagency Appraisal and Evaluation Guidelines"
  • OCC Bulletin 2014-52, "Matters Requiring Attention"
  • "Information Security" booklet of the Federal Financial Institutions Examination Council (FFIEC) Information Technology Handbook, September 2016
  • "Management" booklet of the FFIEC Information Technology Handbook, November 2015
  • Instructions for Preparation of Consolidated Reports of Condition and Income (call report instructions)

Conclusion

The Ombudsman concurred with the SO's designation of past due for the ALLL MRA. While management updated the ALLL policy and the board approved the policy, management did not comply with its ALLL policy or correctly apply accounting standards when measuring impairment for the impaired loan. An MRA is past due if the corrective action was not implemented within the expected time frame, or if during the validation process examiners determine that the corrective action is not effective or sustainable. Refer to OCC Bulletin 2014-52. As part of the SO's process to validate the bank's corrective actions, the SO reviewed an impaired collateral-dependent loan and determined that the bank did not appropriately calculate impairment and did not take a timely charge-off. While the bank obtained an appraisal on the collateral, the bank relied on a broker price opinion (BPO), received after the appraisal and noting a higher value, to substantiate the property's fair value and calculate impairment. Generally, a BPO cannot be used as an evaluation because, among other things, it does not provide a property's market value. Refer to OCC Bulletin 2010-42. Management did not promptly charge off the shortfall on the collateral-dependent impaired loan, which is counter to call report instructions and the bank's policy. The Ombudsman identified additional weaknesses with the bank's impairment calculation for the collateral-dependent loan that further supported the designation of a past-due ALLL MRA. The loan's rating was incorrect and an environmental site assessment was required to accurately calculate impairment. The Ombudsman revised the MRA to include additional deficiencies and corrective actions needed for the impaired loan.

The Ombudsman rendered a split decision regarding the IT Reporting and Governance MRA. The Ombudsman concurred with the SO on the reporting concern, noting that management did not report material matters regarding the bank's information security program to the board, and the multiple reports provided throughout the year did not provide a clear assessment of the bank's compliance with the information security program requirements. Regarding the IT Steering Committee concern, the Ombudsman agreed with the bank that a steering committee was not required to monitor IT activities because the board provided the appropriate oversight. The MRA was revised to remove the IT Steering Committee concern.

The Ombudsman concurred with the SO's conclusion regarding the Staffing Levels MRA, but revised the MRA to address additional weaknesses. The bank's personnel expense had declined and was not directionally consistent with growth, indicating that staffing levels may not have kept pace with growth. The Ombudsman also determined that the bank's use of third parties did not sufficiently explain why personnel expense was significantly inconsistent with growth. The Ombudsman required the board to evaluate current staff to ensure staffing was sufficient and possessed the core competencies for the increasing size, risk, and complexity of operations. The Ombudsman also determined that succession planning for key employees must be formally detailed to ensure that back-up of key personnel include staff who are appropriately trained until a replacement is identified.

The Ombudsman agreed with the bank that the examination findings supported a management rating of a "2." The MRAs and violations cited in the ROE were valid criticisms of bank processes, but the Ombudsman found that the issues were within management's capability to address in the normal course of business. If management fails to correct the weaknesses identified in the ROE, the weaknesses could negatively affect the management rating.