Lack of compliance with some of the federal bank deposit insurance agency’s acquisition policies and procedures thwarted its ability to ensure proper contract oversight management during the failure of three large regional banks in 2023, according to a report by the agency’s inspector general released Wednesday.
The Federal Deposit Insurance Corp.’s (FDIC) Office of Inspector General (OIG), in a 50-page report, said agency personnel did not follow some emergency acquisition procedures while awarding two resolution and receivership contract actions. The contract actions were in conjunction with the failures of Silicon Valley Bank of Santa Clara, Calif., Signature Bank of New York, N.Y., and First Republic Bank of San Francisco. The first two banks failed in March 2023; the latter bank in late April that year.
“FDIC management did not ensure that all aspects of the FDIC’s emergency acquisition process were followed because they perceived the need to employ ‘maximum flexibility’ due to the historic nature of the potential crisis and the need to facilitate procurement actions that met the FDIC’s immediate need,” the OIG report states.
The report calls emergency preparedness for procuring services in the face of financial institution failures and systemic financial risks “key to the FDIC’s mission of maintaining stability and public confidence in the U.S financial system.”
The report makes several recommendations to the agency to improve its contracting procedures. Those include: establishing financial advisory and consulting services Receivership Basic Ordering Agreements (RBOA); establishing an upfront pricing framework within financial advisory and consulting services RBOAs; establishing an emergency response acquisition team; and developing and implementing periodic testing exercises for key FDIC employees.
The report also recommends the agency “review the work performed and information used by four non-U.S. citizens and take appropriate action.” Under FDIC rules, any personnel performing functional responsibilities designated at the “high risk” level must be U.S. citizens. A contractor performing work for the FDIC related to the resolution and receivership of the banks had allowed four non-citizens to participate in the labor. The FDIC only found out about that after the contractor submitted a waiver request related to the workers.
However, the OIG report notes, “the FDIC did not analyze what work was performed, what data was accessed by these four non-U.S. citizens, and over what period of time,” the report states. “The FDIC also did not determine whether these individuals’ access to information represented a potential security incident.
FDIC OIG: The FDIC’s Procurement of Resolution and Receivership Services