Ask the Examiner: Your Exam Questions Answered by a Former OCC Examiner

In our recent webinar How to Work with Examiners, two former OCC examiners tackled your questions about examiners from regulatory agencies and the exam process. With decades of experience between them, Rafael DeLeon, Ncontracts SVP of Industry Engagement, and Kathy Dick, founder and CEO of Salt of the Earth Consulting, offered their best advice on common exam challenges and misconceptions and how to build strong relationships with examiners. 

Here’s a sample of the questions they answered along with Rafael’s answers to questions the pair didn’t get to during the webinar:

• How bad is it to miss a deadline? 
• What can I do to reset an exam that starts off not so great? There are often misunderstandings. 
• How do you persuade internal managers that cooperating with examiners is more effective in the long term than taking an adversarial approach?  
• How should you communicate differences of opinions with examiners? 
• Are you aware of any 2024 hot topics related to examinations? 
• Is it okay to offer examiners snacks and drinks? 
• How soon before onsite arrival will an examiner know exactly what documents they will request? Is it different between institutions? 
• Is there such a thing as providing too much information? Is that frowned upon or welcome? 
• There appears to be a lot more emphasis by the examiners placed on the bank's compliance risk assessment. What has changed in recent years to explain the heightened emphasis?
• What is the best method of asking a question related to process/procedure, new products, potential issues outside of an exam?
• What new requests are you seeing since the new Interagency guidance for Third Parties OCC 2023-17 was released, or is it too early yet?
• What will examiners look for when determining compliance for re-presentment fees for overdrafts? Are clear disclosures enough to avoid a UDAPP violation?
• When an examiner makes a big deal out of a small thing, how can you help educate them on risk? We've had a lot of trainee examiners and that continues to be an area of concern.
• How are examiners assigned to a community bank exam? Does it mean anything for banks if the same examiners show up at every exam or if they are frequently changed?
• With the new vendor management guidance that was released in June, how do you interpret the monitoring of Nth-party relationships and what do you think the regulators will be looking for during the exam?
• What are good ways for fintechs to stay prepared for their bank partner's exam?
• Do you have suggestions for gathering documents from various departments at our bank?
• Have you run across a situation in which a financial institution refuses to share the exam results with their own CPA Audit Firm as part of the financial statement audit?  We are not allowed to send it to them, which we know, but they've been allowed to view specific portions in the past. Without this availability, there could be a scope limitation with adverse effects.  Just curious if you've seen this in your career?
• What are your top tips for working with examiners?

Q: How bad is it if a company misses a deadline? 

A: Although it is possible to explain certain things, examiners generally prefer not to be informed at the last minute that you are unable to meet a deadline. It is important to keep in mind that examiners expect progress to be made on any issues addressed in a report of examination (ROE) in order to assist the bank in addressing safety and soundness or compliance concerns. 

Lastly, it is also important to share with your examiners how you will approach any issue(s) and in what order. This will help to ensure that you and the examiner are on the same page.   

Q: What can I do to reset an exam that starts off not so great? There are often misunderstandings. 

A: Talk to the examiner in charge and have an honest conversation. Tell them “I think we got off to bad start.” If conversations go sideways during a meeting, here are some tips: 

• Take a moment to pause and regroup. Don't rush to continue if things feel like they are going downhill. Take a deep breath and gather your thoughts. 
• If nerves are getting the best of you, acknowledge that and ask the examiner for a few minutes to get settled before continuing. 
• Admit if you do not know the answer to a question. Offer to follow up with more information later if possible. Don't try to fake an answer. 

The key is to remain professional and composed. Seek clarification when needed. With preparation and practice, you can work to get the examination back on a productive track. 

Q: How do you persuade internal managers that cooperating with examiners is more effective in the long term than taking an adversarial approach? 

A: Respecting examiners is a common courtesy. You should treat people the way you want to be treated. It may not feel that way, but examiners have the bank’s best interests in mind. Also, adversarial approaches often backfire and can waste time and resources. I would also advise managers that full transparency with examiners builds trust, and trying to hide problems will make matters worse in the long run.    

Strong swimmers stick together. Poor swimmers stick together. The poor ones usually are blaming others. Examiners can see which institutions are open and honest and have good leadership and which ones don’t care. 

Q: How should you communicate differences of opinions with examiners? 

A: Stick to the facts. Whether it’s compliance or risk systems, start with measures and what the facts show. Maintain a respectful, professional tone. Be prepared to explain your position thoroughly. Provide context, rationale, and evidence to support your viewpoint. Ask thoughtful questions. Understand the examiner's stance and concerns so you can address them. I would also strongly suggest avoiding asking examiners any hypothetical questions and sticking to the facts. For every hypothetical question, there is a hypothetical answer. It’s easy to end up in a hypothetical rabbit hole.  

 Lastly, follow up in writing to document the discussion and seek clarity on any next steps. 

Q: Are you aware of any 2024 hot topics related to examinations? 

A: Any hot topics will be telegraphed by the regulators in their supervisory priorities for the year and quarterly communications. Also, speeches by the regulators are a good source of information as well as any blogs or regular communications from the agencies.  

Q: Is it okay to offer examiners snacks and drinks? 

A: Keep in mind that examiners are required to abide by ethical standards. Even if well-intentioned, it may not look appropriate to outsiders, so keep that in mind. Examiners need to remain detached and impartial. Lavish gifts or meals could call that into question. If you are not sure, ask the examiner.  

Q: How soon before onsite arrival will an examiner know exactly what documents they will request? Is it different between institutions? 

A: Examiners are encouraged to send out the request list for information beforehand to allow you to prepare and gather the reports. There are some documents that examiners ask for at every exam. But these are and can be different depending on the size, complexity, and risk profile of the institution. I suggest keeping track of the things that are requested regularly and you will help to build and recognize the consistency of the reports/documents requested to prepare for future exams.  

Q: Is there such a thing as providing too much information? Is that frowned upon or welcome? 

A: Providing too much information to examiners can be overwhelming. Don’t bury them in paper and make it hard for examiners to find what they need. Examiners have limited time onsite. Important details could get lost in a flood of extraneous information. Unfocused information dumping could make examiners question the bank's organizational abilities and controls. 

The best approach is to provide concise, relevant, high-quality information tailored to the examiner's requests and scope. Ask for clarification if unsure whether something is needed. Be responsive but judicious. Offer to provide additional details if requested.

Are you exam ready? Get there with Ncomply today.

Q: There appears to be a lot more emphasis by the examiners placed on the bank's compliance risk assessment. What has changed in recent years to explain the heightened emphasis? 

A: The increasing complexity of how consumer risk and compliance issues are viewed has elevated the importance of compliance. There are several reasons why regulatory attention has shifted towards compliance risk in banks. The banking laws and regulations have become more intricate and demanding, requiring more thorough compliance reviews, especially in areas such as Bank Secrecy Act (BSA), anti-money laundering, customer due diligence, third-party risk management and fair lending. There have been some high-profile compliance failures at financial institutions and fintechs that have also led regulators to scrutinize the effectiveness of risk management practices more closely. Fair treatment of customers is a priority.  

The compliance risk assessment helps you communicate to the board and the examiner what the highest priorities are, and which areas don’t need as much attention. It says, “Here is what we’re focusing on and why we’re doing it.” That’s a good discussion to have with examiners. 

Q: What is the best method of asking a question related to process/procedure, new products, potential issues outside of an exam? 

A: Definitely call or email your examiner. Each bank usually has an assigned regulator they work with regularly. Leverage these relationships as a first line of inquiry. Frame the question clearly. Provide the regulator with the necessary background and explain exactly what you want to know or get guidance on. Submit written inquiries when feasible. Email or letters can help to clearly document the issue and conversation for future reference. 

Q: What new requests are you seeing since the new Interagency guidance for Third Parties OCC 2023-17 was released, or is it too early yet? 

A: The focus will likely be on enhancing due diligence, monitoring, and contingency planning for third parties under the new guidance. Here are some suggestions:  

• Review your third-party risk management policies to ensure alignment with new guidance on risk assessments, due diligence, contracts, and oversight. 
• Address any changes you have made to third-party risk management frameworks to address new guidance. 
• Documentation of comprehensive third-party inventories and mapping of connections/interdependencies and concentrations. 
• Details on third-party audit programs - scope, results, issue remediation. 
• Data on monitoring and oversight activities such as site visits, training, and performance reviews. 
• Testing documentation of business continuity and exit strategies for third parties. 
• Board and senior management reporting on third-party risk and mitigation strategies.

Q: What will examiners look for when determining compliance for re-presentment fees for overdrafts? Are clear disclosures enough to avoid a UDAPP violation? 

A: The first indication that an examiner will want to look in that area is consumer complaints. If there are consumer complaints, they’ll do some lookback to see if there is consumer harm.  

Q: When an examiner makes a big deal out of a small thing, how can you help educate them on risk? We've had a lot of trainee examiners and that continues to be an area of concern. 

A: Talk to the examiner in charge. That’s the person in charge of trainees. It’s good to level set expectations.  

Over time examiners learn perspective. My dad was a banker. The best advice that he gave me when I first began examining was: Remember that I have a lot to offer you from my 30 years’ experience and you have a lot to offer me in one year’s experience, but neither of us knows everything.  

Go back to the facts. Ask them why this is important to them? Is it an issue at other institutions? What are you seeing? It helps to defuse a tense situation with a young examiner. 

Q: How are examiners assigned to a bank exam? Such as for community banks? Does it mean anything for banks if the same examiners show up in every exam or if they are frequently changed?  

A: Banks are supervised by a local office where a limited number of examiners are available. I have been part of many examination teams before becoming the examiner-in-charge. Typically, the examiner-in-charge is replaced within 5 years or less. Three to five years is a good rule of thumb followed by most agencies. However, the duration of the examiner-in-charge tenure can depend on staffing resources and the expertise of that examiner.   

Q: With the new vendor management guidance that was released in June, how do you interpret the monitoring of Nth-party relationships and what do you think the regulators will be looking for during the exam? 

A: My take on Nth Party (aka fourth-party or subcontractor) relationships is that it will start with the financial institution’s risk assessment of critical and high risk third parties. Those are the ones where they’ll begin looking at 4th and 5th parties. You can expect more questions from examiners.  Also, ask the examiner for their thoughts and how they are seeing other banks address it.  Bottom line, the examiners want to see the tools, processes, and systems that a bank is using to manage all third parties and how that information is conveyed to the board of directors.   

Q: What are good ways for fintechs to stay prepared for their bank partner's exam? 

A: To stay prepared for their bank partner's exam, fintechs should establish regular lines of communication with their bank. It's recommended to touch base with them on a weekly or monthly basis to discuss what they are seeing and hearing from regulators. This is a great way to stay informed and be better prepared for the exam. It must be noted that a fintech will not be privy to confidential supervisory information and issues unless the issues are so egregious that they are set forth in a public enforcement action. 

Q: Do you have suggestions for gathering documents from various departments at our bank?  

A: Yes, keep it all in a centralized location.  Also, as additional information is requested, I recommend you keep track of what was originally requested in a request letter from the agency and the additional items that may be requested during the exam.  Gathering and preparing these reports can be time consuming so if you have some ideas of additional reports that examiners are requesting you can make sure you know the best way to access those reports.  If it was requested by an examiner once, they will probably follow-up on something from a previous exam.   

For exam request lists, if possible, provide access to that centralized location to the examiners. It  helps to avoid printing out all documents. Again, the default course of action I recommend is to talk to your examiners.   

Q:  Have you run across a situation in which a financial institution refuses to share the exam results with their own CPA Audit Firm as part of the financial statement audit?  We are not allowed to send it to them, which we know, but they've been allowed to view specific portions in the past. Without this availability there could be a scope limitation with adverse effects.  Just curious if you've seen this in your career?   

A: Yes, I have encountered such situations in the past. The examination report is considered confidential, especially the bank's rating. In case the bank is unsure about how to handle this issue, it should always seek guidance from its regulator on how to proceed.  Exam reports contain confidential supervisory ratings, enforcement actions, and concerns that regulators don't want publicly released. Regulators will specify which sections of the exam report can be shared if they grant permission. Often, confidential ratings or sensitive content will be redacted. The reports can only be shared with external auditors and cannot be disseminated more broadly. External Auditors must agree to keep the reports confidential and use them only for conducting the bank's annual audit. 

Q: What are your top tips for working with examiners? 

A: Here are a few of my best tips: 

• Recognize examiners are people. Examiners aren’t out to play a game of gotcha. They just want to ensure the safety and soundness of the banking system. Like you, they are professionals who want to do a good job. They have bosses and good days and bad days. Most of the time they get it right, but sometimes they get it wrong.  
• Regular dialogue. Exam time shouldn’t be the only time you check in with your examiner. If you’re thinking about trying something new (especially exploring a fintech or BaaS relationship), it’s smart to check in and ask for input. Think of your examiner as a resource. 
• Transparency. Don’t hide a problem and hope your examiner won’t find it. The cover up may not be worse than the crime, but it’s definitely a close second. 
• Let examiner know about issues. Your examiner cares about safety and soundness. Knowing a problem exists and recognizing that your financial institution is committed to identifying and correcting problems shows that your institution is committed to those save values. It builds trust. 
• Follow examiner’s lead for cadence. You should check in with your examiner, but you don’t want to overwhelm them.  
• Send follow up email recapping meeting. How often do you hear one thing while the person sitting next to you heard something else entirely? That can happen in exams too. It’s smart to send an email to your examiner recapping your meeting, including any key takeaways and action items. 
• Keep emotion out of it. It’s okay to disagree with an examiner, just do it in a way that’s respectful and based on facts. This is where having a good relationship with your examiner is especially valuable. When you know someone, you’re more likely to assume good intent and stay rational. 

View our webinar "How to Work with Examiners" to learn more.