Your primary federal regulator shapes how examinations are conducted, what terminology is used, and how findings are communicated. Compliance officers who have only worked at FDIC-supervised institutions often experience culture shock when moving to an OCC-regulated bank, and vice versa. The underlying regulatory standards are largely the same, but the examination approach, reporting structure, and supervisory expectations diverge in ways that directly affect how you prepare.
Key Takeaways:
- The OCC uses continuous supervision with dedicated examiners; the FDIC uses periodic examination cycles
- MRA/MRIA (OCC) and formal/informal enforcement (FDIC) carry different escalation paths and response timelines
- OCC examiners tend to focus more on forward-looking risk management; FDIC examiners emphasize compliance with specific regulatory requirements
- Preparation strategy should match your regulator's examination philosophy, not a generic checklist
Different Supervisory Models
The fundamental difference between OCC and FDIC examinations starts with how each agency structures its supervision.
OCC: Continuous supervision. The OCC assigns a dedicated supervisory team to each national bank and federal savings association. For larger institutions, the lead expert (or portfolio manager) maintains an ongoing relationship with the bank, conducting supervisory activities throughout the year, not just during formal examination windows. Even for smaller national banks, the OCC's district offices maintain closer ongoing contact than the FDIC's periodic examination model.
This means OCC-supervised banks are in a near-constant state of examination. Supervisory activities might include targeted reviews, interim discussions with management, call report analysis, and thematic reviews of specific risk areas between full-scope exams. The annual examination is the culmination of year-round supervisory work, not a standalone event.
FDIC: Periodic examination. The FDIC examines state-chartered non-member banks and savings institutions through scheduled examination cycles, every 12 months for most banks, or every 18 months for qualifying institutions under $1 billion in assets per 12 U.S.C. § 1820(d). Between examinations, the FDIC monitors institutions through off-site analysis (call reports, financial data, complaints) but generally does not maintain the same continuous on-site presence.
For compliance officers, this distinction matters. At an OCC-supervised bank, you should expect supervisory requests and inquiries throughout the year. At an FDIC-supervised bank, preparation tends to concentrate around the formal examination window. Understanding your specific exam preparation timeline is critical to allocating resources correctly.
Examination Manuals and Frameworks
Each agency publishes its own examination guidance, and while they cover similar regulatory ground, the organization and emphasis differ.
OCC: Comptroller's Handbook. The OCC's Comptroller's Handbook is organized into booklets covering specific areas; Bank Supervision Process, Community Bank Supervision, Asset Management, Commercial Lending, BSA/AML, Consumer Compliance, and others. Each booklet includes detailed examination procedures, risk indicators, and expanded guidance. The handbook reflects the OCC's risk-based philosophy: procedures are organized around identifying, measuring, monitoring, and controlling risk rather than simply checking for rule compliance.
FDIC: Risk Management Manual of Examination Policies. The FDIC's Risk Management Manual provides parallel guidance but with a different organizational structure. The FDIC also relies heavily on the FFIEC interagency examination procedures for specific regulatory areas (BSA/AML, consumer compliance, IT). The FDIC manual tends to be more prescriptive in places, providing specific items examiners must verify rather than broader risk-assessment frameworks.
Practical impact: OCC examination procedures often include subjective risk-assessment questions: "Does the bank's risk management framework adequately identify emerging risks?" FDIC procedures are more likely to include binary verification: "Has the bank filed all required SARs within the 30-day deadline?" Both agencies will find the same violations, but the path to the finding differs. OCC examiners may identify a systemic risk management weakness; FDIC examiners may identify the same problem as a series of specific regulatory violations.
MRA, MRIA, and Finding Terminology
One of the most confusing differences for compliance officers moving between OCC and FDIC-supervised institutions is the terminology used to communicate examination findings.
OCC Terminology
The OCC uses a structured hierarchy for supervisory concerns:
Matters Requiring Attention (MRA): A supervisory concern identified during examination that requires the bank's board or management to take corrective action. MRAs are formally communicated in the Report of Examination (ROE) and tracked by the OCC until resolved. An MRA is not a formal enforcement action, but unresolved MRAs escalate.
Matters Requiring Immediate Attention (MRIA): A more severe finding that represents a significant deficiency requiring urgent corrective action. MRIAs typically involve safety and soundness concerns, significant compliance failures, or situations where delay could result in harm. The OCC expects a written response and action plan within a compressed timeframe, often 30-60 days.
The OCC also issues Supervisory Concerns in some contexts, less formal observations that don't rise to MRA level but warrant management attention.
FDIC Terminology
The FDIC uses a different classification framework:
Violations of law or regulation: Specific citations of regulatory non-compliance. These are categorized by severity, the FDIC uses a violation tracking system that distinguishes between repeat violations, pattern violations, and isolated instances.
Contraventions of policy/guidance: Findings where the bank's practices don't align with interagency guidance or FDIC policy statements, even if no specific statute is violated.
Recommendations and observations: Lower-severity findings that don't constitute violations but represent areas where the bank should strengthen its practices.
Formal enforcement actions: Consent orders, cease-and-desist orders, and civil money penalties represent the most severe outcomes, used when informal supervisory action has failed or the situation warrants immediate formal response under 12 U.S.C. § 1818.
Why This Matters
An OCC MRA and an FDIC violation may describe the exact same deficiency, but they carry different response expectations, tracking mechanisms, and escalation paths. If your bank's charter changes, or if you're comparing examination results across institutions, understanding the terminology mapping prevents misinterpretation.
| OCC Term | Approximate FDIC Equivalent | Severity |
|---|---|---|
| Supervisory concern | Recommendation/observation | Low |
| MRA | Violation or contravention | Medium |
| MRIA | Significant violation, pattern violation | High |
| Formal enforcement action | Consent order, cease-and-desist | Critical |
Examination Focus Areas: Risk-Based vs. Rules-Based
While both agencies are moving toward risk-based supervision, their emphasis differs in practice.
OCC's risk-focused approach. OCC examiners spend significant time evaluating the bank's overall risk management framework, not just whether individual rules are followed, but whether the institution has systems to identify, measure, monitor, and control risk across all regulatory areas. An OCC examiner is more likely to ask: "How does your compliance risk assessment drive your monitoring and testing programs?" The answer reveals whether compliance is reactive or proactive.
The OCC's supervisory strategy, published annually, identifies specific thematic focus areas. Recent strategies have emphasized operational resilience, third-party risk management, credit risk in commercial real estate, and BSA/AML effectiveness. OCC-supervised banks should review the annual supervisory priorities and map them to their own risk profiles before examination.
FDIC's compliance-oriented approach. FDIC examiners evaluate risk management, but their examination procedures tend to drive more directly toward specific regulatory compliance. An FDIC examiner is more likely to test a sample of transactions against specific regulatory requirements: Were CTRs filed within 15 days? Were adverse action notices sent within the required timeframes under Regulation B? Do CDD files contain all four elements required by 31 CFR § 1010.230?
This doesn't mean the FDIC ignores systemic risk management or the OCC ignores specific compliance. It means the entry point differs. Prepare accordingly: OCC-supervised banks should be ready to discuss their compliance management system holistically before diving into transaction-level detail. FDIC-supervised banks should ensure transaction-level compliance is clean, because that's where testing starts.
Reporting Structures and Examination Reports
The examination report format differs between agencies, and understanding what you'll receive helps you prepare your board and management for the results.
OCC Report of Examination (ROE). The OCC's ROE includes CAMELS ratings, a supervisory strategy summary, MRA/MRIA tracking, and narrative assessments for each examination area. The ROE also includes a management assessment that evaluates the bank's risk governance structure. OCC ROEs tend to be more forward-looking, they describe not just what was found, but what the OCC expects the bank to do and where it sees emerging risk.
FDIC Report of Examination. The FDIC's examination report includes CAMELS ratings, a financial analysis section, a compliance section (for joint safety-and-soundness/compliance exams or separate compliance ROEs), and violation pages listing specific findings. FDIC reports tend to be more itemized, individual violations are listed with citations, severity assessments, and remediation expectations.
Board presentation. Both agencies expect the board to review and discuss the examination report. At OCC-supervised banks, examiners may request evidence that the board discussed specific MRAs and approved remediation plans. At FDIC-supervised banks, board discussion of the overall ROE and specific violation remediation is expected. In both cases, board minutes documenting the discussion are critical evidence for the next examination.
Preparing for Each Regulator
Tailored preparation makes a measurable difference. Here's how to adjust your exam preparation approach based on your primary regulator.
For OCC-supervised banks:
- Maintain ongoing documentation of supervisory interactions throughout the year, meeting notes, responses to interim inquiries, information provided between formal exams
- Be ready to present your compliance management system as a connected framework, not a collection of individual programs
- Review the OCC's annual supervisory priorities and prepare talking points on how your institution addresses each relevant area
- Track all MRAs in a formal system with status updates, responsible parties, and evidence of corrective action
For FDIC-supervised banks:
- Concentrate preparation in the weeks before the scheduled examination window
- Ensure transaction-level compliance is clean, pull your own samples and test them before examiners do
- Organize prior findings with clear remediation evidence: what was the violation, what corrective action was taken, and what evidence proves the fix is working
- Prepare organized document packages aligned with the expected Document Request List
For both regulators, the underlying question is the same: can you prove your compliance program does what your policies say it does? Understanding what happens during a bank examination from start to finish helps you answer that question before examiners ask it.
How Canarie Supports Exam Preparation Across Regulators
Whether your institution is OCC-supervised with continuous examination activity or FDIC-supervised with periodic cycles, the compliance evidence challenge is the same: you need to prove that policies map to real work, and that work is documented when it happens.
Canarie captures compliance evidence at the point of execution, not during a pre-exam scramble. For OCC-supervised banks facing ongoing supervisory inquiries, that means evidence is always available. For FDIC-supervised banks preparing for a periodic exam, it means the Document Request List becomes an export, not a research project. Explore how it works.
Frequently Asked Questions
What is the main difference between OCC and FDIC examinations?
The OCC uses continuous supervision with dedicated examiner teams that maintain ongoing contact with the bank throughout the year. The FDIC uses periodic examination cycles (12 or 18 months) with off-site monitoring between exams. This structural difference affects how compliance officers should allocate preparation time and maintain ongoing documentation.
What is the difference between an MRA and an FDIC violation?
An MRA (Matter Requiring Attention) is the OCC's term for a supervisory concern requiring corrective action. The approximate FDIC equivalent is a violation of law or regulation, or a contravention of policy. Both require remediation, but the tracking mechanism, escalation path, and response timeline differ between agencies. An MRIA (Matter Requiring Immediate Attention) from the OCC carries more urgency and typically requires a written response within 30-60 days.
Can a bank have both OCC and FDIC examiners?
Not for the same regulatory function. A nationally chartered bank's primary federal regulator is the OCC; a state-chartered bank insured by the FDIC has the FDIC (for non-member banks) or Federal Reserve (for state member banks) as its primary federal regulator. However, the FDIC, as the deposit insurer, retains backup examination authority over all insured institutions under 12 U.S.C. § 1820(b) and may conduct special examinations in certain circumstances.
Should my exam preparation approach differ based on my primary regulator?
Yes. OCC-supervised banks should maintain continuous documentation of supervisory interactions and be prepared to discuss risk management holistically at any time. FDIC-supervised banks can focus preparation more heavily around the examination window but should ensure transaction-level compliance testing is thorough, as FDIC examiners tend to start with specific regulatory compliance testing before evaluating broader risk management systems.