A follow-up examination means your regulator decided the standard exam cycle isn't frequent enough for your institution's risk profile. That decision is never arbitrary, it's driven by specific triggers rooted in examination findings, supervisory ratings, enforcement actions, or material changes in your institution's risk profile. Knowing what triggers follow-up reviews lets you anticipate them, prepare for them, and, more importantly, avoid the conditions that cause them.
For community banks, the difference between an 18-month exam cycle and a 12-month cycle (or shorter) isn't just operational disruption. It's a signal that your regulator has heightened concerns about your institution's safety, soundness, or compliance posture. That signal affects examiner expectations at every subsequent contact.
Key Takeaways:
- CAMELS composite downgrades to 3 or below automatically shorten the examination cycle from 18 to 12 months
- Unresolved MRIAs and active consent orders frequently trigger targeted follow-up reviews before the next full-scope exam
- The OCC's risk-based supervision model (OCC Bulletin 2014-52) allows off-cycle targeted reviews for specific concerns
- Material events, rapid growth, new products, BSA-related findings, can independently trigger follow-up activity
Standard Examination Cycles
Before understanding what triggers a follow-up, it's important to know what "normal" looks like.
Under the FDIC's examination frequency policy and the Federal Financial Institutions Examination Council (FFIEC) interagency guidelines:
| Institution Profile | Exam Frequency |
|---|---|
| CAMELS 1 or 2, assets under $3 billion | Every 18 months |
| CAMELS 1 or 2, assets $3 billion+ | Every 12 months |
| CAMELS 3 | Every 12 months |
| CAMELS 4 or 5 | More frequently than 12 months; may include continuous monitoring |
These are minimum frequencies. Regulators can examine more frequently based on risk assessments. The 18-month cycle for well-rated small institutions is a statutory ceiling under 12 U.S.C. § 1820(d), not a guarantee.
For OCC-supervised institutions, the Comptroller's Handbook establishes a risk-based supervision framework where examination scope and timing are adjusted based on the institution's risk profile and supervisory strategy.
Trigger 1: CAMELS Rating Downgrades
The most direct trigger for a shortened exam cycle is a CAMELS composite downgrade.
Downgrade from 2 to 3
A composite 3 rating means the institution exhibits "some degree of supervisory concern in one or more of the component areas." Under statutory requirements, this automatically shortens the exam cycle from 18 months to 12 months for institutions under $3 billion in assets.
The downgrade also changes examiner expectations. A CAMELS 3 institution enters its next examination with heightened scrutiny. Examiners will focus specifically on the areas that drove the downgrade and will expect documented evidence of improvement.
Downgrade to 4 or 5
A composite 4 ("unsafe and unsound condition") or 5 ("critically deficient") triggers more frequent examination activity, which may include:
- Full-scope examinations every 6-9 months
- Interim visitations between full-scope exams
- Continuous examiner presence for the most severe cases
- Coordination with the FDIC's Division of Risk Management Supervision and potentially the Division of Resolutions and Receiverships
At this level, the examination relationship shifts from periodic review to ongoing supervision.
Trigger 2: Unresolved or Escalated Examination Findings
Unresolved MRIAs
An MRIA that isn't adequately addressed within the specified timeframe is one of the strongest triggers for a targeted follow-up review. The FDIC may schedule an off-cycle targeted examination focused specifically on the MRIA area, often within 60-120 days.
This targeted review differs from a full-scope exam:
- Scope: Limited to the specific MRIA area (e.g., BSA/AML, credit risk)
- Purpose: Verify that interim controls are in place and corrective actions are progressing
- Documentation focus: Examiner reviews corrective action plan, evidence of progress, board reporting
- Outcome: Findings may be affirmed, escalated, or, in rare cases, modified
Repeat Findings
A finding that appeared in the previous examination and recurs, whether MRA or MRIA, signals a compliance management system failure. Repeat findings are a factor in both CAMELS ratings and enforcement action decisions.
OCC Bulletin 2014-52 specifically addresses the OCC's approach to escalation when supervisory concerns aren't addressed. The bulletin establishes a framework where repeat findings may trigger:
- Elevated finding severity (MRA escalated to MRIA, or similar)
- Shortened supervisory cycle
- Formal enforcement consideration
For guidance on preventing repeat findings through structured remediation, see our post on tracking compliance exam findings.
Consent Order Compliance Milestones
Active consent orders under 12 U.S.C. § 1818(b) include built-in triggers for follow-up examination activity. The order itself typically specifies when the FDIC will conduct compliance reviews to verify progress. These are separate from the regular examination schedule and focus exclusively on order provisions.
Trigger 3: BSA/AML Deficiencies
BSA/AML findings receive outsized attention because they implicate national security concerns and the institution's relationship with FinCEN.
Specific BSA-related triggers for follow-up activity:
- SAR filing deficiencies: Failure to file Suspicious Activity Reports as required under 31 CFR § 1020.320
- CDD/beneficial ownership gaps: Inadequate customer due diligence procedures under 31 CFR § 1010.230
- Transaction monitoring failures: Systems that fail to detect reportable activity
- BSA officer qualification concerns: The designated BSA officer lacks adequate training, resources, or authority
- CTR filing failures: Systematic errors in Currency Transaction Reports under 31 CFR § 1010.311
BSA-related MRIAs may trigger coordinated follow-up between the primary regulator and FinCEN. This dual-track supervision can result in both a regulatory follow-up examination and a parallel FinCEN enforcement investigation.
Trigger 4: Material Events and Risk Profile Changes
Even without examination findings, certain events can trigger off-cycle supervisory activity:
Rapid Asset Growth
Institutions experiencing rapid growth, particularly organic growth exceeding 20% annually or growth through acquisition, may trigger supervisory review to assess whether risk management infrastructure has kept pace. The FDIC's Risk Management Manual specifically identifies rapid growth as a risk factor that may warrant increased supervisory attention.
New Products or Business Lines
Launching new products (particularly those with elevated compliance risk, such as cryptocurrency-related services, cannabis banking, or fintech partnerships) may trigger examiner outreach or off-cycle review.
Management Changes
Departure of key control personnel, the CEO, CFO, CCO, BSA Officer, or Chief Risk Officer, during an active remediation period may trigger examiner follow-up. The concern is continuity of remediation efforts and institutional knowledge.
External Events
Industry-wide events, FinCEN advisories, or enforcement actions at peer institutions may trigger targeted supervisory activity. After significant BSA-related enforcement actions, regulators sometimes conduct horizontal reviews across supervised institutions in similar risk categories.
Self-Reported Issues
Institutions that self-report compliance failures, fraud discoveries, or control breakdowns may trigger follow-up. Self-reporting is generally viewed favorably, it demonstrates a functioning compliance management system, but the reported issue still requires supervisory assessment.
Trigger 5: Risk Rating Changes in OCC Supervision
The OCC's supervisory approach, detailed in OCC Bulletin 2014-52, uses a risk assessment system that assigns ratings across multiple risk categories:
- Credit risk
- Interest rate risk
- Liquidity risk
- Price risk
- Operational risk
- Compliance risk
- Strategic risk
- Reputation risk
A change in any risk rating, even without an overall CAMELS downgrade, can adjust the supervisory strategy and trigger additional examination activity. An increase in compliance risk from "low" to "moderate" may result in expanded compliance examination scope at the next review or a targeted compliance review before then.
The OCC's supervisory strategy for each institution is documented in a supervisory plan that outlines expected examination activities for the coming 12-18 months. Material changes in risk ratings can amend this plan mid-cycle.
How to Prepare for a Follow-Up Examination
If you know a follow-up is coming, whether from an MRIA, consent order, or CAMELS downgrade, preparation starts immediately:
- Assemble remediation packages for every open finding, including corrective action plans, implementation evidence, validation results, and monitoring data
- Update board reporting to reflect current remediation status with specific evidence of oversight
- Conduct pre-exam self-assessment using the same methodology examiners will apply
- Brief responsible staff on what examiners will request and where documentation is stored
- Test your own controls, pull samples and verify that corrective actions are holding
The goal is to demonstrate not just that you fixed the problem, but that the fix is sustainable and monitored. A strong exam preparation program makes follow-up examinations a demonstration of progress rather than a discovery of new issues.
How Teams Stay Ready for Follow-Up Exams
Institutions that manage findings as tracked workflows, not as one-time projects, are always ready for follow-up. Every corrective action has evidence captured at completion, board reporting is current, and the remediation package exists because it was built as the work happened.
Canarie maps each finding to a remediation workflow with evidence gates at every milestone. When a follow-up examination is announced, there's no scramble, the evidence is already organized, board reporting is documented, and validation results are filed.
See how compliance teams maintain continuous exam readiness →
Frequently Asked Questions
How much notice does the FDIC give before a follow-up examination?
For full-scope examinations, the FDIC typically provides 4-6 weeks of advance notice, including a document request list. For targeted follow-up reviews, particularly those related to MRIAs or consent orders, notice may be shorter, sometimes 2-3 weeks. In some cases, particularly for institutions with CAMELS 4 or 5 ratings, examiners may maintain a near-continuous presence without formal advance notice for each supervisory contact.
Can you request that a follow-up exam be delayed?
Not effectively. Examination scheduling is a regulatory prerogative. You can communicate with your examiner-in-charge about scheduling considerations (such as avoiding quarter-end or annual audit periods), and examiners are generally accommodating on specific dates within a window. But you cannot defer a follow-up examination that the regulator has determined is necessary based on your institution's risk profile.
Does a clean follow-up exam immediately restore the normal exam cycle?
Not automatically. A CAMELS composite upgrade from 3 back to 2 would restore the 18-month cycle for institutions under $3 billion. But the CAMELS assessment occurs at the full-scope examination, not at a targeted follow-up. A targeted review that confirms satisfactory MRIA remediation may lead to a recommendation for rating reconsideration at the next full-scope exam, but the cycle change requires the formal rating update.
What's the difference between a targeted review and a full-scope examination?
A targeted review focuses on specific areas: such as MRIA remediation, consent order compliance, or a particular risk area. It doesn't produce a full CAMELS assessment and is typically shorter (days to weeks). A full-scope examination covers all CAMELS components and results in a formal rating. Both produce examination reports, but targeted reviews may issue supplemental findings without changing the overall supervisory assessment.