compliance

FDIC/NCUA Examination Preparation Request Package Checklist

Use this checklist to assemble an FDIC or NCUA examiner request package with the right board materials, audit reports, compliance evidence, and issue tracking before the exam starts.

Fill it now — Free Get Started

Customize with AI → Live preview →

Trusted by frontline teams 15 years of frontline software AI customization in seconds

Built for: Credit Unions · Banks · Financial Institutions

9:41

Inspections

1 Exam Scope and Request Tracking

Exam type and scope documented !

✓ Yes ✗ No

Exam request list logged with owners and due dates !

Document naming and version control standard applied

✓ Yes ✗ No

Submission package index completed

✓ Yes ✗ No

2 Governance and Board Materials

Board minutes for the review period available !

✓ Yes ✗ No

Board and committee packets retained

✓ Yes ✗ No

Approved policies and annual reviews documented !

✓ Yes ✗ No

Management reporting to the board is complete

✓ Yes ✗ No

3 Audit, Compliance, and Risk Reports

Internal audit reports for the period included !

✓ Yes ✗ No

External audit or independent review reports included

✓ Yes ✗ No

Compliance monitoring and testing results included !

✓ Yes ✗ No

Risk assessments and risk appetite updates included

✓ Yes ✗ No

Open issues and findings log current !

✓ Yes ✗ No

4 Policies, Procedures, and Control E...

Core operating policies included ["choices",...× ["requires_...×

Procedures reflect current practice

✓ Yes ✗ No

Control testing evidence included !

✓ Yes ✗ No

Regulatory change tracking completed

✓ Yes ✗ No

5 Findings, Corrective Actions, and S...

Findings tracker includes root cause and remediation status !

✓ Yes ✗ No

Evidence of issue closure attached where applicable

✓ Yes ✗ No

Outstanding exceptions and compensating controls documented

✓ Yes ✗ No

Final package reviewed and approved for submission !

✓ Yes ✗ No

Overview

This checklist template is for assembling an examiner information request package before an FDIC or NCUA exam. It gives you a structured way to track the request list, gather board and committee materials, pull audit and compliance reports, collect policy and control evidence, and document open findings with remediation status.

Use it when an examiner has issued a request list, when an exam is approaching, or when you want a repeatable process for keeping supervisory documents current. It is especially useful if multiple teams contribute evidence and you need one owner to manage due dates, file naming, and the final submission index. The template also helps you show what was requested, what was delivered, and what remains open.

Do not use it as a generic records inventory or a substitute for the examiner’s actual scope. If the request is narrow, such as a targeted review of a product line, vendor relationship, BSA/AML issue, or board oversight topic, customize the checklist to match that scope. It is also not the right tool for day-to-day policy management alone; its purpose is exam preparation and submission readiness. The strongest use is as a controlled package tracker that makes the exam response traceable, complete, and easy to review.

Standards & compliance context

The template supports examiner readiness under FDIC and NCUA supervisory expectations by organizing governance, audit, compliance, and remediation evidence in one controlled package.
Its document control and versioning approach aligns well with ISO 9001-style record management practices, even though the template is built for financial institution exams.
Board oversight, risk reporting, and issue tracking in the checklist reflect common governance expectations found in regulated financial institution examination programs.
If the exam touches BSA/AML, consumer compliance, or vendor oversight, customize the evidence list to match the applicable regulatory framework and the examiner’s request.
The checklist is a preparation tool, not a legal determination of compliance, and it should be reviewed against the institution’s current supervisory obligations and internal policies.

General regulatory context for orientation only — verify current requirements with counsel or the relevant agency before relying on this template for compliance.

What's inside this template

Exam Scope and Request Tracking

This section matters because it defines exactly what the examiner asked for, who owns each item, and how the package will be tracked from request to submission.

Exam type and scope documented (critical · weight 4.0)
Verify whether the review is FDIC, NCUA, or another supervisory exam, and confirm the business units, products, and locations in scope.
Exam request list logged with owners and due dates (critical · weight 4.0)
Maintain a current tracker showing each requested item, assigned owner, due date, status, and submission date.
Document naming and version control standard applied (weight 3.0)
Confirm files use a consistent naming convention and include version/date identifiers for examiner review.
Submission package index completed (weight 4.0)
Confirm the package includes a master index or table of contents that maps each request to the supporting file name.

Governance and Board Materials

This section matters because examiners often start with board oversight, and these records show whether management and the board reviewed key risks and decisions on time.

Board minutes for the review period available (critical · weight 5.0)
Provide approved board minutes covering the exam period and any material governance decisions relevant to the request package.
Board and committee packets retained (weight 4.0)
Confirm board and committee agendas, packets, and presentations are available for the requested period.
Approved policies and annual reviews documented (critical · weight 5.0)
Verify current approved policies are included with approval dates and last review dates, especially for high-risk areas.
Management reporting to the board is complete (weight 6.0)
Confirm regular reporting on risk, compliance, audit, and key performance indicators is available for examiner review.

Audit, Compliance, and Risk Reports

This section matters because it shows how the institution monitors control effectiveness, identifies issues, and responds to risk across the review period.

Internal audit reports for the period included (critical · weight 6.0)
Attach completed internal audit reports, ratings, and management responses for the requested timeframe.
External audit or independent review reports included (weight 4.0)
Provide the most recent external audit, independent review, or attestation reports relevant to the exam request.
Compliance monitoring and testing results included (critical · weight 5.0)
Confirm compliance testing results, monitoring summaries, and exception reports are included for the review period.
Risk assessments and risk appetite updates included (weight 5.0)
Provide current risk assessments, risk appetite statements, and any updates approved during the review period.
Open issues and findings log current (critical · weight 5.0)
Verify the findings log includes all open audit, exam, and compliance issues with owners, due dates, and status.

Policies, Procedures, and Control Evidence

This section matters because it ties written policy to actual practice and gives examiners proof that controls are operating, not just documented.

Core operating policies included (critical · weight 5.0)
Attach current policies for lending, deposits, BSA/AML, information security, vendor management, and business continuity as applicable.
Procedures reflect current practice (weight 4.0)
Verify procedures are current, approved, and aligned to actual workflow and control execution.
Control testing evidence included (critical · weight 6.0)
Provide samples, reconciliations, monitoring results, or other evidence showing controls operated during the review period.
Regulatory change tracking completed (weight 5.0)
Confirm recent regulatory changes, guidance updates, and policy revisions have been tracked and addressed.

Findings, Corrective Actions, and Submission Readiness

This section matters because it shows whether open issues are understood, remediated, and ready for examiner review before the package is sent.

Findings tracker includes root cause and remediation status (critical · weight 6.0)
Confirm each open issue includes root cause, corrective action, owner, target date, and current status.
Evidence of issue closure attached where applicable (weight 4.0)
Attach closure evidence for remediated findings, including testing or validation results where available.
Outstanding exceptions and compensating controls documented (weight 4.0)
Document any unresolved exceptions, temporary workarounds, and compensating controls for examiner awareness.
Final package reviewed and approved for submission (critical · weight 6.0)
Confirm the completed request package has been reviewed for completeness, accuracy, and consistency before submission.

How to use this template

1. Enter the exam type, scope, and request list into the tracker, then assign each item to a single owner with a due date and source location.
2. Collect board minutes, committee packets, approved policies, and management reports for the review period, and verify that each file is current and complete.
3. Attach internal audit, external audit, compliance testing, risk assessment, and open-issues evidence, making sure each report is labeled with the correct period and approval status.
4. Add policy, procedure, and control evidence that shows current practice, including regulatory change tracking and any exceptions with compensating controls.
5. Review the findings log for root cause, remediation status, and closure evidence, then confirm the final package index matches the files that will be submitted.
6. Obtain final approval from the exam lead or designated reviewer before sending the package and retain the submitted version for audit trail purposes.

Best practices

Use one naming convention for every file so examiners can trace documents by period, owner, and version without opening each attachment.
Keep the request tracker live as items are completed, not only at the end of the process, so gaps are visible early.
Attach the exact board or committee packet that was presented, not a later summary or a redacted substitute unless redaction is required.
Record the source system or repository for each item so staff can re-create the package if an examiner asks for follow-up evidence.
Flag any missing or delayed item with a clear explanation and a target date instead of leaving the row blank.
Include closure evidence with the finding itself, such as updated procedures, approved remediation, or testing results, so the examiner can verify resolution quickly.
Separate open exceptions from closed issues so the package does not overstate remediation progress.
Have a final reviewer check that dates, approvals, and version numbers are consistent across the package before submission.

What this template typically catches

Issues teams running this template most often surface in practice:

Board minutes are missing for part of the review period or do not show approval of key policies and risk decisions.

Policies are included, but the version in the package does not match the version actually in effect during the review period.

Internal audit or compliance testing reports are present, but the related management responses and remediation status are missing.

The findings log lists issues without root cause, owner, target date, or closure evidence.

File names are inconsistent, making it hard to tell which document is current or which period it covers.

Control evidence is attached, but it does not clearly demonstrate that the control operated during the requested period.

Outstanding exceptions are documented, but compensating controls are not explained or approved.

The final submission index does not match the files delivered, creating avoidable follow-up requests from examiners.

Common use cases

Credit Union Compliance Officer

A compliance officer prepares the NCUA exam package by pulling board packets, policy approvals, audit reports, and issue logs into one indexed submission. The checklist helps the team show what was requested, who owns each item, and what remains open.

Bank Internal Audit Manager

An internal audit manager uses the template to organize evidence for an FDIC exam and to link audit reports with remediation tracking. It is especially useful when multiple business lines must provide supporting documentation under a single deadline.

Board Secretary or Governance Lead

A board secretary uses the checklist to confirm that minutes, committee packets, and management reports are complete for the review period. This reduces the risk of missing governance evidence when examiners ask for board oversight materials.

Risk and Compliance Program Owner

A risk or compliance lead uses the template to package risk assessments, compliance monitoring results, and regulatory change tracking. The structure makes it easier to show how issues were identified, escalated, and closed.

Frequently asked questions

What is this checklist template used for?

This template helps a credit union or financial institution compile the documents an FDIC or NCUA examiner is likely to request at the start of an exam. It organizes the package into scope tracking, governance materials, audit and compliance reports, control evidence, and findings follow-up. The goal is to reduce back-and-forth, avoid missing records, and present a clean submission package.

Who should own the request package process?

The package is usually coordinated by compliance, risk, internal audit, or the exam liaison, with input from legal, operations, finance, and the board secretary. One person should own the tracker and due dates so requests do not get duplicated or dropped. Business owners should supply evidence, but the coordinator should control the final index and versioning.

How often should this checklist be used?

Use it whenever an examination, visitation, or supervisory request is announced, and refresh it as new requests arrive. Many institutions also reuse the structure for quarterly readiness reviews so documents stay current before the next exam cycle. If your institution has recurring regulatory exams, keeping the tracker live year-round is usually easier than rebuilding it from scratch.

Does this template apply to both FDIC and NCUA exams?

Yes, the structure works for either examiner request package because both expect organized governance records, audit results, compliance evidence, and issue tracking. The exact document list will differ based on charter, product mix, and supervisory focus. You should customize the checklist to match the institution’s regulator, risk profile, and current exam scope.

What are the most common mistakes this checklist helps prevent?

The most common problems are missing board packets, outdated policies, inconsistent file names, and findings logs that do not show root cause or remediation status. Another frequent issue is submitting evidence without clear dates or approval history, which makes it hard for examiners to verify timeliness. This checklist also helps prevent sending a package that is complete in content but hard to navigate.

What regulatory or standards framework does this support?

It supports exam readiness under FDIC and NCUA supervisory expectations and aligns well with governance and control practices commonly used in ISO 9001-style document control and risk management programs. It is also compatible with internal audit and compliance monitoring workflows used in regulated financial institutions. The checklist is not a substitute for legal advice or the examiner’s specific request list.

How should findings and corrective actions be documented?

Each finding should show the issue, root cause, owner, target date, current status, and any compensating control in place. If closure evidence exists, attach it directly to the item so the examiner can trace the remediation without searching separate folders. Avoid vague status labels like 'in progress' without a next step or due date.

Can this checklist be integrated with document management or workflow tools?

Yes, it works well with shared drives, GRC platforms, ticketing systems, and document control repositories. The request tracker can link each item to the source file, owner, and approval record, which makes review faster and reduces version confusion. If your institution uses workflow automation, this template can serve as the master index for routing and sign-off.

How do we roll this out without slowing down the exam response team?

Start with the current exam request list and map each item to a single owner, due date, and source location. Then standardize file naming, create one submission index, and require a final review before anything is sent to the examiner. A short dry run with a prior exam package is often the fastest way to find gaps in the process.

Related templates

Inspections

Internal Loan Review Audit

Internal Loan Review Audit template for sampling loans, checking underwriting support, file compl...

Inspections

Safe Deposit Box Annual Inventory Audit

Use this annual safe deposit box inventory audit to reconcile rented, vacant, delinquent, and orp...

Inspections

Supporting Document Verification and Identity Check Checklist

Use this checklist to verify borrower identity, income, assets, liabilities, and lender-specific ...

Inspections

ATM Surprise Balance Audit

Use this unannounced ATM balance audit template to verify cash on hand against system totals, doc...

Inspections

Branch Physical Security and Alarm Test Inspection

Use this branch physical security and alarm test inspection to verify doors, locks, cameras, pani...

Forms

BSA Officer Quarterly Board Report Form

A quarterly board report form for the BSA Officer to summarize SARs, CTRs, OFAC activity, exams, ...

Sop

Cash Drawer Open & Count

Cash Drawer Open & Count is the SOP for verifying a drawer, counting the starting bank, recording...

Hr Policy

Anti-Harassment & Anti-Discrimination Policy

Anti-Harassment & Anti-Discrimination Policy template for defining prohibited conduct, reporting ...

Go deeper on the topic

Related concepts

Predictive Scheduling Law

Predictive scheduling laws — also called fair workweek laws or secure scheduling — require employers in covered industries to publish employee schedules...
Overtime Calculation

Overtime calculation is the process of applying federal, state, local, and contractual rules to hours worked to determine the correct pay — including...
Near-Miss Reporting

A near-miss is an event that could have caused injury or damage but didn't — a slip that didn't fall, a load that shifted but didn't drop, a machine that...
Lockout/Tagout

Lockout/tagout (LOTO) is the procedure for controlling hazardous energy — electrical, hydraulic, pneumatic, mechanical, thermal, chemical — before...

Related guides

How Bank Managers Keep Every Shift Covered with Scheduling

See how bank branch managers use MangoApps scheduling to fill shifts, communicate policy updates, and eliminate last-minute coverage chaos.
Closing the Accountability Gap in Workforce Operations

See how connected 1:1 tracking, employee audit history, and LMS completion records turn scattered processes into verifiable workforce documentation.
How Customers Use The MangoApps Projects Module

See how customers use MangoApps Projects Module to collaborate, track progress, and share knowledge across teams.
MangoApps Now Available in Okta Integration Network to Automate User Provisioning, Access and Authentication

MangoApps in Okta Integration Network automates user provisioning, SSO, and access management for stronger security and less admin work.

Ready to use this template?

Get started with MangoApps and use FDIC/NCUA Examination Preparation Request Package Checklist with your team — pricing built for small business.

Get Started Customize with AI