The Anatomy of a Bank Failure: Reading the Federal Data Before a Bank Goes Under

A bank almost never fails on a Friday out of a clear sky. The Friday closing is the last event in a slide that began quarters earlier—a loan book souring, a capital cushion thinning, examiners returning more often, an order to fix things by a deadline that the bank misses. The remarkable thing about the United States banking system is that nearly every step of that slide is written down in public federal data, and four FDIC datasets, joined on a single clean key, let you watch the whole arc unfold in the numbers before the closure ever happens.

This article is a guide to reconstructing a bank failure from federal data. It covers the four FDIC sources—the institution registry, the quarterly call reports, the enforcement orders, and the failed-bank record—and the one join key, the FDIC certificate number, that ties them together without fuzzy name matching; why the call report is the leading indicator and which fields in it regulators actually watch; the capital and asset-quality ratios that mark deterioration; the CAMELS-style supervisory view that the public data approximates but never fully exposes; the enforcement chain from a quiet consent order to a prompt-corrective-action directive; how the failed-bank record closes the story with its estimated cost to the Deposit Insurance Fund; what the 2008–2010 wave and the 2023 regional-bank failures look like when read this way; a Python workflow that traces one bank quarter by quarter and overlays its enforcement and failure dates; and the caveats—reporting lag, confidential ratings, survivorship—that every analyst must internalize before claiming to have predicted anything.

The four datasets and the one key that joins them

The synthesis at the center of this piece is unusually tractable for one reason: all four sources are FDIC data, and they share a single, clean join key. The FDIC certificate number (CERT) is a unique identifier assigned to every insured depository institution. It identifies a bank uniquely across the institution directory, across every quarterly call report it files, across any enforcement action taken against it, and across the failed-bank list. Because the CERT is present and consistent on all four sources, the reconstruction requires no fuzzy name matching—no reconciling “First National Bank of X” against “First Natl Bk X” against a merged successor—which is precisely the work that makes most cross-dataset financial analysis brittle. In our database the four sources are stored as fdic_institutions, fdic_call_reports, fdic_enforcement, and fdic_failures, each parsed and keyed by CERT, so the analyst's job is lining up the quarterly time series against the enforcement and failure dates rather than parsing or matching each source.

Each source plays a distinct role in the story. The institution directory is the registry: one row per bank, carrying identity (name, charter type, primary federal regulator), location, the establishment date, and the activity status that tells you whether the bank is open, merged out of existence, or failed. The call reportsare the time series: one row per bank per quarter, the granular financial condition of the institution as it files it. The enforcement recordis the supervisory response: one row per formal action, dated, naming the order type and the issuing regulator. The failed-bank list is the ending: present only for banks that failed, carrying the failure date, the acquiring institution if any, and the estimated cost to the Deposit Insurance Fund. Read together, keyed by CERT and ordered in time, they trace an arc—rising problem assets, then an order, then resolution—that no single source tells on its own.

All four are public and key-free through the FDIC. The institution and failed-bank data come from the BankFind Suite API; the quarterly financials come from the FDIC's call-report data services, which surface the figures banks file on the FFIEC Call Report forms; and the formal actions come from the FDIC's enforcement-decisions and orders system. The schema below shows the financially load-bearing columns of the call-report time series—the fields that, quarter over quarter, expose the condition that precedes a failure:

-- fdic_call_reports: one row per bank per quarter, keyed by CERT
cert        -- FDIC certificate number (the universal join key)
repdte      -- report date / quarter-end (YYYYMMDD)
asset       -- total assets
dep         -- total deposits
eq          -- total equity capital
rbct1j      -- tier 1 (core) capital used in the leverage ratio
rbct2       -- tier 2 supplementary capital
nperfv      -- noncurrent assets (90+ days past due plus nonaccrual)
p3asset     -- assets 30-89 days past due
drlnls      -- net loan and lease charge-offs
roa         -- return on assets (profitability)
roe         -- return on equity
nim         -- net interest margin
-- joins out to: fdic_institutions (CERT), fdic_enforcement (CERT),
--               fdic_failures (CERT)

The call report: the leading indicator

Of the four sources, the call report is the one that moves first, and it is the reason the whole reconstruction works. Formally the Consolidated Reports of Condition and Income, the call report is a detailed financial filing that every insured bank submits every quarter on the standardized FFIEC forms. It is not a summary or a press release; it is hundreds of line items—the bank's balance sheet, income statement, loan composition, past-due and nonaccrual schedules, capital components, and off-balance-sheet exposures—filed under penalty and audited against the regulators' edit checks. It is the single richest periodic disclosure any bank makes, and it is public.

Because it is filed every quarter, the call report turns a bank's condition into a time series, and a deteriorating bank's slide shows up in that series quarters before the bank is closed. A failure is rarely a surprise to the numbers. The loan losses that eventually exhaust a bank's capital first appear as rising past-due balances, then as nonaccrual loans, then as charge-offs, then as a shrinking equity cushion—each step visible in a successive quarterly filing. The enforcement record and the failed-bank list, by contrast, are lagging: an order is issued only after examiners have seen the problem, and a closure happens only after the capital is effectively gone. The call report is the place where the trouble is legible first. This is why the analytic strategy of this article is to anchor on the quarterly series and treat the enforcement and failure dates as overlays—markers laid on top of a trajectory that the call reports already drew.

The ratios regulators watch

The call report's hundreds of fields collapse, for failure analysis, into a handful of ratios that capture the two things that kill a bank: it runs out of capital, or its assets go bad fast enough to take the capital with them. Capital adequacy is read primarily through the tier 1 leverage ratio—core (tier 1) capital as a percentage of average total assets—and the risk-based capital ratios, which scale capital against risk-weighted assets. These are the ratios that define the statutory capital categories, and they are the ones whose decline, quarter over quarter, signals that the cushion is thinning toward the point at which regulators are compelled to act.

Asset quality is read through the noncurrent assets—loans ninety or more days past due plus those on nonaccrual—measured as a share of total assets or total loans, and through net charge-offs, which record losses the bank has actually recognized rather than merely flagged. A widely used composite is the Texas Ratio: noncurrent (and foreclosed) assets divided by the sum of tangible equity and loan-loss reserves. The intuition is direct—it compares the problem assets that could consume capital against the capital and reserves available to absorb them. As the ratio approaches one, the bank's problem assets approach the size of its loss-absorbing resources, and historically a Texas Ratio near or above one has been strongly associated with failure. Profitability ratios—return on assets, return on equity, net interest margin—round out the picture: a bank that has stopped earning cannot rebuild capital from retained earnings, so a sustained negative return on assets alongside rising noncurrent loans is the classic configuration of a bank in trouble. None of these ratios is a verdict on its own; their combined trajectory, tracked across quarters, is what marks deterioration.

CAMELS: the supervisory view the data approximates

Behind the public numbers sits the supervisory framework that regulators actually use to rate banks: CAMELS, an acronym for the six components examiners assess—Capital adequacy, Asset quality, Management, Earnings, Liquidity, and Sensitivity to market risk. After an examination, a bank receives a composite rating from 1 (sound) to 5 (critically deficient), along with a rating for each component. A bank rated 4 or 5 is a “problem bank,” subject to heightened supervision and, frequently, the formal enforcement that this article's third dataset records.

The crucial point for a data analyst is that the CAMELS ratings themselves are confidential and not public. You cannot download a bank's composite rating. What you can do is reconstruct the data behind the supervisory view: the call report supplies the raw material for Capital, Asset quality, and Earnings directly; Liquidity is readable through deposit composition and the loan-to-deposit ratio; Sensitivity is approximable from the maturity and repricing structure of the balance sheet. Management is the one CAMELS component that the quantitative data cannot capture—it is an examiner's judgment—and its absence is one reason public-data failure models never perfectly reproduce the regulators' own assessments. Still, four of the six components are substantially observable, which is why a CAMELS-style composite built from call-report data tracks the confidential ratings closely enough to be a useful early-warning tool. The aim is not to recover the secret rating but to see the same deterioration the rating reflects.

The enforcement chain: from consent order to closure

When examiners see the deterioration that the call reports expose, the regulators respond, and that response is recorded in the enforcement dataset. The response escalates along a recognizable ladder. Early and informal interventions—memoranda of understanding, board resolutions—may not always surface as public formal actions, but as a bank's condition worsens the regulators move to instruments that do appear in the record. A consent order (or cease-and-desist order entered by consent) directs the bank to correct specified deficiencies—raise capital to a named ratio, reduce concentrations, strengthen management, improve loan administration—on a defined schedule. It is the regulator putting the bank's required remediation in writing, with deadlines, and it is dated, which is what makes it an overlay on the quarterly series.

When the capital ratios fall below the statutory thresholds, the response becomes mandatory rather than discretionary. Under the Prompt Corrective Action (PCA) framework—a statutory regime enacted after the savings-and-loan crisis—banks are sorted into capital categories from “well capitalized” down through “undercapitalized,” “significantly undercapitalized,” and “critically undercapitalized.” As a bank descends these categories, the regulators are required to impose escalating restrictions—limits on growth, on dividends, on executive compensation, and ultimately a prompt-corrective-action directive demanding the bank raise capital or find a buyer. A bank that becomes critically undercapitalized and cannot recapitalize is, by design, on a short statutory clock to resolution. In the data this shows as a sequence: a consent order in one quarter, a PCA directive a few quarters later as the leverage ratio breaches the thresholds, and then—if remediation fails—a row in the failed-bank list. The enforcement dataset, dated and keyed by CERT, is the bridge between the financial slide and the closure.

The failed-bank record: the end of the story

The fourth dataset marks the end. The FDIC's failed-bank list contains one row for each insured institution that has failed, with a row appearing only for banks that actually failed—so the mere presence of a CERT in this table is itself the strongest possible label for a supervised-learning failure model. Each row carries the failure date, the resolution type (a purchase-and-assumption transaction in which an acquirer takes the deposits and some assets, a deposit payout, or an assisted transaction), the acquiring institution where one exists, and—the figure that quantifies the public cost—the estimated cost to the Deposit Insurance Fund (DIF), the insurance fund financed by premiums on insured banks that makes depositors whole when a bank fails.

Joining this record back to the call reports by CERT closes the loop and enables the most valuable analysis the four datasets support together: aligning each failed bank's final quarters of call-report data against its failure date lets an analyst measure exactly how the ratios behaved in the run-up—how many quarters of rising noncurrent assets preceded the closure, how fast the leverage ratio fell, when profitability turned negative. Aligning the enforcement dates against the same timeline shows how long after the financial signals the first order arrived, and how long after the order the failure followed. And because the failed-bank record carries the DIF cost, the analysis can weight failures not just by count but by their actual expense to the insurance fund—separating the small, cheap community-bank failures from the large, costly ones that move the fund.

Two waves: 2008–2010 and 2023

Assembled, the four-source chain tells the story of the two great recent episodes of bank failure, and it tells them in the same grammar even though their causes differed. The 2008–2010 wave, the banking dimension of the global financial crisis, was overwhelmingly a story of asset quality—concentrations in residential and commercial real estate and in construction-and-development lending that turned bad as the housing market collapsed. In the call reports of the banks that failed in that wave, the signature is a steep, sustained rise in noncurrent loans and charge-offs concentrated in real estate, draining capital quarter after quarter; the enforcement record fills with consent orders and PCA directives through 2009 and 2010; and the failed-bank list records hundreds of resolutions, most handled as purchase-and-assumption transactions, at a substantial cumulative cost to the Deposit Insurance Fund.

The 2023 regional-bank failures read differently in the ratios but the same in structure. These were not primarily credit-quality failures; they were failures of interest-rate risk and liquidity—banks holding long-duration securities whose market value fell sharply as rates rose, paired with concentrated, uninsured, and flighty deposit bases that fled in days once confidence broke. In the call reports the signature is less in noncurrent loans and more in the deposit composition, the securities portfolio, and unrealized losses on holdings—the Sensitivity and Liquidity components of CAMELS rather than Asset quality. The failures arrived faster than the classic slow slide, which is one of the lessons of 2023: the call report is a powerful leading indicator for credit-driven failures that build over years, and a partial one for liquidity runs that crystallize in a weekend. The four-source synthesis lets an analyst test exactly that distinction—to ask which early signals actually preceded which failures, and how much lead time the public data really gave.

Python workflow: tracing one bank by CERT

The script below does the core reconstruction for a single institution. Given a CERT, it pulls the institution record for identity, pulls the full quarterly call-report series and computes two of the ratios that matter—the tier 1 leverage ratio and noncurrent assets as a share of assets—printing them quarter by quarter so the trajectory is visible, and then checks the failed-bank list for that CERT and, if the bank failed, prints the failure date, the estimated cost to the Deposit Insurance Fund, and the acquirer. The enforcement overlay is the natural fourth call: a request to the FDIC enforcement-decisions service filtered by the same CERT returns the dated orders to lay on top of the same timeline. Everything is keyed by the certificate number, so no name matching is involved; the only work is lining the quarterly series up against the enforcement and failure dates.

import requests
import pandas as pd

# All four sources are public and key-free through the FDIC.
# They share one clean join key: the FDIC certificate number (CERT),
# which identifies a bank uniquely across every source -- no name matching.
BANKFIND = "https://banks.data.fdic.gov/api"     # institutions + failures
FINANCIALS = f"{BANKFIND}/financials"            # quarterly call-report data


def institution(cert):
    # One row: the bank’s identity, charter, location, status.
    url = f"{BANKFIND}/institutions"
    params = {"filters": f"CERT:{cert}", "limit": 1, "format": "json"}
    r = requests.get(url, params=params, timeout=60)
    r.raise_for_status()
    rows = r.json().get("data", [])
    return rows[0]["data"] if rows else {}


def call_reports(cert):
    # One row per quarter (REPDTE). Pull the financial fields that show
    # condition: leverage capital, nonperforming assets, return on assets.
    fields = "CERT,REPDTE,ASSET,RBCT1J,EQ,NPERFV,ROA,DEP"
    out, offset = [], 0
    while True:
        params = {
            "filters": f"CERT:{cert}",
            "fields": fields,
            "limit": 1000,
            "offset": offset,
            "sort_by": "REPDTE",
            "sort_order": "ASC",
            "format": "json",
        }
        r = requests.get(FINANCIALS, params=params, timeout=120)
        r.raise_for_status()
        rows = [x["data"] for x in r.json().get("data", [])]
        if not rows:
            break
        out += rows
        offset += 1000
    df = pd.DataFrame(out)
    df["REPDTE"] = pd.to_datetime(df["REPDTE"], format="%Y%m%d", errors="coerce")
    return df.sort_values("REPDTE")


def failure(cert):
    # Zero or one row: present only if this CERT has failed.
    url = f"{BANKFIND}/failures"
    params = {"filters": f"CERT:{cert}", "limit": 1, "format": "json"}
    r = requests.get(url, params=params, timeout=60)
    r.raise_for_status()
    rows = r.json().get("data", [])
    return rows[0]["data"] if rows else {}


def trace(cert):
    inst = institution(cert)
    cr = call_reports(cert)
    fail = failure(cert)
    name = inst.get("NAME", f"CERT {cert}")

    # --- Capital trajectory: tier-1 leverage as a share of assets ----------
    cr["leverage_pct"] = 100.0 * cr["RBCT1J"] / cr["ASSET"]
    # --- Asset quality: noncurrent assets as a share of assets -------------
    cr["nonperf_pct"] = 100.0 * cr["NPERFV"] / cr["ASSET"]

    print(f"{name} (CERT {cert})")
    for _, q in cr.iterrows():
        d = q["REPDTE"].date()
        print(f"  {d}  leverage={q['leverage_pct']:.2f}%  "
              f"noncurrent={q['nonperf_pct']:.2f}%  ROA={q['ROA']:.2f}")

    if fail:
        fd = fail.get("FAILDATE", "?")
        cost = fail.get("COST")  # estimated cost to the Deposit Insurance Fund
        cstr = f"${float(cost):,.0f}K" if cost not in (None, "") else "n/a"
        print(f"  FAILED {fd}  estimated DIF cost {cstr}  "
              f"acquirer={fail.get('ACQINST', 'n/a')}")
    else:
        print("  No failure on record for this CERT.")
    return inst, cr, fail


# Example: trace one institution by its FDIC certificate number.
# CERT 24735 is Silicon Valley Bank, a headline 2023 regional-bank failure.
trace(24735)

Two practical notes apply. First, the exact field codes on the FFIEC call-report forms are numerous and change over time—the leverage and risk-based capital components, the past-due and nonaccrual schedules, and the income items each have specific identifiers that should be validated against the current FDIC financial-data dictionary before any production run, and some ratios the FDIC publishes pre-computed while others must be derived from raw line items. Second, the per-CERT API calls shown here are ideal for tracing a handful of named banks, but for population-scale work—building a failure model across every bank and every quarter—the FDIC's bulk financial-data downloads are far more efficient than tens of thousands of paginated requests, and they ship with the authoritative, version-stamped column definitions for each reporting period.

Limitations and analytical caveats

The four-source synthesis is unusually clean, but it carries limitations that a careful analyst internalizes before claiming to have predicted anything.

The data is quarterly and lagged. Call reports are filed after each quarter-end and then processed, so the most recent quarter of condition is always somewhat stale, and a fast-moving liquidity run—as 2023 showed—can outrun the reporting cycle entirely. The enforcement and failure dates are themselves lagging by nature: an order is issued only after examiners have already seen the trouble, and a failure is recorded only after the capital is gone. The public data is an excellent instrument for the slow, credit-driven deterioration that builds over many quarters; it is a weaker instrument for the sudden, confidence-driven failure that resolves in days.

The supervisory ratings are confidential. The CAMELS composite, the examination findings, and the informal supervisory actions that precede formal orders are not public. The analyst is reconstructing the data behind the supervisory view, not the view itself, and the Management component in particular is simply not observable in the numbers. A public-data model will therefore always miss some banks the regulators already knew were in trouble and will sometimes flag banks the regulators judged sound for qualitative reasons the data cannot see.

Survivorship and base rates distort backward-looking analysis.Studying only the banks that failed—the rows in the failed-bank list—teaches you what failed banks looked like, but not how to distinguish them from the far larger number of banks that showed similar stress and survived, often because they raised capital, were acquired, or simply rode out the cycle. Failures are rare events, so a model that achieves high accuracy by predicting “no failure” for everyone is worthless; the analysis must be framed against the full population of banks and the genuine base rate of failure, not against the failures alone.

Mergers and charter changes complicate the timeline. A bank can disappear from the active registry not because it failed but because it was acquired or consolidated, and a CERT can change status in ways that look superficially like distress. The institution directory's status field, joined to the failed-bank list, is what distinguishes a voluntary merger from a failure—and conflating the two, or attributing a successor's later trouble to a predecessor, is a recurring error in cross-source banking analysis. Held with these caveats in mind, the four FDIC datasets—institution, call report, enforcement, and failure, all keyed by the certificate number—are the most complete public record of how an American bank lives and dies, and the slow deterioration that precedes a failure is, for the analyst willing to read it, visible in the numbers long before the Friday closing.