The Federal Deposit Insurance Corporation’s board has approved a notice of proposed rulemaking that would amend Section 36 of the Federal Deposit Insurance Act and its implementing regulation, Part 363. These amendments extend the objectives of Section 36 by incorporating sound practices into Part 363 and providing clearer, more complete guidance to institutions and independent public accountants on compliance.
The NPRM sets forth revised guidelines for annual independent audit and reporting requirements for insured depository institutions with total assets above certain thresholds. The asset-size threshold is $1 billion for internal control assessments, $500 million to $3 billion for audit committee requirements and $500 million for all other requirements. Comments on the NPRM were accepted by the FDIC until Jan. 31, 2008.
Notable changes reflected in the NPRM revised guidelines include internal control requirements; audit committee formation, composition, restructuring and duties; and engagement letters.
Financial Statements and Reporting
The NPRM provides criteria to determine if the audited financial statements and other requirements of Part 363 may be satisfied at a holding company level. For an institution to comply with Part 363 the total assets of a holding company’s insured depository institution subsidiary must comprise 75 percent or more of the holding company’s consolidated total assets. This threshold would ensure the independent audit work performed at the insured depository institution satisfies the intent of Section 36: early identification of needed improvements in financial management at insured institutions.
Management will be required to identify the internal control framework used to assess internal control over financial reporting. The evaluation must:
The deadline for a non-public institution to file its Part 363 Annual Report will be extended 30 days to within 120 days after the end of its fiscal year. The 30-day extension currently granted if an institution is faced with extraordinary circumstances beyond its reasonable control will be replaced with a late-filing notification. This notification must disclose the institution’s inability to meet the filing deadline for all or specified portions of its Part 363 Annual Report, the detailed reasons and the report filing date.
Transition Period for Forming & Restructuring Audit Committees
Many NPRM changes for audit committees incorporate certain corporate governance practices of public companies implemented under the Sarbanes-Oxley Act of 2002 into requirements for institutions subject to Part 363. The NPRM provides a one-year transition period for forming or restructuring the audit committee when:
Audit Committee Composition
Each insured depository institution subject to Part 363 must have an independent audit committee composed entirely of outside directors (i.e., a director who is not an officer or employee of the institution or any affiliate of the institution). The outside directors who serve on the audit committee must be independent of management, although a minority of audit committee members of institutions with $500 million or more but less than $1 billion in total assets need not be independent of management. The audit committee of any insured depository institution with $3 billion in total assets or more should include members with banking or related financial management expertise, have access to its own outside counsel and not include any large customers of the institution.
The NPRM also states the board of directors of an institution should maintain and use an approved set of written criteria for evaluating audit committee member independence, and the results and basis for the board’s determination should be recorded in the board’s minutes.
Audit Committee Duties
The audit committee’s duties should be appropriate to the size of the institution and the complexity of its operations. The NPRM states that an audit committee is to review the basis for the Part 363 Annual Report with both management and the independent public accountant. The committee will be made explicitly responsible for the appointment, compensation and oversight of the independent public accountant who performs services under Part 363. The committee also must review and satisfy itself as to the independent public accountant’s compliance with independence, peer review and other qualifications under Part 363.
Independent Public Accountant Engagement Letters
The NPRM requires the audit committee to ensure the audit engagement letters and any related agreements with the independent public accountant for services to be performed under Part 363 do not contain any limitation of liability provisions that:
Additional information about the proposed amendments may be found in the Federal Register, Volume 72, No. 212, Nov. 2, 2007, Part II – Federal Deposit Insurance Corporation, 12 CFR Parts 308 and 363, page 63210, Annual Independent Audits and Reporting Requirements, Proposed Rules section.
Brian J. Mischel is a member of BKD Financial Services Group, a division of BKD, LLP. He is based in BKD’s Louisville, Ky., office. Contact the author at bmischel(at)bkd.com.
Copyright © February 2008 BankNews Publications