The Sarbanes-Oxley Act of 2002 is perhaps the most visible and far-reaching response to the recent spate of corporate governance failures and accounting irregularities. However, for financial institutions, many of the provisions in Sarbanes-Oxley merely codify the internal controls and corporate governance requirements prescribed for financial institutions through FIRREA, FDICIA, and the Board of Governor's Regulation O, Loans to Executive Officers, Directors, and Principal Shareholders of Member Banks.
Although banks will need to comply with the legal provisions associated with Sarbanes-Oxley, most financial institutions already have the fundamentals of corporate governance entrenched in their operations. The significant majority of financial institutions already have rigorous processes to select qualified directors, ensure that the directors can devote an adequate commitment of time to the bank, provide continuous director training, provide solid management information, and balance the power of the CEO and directorate. However, notwithstanding the general strength of corporate governance in financial institutions, they too have been exposed to an increasing number of shareholder resolutions, most of which relate to corporate governance issues. In financial institutions, shareholder resolutions and questions have addressed issues such as executive compensation, expensing stock options, and the composition of the board of directors.
SR Letter 02-20, The Sarbanes-Oxley Act of 2002, discusses some of elements of Sarbanes-Oxley that might apply most directly to financial institutions.1 SR 02-20 includes discussions of:
One of the more visible changes to financial institution guidance related to Sarbanes-Oxley is the new Interagency Policy Statement on the Internal Audit Function and Its Outsourcing that was issued on March 17, 2003. The revised policy statement, which replaces the policy statement issued in 1997, also reflects the agencies' experience with the 1997 policy and incorporates recent developments in internal auditing.2 The Sarbanes-Oxley Act and SEC rules prohibit an accounting firm from acting as the external auditor of a public company at the same time that the firm provides internal audit services to the company. The revised policy statement discusses how this prohibition applies to (i) financial institutions that are public companies; (ii) insured depository institutions with $500 million or more in assets that are subject to the annual audit and reporting requirements of section 36 of the Federal Deposit Insurance Act (FDIA); and (iii) non-public institutions that are not subject to section 36. The new policy statement is discussed in the article "The Sarbanes-Oxley Act of 2002: The Task of Restoring Public Confidence" that appears in this issue of SRC Insights.
Another highly visible announcement was the December 17, 2002 interagency proposal that would provide for removal, suspension, or debarment of accountants or accounting firms from performing the audit services required by section 36 of the FDIA.3 Congress gave the federal banking supervisory agencies authority to remove, suspend, or debar accountants from performing the audit services required by section 36 if there is good cause to do so. The proposal reflects the increasing concern with the quality of audits of and internal controls over financial reporting at insured depository institutions. As proposed, a removal, suspension, or debarment under section 36 would limit an accountant's or accounting firm's eligibility to provide audit services to insured depository institutions with total assets of $500 million or more, but would not restrict its ability to provide audit services to financial institutions with less than $500 million in total assets or its ability to provide other types of services to all financial institutions. The Board of Governors and other federal banking supervisory agencies are reviewing the comments on the proposal and will be issuing final rules in the near future.
As apparent in the revised policy statement on internal audit, regulators will continue to factor the size and complexity of the organization when assessing risk management processes and analytic capability. While size and complexity will also be considered when assessing internal controls, there still may be a need for small banks to ensure that they implement effective compensating controls in areas where more traditional controls, such as segregation of duties, are less effective due to the institution's size. This became painfully apparent in one de novo Third District bank failure in the 1990s, as discussed in the article "Not Just Your Customer: Know Your Employee" that appears in this issue of SRC Insights.
A large number of companies, including a majority of financial institutions, have sound governance processes. However, corporate governance and internal controls have the most obvious impact on a company when they prove to be seriously lacking. Due to the potential disastrous consequences of ineffective corporate governance and internal controls, each and every financial institution would be well served if its management, with strong board of director involvement, reviews its governance and control structures with an open and unbiased eye.
Corporate Governance: |
The Indirect Effects
|Financial institutions are in a rather unique position of indirectlybut perhaps significantlybeing affected by breakdowns in corporate governance in other companies. Several financial institutions held large credit exposures to firms that followed questionable accounting practices and/or had weak corporate governance practices. The ramifications of those breakdowns negatively affected the collectiblity of the debt and caused additional provisioning for loan losses and/or charge-offs. The revelation of those credit problems related to corporate governance highlighted the need for expanded firm-wide MIS and risk management practices in commercial loan underwriting.|
The views expressed in this article are those of the author and are not necessarily those of this Reserve Bank or the Federal Reserve System.