skip navigation

Friday, April 25, 2014

[ – ] Text Size [ + ]  |  Print Page

SRC Insights: Third Quarter 2009

Amendments to Annual Audit and Reporting Requirements

Section 36 of the Federal Deposit Insurance Act (FDI Act) and the FDIC's implementing regulation Part 363—Annual Audit and Reporting Requirements, (part 363) sets forth requirements for all state member banks and other insured depository institutions with $500 million or more in total assets regarding annual audits and the filing of related reports with the appropriate federal banking agencies. As of June 23, 2009, the FDIC has amended part 363—to strategically incorporate sound audit and reporting practices from the Sarbanes-Oxley Act of 2002 and to address changes in the banking industry.1 Section 36 is generally intended to facilitate early recognition of problems in financial management at insured depository institutions; state member banks must file required reports with the FDIC and their District's Federal Reserve Bank. This article will cover some of the major amendments and detail the specific reporting requirements.

The final rule includes amendments to annual reporting requirements, clarifications to the independence standards applicable to accountants, amendments to filing and notice requirements, and additional audit committee duties. The following sections highlight key changes.

Compliance with Designated Laws and Regulations

The amendments to part 363 require that management's stated conclusion regarding compliance be included with management's assessment of compliance with laws and regulations pertaining to insider loans and dividend restrictions. Any noncompliance with such laws and regulations should also be included in this conclusion. The disclosure of any noncompliance will not require those responsible to be identified personally; however, the disclosure must include accurate qualitative and quantitative information relevant to the noncompliance, dividends, and insider loans involved. Any corrective actions taken by management should be included as well.

Better Explain and Increase Enforceability of Independence Standards for Independent Public Accountants

Required audit and attestation services must be performed by an independent public accountant. To qualify as an independent public accountant, one must meet the independence standards that apply to audits of both nonpublic and public companies. The revisions to part 363 explain that independent public accountants should be in compliance with the independence standards of the SEC and the AICPA, as well as the PCAOB when auditing public companies that have been approved by the SEC. If there is a situation in which more than one standard is relevant, the most restrictive of applicable standards should be adhered to. If an accountant does not meet the required standards, the FDIC (or other appropriate federal banking agency) has the power to dismiss, suspend, or prohibit an accountant from performing the necessary audit and attestation services.

Boards of Directors to Develop Written Criteria When Determining the Independence of Audit Committee Members

The amendment requires that the board of directors develop and uphold written criteria for establishing that a prospective or current audit committee member is an outside director and independent of management. The criteria include:

  1. The committee member cannot be an officer or employee of the institution or any affiliate of the institution.
  2. If the committee member owns 10 percent or more of any class of voting securities of the institution, the board of directors must decide and document whether this interferes with the committee member's "independent" judgment in carrying out their committee responsibilities.

These criteria must be applied annually (at a minimum) and recorded in the board's minutes.

Requirements Concerning Consolidated Assets of Bank Holding Companies

Previously, an insured depository institution that is a subsidiary of a bank holding company could use consolidated holding company financial statements to satisfy the auditied financial statements requirement of part 363 regardless of whether the assets of that insured depository institution subsidiary or subsidiaries of the holding company represented substantially all or only a minor portion of the holding company's consolidated total assets. The amendments now require that the insured depository institution assets comprise at least 75 percent of a holding company's total consolidated assets in order to file on a consolidated level.

In summary, the rationale for the change is that, in the past, when the assets of insured depository institution subsidiaries did not comprise a substantial portion of a holding company's consolidated total assets, the consolidated financial statements, including the accompanying notes to the financial statements, did not always provide sufficient information regarding the financial position and results of operations of these institutions. In addition, the extent of audit coverage provided to these institutions in the audit of the consolidated holding company was sometimes limited.

This specific revision will not be enforced until fiscal years ending on or after June 15, 2010, in order to give affected insured depository institutions time to comply.

Effective Dates

The amendments to part 363 will be effective 30 days after being published in the Federal Register. For most institutions, this will be year-end 2009. The exceptions to this rule are as follows:

  • December 31, 2009, will be the deadline for boards of directors to develop written criteria for determining the independence of an audit committee member.
  • The effective date for insured depository institutions to meet the 75 percent threshold for complying with Part 363 at the holding company level has been delayed until fiscal years ending on or after June 15, 2010.
Following are reporting requirement details for covered institutions.

Reports to be Filed for Institutions with $500 Million or More but Less than $1 Billion in Total Assets:

  1. Audited comparative annual financial statements
  2. The independent public accountant's report on the audited financial statements
  3. A management report that contains:
    1. A statement of management's responsibilities for:
      1. Preparing the annual financial statements
      2. Establishing and maintaining an adequate internal control structure over financial reporting
      3. Complying with the designated safety and soundness laws and regulations pertaining to insider loans and dividend restrictions
    2. An assessment by management of the institution's compliance with the designated laws and regulations pertaining to insider loans and dividend restrictions during the year, which must state management's conclusion regarding compliance and disclose any noncompliance with these laws and regulations

In general, an institution that is required to file, or whose parent holding company is required to file, management's assessment of the effectiveness of internal control over financial reporting with the Securities and Exchange Commission (SEC) or the appropriate federal banking agency in accordance with Section 404 of the Sarbanes-Oxley Act of 2002 must submit a copy of such assessment with its part 363 annual report as additional information. However, this assessment will not be considered part of the institution's part 363 annual report.

Reports to be Filed for Institutions with $1 Billion or More in Total Assets:

  1. Audited comparative annual financial statements.
  2. The independent public accountant's report on the audited financial statements.
  3. A management report that contains:
    1. A statement of management's responsibilities for:
      1. Preparing the annual financial statements
      2. Establishing and maintaining an adequate internal control structure over financial reporting
      3. Complying with the designated safety and soundness laws and regulations pertaining to insider loans and dividend restrictions
    2. An assessment by management on the effectiveness of the institution's internal control structure over financial reporting as of the end of the fiscal year that must:
      1. Identify the internal control framework used by management to evaluate the effectiveness of internal control over financial reporting
      2. State that the assessment included controls over the preparation of regulatory financial statements in accordance with regulatory reporting instructions and identify the regulatory reporting instructions
      3. State management's conclusion as to whether internal control over financial reporting is effective as of the institution's fiscal year-end
      4. Disclose all material weaknesses in internal control over financial reporting, if any, that management has identified that have not been remediated prior to the institution's fiscal year-end
    3. An assessment by management of the institution's compliance with the designated laws and regulations pertaining to insider loans and dividend restrictions during the year, which must state management's conclusion regarding compliance and disclose any noncompliance with these laws and regulations
  4. The independent public accountant's attestation report concerning the effectiveness of the institution's internal control structure over financial reporting. The accountant's report must not be dated prior to the date of the management report and management's assessment of the effectiveness of internal control over financial reporting and must:
    1. Identify the internal control framework used by the independent public accountant, which must be the same as the internal control framework used by management, to evaluate the effectiveness of the institution's internal control over financial reporting
    2. State that the independent public accountant's evaluation included controls over the preparation of regulatory financial statements in accordance with regulatory reporting instructions and identify the regulatory reporting instructions
    3. State the independent public accountant's conclusion as to whether internal control over financial reporting is effective as of the institution's fiscal year-end
    4. Disclose all material weaknesses in internal control over financial reporting, if any, that the independent public accountant has identified as not having been remediated prior the institution's fiscal year-end
  • 1   More information regarding these amendments can be found on the FDIC's website External Link.

The views expressed in this article are those of the author and are not necessarily those of this Reserve Bank or the Federal Reserve System.