Federal Deposit
Insurance Corporation

Make AT 501 mirror AS 2 comprehensively, for FDICIA required audits.  This would ensure that internal control assessments are applied uniformly whether banks are public or private, with the revised asset threshold.

External audit firms perform routine SAS 99 risk assessments for all internal control attestations at both public and private banks as a matter of due diligence.  However, AS 2, which provides whistleblower protections via PCAOB, among other provisions, for public bank personnel, does not technically apply to or protect private bank personnel, even though external auditors now issue SAS 99 questionnaires and interview key bank personnel for any known risks.  How can private bank personnel be open and willingly participate in the SAS 99 / AT 2 process if there is no whistleblower protection safeguard for such employees.  Even for the whistleblower at the public company, their effort can be an uphill battle to expose wrongdoing…but at least their covered under the law.

Then, the FDIC on August 16, 2005, issues guidance on implementing an (internal) fraud hotline to assist in the risk management, corporate governance, and detection of internal control deficiencies.  The guidance was issued with no distinction between public and private banks.  As of today, only a public bank employee should feel comfortable about coming forward with accounting, pension, or other corporate wrongdoing that should be investigated.  Especially, considering smaller, private community banks, where issues seem to fall by the wayside for political reasons, or simply the fear of reprisal keeps employees in check.

Public companies have the PCAOB (website) to report accounting issues in a safe, anonymous way that in most cases are considered or addressed, and ultimately.  Private (community) bank employees, are not protected, and I believe, are wrongly urged to report wrongdoing on the hotline the FDIC is now recommending.  The Inspector General hotline on the FDIC website is geared toward FDIC employees only.  

Most statistics about bank fraud point to the insider at both public and private banks where fraud or wrongdoing was discovered. 

I have a novel idea that adds to and would complement RIN 3064-AC91: 

Implement an interagency (OCC, FDIC, OTS) fraud hotline for both examiners and bank employees, similar to the FDIC Inspector General hotline, for all financial institutions employees one and all.