Federal Deposit
Insurance Corporation

[Federal Register: February 21, 1996 (Volume 61, Number 35)]
[Rules and Regulations]               
[Page 6487-6500]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]


========================================================================
Rules and Regulations
                                                Federal Register
________________________________________________________________________

This section of the FEDERAL REGISTER contains regulatory documents 
having general applicability and legal effect, most of which are keyed 
to and codified in the Code of Federal Regulations, which is published 
under 50 titles pursuant to 44 U.S.C. 1510.

The Code of Federal Regulations is sold by the Superintendent of Documents. 
Prices of new books are listed in the first FEDERAL REGISTER issue of each 
week.

========================================================================



[[Page 6487]]


FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Part 363

RIN 3064-AA83

 
Annual Independent Audits and Reporting Requirements

AGENCY: Federal Deposit Insurance Corporation (FDIC or Corporation).

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The FDIC is amending its regulations concerning annual 
independent audits and reporting requirements. Section 314 of the 
Riegle Community Development and Regulatory Improvement Act of 1994 
(RCDRIA) amended sections 36(i) and 36(g)(2) of the Federal Deposit 
Insurance Act (FDI Act). Section 36 of the FDI Act is generally 
intended to facilitate early identification of problems in financial 
management at larger insured depository institutions through annual 
independent audits, assessments of the effectiveness of internal 
controls and of compliance with designated laws and regulations, and 
more stringent reporting requirements. Section 314(a) provides relief 
from certain duplicative reporting under section 36 of the FDI Act for 
sound, well managed insured depository institutions with over $9 
billion in total assets which are subsidiaries of multibank holding 
companies. Section 314(b) requires the Corporation to notify a large 
insured depository institution in writing if it decides a review by an 
independent public accountant of such an institution's quarterly 
financial reports is required. This regulation governs annual 
independent audits and implements section 36 of the FDI Act. This 
amendment conforms the regulations to the amended statute.
    In addition, the FDIC is making several technical amendments to the 
Guidelines and Interpretations (Guidelines) that were published as an 
appendix to the annual independent audit regulations. The FDIC also is 
amending Schedule A to the appendix, ``Agreed Upon Procedures for 
Determining Compliance with Designated Laws'', to implement recent 
amendments to the federal regulations concerning loans to insiders, 
improve the format of the procedures, streamline the specific 
procedures, and eliminate ambiguities. These amendments reflect the 
experience of the Corporation, financial institutions, and accountants 
using the existing procedures during the past two years.

EFFECTIVE DATE: April 1, 1996.

FOR FURTHER INFORMATION CONTACT: Doris L. Marsh, Examination 
Specialist, Division of Supervision (202) 898-8905, FDIC, 550 17th 
Street NW., Washington, DC 20429, or Sandra Comenetz, Counsel, Legal 
Division, (202) 898-3582, FDIC, 550 17th Street NW., Washington, DC 
20429.

SUPPLEMENTARY INFORMATION:

I. Paperwork Reduction Act

    The collection of information contained in this amendment has been 
reviewed and approved by the Office of Management and Budget under 
control number 3064-0113, pursuant to section 3504(h) of the Paperwork 
Reduction Act (44 U.S.C. 3501 et seq.). This information collection is 
mandated by section 36 of the FDI Act (12 U.S.C. 1831m), which was 
added by section 112 of FDICIA (Pub. L., 102-242, 105 Stat. 2242).
    The total estimated reporting burden for the collection under Part 
363 is:
    Number of Respondents: 450.
    Number of Responses per Respondent: 3.19.
    Total Annual Responses: 1,435.5.
    Hours per Response: 40.38.
    Total Annual Burden Hours: 57,970.
    The changes to this collection of information have been reviewed 
and approved by OMB pursuant to the Paperwork Reduction Act. Comments 
on the accuracy of the burden estimate, and suggestions for reducing 
the burden, should be directed to the Office of Management and Budget, 
Paperwork Reduction Project 3064-0113, Washington, D.C. 20503, with 
copies of such comments to Steven F. Hanft, Office of the Executive 
Secretary, Room F-400, 550 17th St. N.W., Washington, D.C. 20429.

II. Regulatory Flexibility Act

    The rule expressly exempts insured depository institutions having 
assets of less than $500 million, and, for that reason, is inapplicable 
to small entities. Therefore, pursuant to section 605(b) of the 
Regulatory Flexibility Act (Pub. L. 96-354, 5 U.S.C. 601 et seq.), it 
is certified that the rule would not have a significant impact on a 
substantial number of small entities.

III. Background

    Section 112 of the Federal Deposit Insurance Corporation 
Improvement Act of 1991 (FDICIA) added section 36, ``Independent Annual 
Audits of Insured Depository Institutions'', to the FDI Act (12 U.S.C. 
1831m). Section 36 requires the FDIC, in consultation with the 
appropriate federal banking agencies, to promulgate regulations 
requiring each insured depository institution over a certain asset size 
(covered institution) to have an annual independent audit of its 
financial statements performed in accordance with generally accepted 
auditing standards and section 37 of the FDI Act (12 U.S.C. 1831n), and 
to provide a management report and an independent public accountant's 
attestation concerning both the effectiveness of the institution's 
internal controls for financial reporting and its compliance with 
designated safety and soundness laws. Section 36 also requires each 
covered institution to have an independent audit committee. The audit 
committee of each large covered institution (total assets exceeding $3 
billion) must meet certain additional requirements.
    Section 36 also requires the FDIC, in consultation with the other 
federal banking agencies, to designate laws and regulations concerning 
safety and soundness. This section requires the institution's 
independent public accountant to perform procedures agreed upon by the 
Corporation to determine an institution's compliance with such 
designated laws and regulations. The laws and regulations selected by 
the Corporation (Designated Laws) are the federal laws and regulations 
concerning loans to insiders and the federal and state laws and 
regulations concerning dividend restrictions.
    In June 1993, the FDIC published 12 CFR Part 363 (58 FR 31332, June 
2, 1993) to implement the provisions of 

[[Page 6488]]
section 36 of the FDI Act. Under Part 363, the requirements of section 
36 apply to each insured depository institution with $500 million or 
more in total assets at the beginning of any fiscal year that begins 
after December 31, 1992. Part 363 also includes Guidelines and 
Interpretations (Appendix A to Part 363), which are intended to assist 
institutions and independent public accountants in understanding and 
complying with Section 36 and Part 363. Appendix A to Schedule A 
contains the agreed-upon procedures that must be performed by an 
institution's independent public accountant in order to permit the 
accountant to report on the extent of compliance with the Designated 
Laws as required by Section 36(e)(1) and (2).
    Section 314 of RCDRIA amends sections 36(i) and 36(g)(2) of the FDI 
Act (12 U.S.C. 1831m(i) and (g)(2)). The purpose of section 314(a) is 
to provide relief from certain duplicative reporting under section 36 
of the FDI Act for sound, well managed insured depository institutions 
with over $9 billion in total assets which are subsidiaries of 
multibank holding companies. Section 314(b) requires the FDIC to notify 
a large insured depository institution in writing if the FDIC decides 
to require a review by an independent public accountant of such 
institution's quarterly financial reports.
    Section 36(g)(2) of the FDI Act authorizes the FDIC to require 
independent public accountants for ``large institutions'' to review 
such institutions' quarterly financial reports. When the FDIC adopted 
Part 363, it elected not to exercise its authority in this area for 
reasons of cost and limited expected benefits, preferring instead to 
request such reviews on a case-by-case basis. The FDIC continues to 
believe that this is appropriate. Should the FDIC decide to request an 
independent public accountant's review of the quarterly financial 
statements of a large insured depository institution, it will make the 
request in writing. The regulation is being amended to reflect section 
314(a); no regulatory action is needed for section 314(b) which speaks 
for itself.
    In addition, the regulation is being amended to reflect the current 
provisions of federal regulations concerning loans to insiders (Federal 
Reserve Board Regulation O, 12 CFR Part 215), which are included in one 
of the Designated Laws, but were amended themselves during 1994.
    Lastly, Section 303 of RCDRIA requires the each federal banking 
agency to streamline and modify its regulations and policies in order 
to improve efficiency and reduce unnecessary burden. The FDIC believes 
that Part 363 and its final amendment are consistent with the 
requirements of section 303.

IV. Proposed Rule

    The FDIC sought public comment on proposed amendments to Part 363 
and the Guidelines in February 1995 (60 FR 8583, February 15, 1995). 
The FDIC proposed to amend certain paragraphs of 12 CFR Part 363 to 
conform to the amended statute. The FDIC also proposed to make 
technical and clarifying changes to the Guidelines in Appendix A.
    In addition, initial experience with Part 363 indicated that 
certain clarifications of the specific procedures in Schedule A to 
Appendix A of the Guidelines would make them more efficient and less 
burdensome. The FDIC therefore proposed amending Schedule A to Appendix 
A--Agreed Upon Procedures for Determining Compliance with Designated 
Laws, to eliminate ambiguities, improve the format of the procedures, 
streamline the specific procedures, and reflect the recent amendments 
to the federal regulations concerning loans to insiders (12 CFR Part 
215). The proposal reflected the experience of the Corporation, 
institutions, and accountants with the existing procedures during the 
period since their adoption in June 1993.

A. Proposed Amendments to the Rule

    Section 363.1--Scope. To make Sec. 363.1(b) consistent with section 
314(a)(1) of RCDRIA, the phrase ``but less than $9 billion'' was 
proposed to be deleted from the provisions of the regulation describing 
the institutions eligible to report using the holding company exception 
set forth in section 36(i). Section 36 originally required each 
institution with total assets exceeding $9 billion to have its own 
audit committee and to file a management report and attestations by the 
independent public accountant on internal controls and compliance with 
designated laws and regulations. This has been particularly burdensome 
for many large institutions which are subsidiaries of multibank holding 
companies because they have had to have their own separate audit 
committee, whose function was often duplicative of the holding company 
audit committee. In addition, the holding company typically has had to 
file two sets of management reports and attestations by the independent 
public accountant: one on the institution which exceeded $9 billion in 
total assets and another on the holding company group in order to cover 
the smaller institutions also subject to Part 363. In many cases, these 
reports were duplicative since the large institution was the dominant 
institution in the holding company group. Section 314(a) eliminates 
this duplication by permitting sound, well-managed insured depository 
institutions with over $9 billion in total assets which are 
subsidiaries of multibank holding companies to use the holding company 
audit committee and to submit reports as part of the holding company 
group.
    The FDIC also proposed to add a paragraph, consistent with section 
314(a)(3) of RCDRIA, to explain that the appropriate federal banking 
agency may require a large institution subsidiary of a holding company 
to have its own audit committee and report separately if it determines 
that the institution's use of the holding company exception in section 
36(i) would create a significant risk to the affected deposit insurance 
fund.
    Section 363.4--Filing and notice requirements. It was proposed to 
correct Sec. 363.4(b) so that it would be clear that only the annual 
report in Sec. 363.4(a)(1) is available for public inspection and that 
the attestation by the independent public accountant concerning 
compliance with Designated Laws is not a document available to the 
public.
    Section 363.5--Audit committees. A new sentence was proposed to be 
added to make the Rule consistent with section 314(a) of RCDRIA, which 
prohibits any large customers of a large insured depository institution 
from being members of the audit committee of the institution's holding 
company if the institution relies on the audit committee of the holding 
company to comply with this rule.

B. Amendments to Appendix A to Part 363--Guidelines and Interpretations

    4. Comparable Services and Functions--Guideline 4(c) under ``Scope 
of Rule'' was proposed to be amended to replace the phrase ``all 
subsidiary institutions'' with the phrase ``those subsidiary 
institutions'' to clarify that only information pertaining to covered 
institutions, not all subsidiaries of a holding company, must be 
included in reports filed under Part 363.
    9. Safeguarding of Assets. The last two sentences of Guideline 9 
and the footnote to the Guideline, which explained how the independent 
public accountant should treat the lack of criteria against which 
``safeguarding of assets'' may be judged for financial reporting, were 
proposed to be revised. The FDIC's concern over the lack of criteria, 
which existed at the time of the adoption of Part 363, was eliminated 
in May 1994, as a result of the issuance by 

[[Page 6489]]
Committee of Sponsoring Organizations (COSO) of the Treadway Commission 
of an Addendum to the ``Reporting to External Parties'' volume of 
COSO's September 1992 Internal Control--Integrated Framework (COSO 
Report). The Addendum expanded the discussion of the scope of a 
management report on internal controls to address additional controls 
pertaining to safeguarding of assets. The FDIC proposed to replace the 
last two sentences of the Guideline with specific references to types 
of safeguarding that should be covered by management and the 
independent public accountant in their reports.
    10. Standards for Internal Controls. In the footnote to Guideline 
10, the Addendum to the COSO Report was proposed to be added to the 
list of sources of information on safeguarding of assets and standards 
for internal controls for financial reporting that may be considered 
for use by institutions. In addition, it was proposed that the American 
Institute of Certified Public Accountants' (AICPA) Statement on 
Auditing Standards No. 55 (SAS 55), ``Consideration of the Internal 
Control Structure in a Financial Statement Audit,'' should replace 
AICPA Statement on Auditing Standards No. 30 (SAS 30), ``Reporting on 
Internal Accounting Control,'' in the footnote to Guideline 10.
    15. Peer Reviews--Guideline 15 requires each independent accountant 
to be enrolled in or have received a peer review that meets certain 
guidelines. These guidelines state that the peer review must be 
consistent with American Institute of Certified Public Accountants 
(AICPA) standards. Since the AICPA combined the two of its three 
standards for performing and reporting on peer reviews, those for 
Private Companies Practice Section and for its Quality Reviews into one 
standard on Peer Reviews, the footnote to Guideline 15 was proposed to 
be amended to identify the two remaining acceptable AICPA standards: 
Standards for Performing and Reporting on Peer Reviews, contained in 
Volume 2 of the AICPA's Professional Standards, and Standards for 
Performing and Reporting on Peer Reviews, codified in the SEC Practice 
Section Reference Manual.
    24. Relief from Filing Deadlines--This Guideline explains the 
circumstances in which an institution may request an extension of a 
filing deadline, but makes reference to section 36 in doing so. The 
phrase referring to section 36 of the FDI Act in Guideline 24 was 
proposed to be deleted since section 36 does not grant authority to the 
FDIC to provide relief to, or exempt institutions from, provisions in 
the statute.
    31. Holding Company Audit Committees--The proposal sought to revise 
Guideline 31 because it had been widely misunderstood. The existing 
Guideline provides that members of a holding company's independent 
audit committee may serve as the audit committee of any subsidiary 
institution if they are otherwise independent of the subsidiary's 
management. However, this was not intended to apply where an insured 
depository institution subsidiary has $5 billion or more in total 
assets, and a 3, 4, or 5 composite CAMEL rating and is not eligible to 
use the holding company exception in section 36(i). Such a subsidiary 
must have its own audit committee separate from the audit committee of 
the holding company. Guideline 31 was proposed to be amended to clarify 
this point.
    In addition, existing Guideline 31 did not make it clear that when 
an institution eligible to use the holding company exception relies on 
a holding company audit committee in order to comply with this rule, 
the holding company audit committee must meet the requirements for the 
audit committee of the largest subsidiary institution. To be eligible 
to use the holding company exception, an insured depository institution 
subsidiary must have either less than $5 billion in total assets, or $5 
billion or more in total assets and a 1 or 2 composite CAMEL rating, 
and its holding company must perform services and functions comparable 
to those required by the statute. Accordingly, it was proposed to amend 
Guideline 31 to clearly indicate that when an eligible institution 
chooses to rely on the holding company's audit committee, the members 
of the audit committee of the holding company are expected to meet the 
membership requirements of the largest subsidiary depository 
institution and may perform the duties of the audit committee for a 
subsidiary institution without becoming directors of the institution.
    32. Duties--The second sentence of Guideline 32 was proposed to be 
amended to complete the citation to certain sections of Part 363. As 
proposed, the sentence would state that the duties of a covered 
institution's audit committee should be appropriate to the size of the 
institution and the complexity of its operations, and should include 
reviewing with management and the independent public accountant the 
basis for the reports issued under Secs. 363.2(a) and (b) and 363.3(a) 
and (b) of the Rule. At present, the citation refers only to 
Sec. 363.2(b) of the Rule.

C. Amendments to Schedule A to Appendix A--Agreed Upon Procedures for 
Determining Compliance With Designated Laws

    The agreed upon procedures in Schedule A were proposed to be 
amended to clarify the numbering system, make the procedures consistent 
with amendments to insider loan regulations, and adopt suggestions of 
institutions and accountants to make the performance of the agreed upon 
procedures more efficient and less burdensome.
    Proposed formatting changes included renumbering the paragraphs and 
adding more subject titles. The procedures applicable to insider 
extensions of credit granted, insider extensions of credit outstanding, 
aggregate insider extensions of credit outstanding, overdrafts, 
limitations on extensions of credit to executive officers, and reports 
on indebtedness to correspondent banks were proposed to be placed in 
separate subsections of the procedures for more efficient performance 
of the procedures and ease of reference. The amendments to the Federal 
Reserve Board's Regulation O (12 CFR Part 215), the federal rules 
governing insider loans, necessitated numerous citation changes.
    As proposed, accountants would be permitted to use the most 
recently completed Reports of Condition and Income (Call Report) or 
Thrift Financial Report (TFR) when the procedures are being performed 
rather than requiring the use of only the year-end Call Report or TFR. 
The scope of the required reading of board and committee minutes and 
reports under the Securities Exchange Act of 1934 was proposed to also 
be more clearly defined. Inadvertent overdrafts in an aggregate amount 
of $1,000 or less, which are exempt from Regulation O proscriptions 
(see 12 CFR 215.4(e)), were proposed to no longer be separately tracked 
by institutions, listed when certain representations are made by 
management, or tested by the accountant. Where accountants had 
previously been expected to compare insider transactions to 
transactions with nonaffiliated persons, the comparison period within 
which nonaffiliated transactions can take place was proposed to be 
expanded from four to eight weeks. In addition, where no maximum number 
of transactions (to which comparisons must be made) had previously been 
included, comparisons were proposed to be limited to a maximum of 
three. An alternative procedure that permitted the terms of the insider 
transaction to be compared 

[[Page 6490]]
to existing lending policies also was proposed.
    To ensure that some tests were performed on each category of 
extension of credit, including overdrafts and loans from correspondent 
banks, the existing agreed-upon procedures directed accountants to 
obtain three separate samples. Based on suggestions received for 
improving the procedures covering extensions granted and outstanding 
during the year, the proposal had accountants focus the testing on a 
sample of insiders rather than a sample of transactions.
    Under the present guidelines, an institution may choose to have 
some of the required testing in the agreed-upon procedures performed by 
its internal auditor with less testing performed by its independent 
public accountant. However, in some situations in multibank holding 
companies, the internal auditor may be required to perform more testing 
than was required of the external auditor. When the holding company 
exception set forth in section 36(i) is used at a holding company with 
more than one covered subsidiary institution, the FDIC proposed to 
extend to internal auditors the same testing requirements that have 
been applicable to independent public accountants. Specifically, this 
would eliminate the existing requirement that internal auditors perform 
the procedures on each covered subsidiary every year. Thus, the testing 
of samples from all covered subsidiaries every two or three years that 
has been required of independent public accountants was proposed to 
also apply to internal auditors. It was further proposed that the lead 
institution or a few very large covered subsidiary institutions be 
included every year in the testing by both accountants and internal 
auditors. However, in response to the proposed reduction in testing 
requirements applicable to internal auditors, the FDIC proposed to 
increase the size of the samples required to be tested by the 
independent public accountant from the present 20 percent to 30 percent 
of the size of the samples used by the internal auditor. This change 
was not expected to generally result in any increase in the number of 
transactions tested by the independent public accountant for reports on 
holding companies with two or more covered subsidiary institutions.

V. Discussion of Final Rule and Public Comments

    The FDIC received 16 comment letters concerning the proposed 
amendments. Ten of the comment letters were from large banks, thrifts, 
and holding companies; three from banking trade organizations; two from 
accounting and auditing organizations; and one from an accounting firm.
    The letters supported the addition to the rule of the changes 
mandated by the Riegle Community Development and Regulatory Improvement 
Act of 1994. They also were generally supportive of the proposal's goal 
to make the agreed-upon procedures in Schedule A to Appendix A less 
burdensome. However, many commenters stated their belief that Section 
36 and its implementing rule were unnecessary and costly to comply 
with. Many commenters urged that the sections of the statute concerning 
compliance with safety and soundness laws and regulations, including 
both the management report and accountant's attestation, be eliminated. 
Nevertheless, barring any Congressional action in this regard, the 
commenters supported the Corporation's efforts to revise and reformat 
the agreed-upon procedures in Schedule A to Appendix A.
    Regarding the specific changes to the procedures, commenters 
approved not having to list smaller overdrafts in the insiders' 
extensions list. Permitting internal auditors to do the same amount of 
testing on holding companies as external auditors was also supported. 
Commenters also agreed with the amendment to Sec. 363.4(b) to clarify 
that the attestation by the independent public accountant concerning 
compliance with Designated Laws is not a document available to the 
public.
    One respondent recommended that the FDIC limit the time in which it 
may require the review of a large institution's quarterly financial 
statements to no later than 30 days after the end of each quarter. This 
suggestion was not adopted because the FDIC anticipates that any 
request would be made prior to that time. Moreover, since this 
authority has never been used, the need for a time limit has not been 
established.
    As discussed in the following paragraphs, the FDIC has considered 
respondents' comments concerning the specific aspects of the proposed 
amendments to Part 363, Appendix A to Part 363, and Schedule A to 
Appendix A.

A. Amendments to Part 363

    One commenter suggested that the FDIC define ``large institution'' 
for purposes of section 363.5, Audit committees, as institutions with 
$5 billion or more in total assets. The FDIC previously defined that 
term to mean any insured depository institution with total assets 
exceeding $3 billion when it adopted Part 363 in 1993 and is not 
convinced the definition should be changed. Another commenter 
recommended that when dealing with reporting by a holding company, the 
term ``large customer'' in section 363.5 should be compared to the 
assets of an entire holding company, not any single institution. 
However, section 314(a)(2) of the RCDRIA precludes such a change 
because it provides that ``the audit committee of the holding company 
of [a large] institution shall not include any large customers of the 
institution.'' [Emphasis added.]

B. Amendments to Appendix A to Part 363--Guidelines and Interpretations

    The amendments to Appendix A that are discussed below are 
identified by the number and caption of the revised Guideline.
    4. Comparable Services and Functions. Two commenters suggested that 
the rule be revised to require that when covering a holding company, 
the accountant's attestation on the adequacy of internal controls over 
financial reporting cover all subsidiaries of that holding company, 
including subsidiaries that are not insured depository institutions. 
These commenters stated that professional standards for attestation 
engagements (i.e., Statement of Standards for Attestation Engagements 
No. 2, ``Reporting on an Entity's Internal Control Structure Over 
Financial Reporting'' (AICPA, Professional Standards, vol. 1, AT sec. 
400), which superseded Statement of Auditing Standards No. 30, 
``Reporting on Internal Accounting Control) require that all entities 
covered by the financial report must be included in the attestation on 
internal controls for financial reporting. However, the statute applies 
only to insured depository institutions. Thus, the FDIC may not have 
the authority to enforce the rule against other entities. Nevertheless, 
the FDIC would not take exception to the inclusion of all entities 
covered by the financial report in the internal control attestation.
    9. Safeguarding of Assets. Numerous commenters appeared to 
misunderstand the proposed revision of this guideline. It was not 
intended to require the use of the phrase ``safeguarding of assets'' in 
either the management report or accountant's attestation, and the final 
amendment so states. The proposed replacement of the two sentences of 
the original Guideline with specific references to types of 
safeguarding has been revised. The sentence from the original 
Guideline, ``The FDIC does not require the accountant to attest to the 
adequacy of safeguards, but does require the accountant to determine 
whether 

[[Page 6491]]
safeguarding policies exist,'' which had been proposed for elimination, 
is being retained.
    32. Duties. In this Guideline's discussion of the audit committee's 
duty to review the reports prepared by management and the independent 
public accountant under this rule, the words ``the reports'' have been 
changed to ``their respective reports.'' This clarifies that the audit 
committee should review management reports with management, and the 
reports of the independent public accountant with the accountant.

C. Amendments to Schedule A to Appendix A

    Several commenters expressed concern about the action an accountant 
must take when a change occurs in the information that had previously 
been provided to the accountant in a written representation. A new 
statement has been added to Schedule A to clarify that unless otherwise 
stated, the date of any required representation should be the same as 
the date of the attestation report, and the representation should 
provide information available as of that date.
    A new sentence also has been added at the beginning of Schedule A 
explaining that where any representation is required, it should be 
obtained in writing.
    One commenter observed that the agreed-upon procedures required 
that calculations be compared to the total risk-based capital reported 
on the bank Reports of Condition and Income (Call Report). However, 
this amount, which was formerly reported in item 3 of Schedule RC-R, 
was deleted from the Call Report as of March 31, 1995, but the Federal 
Financial Institutions Examination Council has approved its restoration 
to the Call Report in March 1996. Therefore, no change is made to 
Schedule A. Nevertheless, for the period this item is not reported in 
the bank Call Report, no exception need be reported for the inability 
to perform this comparison procedure.
1. Section I. Procedures for Individual Institutions
    Many suggestions for clarifying the text were adopted in the final 
rule.
    a. Loans to Insiders. In response to concern about the burden 
associated with the amount of information that the accountant must 
read, the procedures in section I.A.1. of Schedule A of Appendix A have 
been revised to more specifically identify the sections and paragraphs 
of the laws and regulations that must be read. More specifically, the 
accountant is required to read only those laws and regulations that 
pertain to the institution based on its charter and primary federal 
banking agency. To lessen the burden of reading all board of directors 
and appropriate committee minutes and all SEC filings, the final 
procedures have been revised to require the accountant to read only 
those documents which management represents contain pertinent insider 
lending information. In addition, Tables 1 and 2, which identify the 
designated laws and regulations, have been included at the end of 
Schedule A to Appendix A to clarify the applicable reading for each 
type of insured institution.
    Several respondents expressed concerned about the burden of 
obtaining or maintaining all ``other records'' about insider loans in 
one location when they had numerous officers and worldwide operations. 
This reflected an apparent misunderstanding of the requirement in 
paragraph I.A.2.a.(4) of Schedule A to Appendix A. Federal Reserve 
Board Regulation O permits institutions to conduct an annual survey of 
all insiders or to maintain ``other records'' rather than the survey. 
The proposed wording, ``and/or,'' was drafted to try to accommodate 
this Regulation O provision. However, for clarity, only the word ``or'' 
is used in the final amendment so that it is understood that all 
insider loan records need not be accumulated in one location in order 
for these procedures to be performed.
    To make the procedures more consistent with the requirements of 
Regulation O and the operations of many institutions, footnote 2 has 
been revised to permit overdrafts of $1,000 or less without overdraft 
protection, and overdrafts of $5,000 or less with overdraft protection, 
to be omitted from the Insiders Extensions List.
    Many commenters sought clarification of the phrase ``most recently 
completed Call Report.'' They inquired whether the FDIC meant the most 
recently completed Call Report whether or not it had been filed, the 
most recently filed Call Report whether or not its editing had been 
completed by the appropriate federal banking agency for release to the 
public, or the most recently filed Call Report that was available for 
release to the public. Appendix A has been revised throughout to 
indicate that the most recently filed Call Report, whether or not it is 
available for release to the public, should be used. In this regard, a 
new footnote has been added to describe what should be done when the 
procedures call for information during the previous fiscal year and a 
Call Report for a date other than a calendar year-end Call Report is 
used. The footnote indicates that the accountant should use information 
pertaining to the period beginning from the date of the most recently 
filed Call Report back to the latest Call Report date for which these 
procedures were performed in the prior year.
    The proposal required management to represent that any persons 
``excluded'' from being executive officers were named as such in a 
board resolution or the by-laws. Many commenters stated that boards 
typically ``include'' persons as executive officers either specifically 
by name or by specific office occupied. Paragraph I.A.2.a.(7)(b) of 
Schedule A has been revised to require management to confirm the 
``inclusion'' of executive officers by board resolution or in the by-
laws.
    Commenters also stated that requiring accountants to trace and 
agree every loan and extension of credit on the Insiders Extensions 
List in Paragraph I.A.2.b.(2) of Schedule A was burdensome in a large 
institution with many officers and directors. To lessen that burden, 
the final regulation has been changed so that only a ``sample'' of such 
loans needs to be traced and agreed.
    The proposal considered the following to be issues for which boards 
of directors would have adopted specific policies: revising the 
institution's policies to reflect subsequent changes in laws and 
regulations; educating employees about legal requirements and 
management's related policies and procedures; and reporting insider 
loans to regulatory agencies on the institution's Call Report or TFR. 
However, these issues are not typically addressed in board policies. 
For that reason, although they had been included in the existing 
regulation, they have been removed from Paragraph I.A.3.b. of Schedule 
A.
    Several commenters suggested that the FDIC set size limits for the 
samples to be tested under the various agreed-upon procedures in 
Schedule A. The FDIC remains opposed to this because it believes that 
setting sample sizes for testing should remain the responsibility of 
the auditing profession. The American Institute of Certified Public 
Accountants has previously suggested the following sample sizes for 
purposes of testing under Part 363. The FDIC has raised no objection.

------------------------------------------------------------------------
            Population No. (N)                       Sample size        
------------------------------------------------------------------------
100 or greater............................  60                          
50 to 100.................................  25                          
0 to 50...................................  N or 20, whichever is       
                                             smaller                    
------------------------------------------------------------------------


[[Page 6492]]


    There were many comments on Paragraphs I.A.5.b.(2) and (3) of 
Schedule A, which address the calculation of an institution's 
individual lending limit and the number of transactions involving each 
insider in the sample that must be tested. The Offices of the 
Comptroller of the Currency (OCC) and Thrift Supervision (OTS) now 
permit institutions to calculate the individual lending limit as of the 
Call Report or TFR date immediately preceding the loan origination 
date, rather than requiring them to calculate the limit on the exact 
date the loan was granted. Commenters urged the FDIC to incorporate 
this method in the procedures. They also suggested that the burden of 
these procedures could be reduced by testing one transaction per 
insider, not all types of transactions, and that eliminating or 
substantially lengthening the time frame for comparing the terms of 
transactions to see whether they are preferential. Many of these 
changes have been made. However, the time frame for the comparison of 
loans has not been eliminated. Instead, this time frame was extended 
from the existing two weeks and proposed four weeks before or after the 
granting of the loan to 90 days prior or subsequent to the grant date. 
This provides a window of approximately six months in which to find 
similar loans. The FDIC concluded that a longer period would not be 
appropriate because significant changes in market interest rates may 
occur during such a period. As an alternative, each insider loan in the 
sample may be compared with the institution's approved policies 
delineating the interest rate and other terms and conditions in effect 
for similar extensions of credit to unaffiliated borrowers.
    Commenters also requested that, for purposes of paragraph 
I.A.5.b.(3), examples of ``similar extensions of credit'' and ``terms 
of the transactions'' be included. Paragraph I.A.5.b.(3) has been 
revised to include such examples.
    The final wording of paragraph I.A.6.b.(4) has been narrowed so 
that it applies only if the credit extended is a real estate loan 
granted for the purchase, construction, maintenance, or improvement of 
the executive officer's residence. The proposed wording would have 
included home equity loans for general consumer purchases, but this 
type of loan is not covered by the provision of the Designated Laws 
being tested under paragraph I.A.6.b.(4).
    Several commenters mentioned that performing the procedures based 
on their most recently filed Call Report or TFR permitted them to 
perform the procedures prior to year end, but requiring the use of the 
reports on indebtedness to correspondent banks, which is not due until 
January 31 of the following year, kept them from completing the 
procedures in a timely manner. To remedy this problem, paragraph 
I.A.9.a.(1) of the final rule permits institutions that use a calendar 
year fiscal year to use the reports on indebtedness to correspondent 
banks prepared for the prior year in order to perform the procedures. 
Any duplication during the first year that this procedure may cause 
need not be performed, and in future years the institution should 
continue to use the preceding year's report. However, should an 
institution that has previously made this choice decide to revert to 
using the reports of indebtedness to correspondent banks filed in the 
following year, it will be expected to perform the procedures for the 
two years' reports so that continuity in the coverage of the procedures 
is maintained.
    b. Dividend Restrictions. A sentence has been added to explain that 
since laws and regulations pertaining to dividend restrictions cover 
institutions and not holding companies, the procedures in Part B should 
be followed for each institution and subsidiary institution of a 
holding company covered by this part. However, if the holding company 
has more than five subsidiary institutions covered by this part, the 
procedures may be performed on a sample of dividend declarations. The 
number ``five'' was chosen based on sample sizes suggested by the 
American Institute of Certified Public Accountants. The AICPA stated 
that when there are fewer than 50 transactions in the population to be 
sampled, the smaller of the total number of transactions, or 20 items, 
were to be tested. In this regard, if each of five covered institutions 
declared dividends quarterly, there would be 20 transactions to test.
    Commenters suggested that the FDIC should permit the most recent 
quarter end (or month end, if available) to be used for determining 
whether the declaration of a dividend would cause the institution to be 
undercapitalized rather than requiring the institution to perform this 
calculation as of the exact date the dividend is declared. This 
suggested method would be consistent with recent rulings by the OCC and 
OTS that quarter-end Call Reports may be used for calculating legal 
lending limits. The final rule permits use of quarter-end date.
2. Section II. Procedures for the Independent Public Accountant
    The proposal would have required that if an internal auditor 
performed part of the procedures in Section I, a summary of 
``significant'' findings and management's response should be filed with 
the FDIC and appropriate federal banking agency as part of the 
institution's annual submission. However, it is now noted that if any 
findings are ``significant,'' they should be disclosed in management's 
report and attestation. For that reason, the word ``significant'' has 
been deleted from Section II, but the requirement for a summary is 
retained so that the agencies receive information about the internal 
auditor's findings.
    As proposed, the amount of testing the independent public 
accountant would be required to perform under paragraph II.B.3.a. was 
raised from 20 to 30 percent of the size of the sample tested by the 
internal auditors. This change was suggested because the proposal 
reduced the amount of testing that internal auditors would be required 
to perform on a holding company. Several commenters stated the increase 
was burdensome and unnecessary. The FDIC continues to believe that 
independent public accountants will be performing far fewer tests than 
under the current procedure and that some increase in the percentage is 
warranted. For that reason and to limit burden, the percentage has been 
reduced to 25 percent in the final rule.
    The changes and reformatting in the procedures from the current 
rule to the final rule are outlined in the Table A below:

[[Page 6493]]

D. Timing and Effective Date

    Since the majority of covered institutions have fiscal years that 
coincide with the calendar year, many are in the process of preparing 
annual reports and having the agreed-upon procedures performed. In 
order to make this process less burdensome for institutions and their 
accountants, the FDIC will raise no objection if an institution chooses 
to have its independent public accountant perform the agreed-upon 
procedures in Schedule A to Appendix A of the existing rule, the 
February 1995 proposal, or this final amendment to Schedule A to 
Appendix A for fiscal years ending on or before March 31, 1996. 
However, when an institution and its independent public accountant 
choose a version of the agreed-upon procedures for the fiscal year, the 
accountant must use a single version of the procedures for both of the 
Designated Laws. For any institution with a fiscal year that ends after 
March 31, 1996, the accountant should use the procedures of this 
amendment.

List of Subjects in 12 CFR Part 363

    Accounting, Attestation, Audit committee, Banks, banking, Internal 
controls, Management letter, Peer review, Reporting and recordkeeping 
requirements.

    For the reasons set forth in the preamble, the Board of Directors 
of the FDIC hereby amends Part 363 of title 12, chapter III, of the 
Code of Federal Regulations as follows:

PART 363--ANNUAL INDEPENDENT AUDITS AND REPORTING REQUIREMENTS

    1. The authority citation for Part 363 continues to read as 
follows:

    Authority: 12 U.S.C. 1831m.

    2. Section 363.1 is amended by revising paragraph (b) to read as 
follows:


Sec. 363.1  Scope.

* * * * *
    (b) Compliance by subsidiaries of holding companies. (1) The 
audited financial statements requirement of Sec. 363.2(a) may be 
satisfied for an insured depository institution that is a subsidiary of 
a holding company by audited financial statements of the consolidated 
holding company.
    (2) The other requirements of this part for an insured depository 
institution that is a subsidiary of a holding company may be satisfied 
by the holding company if:
    (i) The services and functions comparable to those required of the 
insured depository institution by this part are provided at the holding 
company level; and
    (ii) The insured depository institution has as of the beginning of 
its fiscal year:
    (A) Total assets of less than $5 billion; or
    (B) Total assets of $5 billion or more and a composite CAMEL rating 
of 1 or 2.
    (3) The appropriate federal banking agency may revoke the exception 
in paragraph (b)(2) of this section for any institution with total 
assets in excess of $9 billion for any period of time during which the 
appropriate federal banking agency determines that the institution's 
exemption would create a significant risk to the affected deposit 
insurance fund.
    3. Section 363.4 is amended by revising paragraph (b) to read as 
follows:


Sec. 363.4  Filing and notice requirements.

* * * * *
    (b) Public availability. The annual report in paragraph (a)(1) of 
this section shall be available for public inspection.
* * * * *
    4. Section 363.5 is amended by revising paragraph (b) to read as 
follows:


Sec. 363.5  Audit committees.

* * * * *
    (b) Committees of large institutions. The audit committee of any 
insured 

[[Page 6494]]
depository institution that has total assets of more than $3 billion, 
measured as of the beginning of each fiscal year, shall include members 
with banking or related financial management expertise, have access to 
its own outside counsel, and not include any large customers of the 
institution. If a large institution is a subsidiary of a holding 
company and relies on the audit committee of the holding company to 
comply with this rule, the holding company audit committee shall not 
include any members who are large customers of the subsidiary 
institution.
    5. Appendix A to Part 363 is amended by revising paragraphs 4(c), 
9, 24, 31, the introductory text of paragraph 32, footnote 2 in 
paragraph 10, and footnote 3 in paragraph 15(b) to read as follows:

Appendix A to Part 363--Guidelines and Interpretations

* * * * *
    4. Comparable Services and Functions. * * *
* * * * *
    (c) Prepares and submits the management assessments of the 
effectiveness of the internal control structure and procedures for 
financial reporting (internal controls), and compliance with the 
Designated Laws defined in guideline 12 based on information 
concerning the relevant activities and operations of those 
subsidiary institutions within the scope of the rule.
* * * * *
    9. Safeguarding of Assets. ``Safeguarding of assets'', as the 
term relates to internal control policies and procedures regarding 
financial reporting, and which has precedent in accounting 
literature, should be encompassed in the management report and the 
independent public accountant's attestation discussed in guideline 
18. Testing the existence of and compliance with internal controls 
on the management of assets, including loan underwriting and 
documentation, represents a reasonable implementation of section 36. 
The FDIC expects such internal controls to be encompassed by the 
assertion in the management report, but the term ``safeguarding of 
assets'' need not be specifically stated. The FDIC does not require 
the accountant to attest to the adequacy of safeguards, but does 
require the accountant to determine whether safeguarding policies 
exist.\1\

    \1\ It is management's responsibility to establish policies 
concerning underwriting and asset management and to make credit 
decisions. The auditor's role is to test compliance with 
management's policies relating to financial reporting.
---------------------------------------------------------------------------

    10. * * * \2\

    \2\ In considering what information is needed on safeguarding of 
assets and standards for internal controls, management may review 
guidelines provided by its primary federal regulator; the Federal 
Financial Institutions Examination Council's ``Supervisory Policy 
Statement on Securities Activities''; the FDIC's ``Statement of 
Policy Providing Guidance on External Auditing Procedures for State 
Nonmember Banks'' (Jan. 16, 1990), ``Statement of Policy Regarding 
Independent External Auditing Programs of State Nonmember Banks'' 
(Nov. 16, 1988), and Division of Supervision Manual of Examination 
Policies; the Federal Reserve Board's Commercial Bank Examination 
Manual and other relevant regulations; the Office of Thrift 
Supervision's Thrift Activities Handbook; the Comptroller of the 
Currency's Handbook for National Bank Examiners; standards published 
by professional accounting organizations, such as the American 
Institute of Certified Public Accountants' (AICPA) Statement on 
Auditing Standards No. 55, ``Consideration of the Internal Control 
Structure in a Financial Statement Audit''; the Committee of 
Sponsoring Organizations (COSO) of the Treadway Commission's 
Internal Control--Integrated Framework, including its addendum on 
safeguarding of assets; and other internal control standards 
published by the AICPA, other accounting or auditing professional 
associations, and financial institution trade associations.
---------------------------------------------------------------------------

* * * * *
    15. * * *
    (b) * * * \3\

    \3\ These would include Standards for Performing and Reporting 
on Peer Reviews, codified in the SEC Practice Section Reference 
Manual, and Standards for Performing and Reporting on Peer Reviews, 
contained in Volume 2 of the AICPA's Professional Standards.
---------------------------------------------------------------------------

* * * * *
    24. Relief from Filing Deadlines. Although the reasonable deadlines 
for filings and other notices established by this part are specified, 
some institutions may occasionally be confronted with extraordinary 
circumstances beyond their reasonable control that may justify 
extensions of a deadline. In that event, upon written application from 
an insured depository institution, setting forth the reasons for a 
requested extension, the FDIC or appropriate federal banking agency 
may, for good cause, extend a deadline in this part for a period not to 
exceed 30 days.
* * * * *
    31. Holding Company Audit Committees. When an insured depository 
institution subsidiary fails to meet the requirements for the holding 
company exception in Sec. 363.1(b)(2) or maintains its own separate 
audit committee to satisfy the requirements of this part, members of 
the independent audit committee of the holding company may serve as the 
audit committee of the subsidiary institution if they are otherwise 
independent of management of the subsidiary, and, if applicable, meet 
any other requirements for a large subsidiary institution covered by 
this part. However, this does not permit officers or employees of a 
holding company to serve on the audit committee of its subsidiary 
institutions. When the subsidiary institution satisfies the 
requirements for the holding company exception in Sec. 363.1(b)(2), 
members of the audit committee of the holding company should meet all 
the membership requirements applicable to the largest subsidiary 
depository institution and may perform all the duties of the audit 
committee of a subsidiary institution, even though such holding company 
directors are not directors of the institution.
    32. Duties. The audit committee should perform all duties 
determined by the institution's board of directors. The duties should 
be appropriate to the size of the institution and the complexity of its 
operations, and include reviewing with management and the independent 
public accountant the basis for their respective reports issued under 
Secs. 363.2(a) and (b) and 363.3(a) and (b). Appropriate additional 
duties could include:
* * * * *
    6. Schedule A to Appendix A to Part 363 is revised to read as 
follows:

Schedule A to Appendix A--Agreed Upon Procedures for Determining 
Compliance With Designated Laws

    1. The Agreed Upon Procedures set forth in this schedule are 
referred to in guideline 19. They should be followed by the 
institution's independent public accountant (or, with respect to the 
procedures set forth in section I of this schedule, by the 
institution's internal auditor if the accountant is to perform the 
procedures set forth in section II) in order to permit the accountant 
to report on the extent of compliance with the Designated Laws (defined 
in guideline 12) as required by sections 36(e)(1) and (2). Unless 
otherwise stated, the date of any required representation should be the 
same as the date of the attestation report and the representation 
should provide information to the extent available as of that date.
    2. For purposes of this Schedule A, ``insiders'' means directors, 
executive officers, and principal shareholders, and includes their 
related interests. All terms not defined in this schedule have the 
meanings given them in this part, the Guidelines, and professional 
accounting and auditing literature.
    3. Additional guidance concerning the role of the institution, its 
internal auditor, and its independent public accountant in assessing 
the institution's compliance with the Designated Laws is set forth in 
the Guidelines.

Section I--Procedures for Individual Institutions

    The following procedures should be performed by the institution's 
independent public accountant in accordance with generally accepted 
standards for attestation engagements, or by the institution's internal 
auditor if the procedures set forth in section II of 

[[Page 6495]]
this schedule are to be performed by the independent public accountant. 
(See section II.B.3. for information concerning testing by the 
independent public accountant when the institution's internal auditor 
is performing the procedures in Section I.)
    A. Loans to Insiders. To the extent permitted by Sec. 363.1(b)(2), 
these procedures may be performed on a holding company basis rather 
than at each covered subsidiary insured depository institution.
    1. Designated Laws. The following federal laws and regulations 
(Designated Insider Laws), to the extent that they are applicable to 
the institution,1 should be read:

    \1\ The laws and regulations applicable to each type of 
institution are listed in Table 1 of this Schedule A to Appendix A.
---------------------------------------------------------------------------

    a. Laws: 12 U.S.C. 375a, 375b, 1468(b), 1828(j)(2), and 
1828(j)(3)(B); and
    b. Regulations: 12 CFR 23.5, 31, 215, 337.3, 349.3, and 563.43.
    2. General. 
    a. Information. Obtain from management of the institution the 
following information for the institution's fiscal year: 2

    \2\ If the institution chooses to have these procedures 
performed using its most recently filed Call Report rather than its 
year end Call Report, all references to ``fiscal year'' in these 
procedures shall mean the period beginning with the latest Call 
Report date for which these procedures were performed in the prior 
year and ending with the date of the most recently filed Call 
Report. If these procedures were not previously performed, the 12 
month period immediately preceding the date of the most recently 
filed Call Report (or such shorter period during which the 
institution was covered by this Part 363) should be used.
---------------------------------------------------------------------------

    (1) Management's assessment of compliance with the Designated 
Insider Laws;
    (2) All minutes (including minutes drafted, but not approved) of 
the meetings of the board and of those committees of the board which 
management represents have been delegated authority pertaining to 
insider lending;
    (3) The relevant portions of reports of examination, supervisory 
agreements, and enforcement actions issued by the institution's primary 
federal and state regulators, if applicable, which management 
represents contain information pertaining to insider lending;
    (4) The annual survey which identifies all insiders of the 
institution (pursuant to 12 CFR 215.8(b)) or other records maintained 
on insiders of the institution's affiliates (pursuant to 12 CFR 
215.8(c));
    (5) The relevant portions of the following Securities Exchange Act 
of 1934 filings, which management represents contain information 
pertaining to insider lending:
    (a) Forms 10-K, 10-Q, and 8-K and proxy statements (or information 
statements) filed with the SEC, Federal Reserve Board, OCC, or OTS, or
    (b) Forms F-2, F-3, and F-4 and proxy statements (or information 
statements), filed with the FDIC;
    (6) A list of loans, including overdrafts of executive officers and 
directors,3 and other extensions of credit to insiders (including 
their related interests) outstanding at any time during the fiscal year 
(and which identifies those extensions granted during the year). This 
list should also include the amount outstanding of each extension of 
credit as of the date of the most recently filed Call Report or TFR 
(Insider Extensions List); and

    \3\ Management may exclude from this list overdrafts of an 
executive officer or director in an aggregate amount of $1,000 or 
less without overdraft protection and those of $5,000 or less with 
overdraft protection as specified in 12 CFR 215.3(b)(6) if 
management provides the independent accountant with a representation 
that policies and procedures are in effect to report as extensions 
of credit all overdrafts that do not meet the criteria listed in 
paragraphs A.8.a.(2)(a) through (c) of this section.
---------------------------------------------------------------------------

    (7) Management's representation concerning:
    (a) The completeness of the Insider Extensions List; 4 and

    \4\ See footnote 3 of this schedule.
---------------------------------------------------------------------------

    (b) The inclusion of all required insiders on the annual survey 
obtained in paragraph A.2.a.(4) of this section including persons who 
have been designated as executive officers by resolution of the board 
or a committee of the board or in the by-laws of the institution.
    b. Procedures:
    (1) Read the foregoing information.
    (2) Trace and agree a sample of insider loans and other extensions 
of credit disclosed in the documents listed in paragraphs A.2.a.(2) 
through (5) of this section to see that they are included on the 
Insider Extensions List.
    3. Policies and Procedures.
    a. Information. Obtain the institution's written policies and 
procedures concerning its compliance with the Designated Insider Laws, 
including any written ``Code of Ethics'' or ``Conflict of Interest'' 
policy statements. If the institution has no written policies and 
procedures, obtain a narrative from management that describes the 
methods for complying with such laws and regulations, and includes 
provisions similar to those listed in paragraph A.3.b. of this section.
    b. Procedures. Ascertain that the policies and procedures include, 
or incorporate by reference, provisions consistent with the Designated 
Insider Laws for:
    (1) Defining terms;
    (2) Restricting loans to insiders;
    (3) Maintaining records of insider loans;
    (4) Requiring reports and/or disclosures by the institution and by 
executive officers, directors, and principal shareholders (and their 
related interests);
    (5) Disseminating policy information to employees and insiders; and
    (6) Prior approval of the board of directors.
    4. Calculations of Lending Limits.
    a. Information. Obtain management's calculation of the following 
items as of the date of the institution's most recently filed Call 
Report or TFR and as of a Call Report or TFR date six or nine months 
earlier:
    (1) The institution's unimpaired capital and surplus (the aggregate 
lending limit for all insiders); and
    (2) The institution's individual lending limit (12 CFR 215.2(i)).
    b. Procedures. Recalculate the amounts in paragraph A.4.a. of this 
section for mathematical accuracy, and trace the amounts used in 
management's calculations to the Call Reports or TFRs for the two dates 
used in paragraph A.4.a. of this section.
    5. Insider Extensions of Credit Granted.
    a. Information. Obtain management's representation regarding 
whether the terms and creditworthiness of insider extensions of credit 
granted during the fiscal year are comparable to those that would have 
been available to unaffiliated third parties.
    b. Procedures. Select a sample of insiders who were granted or had 
outstanding extensions of credit during the fiscal year from the 
Insider Extensions List. For each extension of credit granted during 
the fiscal year to each insider in the sample selected:
    (1) If the amount of a credit granted during the year (when 
aggregated with all other extensions of credit to that person and to 
all related interests of that person) exceeds $500,000, determine 
whether the minutes of the meetings of the board of directors indicate 
that:
    (a) The credit was approved in advance by the board, and
    (b) The insider, if a director, abstained from participating 
directly or indirectly in voting on the transaction;
    (2) Obtain management's calculation of the institution's individual 
lending limit for insiders pursuant to 12 CFR 215.2(i) as of the date 
of the Call Report or TFR filed immediately prior to the date when the 
extension of credit was granted, and if not already done under 

[[Page 6496]]
paragraph A.4.b. of this section, recalculate the lending limits for 
mathematical accuracy, and trace the amounts used in management's 
calculations to the Call Report or TFR for that date. Ascertain whether 
the amount of the extension of credit being granted to the insider, 
when combined with all other extensions of credit to that insider, 
exceeds such limit; and
    (3) For one transaction involving each insider in the sample 
selected in paragraph A.5.b. of this section, perform the procedures in 
either paragraph (a) or (b) as follows:
    (a) Select three (or such smaller number that exists) similar 
extensions of credit (e.g., commercial real estate loans, floor plan 
loans, residential mortgage loans, consumer loans) granted to 
unaffiliated borrowers (i.e., persons who are not insiders or employees 
of the institution or its affiliates) within 90 days before or after 
the granting of the insider extension of credit. Compare the terms of 
the transactions with unaffiliated borrowers (i.e., rate or range of 
interest rates, maturity, payment terms, collateral, and any unusual 
provisions or conditions) to those with the insiders, and note in the 
findings any differences in the terms favorable to the insiders 
compared to the terms of the transactions with unaffiliated borrowers.
    (b) Alternatively, compare the terms of each insider transaction in 
the sample to approved policies delineating the interest rate and other 
terms and conditions then in effect for similar extensions of credit to 
unaffiliated borrowers. Note in the findings any differences in the 
terms favorable to the insiders compared to the terms of the approved 
policies for an extension of credit to persons not affiliated with the 
institution or its affiliates.
    6. Limitation on Extensions of Credit to Executive Officers.
    a. Information. From the sample selected in paragraph A.5.b. of 
this section, select the executive officers who were granted extensions 
of credit during the fiscal year.
    b. Procedures.
    (1) For each executive officer selected, obtain management's 
calculation as of the two dates used in paragraph A.4.a. of this 
section of:
    (a) The aggregate amount of extensions of credit to the executive 
officer, and
    (b) 2.5 percent of the institution's unimpaired capital and 
surplus.
    (2) Recalculate management's computations from paragraph A.6.b.(1) 
of this section for mathematical accuracy. Trace amounts used in 
management's computations from paragraph A.6.b.(1) to the Call Reports 
or TFRs for the two dates used in paragraph A.4.a. of this section.
    (3) Ascertain whether the aggregate amount of the extensions of 
credit to the executive officer does not exceed the greater of $25,000 
or 2.5 percent of the institution's unimpaired capital and surplus, but 
in no event more than $100,000. The aggregate amount should exclude the 
types of extensions of credit set forth in 12 CFR 215.5(c)(1) through 
(3).
    (4)(a) Obtain documentation for any credits for which management 
represents that:
    (i) The purpose is for the purchase, construction, maintenance, or 
improvement of the executive officer's residence;
    (ii) The credit is secured by a first lien on the residence; and
    (iii) The executive officer owns or expects to own the residence 
after the extension of credit.
    (b) Note whether the documentation contains similar 
representations.
    (5) For each executive officer selected, ascertain that each 
extension of credit granted during the fiscal year was:
    (a) Preceded by submission of financial statements;
    (b) Approved by, or, when appropriate, promptly reported to, the 
board of directors no later than the next board meeting; and
    (c) Made subject to the written condition that the extension of 
credit will become, at the option of the institution, due and payable 
at any time that the executive officer is indebted to other insured 
institutions in an aggregate amount greater than the executive officer 
would be able to borrow from the institution.
    7. Aggregate Insider Extensions of Credit Outstanding.
    a. Information. Obtain management's calculation of the aggregate 
extensions of credit to executive officers, directors, and principal 
shareholders of the institution and to their related interests, 
excluding the types of extensions of credit set forth in 12 CFR 
215.4(d)(3), as of the two dates selected in paragraph A.4.a. of this 
section.
    b. Procedures.
    (1) Recalculate the amounts obtained in paragraph A.7.a. of this 
section for mathematical accuracy and ascertain that this total, 
excluding the types of extensions of credit set forth in 12 CFR 
215.4(d)(3), is less than or equal to 100 percent of the institution's 
unimpaired capital and surplus calculated in paragraph A.4.a.(1) of 
this section.
    (2) Using the sample of insiders selected in paragraph A.5.b. of 
this section, trace and agree amounts outstanding from insiders in the 
sample to the supporting documents, as applicable, for the line item 
aggregating indebtedness of all insiders on the institution's most 
recently filed Call Report or TFR.
    8. Overdrafts.
    a. Information. Select a sample of executive officers and directors 
who had overdrafts outstanding during the fiscal year as shown on the 
Insider Extensions List.
    (1) For all overdrafts in the sample except those which are covered 
by an overdraft protection line of credit with the same terms as 
available to unaffiliated borrowers and meet the terms of that 
overdraft protection line, obtain management's representation of the 
history of the insider's overdrafts for the year and the completeness 
of that history.
    (2) If the institution's management has not provided a 
representation as specified by footnote 3 to paragraph A.2.a.(6) of 
this section, for each overdraft in the sample in an aggregate amount 
of $1,000 or less for an executive officer or director who did not have 
the overdraft covered by an overdraft protection line of credit, obtain 
management's representation that:
    (a) It believes the overdraft was inadvertent;
    (b) The account was overdrawn in each case for no more than 5 
business days; and
    (c) The institution charged the executive officer or director the 
same fee that it would charge any other customer in similar 
circumstances.
    b. Procedures. For each overdraft in the sample selected and used 
in paragraph A.8.a.(1) of this section for which management did not 
provide the representation in paragraph A.8.a.(2) of this section:
    (1) Inquire whether cash items for the insider were being held by 
the institution during the time that the overdraft was outstanding to 
prevent additional overdrafts;
    (2) Trace and agree subsequent payment by the insider of the 
insider's overdrafts to records of the account at the institution; and
    (3) For overdrafts of executive officers and directors that were 
paid by the institution for the executive officer or director from an 
account at the institution:
    (a) Trace and agree to a written, pre-authorized, interest-bearing 
extension of credit plan that specifies a method of repayment; or
    (b) Trace and agree to a written, pre-authorized transfer of funds 
from 

[[Page 6497]]
another account of the insider at the institution.
    9. Reports on Indebtedness to Correspondent Banks.
    a. Information. Obtain from management:
    (1) A list of executive officers and principal shareholders and 
related interests thereof that filed reports of indebtedness to a 
correspondent bank. This list should be prepared by management from 
reports of indebtedness submitted for the calendar year for which the 
management assessment and independent public accountant's attestation 
are being filed or, if the institution is on a calendar year fiscal 
year, at management's option, for the immediately preceding year. If 
the institution is not on a calendar year fiscal year, the list should 
be prepared for the calendar year that ended during its fiscal year; 
and
    (2) Its representation concerning the completeness of the list 
prepared for paragraph A.9.a.(1) of this section.
    b. Procedures. Select a sample of executive officers, principal 
shareholders, and related interests thereof from the list obtained in 
paragraph A.9.a.(1) of this section. For each executive officer and 
principal shareholder (or related interest thereof) included in the 
sample, ascertain that the report(s) of indebtedness was (were) filed 
with the board of directors (on or before the January 31 following the 
calendar year in paragraph A.9.a.(1) of this section) and that such 
report(s) state(s):
    (1) The maximum amount of indebtedness during that calendar year;
    (2) The amount of indebtedness outstanding 10 days prior to report 
filing; and
    (3) A description of the loan terms and conditions, including the 
rate or range of interest rates, original amount and date, maturity 
date, payment terms, collateral, and any unusual terms or conditions.
    B. Dividend Restrictions. If the institution has declared any 
dividends during the fiscal year, the following procedures should be 
performed for each dividend declared. (These procedures are not 
applicable to mutual institutions and insured branches of foreign 
banks.) For an institution that is a subsidiary of a holding company, 
the procedures that follow should be applied to each subsidiary 
institution subject to this part (covered subsidiary) because the laws 
and regulations restricting dividends apply to individual institutions 
and not holding companies. However, if the annual report under Part 363 
is being prepared on a holding company basis and the holding company 
has more than five covered subsidiaries, the following procedures may 
be applied to a sample of dividend declarations to the extent permitted 
by Sec. 363.1(b) and Section II.B.3. of this schedule.
    1. Designated Laws. The following federal laws and regulations 
(Designated Dividend Laws), to the extent that they are applicable to 
the institution (see paragraph B.2 of this section),\5\ should be read:

    \5\ The laws and regulations applicable to each type of 
institution are listed in Table 2 of this Schedule A to Appendix A.
---------------------------------------------------------------------------

    a. Laws: 12 U.S.C. 56, 60, 1467a(f), 1831o; and
    b. Regulations: 12 CFR 5.61, 5.62, 6.6, 7.6120, 208.19, 208.35, 
325.105, 563.134, and 565.
    2. General. The information requirements and procedures in 
paragraphs B.2. through B.5. of this section are applicable to all 
institutions. Paragraphs B.6. and B.7. of this section were designed to 
be applicable to member banks (i.e., national banks and state member 
banks) and federally-chartered savings associations, respectively. 
However, the requirements in paragraphs B.6. and B.7. of this section 
should be applied to a state nonmember bank or state savings 
association if management represents that the state has dividend 
restrictions substantially identical to those for a national bank or a 
federally-chartered savings association.
    a. Information. Obtain from management of the institution the 
following information for the institution's most recent fiscal year:
    (1) Its assessment of the institution's compliance with the 
Designated Dividend Laws and any applicable state laws and regulations 
cited in its assessment;
    (2) A copy of any supervisory agreements with, orders by, or 
resolutions of any regulatory agency (including a description of the 
nature of any such agreements, orders, or resolutions) containing 
restrictions on dividend payments by the institution; and
    (3) Its representation whether dividends declared comply with any 
restrictions on dividend payments under any supervisory agreements 
with, orders by, or resolutions of any regulatory agency (including a 
description of the nature of any such agreements, orders, or 
resolutions).
    b. Procedures.
    (1) Read the foregoing information.
    (2) If any restrictions on dividend payments exist in any documents 
obtained in paragraph B.2.a.(2) of this section, test and agree 
dividends declared with any such quantitative restrictions.
    3. Policies and Procedures.
    a. Information. Obtain the institution's written policies and 
procedures concerning its compliance with the Designated Dividend Laws. 
If the institution has no written policies and procedures, obtain from 
the institution a narrative that describes the institution's methods 
for complying with the Designated Dividend Laws, and includes 
provisions similar to those in paragraph B.3.b of this section.
    b. Procedures. Ascertain whether the policies and procedures 
include, or incorporate by reference, provisions which are consistent 
with the Designated Dividend Laws. These would include capital 
limitation tests, including section 38 of the Federal Deposit Insurance 
Act (12 U.S.C. 1831o), earnings limitation tests, transfers from 
surplus to undivided profits, and restrictions imposed under any 
supervisory agreements, resolutions, or orders of any federal or state 
depository institution regulatory agency. In addition, for savings 
associations, this would include prior notification to the OTS.
    4. Board Minutes.
    a. Information. Obtain the minutes of the meetings of the board of 
directors for the most recent fiscal year to ascertain whether 
dividends (either paid or unpaid) have been declared.
    b. Procedures. Trace and agree total dividend amounts to the 
general ledger records and the institution's most recently filed Call 
Report or TFR.
    5. Calculation of Undercapitalization.
    a. Information. Obtain management's computation of the amount at 
which declaration of a dividend would cause the institution to be 
undercapitalized as of the quarter end (or more recent month end, if 
available from management) immediately prior to the date on which each 
dividend was declared during the fiscal year.
    b. Procedures. Recalculate management's computation (for 
mathematical accuracy) and compare management's calculations to the 
amount of any dividend declared to determine whether it exceeded the 
amount.
    6. Dividends Declared by Banks.
    a. Information. If the institution is a national bank or state 
member bank, obtain management's computations concerning the bank's 
compliance with 12 U.S.C. 56, ``Capital Limitation Test'', 12 U.S.C. 
60, ``The Earnings Limitation Test'', and transfers from surplus to 
undivided profits after declaration of the dividends referenced in 
paragraph 

[[Page 6498]]
B.4.a. of this section. If the institution is a state nonmember bank 
and management represents that the bank is subject to state laws that 
are similar to 12 U.S.C. 56 and 12 U.S.C. 60, obtain management's 
corresponding computations.
    b. Procedures. Recalculate management's computations (for 
mathematical accuracy) and compare management's calculations to the 
standards defined in the tests set forth in paragraph B.6.a. of this 
section to ascertain whether the dividends declared fall within the 
permissible levels under these standards. If dividends are not 
permissible in the amounts declared under such standards, the 
independent public accountant should ascertain that the dividends were 
declared with the approval of the appropriate federal banking agency or 
under any other exception to the standards.
    7. Dividends Declared by Savings Associations.
    a. Information. Obtain management's documentation of the OTS 
determination whether the institution is a Tier 1, Tier 2, or Tier 3 
savings association and management's computations of its capital ratio 
after declarations of dividends under the Tier determined by the OTS. 
For dividends declared, obtain copies of the savings association's 
notifications to the OTS to ascertain whether notifications were made 
at least 30 days before payment of any dividends.
    b. Procedures. Recalculate management's computations (for 
mathematical accuracy) and trace amounts used by management in its 
calculations to the institution's TFRs.

Section II--Procedures for the Independent Public Accountant

    If the internal auditor has performed the procedures set forth in 
section I for either or both Designated Laws, the following procedures 
may be performed by the independent public accountant if neither the 
FDIC nor the appropriate federal banking agency has objected in 
writing. The report of procedures performed and list of exceptions 
found by the internal auditor, identifying the institution with respect 
to which any exception was found, should be submitted to the audit 
committee of the board of directors. Management should file a summary 
of the internal auditor's findings and management's response to those 
findings with the FDIC and the appropriate federal banking agency at 
the same time as the independent public accountant's attestation report 
is filed.6

    \6\ Since this summary provides information similar to that 
provided in the independent public accountant's report, the FDIC has 
determined that the summary is exempt from public disclosure 
consistent with the guidance in Guideline 18 in Appendix A to this 
Part 363.
---------------------------------------------------------------------------

    A. Review of Section I Procedures. Read the portion(s) of Section I 
of this schedule that set forth the procedures performed by the 
internal auditors.
    B. Information and Procedures. Perform the following procedures:
    1. Designated Laws. Read the Designated Laws referred to in Section 
I of this schedule for the agreed-upon procedures performed by the 
internal auditor. Obtain management's assessment contained in its 
management report on the institution's or holding company's compliance 
with the Designated Laws.
    2. Internal Auditor's Workpapers.
    a. Information. If an internal auditor performed the procedures in 
Section I, obtain the internal auditor's workpapers documenting the 
performance of those procedures on the institution and the chief 
internal auditor's representation that:
    (1) The internal auditor or audit staff, if applicable, performed 
the procedures listed in section I on the institution;
    (2) The internal auditor tested a sufficient number of transactions 
governed by the Designated Laws so that the testing was representative 
of the institution's volume of transactions;
    (3) The workpapers accurately reflect the work performed by the 
internal auditor and, if applicable, the internal audit staff;
    (4) The workpapers obtained are complete; and
    (5) The internal auditor's report, which describes the procedures 
performed for the fiscal year as well as the internal auditor's 
findings and exceptions noted, has been presented to the institution's 
audit committee.
    b. Procedures.
    (1) Compare the workpapers to the procedures that are required to 
be performed under section I. Report as an exception any procedures not 
documented and any procedures for which the sample size is not 
sufficient.
    (2) Compare the exceptions and errors listed by the internal 
auditor in its report to the audit committee to those found in the 
workpapers, and report as an exception any exception or error found in 
the internal auditor's workpapers and not listed in the internal 
auditor's list of exceptions.
    3. Testing.
    a. The independent public accountant should perform the procedures 
listed in Section I on representative samples of the insiders and/or 
transactions of the institution to which the Designated Law applies. If 
the institution's internal auditor performs the procedures in Section 
I, the samples tested by the independent public accountant should be at 
least 25 percent of the size of the samples tested by the internal 
auditor although samples selected by the accountant should be from the 
population at large. However, if there are so few transactions in any 
area that the internal auditor cannot use sampling, but must test all 
transactions, the independent public accountant should also test all 
transactions.
    b. If testing under this Schedule A to Appendix A is being 
performed on a holding company with more than one subsidiary 
institution that is subject to this Part 363, the samples tested should 
include a combination of insiders and transactions from each covered 
subsidiary with total assets (after deductions of intercompany amounts 
that would be eliminated in consolidation) in excess of 25 percent of 
the holding company's total assets every fiscal year. Samples should be 
tested for each smaller covered subsidiary at least every other fiscal 
year unless the holding company has more than eight covered 
subsidiaries, in which case the samples to be tested for each 
Designated Law should be drawn from each smaller covered subsidiary at 
least every third fiscal year.
    4. Reports Concerning Holding Companies. Only one report of any 
exceptions noted from application of the procedures in section II 
performed by the independent public accountant should be filed as 
required by guideline 3 in Appendix A to this Part 363, but the report 
should identify, for each exception or error noted, the identity of the 
covered subsidiary to which it relates.

Tables to Schedule A to Appendix A

[[Page 6499]]


Tables to Schedule A to Appendix A

                                                                                                                                                 
--------------------------------------------------------------------------------------------------------------------------------------------------------
For engagements involving management assertions about compliance by:            
                            Loans to insiders     ----------------------------------------------------------------------------------------------
             National banks        State member banks     State nonmember banks   Savings associations
--------------------------------------------------------------------------------------------------------------------------------------------------------
Read the following parts and/or sections of Title 12 of the United States Code:                                                                         
    375a.....................  Loans to Executive          X               X               X--Subsections                       
                                Officers of Banks.                                                          (g) and (h) only                            
    375b.....................  Prohibitions Respecting     X               X                                                            
                                Loans and Extensions of                                                                                                 
                                Credit to Executive                                                                                                     
                                Officers and Directors of                                                                                               
                                Banks, Political                                                                                                        
                                Campaign, Committees, etc.                                                                                              
    1468(b)..................  Extensions of Credit to     ......................  ......................  ......................  X            
                                Executive Officers,                                                                                                     
                                Directors, and Principal                                                                                                
                                Shareholders.                                                                                                           
    1828(j)(2)...............  Provisions Relating to      ......................  ......................  X                                    
                                Loans, Extensions of                                                                                                    
                                Credit, and Other                                                                                                       
                                Dealings Between Member                                                                                                 
                                Banks and Their                                                                                                         
                                Affiliates, Executive                                                                                                   
                                Officers, Directors, etc.                                                                                               
    1828(j)(3)(B)............  Extensions of Credit        X Applies only  ......................  X Applies only                       
                                Applicability of            to insured federal                              to insured state                            
                                Provisions Relating to      branches of foreign                             branches of foreign                         
                                Loans, Extensions of        banks.                                          banks .                                     
                                Credit, and Other                                                                                                       
                                Dealings Between Insured                                                                                                
                                Branches of Foreign Banks                                                                                               
                                and Their Insiders.                                                                                                     
Read the following parts and/or sections of Title 12 of the Code of Federal Regulations:                                                                
    23.5.....................  Application of Legal        X                                                                                    
                                Lending Limits;                                                                                                         
                                Restrictions on                                                                                                         
                                Transactions With                                                                                                       
                                Affiliates.                                                                                                             
    31.......................  Extensions of Credit to     X                                                                                    
                                National Bank Insiders.                                                                                                 
    215......................  Subpart A--Loans by Member  X               X (See 12 CFR Parts  (See 12 CFR Parts    
                                Banks to Their Executive                      337.3 and 349.3).   63.43)             
                                Officers, Directors, and                                                                                                
                                Principal Shareholders.                                                                                                 
                               Subpart B--Reports of       X               X                                                            
                                Indebtedness of Executive                                                                                               
                                Officers and Principal                                                                                                  
                                Shareholders of Insured                                                                                                 
                                Nonmember Banks.                                                                                                        
    337.3....................  Limits on Extensions of     ......................  ......................  X                                    
                                Credit to Executive                                                                                                     
                                Officers, Directors, and                                                                                                
                                Principal Shareholders of                                                                                               
                                Insured Nonmember Banks.                                                                                                
    349.3....................  Reports by Executive        ......................  ......................  X                                    
                                Officers and Principal                                                                                                  
                                Shareholders.                                                                                                           
    563.43...................  Loans by Savings            ......................  ......................  ......................  X            
                                Associations to Their                                                                                                   
                                Executive Officers,                                                                                                     
                                Directors, and Principal                                                                                                
                                Shareholders.                                                                                                           
--------------------------------------------------------------------------------------------------------------------------------------------------------


                                                                         Table 2                                                                        
--------------------------------------------------------------------------------------------------------------------------------------------------------
                                 For engagements involving management assertions about compliance by:             
                                Dividend restrictions    -----------------------------------------------------------------------------------------------
                     National banks        State member banks     State nonmember banks   Savings associations 
--------------------------------------------------------------------------------------------------------------------------------------------------------
Read the following parts and/or sections of Title 12 of the United States Code:                                                                         
    56.....................  Prohibition of Withdrawal    X               X                                                             
                              of Capital and Unearned                                                                                                   
                              Dividends.                                                                                                                
    60.....................  Dividends and Surplus Funds  X               X                                                             
    1467a(f)...............  Declaration of Dividends...  ......................  ......................  ......................  X             
    1831o..................  Prompt Corrective Action--   X               X               X               X             
                              Dividend Restrictions.                                                                                                    
Read the following parts and/or sections of Title 12 of the Code of Federal Regulations:                                                                
    5.61...................  Payment of dividends;        X                                                                                     
                              capital limitation.                                                                                                       
    5.62...................  Payment of dividends;        X                                                                                     
                              earnings limitation.                                                                                                      
    6.6....................  Prompt Corrective Action--   X                                                                                     
                              Dividend Restrictions.                                                                                                    
    7.6120.................  Dividends Payable in         X                                                                                     
                              Property Other Than Cash.                                                                                                 
    208.19.................  Payments of Dividends......  ......................  X                                                             
    208.35.................  Prompt Corrective Action...  ......................  X                                                             
    325.105................  Prompt Corrective Action...  ......................  ......................  X                                     
    563.134................  Capital Distributions......  ......................  ......................  ......................  X             
    565....................  Prompt Corrective Action...  ......................  ......................  ......................  X             
--------------------------------------------------------------------------------------------------------------------------------------------------------


[[Page 6500]]

    By order of the Board of Directors.

    Dated at Washington, DC, this 6th day of February 1996.

Federal Deposit Insurance Corporation.
Jerry L. Langley,
Executive Secretary.
[FR Doc. 96-3569 Filed 2-20-96; 8:45 am]
BILLING CODE 6714-01-P