[Federal Register: February 21, 1996 (Volume 61, Number 35)]
[Rules and Regulations]
[Page 6487-6500]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
========================================================================
Rules and Regulations
Federal Register
________________________________________________________________________
This section of the FEDERAL REGISTER contains regulatory documents
having general applicability and legal effect, most of which are keyed
to and codified in the Code of Federal Regulations, which is published
under 50 titles pursuant to 44 U.S.C. 1510.
The Code of Federal Regulations is sold by the Superintendent of Documents.
Prices of new books are listed in the first FEDERAL REGISTER issue of each
week.
========================================================================
[[Page 6487]]
FEDERAL DEPOSIT INSURANCE CORPORATION
12 CFR Part 363
RIN 3064-AA83
Annual Independent Audits and Reporting Requirements
AGENCY: Federal Deposit Insurance Corporation (FDIC or Corporation).
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The FDIC is amending its regulations concerning annual
independent audits and reporting requirements. Section 314 of the
Riegle Community Development and Regulatory Improvement Act of 1994
(RCDRIA) amended sections 36(i) and 36(g)(2) of the Federal Deposit
Insurance Act (FDI Act). Section 36 of the FDI Act is generally
intended to facilitate early identification of problems in financial
management at larger insured depository institutions through annual
independent audits, assessments of the effectiveness of internal
controls and of compliance with designated laws and regulations, and
more stringent reporting requirements. Section 314(a) provides relief
from certain duplicative reporting under section 36 of the FDI Act for
sound, well managed insured depository institutions with over $9
billion in total assets which are subsidiaries of multibank holding
companies. Section 314(b) requires the Corporation to notify a large
insured depository institution in writing if it decides a review by an
independent public accountant of such an institution's quarterly
financial reports is required. This regulation governs annual
independent audits and implements section 36 of the FDI Act. This
amendment conforms the regulations to the amended statute.
In addition, the FDIC is making several technical amendments to the
Guidelines and Interpretations (Guidelines) that were published as an
appendix to the annual independent audit regulations. The FDIC also is
amending Schedule A to the appendix, ``Agreed Upon Procedures for
Determining Compliance with Designated Laws'', to implement recent
amendments to the federal regulations concerning loans to insiders,
improve the format of the procedures, streamline the specific
procedures, and eliminate ambiguities. These amendments reflect the
experience of the Corporation, financial institutions, and accountants
using the existing procedures during the past two years.
EFFECTIVE DATE: April 1, 1996.
FOR FURTHER INFORMATION CONTACT: Doris L. Marsh, Examination
Specialist, Division of Supervision (202) 898-8905, FDIC, 550 17th
Street NW., Washington, DC 20429, or Sandra Comenetz, Counsel, Legal
Division, (202) 898-3582, FDIC, 550 17th Street NW., Washington, DC
20429.
SUPPLEMENTARY INFORMATION:
I. Paperwork Reduction Act
The collection of information contained in this amendment has been
reviewed and approved by the Office of Management and Budget under
control number 3064-0113, pursuant to section 3504(h) of the Paperwork
Reduction Act (44 U.S.C. 3501 et seq.). This information collection is
mandated by section 36 of the FDI Act (12 U.S.C. 1831m), which was
added by section 112 of FDICIA (Pub. L., 102-242, 105 Stat. 2242).
The total estimated reporting burden for the collection under Part
363 is:
Number of Respondents: 450.
Number of Responses per Respondent: 3.19.
Total Annual Responses: 1,435.5.
Hours per Response: 40.38.
Total Annual Burden Hours: 57,970.
The changes to this collection of information have been reviewed
and approved by OMB pursuant to the Paperwork Reduction Act. Comments
on the accuracy of the burden estimate, and suggestions for reducing
the burden, should be directed to the Office of Management and Budget,
Paperwork Reduction Project 3064-0113, Washington, D.C. 20503, with
copies of such comments to Steven F. Hanft, Office of the Executive
Secretary, Room F-400, 550 17th St. N.W., Washington, D.C. 20429.
II. Regulatory Flexibility Act
The rule expressly exempts insured depository institutions having
assets of less than $500 million, and, for that reason, is inapplicable
to small entities. Therefore, pursuant to section 605(b) of the
Regulatory Flexibility Act (Pub. L. 96-354, 5 U.S.C. 601 et seq.), it
is certified that the rule would not have a significant impact on a
substantial number of small entities.
III. Background
Section 112 of the Federal Deposit Insurance Corporation
Improvement Act of 1991 (FDICIA) added section 36, ``Independent Annual
Audits of Insured Depository Institutions'', to the FDI Act (12 U.S.C.
1831m). Section 36 requires the FDIC, in consultation with the
appropriate federal banking agencies, to promulgate regulations
requiring each insured depository institution over a certain asset size
(covered institution) to have an annual independent audit of its
financial statements performed in accordance with generally accepted
auditing standards and section 37 of the FDI Act (12 U.S.C. 1831n), and
to provide a management report and an independent public accountant's
attestation concerning both the effectiveness of the institution's
internal controls for financial reporting and its compliance with
designated safety and soundness laws. Section 36 also requires each
covered institution to have an independent audit committee. The audit
committee of each large covered institution (total assets exceeding $3
billion) must meet certain additional requirements.
Section 36 also requires the FDIC, in consultation with the other
federal banking agencies, to designate laws and regulations concerning
safety and soundness. This section requires the institution's
independent public accountant to perform procedures agreed upon by the
Corporation to determine an institution's compliance with such
designated laws and regulations. The laws and regulations selected by
the Corporation (Designated Laws) are the federal laws and regulations
concerning loans to insiders and the federal and state laws and
regulations concerning dividend restrictions.
In June 1993, the FDIC published 12 CFR Part 363 (58 FR 31332, June
2, 1993) to implement the provisions of
[[Page 6488]]
section 36 of the FDI Act. Under Part 363, the requirements of section
36 apply to each insured depository institution with $500 million or
more in total assets at the beginning of any fiscal year that begins
after December 31, 1992. Part 363 also includes Guidelines and
Interpretations (Appendix A to Part 363), which are intended to assist
institutions and independent public accountants in understanding and
complying with Section 36 and Part 363. Appendix A to Schedule A
contains the agreed-upon procedures that must be performed by an
institution's independent public accountant in order to permit the
accountant to report on the extent of compliance with the Designated
Laws as required by Section 36(e)(1) and (2).
Section 314 of RCDRIA amends sections 36(i) and 36(g)(2) of the FDI
Act (12 U.S.C. 1831m(i) and (g)(2)). The purpose of section 314(a) is
to provide relief from certain duplicative reporting under section 36
of the FDI Act for sound, well managed insured depository institutions
with over $9 billion in total assets which are subsidiaries of
multibank holding companies. Section 314(b) requires the FDIC to notify
a large insured depository institution in writing if the FDIC decides
to require a review by an independent public accountant of such
institution's quarterly financial reports.
Section 36(g)(2) of the FDI Act authorizes the FDIC to require
independent public accountants for ``large institutions'' to review
such institutions' quarterly financial reports. When the FDIC adopted
Part 363, it elected not to exercise its authority in this area for
reasons of cost and limited expected benefits, preferring instead to
request such reviews on a case-by-case basis. The FDIC continues to
believe that this is appropriate. Should the FDIC decide to request an
independent public accountant's review of the quarterly financial
statements of a large insured depository institution, it will make the
request in writing. The regulation is being amended to reflect section
314(a); no regulatory action is needed for section 314(b) which speaks
for itself.
In addition, the regulation is being amended to reflect the current
provisions of federal regulations concerning loans to insiders (Federal
Reserve Board Regulation O, 12 CFR Part 215), which are included in one
of the Designated Laws, but were amended themselves during 1994.
Lastly, Section 303 of RCDRIA requires the each federal banking
agency to streamline and modify its regulations and policies in order
to improve efficiency and reduce unnecessary burden. The FDIC believes
that Part 363 and its final amendment are consistent with the
requirements of section 303.
IV. Proposed Rule
The FDIC sought public comment on proposed amendments to Part 363
and the Guidelines in February 1995 (60 FR 8583, February 15, 1995).
The FDIC proposed to amend certain paragraphs of 12 CFR Part 363 to
conform to the amended statute. The FDIC also proposed to make
technical and clarifying changes to the Guidelines in Appendix A.
In addition, initial experience with Part 363 indicated that
certain clarifications of the specific procedures in Schedule A to
Appendix A of the Guidelines would make them more efficient and less
burdensome. The FDIC therefore proposed amending Schedule A to Appendix
A--Agreed Upon Procedures for Determining Compliance with Designated
Laws, to eliminate ambiguities, improve the format of the procedures,
streamline the specific procedures, and reflect the recent amendments
to the federal regulations concerning loans to insiders (12 CFR Part
215). The proposal reflected the experience of the Corporation,
institutions, and accountants with the existing procedures during the
period since their adoption in June 1993.
A. Proposed Amendments to the Rule
Section 363.1--Scope. To make Sec. 363.1(b) consistent with section
314(a)(1) of RCDRIA, the phrase ``but less than $9 billion'' was
proposed to be deleted from the provisions of the regulation describing
the institutions eligible to report using the holding company exception
set forth in section 36(i). Section 36 originally required each
institution with total assets exceeding $9 billion to have its own
audit committee and to file a management report and attestations by the
independent public accountant on internal controls and compliance with
designated laws and regulations. This has been particularly burdensome
for many large institutions which are subsidiaries of multibank holding
companies because they have had to have their own separate audit
committee, whose function was often duplicative of the holding company
audit committee. In addition, the holding company typically has had to
file two sets of management reports and attestations by the independent
public accountant: one on the institution which exceeded $9 billion in
total assets and another on the holding company group in order to cover
the smaller institutions also subject to Part 363. In many cases, these
reports were duplicative since the large institution was the dominant
institution in the holding company group. Section 314(a) eliminates
this duplication by permitting sound, well-managed insured depository
institutions with over $9 billion in total assets which are
subsidiaries of multibank holding companies to use the holding company
audit committee and to submit reports as part of the holding company
group.
The FDIC also proposed to add a paragraph, consistent with section
314(a)(3) of RCDRIA, to explain that the appropriate federal banking
agency may require a large institution subsidiary of a holding company
to have its own audit committee and report separately if it determines
that the institution's use of the holding company exception in section
36(i) would create a significant risk to the affected deposit insurance
fund.
Section 363.4--Filing and notice requirements. It was proposed to
correct Sec. 363.4(b) so that it would be clear that only the annual
report in Sec. 363.4(a)(1) is available for public inspection and that
the attestation by the independent public accountant concerning
compliance with Designated Laws is not a document available to the
public.
Section 363.5--Audit committees. A new sentence was proposed to be
added to make the Rule consistent with section 314(a) of RCDRIA, which
prohibits any large customers of a large insured depository institution
from being members of the audit committee of the institution's holding
company if the institution relies on the audit committee of the holding
company to comply with this rule.
B. Amendments to Appendix A to Part 363--Guidelines and Interpretations
4. Comparable Services and Functions--Guideline 4(c) under ``Scope
of Rule'' was proposed to be amended to replace the phrase ``all
subsidiary institutions'' with the phrase ``those subsidiary
institutions'' to clarify that only information pertaining to covered
institutions, not all subsidiaries of a holding company, must be
included in reports filed under Part 363.
9. Safeguarding of Assets. The last two sentences of Guideline 9
and the footnote to the Guideline, which explained how the independent
public accountant should treat the lack of criteria against which
``safeguarding of assets'' may be judged for financial reporting, were
proposed to be revised. The FDIC's concern over the lack of criteria,
which existed at the time of the adoption of Part 363, was eliminated
in May 1994, as a result of the issuance by
[[Page 6489]]
Committee of Sponsoring Organizations (COSO) of the Treadway Commission
of an Addendum to the ``Reporting to External Parties'' volume of
COSO's September 1992 Internal Control--Integrated Framework (COSO
Report). The Addendum expanded the discussion of the scope of a
management report on internal controls to address additional controls
pertaining to safeguarding of assets. The FDIC proposed to replace the
last two sentences of the Guideline with specific references to types
of safeguarding that should be covered by management and the
independent public accountant in their reports.
10. Standards for Internal Controls. In the footnote to Guideline
10, the Addendum to the COSO Report was proposed to be added to the
list of sources of information on safeguarding of assets and standards
for internal controls for financial reporting that may be considered
for use by institutions. In addition, it was proposed that the American
Institute of Certified Public Accountants' (AICPA) Statement on
Auditing Standards No. 55 (SAS 55), ``Consideration of the Internal
Control Structure in a Financial Statement Audit,'' should replace
AICPA Statement on Auditing Standards No. 30 (SAS 30), ``Reporting on
Internal Accounting Control,'' in the footnote to Guideline 10.
15. Peer Reviews--Guideline 15 requires each independent accountant
to be enrolled in or have received a peer review that meets certain
guidelines. These guidelines state that the peer review must be
consistent with American Institute of Certified Public Accountants
(AICPA) standards. Since the AICPA combined the two of its three
standards for performing and reporting on peer reviews, those for
Private Companies Practice Section and for its Quality Reviews into one
standard on Peer Reviews, the footnote to Guideline 15 was proposed to
be amended to identify the two remaining acceptable AICPA standards:
Standards for Performing and Reporting on Peer Reviews, contained in
Volume 2 of the AICPA's Professional Standards, and Standards for
Performing and Reporting on Peer Reviews, codified in the SEC Practice
Section Reference Manual.
24. Relief from Filing Deadlines--This Guideline explains the
circumstances in which an institution may request an extension of a
filing deadline, but makes reference to section 36 in doing so. The
phrase referring to section 36 of the FDI Act in Guideline 24 was
proposed to be deleted since section 36 does not grant authority to the
FDIC to provide relief to, or exempt institutions from, provisions in
the statute.
31. Holding Company Audit Committees--The proposal sought to revise
Guideline 31 because it had been widely misunderstood. The existing
Guideline provides that members of a holding company's independent
audit committee may serve as the audit committee of any subsidiary
institution if they are otherwise independent of the subsidiary's
management. However, this was not intended to apply where an insured
depository institution subsidiary has $5 billion or more in total
assets, and a 3, 4, or 5 composite CAMEL rating and is not eligible to
use the holding company exception in section 36(i). Such a subsidiary
must have its own audit committee separate from the audit committee of
the holding company. Guideline 31 was proposed to be amended to clarify
this point.
In addition, existing Guideline 31 did not make it clear that when
an institution eligible to use the holding company exception relies on
a holding company audit committee in order to comply with this rule,
the holding company audit committee must meet the requirements for the
audit committee of the largest subsidiary institution. To be eligible
to use the holding company exception, an insured depository institution
subsidiary must have either less than $5 billion in total assets, or $5
billion or more in total assets and a 1 or 2 composite CAMEL rating,
and its holding company must perform services and functions comparable
to those required by the statute. Accordingly, it was proposed to amend
Guideline 31 to clearly indicate that when an eligible institution
chooses to rely on the holding company's audit committee, the members
of the audit committee of the holding company are expected to meet the
membership requirements of the largest subsidiary depository
institution and may perform the duties of the audit committee for a
subsidiary institution without becoming directors of the institution.
32. Duties--The second sentence of Guideline 32 was proposed to be
amended to complete the citation to certain sections of Part 363. As
proposed, the sentence would state that the duties of a covered
institution's audit committee should be appropriate to the size of the
institution and the complexity of its operations, and should include
reviewing with management and the independent public accountant the
basis for the reports issued under Secs. 363.2(a) and (b) and 363.3(a)
and (b) of the Rule. At present, the citation refers only to
Sec. 363.2(b) of the Rule.
C. Amendments to Schedule A to Appendix A--Agreed Upon Procedures for
Determining Compliance With Designated Laws
The agreed upon procedures in Schedule A were proposed to be
amended to clarify the numbering system, make the procedures consistent
with amendments to insider loan regulations, and adopt suggestions of
institutions and accountants to make the performance of the agreed upon
procedures more efficient and less burdensome.
Proposed formatting changes included renumbering the paragraphs and
adding more subject titles. The procedures applicable to insider
extensions of credit granted, insider extensions of credit outstanding,
aggregate insider extensions of credit outstanding, overdrafts,
limitations on extensions of credit to executive officers, and reports
on indebtedness to correspondent banks were proposed to be placed in
separate subsections of the procedures for more efficient performance
of the procedures and ease of reference. The amendments to the Federal
Reserve Board's Regulation O (12 CFR Part 215), the federal rules
governing insider loans, necessitated numerous citation changes.
As proposed, accountants would be permitted to use the most
recently completed Reports of Condition and Income (Call Report) or
Thrift Financial Report (TFR) when the procedures are being performed
rather than requiring the use of only the year-end Call Report or TFR.
The scope of the required reading of board and committee minutes and
reports under the Securities Exchange Act of 1934 was proposed to also
be more clearly defined. Inadvertent overdrafts in an aggregate amount
of $1,000 or less, which are exempt from Regulation O proscriptions
(see 12 CFR 215.4(e)), were proposed to no longer be separately tracked
by institutions, listed when certain representations are made by
management, or tested by the accountant. Where accountants had
previously been expected to compare insider transactions to
transactions with nonaffiliated persons, the comparison period within
which nonaffiliated transactions can take place was proposed to be
expanded from four to eight weeks. In addition, where no maximum number
of transactions (to which comparisons must be made) had previously been
included, comparisons were proposed to be limited to a maximum of
three. An alternative procedure that permitted the terms of the insider
transaction to be compared
[[Page 6490]]
to existing lending policies also was proposed.
To ensure that some tests were performed on each category of
extension of credit, including overdrafts and loans from correspondent
banks, the existing agreed-upon procedures directed accountants to
obtain three separate samples. Based on suggestions received for
improving the procedures covering extensions granted and outstanding
during the year, the proposal had accountants focus the testing on a
sample of insiders rather than a sample of transactions.
Under the present guidelines, an institution may choose to have
some of the required testing in the agreed-upon procedures performed by
its internal auditor with less testing performed by its independent
public accountant. However, in some situations in multibank holding
companies, the internal auditor may be required to perform more testing
than was required of the external auditor. When the holding company
exception set forth in section 36(i) is used at a holding company with
more than one covered subsidiary institution, the FDIC proposed to
extend to internal auditors the same testing requirements that have
been applicable to independent public accountants. Specifically, this
would eliminate the existing requirement that internal auditors perform
the procedures on each covered subsidiary every year. Thus, the testing
of samples from all covered subsidiaries every two or three years that
has been required of independent public accountants was proposed to
also apply to internal auditors. It was further proposed that the lead
institution or a few very large covered subsidiary institutions be
included every year in the testing by both accountants and internal
auditors. However, in response to the proposed reduction in testing
requirements applicable to internal auditors, the FDIC proposed to
increase the size of the samples required to be tested by the
independent public accountant from the present 20 percent to 30 percent
of the size of the samples used by the internal auditor. This change
was not expected to generally result in any increase in the number of
transactions tested by the independent public accountant for reports on
holding companies with two or more covered subsidiary institutions.
V. Discussion of Final Rule and Public Comments
The FDIC received 16 comment letters concerning the proposed
amendments. Ten of the comment letters were from large banks, thrifts,
and holding companies; three from banking trade organizations; two from
accounting and auditing organizations; and one from an accounting firm.
The letters supported the addition to the rule of the changes
mandated by the Riegle Community Development and Regulatory Improvement
Act of 1994. They also were generally supportive of the proposal's goal
to make the agreed-upon procedures in Schedule A to Appendix A less
burdensome. However, many commenters stated their belief that Section
36 and its implementing rule were unnecessary and costly to comply
with. Many commenters urged that the sections of the statute concerning
compliance with safety and soundness laws and regulations, including
both the management report and accountant's attestation, be eliminated.
Nevertheless, barring any Congressional action in this regard, the
commenters supported the Corporation's efforts to revise and reformat
the agreed-upon procedures in Schedule A to Appendix A.
Regarding the specific changes to the procedures, commenters
approved not having to list smaller overdrafts in the insiders'
extensions list. Permitting internal auditors to do the same amount of
testing on holding companies as external auditors was also supported.
Commenters also agreed with the amendment to Sec. 363.4(b) to clarify
that the attestation by the independent public accountant concerning
compliance with Designated Laws is not a document available to the
public.
One respondent recommended that the FDIC limit the time in which it
may require the review of a large institution's quarterly financial
statements to no later than 30 days after the end of each quarter. This
suggestion was not adopted because the FDIC anticipates that any
request would be made prior to that time. Moreover, since this
authority has never been used, the need for a time limit has not been
established.
As discussed in the following paragraphs, the FDIC has considered
respondents' comments concerning the specific aspects of the proposed
amendments to Part 363, Appendix A to Part 363, and Schedule A to
Appendix A.
A. Amendments to Part 363
One commenter suggested that the FDIC define ``large institution''
for purposes of section 363.5, Audit committees, as institutions with
$5 billion or more in total assets. The FDIC previously defined that
term to mean any insured depository institution with total assets
exceeding $3 billion when it adopted Part 363 in 1993 and is not
convinced the definition should be changed. Another commenter
recommended that when dealing with reporting by a holding company, the
term ``large customer'' in section 363.5 should be compared to the
assets of an entire holding company, not any single institution.
However, section 314(a)(2) of the RCDRIA precludes such a change
because it provides that ``the audit committee of the holding company
of [a large] institution shall not include any large customers of the
institution.'' [Emphasis added.]
B. Amendments to Appendix A to Part 363--Guidelines and Interpretations
The amendments to Appendix A that are discussed below are
identified by the number and caption of the revised Guideline.
4. Comparable Services and Functions. Two commenters suggested that
the rule be revised to require that when covering a holding company,
the accountant's attestation on the adequacy of internal controls over
financial reporting cover all subsidiaries of that holding company,
including subsidiaries that are not insured depository institutions.
These commenters stated that professional standards for attestation
engagements (i.e., Statement of Standards for Attestation Engagements
No. 2, ``Reporting on an Entity's Internal Control Structure Over
Financial Reporting'' (AICPA, Professional Standards, vol. 1, AT sec.
400), which superseded Statement of Auditing Standards No. 30,
``Reporting on Internal Accounting Control) require that all entities
covered by the financial report must be included in the attestation on
internal controls for financial reporting. However, the statute applies
only to insured depository institutions. Thus, the FDIC may not have
the authority to enforce the rule against other entities. Nevertheless,
the FDIC would not take exception to the inclusion of all entities
covered by the financial report in the internal control attestation.
9. Safeguarding of Assets. Numerous commenters appeared to
misunderstand the proposed revision of this guideline. It was not
intended to require the use of the phrase ``safeguarding of assets'' in
either the management report or accountant's attestation, and the final
amendment so states. The proposed replacement of the two sentences of
the original Guideline with specific references to types of
safeguarding has been revised. The sentence from the original
Guideline, ``The FDIC does not require the accountant to attest to the
adequacy of safeguards, but does require the accountant to determine
whether
[[Page 6491]]
safeguarding policies exist,'' which had been proposed for elimination,
is being retained.
32. Duties. In this Guideline's discussion of the audit committee's
duty to review the reports prepared by management and the independent
public accountant under this rule, the words ``the reports'' have been
changed to ``their respective reports.'' This clarifies that the audit
committee should review management reports with management, and the
reports of the independent public accountant with the accountant.
C. Amendments to Schedule A to Appendix A
Several commenters expressed concern about the action an accountant
must take when a change occurs in the information that had previously
been provided to the accountant in a written representation. A new
statement has been added to Schedule A to clarify that unless otherwise
stated, the date of any required representation should be the same as
the date of the attestation report, and the representation should
provide information available as of that date.
A new sentence also has been added at the beginning of Schedule A
explaining that where any representation is required, it should be
obtained in writing.
One commenter observed that the agreed-upon procedures required
that calculations be compared to the total risk-based capital reported
on the bank Reports of Condition and Income (Call Report). However,
this amount, which was formerly reported in item 3 of Schedule RC-R,
was deleted from the Call Report as of March 31, 1995, but the Federal
Financial Institutions Examination Council has approved its restoration
to the Call Report in March 1996. Therefore, no change is made to
Schedule A. Nevertheless, for the period this item is not reported in
the bank Call Report, no exception need be reported for the inability
to perform this comparison procedure.
1. Section I. Procedures for Individual Institutions
Many suggestions for clarifying the text were adopted in the final
rule.
a. Loans to Insiders. In response to concern about the burden
associated with the amount of information that the accountant must
read, the procedures in section I.A.1. of Schedule A of Appendix A have
been revised to more specifically identify the sections and paragraphs
of the laws and regulations that must be read. More specifically, the
accountant is required to read only those laws and regulations that
pertain to the institution based on its charter and primary federal
banking agency. To lessen the burden of reading all board of directors
and appropriate committee minutes and all SEC filings, the final
procedures have been revised to require the accountant to read only
those documents which management represents contain pertinent insider
lending information. In addition, Tables 1 and 2, which identify the
designated laws and regulations, have been included at the end of
Schedule A to Appendix A to clarify the applicable reading for each
type of insured institution.
Several respondents expressed concerned about the burden of
obtaining or maintaining all ``other records'' about insider loans in
one location when they had numerous officers and worldwide operations.
This reflected an apparent misunderstanding of the requirement in
paragraph I.A.2.a.(4) of Schedule A to Appendix A. Federal Reserve
Board Regulation O permits institutions to conduct an annual survey of
all insiders or to maintain ``other records'' rather than the survey.
The proposed wording, ``and/or,'' was drafted to try to accommodate
this Regulation O provision. However, for clarity, only the word ``or''
is used in the final amendment so that it is understood that all
insider loan records need not be accumulated in one location in order
for these procedures to be performed.
To make the procedures more consistent with the requirements of
Regulation O and the operations of many institutions, footnote 2 has
been revised to permit overdrafts of $1,000 or less without overdraft
protection, and overdrafts of $5,000 or less with overdraft protection,
to be omitted from the Insiders Extensions List.
Many commenters sought clarification of the phrase ``most recently
completed Call Report.'' They inquired whether the FDIC meant the most
recently completed Call Report whether or not it had been filed, the
most recently filed Call Report whether or not its editing had been
completed by the appropriate federal banking agency for release to the
public, or the most recently filed Call Report that was available for
release to the public. Appendix A has been revised throughout to
indicate that the most recently filed Call Report, whether or not it is
available for release to the public, should be used. In this regard, a
new footnote has been added to describe what should be done when the
procedures call for information during the previous fiscal year and a
Call Report for a date other than a calendar year-end Call Report is
used. The footnote indicates that the accountant should use information
pertaining to the period beginning from the date of the most recently
filed Call Report back to the latest Call Report date for which these
procedures were performed in the prior year.
The proposal required management to represent that any persons
``excluded'' from being executive officers were named as such in a
board resolution or the by-laws. Many commenters stated that boards
typically ``include'' persons as executive officers either specifically
by name or by specific office occupied. Paragraph I.A.2.a.(7)(b) of
Schedule A has been revised to require management to confirm the
``inclusion'' of executive officers by board resolution or in the by-
laws.
Commenters also stated that requiring accountants to trace and
agree every loan and extension of credit on the Insiders Extensions
List in Paragraph I.A.2.b.(2) of Schedule A was burdensome in a large
institution with many officers and directors. To lessen that burden,
the final regulation has been changed so that only a ``sample'' of such
loans needs to be traced and agreed.
The proposal considered the following to be issues for which boards
of directors would have adopted specific policies: revising the
institution's policies to reflect subsequent changes in laws and
regulations; educating employees about legal requirements and
management's related policies and procedures; and reporting insider
loans to regulatory agencies on the institution's Call Report or TFR.
However, these issues are not typically addressed in board policies.
For that reason, although they had been included in the existing
regulation, they have been removed from Paragraph I.A.3.b. of Schedule
A.
Several commenters suggested that the FDIC set size limits for the
samples to be tested under the various agreed-upon procedures in
Schedule A. The FDIC remains opposed to this because it believes that
setting sample sizes for testing should remain the responsibility of
the auditing profession. The American Institute of Certified Public
Accountants has previously suggested the following sample sizes for
purposes of testing under Part 363. The FDIC has raised no objection.
------------------------------------------------------------------------
Population No. (N) Sample size
------------------------------------------------------------------------
100 or greater............................ 60
50 to 100................................. 25
0 to 50................................... N or 20, whichever is
smaller
------------------------------------------------------------------------
[[Page 6492]]
There were many comments on Paragraphs I.A.5.b.(2) and (3) of
Schedule A, which address the calculation of an institution's
individual lending limit and the number of transactions involving each
insider in the sample that must be tested. The Offices of the
Comptroller of the Currency (OCC) and Thrift Supervision (OTS) now
permit institutions to calculate the individual lending limit as of the
Call Report or TFR date immediately preceding the loan origination
date, rather than requiring them to calculate the limit on the exact
date the loan was granted. Commenters urged the FDIC to incorporate
this method in the procedures. They also suggested that the burden of
these procedures could be reduced by testing one transaction per
insider, not all types of transactions, and that eliminating or
substantially lengthening the time frame for comparing the terms of
transactions to see whether they are preferential. Many of these
changes have been made. However, the time frame for the comparison of
loans has not been eliminated. Instead, this time frame was extended
from the existing two weeks and proposed four weeks before or after the
granting of the loan to 90 days prior or subsequent to the grant date.
This provides a window of approximately six months in which to find
similar loans. The FDIC concluded that a longer period would not be
appropriate because significant changes in market interest rates may
occur during such a period. As an alternative, each insider loan in the
sample may be compared with the institution's approved policies
delineating the interest rate and other terms and conditions in effect
for similar extensions of credit to unaffiliated borrowers.
Commenters also requested that, for purposes of paragraph
I.A.5.b.(3), examples of ``similar extensions of credit'' and ``terms
of the transactions'' be included. Paragraph I.A.5.b.(3) has been
revised to include such examples.
The final wording of paragraph I.A.6.b.(4) has been narrowed so
that it applies only if the credit extended is a real estate loan
granted for the purchase, construction, maintenance, or improvement of
the executive officer's residence. The proposed wording would have
included home equity loans for general consumer purchases, but this
type of loan is not covered by the provision of the Designated Laws
being tested under paragraph I.A.6.b.(4).
Several commenters mentioned that performing the procedures based
on their most recently filed Call Report or TFR permitted them to
perform the procedures prior to year end, but requiring the use of the
reports on indebtedness to correspondent banks, which is not due until
January 31 of the following year, kept them from completing the
procedures in a timely manner. To remedy this problem, paragraph
I.A.9.a.(1) of the final rule permits institutions that use a calendar
year fiscal year to use the reports on indebtedness to correspondent
banks prepared for the prior year in order to perform the procedures.
Any duplication during the first year that this procedure may cause
need not be performed, and in future years the institution should
continue to use the preceding year's report. However, should an
institution that has previously made this choice decide to revert to
using the reports of indebtedness to correspondent banks filed in the
following year, it will be expected to perform the procedures for the
two years' reports so that continuity in the coverage of the procedures
is maintained.
b. Dividend Restrictions. A sentence has been added to explain that
since laws and regulations pertaining to dividend restrictions cover
institutions and not holding companies, the procedures in Part B should
be followed for each institution and subsidiary institution of a
holding company covered by this part. However, if the holding company
has more than five subsidiary institutions covered by this part, the
procedures may be performed on a sample of dividend declarations. The
number ``five'' was chosen based on sample sizes suggested by the
American Institute of Certified Public Accountants. The AICPA stated
that when there are fewer than 50 transactions in the population to be
sampled, the smaller of the total number of transactions, or 20 items,
were to be tested. In this regard, if each of five covered institutions
declared dividends quarterly, there would be 20 transactions to test.
Commenters suggested that the FDIC should permit the most recent
quarter end (or month end, if available) to be used for determining
whether the declaration of a dividend would cause the institution to be
undercapitalized rather than requiring the institution to perform this
calculation as of the exact date the dividend is declared. This
suggested method would be consistent with recent rulings by the OCC and
OTS that quarter-end Call Reports may be used for calculating legal
lending limits. The final rule permits use of quarter-end date.
2. Section II. Procedures for the Independent Public Accountant
The proposal would have required that if an internal auditor
performed part of the procedures in Section I, a summary of
``significant'' findings and management's response should be filed with
the FDIC and appropriate federal banking agency as part of the
institution's annual submission. However, it is now noted that if any
findings are ``significant,'' they should be disclosed in management's
report and attestation. For that reason, the word ``significant'' has
been deleted from Section II, but the requirement for a summary is
retained so that the agencies receive information about the internal
auditor's findings.
As proposed, the amount of testing the independent public
accountant would be required to perform under paragraph II.B.3.a. was
raised from 20 to 30 percent of the size of the sample tested by the
internal auditors. This change was suggested because the proposal
reduced the amount of testing that internal auditors would be required
to perform on a holding company. Several commenters stated the increase
was burdensome and unnecessary. The FDIC continues to believe that
independent public accountants will be performing far fewer tests than
under the current procedure and that some increase in the percentage is
warranted. For that reason and to limit burden, the percentage has been
reduced to 25 percent in the final rule.
The changes and reformatting in the procedures from the current
rule to the final rule are outlined in the Table A below:
[[Page 6493]]
Table A.--Reformatting Changes to Schedule A to Appendix A
----------------------------------------------------------------------------------------------------------------
Subject Old section I New section I
----------------------------------------------------------------------------------------------------------------
Insider loans:
Designated Laws and Regulations........... A.1............................ A.1.
General Information....................... A.2.a.......................... A.2.a.
Calculations.............................. A.2.b.......................... A.4.
Policies and Procedures................... A.2.c.......................... A.3.
Insider Transactions...................... A.2.d.......................... A.5.
Loans to Correspondent Banks.............. A.2.d.(1)...................... A.9.
Aggregate Indebtedness.................... A.2.d.(2)(a) A.2.d.(7)......... A.2.b.(2) A.7.
Executive Officers........................ A.2.d.(2)(b) & (c) A.2.e.(ii).. Deleted A.6.
Insider Extensions of Credit.............. A.2.d.(2)(d) & (e) A.2.d.(5) & A.5.
(6).
Overdrafts................................ A.2.d.(3)...................... A.8.
Reports on Indebtedness to Correspondent A.2.e.......................... A.9.
Banks.
Dividend Restrictions:
Designated Laws and Regulations........... B.1............................ B.1.
General Information....................... B.2............................ B.2.
Policies and Procedures................... B.2.b.......................... B.3.
Board Minutes............................. B.2.c.......................... B.4.
Calculation of Undercapitalization........ B.2.d.......................... B.5.
Dividends Declared by Banks............... B.2.e.......................... B.6.
Dividends Declared by Savings Associations B.2.f.......................... B.7
----------------------------------------------------------------------------------------------------------------
Subject Old section II New section II
----------------------------------------------------------------------------------------------------------------
Procedures for the independent public
accountant:
Designated Laws and Regulations........... A. & B.1....................... A. & B.1.
Internal Auditor's Workpapers............. B.2............................ B.2
Testing................................... C.............................. B.3.
Reports Concerning Holding Companies...... D.............................. B.4.
----------------------------------------------------------------------------------------------------------------
D. Timing and Effective Date
Since the majority of covered institutions have fiscal years that
coincide with the calendar year, many are in the process of preparing
annual reports and having the agreed-upon procedures performed. In
order to make this process less burdensome for institutions and their
accountants, the FDIC will raise no objection if an institution chooses
to have its independent public accountant perform the agreed-upon
procedures in Schedule A to Appendix A of the existing rule, the
February 1995 proposal, or this final amendment to Schedule A to
Appendix A for fiscal years ending on or before March 31, 1996.
However, when an institution and its independent public accountant
choose a version of the agreed-upon procedures for the fiscal year, the
accountant must use a single version of the procedures for both of the
Designated Laws. For any institution with a fiscal year that ends after
March 31, 1996, the accountant should use the procedures of this
amendment.
List of Subjects in 12 CFR Part 363
Accounting, Attestation, Audit committee, Banks, banking, Internal
controls, Management letter, Peer review, Reporting and recordkeeping
requirements.
For the reasons set forth in the preamble, the Board of Directors
of the FDIC hereby amends Part 363 of title 12, chapter III, of the
Code of Federal Regulations as follows:
PART 363--ANNUAL INDEPENDENT AUDITS AND REPORTING REQUIREMENTS
1. The authority citation for Part 363 continues to read as
follows:
Authority: 12 U.S.C. 1831m.
2. Section 363.1 is amended by revising paragraph (b) to read as
follows:
Sec. 363.1 Scope.
* * * * *
(b) Compliance by subsidiaries of holding companies. (1) The
audited financial statements requirement of Sec. 363.2(a) may be
satisfied for an insured depository institution that is a subsidiary of
a holding company by audited financial statements of the consolidated
holding company.
(2) The other requirements of this part for an insured depository
institution that is a subsidiary of a holding company may be satisfied
by the holding company if:
(i) The services and functions comparable to those required of the
insured depository institution by this part are provided at the holding
company level; and
(ii) The insured depository institution has as of the beginning of
its fiscal year:
(A) Total assets of less than $5 billion; or
(B) Total assets of $5 billion or more and a composite CAMEL rating
of 1 or 2.
(3) The appropriate federal banking agency may revoke the exception
in paragraph (b)(2) of this section for any institution with total
assets in excess of $9 billion for any period of time during which the
appropriate federal banking agency determines that the institution's
exemption would create a significant risk to the affected deposit
insurance fund.
3. Section 363.4 is amended by revising paragraph (b) to read as
follows:
Sec. 363.4 Filing and notice requirements.
* * * * *
(b) Public availability. The annual report in paragraph (a)(1) of
this section shall be available for public inspection.
* * * * *
4. Section 363.5 is amended by revising paragraph (b) to read as
follows:
Sec. 363.5 Audit committees.
* * * * *
(b) Committees of large institutions. The audit committee of any
insured
[[Page 6494]]
depository institution that has total assets of more than $3 billion,
measured as of the beginning of each fiscal year, shall include members
with banking or related financial management expertise, have access to
its own outside counsel, and not include any large customers of the
institution. If a large institution is a subsidiary of a holding
company and relies on the audit committee of the holding company to
comply with this rule, the holding company audit committee shall not
include any members who are large customers of the subsidiary
institution.
5. Appendix A to Part 363 is amended by revising paragraphs 4(c),
9, 24, 31, the introductory text of paragraph 32, footnote 2 in
paragraph 10, and footnote 3 in paragraph 15(b) to read as follows:
Appendix A to Part 363--Guidelines and Interpretations
* * * * *
4. Comparable Services and Functions. * * *
* * * * *
(c) Prepares and submits the management assessments of the
effectiveness of the internal control structure and procedures for
financial reporting (internal controls), and compliance with the
Designated Laws defined in guideline 12 based on information
concerning the relevant activities and operations of those
subsidiary institutions within the scope of the rule.
* * * * *
9. Safeguarding of Assets. ``Safeguarding of assets'', as the
term relates to internal control policies and procedures regarding
financial reporting, and which has precedent in accounting
literature, should be encompassed in the management report and the
independent public accountant's attestation discussed in guideline
18. Testing the existence of and compliance with internal controls
on the management of assets, including loan underwriting and
documentation, represents a reasonable implementation of section 36.
The FDIC expects such internal controls to be encompassed by the
assertion in the management report, but the term ``safeguarding of
assets'' need not be specifically stated. The FDIC does not require
the accountant to attest to the adequacy of safeguards, but does
require the accountant to determine whether safeguarding policies
exist.\1\
\1\ It is management's responsibility to establish policies
concerning underwriting and asset management and to make credit
decisions. The auditor's role is to test compliance with
management's policies relating to financial reporting.
---------------------------------------------------------------------------
10. * * * \2\
\2\ In considering what information is needed on safeguarding of
assets and standards for internal controls, management may review
guidelines provided by its primary federal regulator; the Federal
Financial Institutions Examination Council's ``Supervisory Policy
Statement on Securities Activities''; the FDIC's ``Statement of
Policy Providing Guidance on External Auditing Procedures for State
Nonmember Banks'' (Jan. 16, 1990), ``Statement of Policy Regarding
Independent External Auditing Programs of State Nonmember Banks''
(Nov. 16, 1988), and Division of Supervision Manual of Examination
Policies; the Federal Reserve Board's Commercial Bank Examination
Manual and other relevant regulations; the Office of Thrift
Supervision's Thrift Activities Handbook; the Comptroller of the
Currency's Handbook for National Bank Examiners; standards published
by professional accounting organizations, such as the American
Institute of Certified Public Accountants' (AICPA) Statement on
Auditing Standards No. 55, ``Consideration of the Internal Control
Structure in a Financial Statement Audit''; the Committee of
Sponsoring Organizations (COSO) of the Treadway Commission's
Internal Control--Integrated Framework, including its addendum on
safeguarding of assets; and other internal control standards
published by the AICPA, other accounting or auditing professional
associations, and financial institution trade associations.
---------------------------------------------------------------------------
* * * * *
15. * * *
(b) * * * \3\
\3\ These would include Standards for Performing and Reporting
on Peer Reviews, codified in the SEC Practice Section Reference
Manual, and Standards for Performing and Reporting on Peer Reviews,
contained in Volume 2 of the AICPA's Professional Standards.
---------------------------------------------------------------------------
* * * * *
24. Relief from Filing Deadlines. Although the reasonable deadlines
for filings and other notices established by this part are specified,
some institutions may occasionally be confronted with extraordinary
circumstances beyond their reasonable control that may justify
extensions of a deadline. In that event, upon written application from
an insured depository institution, setting forth the reasons for a
requested extension, the FDIC or appropriate federal banking agency
may, for good cause, extend a deadline in this part for a period not to
exceed 30 days.
* * * * *
31. Holding Company Audit Committees. When an insured depository
institution subsidiary fails to meet the requirements for the holding
company exception in Sec. 363.1(b)(2) or maintains its own separate
audit committee to satisfy the requirements of this part, members of
the independent audit committee of the holding company may serve as the
audit committee of the subsidiary institution if they are otherwise
independent of management of the subsidiary, and, if applicable, meet
any other requirements for a large subsidiary institution covered by
this part. However, this does not permit officers or employees of a
holding company to serve on the audit committee of its subsidiary
institutions. When the subsidiary institution satisfies the
requirements for the holding company exception in Sec. 363.1(b)(2),
members of the audit committee of the holding company should meet all
the membership requirements applicable to the largest subsidiary
depository institution and may perform all the duties of the audit
committee of a subsidiary institution, even though such holding company
directors are not directors of the institution.
32. Duties. The audit committee should perform all duties
determined by the institution's board of directors. The duties should
be appropriate to the size of the institution and the complexity of its
operations, and include reviewing with management and the independent
public accountant the basis for their respective reports issued under
Secs. 363.2(a) and (b) and 363.3(a) and (b). Appropriate additional
duties could include:
* * * * *
6. Schedule A to Appendix A to Part 363 is revised to read as
follows:
Schedule A to Appendix A--Agreed Upon Procedures for Determining
Compliance With Designated Laws
1. The Agreed Upon Procedures set forth in this schedule are
referred to in guideline 19. They should be followed by the
institution's independent public accountant (or, with respect to the
procedures set forth in section I of this schedule, by the
institution's internal auditor if the accountant is to perform the
procedures set forth in section II) in order to permit the accountant
to report on the extent of compliance with the Designated Laws (defined
in guideline 12) as required by sections 36(e)(1) and (2). Unless
otherwise stated, the date of any required representation should be the
same as the date of the attestation report and the representation
should provide information to the extent available as of that date.
2. For purposes of this Schedule A, ``insiders'' means directors,
executive officers, and principal shareholders, and includes their
related interests. All terms not defined in this schedule have the
meanings given them in this part, the Guidelines, and professional
accounting and auditing literature.
3. Additional guidance concerning the role of the institution, its
internal auditor, and its independent public accountant in assessing
the institution's compliance with the Designated Laws is set forth in
the Guidelines.
Section I--Procedures for Individual Institutions
The following procedures should be performed by the institution's
independent public accountant in accordance with generally accepted
standards for attestation engagements, or by the institution's internal
auditor if the procedures set forth in section II of
[[Page 6495]]
this schedule are to be performed by the independent public accountant.
(See section II.B.3. for information concerning testing by the
independent public accountant when the institution's internal auditor
is performing the procedures in Section I.)
A. Loans to Insiders. To the extent permitted by Sec. 363.1(b)(2),
these procedures may be performed on a holding company basis rather
than at each covered subsidiary insured depository institution.
1. Designated Laws. The following federal laws and regulations
(Designated Insider Laws), to the extent that they are applicable to
the institution,1 should be read:
\1\ The laws and regulations applicable to each type of
institution are listed in Table 1 of this Schedule A to Appendix A.
---------------------------------------------------------------------------
a. Laws: 12 U.S.C. 375a, 375b, 1468(b), 1828(j)(2), and
1828(j)(3)(B); and
b. Regulations: 12 CFR 23.5, 31, 215, 337.3, 349.3, and 563.43.
2. General.
a. Information. Obtain from management of the institution the
following information for the institution's fiscal year: 2
\2\ If the institution chooses to have these procedures
performed using its most recently filed Call Report rather than its
year end Call Report, all references to ``fiscal year'' in these
procedures shall mean the period beginning with the latest Call
Report date for which these procedures were performed in the prior
year and ending with the date of the most recently filed Call
Report. If these procedures were not previously performed, the 12
month period immediately preceding the date of the most recently
filed Call Report (or such shorter period during which the
institution was covered by this Part 363) should be used.
---------------------------------------------------------------------------
(1) Management's assessment of compliance with the Designated
Insider Laws;
(2) All minutes (including minutes drafted, but not approved) of
the meetings of the board and of those committees of the board which
management represents have been delegated authority pertaining to
insider lending;
(3) The relevant portions of reports of examination, supervisory
agreements, and enforcement actions issued by the institution's primary
federal and state regulators, if applicable, which management
represents contain information pertaining to insider lending;
(4) The annual survey which identifies all insiders of the
institution (pursuant to 12 CFR 215.8(b)) or other records maintained
on insiders of the institution's affiliates (pursuant to 12 CFR
215.8(c));
(5) The relevant portions of the following Securities Exchange Act
of 1934 filings, which management represents contain information
pertaining to insider lending:
(a) Forms 10-K, 10-Q, and 8-K and proxy statements (or information
statements) filed with the SEC, Federal Reserve Board, OCC, or OTS, or
(b) Forms F-2, F-3, and F-4 and proxy statements (or information
statements), filed with the FDIC;
(6) A list of loans, including overdrafts of executive officers and
directors,3 and other extensions of credit to insiders (including
their related interests) outstanding at any time during the fiscal year
(and which identifies those extensions granted during the year). This
list should also include the amount outstanding of each extension of
credit as of the date of the most recently filed Call Report or TFR
(Insider Extensions List); and
\3\ Management may exclude from this list overdrafts of an
executive officer or director in an aggregate amount of $1,000 or
less without overdraft protection and those of $5,000 or less with
overdraft protection as specified in 12 CFR 215.3(b)(6) if
management provides the independent accountant with a representation
that policies and procedures are in effect to report as extensions
of credit all overdrafts that do not meet the criteria listed in
paragraphs A.8.a.(2)(a) through (c) of this section.
---------------------------------------------------------------------------
(7) Management's representation concerning:
(a) The completeness of the Insider Extensions List; 4 and
\4\ See footnote 3 of this schedule.
---------------------------------------------------------------------------
(b) The inclusion of all required insiders on the annual survey
obtained in paragraph A.2.a.(4) of this section including persons who
have been designated as executive officers by resolution of the board
or a committee of the board or in the by-laws of the institution.
b. Procedures:
(1) Read the foregoing information.
(2) Trace and agree a sample of insider loans and other extensions
of credit disclosed in the documents listed in paragraphs A.2.a.(2)
through (5) of this section to see that they are included on the
Insider Extensions List.
3. Policies and Procedures.
a. Information. Obtain the institution's written policies and
procedures concerning its compliance with the Designated Insider Laws,
including any written ``Code of Ethics'' or ``Conflict of Interest''
policy statements. If the institution has no written policies and
procedures, obtain a narrative from management that describes the
methods for complying with such laws and regulations, and includes
provisions similar to those listed in paragraph A.3.b. of this section.
b. Procedures. Ascertain that the policies and procedures include,
or incorporate by reference, provisions consistent with the Designated
Insider Laws for:
(1) Defining terms;
(2) Restricting loans to insiders;
(3) Maintaining records of insider loans;
(4) Requiring reports and/or disclosures by the institution and by
executive officers, directors, and principal shareholders (and their
related interests);
(5) Disseminating policy information to employees and insiders; and
(6) Prior approval of the board of directors.
4. Calculations of Lending Limits.
a. Information. Obtain management's calculation of the following
items as of the date of the institution's most recently filed Call
Report or TFR and as of a Call Report or TFR date six or nine months
earlier:
(1) The institution's unimpaired capital and surplus (the aggregate
lending limit for all insiders); and
(2) The institution's individual lending limit (12 CFR 215.2(i)).
b. Procedures. Recalculate the amounts in paragraph A.4.a. of this
section for mathematical accuracy, and trace the amounts used in
management's calculations to the Call Reports or TFRs for the two dates
used in paragraph A.4.a. of this section.
5. Insider Extensions of Credit Granted.
a. Information. Obtain management's representation regarding
whether the terms and creditworthiness of insider extensions of credit
granted during the fiscal year are comparable to those that would have
been available to unaffiliated third parties.
b. Procedures. Select a sample of insiders who were granted or had
outstanding extensions of credit during the fiscal year from the
Insider Extensions List. For each extension of credit granted during
the fiscal year to each insider in the sample selected:
(1) If the amount of a credit granted during the year (when
aggregated with all other extensions of credit to that person and to
all related interests of that person) exceeds $500,000, determine
whether the minutes of the meetings of the board of directors indicate
that:
(a) The credit was approved in advance by the board, and
(b) The insider, if a director, abstained from participating
directly or indirectly in voting on the transaction;
(2) Obtain management's calculation of the institution's individual
lending limit for insiders pursuant to 12 CFR 215.2(i) as of the date
of the Call Report or TFR filed immediately prior to the date when the
extension of credit was granted, and if not already done under
[[Page 6496]]
paragraph A.4.b. of this section, recalculate the lending limits for
mathematical accuracy, and trace the amounts used in management's
calculations to the Call Report or TFR for that date. Ascertain whether
the amount of the extension of credit being granted to the insider,
when combined with all other extensions of credit to that insider,
exceeds such limit; and
(3) For one transaction involving each insider in the sample
selected in paragraph A.5.b. of this section, perform the procedures in
either paragraph (a) or (b) as follows:
(a) Select three (or such smaller number that exists) similar
extensions of credit (e.g., commercial real estate loans, floor plan
loans, residential mortgage loans, consumer loans) granted to
unaffiliated borrowers (i.e., persons who are not insiders or employees
of the institution or its affiliates) within 90 days before or after
the granting of the insider extension of credit. Compare the terms of
the transactions with unaffiliated borrowers (i.e., rate or range of
interest rates, maturity, payment terms, collateral, and any unusual
provisions or conditions) to those with the insiders, and note in the
findings any differences in the terms favorable to the insiders
compared to the terms of the transactions with unaffiliated borrowers.
(b) Alternatively, compare the terms of each insider transaction in
the sample to approved policies delineating the interest rate and other
terms and conditions then in effect for similar extensions of credit to
unaffiliated borrowers. Note in the findings any differences in the
terms favorable to the insiders compared to the terms of the approved
policies for an extension of credit to persons not affiliated with the
institution or its affiliates.
6. Limitation on Extensions of Credit to Executive Officers.
a. Information. From the sample selected in paragraph A.5.b. of
this section, select the executive officers who were granted extensions
of credit during the fiscal year.
b. Procedures.
(1) For each executive officer selected, obtain management's
calculation as of the two dates used in paragraph A.4.a. of this
section of:
(a) The aggregate amount of extensions of credit to the executive
officer, and
(b) 2.5 percent of the institution's unimpaired capital and
surplus.
(2) Recalculate management's computations from paragraph A.6.b.(1)
of this section for mathematical accuracy. Trace amounts used in
management's computations from paragraph A.6.b.(1) to the Call Reports
or TFRs for the two dates used in paragraph A.4.a. of this section.
(3) Ascertain whether the aggregate amount of the extensions of
credit to the executive officer does not exceed the greater of $25,000
or 2.5 percent of the institution's unimpaired capital and surplus, but
in no event more than $100,000. The aggregate amount should exclude the
types of extensions of credit set forth in 12 CFR 215.5(c)(1) through
(3).
(4)(a) Obtain documentation for any credits for which management
represents that:
(i) The purpose is for the purchase, construction, maintenance, or
improvement of the executive officer's residence;
(ii) The credit is secured by a first lien on the residence; and
(iii) The executive officer owns or expects to own the residence
after the extension of credit.
(b) Note whether the documentation contains similar
representations.
(5) For each executive officer selected, ascertain that each
extension of credit granted during the fiscal year was:
(a) Preceded by submission of financial statements;
(b) Approved by, or, when appropriate, promptly reported to, the
board of directors no later than the next board meeting; and
(c) Made subject to the written condition that the extension of
credit will become, at the option of the institution, due and payable
at any time that the executive officer is indebted to other insured
institutions in an aggregate amount greater than the executive officer
would be able to borrow from the institution.
7. Aggregate Insider Extensions of Credit Outstanding.
a. Information. Obtain management's calculation of the aggregate
extensions of credit to executive officers, directors, and principal
shareholders of the institution and to their related interests,
excluding the types of extensions of credit set forth in 12 CFR
215.4(d)(3), as of the two dates selected in paragraph A.4.a. of this
section.
b. Procedures.
(1) Recalculate the amounts obtained in paragraph A.7.a. of this
section for mathematical accuracy and ascertain that this total,
excluding the types of extensions of credit set forth in 12 CFR
215.4(d)(3), is less than or equal to 100 percent of the institution's
unimpaired capital and surplus calculated in paragraph A.4.a.(1) of
this section.
(2) Using the sample of insiders selected in paragraph A.5.b. of
this section, trace and agree amounts outstanding from insiders in the
sample to the supporting documents, as applicable, for the line item
aggregating indebtedness of all insiders on the institution's most
recently filed Call Report or TFR.
8. Overdrafts.
a. Information. Select a sample of executive officers and directors
who had overdrafts outstanding during the fiscal year as shown on the
Insider Extensions List.
(1) For all overdrafts in the sample except those which are covered
by an overdraft protection line of credit with the same terms as
available to unaffiliated borrowers and meet the terms of that
overdraft protection line, obtain management's representation of the
history of the insider's overdrafts for the year and the completeness
of that history.
(2) If the institution's management has not provided a
representation as specified by footnote 3 to paragraph A.2.a.(6) of
this section, for each overdraft in the sample in an aggregate amount
of $1,000 or less for an executive officer or director who did not have
the overdraft covered by an overdraft protection line of credit, obtain
management's representation that:
(a) It believes the overdraft was inadvertent;
(b) The account was overdrawn in each case for no more than 5
business days; and
(c) The institution charged the executive officer or director the
same fee that it would charge any other customer in similar
circumstances.
b. Procedures. For each overdraft in the sample selected and used
in paragraph A.8.a.(1) of this section for which management did not
provide the representation in paragraph A.8.a.(2) of this section:
(1) Inquire whether cash items for the insider were being held by
the institution during the time that the overdraft was outstanding to
prevent additional overdrafts;
(2) Trace and agree subsequent payment by the insider of the
insider's overdrafts to records of the account at the institution; and
(3) For overdrafts of executive officers and directors that were
paid by the institution for the executive officer or director from an
account at the institution:
(a) Trace and agree to a written, pre-authorized, interest-bearing
extension of credit plan that specifies a method of repayment; or
(b) Trace and agree to a written, pre-authorized transfer of funds
from
[[Page 6497]]
another account of the insider at the institution.
9. Reports on Indebtedness to Correspondent Banks.
a. Information. Obtain from management:
(1) A list of executive officers and principal shareholders and
related interests thereof that filed reports of indebtedness to a
correspondent bank. This list should be prepared by management from
reports of indebtedness submitted for the calendar year for which the
management assessment and independent public accountant's attestation
are being filed or, if the institution is on a calendar year fiscal
year, at management's option, for the immediately preceding year. If
the institution is not on a calendar year fiscal year, the list should
be prepared for the calendar year that ended during its fiscal year;
and
(2) Its representation concerning the completeness of the list
prepared for paragraph A.9.a.(1) of this section.
b. Procedures. Select a sample of executive officers, principal
shareholders, and related interests thereof from the list obtained in
paragraph A.9.a.(1) of this section. For each executive officer and
principal shareholder (or related interest thereof) included in the
sample, ascertain that the report(s) of indebtedness was (were) filed
with the board of directors (on or before the January 31 following the
calendar year in paragraph A.9.a.(1) of this section) and that such
report(s) state(s):
(1) The maximum amount of indebtedness during that calendar year;
(2) The amount of indebtedness outstanding 10 days prior to report
filing; and
(3) A description of the loan terms and conditions, including the
rate or range of interest rates, original amount and date, maturity
date, payment terms, collateral, and any unusual terms or conditions.
B. Dividend Restrictions. If the institution has declared any
dividends during the fiscal year, the following procedures should be
performed for each dividend declared. (These procedures are not
applicable to mutual institutions and insured branches of foreign
banks.) For an institution that is a subsidiary of a holding company,
the procedures that follow should be applied to each subsidiary
institution subject to this part (covered subsidiary) because the laws
and regulations restricting dividends apply to individual institutions
and not holding companies. However, if the annual report under Part 363
is being prepared on a holding company basis and the holding company
has more than five covered subsidiaries, the following procedures may
be applied to a sample of dividend declarations to the extent permitted
by Sec. 363.1(b) and Section II.B.3. of this schedule.
1. Designated Laws. The following federal laws and regulations
(Designated Dividend Laws), to the extent that they are applicable to
the institution (see paragraph B.2 of this section),\5\ should be read:
\5\ The laws and regulations applicable to each type of
institution are listed in Table 2 of this Schedule A to Appendix A.
---------------------------------------------------------------------------
a. Laws: 12 U.S.C. 56, 60, 1467a(f), 1831o; and
b. Regulations: 12 CFR 5.61, 5.62, 6.6, 7.6120, 208.19, 208.35,
325.105, 563.134, and 565.
2. General. The information requirements and procedures in
paragraphs B.2. through B.5. of this section are applicable to all
institutions. Paragraphs B.6. and B.7. of this section were designed to
be applicable to member banks (i.e., national banks and state member
banks) and federally-chartered savings associations, respectively.
However, the requirements in paragraphs B.6. and B.7. of this section
should be applied to a state nonmember bank or state savings
association if management represents that the state has dividend
restrictions substantially identical to those for a national bank or a
federally-chartered savings association.
a. Information. Obtain from management of the institution the
following information for the institution's most recent fiscal year:
(1) Its assessment of the institution's compliance with the
Designated Dividend Laws and any applicable state laws and regulations
cited in its assessment;
(2) A copy of any supervisory agreements with, orders by, or
resolutions of any regulatory agency (including a description of the
nature of any such agreements, orders, or resolutions) containing
restrictions on dividend payments by the institution; and
(3) Its representation whether dividends declared comply with any
restrictions on dividend payments under any supervisory agreements
with, orders by, or resolutions of any regulatory agency (including a
description of the nature of any such agreements, orders, or
resolutions).
b. Procedures.
(1) Read the foregoing information.
(2) If any restrictions on dividend payments exist in any documents
obtained in paragraph B.2.a.(2) of this section, test and agree
dividends declared with any such quantitative restrictions.
3. Policies and Procedures.
a. Information. Obtain the institution's written policies and
procedures concerning its compliance with the Designated Dividend Laws.
If the institution has no written policies and procedures, obtain from
the institution a narrative that describes the institution's methods
for complying with the Designated Dividend Laws, and includes
provisions similar to those in paragraph B.3.b of this section.
b. Procedures. Ascertain whether the policies and procedures
include, or incorporate by reference, provisions which are consistent
with the Designated Dividend Laws. These would include capital
limitation tests, including section 38 of the Federal Deposit Insurance
Act (12 U.S.C. 1831o), earnings limitation tests, transfers from
surplus to undivided profits, and restrictions imposed under any
supervisory agreements, resolutions, or orders of any federal or state
depository institution regulatory agency. In addition, for savings
associations, this would include prior notification to the OTS.
4. Board Minutes.
a. Information. Obtain the minutes of the meetings of the board of
directors for the most recent fiscal year to ascertain whether
dividends (either paid or unpaid) have been declared.
b. Procedures. Trace and agree total dividend amounts to the
general ledger records and the institution's most recently filed Call
Report or TFR.
5. Calculation of Undercapitalization.
a. Information. Obtain management's computation of the amount at
which declaration of a dividend would cause the institution to be
undercapitalized as of the quarter end (or more recent month end, if
available from management) immediately prior to the date on which each
dividend was declared during the fiscal year.
b. Procedures. Recalculate management's computation (for
mathematical accuracy) and compare management's calculations to the
amount of any dividend declared to determine whether it exceeded the
amount.
6. Dividends Declared by Banks.
a. Information. If the institution is a national bank or state
member bank, obtain management's computations concerning the bank's
compliance with 12 U.S.C. 56, ``Capital Limitation Test'', 12 U.S.C.
60, ``The Earnings Limitation Test'', and transfers from surplus to
undivided profits after declaration of the dividends referenced in
paragraph
[[Page 6498]]
B.4.a. of this section. If the institution is a state nonmember bank
and management represents that the bank is subject to state laws that
are similar to 12 U.S.C. 56 and 12 U.S.C. 60, obtain management's
corresponding computations.
b. Procedures. Recalculate management's computations (for
mathematical accuracy) and compare management's calculations to the
standards defined in the tests set forth in paragraph B.6.a. of this
section to ascertain whether the dividends declared fall within the
permissible levels under these standards. If dividends are not
permissible in the amounts declared under such standards, the
independent public accountant should ascertain that the dividends were
declared with the approval of the appropriate federal banking agency or
under any other exception to the standards.
7. Dividends Declared by Savings Associations.
a. Information. Obtain management's documentation of the OTS
determination whether the institution is a Tier 1, Tier 2, or Tier 3
savings association and management's computations of its capital ratio
after declarations of dividends under the Tier determined by the OTS.
For dividends declared, obtain copies of the savings association's
notifications to the OTS to ascertain whether notifications were made
at least 30 days before payment of any dividends.
b. Procedures. Recalculate management's computations (for
mathematical accuracy) and trace amounts used by management in its
calculations to the institution's TFRs.
Section II--Procedures for the Independent Public Accountant
If the internal auditor has performed the procedures set forth in
section I for either or both Designated Laws, the following procedures
may be performed by the independent public accountant if neither the
FDIC nor the appropriate federal banking agency has objected in
writing. The report of procedures performed and list of exceptions
found by the internal auditor, identifying the institution with respect
to which any exception was found, should be submitted to the audit
committee of the board of directors. Management should file a summary
of the internal auditor's findings and management's response to those
findings with the FDIC and the appropriate federal banking agency at
the same time as the independent public accountant's attestation report
is filed.6
\6\ Since this summary provides information similar to that
provided in the independent public accountant's report, the FDIC has
determined that the summary is exempt from public disclosure
consistent with the guidance in Guideline 18 in Appendix A to this
Part 363.
---------------------------------------------------------------------------
A. Review of Section I Procedures. Read the portion(s) of Section I
of this schedule that set forth the procedures performed by the
internal auditors.
B. Information and Procedures. Perform the following procedures:
1. Designated Laws. Read the Designated Laws referred to in Section
I of this schedule for the agreed-upon procedures performed by the
internal auditor. Obtain management's assessment contained in its
management report on the institution's or holding company's compliance
with the Designated Laws.
2. Internal Auditor's Workpapers.
a. Information. If an internal auditor performed the procedures in
Section I, obtain the internal auditor's workpapers documenting the
performance of those procedures on the institution and the chief
internal auditor's representation that:
(1) The internal auditor or audit staff, if applicable, performed
the procedures listed in section I on the institution;
(2) The internal auditor tested a sufficient number of transactions
governed by the Designated Laws so that the testing was representative
of the institution's volume of transactions;
(3) The workpapers accurately reflect the work performed by the
internal auditor and, if applicable, the internal audit staff;
(4) The workpapers obtained are complete; and
(5) The internal auditor's report, which describes the procedures
performed for the fiscal year as well as the internal auditor's
findings and exceptions noted, has been presented to the institution's
audit committee.
b. Procedures.
(1) Compare the workpapers to the procedures that are required to
be performed under section I. Report as an exception any procedures not
documented and any procedures for which the sample size is not
sufficient.
(2) Compare the exceptions and errors listed by the internal
auditor in its report to the audit committee to those found in the
workpapers, and report as an exception any exception or error found in
the internal auditor's workpapers and not listed in the internal
auditor's list of exceptions.
3. Testing.
a. The independent public accountant should perform the procedures
listed in Section I on representative samples of the insiders and/or
transactions of the institution to which the Designated Law applies. If
the institution's internal auditor performs the procedures in Section
I, the samples tested by the independent public accountant should be at
least 25 percent of the size of the samples tested by the internal
auditor although samples selected by the accountant should be from the
population at large. However, if there are so few transactions in any
area that the internal auditor cannot use sampling, but must test all
transactions, the independent public accountant should also test all
transactions.
b. If testing under this Schedule A to Appendix A is being
performed on a holding company with more than one subsidiary
institution that is subject to this Part 363, the samples tested should
include a combination of insiders and transactions from each covered
subsidiary with total assets (after deductions of intercompany amounts
that would be eliminated in consolidation) in excess of 25 percent of
the holding company's total assets every fiscal year. Samples should be
tested for each smaller covered subsidiary at least every other fiscal
year unless the holding company has more than eight covered
subsidiaries, in which case the samples to be tested for each
Designated Law should be drawn from each smaller covered subsidiary at
least every third fiscal year.
4. Reports Concerning Holding Companies. Only one report of any
exceptions noted from application of the procedures in section II
performed by the independent public accountant should be filed as
required by guideline 3 in Appendix A to this Part 363, but the report
should identify, for each exception or error noted, the identity of the
covered subsidiary to which it relates.
Tables to Schedule A to Appendix A
[[Page 6499]]
Tables to Schedule A to Appendix A
--------------------------------------------------------------------------------------------------------------------------------------------------------
For engagements involving management assertions about compliance by:
Loans to insiders ----------------------------------------------------------------------------------------------
National banks State member banks State nonmember banks Savings associations
--------------------------------------------------------------------------------------------------------------------------------------------------------
Read the following parts and/or sections of Title 12 of the United States Code:
375a..................... Loans to Executive X X X--Subsections
Officers of Banks. (g) and (h) only
375b..................... Prohibitions Respecting X X
Loans and Extensions of
Credit to Executive
Officers and Directors of
Banks, Political
Campaign, Committees, etc.
1468(b).................. Extensions of Credit to ...................... ...................... ...................... X
Executive Officers,
Directors, and Principal
Shareholders.
1828(j)(2)............... Provisions Relating to ...................... ...................... X
Loans, Extensions of
Credit, and Other
Dealings Between Member
Banks and Their
Affiliates, Executive
Officers, Directors, etc.
1828(j)(3)(B)............ Extensions of Credit X Applies only ...................... X Applies only
Applicability of to insured federal to insured state
Provisions Relating to branches of foreign branches of foreign
Loans, Extensions of banks. banks .
Credit, and Other
Dealings Between Insured
Branches of Foreign Banks
and Their Insiders.
Read the following parts and/or sections of Title 12 of the Code of Federal Regulations:
23.5..................... Application of Legal X
Lending Limits;
Restrictions on
Transactions With
Affiliates.
31....................... Extensions of Credit to X
National Bank Insiders.
215...................... Subpart A--Loans by Member X X (See 12 CFR Parts (See 12 CFR Parts
Banks to Their Executive 337.3 and 349.3). 63.43)
Officers, Directors, and
Principal Shareholders.
Subpart B--Reports of X X
Indebtedness of Executive
Officers and Principal
Shareholders of Insured
Nonmember Banks.
337.3.................... Limits on Extensions of ...................... ...................... X
Credit to Executive
Officers, Directors, and
Principal Shareholders of
Insured Nonmember Banks.
349.3.................... Reports by Executive ...................... ...................... X
Officers and Principal
Shareholders.
563.43................... Loans by Savings ...................... ...................... ...................... X
Associations to Their
Executive Officers,
Directors, and Principal
Shareholders.
--------------------------------------------------------------------------------------------------------------------------------------------------------
Table 2
--------------------------------------------------------------------------------------------------------------------------------------------------------
For engagements involving management assertions about compliance by:
Dividend restrictions -----------------------------------------------------------------------------------------------
National banks State member banks State nonmember banks Savings associations
--------------------------------------------------------------------------------------------------------------------------------------------------------
Read the following parts and/or sections of Title 12 of the United States Code:
56..................... Prohibition of Withdrawal X X
of Capital and Unearned
Dividends.
60..................... Dividends and Surplus Funds X X
1467a(f)............... Declaration of Dividends... ...................... ...................... ...................... X
1831o.................. Prompt Corrective Action-- X X X X
Dividend Restrictions.
Read the following parts and/or sections of Title 12 of the Code of Federal Regulations:
5.61................... Payment of dividends; X
capital limitation.
5.62................... Payment of dividends; X
earnings limitation.
6.6.................... Prompt Corrective Action-- X
Dividend Restrictions.
7.6120................. Dividends Payable in X
Property Other Than Cash.
208.19................. Payments of Dividends...... ...................... X
208.35................. Prompt Corrective Action... ...................... X
325.105................ Prompt Corrective Action... ...................... ...................... X
563.134................ Capital Distributions...... ...................... ...................... ...................... X
565.................... Prompt Corrective Action... ...................... ...................... ...................... X
--------------------------------------------------------------------------------------------------------------------------------------------------------
[[Page 6500]]
By order of the Board of Directors.
Dated at Washington, DC, this 6th day of February 1996.
Federal Deposit Insurance Corporation.
Jerry L. Langley,
Executive Secretary.
[FR Doc. 96-3569 Filed 2-20-96; 8:45 am]
BILLING CODE 6714-01-P