AUDITS, AND REPORTING REQUIREMENTS
March 5, 2003
CHIEF EXECUTIVE OFFICER (also of interest to Chief Financial Officer and
Members of the Board)
Effect of the Sarbanes-Oxley Act of 2002 on Insured Depository Institutions
The FDIC is providing guidance to institutions about selected provisions of the
Sarbanes-Oxley Act, including the actions the FDIC encourages institutions to take
to ensure sound corporate governance. The guidance also discusses the applicability of the auditor independence provisions of the Act and the Securities and Exchange Commission's implementing regulations to institutions with $500 million or more in total assets.
The provisions of the Sarbanes-Oxley Act of 2002 are primarily directed toward those companies, including insured depository institutions, that have a class of securities registered with the Securities and Exchange Commission (SEC) or the appropriate federal banking agency under Section 12 of the Securities Exchange Act of 1934, i.e., public companies. Since enactment of the Act, the Federal Deposit Insurance Corporation (FDIC) has received questions about the applicability of the Sarbanes-Oxley Act to insured depository institutions. The answers to these questions depend, in large part, on an institution's size and whether it is a public company or a subsidiary of a public company.
FDIC-Supervised Banks That Are Public Companies or Subsidiaries of Public Companies
Some FDIC-supervised banks have registered their securities with the FDIC pursuant to Part 335 of the FDIC's regulations and are, therefore, public companies. Other FDIC-supervised banks are subsidiaries of bank holding companies that are public companies. These public companies and their independent public accountants must comply with the Sarbanes-Oxley Act including those provisions governing auditor independence, corporate responsibility and enhanced financial disclosures and the implementing regulations. The SEC is at various stages in the adoption of these regulations. For banks whose securities are registered with the FDIC, Part 335 currently incorporates applicable SEC regulations by reference, but the FDIC expects that certain amendments to Part 335 will be necessary.
Non-public FDIC-Supervised Banks With Less Than $500 Million in Total Assets
FDIC-supervised banks that have less than $500 million in total assets as of the beginning of their fiscal year are not subject to the annual audit and reporting requirements of Section 36 of the Federal Deposit Insurance (FDI) Act. Banks in this size range that are not public companies, or subsidiaries of public companies, generally do not fall within the scope of the Sarbanes-Oxley Act and the SEC's implementing regulations. Nevertheless, certain provisions of the Sarbanes-Oxley Act mirror existing policy guidance related to corporate governance that the FDIC and the other banking agencies have issued. Other provisions of the Sarbanes-Oxley Act represent sound corporate governance practices.
Attachment I presents a summary of selected provisions of the Sarbanes-Oxley Act that the FDIC believes are of relevance to FDIC-supervised banks with less than $500 million in total assets that are not public companies. The sound corporate governance practices detailed in Attachment I are not mandatory for smaller, non-public institutions; however, the FDIC recommends that each institution consider implementing them to the extent feasible given its size, complexity, and risk profile.
Insured Depository Institutions With $500 Million or More in Total Assets
Institutions that have $500 million or more in total assets as of the beginning of their fiscal year are subject to the annual audit and reporting requirements of Section 36 of the FDI Act as implemented by Part 363 of the FDIC's regulations. Some of these large institutions are public companies or subsidiaries of public companies. Some institutions subject to Part 363 currently satisfy the requirements of this regulation on a holding company basis. The applicability of the Sarbanes-Oxley Act to institutions with $500 million or more in total assets is discussed in Attachment II.
Distribution: FDIC-Supervised Banks (Commercial and Savings) and Insured Depository Institutions with $500 Million or More in Total Assets
NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342, option 5, or (703) 562-2200).