Home > Regulation & Examinations >
Laws & Regulations > FDIC
Federal Register Citations |
|||
FDIC Federal Register Citations FDIC Office of Inspector General DATE: September 16, 2005 MEMORANDUM TO: Robert E. Feldman FROM: Russell A. Rau SUBJECT: Comments on Notice of Proposed Rulemaking, 12 C.F.R. Part 363, Annual Independent Audits and Reporting Requirements (FDIC, RIN 3064-AC91) The Office of Inspector General (OIG) provides the following comments for consideration by the Federal Deposit Insurance Corporation (FDIC) on the proposal to amend its regulations concerning annual independent audits and reporting requirements for insured depository institutions with $500 million or more in total assets. Summary of the Proposed Amendment In a Financial Institution Letter (FIL-72-2005) dated August 2, 2005, the FDIC issued a proposal to amend Part 363 of the FDIC Rules and Regulations and requested comments by September 16, 2005. The regulations annual audit and reporting requirements currently apply to insured institutions with $500 million or more in total assets. Among other things, the current regulation requires each covered institution to:
The FDIC is proposing to amend Part 363 for those covered institutions with less than $1 billion in total assets by eliminating the requirements for:
The amended regulation would continue to require all institutions with $500 million or more in total assets to obtain an annual independent financial statement audit, provide managements assessment of the institutions compliance with designated laws and regulations, and have an independent audit committee composed of outside directors. The amendments are proposed to take effect December 31, 2005 for institutions meeting the asset size threshold on January 1, 2005, thereby reducing the reporting requirements for these institutions starting in 2005. FDICs Rationale for the Amendment The FDICs Director, Division of Supervision and Consumer Protection (DSC), stated in a June 23, 2005 memorandum to the FDIC Board of Directors that institutions covered by the existing regulation, particularly smaller nonpublic institutions, are experiencing increasing compliance and cost burdens. These compliance obligations are growing considerably as a result of the Sarbanes-Oxley Act, the Securities and Exchange Commissions (SEC) implementing rules, new auditing standards, and expected revisions in attestation standards. The FDIC staff has observed that compliance with the audit and reporting requirements of Part 363 has and will continue to become more burdensome and costly, particularly for smaller nonpublic, covered institutions. The FDIC staff believes that relieving smaller covered institutions from the burden of internal control assessments while retaining the financial statement audit and other reporting requirements for all institutions with $500 million or more in total assets would strike an appropriate balance in accomplishing the objective of Part 363. Additionally, regulatory examinations would continue to evaluate internal control and consider its adequacy as a factor in rating institution management, and external audits of an institutions financial statements would continue to assess internal control risk and report certain internal control matters to the audit committee. The DSC Director further stated that the FDIC staff has observed that a number of smaller covered institutions have encountered difficulty in satisfying the independent audit committee requirement. To comply with this requirement, these institutions must identify and attract qualified individuals in their communities who would be willing to become a director and audit committee member and who would be independent of management. To relieve this burden, but also recognize that the FDIC has long held that individuals who serve as directors of any insured depository institution should be persons of independent judgment, the FDIC staff is proposing to amend Part 363 to increase the asset size threshold from $500 million to $1 billion. The proposed amendment would continue to require that an audit committee be composed of outside directors for institutions with $500 million to $1 billion in assets. An outside director is defined as an individual who is not, and within the preceding year has not been, an officer or employee of the institution or any affiliate of the institution. This proposed amendment to the audit committee requirement would allow an outside director who is, for example, a consultant or legal counsel to the institution, a relative of an officer or employee of the institution or its affiliates, or the owner of 10 percent or more of the stock of the institution, to serve as an audit committee member. SEC Rule Covers Public Insured Institutions The FDIC points out that the proposed amendment to Part 363 would not relieve insured depository institutions that are public companies or subsidiaries of public companies, regardless of size, of their obligation to comply with the internal control assessment requirements imposed by Section 404 of the Sarbanes-Oxley Act. The SECs Final Rule: Management's Report on Internal Control over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports contains requirements that are similar to the FDICs Part 363 regarding assessing and reporting on the effectiveness of internal control over financial reporting. Therefore many of the institutions that would be provided partial relief from compliance with the internal control assessment requirements of Part 363 must comply with similar requirements in the SECs regulations. OIGs Comments on the Proposed Amendment As of September 12, 2005, 8,888 institutions were insured by the FDIC. The table reflects the change in the number of covered financial institutions as a result of the proposed amendment. Institutions Fully Subject to Part 363 (Current and Proposed Threshold)
Source: FDIC online resources. If the proposed amendment was implemented at this time, the number of institutions covered by Part 363 would be reduced by 581 institutions, or by 49 percent. If the proposed amendment is placed into effect, DSC should notify its examiners that these institutions may pose a higher degree of risk that should be considered in risk-scoping examinations. Performance Ratings of Covered Institutions Of the 581 institutions that would not be fully covered by Part 363, 16 institutions have a less than satisfactory rating. Specifically, 11 of these institutions have a composite safety and soundness rating of 3, and the other 5 institutions have a 4 rating. In addition, over the last several months, as many as 15 other institutions had a component Management rating of 3, with a composite rating of 2. The condition and/or management of these institutions is not fully satisfactory; therefore, it would be prudent for the FDIC to exclude these institutions from the relief offered by the proposed amendment. Also, for those covered institutions that subsequently receive a composite or component Management rating of 3 or worse, the FDIC should require full compliance with Part 363, reinstating the requirements for the internal control assessment and attestation over financial reporting and the requirement that audit committee members be independent of management. Full compliance with the requirements of Part 363 provides further protection to the deposit insurance funds in cases where the safety and soundness of the institution is not fully satisfactory. The adequacy of internal control over financial reporting and the independence of the audit committee is of great importance when an institution is not in satisfactory condition. In reviewing past failures of insured institutions, the OIG has observed that weak corporate governance, including financial reporting problems and the lack of independence of the board from institution management, is often a factor in the failure of these institutions and material losses to the insurance funds.* Specifically, the OIG has reported that, in some cases:
Additionally, the OIG observed that an inattentive or passive board of directors is a precursor to most problems. Maintaining the full requirements of Part 363 for less than satisfactory institutions would help to address these potential concerns and mitigate the possibility of institution failure. Conclusion The FDICs proposed amendment to Part 363 could relieve about 600 insured financial institutions of certain audit and reporting requirements. However, for public institutions with total assets of $500 million or more, the proposed amendment to Part 363 would provide relief only from the requirement that audit committee members be independent of management, because the SECs comparable rule includes assessment and reporting requirements for internal control over financial reporting. Additionally, the requirements for annual financial statement audits and outside director membership in the audit committee would still apply to all institutions with assets of $500 million or more. Nevertheless, if the proposed amendment is placed into effect, DSC should notify its examiners that these institutions may pose a higher degree of risk that should be considered in risk-scoping examinations. Furthermore, some of the institutions otherwise eligible for the reduced requirements may be rated less than satisfactory; therefore, the OIG recommends that the FDIC require these institutions to comply with the full requirements of Part 363.
*
OIG Audit Report Number 04-004, Observations from FDIC OIG Material
Loss Reviews Conducted 1993 through 2003, dated January 22, 2004. |
|||||||||||
Last Updated 09/19/2005 | Regs@fdic.gov |