America's Community Bankers

November 27, 2002

Jonathan G. Katz
Secretary
U.S. Securities and Exchange Commission
450 Fifth Street, N.W.
Washington, DC 20549-0609

Re: Disclosure Required By Sections 404, 406 and 407
of the Sarbanes-Oxley Act of 2002
File No. S7-40-02; 67 FR 66208 (October 30, 2002)

Dear Mr. Katz:

America's Community Bankers (ACB)1 is pleased to comment on the proposed rule to implement sections 404, 406 and 407 of the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley).2 The rule would implement the Sarbanes-Oxley provisions that require an internal control report and assessment, disclosure about the existence of a code of ethics for certain corporate officers, and disclosure about financial experts serving on a public company's audit committee.

ACB Position

Sarbanes-Oxley was passed to strengthen public company corporate governance and financial disclosure in an effort to restore investor confidence in the public markets. Many of the law's provisions are to be implemented through rules issued by the Securities and Exchange Commission (SEC), including the three provisions that are the subject of the SEC's proposed rule discussed in this comment letter. Each of these provisions is discussed separately.

Section 404 - Internal Controls.

ACB believes that the SEC's internal control report, assessment and attestation requirement for public depository institutions and their holding companies should mirror the similar banking law requirements imposed by the Federal Deposit Insurance Corporation Improvement Act (FDICIA)3 which has been in place for 11 years. Accordingly, the SEC should recognize the substantial protections to depositors and investors provided by the laws that govern banking organizations and mirror FDICIA by exempting depository institutions with less than $500 million in assets or their holding companies from the internal control report, assessment and attestation requirements. For larger depository institutions and their holding companies, compliance with the FDICIA requirements should constitute compliance with the SEC rule. Banking institutions should not be required to comply with inconsistent or conflicting requirements.

ACB opposes the requirement that evaluations of internal control structures and procedures for financial reporting be conducted on a quarterly basis. Quarterly evaluations are not mandated by Sarbanes-Oxley and would render certain certifications required by section 302 of the law superfluous.

Section 406 - Code of Ethics.

ACB supports the requirement that public companies disclose whether they have a code of ethics covering certain financial officers, and supports expanding this disclosure requirement to include directors, executive officers and all employees. A disclosure requirement will encourage more companies to adopt and implement such a code.

It is important that the required disclosure of changes to, and waivers from, the code not be overly burdensome or so vague that the requirement is more likely to result in disclosure violations. Therefore, the disclosure requirement should cover only changes of, and waivers from, material terms of the code that affect directors and executive officers to avoid overwhelming investors with insignificant information and to encourage adoption of comprehensive codes. Any requirement to report "implicit" waivers should only cover situations where a violation of the code is specifically brought to the attention of an executive officer and no corrective action is taken.

ACB opposes the requirement to report changes and waivers on a Form 8-K within two-business days. This short deadline is unreasonable in light of the limited staff resources of small public companies. We recommend a 10-calendar day reporting requirement. ACB supports the ability of companies to post changes and waivers on their website, but believes that a five-year retention requirement for this information is not necessary.

Since the SEC is requesting comment both on who and what should be covered by the code, the effective date for disclosure should be delayed so companies can either adopt a new code or make the necessary changes to a code already in place.

Section 407 - Financial Expert.

ACB believes that the definition of financial expert is much too narrow and that community banks, as well as larger companies, will have significant trouble finding qualified candidates willing to serve in this capacity. While the rule does not require that a financial expert serve on the audit committee, the negative implications from a disclosure that there is no financial expert could hurt the market price of a company's securities. When identifying the necessary qualifications for a financial expert, the SEC should keep in mind the proper role of the audit committee. ACB is proposing the adoption of a definition that takes into account the experience and education necessary to understand the business engaged in by the company and to faithfully and competently fulfill the role designated for the audit committee members.

A company should be permitted to make a positive disclosure if the audit committee members collectively meet the qualifications of a financial expert. Although we believe that it would be a best practice for the financial expert to be independent, this should not be a requirement as long as the lack of independence of the financial expert is disclosed to investors.

We believe that individuals will be hesitant to serve in the role of financial expert if such service imposes a higher degree of individual responsibility or obligation than that imposed on other audit committee members, or results in greater potential liability. The SEC needs to further review and analyze the potential liability of an individual who serves as a financial expert and provide more certainty in this regard.

The SEC should allow a transition period before disclosure is required so companies can take any necessary corporate action to appoint a financial expert to the audit committee.

Section 404 of Sarbanes-Oxley

The rule would require each annual report filed with the SEC to include an internal control report (i) stating management's responsibilities for establishing and maintaining adequate internal control structure and procedures for financial reporting; and (ii) containing an assessment, as of the end of the company's most recent fiscal year, of the effectiveness of the company's internal control structure. The company's registered public accounting firm would have to examine, attest to and report separately on management's internal control report. The accounting firm's attestation would have to state the opinion of the accountant as to whether the company's disclosure about the effectiveness of its internal controls and procedures for financial reporting is fairly stated in all material respects, or must include an opinion to the effect that an overall opinion cannot be expressed and the reasons why.

The rule also would revise the officer certifications required under section 302 of Sarbanes-Oxley. The SEC proposes to require a certification about management's evaluation of the company's internal controls and procedures for financial reporting as of the end of the period covered by each quarterly and annual report. Conclusions from the evaluation, as well as a discussion of any significant changes to the internal controls and responsive actions taken to correct significant deficiencies and material weaknesses, would have to appear in each report.

The SEC is proposing to delay the effective date of the section 404 implementing rule to give the Public Company Accounting Oversight Board (PCAOB) time to develop attestation standards and to give public companies time to develop processes and train appropriate personnel to ensure compliance with the rule. The SEC is proposing that the requirements would apply to companies whose fiscal years end on or after September 15, 2003.

Conform Rule to Banking Law Requirements.

The internal control report, management assessment and attestation requirements are substantially similar to what is currently required of insured depository institutions with $500 million or more of assets under section 36 of the Federal Deposit Insurance Act (FDIA)4 and the implementing regulations of the Federal Deposit Insurance Corporation (FDIC).5 The SEC indicates that it is coordinating with the FDIC and other federal banking regulators to eliminate, to the extent possible, any unnecessary duplication between the SEC's proposed rule and the FDIC's requirements.

ACB believes that the FDICIA standards, as codified at section 36 of the FDIA and implemented by Part 363 of the FDIC regulations, should govern the internal control report, assessment and attestation requirements for insured depository institutions and their holding companies. Part 363 provides a comprehensive list of requirements and guidelines that apply to insured depository institutions with at least $500 million of assets. A copy of the regulations is attached to this comment letter. Under Part 363, every insured depository institution subject to the regulation must prepare an annual management report, signed by the chief executive officer and chief accounting or financial officer, containing (i) a statement of management's responsibilities for preparing the institution's annual financial statements, for establishing and maintaining an adequate internal control structure and procedures for financial reporting, and for complying with laws and regulations restricting loans to insiders and dividends; and (ii) an assessment by management of the effectiveness of the internal control structure and procedures and the institution's compliance with the specified laws and regulations. Paragraphs 8 through 12 of the guidelines attached as an appendix to Part 363 further clarify the requirements for this annual report and assessment.

An institution's independent public accountant is required to examine, attest to, and report separately on, the assertions by management concerning the internal control structure and procedures for financial reporting. Management's assertions and the institution's internal controls are subject to review and examination by the institution's primary banking regulator at least every 12 to 18 months.

Along with these requirements that go directly to the internal control structure and procedures for financial reporting, depository institutions are subject to a host of other banking laws and regulations that help ensure the integrity of the institution's financial reporting and safety and soundness. These requirements include recordkeeping requirements, periodic financial reporting, accounting standards, capital requirements, prompt corrective action standards, safety and soundness standards, restrictions on transactions with insiders and affiliated organizations, and restrictions on management interlocks. These requirements apply to depository institutions regardless of size. Compliance with these restrictions and requirements are monitored and examined by federal banking regulators on a regular basis and the regulators have a great deal of authority to take actions both before and after problems become serious.

The holding companies of depository institutions also are subject to extensive regulation and regular examination by federal banking regulators. Holding companies are subject to recordkeeping and reporting requirements, capital requirements, restrictions on activities, "source of strength" policies and limits on transactions with depository institution subsidiaries. Under FDICIA, the internal control report, assessment and attestation requirements for an insured depository institution with more than $500 million of assets can be satisfied at the holding company level if the depository institution subsidiary either has (i) total assets of less than $5 billion; or (ii) total assets of $5 billion or more and a composite CAMEL rating of 1 or 2.6 The appropriate federal banking regulator may revoke the ability to meet the requirements at the holding company level for a depository institution with total assets in excess of $9 billion.

With all of this in mind, we believe that for depository institutions with at least $500 million of assets and their holding companies, compliance with the internal control reporting, assessment and attestation requirements in section 36 of the FDIA and Part 363 of the FDIC regulations should constitute compliance with the SEC rule. Banking institutions that are public companies should not face the unnecessary burden of having to comply with inconsistent or conflicting requirements. Banking institutions have been subject to the FDIC's requirements since 1993 and have established controls and procedures with those requirements in mind. Those requirements should remain in place and the federal banking regulators should have exclusive enforcement authority.

The SEC should recognize the substantial regulation and oversight of the banking industry and exempt depository institutions with less than $500 million of assets, or their holding companies for those small banks that have chosen a holding company structure, from the rule implementing section 404 of Sarbanes-Oxley. When FDICIA was passed, Congress recognized the burden that some of the FDICIA requirements would impose on smaller institutions. An exemption was considered appropriate in light of the fact that these institutions still would be subject to the entire panoply of other banking laws and regulations that were in effect and would be subject to examination by federal banking regulators.

We believe that the SEC, working together with the federal banking regulators, has the authority to permit this exemption. Section 3(a) of Sarbanes-Oxley authorizes the SEC to promulgate such rules and regulations as it deems necessary or appropriate in the public interest or for the protection of investors. In addition, section 3(b)(4) of Sarbanes-Oxley adds enforcement of section 404 to section 12(i) of the Securities Exchange Act of 1934 (Exchange Act).7 Under section 12(i) of the Exchange Act, the powers, functions and duties vested in the SEC to administer and enforce specified securities laws, including section 404 of Sarbanes-Oxley, are vested in the federal banking regulators with respect to banks and savings associations with deposits insured under the FDIA. The federal banking regulators have the power under section 12(i) to make rules and regulations as may be necessary for the execution of those functions. Section 12(i) requires the federal banking regulators to issue substantially similar regulations to those issued by the SEC "unless they find that implementation of substantially similar regulations with respect to insured banks and insured institutions are not necessary or appropriate in the public interest or for protection of investors . . . (emphasis added). Accordingly, we believe that the SEC and the federal banking regulators have the authority to adopt our suggested proposals for implementation of section 404.

In the event that the SEC and the federal banking regulators do not believe that an exemption is appropriate, smaller depository institutions and their holding companies should be treated in a manner identical to what we propose for institutions that are subject to the FDICIA reporting requirements. In other words, compliance by these institutions with section 36 of the FDIA and Part 363 of the FDIC regulations addressing the internal control report, assessment and attestation requirements should constitute compliance with the SEC rule, with exclusive enforcement authority residing with the banking regulators.

Definition of Internal Controls.

The SEC is proposing to adopt as a definition of internal controls and procedures for financial reporting the definition of internal controls in the American Institute of Certified Public Accountants (AICPA) Codification of Statements on Auditing Standards (AU) 319. This definition would be used pending future adoption of definitions or standards by the PCAOB. We support the definition proposed by the SEC pending future action by the PCAOB. The definition in (AU) 319 has been adopted by the bank regulatory agencies for use by banking institutions.8

Quarterly Evaluations.

ACB objects to the proposed changes to the section 302 certification that would require quarterly evaluations of the internal control structure and procedures for financial reporting. That burdensome requirement goes beyond what is required by Sarbanes-Oxley. Paragraph 6 of the section 302 certification requires that the officers indicate in the periodic report whether or not there were "significant changes in internal controls or in other factors that could significantly affect internal controls subsequent to the date of their evaluation . . . ." The SEC seems to believe that a quarterly evaluation of internal controls is required to make sense of that requirement. The proposed rule now makes that requirement superfluous. If an evaluation is required at the end of the period covered by the report, there could not be any significant changes to report from the time of the evaluation. The requirement in paragraph 6 should be read to require a discussion of any significant changes made in internal controls, including corrective actions taken with regard to significant deficiencies and material weaknesses, since the annual internal report required by section 404 of Sarbanes-Oxley, or by the FDIA in the case of banking institutions. Banking institutions have been living with an annual internal control assessment since 1993 and it has worked quite well. A requirement that a public company report quarterly on changes to internal controls and corrective actions will ensure the public that review of internal controls is an ongoing process and important information with regard to internal controls will be disclosed.

Effective Date.

In the event that the SEC adopts our proposals, we believe that the proposed effective date of the internal control requirements is appropriate. If, however, the SEC imposes internal control report, assessment or attestation requirements on larger banking institutions that are different than the FDICIA requirements, or if the FDICIA or other requirements are imposed on banking institutions with less than $500 million of assets, the effective date of the rules may be too aggressive. Smaller institutions, with more limited resources, may need additional time to develop the necessary processes and train personnel to ensure compliance with the requirements. Furthermore, smaller institutions may have trouble retaining a qualified auditor to perform the required attestation work in a timely manner as auditors may initially focus on the larger, nonbanking public companies that will, for the first time, be subject to this new requirement.

Section 406 of Sarbanes-Oxley

The SEC rule implementing section 406 of Sarbanes-Oxley would require a public company to disclose to investors whether or not the company had adopted a code of ethics for its principal executive officer, principal financial officer, controller, or persons performing similar functions. If the company has not adopted such a code, it must explain why. The rules set forth the types of matters that must be covered in the code before a positive disclosure can be made.

Coverage of Directors, Executive Officers, and All Employees.

ACB supports this rule and the extension of the disclosure to chief executive officers, even though that is not called for by Sarbanes-Oxley. We also support extending the disclosure to whether the code covers all directors, executive officers, and all other employees. While neither the law nor the rule will require that a public company adopt a code of ethics, we hope that companies will be encouraged to do so as a best practice in the area of corporate governance. We believe that companies should have a code of ethics that sets forth the company's expectations about proper corporate behavior from all individuals that manage or serve the company. Whether a company has adopted a code covering all directors, officers and employees would be of interest to investors and ACB supports expanding the proposal so that this information would be publicly available. A code would, of course, have to reflect the different responsibilities and obligations of directors, officers and other employees in a public company and apply any requirements in a manner that takes these different roles into account.

Banking regulations specifically require directors to avoid conflicts of interest and prohibit them from taking advantage of a corporate opportunity.9 Furthermore, the federal banking regulators either require or encourage depository institutions to have in place written codes or policies on conflicts of interest and ethics. For example, the FDIC's Pocket Guide for Directors states that the board of directors should ensure that all significant activities are covered by clearly communicated written policies that can be readily understood by all employees. Specific policies must cover, at a minimum, conflicts of interest and a code of ethics.10 The Director's Book - The Role of a National Bank Director issued by the OCC requires that directors avoid conflicts of interest and that they approve written insider policies for a national bank that address codes of conduct, conflicts of interest and other relevant issues. The policies should address the activities of directors, officers and employees at all levels of the bank.11 Finally, the OTS has issued a Directors Responsibilities Guide requiring that the board of directors develops policies that address, among other things, a code of ethics to reduce conflicts of interest.12

We note that the New York Stock Exchange (NYSE) and the NASDAQ Stock Market have submitted proposals to the SEC on corporate governance that would mandate a code of business conduct and ethics for all directors, officers, and employees.13 The NYSE proposal also would require listed companies to adopt and disclose corporate governance guidelines that address, among other things, director qualification standards and responsibilities.14

Disclosure of Changes and Waivers.

ACB supports the requirement that public companies report certain changes to, and waivers from, the code of ethics. Required disclosures should be limited, however, to avoid overwhelming investors with insignificant information. Also, a burdensome disclosure requirement would discourage companies from adopting codes that are comprehensive in nature, impeding the goals and principles behind this provision of Sarbanes-Oxley. Since a code of ethics may cover a variety of matters, some more significant than others, the disclosure requirement should be limited to changes to, or waivers from, material terms of the code. Also, although we support expanding the disclosure to include codes that cover all employees, we believe that the disclosure about changes and waivers should be required only if they affect directors or executive officers. Finally, with regard to implicit waivers, disclosure should apply only if a code violation is brought to the attention of an executive officer and no corrective action is taken. A broader requirement, or one that is more vague, is likely to discourage the adoption of a comprehensive code and lead to inadvertent disclosure violations.

ACB also opposes the requirement that notice of a change or waiver be filed on a Form 8-K within two business days. We are aware that the SEC has proposed rules that would reduce the filing time for most Form 8-K filings to two business days, and oppose that proposal as well. Accelerating filing deadlines to such a short period of time may not be a significant problem for large, public companies that have dedicated staff to handle SEC filings. Small companies with fewer resources, however, will find these short deadlines increasingly burdensome. These companies do not have the staff resources to handle the increasing amount of information that is going to have to be filed in unreasonable time frames. It is unclear why, for example, a more reasonable 10-calendar day requirement cannot be sufficient for investors. Requiring that information be submitted in such short time periods merely encourages those investors who already have a short-term outlook on investments, when it seems prudent to encourage longer-term investment objectives. Trading volumes are usually light for smaller community banks because their shareholders invest for the long term. ACB encourages the SEC to consider the interests and needs of smaller public companies when setting filing deadlines and adopt a more reasonable approach. Even if the SEC determines that two business days for reporting information is necessary and feasible for larger, public companies, the SEC should adopt more reasonable time frames for smaller companies that have fewer resources at their disposal.

ACB supports the ability under the proposed rule for companies to report changes to, and waivers from, the code of ethics on their website, although the retention time for the information should be reduced from five years to one year. It is difficult to see how investors would find this information useful five years after a wavier is granted. If the SEC believes that this information would be useful after one year, the SEC should allow a company that utilizes website posting to subsequently provide a list of all material changes and waivers that affect directors and executive officers in its annual report.

In light of the disclosure about a code of ethics in a company's annual report, and the requirement that changes to the code be disclosed in Form 8-K filings or on a company website, there is no need to require disclosure about a code of ethics in quarterly reports. While it may make sense to require the disclosure in registration statements for public offerings, it is not necessary to include the disclosure in proxy and information statements since shareholders could get the information in the annual report.

Effective Date.

The SEC should provide a period of time after the effective date of this rule for companies to adopt a code of ethics before disclosure is required. This is particularly necessary since the SEC is requesting comments on whom the code should cover and what should be covered. Only after seeing a final rule will companies know what to include in a newly adopted code or how to amend any code currently in effect.

Section 407 of Sarbanes-Oxley.

The SEC rule implementing section 407 of Sarbanes-Oxley would require a public company to disclose whether a "financial expert" serves on the company's audit committee. If there is no financial expert serving on the audit committee, the company must explain why. The rule would require the company to disclose the number and names of audit committee members determined by the board of directors to be the financial experts and whether the financial experts are independent. If the financial experts are not independent, the company must explain why.

Definition of Financial Expert.

The definition of a financial expert is much too narrow and will limit the ability of all public companies, regardless of size, to find someone who is qualified and willing to serve in this role. The result of such a limited pool of candidates will be that the vast majority of public companies will disclose that they do not have a financial expert on the audit committee. This result will not further the goals and principles behind section 407 of Sarbanes-Oxley.

While a public company will not be required to have a financial expert on the audit committee, ACB is concerned about the repercussions for companies who cannot find a financial expert to serve and must disclose that fact. The SEC acknowledges in its release that small entities may have difficulty attracting qualified financial experts and negative disclosure of that fact may have an impact on the market price of their securities. Any negative effect may be mitigated somewhat by the fact that such a narrow definition will result in most public companies indicating that they do not have a financial expert on the audit committee. We do not believe, however, that such a result furthers the public interest or is the result that Congress or the SEC had in mind.

The law does not define the term "financial expert," but directs the SEC to take into account certain factors. That guidance, together with the authority of the SEC under section 3 of Sarbanes-Oxley to adopt rules and regulations that are appropriate to protect investors, gives the SEC the flexibility to develop a rule that will broaden the pool of candidates. Whether those candidates are willing to serve will depend on their level of comfort about the responsibilities, obligations and potential liability that may be imposed upon financial experts.

An individual should not need experience as a public accountant, auditor, principal financial or accounting officer or controller of a public company, or actually have prepared or audited financial statements, to be qualified as a financial expert under the rule. In addition, eligible experience should not be limited to serving a publicly reporting company. The audit committee's role is not to duplicate the work of others involved in preparing and auditing financial statements and preparing periodic reports. It is to oversee the process and help ensure that any disagreements over reporting requirements are resolved. As provided in section 301 of Sarbanes-Oxley, the audit committee will be "directly responsible for the appointment, compensation, and oversight of the work of any registered public accounting firm . . . " (emphasis added). That same section requires the audit committee to establish procedures for the receipt, retention, and treatment of complaints about accounting, internal accounting controls or auditing matters, and requires that the audit committee be given authority to engage independent counsel and other advisers. Other provisions of Sarbanes-Oxley require the chief executive and financial officer to certify financial statements and require the PCAOB to develop standards to increase the integrity and accuracy of the auditing process. In light of all these new requirements, it is difficult to see why a "financial expert" would need the type of experience required by the rule. In the event that the audit committee needs additional expertise, it will have the authority to retain additional advisers.

Audit committees of insured depository institutions with more than $3 billion in assets are required under banking law to have members with banking or related financial management expertise. A person qualifies if he or she has significant executive, professional, educational or regulatory experience in financial, auditing, accounting, or banking matters, as determined by the institution's board of directors. This definition is broader than the definition of financial expert in the SEC rule and more appropriate for banking institutions. An individual who has served in an executive officer position with a banking institution, or has sufficient regulatory experience in banking, would be well qualified to serve as a financial expert on the audit committee of a banking institution provided that the individual can review and understand financial statements and has an understanding of generally accepted accounting principles.

Many community banks have relatively simple operations and it would seem more important for a financial expert to understand financial statements and banking operations, and the laws and rules governing those operations, than for the expert to have experience auditing or preparing financial statements. The SEC has offered an alternative to the requirement that an individual have experience serving in specific roles by allowing the board of directors to determine that an individual has similar expertise and experience. It is unclear, however, how the board could make such a determination when the stated positions have such specific duties and responsibilities that are unlikely to be duplicated in other positions in a company. A definition that is tailored to the specific industry in which a company operates would broaden the pool of candidates and serve the public interest by ensuring that the financial expert has relevant education or experience.

ACB believes that regardless of the qualifications ultimately determined to be necessary by the SEC, a public company should be able to make a positive disclosure if the audit committee members collectively meet the qualifications. In other words, as long as the education or experience determined to be necessary for a financial expert is held in the aggregate by one or more audit committee members, a company should be permitted to disclose that information. In a related matter, the SEC has not proposed any limitations on what information can be provided if a public company discloses that it does not have a financial expert on the audit committee. We assume that in providing the reasons for not having a financial expert, a company can discuss the education and experience of its audit committee members and explain why those members are qualified to fulfill their oversight responsibilities. If the SEC believes that certain disclosures may be inappropriate, it should provide guidance on this point.

Since Sarbanes-Oxley requires that all members of an audit committee of companies with listed securities be independent, a requirement by the SEC that the financial expert be independent would only affect smaller public companies that do not have securities listed on an exchange. It would be in the best interest of an institution and a best practice to have a financial expert who is independent. However, even if the SEC adopts a broader definition of financial expert, the pool of candidates may still be quite small. Therefore, ACB does not believe that a financial expert should have to be independent, but the absence of independence should be disclosed in the company's annual report.

Obligations and Liability.

ACB believes that many qualified individuals will be hesitant to serve as the financial expert because the role may impose upon them a greater degree of responsibility and liability than imposed on other audit committee members. The SEC states in the rule that the mere designation of the financial expert should not impose a higher degree of responsibility or obligation, nor should this designation decrease the duties and obligations of other audit committee members. The SEC subsequently indicates, however, that it would be difficult to conclude that an accountant serving as a financial expert would not be practicing before the SEC.15 The SEC should review and analyze the degree of individual responsibility, obligation or liability under state or federal law of a person designated as a financial expert and provide more specific conclusions on this point.

Effective Date.

The SEC should provide a period of time after the effective date of this rule for companies to name a financial expert to an audit committee. This is particularly necessary since the SEC is requesting comments on the definition of a financial expert. Only after seeing a final rule will companies know who will qualify. The ability to disclose during some type of transition period that the company is looking for a financial expert provides no useful information to investors since most public companies would make that disclosure. Therefore, the disclosure requirement should be delayed for at least one year to give companies that want a financial expert on the audit committee, but need to appoint one or more new board members, the opportunity to get shareholder approval of the new board members.

ACB appreciates the opportunity to comment on these important matters and would be happy to provide you with any additional information you would like regarding the laws and regulations that govern banking organizations. If you have any questions, please contact the undersigned at (202) 857-3121 or via e-mail at cbahin@acbankers.org, or Diane Koonjy at (202) 857-3144 or via e-mail at dkoonjy@acbankers.org.

Sincerely,

Charlotte M. Bahin
Director of Regulatory Affairs
Senior Regulatory Counsel

Attachment

cc: The Honorable Alan Greenspan, Chairman
Board of Governors of the Federal Reserve System
The Honorable James E. Gilleran, Director
Office of Thrift Supervision
The Honorable John D. Hawke, Jr., Comptroller of the Currency
Office of the Comptroller of the Currency
The Honorable Donald E. Powell, Chairman
Federal Deposit Insurance Corporation

FDIC Law, Regulations, Related Acts

 

2000 - FDIC RULES AND REGULATIONS

[Main Tabs]     [Table of Contents - 2000]     [Index]     [Previous Page]     [Next Page]     [Search]


{{12-31-97 p.3161}}

PART 363-ANNUAL INDEPENDENT AUDITS AND REPORTING
REQUIREMENTS


    Sec.
    363.0    OMB control number.
    363.1    Scope.
    363.2    Annual reporting requirements.
    363.3    Independent public accountant.
    363.4    Filing and notice requirements.
    363.5    Audit committees.

Appendix A to Part 363-Guidelines and Interpretations


  AUTHORITY:  12 U.S.C. 1831m.
  SOURCE:  The provisions of this Part 363 appear at 58 Fed. Reg. 31335, June 2, 1993, effective July 2, 1993, except as otherwise noted.

§ 363.0  OMB control number.


  The collecting of information requirements in this part have been approved by the Office of Management and Budget under OMB control number 3064--0113.

[Codified to 12 C.F.R. § 363.0]



§ 363.1  Scope.


  (a)  Applicability. This part applies with respect to fiscal years of insured depository institutions which begin after December 31, 1992. This part does not apply with respect to any fiscal year of any insured depository institution, the total assets of which, at the beginning of such fiscal year, are less than $500 million.
  (b)  Compliance by subsidiaries of holding companies. (1)  The audited financial statements requirement of § 363.2(a) may be satisfied for an insured depository institution that is a subsidiary of a holding company by audited financial statements of the consolidated holding company.
    (2)  The other requirements of this part for an insured depository institution that is a subsidiary of a holding company may be satisfied by the holding company if:
      (i)  The services and functions comparable to those required of the insured depository institution by this part are provided at the holding company level; and
      (ii)  The insured depository institution has as of the beginning of its fiscal year:
        (A)  Total assets of less than $5 billion; or
        (B)  Total assets of $5 billion or more and a composite CAMEL rating of 1 or 2.
    (3)  The appropriate federal banking agency may revoke the exception in paragraph (b)(2) of this section for any institution with total assets in excess of $9 billion for any period of time during which the appropriate federal banking agency determines that the institution's exemption would create a significant risk to the affected deposit insurance fund.

[Codified to 12 C.F.R. § 363.1]

[Section 363.1 amended at 61 Fed. Reg. 6493, February 21, 1996, effective April 1, 1996]



§ 363.2  Annual reporting requirements.


  (a)  Audited financial statements. Each insured depository institution shall prepare annual financial statements in accordance with generally accepted accounting principles which shall be audited by an independent public accountant.
  (b) Management report. Each insured depository institution annually shall prepare, as of the end of the institution's most recent fiscal year, a management report signed by its chief executive officer and chief accounting or chief financial officer which contains:
    (1)  A statement of management's responsibilities for preparing the institution's annual financial statements, for establishing and maintaining an adequate internal control structure and procedures for financial reporting, and for complying with laws and
{{12-31-97 p.3162}}regulations relating to safety and soundness which are designated by the FDIC and the appropriate federal banking agency; and
    (2)  Assessments by management of the effectiveness of such internal control structure and procedures as of the end of such fiscal year and the institution's compliance with such laws and regulations during such fiscal year.

[Codified to 12 C.F.R. § 363.2]



§ 363.3  Independent public accountant.


  (a)  Annual audit of financial statement. Each insured depository institution shall engage an independent public accountant to audit and report on its annual financial statements in accordance with generally accepted auditing standards and section 37 of the Federal Deposit Insurance Act (12 U.S.C. 1831n). The scope of the audit engagement shall be sufficient to permit such accountant to determine and report whether the financial statements are presented fairly and in accordance with generally accepted accounting principles.
  (b)  Additional reports. Such independent public accountant shall examine, attest to, and report separately on, the assertion of management concerning the institution's internal control structure and procedures for financial reporting. The attestation shall be made in accordance with generally accepted standards for attestation engagements.
  (c)  Notice by accountant of termination of services. An independent public accountant performing an audit under this part who ceases to be the accountant for an insured depository institution shall notify the FDIC and the appropriate federal banking agency in writing of such termination within 15 days after the occurrence of such event, and set forth in reasonable detail the reasons for such termination.

[Codified to 12 C.F.R. § 363.3]

[Section 363.3 amended at 62 Fed. Reg. 63257, November 28, 1997, effective January 1, 1998]



§ 363.4  Filing and notice requirements.


  (a)  Annual reporting. Within 90 days after the end of its fiscal year, each insured depository institution shall file with each of the FDIC, the appropriate federal banking agency, and any appropriate state bank supervisor, two copies of an annual report containing audited annual financial statements, the independent public accountant's report thereon, management's statements and assessments, and the independent public accountant's attestation report concerning the institution's internal control structure and procedures for financial reporting as required by §§ 363.2(a), 363.3(a), 363.2(b), and 363.3(b) respectively;
  (b)  Public availability. The annual report in paragraph (a) of this section shall be available for public inspection.
  (c)  Independent accountant's reports. Each insured depository institution shall file with the FDIC, the appropriate federal banking agency, and any appropriate state bank supervisor, a copy of any management letter, qualification, or other report issued by its independent public accountant with respect to such institution and the services provided by such accountant pursuant to this part within 15 days after receipt.
  (d)  Notice of engagement or change of accountants. Each insured depository institution shall provide, within 15 days after the occurrence of any such event, written notice to the FDIC, the appropriate federal banking agency, and any appropriate state bank supervisor of the engagement of an independent public accountant, or the resignation or dismissal of the independent public accountant previously engaged. The notice shall include a statement of the reasons for any such event in reasonable detail.

[Codified to 12 C.F.R. § 363.4]

[Section 363.4 amended at 61 Fed. Reg. 6493, February 21, 1996, effective April 1, 1996; 62 Fed. Reg. 63257, November 28, 1997, effective January 1, 1998]
{{2-28-02 p.3162.01}}


§ 363.5  Audit committees.


  (a)  Composition and duties. Each insured depository institution shall establish an independent audit committee of its board of directors, the members of which shall be outside directors who are independent of management of the institution, and the duties of which shall include reviewing with management and the independent public accountant the basis for the reports issued under this part.
  (b)  Committees of large institutions. The audit committee of any insured depository institution that has total assets of more than $3 billion, measured as of the beginning of each fiscal year, shall include members with banking or related financial management expertise, have access to its own outside counsel, and not include any large customers of the institution. If a large institution is a subsidiary of a holding company and relies on the audit committee of the holding company to comply with this rule, the holding company audit committee shall not include any members who are large customers of the subsidiary institution.

[Codified to 12 C.F.R. § 363.5]

[Section 363.5 amended at 61 Fed. Reg. 6493, February 21, 1996, effective April 1, 1996]

Appendix A to Part 363-Guidelines and Interpretations



Table of Contents

Introduction


Scope of Rule (§ 363.1)


   1.  Measuring Total Assets
   2.  Insured Branches of Foreign Banks
   3.  Compliance by Holding Company Subsidiaries
   4.  Comparable Services and Functions

Annual Reporting Requirements (§ 363.2)
 

   5.  Annual Financial Statements
   6.  Holding Company Statements
   7.  Insured Branches of Foreign Banks
   8.  Management Report
   9.  Safeguarding of Assets
  10.  Standards for Internal Controls
  11.  Service Organizations
  12. Compliance with Laws and Regulations

Role of Independent Public Accountant (§ 363.3)


  13.  General Qualifications
  14.  Independence
  15.  Peer Reviews
  16.  Filing Peer Review Reports
  17.  Information to Independent Public Accountant
  18.  Attestation Report
  19.  Reviews with Audit Committee and Management
  20.  Notice of Termination
  21.  Reliance on Internal Auditors

Filing and Notice Requirements (§ 363.4)


  22.  Place for Filing
  23.  Relief From Filing Deadlines
  24.  Public Availability
  25.  Independent Public Accountant's Reports
{{2-28-02 p.3162.02}}
  26.  Notices Concerning Accountants

Audit Committees (§ 363.5)


  27.  Composition
  28.  "Independent of Management" Considerations
  29.  Lack of Independence
  30.  Holding Company Audit Committees
  31.  Duties
  32.  Banking or Related Financial Management Expertise
  33.  Large Customers
  34.  Access to Counsel
  35.  Forming and Restructuring Audit Committees

Other


  36.  Modifications of Guidelines

Introduction


  Congress added section 36, "Early Identification of Needed Improvements in Financial Management" (section 36), to the Federal Deposit Insurance Act (FDI Act) in 1991.
  The FDIC Board of Directors adopted 12 CFR part 363 of its rules and regulations (the Rule) to implement those provisions of section 36 that require rulemaking. The FDIC also approved these "Guidelines and Interpretations" (the Guidelines) and directed that they be published with the Rule to facilitate a better understanding of, and full compliance with, the provisions of section 36.
  Although not contained in the Rule itself, some of the guidance offered restates or refers to statutory requirements of section 36 and is therefore mandatory. If that is the case, the statutory provision is cited.
  Furthermore, upon adopting the Rule, the FDIC reiterated its belief that every insured depository institution, regardless of its size or charter, should have an annual audit of its financial statements performed by an independent public accountant, and should establish an audit committee comprised entirely of outside directors.
  The following Guidelines reflect the views of the FDIC concerning the interpretation of section 36. The Guidelines are intended to assist insured depository institutions (institutions), their boards of directors, and their advisors, including their independent public accountants and legal counsel, and to clarify section 36 and the Rule. It is recognized that reliance on the Guidelines may result in compliance with section 36 and the Rule which may vary from institution to institution. Terms which are not explained in the Guidelines have the meanings given them in the Rule, the FDI Act, or professional accounting and auditing literature.

Scope of Rule (
§ 363.1)

  1.  Measuring Total Assets. To determine whether this part applies, an institution should use total assets as reported on its most recent Report of Condition (Call Report) or Thrift Financial Report (TFR), the date of which coincides with the end of its preceding fiscal year. If its fiscal year ends on a date other than the end of a calendar quarter, it should use its Call Report or TFR for the quarter end immediately preceding the end of its fiscal year.
  2.  Insured Branches of Foreign Banks. Unlike other institutions, insured branches of foreign banks are not separately incorporated or capitalized. To determine whether this part applies, an insured branch should measure claims on non-related parties reported on its Report of Assets and Liabilities of U.S. Branches and Agencies of Foreign Banks (form FFIEC 002).
  3.  Compliance by Holding Company Subsidiaries. Audited consolidated financial statements and other reports or notices required by this part which are submitted by a holding
{{12-31-97 p.3162.03}}company for any subsidiary institution, should be accompanied by a cover letter identifying all subsidiary institutions to which they pertain. An institution filing holding company consolidated financial statements as permitted by § 363.1(b) also may report on changes in its independent public accountant on a holding company basis. An institution that does not meet the criteria in section 36(i) must satisfy the remaining provisions of the statute and this part on an individual institution basis, and maintain its own audit committee. Multi-tiered holding companies may satisfy all requirements of this part at any level.
  4.  Comparable Services and Functions. Services and functions will be considered "comparable" to those required by this part if the holding company:
    (a)  Prepares reports used by the subsidiary institution to meet the requirements of this part;
    (b)  Has an audit committee that meets the requirements of this part appropriate to its largest subsidiary institution; and
    (c)  Prepares and submits the management assessments of the effectiveness of the internal control structure and procedures for financial reporting (internal controls), and compliance with the designated laws defined in guideline 12 based on information concerning the relevant activities and operations of those subsidiary institutions within the scope of the rule.

Annual Reporting Requirements (
§ 363.2)

  5.  Annual Financial Statements. Each institution should prepare comparative annual consolidated financial statements (balance sheets, statements of income, changes in equity capital, and cash flows, with accompanying footnote disclosures) in accordance with generally accepted accounting principles (GAAP) for each of its two most recent fiscal years. Statements for the earlier year may be presented on an unaudited basis if the institution was not subject to this part for that year and audited statements were not prepared.
  6.  Holding Company Statements. Subsidiary institutions may file copies of their holding company's audited financial statements filed with the Securities and Exchange Commission (SEC) or prepared for their FR Y--6 Annual Report under the Bank Holding Company Act of 1956.
  7.  Insured Branches of Foreign Banks. An insured branch of a foreign bank should satisfy the financial statements requirement by filing one of the following for the two preceding fiscal years:
    (a)  Audited balance sheets, disclosing information about financial instruments with off-balance-sheet risk;
    (b)  Schedules RAL and L of form FFIEC 002, prepared and audited on the basis of the instructions for its preparation; or
    (c)  With written approval of the appropriate federal banking agency, consolidated financial statements of the parent bank.
  8.  Management Report. Management should perform its own investigation and review of the effectiveness of internal controls and compliance with the Designated Laws defined in Guideline 12. Management also should maintain records of its determinations and assessments until the next federal safety and soundness examination, or such later date as specified by the FDIC or appropriate federal banking agency. Management should provide in its assessment of the effectiveness of internal controls, or supplementally, sufficient information to enable the accountant to report on its assertions. The management report of an insured branch of a foreign bank should be signed by the branch's managing official if the branch does not have a chief executive or financial officer.
  9.  Safeguarding of Assets. "Safeguarding of assets," as the term relates to internal control policies and procedures regarding financial reporting and which has precedent in accounting literature, should be encompassed in the management report and the independent public accountant's attestation discussed in guideline 18. Testing the existence of and compliance with internal controls on the management of assets, including loan underwriting and documentation, represents a reasonable implementation of section 36. The FDIC expects
{{12-31-97 p.3162.04}}such internal controls to be encompassed by the assertion in the management report, but the term "safeguarding of assets" need not be specifically stated. The FDIC does not require the accountant to attest to the adequacy of safeguards, but does require the accountant to determine whether safeguarding policies exist.{1}

  {1It is management's responsibility to establish policies concerning underwriting and asset management and to make credit decisions. The auditor's role is to test compliance with management's policies relating to financial reporting.}


  10.  Standards for Internal Controls. Each institution should determine its own standards for establishing, maintaining, and assessing the effectiveness of its internal controls.{2}

  {2In considering what information is needed on safeguarding of assets and standards for internal controls, management may review guidelines provided by its primary federal regulator; the FDIC's Division of Supervision Manual of Examination Policies; the Federal Reserve Board's Commercial Bank Examination Manual and other relevant regulations; the Office of Thrift Supervision's Thrift Activities Handbook; the Comptroller of the Currency's Handbook for National Bank Examiners; and standards published by professional accounting organizations, such as the American Institute of Certified Public Accountants' (AICPA) Statement on Auditing Standards No. 55, "Consideration of the Internal Control Structure in a Financial Statement Audit," as amended by Statement of Auditing Standards No. 78; the Committee of Sponsoring Organizations (COSO) of the Treadway Commission's Internal Control--Integrated Framework, including its addendum on safeguarding of assets; and other internal control standards published by the AICPA, other accounting or auditing professional associations, and financial institution trade associations.}


  11.  Service Organizations. Although service organizations should be considered in determining if internal controls are adequate, an institution's independent public accountant, its management, and its audit committee should exercise independent judgment concerning that determination. Onsite reviews of service organizations may not be necessary to prepare the report required by the Rule, and the FDIC does not intend that the Rule establish any such requirement.
  12.  Compliance with Laws and Regulations. The designated laws and regulations are the federal laws and regulations concerning loans to insiders and the federal and state laws and regulations concerning dividend restrictions (the Designated Laws). Table 1 to this Appendix A lists the designated federal laws and regulations pertaining to insider loans and dividend restrictions that are applicable to each type of institution.

Role of Independent Public Accountant (
§ 363.3)

  13.  General Qualifications. To provide audit and attest services to insured depository institutions, an independent public accountant should be registered or licensed to practice as a public accountant, and be in good standing, under the laws of the state or other political subdivision of the United States in which the home office of the institution (or the insured branch of a foreign bank) is located. As required by section 36(g)3(A)(i), the accountant must agree to provide copies of any workpapers, policies, and procedures relating to services performed under this part.
  14.  Independence. The Independent public accountant also should be in compliance with the AICPA's Code of Professional Conduct and meet the independence requirements and interpretations of the SEC and its staff.
  15.  Peer Reviews. As required by section 36(g)3(A)(ii), the independent public accountant must have received, or be enrolled in, a peer review that meets acceptable guidelines. The following peer review guidelines are acceptable:
    (a)  The external peer review should be conducted by an organization independent of the accountant or firm being reviewed, as frequently as is consistent with professional accounting practices;
    (b)  The peer review should be generally consistent with AICPA standards;{3}

  {3These would include Standards for Performing and Reporting on Peer Reviews, codified in the SEC Practice Section Reference Manual, and Standards for Performing and Reporting on Peer Reviews, contained in Volume 2 of the AICPA's Professional Standards.}

and
    (c)  The review should include, if available, at least one audit on an insured depository institution or consolidated financial holding company. Peer review working
{{12-31-97 p.3162.05}}papers are to be retained for 120 days after the peer review report is filed with the FDIC, and be made available to the FDIC upon request, in a form consistent with the SEC's agreement with the accounting profession.
  16.  Filing Peer Review Reports. Within 15 days of receiving notification that the peer review has been accepted, or before commencing any audit under the Rule, whichever is earlier, two copies of the most recent peer review report, accompanied by any letter of comments and letter of response, should be filed by the independent public accountant (if not already on file) with the FDIC, Registration and Disclosure Section, 550 17th Street N.W., Washington, D.C. 20429, where they will be available for public inspection. All corrective action required under any qualified peer review report should have been taken before commencing services under this Rule.
  17.  Information to Independent Public Accountant. Attention is directed to section 36(h) which requires institutions to provide specified information to their accountants. An institution also should provide its accountant with copies of any notice that the institution's capital category is being changed or reclassified under section 38 of the FDI Act, and any correspondence from the appropriate federal banking agency concerning compliance with this part.
  18.  Attestation Report. The independent public accountant should provide the institution with an internal controls attestation report and any management letter at the conclusion of the audit as required by section 36(c)(1). If a holding company subsidiary relies on its holding company management report, the accountant may attest to and report on the management's assertions in one report, without reporting separately on each subsidiary covered by the Rule. The FDIC has determined that management letters are exempt from public disclosure.
  19.  Reviews with Audit Committee and Management. The independent public accountant should meet with the institution's audit committee to review the accountant's reports required by this part before they are filed. It also may be appropriate for the accountant to review its findings with the institution's board of directors and management.
  20.  Notice of Termination. The notice required by § 363.3(c) should state whether the independent public accountant agrees with the assertions contained in any notice filed by the institution under § 363.4(d), and whether the institution's notice discloses all relevant reasons.
  21.  Reliance on Internal Auditors. Nothing in this part or this appendix is intended to preclude the ability of the independent public accountant to rely on the work of an institution's internal auditor.

Filing and Notice Requirements (
§ 363.4)

  22.  Place for Filing. Except for peer review reports filed pursuant to Guideline 16, all reports and notices required by, and other communications or requests made pursuant to, the Rule should be filed as follows:
    (a)  FDIC: Appropriate FDIC Regional Office (Supervision), i.e., the FDIC regional office in the FDIC region in which the institution is headquartered or, in the case of a subsidiary institution of a holding company, the FDIC regional office that is responsible for monitoring the consolidated company. A filing made on behalf of several covered institutions owned by the same parent holding company should be accompanied by a transmittal letter identifying all of the institutions covered.
    (b)  Office of the Comptroller of the Currency (OCC): appropriate OCC Supervisory Office.
    (c)  Federal Reserve: Appropriate Federal Reserve Bank.
    (d)  Office of Thrift Supervision (OTS): appropriate OTS District Office.
    (e)  State bank supervisor: the filing office of the appropriate state bank supervisor.
  23.  Relief from Filing Deadlines. Although the reasonable deadlines for filings and other notices established by this part are specified, some institutions may occasionally be confronted with extraordinary circumstances beyond their reasonable control that may justify extensions of a deadline. In that event, upon written application from an insured depository
{{12-31-97 p.3162.06}}institution, setting forth the reasons for a requested extension, the FDIC or appropriate federal banking agency may, for good cause, extend a deadline in this part for a period not to exceed 30 days.
  24.  Public Availability. Each institution's annual report should be available for public inspection at its main and branch offices no later than 15 days after it is filed with the FDIC. Alternatively, an institution may elect to mail one copy of its annual report to any person who requests it. The annual report should remain available to the public until the annual report for the next year is available. An institution may use its annual report under this part to meet the annual disclosure statement required by 12 CFR 350.3, if the institution satisfies all other requirements of 12 CFR Part 350.
  25.  Independent Public Accountant's Reports. Section 36(h)(2)(A) requires that, within 15 days of receipt by an institution of any management letter or other report, such letter or other report shall be filed with the FDIC, any appropriate federal banking agency, and any appropriate state bank supervisor. Institutions and their accountants are encouraged to coordinate preparation and delivery of audit and attestation reports and filing the annual report, to avoid duplicate filings.
  26.  Notices Concerning Accountants. Institutions should review and satisfy themselves as to compliance with the required qualifications set forth in guidelines 13--15 before engaging an independent public accountant. With respect to any selection, change or termination of an accountant, institutions should be familiar with the notice requirements in guideline 21, and should send a copy of any notice under § 363.4(d) to the accountant when it is filed with the FDIC. An institution which files reports with its appropriate federal banking agency under, or is a subsidiary of a holding company which files reports with the SEC pursuant to, the Securities Exchange Act of 1934 may use its current report (e.g., SEC Form 8--K) concerning a change in accountant to satisfy the similar notice requirements of this part.

Audit Committees (
§ 363.5)

  27.  Composition. The board of directors of each institution should determine if outside directors meet the requirements of section 36 and this part. At least annually, it should determine whether all existing and potential audit committee members are "independent of management of the institution." If the institution has total assets in excess of $3 billion, the board also should determine whether members of the committee satisfy the additional requirements of this part. Because an insured branch of a foreign bank does not have a separate board of directors, the FDIC will not apply the audit committee requirements to such branch. However, any such branch is encouraged to make a reasonable good faith effort to see that similar duties are performed by persons whose experience is generally consistent with the Rule's requirements for an institution the size of the insured branch.
  28.  "Independent of Management" Considerations. In determining whether an outside director is independent of management, the board should consider all relevant information. This would include considering whether the director:
    (a)  Is or has been an officer or employee of the institution or its affiliates;
    (b)  Serves or served as a consultant, advisor, promoter, underwriter, legal counsel, or trustee of or to the institution or its affiliates;
    (c)  Is a relative of an officer or other employee of the institution or its affiliates;
    (d)  Holds or controls, or has held or controlled, a direct or indirect financial interest in the institution or its affiliates; and
    (e)  Has outstanding extensions of credit from the institution or its affiliates.
  29.  Lack of Independence. An outside director should not be considered independent of management if such director is, or has been within the preceding year, an officer or employee of the institution or any affiliate, or owns or controls, or has owned or controlled within the preceding year, assets representing 10 percent or more of any outstanding class of voting securities of the institution.
  30.  Holding Company Audit Committees. When an insured depository institution subsidiary fails to meet the requirements for the holding company exception in § 363.1(b)(2) or
{{12-31-97 p.3162.07}}maintains its own separate audit committee to satisfy the requirements of this part, members of the independent audit committee of the holding company may serve as the audit committee of the subsidiary institution if they are otherwise independent of management of the subsidiary, and, if applicable, meet any other requirements for a large subsidiary institution covered by this part. However, this does not permit officers or employees of a holding company to serve on the audit committee of its subsidiary institutions. When the subsidiary institution satisfies the requirements for the holding company exception in § 363.1(b)(2), members of the audit committee of the holding company should meet all the membership requirements applicable to the largest subsidiary depository institution and may perform all the duties of the audit committee of a subsidiary institution, even though such holding company directors are not directors of the institution.
  31.  Duties. The audit committee should perform all duties determined by the institution's board of directors. The duties should be appropriate to the size of the institution and the complexity of its operations, and include reviewing with management and the independent public accountant the basis for their respective reports issued under §§ 363.2(a) and (b) and 363.3(a) and (b). Appropriate additional duties could include:
    (a)  Reviewing with management and the independent public accountant the scope of services required by the audit, significant accounting policies, and audit conclusions regarding significant accounting estimates;
    (b)  Reviewing with management and the accountant their assessments of the adequacy of internal controls, and the resolution of identified material weaknesses and reportable conditions in internal controls, including the prevention or detection of management override or compromise of the internal control system;
    (c)  Reviewing with management and the accountant the institution's compliance with laws and regulations;
    (d)  Discussing with management the selection and termination of the accountant and any significant disagreements between the accountant and management; and
    (e)  Overseeing the internal audit function.
It is recommended that audit committees maintain minutes and other relevant records of their meetings and decisions.
  32.  Banking or Related Financial Management Expertise. At least two members of the audit committee of a large institution shall have "banking or related financial management expertise" as required by section 36(g)(1)(C)(i). This determination is to be made by the board of directors of the insured depository institution. A person will be considered to have such required expertise if the person has significant executive, professional, educational, or regulatory experience in financial, auditing, accounting, or banking matters as determined by the board of directors. Significant experience as an officer or member of the board of directors or audit committee of a financial services company would satisfy these criteria.
  33.  Large Customers. Any individual or entity (including a controlling person of any such entity) which, in the determination of the board of directors, has such significant direct or indirect credit or other relationships with the institution, the termination of which likely would materially and adversely affect the institution's financial condition or results of operations, should be considered a "large customer" for purposes of § 363.5(b).
  34.  Access to Counsel. The audit committee should be able to retain counsel at its discretion without prior permission of the institution's board of directors or its management. Section 36 does not preclude advice from the institution's internal counsel or regular outside counsel. It also does not require retaining or consulting counsel, but if the committee elects to do either, it also may elect to consider issues affecting the counsel's independence. Such issues would include whether to retain or consult only counsel not concurrently representing the institution or any affiliate, and whether to place limitations on any counsel representing the institution concerning matters in which such counsel previously participated personally and substantially as outside counsel to the committee.
  35.  Forming and Restructuring Audit Committees. Audit committees should be formed within four months of the effective date of this part. Some institutions may have to restructure existing audit committees to comply with this part. No regulatory action will be
{{12-31-97 p.3162.08}}taken if institutions restructure their audit committees by the earlier of their next annual meeting of stockholders, or one year from the effective date of this part.

Other


  36.  Modifications of Guidelines. The FDIC Board of Directors has delegated to the Director of the FDIC's Division of Supervision authority to make and publish in The Federal Register minor technical amendments to the Guidelines in this appendix (including the attached Agreed Upon Procedures in Schedule A to this appendix), in consultation with the other appropriate federal banking agencies, to reflect the practical experience gained from implementation of this part. It is not anticipated any such modification would be effective until affected institutions have been given reasonable advance notice of the modification. Any material modification or amendment will be subject to review and approval of the FDIC Board of Directors.



Table 1 to Appendix A

Designated Federal Laws and Regulations Applicable to

National banks

State member banks

State non- member banks

Savings associa- tions

Insider Loans--Parts and/or Sections of Title 12 of the United States Code

375a

Loans to Executive Officers of Banks.

(1)

(1)

375b

Prohibitions Respecting Loans and Extensions of Credit to Executive Officers and Directors of Banks, Political Campaign, Committees, etc.

(1)

(1)

1468(b)

Extensions of Credit to Executive Officers, Directors, and Principal Shareholders.

1828(j)(2)

Provisions Relating to Loans, Extensions of Credit, and Other Dealings Between Member Banks and Their Affiliates, Executive Officers, Directors, etc.

1828(j)(3)(B)

Extensions of Credit Applicability of Provisions Relating to Loans, Extensions of Credit, and Other Dealings Between Insured Branches of Foreign Banks and Their Insiders.

(2)

(3)

Parts and/or Sections of Title 12 of the Code of Federal Regulations

23.5

Application of Legal Lending Limits; Restrictions on Transactions With Affiliates.

31

Extensions of Credit to National Bank Insiders

215

Subpart A--Loans by Member Banks to Their Executive Officers, Directors, and Principal Shareholders.

(4)

(5)

Subpart B--Reports of Indebtedness of Executive Officers and Principal Shareholders of Insured Nonmember Banks.

(4)

(5)

337.3

Limits on Extensions of Credit to Executive Officers, Directors, and Principal Shareholders of Insured Nonmember Banks.

{{12-31-97 p.3162.09}}349.3

Reports by Executive Officers and Principal Shareholders

563.43

Loans by Savings Associations to Their Executive Officers, Directors, and Principal Shareholders.

Dividend Restrictions--Parts and/or Sections of Title 12 of the United States Code

56

Prohibition on Withdrawal of Capital and Unearned Dividends

60

Dividends and Surplus Funds

1467a(f)

Declaration of Dividends

1831o

Prompt Corrective Action--Dividend Restrictions

Parts and/or Sections of Title 12 of the Code of Federal Regulations

5.61

Payment of dividends; capital limitations

5.62

Payment of dividends; earnings limitation

6.6

Prompt Corrective Action--Dividend Restrictions

7.6120

Dividends Payable in Property Other Than Cash

208.19

Payments of Dividends

208.35

Prompt Corrective Action

325.105

Prompt Corrective Action

563.134

Capital Distributions

565

Prompt Corrective Action


  1Subsections (g) and (h) only.
  2Applies only to insured federal branches of foreign banks.
  3Applies only to insured state branches of foreign banks.
  4See 12 CFR parts 337.3 and 349.3.
  5See 12 CFR part 563.43.

[Codified to 12 C.F.R. Part 363, Appendix A]

[Appendix A to Part 363 amended at 61 Fed. Reg. 6494, February 21, 1996, effective April 1, 1996; 62 Fed. Reg. 63259, November 28, 1997, effective January 1, 1998]

[Main Tabs]     [Table of Contents - 2000]     [Index]     [Previous Page]     [Next Page]     [Search]

 

 

regs@fdic.gov

Sitemap | Search | Help | Home

1 ACB represents the nation's community banks of all charter types and sizes. ACB members, whose aggregate assets exceed $1 trillion, pursue progressive, entrepreneurial and service-oriented strategies in providing financial services to benefit their customers and communities.

2 Pub. L. 107-204 (2002).

3 Pub. L. 102-242 (1991), Title I, Subtitle B, § 112, adding section 36 of the Federal Deposit Insurance Act; 12 U.S.C. § 1831m.

4 12 U.S.C. § 1831m.

5 12 C.F.R. Part 363.

6 12 U.S.C. § 1831m(i); 12 C.F.R. § 363.1(b). CAMEL ratings (which have been expanded to CAMELS) are composite ratings under the Uniform Financial Institutions Rating System given to depository institutions after a safety and soundness examination. CAMELS is an acronym for capital, assets, management, earnings, liquidity and sensitivity to market risk.

7 15 U.S. C. § 78l(i).

8 Interagency Policy Statement on the Internal Audit Function and its Outsourcing, dated December 22, 1997, issued by the Board of Governors of the Federal Reserve System, the FDIC, the Office of the Comptroller of the Currency (OCC) and the Office of Thrift Supervision (OTS); OTS Thrift Activities Handbook, Management - Section 340.

9 12 C.F.R. §§ 563.200 and 563.201.

10 The Pocket Guide for Directors is available at http://www.fdic.gov/regulations/resources/directors/index.html.

11 See Chapter 4 of The Director's Book, which is available at http://www.occ.treas.gov/director.pdf.

12 The Directors Responsibilities Guide is available at http://www.ots.treas.gov/docs/48090.pdf.

13 NYSE proposed rule 303A.10; NASD proposed rule 4350.

14 NYSE proposed rule 303A.9.

15 67 Fed. Reg. 66212.

____________________________