Download:
pdf |
pdfFDIC: FDIC Law, Regulations, Related Acts - Rules and Regulations
li
II
Page 1 of 10
Federal Deposit Insurance Cor poration
-
Enter Search TextSubmitSearch
Adyanccd Scarch
Homc
Deposit
Insurance
Consumer
Protection
Industr
Analysis
RegulatIons &
ExaminatIons
Asset
Sales
ßews&
About
Events
FDIC
HQlJe:: R.egllJal!Qn,~,E):_a.mJ(I_?liQ.os" L.aws..&..Reg.YJaljo.os.)o FDIC Law. Regulations. Related Acts
FDIC Law, Regulations, Related Acts
(MainIaps! lIableoCCOlJtelJ!s,2QQQJ IIIJÒeX! (PrevjollsP¡¡geJ (NeXtpageJ lSearcbJ
2000 - FDIC Rules and Regulations
((4-28-06 p.3161))
PART 363-ANNUAL INDEPENDENT AUDITS AND REPORTING
REQUIREMENTS
Sec.
363.0 J:tMJLcontrol numJ:er
363.1 Scope.
393.2ADouaLrePortilJg requirements
39.3....3.. 1..IJÒePenÒenl..pub.li.c..accolJnlalJt
3634 FllilJganÒHotice reqlJiremelJts.
393.;1 ... AlJ.òi!committees.
Appendix A to Part 363=G_l!deanes ßDQJlJterpretations
AUTHORITY: 12 U.SC 1831m.
SOURCE: The provisions of lhis Part 363 appear at 58 Fed. Reg. 31335, June 2,1993, effective July
2,1993, except as otherwise noted.
§ 363.0 OMS control number.
The collecting of information requirements in this part have been approved by the Offce of
Management and Budget under OMB control number 3064-0113.
(Codifed to 12 CFR. § 363.0)
§ 363.1 Scope.
(a) Applicabilty. This part applies with respect to fiscal years of insured depository institutions which
begin after December 31,1992. This part does not apply with respect to any fiscal year of any insured
depository institution, the total assets of which, at the beginning of such fiscal year, are less than $500
million.
(b) Compliance by subsidiaries of holding companies. (1) The audited financial statements
requirement of § 363.2(a) may be satisfied for an insured depository institution that is a subsidiary of a
holding company by audited financial statements of the consolidated holding company.
(2) The other requirements of this part for an insured depository institution that is a subsidiary of a
holding company may be satisfied by the holding company if:
(i) The services and functions comparable to those required of the insured depository institution by
this part are provided at the holding company level; and
(ii) The insured depository institution has as of the beginning of its fiscal year:
(A) Total assets of less than $5 billion; or
(B) Total assets of $5 billion or more and a composite CAMELS rating of 1 or 2.
(3) The appropriate federal banking agency may revoke the exception in paragraph (b)(2) of this
section for any institution with total assets in excess of $9 billion for any period of time during which the
appropriate federal banking agency determines that the institution's exemption would create a significant
risk to the Deposit Insurance Fund.
(Codifed to 12 CFR. § 363.1)
(Section 363.1 amended at 61 Fed. Reg. 6493, February 21, 1996, effective April
20527, April 21, 20061
1, 1996; 71 Fed. Reg.
§ 363.2 Annual reporting requirements.
http://ww . fdic. gOY /regulations/laws/rules/2000-8 5 00 .html
9/10/2008
�FDIC: FDIC Law, Regulations, Related Acts - Rules and Regulations
Page 2 of 10
(a) Audited financial statements. Each insured depository institution shall prepare annual financial
statements in accordance with generally accepted accunting principles which shall be audited by an
independent public accuntant.
(b) Management report. Each insured depository institution annually shall prepare, as of the end of the
institution's most recent fiscal year, a management report signed by its chief executive offcer and chief
accounting or chief financial offcer which contains:
(1) A statement of management's responsibilities for preparing the institution's annual financial
statements, for establishing and maintaining an adequate internal control structure and procedures for
financial reporting, and for complying with laws and
((4-28-06 p.3162ì)regulations relating to safety and soundness which are designated by the FDIC and
the appropriate federal banking agency; and
(2) An assessment by management of the institution's compliance with such laws and regulations
during such fiscal year; and
(3) For an institution with total assets of $1 billon or more at the beginning of such fiscal year, an
assessment by management of the effectiveness of such internal control structure and procedures as of
the end of such fiscal year.
(Codified to 12 CFR. § 363.2)
(Section 362.2 amended at 70 Fed. Reg. 71232, November 28,2005, effective December 28, 2005 and
applies to part 363 annual reports with a fiing deadline (90 days after the end of an institution's fiscal
year) on or after the effective date of these amendments)
§ 363.3 Independent public accountant,
(a) Annual audit of financial statement. Each insured depository institution shall engage an
independent public accountant to audit and report on its annual financial statements in accordance with
generally accpted auditing standards and section 37 of the Federal Deposit Insurance Act (12 U.S.C.
1jl3JD). The scope of the audit engagement shall be suffcient to permit such accountant to determine
and report whether the financial statements are presented fairly and in accordance with generally
accepted accounting principles.
(b) Additional reports. For each insured depository institution with total assets of $1 billion or more at
the beginning of the institution's fiscal year, such independent public accountant shall examine, attest to,
and report separately on, the assertion of management conceming the institution's internal control
structure and procedures for financial reporting. The attestation shall be made in accordance with
generally accepted standards for attestation engagements.
(c) Notice by accountant of termination of services. An independent public accuntant performing an
audit under this part who ceases to be the accountant for an insured depository institution shall notify the
FDIC and the appropriate federal banking agency in writing of such termination within 15 days after the
occurrence of such event, and set forth in reasonable detail the reasons for such termination.
(Codified to 12 CFR. § 363.3)
(Section 363.3 amended at 62 Fed. Reg. 63257, November 28, 1997, effective January 1, 1998; 70 Fed.
Reg. 71232, November 28, 2005, effective December 28, 2005 and applies to part 363 annual reports
with a filing deadline (90 days after the end of an institution's fiscal year) on or after the effective date of
these amendments)
§ 363.4 Filing and notice requirements.
(a) Annual reporting. Within 90 days after the end of its fiscal year, each insured depository institution
shall file with each of the FDIC, the appropriate federal banking agency, and any appropriate state bank
supervisor, two copies of an annual report containing audited annual financial statements, the
independent public accountant's report thereon, management's statements and assessments, and the
independent public accountant's attestation report concerning the institution's internal control structure
and procedures for financial reporting as required by §§ 363.2(a), 363.3(a), 363.2(b), and 363.3(b)
respectively;
(b) Public availability The annual report in paragraph (a) of this section shall be available for public
inspection.
(c) Independent accountant's reports. Each insured depository institution shall fie with the FDIC, the
appropriate federal banking agency, and any appropriate state bank supervisor, a copy of any
management letter, qualification, or other report issued by its independent public accountant with respec'
to such institution and the services provided by such accountant pursuant to this part within 15 days aftei
receipt.
(d) Notice of engagement or change of accountants. Each insured depository institution shall provide,
within 15 days after the occurrence of any such event, written notice to the
((12-30-05 p316201))FDIC, the appropriate federal banking agency, and any appropriate state bank
supervisor of the engagement of an independent public accountant, or the resignation or dismissal of the
independent public accountant previously engaged. The notice shall include a statement of the reasons
for any such event in reasonable detaiL.
(Codifed to 12 C. FR § 363.4)
(Section 363.4 amended at 61 Fed. Reg. 6493, February 21, 1996, effective April
1, 1996; 62 Fed. Reg.
63257, November 28, 1997, effective January 1, 1998)
§ 363.5 Audit committees.
(a) Composition and duties. Each insured depository institution shall establish an audit committee of its
board of directors, the composition of which complies with paragraphs (a)(1), (2), and (3) of this section,
and the duties of which shall include reviewing with management and the independent public accountant
the basis for the reports issued under this part.
(1) Each insured depository institution with total assets of $1 billon or more as of the beginning of its
fiscal year shall establish an independent audit committee of its board of directors, the members of
which shall be outside directors who are independent of management of the institution.
(2) Each insured depository institution with total assets of $500 million or more but less than $1 bilion
http://ww . fdic. gOY /regulations/laws/rules/2000-8500 .html
9/10/2008
�FDIC: FDIC Law, Regulations, Related Acts - Rules and Regulations
Page 3 of 10
as of the beginning of its fiscal year shall establish an audit committee of its board of directors, the
members of which shall be outside directors, the majority of whom shall be independent of management
of the institution. The appropriate Federal banking agency may, by order or regulation, permit the audit
committee of such an insured depository institution to be made up of less than a majority of outside
directors who are independent of management, if the agency determines that the institution has
encountered hardships in retaining and recruiting a suffcient number of competent outside directors to
serve on the audit committee of the institution.
(3) An outside director is a director who is not, and within the preceding fiscal year has not been, an
offcer or employee of the institution or any affliate of the institution.
(b) Committees of large institutions. The audit committee of any insured depository institution that has
total assets of more than $3 bilion, measured as of the beginning of each fiscal year, shall include
members with banking or related financial management expertise, have access to its own outside
counsel, and not include any large customers of the institution. If a large institution is a subsidiary of a
holding company and relies on the audit committee of the holding company to comply with this rule, the
holding company audit committee shall not include any members who are large customers of the
subsidiary institution.
(Codifed to 12 CFR. § 363.5)
(Section 363.5 amended at 61 Fed. Reg. 6493, February 21, 1996, effective April
1, 1996; 70 Fed. Reg.
71232, November 28, 2005, effective December 28, 2005 and applies to part 363 annual reports with a
fiing deadline (90 days after the end of an instiution's fiscal year) on or after the effective date of these
amendments)
Appendix A to Part 363-Guidelines and Interpretations
Table of Contents
Introduction
Scope of Rule (§ 363.1)
1. Measuring Total Assets
2. Insured Branches of Foreign Banks
3. Compliance by Holding Company Subsidiaries
4. Comparable Services and Functions
Annual Reporting Requirements (§ 363.2)
5. Annual Financial Statements
6. Holding Company Statements
((12-30-05 p.3162.02J)
7. Insured Branches of Foreign Banks
8. Management Report
9. Safeguarding of Assets
10. Standards for Internal Controls
11. Service Organizations
12. Compliance with Laws and Regulations
Role of Independent Public Accountant (§ 363.3)
13. General Qualifications
14. Independence
15. Peer Reviews
16. Filng Peer Review Reports
17. Information to Independent Public Accountant
18. Attestation Report
19. Reviews with Audit Committee and Management
20. Notice of Termination
21. Reliance on Internal Auditors
Filing and Notice Requirements (§ 363.4)
22. Place for Filing
23. Relief From Filing Deadlines
24. Public Availability
25. Independent Public Accountant's Reports
26. Notices Concerning Accountants
Audit Committees (§ 363.5)
27. Composition
28. "Independent of Management" Considerations
29. Lack of Independence
30. Holding Company Audit Committees
31. Duties
32. Banking or Related Financial Management Expertise
33. Large Customers
34. Access to Counsel
35. Forming and Restructuring Audit Committees
Other
36. Modifications of Guidelines
Introduction
Congress added section 36, "Early Identification of Needed improvements in Financial
Management" (section 36), to the Federal Deposit Insurance Act (FDI Act) in 1991.
http://ww . fdic. gOY /regulations/laws/rules/2000-8500 .html
9/10/2008
�FDIC: FDIC Law, Regulations, Related Acts - Rules and Regulations
Page 4 of 10
The FDIC Board of Directors adopted 12 CFR part 363 of its rules and regulations (the Rule) to
implement those provisions of section 36 that require rulemaking. The FDIC also approved these
"Guidelines and Interpretations" (the Guidelines) and directed that they be published with the Rule to
facilitate a better understanding of, and full compliance with, the provisions of section 36.
Although not contained in the Rule itself, some of the guidance offered restates or refers to statutory
requirements of section 36 and is therefore mandatory. If that is the case, the statutory provision is
cited.
Furthermore, upon adopting the Rule, the FDIC reiterated its belief that every insured depository
institution, regardless of its size or charter, should have an annual audit of its financial statements
performed by an independent public accountant, and should establish an audit committee comprised
entirely of outside directors.
The following Guidelines reflect the views of the FDIC concerning the interpretation of section 36. The
Guidelines are intended to assist insured depository institutions (instituH12-30-05 p3162.03J)tions), their boards of directors, and their advisors, including their independent
public accountants and legal counsel, and to clarify section 36 and the Rule. It is recognized that
reliance on the Guidelines may result in compliance with section 36 and the Rule which may vary from
institution to institution. Terms which are not explained in the Guidelines have the meanings given them
in the Rule, the FDI Act, or professional accounting and auditing literature.
Scope of Rule (§ ~6~.1J
1. Measuring Total Assets. To determine whether this part applies, an institution should use total
assets as reported on its most recent Report of Condition (Call Report) or Thrift Financial Report (TFR),
the date of which coincides w~h the end of its preceding fiscal year. If its fiscal year ends on a date
other than the end of a calendar quarter, it should use its Call Report or TFR for the quarter end
immediately preceding the end of its fiscal year.
2. Insured Branches of Foreign Banks. Unlike other institutions, insured branches of foreign banks are
not separately incorporated or capitalized. To determine whether this part applies, an insured branch
should measure claims on non-related parties reported on its Report of Assets and Liabilities of U.S.
Branches and Agencies of Foreign Banks (form FFIEC 002).
3. Compliance by Holding Company Subsidiaries. Audited consolidated financial statements and other
reports or notices required by this part which are submitted bya holding company for any subsidiary
institution, should be accmpanied by a cover letter identifying all subsidiary institutions to which they
pertain. An institution filing holding company consolidated financial statements as permitted by § 363..1
(b) also may report on changes in its independent public accountant on a holding company basis. An
institution that does not meet the criteria in section 36(i) must satisfy the remaining provisions of the
statute and this part on an individual institution basis, and maintain its own audit committee. Multi-tiered
holding companies may satisfy all requirements of this part at any leveL.
4. Comparable Services and Functions. Services and functions will be considered "comparable" to
those required by this part if the holding company:
(a) Prepares reports used by the subsidiary institution to meet the requirements of this part;
(b) Has an audit committee that meets the requirements of this part appropriate to its largest
subsidiary institution; and
(c) Prepares and submits the management assessments of the effectiveness of the internal control
structure and procedures for financial reporting (internal controls), and compliance with the designated
laws defined in guideline 12 based on information concerning the relevant activities and operations of
those subsidiary institutions within the scope of the rule.
Annual Reporting Requirements (§ ~6~.:1)
5. Annual Financial Stafements. Each institution should prepare comparative annual consolidated
financial statements (balance sheets, statements of income, changes in equity capital, and cash flows,
with accompanying footnote disclosures) in accordance with generally accepted accounting principles
(GAAP) for each of its two most recent fiscal years. Statements for the earlier year may be presented on
an unaudited basis if the institution was not subject to this part for that year and audited statements
were not prepared.
6. Holding Company Statements. Subsidiary institutions may file copies of their holding company's
audited financial statements fied with the Securities and Exchange Commission (SEC) or prepared for
their FR Y--6 Annual Report under the Bank Holding Company Act of 1956.
7. Insured Branches of Foreign Banks. An insured branch of a foreign bank should satisfy the financial
statements requirement by filing one of the following for the two preceding fiscal years:
(112-30-05 p.3162.04))
(a) Audited balance sheets, disclosing information about financial instruments with off-balance-sheet
risk;
(b) Schedules RAL and L of form FFIEC 002, prepared and audited on the basis of the instructions
for its preparation; or
(c) With written approval of the appropriate federal banking agency, consolidated financial
statements of the parent bank.
8. Management Report. Management should perform its own investigation and review of the
effectiveness of internal controls and compliance with the Designated Laws defined in Guideline 12.
Management also should maintain records of its determinations and assessments until the next federal
safety and soundness examination, or such later date as specified by the FDIC or appropriate federal
banking agency. Management should provide in its assessment of the effectiveness of internal controls,
or supplementally, suffcient information to enable the accuntant to report on its assertions. The
management report of an insured branch of a foreign bank should be signed by the branch's managing
offcial if the branch does not have a chief executive or financial offcer.
9. Safeguarding of Assets. "Safeguarding of assets," as the term relates to internal control policies
and procedures regarding financial reporting and which has precedent in accounting literature, should
be encompassed in the management report and the independent public accountant's attestation
discussed in guideline 18. Testing the existence of and compliance with internal controls on the
management of assets, including loan underwriting and documentation, represents a reasonable
implementation of section 36. The FDIC expects such internal controls to be encompassed by the
assertion in the management report, but the term "safeguarding of assets" need not be specifically
stated. The FDIC does not require the accountant to attest to the adequacy of safeguards, but does
require the accountant to determine whether safeguarding policies exist J
10. Standards for Internal Controls. Each institution should determine its own standards for
establishing, maintaining, and assessing the effectiveness of its internal controls. '
11. Service Organizations. Although service organizations should be considered in determining if
internal controls are adequate, an institution's independent public accountant, its management, and its
http://ww . fdic .gov /regulations/laws/rules/2000-85 00 .html
9/10/2008
�FDIC: FDIC Law, Regulations, Related Acts - Rules and Regulations
Page 5 of
10
audit committee should exercise independent judgment concerning that determination. Onsite reviews
of service organizations may not be neæssary to prepare the report required by the Rule, and the FDIC
does not intend that the Rule establish any such requirement
12. Compliance with Laws and Regulations. The designated laws and regulations are the federal laws
and regulations concerning loans to insiders and the federal and state laws and regulations conærning
dividend restrictions (the Designated Laws). Table 1 to this Appendix A lists the designated federallaws
and regulations pertaining to insider loans and dividend restrictions that are applicable to each type of
institution.
Role of Independent Public Accountant (§ 3i;3.3)
13. General Qualifications. To provide audit and attest services to insured depository institutions, an
independent public accuntant should be registered or Iiænsed to practiæ as
the state or other
political subdivision of the United States in which the home offce of the instiution (or the insured branch
of a foreign bank) is located. As required by section 36(g)3(A)(i), the accountant must agree to provide
copies of any workpapers, policies, and procedures relating to services performed under this part.
14. Independence. The Independent public accountant also should be in complianæ with the AICPA's
Code of Professional Conduct and meet the independence requirements and interpretations of the SEC
and its staff.
15. Peer Reviews. As required by section 36(g)3(A)(ii), the independent public accuntant must have
received, or be enrolled in, a peer review that meets acceptable guidelines. The following peer review
guidelines are accptable:
(\6-30-D6 p3162.05))a public accountant, and be in good standing, under the laws of
(a) The external peer review should be conducted by an organization independent of the accountant
or firm being reviewed, as frequently as is consistent with professional accunting practiæs;
(b) The peer review should be generally consistent with AICPA standards; :¡ and
(c) The review should include, if available, at least one audit on an insured depository instituion or
consolidated financial holding company. Peer review working papers are to be retained for 120 days
after the peer review report is filed with the FDIC, and be made available to the FDIC upon request, in a
form consistent with the SEC's agreement with the accounting profession.
16. Filng Peer Review Reports. Within 15 days of receiving notification that the peer review has been
accepted, or before commencing any audit under the Rule, whichever is earlier, two copies of the most
recent peer review report, accmpanied by any letter of comments and letter of response, should be
filed by the independent public accuntant (if not already on fie) with the FDIC, Accounting and
Securities Disclosure Section, 550 17th Street NW., Washington, D.C. 20429, where they will be
available for public inspection. All corrective action required under any qualified peer review report
should have been taken before commencing services under this Rule.
17. Information to Independent Public Accountant. Attention is directed to section 36(h) which requires
institutions to provide specified information to their accountants. An institution also should provide its
accountant with copies of any notice that the institution's capital category is being changed or
reclassified under section 38 of the FDI Act, and any correspondence from the appropriate federal
banking agency conærning compliance with this part.
18. Attestation Report. The independent public accountant should provide the institution with an
internal controls attestation report and any management letter at the conclusion of the audit as required
by section 36(c)(1). If a holding company subsidiary relies on its holding company management report,
the accountant may attest to and report on the management's assertions in one report, without reporting
separately on each subsidiary covered by the Rule. The FDIC has determined that management letters
are exempt from public disclosure.
19. Reviews with Audit Commitee and Management. The independent public accountant should meet
with the institution's audit committee to review the accountant's reports required by this part before they
are filed. It also may be appropriate for the accountant to review its findings with the institution's board of
directors and management
20. Notice of Termination. The notice required by § 363.3(c) should state whether the independent
public accountant agrees with the assertions contained in any notiæ fied by the institution under
§ 363.4(d), and whether the institution's notice discloses all relevant reasons.
21. Reliance on Internal Auditors. Nothing in this part or this appendix is intended to preclude the
ability of the independent public accountant to rely on the work of an institution's internal auditor.
(\6-30-06 p.3162.06)J
Filng and Notice Requirements (§:ii;3A)
22. Place for Filing. Exæpt for peer review reports fied pursuant to Guideline 16, all reports and
notices required by, and other communications or requests made pursuant to, the Rule should be filed
as follows.
(a) FDIC: Appropriate FDICRegiüQal.orAreaQffice(SvpervisionanÒCoOslJmerProteciiünl..i.e., the
FDIC regional or area offce in the FDIC region or area that is responsible for monitoring the institution
or, in the case of a subsidiary institution of a holding company, the consolidated company. A filing made
on behalf of several covered institutions owned by the same parent holding company should be
accompanied by a transmittal letter identifying all of the institutions covered.
(b) Offce of the Comptroller of the Currency (OCC): appropriate OCC Supervisory Offce.
(c) Federal Reserve: Appropriate Federal Reserve Bank.
(d) Offce of Thrift Supervision (OTS): appropriate OTS District Offce.
(e) State bank supervisor: the fiing offce of the appropriate state bank supervisor.
23. Relief from Filing Deadlines. Although the reasonable deadlines for fiings and other notices
established by this part are specified, some institutions may occasionally be confronted with
extraordinary circumstances beyond their reasonable control that may justify extensions of a deadline.
In that event, upon written application from an insured depository institution, setting forth the reasons for
a requested extension, the FDIC or appropriate federal banking agency may, for good cause, extend a
deadline in this part for a period not to exceed 30 days.
24. Public Availability. Each institution's annual report should be available for public inspection at its
main and branch offæs no later than 15 days after it is filed with the FDIC. Alternatively, an institution
may elect to mail one copy of its annual report to any person who requests it The annual report should
remain available to the public until the annual report for the next year is available. An institution may use
its annual report under this part to meet the annual disclosure statement required by12 CFR3;1Q.3, if
the institution satisfies all other requirements of 12 CFR Part 350.
25. Independent Public Accountant's Reports. Section 36(h)(2)(A) requires that, within 15 days of
receipt by an institution of any management letter or other report, such letter or other report shall be filed
with the FDIC, any appropriate federal banking agency, and any appropriate state bank supervisor.
Institutions and their accountants are encouraged to coordinate preparation and delivery of audit and
http://ww . fdic.gov /regulations/laws/rulesl2 000-85 00 .html
9/10/2008
�FDIC: FDIC Law, Regulations, Related Acts - Rules and Regulations
Page 6 of 10
attestation reports and fiing the annual report, to avoid duplicate filings.
26. Notices Concerning Accountants. Institutions should review and satisfy themselves as to
compliance with the required qualifications set forth in guidelines 13-15 before engaging an
independent public a=untant With respect to any selection, change or termination of an accountant,
institutions should be familiar with the notice requirements in guideline 21, and should send a copy of
any notice under § 363.4(d) to the a=untant when it is filed with the FDIC. An institution which files
reports with its appropriate federal banking agency under, or is a subsidiary of a holding company which
files reports with the SEC pursuant to, the Securities Exchange Act of 1934 may use its current report
(e.g., SEC Form 8-K) concerning a change in accountant to satisfy the similar notice requirements of
this part.
Audit Committees (§~li3.I
27. Compositon. The boand of directors of each institution should determine if outside directors meet
the requirements of section 36 and this part. At least annually, the board of an institution with $1 billon
or more in total assets at the beginning of its fiscal year should determine whether all existing and
potential audit committee members are "independent of management of the institution" and the board of
an institution with total assets of $500 millon or more but less than $1 bilion as of the beginning of its
fiscal year should determine whether the
\(2-30-05 p.3162.071)majority of all existing and potential audit committee members are "independent
of management of the institution." Because an insured branch of a foreign bank does not have a
separate board of directors, the FDIC will not apply the audit committee requirements to such branch.
However, any such branch is encouraged to make a reasonable good faith effort to see that similar
duties are performed by persons whose experience is generally consistent with the Rule's requirements
for an institution the size of the insured branch.
28. "Independent of Management" Considerations. In determining whether an outside director is
independent of management, the board should consider all relevant information. This would include
considering whether the director:
(a) Has previously been an offcer of the institution or any affliate of the institution;
(b) Serves or served as a consultant, advisor, promoter, underwriter, legal counsel, or trustee of or to
the institution or its affliates;
(c) Is a relative of an offcer or other employee of the institution or its affliates;
(d) Holds or controls, or has held or controlled, a direct or indirect financial interest in the institution or
its affliates; and
(e) Has outstanding extensions of credit from the institution or its affliates.
29. Lack of Independence. An outside director should not be considered independent of management
if such director owns or controls, or has owned or controlled within the preceding fiscal year, assets
representing 10 percent or more of any outstanding class of voting securities of the institution.
30. Holding Company Audit Committees. When an insured depository institution subsidiary fails to
meet the requirements for the holding company exception in § 363.1 (b )(2) or maintains its own separate
audit committee to satisfy the requirements of this part, members of the independent audit committee of
the holding company may serve as the audit committee of the subsidiary institution if they are otherwise
independent of management of the subsidiary, and, if applicable, meet any other requirements for a
large subsidiary institution covered by this part. However, this does not permit offcers or employees of a
holding company to serve on the audit committee of its subsidiary institutions. When the subsidiary
institution satisfies the requirements for the holding company exception in § 363.1(b)(2), members ofthe
audit committee of the holding company should meet all the membership requirements applicable to the
largest subsidiary depository institution and may perform all the duties of the audit committee of a
subsidiary institution, even though such holding company directors are not directors of the institution.
31. Duties. The audit committee should perform all duties determined by the institution's board of
directors. The duties should be appropriate to the size of the institution and the complexity of its
operations, and include reviewing with management and the independent public a=untant the basis
for their respective reports issued under §§ 363.2(a) and (b) and 363.3(a) and (b). Appropriate
additional duties could include:
(a) Reviewing with management and the independent public a=untant the scope of services
required by the audit, significant accounting policies, and audit conclusions regarding significant
accounting estimates;
(b) Reviewing with management and the accountant their assessments of the adequacy of internal
controls, and the resolution of identified material weaknesses and reportable conditions in internal
controls, including the prevention or detection of management override or compromise of the internal
control system;
(c) Reviewing with management and the accountant the institution's compliance with laws and
regulations;
(d) Discussing with management the selection and termination of the accountant and any significant
disagreements between the accountant and management; and
(e) Overseeing the internal audit function.
it is recommended that audit committees maintain minutes and other relevant records of their meetings
and decisions.
32. Banking or Related Financial Management Expertise. At least two members of the audit
committee of a large institution shall have "banking or related financial management expertise" as
required by section 36(g)(1 )(C)(i). This determination is to be made by the
l(12-30-05 p.3162.08))board of directors of the insured depository institution. A person will be
considered to have such required expertise if the person has significant executive, professional,
educational, or regulatory experience in financial, auditing, accounting, or banking matters as
determined by the board of directors. Significant experience as an offcer or member of the board of
directors or audit committee of a financial services company would satisfy these criteria.
33. Large Customers. Any individual or entity (including a controllng person of any such entity) which,
in the determination of the board of directors, has such significant direct or indirect credit or other
relationships with the institution, the termination of which likely would materially and adversely affect the
institution's financial condition or results of operations, should be considered a "large customer" for
purposes of § 363.5(b).
34. Access to Counsel. The audit committee should be able to retain counsel at its discretion without
prior permission of the institution's board of directors or its management Section 36 does not preclude
advice from the institution's internal counselor regular outside counseL. It also does not require retaining
or consulting counsel, but if the committee elects to do either, it also may eiect to consider issues
affecting the counsel's independence. Such issues would include whether to retain or consult only
counsel not concurrently representing the institution or any affliate, and whether to place limitations on
any counsel representing the institution concerning matters in which such counsel previously
participated personally and substantially as outside counsel to the committee.
35. Forming and Restructuring Audit Committees. Audit committees should be formed within four
http://ww . fdic. gOY /regulations/laws/rulesI2000-8500 .html
9/10/2008
�FDIC: FDIC Law, Regulations, Related Acts - Rules and Regulations
Page 7 of
10
months of the effective date of this part. Some institutions may have to restructure existing audit
committees to comply with this part No regulatory action will be taken if institutions restructure their
audit committees by the earlier of their next annual meeting of stockholders, or one year from the
effective date of this part
Other
36. Modifcations of Guidelines. The FDIC's Board of Directors has delegated to the Director of the
FDIC's Division of Supervision and Consumer Protection (DSC) authority to make and publish in the
Federal Register minor technical amendments to the Guidelines in this appendix, in consultation with
the other appropriate federal banking agencies, to reflect the practical experience gained from
implementation of this part. It is not anticipated any such modification would be effective until affected
institutions have been given reasonable advance notice of the modification. Any material modification or
amendment will be subject to review and approval of the FDIC Board of Directors.
Table 1 to Appendix A
!Designated
Federal'Cawsand
Reguiations. AppiiCable 10
( State State non(National member member
Savings
associations
I banks banks banks
IlnsiderLoan's:'Partsand/orSections of
TiÌle 120iihe UniÌed
siaies
Code ..
.375a .Loans to Executive Offcers of Banks. ¡"" "" l)
'375b
,
,
Prohibitions Respecting Loans and
(Extensions of Credit to Executive
(Offcers and Directors of Banks, Political
'Campaign, Committees, etc.
¡1468(b)
'Extensions of Credit to Executive
Offcers, Directors, and Principal
,
Shareholders.
""
""
'l)
1(1)
(1)
""
Provisions Relating to Loans, Extensions
H12.30.05
p.3162.09))
't§2§(j of Credit, and Other Dealings Between
;(2) Member Banks and Their Affliates,
Executive Offcers, Directors, etc.
Extensions of Credit Applicability of
Provisions Relating to Loans, Extensions
'UI2S(j ,of Credit, and Other Dealings Between e)
(3)
1(3)(B) Insured Branches of Foreign Banks and
Their Insiders.
Parts and/or Sections of Title 12 of the Code of Federal Regulations
. -- AppÔCationoILegaILeñ;¡;g-Cirñils;
¡""
23.5
Restrictions on Transactions With
Affliates.
31
215
Extensions of Credit to National Bank
Insiders
Subpart A-Loans by Member Banks to
Their Executive Offcers, Directors, and
Principal Shareholders.
""
""
""
(4)
(5)
""
""
(4)
(5)
Subpart B-Reports of Indebtedness of
Executive Offcers and Principal
Shareholders of Insured Nonmember
Banks.
Limits on Extensions of Credit to
337.3
Executive Offcers, Directors, and
""
Principal Shareholders of Insured
Nonmember Banks.
349.3
~, umu', ""...n.............................................. '"
¡Reports by Executive Offcers and
""
Principal Shareholders
icÏanstiy Sa~ings Associations to Their
""
563.43 ¡Executive Offcers, Directors, and
Principal Shareholders.
_"_
~'".~, ~_'_.'_~_'~__." _~'W
Dividend Restrictions-Parts and/or Sections of Title 12 of the United States Code
,'PrcÏ¡:iti¡¡oñõn'0ilhdrawaloICapilaí and ""
56
""
'Unearned Dividends
.~ ,......rrw,.r' ,~","
"" ""
.60 Dividends and Surplus Funds
""
149Z¡¡(f) Declaration of Dividends
18310
Prompt Corrective Action-Dividend
Restrictions
""
""
""
""
Parts and/or Sections of Title 12 of the Code of Federal Regulations
5.61 Payment of dividends; capital
limitations
5.62 Payment of dividends; earnings limitation
6.6
76120
208.19
208.35
Prompt Corrective Action-Dividend
Restrictions
Dividends Payable in Propert Other
Than Cash
Payments of Dividends
Prompt Corrective Action
http://ww . fdic .gov /regulations/laws/rules/2000-8 5 00 .html
9/10/2008
�FDIC: FDIC Law, Regulations, Related Acts - Rules and Regulations
Page 8 of 10
'Subsections (g) and (h) only.
2Applies only to insured federal branches of foreign banks.
3Applies only to Insured state branches of foreign banks. ((2-30-05 p.3162.10¡¡
4See 12 CFR parts 337.3 and 349.3.
5See 12 CFR part 563.43.
(Codifed to 12 C.F.R Part 363, Appendix A)
(Appendix A to Part 363 amended at 61 Fed. Reg. 6494, February 21, 1996, effective Apri/l, 1996; 62
Fed. Reg. 63259, November 28, 1997, effective January 1, 1998; 70 Fed. Reg. 71232, November 28,
2005, effective December 28, 2005 and applies to part 363 annual reports with a fiing deadline (90 days
after the end of an institution's fiscal year) on or after the effective date of these amendments)
NOTE
Preamble to Part 363
IIi. Background
In September 1992, the FDIC proposed regulations (57 FR 42516, Sept 15, 1992) to implement the
provisions of section 112 of FDICIA, entitled "Independent Annual Audits of Insured Depository
Institutions." The requirements of section 112 apply to fiscal years of insured depository institutions that
begin after December 31,1992.
The new statutory provision, contained in section 36, requires the FDIC, in consultation with the
appropriate federal banking agencies, to promulgate regulations requiring institutions over a certain
asset size to have an annual independent audit of their financial statements in accordance with generall~
accepted auditing standards and section 370f the FDI Act, and the institution's independent public
accuntant to notify the FDIC upon termination of services. Section 36 also requires the federal banking
agencies jointly to issue rules of practice governing enforcement actions against independent public
accuntants.
IV. Discussion of Final Rule and Public Comments
Section 36 requires the FDIC, in consultation with the other appropriate federal banking agencies, to
prescribe regulations concerning only a few specified provisions of the statute. It also permits, but does
not require, the FDIC to undertake rulemaking pursuant to its general rulemaking authority concerning
other provisions of the statute.
The FDIC has elected to limit, with few exceptions, its rulemaking to a final rule to implement those
provisions of section 36 which specifically require rulemaking. It is persuaded that the approach is
consistent with the letter and spirit of the law and with comments received, with which the FDIC concurs,
that the final rule not impose unnecessary regulatory burdens, provide appropriate flexibility, and be
reasonably cost-effective.
Accordingly, the final rule implements the "Annual Independent Audits of Financial Statements"
requirement of section 36(d)(1) of the FDI Act and the "Notice by Accountant of Termination of Services"
requirement of section 36(g)(5). The FDIC anticipates that, jointly with the other appropriate federal
banking agencies, it promptly will issue rules of practice with respect to removal, suspension or bar of an
independent public accountant from performing audit services for insured depository institutions as
required by section 36(g)(4).
The final rule also restates, by way of emphasis, selective provisions of the statute. That is not
intended, however, to imply that the FDIC does not expect affected insured depository institutions to
comply with all provisions of the statute. Instead, it makes clear that the final rule does not expand the
scope of interpretation of the statutory requirements.
The FDIC received over 305 comment letters concerning the proposed rule. The largest group of
comments, approximately 120, was from banks, about eight percent of which were institutions that were
exempt from proposed Part 363. Another 23 percent were from bank holding companies, including most
of the 25 largest in the United States. Twenty-two letters were from thrifts, four of which are among the
ten largest in the country.
The FDIC has reviewed the proposal in light of these comments. The majority of the commenters
criticized the proposed requirements, and the cost to comply with the proposed rule. The comments are
discussed below.
A Scope.
Section 36 left to the FDIC's discretion whether to exempt institutions having total assets in excess of
$150 million. The FDIC has exercised its discretion to mitigate the financial burden of compliance by
raising
((10-31-07 p.3162.11)lthe threshold from $150 million to $500 million, thereby exempting from the final
rule approximately two-thirds of institutions that would have been subject to section 36, but which pose
less of a risk to the deposit insurance funds, while bringing approximately 75 percent of the banking
assets in the U.S. within the scope of the regulation.
More than 96 percent of Institutions with $500 million or more in total assets report they already engage
an independent public accountant to perform an annual audit of their financial statements or that their
parent company engages an independent public accountant to do the same for its consolidated
statements. All of the remaining institutions in this asset range engage an independent public accountanl
to provide some audit services. Many of these institutions or their holding companies also have audit
committees that comply with the final rule. These facts suggest the final rule will not impose
unacceptable burdens on affected institutions.
Compliance by Subsidiaries of Holding Companies
The requirements for an independent audit may be satisfied for subsidiaries of holding companies by
an independent audit of the holding company. The other requirements of section 36 may be satisfied for
http://ww . fdic. gOY /regulations/laws/rules/2000-8500 .html
9/10/2008
�FDIC: FDIC Law, Regulations, Related Acts - Rules and Regulations
Page 9 of 10
subsidiaries if "services and functions" comparable to those required by the statute are provided at the
holding company level, and, either the institution has total assets, as of the beginning of each fiscal
year, of less than $5 billion; or, total assets between $5 billion and $9 billon, and it received a CAMEL
(or comparable) rating of one or two at its most recent examination.
If a subsidiary meets the foregoing criteria, an independent public accuntant may examine and attest
to the subsidiary's assertions on the consolidated entity's internal control system, and would not be
required to examine and attest to the systems of each subsidiary.
B. Reporting Requirements
1. Definitions
Definitions in the proposed rule have been eliminated in the final nule. Certin relevant terms are
already defined in the FDI Act and professional accounting and auditing literature.
2. Annual Report
The final rule requires each covered institution to prepare an annual report containing financial
statements prepared in accrdance with generally accepted accounting principles (GAAP) that have
been audited by an independent public accountant, and to file such report within 90 days after the end
of each fiscal year. The FDIC has adopted commenters' suggestions that the language of the final nule
more closely track the statute.
The proposal that institutions may use Call Report items or an audit of the Call Report schedules has
been deleted as being unnecessarily confusing, and because such schedules do not comply with
GAAP. In addition, a proposed provision on consolidation has been eliminated.
Many commenters requested that the FDIC delete the proposed provision requiring an audited
reconciliation of an institution's capitl reported under GAAP with the capital calculated under regulatory
capital standards. Because this reconcilation is not specifically required by the statute, the FDIC
eliminated it from the final nule.
3. Management Report
Internal controls for financial reporting. Section 36 requires that each institution prepare an annual
report containing a statement of management's responsibilty for establishing and maintaining an
adequate internal control stnucture and an assessment of the effectiveness of internal controls for
financial reporting.
To comply with the reporting and attestation requirements of the final rule, both management and the
independent public accuntant should refer to terms, including "internal control stnucture" and "control
procedures," in professional accounting and auditing literature.
The FDIC sought comment on whether it should leave the development of internal control criteria to
institutions. After careful consideration, the FDIC has decided that each institution should determine its
own standard for an internal control stnucture and procedures for financial reportng, but that any
assessment by management should include suffcient information to enable the independent public
accountant separately to examine and report on management's assessment.
In response to a number of suggestions, the FDIC has removed the proposed requirement that
"material matters" be as((10-31-07 p3162.12ì)sessed. Nevertheless, an assessment must include all significant items.
Compliance with laws and regulations. Section 36 requires management to assess its own compliance
with designated laws and regulations, and to evaluate the effectiveness of the operation of its internal
control stnucture and procedures for compliance with such laws and regulations.
The final nule also requires that a covered institution engage an independent public accuntant to
report on procedures for compliance with designated laws and regulations. In response to requests from
many commenters the proposed requirement that management provide a description of its handling of
material weaknesses and inadequacies and other reportable conditions was deleted. Commenters
correctly pointed out that these matters should be resolved by the independent public accountant and
management working together to determine the appropriate action to correct any deficiency. The
proposal that institutions submit the names and occupations of audit committee members also was
deleted because this information is available to examiners.
Many commenters addressed the proposal that an independent public accountant provide negative
assurance that an institution has complied with FDIC assessment requirements. They noted section 36
does not require this, and that to require FDIC assessment auditors and independent public accountants
to review the assessment calculations is duplicative and would result in unjustifiable additional expense.
Accordingly, the FDIC has eliminated the requirement in the final regulation.
Many commenters requested that the accountant's management letter be eliminated from the filing
requirement. However, section 36 specifically requires that the management letter, audit report, and any
other report provided by the independent public accountant during the year be fied within 15 days of its
receipt.
In the final rule, the proposed requirement that institutions retain workpapers documenting
management's review of its statements in the management report has been eliminated because it is not
required by section 36, and is not essential to the rule.
Notice of engagement or change of accountants. The final nule establishes notice requirements for
institutions whenever there is a change of accountant. Several commenters questioned whether
institutions had to notify the FDIC and appropriate federal banking agency immediately after the final
nule is effective. Those institutions that have already notified the FDIC and the appropriate federal
banking agency of their accountant's identity need make no additional notification unti there is a change
in accountant.
C. Independent Public Accountant Reporting and Notice Requirements
1. Internal Control Attestation
The final rule requires institutions to engage an independent public accountant to perform an
examination level attestation and report separately on the assertions contained in management's report
regarding management's assessment of the effectiveness of the institution's internal control structure
and procedures for financial reporting. The attestation should be as of the date of management's
assertions and should be in accordance with generally accepted standards for attestation engagements.
2. Compliance With Laws and Regulations Attestation
http://ww . fdic. gOY /regulations/laws/rules/2000-8500 .html
9/10/2008
�FDIC: FDIC Law, Regulations, Related Acts - Rules and Regulations
Page 10 of 10
The final rule requires that each institution engage an independent public accountant to test the
institution's compliance with designated laws and regulations through the performance of agreed upon
procedures. The Guidelines set forth such procedures.
3. Other Duties of i ndependent Public Accountants
The proposal required the independent public accuntant to inform the appropriate federal banking
agency of any apparent criminal violation if management had not already done so. A number of
commenters objected to this requirement becuse it is not specifically mandated by section 36, and it
does not allow time for the institution to investigate the alleged violation before it must be reported to
regulators. The comments are valid and the provision has been deleted.
4. Notice by Accuntant of Termination of Services
The FDIC could not adopt the suggestion of some commenters that the accountant notice provisions
be deleted. Section 36 requires such notice. However, the final rule extends from five days to 15 days
the period of time within which an independent public accuntant must file a termination of services
report.
((10-31-07 p.3162.13)l
D. Audit Commitees
Section 36 requires that each institution have an independent audit committee entirely made up of
outside directors who are independent of the institution. For large institutions, as defined in the final rule,
there are additional criteria: The large institution's audit committee must include members with banking
or related management experience, have access to its own outside counsel, and not include any large
customers of the institution.
The final rule reiterates the requirements of the statute, but does not include specific definitions of
"independent person," "large customer," and "banking and financial management expertise". The FDIC
expects boards of directors to determine if an outside director meets audit committee requirements.
Such a determination will be subject to review by examiners.
The FDIC requested comment on its proposed definition of "large institution". A large majority of
commenters recommended that the proposed large institution asset threshold be increased. After
careful consideration, the FDIC has adopted an asset threshold of $3 bilion. With this threshold, fewer
than 2 percent of the nation's institutions wil be defined as "large", yet more than half of the assets
insured by the Bank Insurance Fund and the Savings Association Insurance Fund will receive the
additional protection afforded by the presence of independent directors who have banking or financial
management expertise, and are not large customers of the institution.
E. Insured Branches of Foreign Banks
A few commenters noted that the proposal did not separately address the responsibilities of insured
branches of foreign banks. Application of section 36 statutory requirements to such branches is
complicated because, unlike other institutions, they are not separately incorporated or capitalized. The
Guidelines facilitate compliance by such branches.
(The page following this is 3165.1
1U is management's responsibility to establish policies concerning underwriting and asset management and to make
credit decisions. The auditor's role is to iest compliance with managements policies relating to financial reporting. Go Back.
to Text
210 considering what ¡nfannahan is needed on safeguarding of assets and standards for internal controls, management
may review guidelines provided by its primary federal regulator; the FDIC's Division of Supervision and Consumer
Protection (DSC) Risk Management Manual of Examination Policies; the Federal Reserve Board's Commercial Bank
Examination Manual and other relevant regulations; the Ofce of Thnft Supervsion's Thnft Activilies Handbook; the
Comptroller of the Currency's Handbook for National Bank Examiners; and standards published by professional
accounting organizations, such as the American Institute of Certified Public Accountants' (AICPA) Statement on Auditing
Standards No. 55, "Considerahon of the Internal Control Structure in a Financial Statement Audit," as amended by
Statemenl of Audiling Standards No 78; the Committee of Sponsoring Organizations (COSO) of the Treadway
Commission's Internal Control--fntegrated Framework, including its addendum on safeguarding of assets; and other
internal conlrol standards published by the AICPA, other accounting or auditing professional associallons, and financial
institution trade associations. Go Back to Text
3These would include Standards for Performing and Reporting on Peer Reviews, codified in the SEC Practice Section
Reference Manual, and Standards for Penonning and Reporting on Peer Reviews, contained in Volume 2 of the AICPA's
Professional Standards. Go Back to T ex!
fflain Tabs) rr~tQlggf Contents - 2000) (Index) fPrevious Page) fNextEagel §earçbl
re'd-Sl.tq.i,ç".QQ-y
1:9JJg Contact Us ~e~,"~!i Hl1Jp S¡tl1Mil Forms
Freedom of Information Act (FOIAl Service Center Website Policies USAgov
FOICO.fiçe oLlnspeçtoLGener¡¡1
http://ww .fdic.gov /regulations/laws/rules/2000-8500.html 9/1 012008
�
| File Type | application/pdf |
| Author | hmessite |
| File Modified | 0000-00-00 |
| File Created | 0000-00-00 |