[Federal Register Volume 62, Number 229 (Friday, November 28, 1997)]
[Rules and Regulations]
[Pages 63256-63260]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-30860]
[[Page 63256]]
=======================================================================
-----------------------------------------------------------------------
FEDERAL DEPOSIT INSURANCE CORPORATION
12 CFR Part 363
RIN 3064-AC06
Independent Audits and Reporting Requirements
AGENCY: Federal Deposit Insurance Corporation (FDIC or Corporation).
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The FDIC is amending its regulations concerning annual
independent audits and reporting requirements which implement section
36 of the Federal Deposit Insurance Act (FDI Act). Section 36 is
generally intended to facilitate early identification of problems in
financial management at larger insured depository institutions through
annual independent audits, assessments of the effectiveness of internal
controls and compliance with designated laws and regulations, and more
stringent reporting requirements.
Section 2301 of the Economic Growth and Regulatory Paperwork
Reduction Act of 1996 (EGRPRA) repealed section 36(e) of the FDI Act
which required that each insured depository institution over a certain
size have an independent public accountant perform specified procedures
for determining compliance with designated safety and soundness laws.
Accordingly, the FDIC is eliminating Schedule A to Appendix A, ``Agreed
Upon Procedures for Determining Compliance with Designated Laws''.
Section 2301 of EGRPRA also permits the FDIC in certain
circumstances to exempt institutions from the requirement that audit
committees be comprised entirely of outside directors. It further
permits the FDIC to designate certain information filed under section
36 as privileged and confidential and therefore not available to the
public.
The FDIC is also making several technical changes to the Guidelines
and Interpretations (Guidelines) published as an appendix to the annual
independent audit rule. The changes delete certain filing requirements
that have been determined to be unnecessary, and clarify ambiguities
identified by the Corporation, financial institutions, and accountants
since the audit rule was promulgated.
EFFECTIVE DATE: The final regulation is effective January 1, 1998.
FOR FURTHER INFORMATION CONTACT: Doris L. Marsh, Examination
Specialist, Division of Supervision (202) 898-8905, FDIC, 550 17th
Street, N.W., Washington, DC 20429, or Sandra Comenetz, Counsel, Legal
Division, (202) 898-3582, FDIC, 550 17th Street N.W., Washington, DC
20429.
SUPPLEMENTARY INFORMATION:
I. Background
Section 112 of the Federal Deposit Insurance Corporation
Improvement Act of 1991 (FDICIA) added section 36, ``Independent Annual
Audits of Insured Depository Institutions,'' to the FDI Act (12 U.S.C.
1831m). As enacted, section 36 required the FDIC, in consultation with
the appropriate federal banking agencies, to promulgate regulations
requiring each insured depository institution over a certain asset size
(covered institution) to have an annual independent audit of its
financial statements performed in accordance with generally accepted
auditing standards and section 37 of the FDI Act (12 U.S.C. 1831n), and
to provide a management report and an independent public accountant's
attestation concerning the effectiveness of the institution's internal
controls for financial reporting and its compliance with designated
safety and soundness laws. Section 36 also requires each covered
institution to have an independent audit committee. The audit committee
of each large covered institution (total assets exceeding $3 billion)
must meet certain additional requirements.
In June 1993, the FDIC published 12 CFR part 363 (58 FR 31332, June
2, 1993) to implement the provisions of section 36 of the FDI Act.
Under part 363, the requirements of section 36 apply to each insured
depository institution with $500 million or more in total assets at the
beginning of any fiscal year that begins after December 31, 1992. Part
363 also includes Guidelines and Interpretations (Appendix A to part
363), which are intended to assist institutions and independent public
accountants in understanding and complying with section 36 and part
363.
Section 314 of the Riegle Community Development and Regulatory
Improvement Act of 1994 amended sections 36(i) and 36(g)(2) of the FDI
Act (12 U.S.C. 1831m (i) and (g)(2)). The purpose of section 314(a) was
to provide relief from certain duplicative reporting under section 36
of the FDI Act for sound, well managed insured depository institutions
with over $9 billion in total assets which are subsidiaries of
multibank holding companies. The regulation was amended effective April
1, 1996, to implement section 314.
Section 2301 of EGRPRA repealed section 36(e) and amended sections
36(a)(3) and 36(g)(1) of the FDI Act. Section 36(e) required that each
covered institution have an independent public accountant perform
specified procedures for determining compliance with designated safety
and soundness laws. To comply with the repeal of section 36(e), the
FDIC is removing Schedule A to Appendix A, ``Agreed Upon Procedures for
Determining Compliance with Designated Laws,'' and is making conforming
changes to the regulation and the Guidelines.
The amendment to section 36(g)(1) of the FDI Act grants authority
for each appropriate federal banking agency to permit a covered
institution under its supervision to have an audit committee consisting
of a majority of outside directors, instead of consisting entirely of
outside directors, if the agency determines that the institution has
encountered hardships retaining and recruiting a sufficient number of
competent outside directors to serve on the committee. The amendment to
section 36(a)(3) permits the FDIC and the appropriate federal banking
agency to designate certain information filed under section 36 as
privileged and confidential and not available to the public.
Since 1993 when part 363 was promulgated, no institution has
requested relief from the FDIC because the institution had difficulty
in recruiting or retaining outside directors for its audit committee
nor has any institution requested confidential treatment of any
otherwise public information filed under section 36. Because the
banking agencies would consider such matters on a case-by-case basis,
and to avoid additional burden, no implementing regulations are being
promulgated.
II. Discussion of Amendment
The FDIC is amending part 363 to: conform it to the amended
statute, update certain references, eliminate an unnecessary filing by
independent public accountants, and align the filing requirements with
the FDIC's current approach for supervising banking organizations.
The FDIC is deleting Schedule A to Appendix A, ``Agreed Upon
Procedures for Determining Compliance with Designated Laws'', and
Guideline 19 to conform the regulation to the amended statute which
repealed the requirement that each covered institution have an
independent public accountant perform specified procedures for
determining compliance with designated safety and soundness laws. In
addition, Secs. 363.3(b) and 363.4 (a) and (b) have been amended to
delete references to
[[Page 63257]]
Schedule A and the independent public accountant's attestation on
compliance with Designated Laws and Regulations (Designated Laws).
Guidelines 8, 16, and 18 likewise have been revised.
Although section 2301 of EGRPRA repealed the statutory requirement
that an independent public accountant provide an attestation report on
the performance of agreed-upon procedures for determining an
institution's compliance with Designated Laws, management is still
required to file an annual report with the FDIC and appropriate federal
and state banking agencies which includes a statement of its
responsibility for complying with Designated Laws and an assessment of
the institution's compliance with such laws and regulations. Revised
Guideline 12 identifies the two categories of Designated Laws. Table 1
to Appendix A lists the specific federal laws and regulations within
these categories.
The Introduction to the Guidelines and Interpretations has been
amended to remove outdated language. Also, the references to documents
which provide information on safeguarding of assets and standards for
internal control in footnote 2 to Guideline 10 have been updated.
The FDIC has removed the provision in Guideline 16 that an
accountant may elect to file a list of covered institutions that are
audit clients in lieu of a peer review report for each client. The FDIC
has found that the list of client institutions is not needed.
Revised Guideline 22 (previously numbered Guideline 23) has been
amended to reflect the FDIC's current approach to supervising banking
organizations which own more than one depository institution. In such
cases, one FDIC region is designated to manage supervision of the
entire organization. The amended guideline states that covered
institutions filing under part 363 on a holding company basis should
submit their reports to the appropriate FDIC regional office.
III. Public Comment Waiver and Effective Date
The Administrative Procedure Act, 5 U.S.C. 551 et seq. (APA),
requires that general notice of a proposed rulemaking be published in
the Federal Register. 5 U.S.C. 553(b). An exception to the rule exists
if the agency for good cause finds ``* * * that notice and public
procedure thereon are impracticable, unnecessary, or contrary to the
public interest.'' 5 U.S.C. 553(b)(B). The FDIC is publishing the
amendments to part 363 as a final rule without notice and comment
because the amendments consist of only minor and technical changes. The
FDIC finds that publication in this case is unnecessary.
IV. Paperwork Reduction Act
This regulation contains modifications to a collection of
information that have been reviewed and approved by the Office of
Management and Budget on November 5, 1997, under control number 3064-
0113 pursuant to the Paperwork Reduction Act (44 U.S.C. 3501 et seq.).
The primary modification is the deletion, from Appendix A, of Schedule
A ``Agreed Upon Procedures for Determining Compliance with Designated
Laws''.
Comments are invited on: (a) Whether the collection of information
is necessary for the proper performance of the FDIC's functions,
including whether the information has practical utility; (b) the
accuracy of the estimates of the burden of the information collection;
(c) ways to enhance the quality, utility, and clarity of the
information to be collected; and (d) ways to minimize the burden of the
information collection on respondents, including through the use of
automated collection techniques or other forms of information
technology.
Comments should be addressed to the Office of Information and
Regulatory Affairs, Office of Management and Budget, Attention: Desk
Officer Alexander Hunt, New Executive Office Building, Room 3208,
Washington, D.C. 20503, with copies of such comments to Steven F.
Hanft, Assistant Executive Secretary (Regulatory Analysis), Federal
Deposit Insurance Corporation, Room F-4001-B, 550 17th Street, NW,
Washington, D.C. 20429. All comments should refer to ``3064-0113''.
The estimated reporting burden for the collection of information
under part 363 is:
Number of Respondents: 420.
Number of Responses per Respondent: 3.
Total Annual Responses: 1,260.
Hours per Response: 32.
Total Annual Burden Hours: 40,320.
V. Regulatory Flexibility Act
The rule expressly exempts insured depository institutions having
assets of less than $500 million, and, for that reason, is inapplicable
to small entities. Therefore, pursuant to section 605(b) of the
Regulatory Flexibility Act (Pub. L. 96-354, 5 U.S.C. 601 et seq.), it
is certified that the rule would not have a significant impact on a
substantial number of small entities.
VI. Small Business Regulatory Enforcement Fairness Act
The Small Business Regulatory Enforcement Fairness Act of 1996
(SBREFA) (Title II, Pub. L. 104-121) provides generally for agencies to
report rules to Congress and the General Accounting Office (GAO) for
review. The reporting requirement is triggered when a federal agency
issues a final rule. The FDIC will file the appropriate reports with
Congress and the GAO as required by SBREFA.
Because the Office of Management and Budget has determined that the
rule does not constitute a ``major rule'' as defined by SBREFA, the
final rule will take effect on January 1, 1998.
List of Subjects in 12 CFR Part 363
Accounting, Administrative practice and procedure, Banks, banking,
Reporting and recordkeeping requirements.
For the reasons set forth in the preamble, the Board of Directors
of the FDIC hereby amends Part 363 of title 12, chapter III, of the
Code of Federal Regulations as follows:
PART 363--ANNUAL INDEPENDENT AUDITS AND REPORTING REQUIREMENTS
1. The authority citation for part 363 continues to read as
follows:
Authority: 12 U.S.C. 1831m.
2. Section 363.3 is amended by revising paragraph (b) to read as
follows:
Sec. 363.3 Independent public accountant.
* * * * *
(b) Additional report. Such independent public accountant shall
examine, attest to, and report separately on, the assertion of
management concerning the institution's internal control structure and
procedures for financial reporting. The attestation shall be made in
accordance with generally accepted standards for attestation
engagements.
* * * * *
3. Section 363.4 is amended by revising paragraphs (a) and (b) to
read as follows:
Sec. 363.4 Filing and notice requirements.
(a) Annual reporting. Within 90 days after the end of its fiscal
year, each insured depository institution shall file with each of the
FDIC, the appropriate federal banking agency, and any appropriate state
bank supervisor, two copies of an annual report containing audited
annual financial statements, the independent public accountant's report
thereon, management's statements and
[[Page 63258]]
assessments, and the independent public accountant's attestation report
concerning the institution's internal control structure and procedures
for financial reporting as required by Secs. 363.2(a), 363.3(a),
363.2(b), and 363.3(b), respectively.
(b) Public availability. The annual report in paragraph (a) of this
section shall be available for public inspection.
* * * * *
4. Appendix A to part 363 is amended by revising the table of
contents entry for item 18, by removing the table of contents entry for
item 19, by redesignating table of contents entries 20 through 37 as 19
through 36, respectively, by revising the introduction and guidelines
8, 10, 12, 16, 18 to read as follows:
Appendix A to Part 363--Guidelines and Interpretations
Table of Contents
* * * * *
18. Attestation Report
* * * * *
Introduction
Congress added section 36, ``Early Identification of Needed
Improvements in Financial Management'' (section 36), to the Federal
Deposit Insurance Act (FDI Act) in 1991.
The FDIC Board of Directors adopted 12 CFR part 363 of its rules
and regulations (the Rule) to implement those provisions of section
36 that require rulemaking. The FDIC also approved these
``Guidelines and Interpretations'' (the Guidelines) and directed
that they be published with the Rule to facilitate a better
understanding of, and full compliance with, the provisions of
section 36.
Although not contained in the Rule itself, some of the guidance
offered restates or refers to statutory requirements of section 36
and is therefore mandatory. If that is the case, the statutory
provision is cited.
Furthermore, upon adopting the Rule, the FDIC reiterated its
belief that every insured depository institution, regardless of its
size or charter, should have an annual audit of its financial
statements performed by an independent public accountant, and should
establish an audit committee comprised entirely of outside
directors.
The following Guidelines reflect the views of the FDIC
concerning the interpretation of section 36. The Guidelines are
intended to assist insured depository institutions (institutions),
their boards of directors, and their advisors, including their
independent public accountants and legal counsel, and to clarify
section 36 and the Rule. It is recognized that reliance on the
Guidelines may result in compliance with section 36 and the Rule
which may vary from institution to institution. Terms which are not
explained in the Guidelines have the meanings given them in the
Rule, the FDI Act, or professional accounting and auditing
literature.
* * * * *
Annual Reporting Requirements (Sec. 363.2)
* * * * *
8. Management Report. Management should perform its own
investigation and review of the effectiveness of internal controls
and compliance with the Designated Laws defined in Guideline 12.
Management also should maintain records of its determinations and
assessments until the next federal safety and soundness examination,
or such later date as specified by the FDIC or appropriate federal
banking agency. Management should provide in its assessment of the
effectiveness of internal controls, or supplementally, sufficient
information to enable the accountant to report on its assertion. The
management report of an insured branch of a foreign bank should be
signed by the branch's managing official if the branch does not have
a chief executive or financial officer.
* * * * *
10. Standards for Internal Controls. Each institution should
determine its own standards for establishing, maintaining, and
assessing the effectiveness of its internal controls.2
---------------------------------------------------------------------------
\2\ In considering what information is needed on safeguarding of
assets and standards for internal controls, management may review
guidelines provided by its primary federal regulator; the FDIC's
Division of Supervision Manual of Examination Policies; the Federal
Reserve Board's Commercial Bank Examination Manual and other
relevant regulations; the Office of Thrift Supervision's Thrift
Activities Handbook; the Comptroller of the Currency's Handbook for
National Bank Examiners; and standards published by professional
accounting organizations, such as the American Institute of
Certified Public Accountants' (AICPA) Statement on Auditing
Standards No. 55, ``Consideration of the Internal Control Structure
in a Financial Statement Audit,'' as amended by Statement of
Auditing Standards No. 78; the Committee of Sponsoring Organizations
(COSO) of the Treadway Commission's Internal Control--Integrated
Framework, including its addendum on safeguarding of assets; and
other internal control standards published by the AICPA, other
accounting or auditing professional associations, and financial
institution trade associations.
---------------------------------------------------------------------------
* * * * *
12. Compliance with Laws and Regulations. The designated laws
and regulations are the federal laws and regulations concerning
loans to insiders and the federal and state laws and regulations
concerning dividend restrictions (the Designated Laws). Table 1 to
this Appendix A lists the designated federal laws and regulations
pertaining to insider loans and dividend restrictions that are
applicable to each type of institution.
Role of Independent Public Accountant (Sec. 363.3)
* * * * *
16. Filing Peer Review Reports. Within 15 days of receiving
notification that the peer review has been accepted, or before
commencing any audit under the Rule, whichever is earlier, two
copies of the most recent peer review report, accompanied by any
letter of comments and letter of response, should be filed by the
independent public accountant (if not already on file) with the
FDIC, Registration and Disclosure Section, 550 17th Street, N.W.,
Washington, D.C. 20429, where they will be available for public
inspection. All corrective action required under any qualified peer
review report should have been taken before commencing services
under this Rule.
* * * * *
18. Attestation Report. The independent public accountant should
provide the institution with an internal controls attestation report
and any management letter at the conclusion of the audit as required
by section 36(c)(1). If a holding company subsidiary relies on its
holding company management report, the accountant may attest to and
report on management's assertions in one report, without reporting
separately on each subsidiary covered by the Rule. The FDIC has
determined that management letters are exempt from public
disclosure.
* * * * *
5. Appendix A to part 363 is amended by removing Guideline 19 and
redesignating Guidelines 20 through 37 as 19 through 36, respectively.
6. Appendix A to part 363 is amended by revising newly designated
Guideline 22 to read as follows:
* * * * *
Filing and Notice Requirements (Sec. 363.4)
22. Place for Filing. Except for peer review reports filed
pursuant to Guideline 16, all reports and notices required by, and
other communications or requests made pursuant to, the Rule should
be filed as follows:
(a) FDIC: Appropriate FDIC Regional Office (Supervision), i.e.,
the FDIC regional office in the FDIC region in which the institution
is headquartered or, in the case of a subsidiary institution of a
holding company, the FDIC regional office that is responsible for
monitoring the consolidated company. A filing made on behalf of
several covered institutions owned by the same parent holding
company should be accompanied by a transmittal letter identifying
all of the institutions covered.
(b) Office of the Comptroller of the Currency (OCC): appropriate
OCC Supervisory Office.
(c) Federal Reserve: appropriate Federal Reserve Bank.
(d) Office of Thrift Supervision (OTS): appropriate OTS District
Office.
(e) State bank supervisor: the filing office of the appropriate
state bank supervisor.
* * * * *
7. Schedule A to Appendix A of part 363 and the Tables to Schedule
A are removed.
8. Table 1 is added to Appendix A to read as follows:
[[Page 63259]]
Table 1 to Appendix A
----------------------------------------------------------------------------------------------------------------
Designated Federal Laws and Regulations Applicable to
-----------------------------------------------------------------------------------------------------------------
State
National State member nonmember Savings
banks banks banks associations
----------------------------------------------------------------------------------------------------------------
Insider Loans--Parts and/or Sections of Title 12 of the United States Code
----------------------------------------------------------------------------------------------------------------
375a....................... Loans to Executive Officers (\1\) (\1\)
of Banks.
375b....................... Prohibitions Respecting (\1\) (\1\)
Loans and Extensions of
Credit to Executive
Officers and Directors of
Banks, Political Campaign,
Committees, etc.
1468(b).................... Extensions of Credit to ............ ............ ............
Executive Officers,
Directors, and Principal
Shareholders.
1828(j)(2)................. Provisions Relating to ............ ............ ............
Loans, Extensions of
Credit, and Other Dealings
Between Member Banks and
Their Affiliates,
Executive Officers,
Directors, etc.
1828(j)(3)(B).............. Extensions of Credit (\2\) ............ (\3\) ............
Applicability of
Provisions Relating to
Loans, Extensions of
Credit, and Other Dealings
Between Insured Branches
of Foreign Banks and Their
Insiders.
----------------------------------------------------------------------------------------------------------------
Parts and/or Sections of Title 12 of the Code of Federal Regulations
----------------------------------------------------------------------------------------------------------------
23.5....................... Application of Legal ............ ............ ............
Lending Limits;
Restrictions on
Transactions With
Affiliates.
31......................... Extensions of Credit to ............ ............ ............
National Bank Insiders.
215........................ Subpart A--Loans by Member (\4\) (\5\)
Banks to Their Executive
Officers, Directors, and
Principal Shareholders.
Subpart B--Reports of (\4\) (\5\)
Indebtedness of Executive
Officers and Principal
Shareholders of Insured
Nonmember Banks.
337.3...................... Limits on Extensions of ............ ............ ............
Credit to Executive
Officers, Directors, and
Principal Shareholders of
Insured Nonmember Banks.
349.3...................... Reports by Executive ............ ............ ............
Officers and Principal
Shareholders.
563.43..................... Loans by Savings ............ ............ ............
Associations to Their
Executive Officers,
Directors, and Principal
Shareholders.
----------------------------------------------------------------------------------------------------------------
Dividend Restrictions--Parts and/or Sections of Title 12 of the United States Code
----------------------------------------------------------------------------------------------------------------
56......................... Prohibition on Withdrawal ............ ............
of Capital and Unearned
Dividends.
60......................... Dividends and Surplus Funds ............ ............
1467a(f)................... Declaration of Dividends... ............ ............ ............
1831o...................... Prompt Corrective Action--
Dividend Restrictions.
----------------------------------------------------------------------------------------------------------------
Parts and/or Sections of Title 12 of the Code of Federal Regulations
----------------------------------------------------------------------------------------------------------------
5.61....................... Payment of dividends; ............ ............ ............
capital limitation.
5.62....................... Payment of dividends; ............ ............ ............
earnings limitation.
6.6........................ Prompt Corrective Action-- ............ ............ ............
Dividend Restrictions.
7.6120..................... Dividends Payable in ............ ............ ............
Property Other Than Cash.
208.19..................... Payments of Dividends...... ............ ............ ............
208.35..................... Prompt Corrective Action... ............ ............ ............
325.105.................... Prompt Corrective Action... ............ ............ ............
563.134.................... Capital Distributions...... ............ ............ ............
565........................ Prompt Corrective Action... ............ ............ ............
----------------------------------------------------------------------------------------------------------------
\1\ Subsections (g) and (h) only.
\2\ Applies only to insured federal branches of foreign banks.
\3\ Applies only to insured state branches of foreign banks.
\4\ See 12 CFR parts 337.3 and 349.3.
\5\ See 12 CFR part 563.43.
[[Page 63260]]
By Order of the Board of Directors.
Dated at Washington, D.C., this 12th day of November, 1997.
Federal Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.
[FR Doc. 97-30860 Filed 11-26-97; 8:45 am]
BILLING CODE 6714-01-P
