[Federal Register Volume 61, Number 122 (Monday, June 24, 1996)]
[Notices]
[Pages 32438-32441]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 96-16047]
=======================================================================
-----------------------------------------------------------------------
FARM CREDIT ADMINISTRATION
FEDERAL DEPOSIT INSURANCE CORPORATION
Amendment to Statement of Policy Regarding Independent External
Auditing Programs of State Nonmember Banks
AGENCY: Federal Deposit Insurance Corporation (FDIC or Corporation).
ACTION: Statement of policy.
-----------------------------------------------------------------------
SUMMARY: As part of the FDIC's systematic review of its regulations and
written policies under Section 303(a) of the Riegle Community
Development and Regulatory Improvement Act of 1994 (CDRI), the FDIC is
amending its policy statement regarding independent external auditing
programs of state nonmember banks (Policy Statement). These amendments
remove an inconsistency between the Policy Statement and another policy
that was later approved by the FDIC Board of Directors and eliminate a
reference to another FDIC policy which has been superseded. The
amendments also add a paragraph referencing a statutory requirement
enacted since the Policy Statement's adoption and renumber the
subsequent paragraphs of the Policy Statement.
EFFECTIVE DATE: June 24, 1996.
FOR FURTHER INFORMATION CONTACT: Doris L. Marsh, Examination
Specialist, Division of Supervision, (202) 898-8905, or Sandra
Comenetz, Counsel, Legal Division, (202) 898-3582, FDIC, 550 17th
Street NW., Washington, DC 20429.
SUPPLEMENTARY INFORMATION: The FDIC is conducting a systematic review
of its regulations and written policies. Section 303(a) of the CDRI (12
U.S.C. 4803(a)) requires each federal banking agency to streamline and
modify its regulations and written policies in order to improve
efficiency, reduce unnecessary costs, and eliminate unwarranted
constraints on credit availability. Section 303(a) also requires each
federal agency to remove inconsistencies and outmoded and duplicative
requirements from its regulations and written policies.
As part of this review, the FDIC has determined that the Policy
Statement needs several amendments to eliminate inconsistencies and
outmoded requirements.
The Policy Statement was adopted by the FDIC Board of Directors on
November 16, 1988, and published on November 28, 1988, 53 FR 47871. The
Policy Statement states that the FDIC strongly encourages each state
nonmember bank to adopt an external auditing program that includes an
annual audit of its financial statements by an independent public
accountant. However, the Federal Deposit Insurance Corporation
Improvement Act of 1991 added Section 36 to the Federal Deposit
Insurance Act. Section 36, and its implementing regulation at 12 CFR
Part 363, requires all insured depository institutions with $500
million or more in total assets at the beginning of their fiscal year
to have an annual audit performed by an independent public accountant
and to have an audit committee entirely consisting of outside directors
who are independent of management. A new paragraph 3 has been added to
the Policy Statement describing these and certain related requirements
for larger institutions and the existing paragraphs 3 through 15 have
been redesignated paragraphs 4 through 16.
In addition, the Policy Statement advises applicants for deposit
insurance that they will generally be expected to commit their bank to
obtain an audit of its financial statements by an independent public
accountant annually for at least the first three years after deposit
insurance is granted [emphasis added]. Original footnote 2 to the
Policy Statement refers to a June 24, 1987, FDIC policy statement on
deposit insurance applications by operating non-FDIC insured
institutions.
However, newly insured institutions generally present greater risks
to the deposit insurance funds than operating insured institutions
which have been subject to ongoing supervision by the applicable
federal and state regulators. In addition, a statement of policy on
Applications for Deposit Insurance was adopted by the FDIC Board of
Directors on April 7, 1992, 57 FR 12822, which superseded the
referenced 1987 policy statement. The 1992 policy statement states the
FDIC's belief that an annual audit by an independent public accountant
should be an integral part of the safe and sound management of a
depository institution. As a result, applicants for deposit insurance
coverage are expected to commit their depository institution to obtain
an audit by an independent public accountant annually for at least the
first five years after deposit insurance coverage is granted [emphasis
added]. Thus, this Policy Statement must be amended to be consistent
with the more recent statement of policy on Applications for Deposit
Insurance. A reference to the 1992 applications policy replaces a
reference to the rescinded policy statement in footnote 2.
Discussion of Amendments
A new paragraph 3 is added to the Policy Statement to explain the
audit and audit committee requirements for all insured depository
institutions with $500 million or more in total assets as a result of
the addition of Section 36 to the Federal Deposit Insurance Act in
1991. Thus, the original paragraphs 3 through 15 have been redesignated
paragraphs 4 through 16. In renumbered paragraph 11 of the Policy
Statement, the word ``three'' is replaced with the word ``five''
because newly insured
[[Page 32439]]
institutions generally present greater risks to the insurance funds, a
factor recognized in the FDIC's 1992 applications policy statement.
This change in the Policy Statement will bring it into conformity with
the recommended number of years an applicant for deposit insurance must
commit to obtaining an annual audit as set forth in the applications
policy statement. The reference in footnote 2 to the FDIC's rescinded
1987 policy statement is replaced with a reference to the FDIC's
current applications policy statement.
For the reasons set forth in the preamble, the Board of Directors
of the FDIC hereby amends its Statement of Policy Regarding Independent
External Auditing Programs of State Nonmember Banks to read as follows:
Statement of Policy Regarding Independent External Auditing Programs of
State Nonmember Banks
1. In view of its interest in the financial soundness of banks and
the banking system, the FDIC believes that a strong internal auditing
function combined with a well-planned external auditing program 1
substantially lessens the risk that a bank will not detect potentially
serious problems. An external auditing program is a set of procedures
designed to test and evaluate high risk areas of a bank's business
which are performed by an independent auditor who may or may not be a
public accountant. The failure to detect and correct potentially
serious problems increases the risk a bank poses to the FDIC's
insurance funds. A strong internal auditing function establishes the
proper control environment and promotes accuracy and efficiency in a
bank's operations. An external auditing program complements this
function by providing an objective outside view of the bank's
operations.
---------------------------------------------------------------------------
\1\ Terms defined in Appendix A are italicized the first time
they appear in this statement of policy.
---------------------------------------------------------------------------
2. Regardless of the strength of a bank's internal auditing
procedures, the FDIC believes that an external auditing program should
be considered by a bank's board of directors as part of the cost of
operating a bank in a safe and sound manner. An external auditing
program assists the bank's board of directors in safeguarding assets
and identifying risks inherent in its operation. In addition, an
external auditing program may tend to assist directors in the event of
litigation on whether an institution's board has exercised reasonable
care in protecting the assets of the bank. Thus, the FDIC urges all
state nonmember banks to establish and maintain a sound external
auditing program.
3. In accordance with Section 36 of the Federal Deposit Insurance
Act, as implemented by 12 CFR Part 363, each insured depository
institution with $500 million or more in total assets at the beginning
of its fiscal year is required to file with the FDIC and the
appropriate federal banking agency, an annual report, including its
financial statements which have been audited by an independent public
accountant, and a management report and independent public accountant's
attestation concerning both the effectiveness of the institution's
internal controls for financial reporting and its compliance with
designated safety and soundness laws. In addition, each such
institution is required to have an audit committee consisting entirely
of outside directors who are independent of management. For state
nonmember banks subject to Section 36 and Part 363, these audit and
audit committee requirements take precedence over the provisions of
this Statement of Policy.
State Nonmember Banks Not Subject to Part 363
4. The FDIC strongly encourages the board of directors of each
state nonmember bank to establish an audit committee consisting, if
possible, entirely of outside directors. The audit committee or board
of directors of each state nonmember bank generally should analyze the
extent of the external auditing coverage needed by the bank annually.
They should determine whether the bank's needs will best be met by an
audit of its financial statements or by an acceptable alternative
(described in paragraphs 9 and 10 below). When selecting the scope of
the planned external auditing program for the year, the committee or
board should ensure that the program will provide sufficient
substantive external coverage of the bank's risk areas and any other
areas of potential concern, such as compliance with applicable laws and
regulations. If not, additional external auditing procedures conducted
by an independent auditor may be appropriate for a specific year or
several years to cover particularly high risk areas of the bank. The
decisions resulting from these deliberations should be recorded in the
committee's or board's minutes.
5. If the audit committee or board of directors of a bank, after
due consideration, determines not to engage an independent public
accountant to conduct an annual audit of the bank's financial
statements (or whose parent holding company's consolidated financial
statements are not audited), the reasons for the committee's or board's
conclusion to use one of the acceptable alternatives or to have no
external auditing program should be documented in its minutes. In the
evaluation, the committee or board generally should consider not only
the cost of an annual audit of the bank's financial statements, but
also the potential benefits.
6. A review of both a bank's internal and external auditing
programs has been and will continue to be a part of the FDIC's
examination procedures. FDIC examiners will review the nature of each
bank's external auditing program in conjunction with the risk areas
perceived in that particular bank's business and operations, and they
will exercise their judgment and discretion in evaluating the adequacy
of a bank's external auditing program. Examiners will not automatically
comment negatively to the board of directors of a bank with an
otherwise satisfactory external auditing program merely because it does
not engage an independent public accountant to perform an audit of its
financial statements.
Audit by an Independent Public Accountant
7. The FDIC strongly encourages each state nonmember bank to adopt
an external auditing program that includes an annual audit of its
financial statements by an independent public accountant. A bank that
does so would generally be considered to have a satisfactory external
auditing program. An external audit of a bank's financial statements
benefits management by assisting in the establishment of the accounting
and operating policies, internal controls, internal auditing programs,
and management information systems necessary to ensure the fair
presentation of these statements. An audit also assists boards of
directors in fulfilling their fiduciary responsibilities and provides
them greater assurance that financial reports are accurate and provide
adequate disclosure.
8. An audit of a bank's financial statements performed by the
independent public accountant as of a quarter-end date when the Reports
of Condition and Income are prepared is preferable and would permit the
bank to use the audited financial statements in the preparation and/or
subsequent review of those reports. A bank may also find it more cost
effective to be audited during accounting firms' less busy periods. The
independent public accountant chosen should be experienced in auditing
banks and
[[Page 32440]]
knowledgeable about banking regulations in order to provide the bank
with the most effective service.
Alternatives to an Audit by a Public Accountant
9. The FDIC recognizes that a bank's audit committee or board of
directors may determine that the external auditing program that will
best meet its individual needs for that particular year will be other
than an audit of its financial statements by an independent public
accountant. The committee or board, after a full review of alternative
and/or supplemental approaches for an adequate independent external
auditing program, may decide on a well-planned directors' examination,
an independent analysis of internal controls or other areas, a report
on the balance sheet, or specified auditing procedures by an
independent auditor. If the bank has an outside auditing firm that is
simply obtaining confirmations of deposits and loans, for example, the
committee or board should normally expand the scope of the auditing
work performed to include additional procedures to test the bank's high
risk areas.
10. Nonaccounting firms with bank auditing experience and expertise
that are independent of the bank are available in some geographic
locations. They may provide acceptable directors' examinations,
analyses, or specified auditing work at a reasonable cost. In some
instances, these firms' services include nonauditing work which enables
them to provide suggestions on compliance issues and operational
efficiencies. Depending upon the expertise of the firm and the scope of
the engagement, these nonaccounting firms may be an appropriate choice
for an external auditing program.
Newly Insured Banks
11. The FDIC believes that an adequate external auditing program
performed by an independent auditor should be an integral part of the
safe and sound management of a bank. Thus, applicants for deposit
insurance coverage will generally be expected to commit their bank to
obtain an audit of its financial statements by an independent public
accountant annually for at least the first five years after deposit
insurance coverage is granted.2 The FDIC may determine on a case-
by-case basis that an independent audit of financial statements is
unnecessary where an applicant can demonstrate that the benefits
derived from such an external audit will be substantially provided by
other outside sources, or where the applicant is owned by another
company and will undergo an audit performed by an independent public
accounting firm as part of an audit of the consolidated financial
statements of its parent company.
---------------------------------------------------------------------------
\2\ Refer to the April 7, 1992, Statement of Policy on
Applications for Deposit Insurance.
---------------------------------------------------------------------------
Notification and Submission of Reports
12. Whether currently or newly insured, the FDIC requests each
state nonmember bank that undergoes any external auditing work,
regardless of the scope of the work, to furnish a copy of any reports
by the public accountant or other external auditor, including any
management letters, to the appropriate FDIC regional office as soon as
possible after their receipt by the bank.
13. In addition, the FDIC requests each bank to promptly notify the
appropriate FDIC regional office when any public accountant or other
external auditor is initially engaged to perform external auditing
procedures and when a change in its accountant or auditor occurs.
Holding Company Subsidiaries
14. When the audit committee or board of directors of any state
nonmember bank owned by another company (such as a bank holding
company) considers its external auditing program, it may find it
appropriate to express the scope of its program in terms of the bank's
relationship to the consolidated group. No section of this statement of
policy is intended to imply that any state nonmember bank owned by
another company is expected to obtain a separate audit of the financial
statements of the individual bank. Where the state nonmember bank is
directly or indirectly included in the audit of the consolidated
financial statements of its parent company performed by an independent
public accounting firm, the state nonmember bank may send one copy of
the comparable reports by the public accountant or notification of the
change in accountants for the consolidated company to the appropriate
regional director. If several banks supervised by the same FDIC
regional office are owned by one parent company, a single copy of each
report applicable to the consolidated company may be submitted to the
regional office on behalf of all of the affiliated banks.
Troubled Banks
15. An annual independent external auditing program complements
both the FDIC's supervisory process and bank internal auditing programs
by further identifying or clarifying issues of potential concern or
exposure. It can also greatly aid management in taking corrective
action, particularly when weaknesses are detected in internal control
or management information systems. For these reasons, an annual audit
of bank financial statements performed by an independent public
accounting firm or, if more appropriate, specified auditing procedures
will be a condition of future enforcement actions, when deemed
necessary, or if it appears that any of the following conditions may
exist:
(a) Internal controls and internal auditing procedures are inadequate;
(b) The directorate is generally uninformed in the area of internal
controls;
(c) There is evidence of insider abuse;
(d) There are known or suspected defalcations;
(e) There is known or suspected criminal activity;
(f) It is probable that director liability for losses exists;
(g) Direct verification is warranted; and/or
(h) Questionable transactions with affiliates have occurred.
16. Such an enforcement action may also require that (a) The bank
provide to the appropriate FDIC regional office a copy of the auditor's
report and any management letter received from the auditor promptly
after the completion of any auditing work and that (b) the bank notify
the regional office in advance of the time and date of any meeting
between management and the auditor at which any auditing findings are
to be presented so that a representative of the FDIC may be present if
the FDIC so chooses.
Appendix A--Definitions
Audit. An examination of the financial statements, accounting
records, and other supporting evidence of a bank performed by an
independent certified or licensed public accountant in accordance with
generally accepted auditing standards and of sufficient scope to enable
the auditor to express an opinion on the bank's financial statements as
to their presentation in accordance with generally accepted accounting
principles (GAAP).
Audit Committee. A committee of the board of directors, consisting,
if possible, entirely of outside directors. To the extent possible,
members of the committee should be knowledgeable about accounting and
auditing. They should be responsible for reviewing and approving the
bank's internal and external auditing programs or
[[Page 32441]]
recommending adoption of these programs to the full board. Both the
internal auditor and the external auditor should have unrestricted
access to the audit committee without the need for any prior management
knowledge or approval. Other duties of the audit committee should
include reviewing the independence of the external auditor annually,
being consulted by management when it seeks a second opinion on an
accounting issue, overseeing the quarterly regulatory reporting
process, and reporting its findings periodically to the full board of
directors.
Directors' Examination. A review by an independent third party that
has been authorized by the bank's board of directors and is performed
in accordance with the board's analysis of potential risk areas.
Certain procedures may also be required as a result of state law. A
directors' examination consisting solely of such procedures as cash
counts and confirmations of loans and deposits would not normally be
considered a well-planned directors' examination. (Sometimes directors'
examinations are similar to so-called ``engagement audits'' or
``operational audits.'' Nevertheless, no widely accepted national
standards exist for the specific procedures that must be performed in
directors' examinations or these ``audits.'')
External Auditing Program. The performance of procedures to test
and evaluate high risk areas of a bank's business by an independent
auditor, who may or may not be a public accountant, sufficient for the
auditor to be able to express an opinion on the financial statements or
to report on the results of the procedures performed.
Financial Statements. The statements of financial position, income,
cash flows, and changes in shareholders equity together with related
notes.
Independent. No certified public accountant, public accountant, or
other auditor will be recognized as independent who is not in fact
independent. (Reference is made to Sec. 335.604 of the FDIC rules and
regulations for the complete definition of the term ``independent.'')
Outside Directors. Members of a bank's board of directors who are
not officers, employees, or principal stockholders of the bank, its
subsidiaries, or its affiliates, and do not have any material business
dealings with the bank, its subsidiaries, or its affiliates.
Public Accountant. A certified public accountant or licensed public
accountant who is duly registered and in good standing as such under
the laws of the place of his/her residence or principal office, who is
licensed by the accounting regulatory authority of his/her state, and
who possesses a permit to practice public accountancy.
Report on the Balance Sheet. An examination of the balance sheet,
accounting records, and other supporting evidence performed by an
independent certified or licensed public accountant in accordance with
generally accepted auditing standards.
Risk Areas. The risk areas are those particular activities of a
specific bank that expose the bank to potential losses if problems were
to exist and go undetected. The highest risk areas in banks generally
include, but are not necessarily limited to, the valuation of
collectibility of loans (including the reasonableness of the allowance
for loan losses), investments, and repossessed and foreclosed
collateral; internal controls; and insider transactions.
By order of the Board of Directors.
Dated at Washington, D.C. this 17th day of June, 1996.
Federal Deposit Insurance Corporation.
Robert E. Feldman,
Deputy Executive Secretary.
[FR Doc. 96-16047 Filed 6-21-96; 8:45 am]
BILLING CODE 6714-01-P
