Proposed Rule: Practice and Procedure: Annual Independent Audits and Reporting Requirements

Friday,
November 2, 2007
Part II
Federal Deposit
Insurance
Corporation
12 CFR Parts 308 and 363
Annual Independent Audits and Reporting
Requirements; Proposed Rule
pwalker on PROD1PC71 with PROPOSALS2
VerDate Aug<31>2005 16:31 Nov 01, 2007 Jkt 211001 PO 00000 Frm 00001 Fmt 4717 Sfmt 4717 E:\FR\FM\02NOP2.SGM 02NOP2
62310 Federal Register / Vol. 72, No. 212 / Friday, November 2, 2007 / Proposed Rules
FEDERAL DEPOSIT INSURANCE federal including any personal that may be granted if an institution
CORPORATION information provided. Comments may (public or non-public) is confronted
be inspected and photocopied in the with extraordinary circumstances
12 CFR Parts 308 and 363 FDIC Public Information Center, 3501 beyond its reasonable control with a late
North Fairfax Drive, Room E–1002, filing notification requirement that
RIN 3064–AD21
Arlington, VA 22226, between 9 a.m. would have general applicability; (3)
Annual Independent Audits and and 5 p.m. on business days. Paper provide relief from the annual reporting
Reporting Requirements copies of public comments may be requirements for institutions that are
ordered from the Public Information merged out of existence before the filing
AGENCY: Federal Deposit Insurance Center by telephone at (877) 275–3342 deadline; (4) provide relief from
Corporation (FDIC). or (703) 562–2200. reporting on internal control over
ACTION: Notice of proposed rulemaking. FOR FURTHER INFORMATION CONTACT: financial reporting for businesses
Harrison E. Greene, Jr., Senior Policy acquired during the fiscal year; (5)
SUMMARY: Section 36 of the Federal Analyst (Bank Accounting), Division of require management’s assessment of
Deposit Insurance Act (FDI Act) and the Supervision and Consumer Protection, compliance with designated safety and
FDIC’s implementing regulations (part at hgreene@fdic.gov or (202) 898–8905; soundness laws and regulations to state
363) set forth annual independent audit or Michelle Borzillo, Counsel, management’s conclusion regarding
and reporting requirements for insured Supervision and Legislation Section, compliance and disclose any
depository institutions with $500 Legal Division, at mborzillo@fdic.gov or noncompliance with such laws and
million or more in total assets. Given (202) 898–7400. regulations; (6) clarify the independence
changes in the industry, certain sound standards with which independent
SUPPLEMENTARY INFORMATION:
audit, reporting, and audit committee public accountants must comply and
practices incorporated in the Sarbanes- I. Executive Summary enhance the enforceability of
Oxley Act of 2002 (SOX); and the FDIC’s compliance with these standards; (7)
Section 36 of the Federal Deposit
experience in administering part 363, specify that the duties of the audit
Insurance Act (FDI Act) and the FDIC’s
the FDIC is proposing to amend part 363 committee include the appointment,
implementing regulations (part 363) are
of its regulations. These amendments compensation, and oversight of the
generally intended to facilitate early
are designed to further the objectives of independent public accountant; (8)
identification of problems in financial
section 36 by incorporating these sound require audit committees to ensure that
management at insured depository
practices into part 363 and to provide audit engagement letters do not contain
institutions with total assets above
clearer and more complete guidance to unsafe and unsound limitation of
certain thresholds through annual
institutions and independent public liability provisions and require
independent audits, assessments of the
accountants concerning compliance institutions to file copies of these letters;
effectiveness of internal control over (9) require certain communications by
with the requirements of section 36 and financial reporting and compliance with
part 363. As required by section 36, the independent public accountants to audit
designated laws and regulations, the committees and establish retention
FDIC has consulted with the other establishment of independent audit
federal banking agencies. The FDIC is requirements for audit working papers;
committees, and related reporting (10) require boards of directors to adopt
also proposing a technical amendment requirements. The asset-size threshold
to its rules and procedures (part 308, written criteria for evaluating an audit
for internal control assessments is committee member’s independence and
subpart U) for the removal, suspension, $1 billion and the threshold for the
or debarment of accountants and provide expanded guidance for boards
other requirements is $500 million. of directors to use in determining
accounting firms. Given changes in the industry, certain
DATES: Comments must be received on
independence; (11) require the total
sound audit, reporting, and audit assets of a holding company’s insured
or before January 31, 2008. committee practices incorporated in the depository institution subsidiaries to
ADDRESSES: You may submit comments Sarbanes-Oxley Act of 2002 (SOX); and comprise 75 percent or more of the
by any of the following methods: the FDIC’s experience in administering holding company’s consolidated total
• Agency Web Site: http:// part 363, the FDIC is proposing to assets in order for an institution to
www.fdic.gov/regulations/laws/federal. amend part 363 of its regulations. These comply with part 363 at the holding
Follow instructions for submitting amendments are designed to further the company level; and (12) provide
comments on the Agency Web Site. objectives of section 36 by incorporating illustrative management reports to assist
• E-mail: Comments@FDIC.gov. these sound practices into part 363 and institutions in complying with the
Include ‘‘Part 363—Independent Audits to provide clearer and more complete annual reporting requirements.
and Reporting Requirements’’ in the guidance to institutions and The FDIC is also proposing to amend
subject line of the message. independent public accountants its rules and procedures (part 308,
• Mail: Robert E. Feldman, Executive concerning compliance with the subpart U) for the removal, suspension,
Secretary, Attention: Comments, Federal requirements of section 36 and part 363. or debarment of accountants and
Deposit Insurance Corporation, 550 17th The most significant revisions accounting firms from performing audit
Street, NW., Washington, DC 20429. included in the proposed amendments services required by section 36 of the
• Hand Delivery/Courier: Guard would: (1) Require management and the FDI Act by specifying where an
station at the rear of the 550 17th Street independent public accountant to accountant or accounting firm should
Building (located on F Street) on identify the internal control framework file required notices of orders and
business days between 7 a.m. and 5 p.m. used to evaluate internal control over
actions with the FDIC.

• Federal eRulemaking Portal: http:// financial reporting and disclose all
www.regulations.gov. Follow the identified material weaknesses; (2) II. Background
instructions for submitting comments. extend the time period for a non-public Section 112 of the Federal Deposit
Public Inspection: All comments institution to file its Part 363 Annual Insurance Corporation Improvement Act
received will be posted without change Report by 30 days and replace the 30- of 1991 (FDICIA) added section 36,
to http://www.fdic.gov/regulations/laws/ day extensions of the filing deadline ‘‘Early Identification of Needed
Federal Register / Vol. 72, No. 212 / Friday, November 2, 2007 / Proposed Rules 62311
Improvements in Financial institutions with this percentage of the In November 2005, the FDIC amended
Management,’’ to the FDI Act (12 U.S.C. industry’s assets, the FDIC intended to its part 363 annual audit and reporting
1831m). Section 36 is generally ensure that the Congress’s objectives for requirements and audit committee
intended to facilitate early identification achieving sound financial management requirements. The amendments raised
of problems in financial management at at insured institutions when it enacted the asset-size threshold from $500
insured depository institutions above a section 36 would be focused on those million to $1 billion for the assessments
certain asset size threshold (covered institutions posing the greatest potential of internal control over financial
institutions) through annual risk to the insurance funds then reporting by management and the
independent audits, assessments of the administered by the FDIC. Today, due to independent public accountant. All of
effectiveness of internal control over consolidation in the banking and thrift the other audit and reporting
financial reporting and compliance with industry and the effects of inflation, requirements of part 363 continued to
designated laws and regulations, and approximately 1,300 of the more than apply to all institutions with $500
related reporting requirements. Section 8,600 insured institutions have $500 million or more in total assets. Also, for
36 also includes requirements for audit million or more in total assets and are covered institutions with between $500
committees at these insured depository therefore subject to part 363. These million and $1 billion in total assets, the
institutions. Section 36 grants the FDIC covered institutions hold approximately amendments required only a majority,
discretion to set the asset size threshold 91 percent of the assets of insured rather than all, of the members of the
for compliance with these statutory institutions. audit committee, who must be outside
requirements, but it states that the directors, to be independent of
threshold cannot be less than $150 Until its most recent amendments,
management.
million. Sections 36(d) and (f) also part 363 required each covered
obligate the FDIC to consult with the institution to submit to the FDIC and III. Discussion and Section-by-Section
other federal banking agencies in other appropriate federal and state Analysis of Proposed Amendments
implementing these sections of the FDI supervisory agencies an annual report
comprised of audited financial When it amended part 363 in
Act, and the FDIC has performed the
statements, a statement of management’s November 2005, the FDIC noted that it
required consultation.
responsibilities, assessments by had identified other aspects of part 363
Part 363 of the FDIC’s regulations (12
CFR part 363) implements section 36 of management of the effectiveness of that may warrant revision in light of
the FDI Act. When it adopted part 363 internal control over financial reporting changes in the industry and the passage
in 1993, the FDIC stated that it was and compliance with designated laws of SOX.
setting the asset size threshold at $500 and regulations, and an independent Given the number of proposed
million rather than the $150 million public accountant’s attestation report on changes to part 363 and its Guidelines
specified in section 36 to mitigate the internal control over financial reporting. and Interpretations and to enable
financial burden of compliance with In addition, part 363 provided that each readers and commenters to more easily
section 36 consistent with safety and covered institution must establish an understand the context of these
soundness. In selecting $500 million in independent audit committee of its proposed changes, this notice includes
total assets as the size threshold, the board of directors comprised of outside the entire text of part 363 as it is
FDIC noted that approximately 1,000 of directors who are independent of proposed to be amended, not just the
the then nearly 14,000 FDIC-insured management of the institution. Part 363 text of proposed amendments. Also, the
institutions would be subject to part also includes Guidelines and following ‘‘Table of Proposed Changes
363. These covered institutions held Interpretations (Appendix A to part to Part 363 and Appendices’’ is
approximately 75 percent of the assets 363), which are intended to assist intended to assist readers and
of insured institutions at that time. By institutions and independent public commenters in determining which
imposing the audit, reporting, and audit accountants in understanding and sections of part 363 would be affected
committee requirements of part 363 on complying with section 36 and part 363. by this proposal.
TABLE OF PROPOSED CHANGES TO PART 363 AND APPENDICES

Unchanged Revised New Reserved
Part 363—Annual Independent Audits and Reporting Requirements
Table of Contents ............................................................................................................ .................... X .................... ....................
OMB Control Number
§ 363.0 ............................................................................................................................. X .................... .................... ....................
Scope
§ 363.1(a) ......................................................................................................................... .................... X .................... ....................

§ 363.1(b)(1) ..................................................................................................................... .................... X .................... ....................
§ 363.1(b)(2) ..................................................................................................................... .................... X .................... ....................
§ 363.1(b)(3) ..................................................................................................................... X .................... .................... ....................
§ 363.1(c) ......................................................................................................................... .................... .................... X ....................
§ 363.1(d) ......................................................................................................................... .................... .................... X ....................
Annual Reporting Requirements
§ 363.2(a) ......................................................................................................................... .................... X .................... ....................

§ 363.2(b) ......................................................................................................................... .................... X .................... ....................
§ 363.2(b)(1) ..................................................................................................................... .................... X .................... ....................
TABLE OF PROPOSED CHANGES TO PART 363 AND APPENDICES—Continued

§ 363.2(b)(2) ..................................................................................................................... .................... X .................... ....................

§ 363.2(b)(3) ..................................................................................................................... .................... X .................... ....................
§ 363.2(c) ......................................................................................................................... .................... .................... X ....................
Independent Public Accountant
§ 363.3(a) ......................................................................................................................... X .................... .................... ....................

§ 363.3(b) ......................................................................................................................... .................... X .................... ....................
§ 363.3(c) ......................................................................................................................... X .................... .................... ....................
§ 363.3(d) ......................................................................................................................... .................... .................... X ....................
§ 363.3(e) ......................................................................................................................... .................... .................... X ....................
§ 363.3(f) .......................................................................................................................... .................... .................... X ....................
§ 363.3(g) ......................................................................................................................... .................... .................... X ....................
Filing and Notice Requirements
§ 363.4(a) ......................................................................................................................... .................... X .................... ....................

§ 363.4(b) ......................................................................................................................... X .................... .................... ....................
§ 363.4(c) ......................................................................................................................... .................... X .................... ....................
§ 363.4(d) ......................................................................................................................... X .................... .................... ....................
§ 363.4(e) ......................................................................................................................... .................... .................... X ....................
§ 363.4(f) .......................................................................................................................... .................... .................... X ....................
Audit Committees
§ 363.5(a) ......................................................................................................................... .................... X .................... ....................

§ 363.5(b) ......................................................................................................................... X .................... .................... ....................
§ 363.5(c) ......................................................................................................................... .................... .................... X ....................
Appendix A to Part 363—Guidelines and Interpretations
Table of Contents ............................................................................................................ .................... X .................... ....................

Introduction ...................................................................................................................... X .................... .................... ....................
Scope (§ 363.1)
Guideline 1 ....................................................................................................................... X .................... .................... ....................

Guideline 2 ....................................................................................................................... X .................... .................... ....................
Guideline 3 ....................................................................................................................... .................... X .................... ....................
Guideline 4 ....................................................................................................................... .................... X .................... ....................
Guideline 4A .................................................................................................................... .................... .................... X ....................
Annual Reporting Requirements (§ 363.2)
Guideline 5 ....................................................................................................................... .................... X .................... ....................

Guideline 5A .................................................................................................................... .................... .................... X ....................
Guideline 6 ....................................................................................................................... .................... X .................... ....................
Guideline 7 ....................................................................................................................... X .................... .................... ....................
Guideline 8 ....................................................................................................................... X .................... .................... ....................
Guideline 8A .................................................................................................................... .................... .................... X ....................
Guideline 8B .................................................................................................................... .................... .................... X ....................
Guideline 9 ....................................................................................................................... .................... X .................... ....................
Guideline 10 ..................................................................................................................... .................... X .................... ....................
Guideline 11 ..................................................................................................................... X .................... .................... ....................
Guideline 12 ..................................................................................................................... X .................... .................... ....................
Role of Independent Public Accountant (§ 363.3)
Guideline 13 ..................................................................................................................... .................... X .................... ....................

Guideline 14 ..................................................................................................................... .................... .................... .................... X
Guideline 15 ..................................................................................................................... .................... X .................... ....................
Guideline 16 ..................................................................................................................... .................... .................... .................... X
Guideline 17 ..................................................................................................................... X .................... .................... ....................
Guideline 18 ..................................................................................................................... .................... X .................... ....................
Guideline 19 ..................................................................................................................... X .................... .................... ....................
Guideline 20 ..................................................................................................................... .................... X .................... ....................
Guideline 21 ..................................................................................................................... X .................... .................... ....................
Filing and Notice Requirements (§ 363.4)
Guideline 22 ..................................................................................................................... .................... .................... .................... X

Guideline 23 ..................................................................................................................... .................... X .................... ....................
Guideline 24 ..................................................................................................................... X .................... .................... ....................
TABLE OF PROPOSED CHANGES TO PART 363 AND APPENDICES—Continued

Guideline 25 ..................................................................................................................... .................... .................... .................... X

Guideline 26 ..................................................................................................................... .................... X .................... ....................
Audit Committees (§ 363.5)
Guideline 27 ..................................................................................................................... .................... X .................... ....................

Guideline 28 ..................................................................................................................... .................... X .................... ....................
Guideline 29 ..................................................................................................................... .................... .................... .................... X
Guideline 30 ..................................................................................................................... .................... X .................... ....................
Guideline 31 ..................................................................................................................... .................... X .................... ....................
Guideline 32 ..................................................................................................................... X .................... .................... ....................
Guideline 33 ..................................................................................................................... X .................... .................... ....................
Guideline 34 ..................................................................................................................... X .................... .................... ....................
Guideline 35 ..................................................................................................................... .................... X .................... ....................
Other
Guideline 36 ..................................................................................................................... X .................... .................... ....................

Table 1 to Appendix A—Designated Federal Laws and Regulations ............................. .................... X .................... ....................
Appendix B—Illustrative Management Reports ............................................................... .................... .................... X ....................
A. Scope (§ 363.1 and Guidelines 1–4A) that is indicative of the financial company owns or controls more than
position and results of operations of one insured depository institution)
1. Applicability
these institutions. Also, when the would have to comprise 75 percent or
The FDIC is proposing to amend insured depository institution more of the consolidated total assets of
§ 363.1(a) to more clearly state that part subsidiaries do not contribute the top-tier or mid-tier holding
363 applies to any insured depository significantly to the holding company’s company. The FDIC believes that this
institution that has consolidated total financial position and results of percentage-of-assets threshold should
assets of $500 million or more at the operations, the extent of audit coverage ensure that the extent of independent
beginning of its fiscal year. For example, given to these institutions in the audit audit work performed at the insured
if an institution has a December 31 of the consolidated holding company depository institution level is sufficient
fiscal year end and its consolidated total may be limited. Such limited audit to satisfy the intent of section 36 of the
assets were $600 million as January 1, coverage would not be consistent with FDI Act, that is, the early identification
2007, the institution would be subject to the purpose and intent of section 36 of of needed improvements in financial
the annual reporting requirements of the FDI Act, which focuses on insured management at insured institutions. At
part 363 and would have to file a Part depository institutions rather than the same time, this threshold would
363 Annual Report for the fiscal year holding companies. In this situation, the continue to provide flexibility to the
ending December 31, 2007. Also, the assurance that would be provided by an vast majority of covered institutions that
institution would become subject to the independent audit performed are part of a holding company structure
other reporting requirements as well as substantially at the level of the insured with respect to the level at which they
the audit committee requirements of depository institution subsidiaries is not may comply with part 363.
part 363 on January 1, 2007. otherwise available. When determining an appropriate
2. Compliance by Subsidiaries of Therefore, given the differing percentage-of-assets threshold for
Holding Companies characteristics of the holding companies compliance with part 363 at a holding
At present, an insured depository that own insured depository institutions company level, the FDIC considered the
institution that is a subsidiary of a as well as the relationship of an insured range of percentage-of-assets ratios for
holding company may use consolidated depository institution’s total assets to insured institutions that are part of a
holding company financial statements the consolidated total assets of its parent holding company structure. The vast
to satisfy the audited financial holding company, and in keeping with majority of insured institutions subject
statements requirement of part 363 the intent and purpose of section 36 of to part 363 that are in a holding
regardless of whether the assets of the the FDI Act, the FDIC is proposing to company structure are subsidiaries of
insured depository institution amend §§ 363.1(b)(1) and (2) by revising organizations where the assets of the
subsidiary or subsidiaries of the holding the criteria for determining whether the insured depository institution
company represent substantially all or audited financial statements subsidiaries of the holding company
only a minor portion of the holding requirement and the other requirements comprise 90 percent or more of the
company’s consolidated total assets. of part 363 may be satisfied at a holding holding company’s consolidated total
When the assets of insured depository company level. More specifically, to assets. Of the remaining institutions
institution subsidiaries do not comprise comply with the requirements of part subject to part 363 that are in a holding
a substantial portion of a holding 363 at the top-tier or any other mid-tier company structure, most are
company’s consolidated total assets, the holding company level, the subsidiaries of organizations where the
FDIC staff has found that the holding consolidated total assets of the insured assets of the insured institutions
company’s consolidated financial depository institution (or the comprise either between 75 and 90
statements, including the accompanying consolidated total assets of all insured percent or less than 25 percent of the
notes to the financial statements, do not depository institutions, regardless of top-tier parent company’s consolidated
tend to provide sufficient information size, if the top-tier or mid-tier holding total assets. Smaller numbers of
institutions are subsidiaries of 3. Financial Reporting institutions subject to part 363 that are
organizations where the assets of the not public companies.
insured institutions comprise from 25 to The FDIC is proposing to add a new
§ 363.1(c) and a new guideline 4A, 2. Management Report Contents
50 percent or from 50 to 75 percent of
the top-tier parent company’s Financial Reporting, to specify that Based on its review of management
consolidated total assets. However, in a ‘‘financial reporting’’ includes both reports filed pursuant to part 363, the
number of cases where the insured financial statements prepared in FDIC has noted differences in the
institution subsidiaries comprise less accordance with generally accepted content of these reports and insufficient
than 75 percent of the top-tier holding accounting principles and those information regarding the results of the
company’s consolidated total assets, the prepared for regulatory reporting assessments that management must
insured institution subsidiaries that are purposes. Also, as proposed, guideline perform. When management has
subject to part 363 currently comply 4A would clarify that financial identified material weaknesses in
with the regulation at a mid-tier holding statements prepared for regulatory internal control over financial reporting
company level where the assets of the reporting purposes consist of the or noncompliance with designated
insured institution subsidiaries schedules equivalent to the basic safety and soundness laws and
comprise 90 percent or more of the mid- financial statements that are included in regulations, these weaknesses and
tier holding company’s consolidated an institution’s appropriate regulatory noncompliance have not always been
total assets. Thus, these institutions report and that financial statements disclosed.
would not need to change how they prepared for regulatory reporting In addition, management’s assessment
comply with part 363 in response to the purposes do not include regulatory of internal control over financial
establishment of the proposed 75 reports prepared by a non-bank reporting has often failed to disclose the
percent threshold, provided they subsidiary of a holding company or an internal control framework used to
institution. For example, if a bank perform the assessment of the
continue to comply at the same mid-tier
holding company or an insured effectiveness of these controls. It is not
holding company level and this holding
depository institution owns an always evident from management’s
company continues to meet the 75
insurance subsidiary, financial report whether controls over the
percent threshold.
statements prepared for regulatory preparation of the regulatory financial
The FDIC recognizes that those statements have been included within
reporting purposes would not include
institutions currently complying with the scope of management’s assessment.
any regulatory reports that the insurance
part 363 at the holding company level The omission of this information from
subsidiary is required to submit to its
that will not meet the proposed 75 an institution’s management report
appropriate insurance regulatory
percent of consolidated total assets reduces the usefulness of the report as
agency. These proposed amendments
threshold will incur additional costs a means of identifying needed
are consistent with explanatory
from having to comply with the improvements in financial management,
guidance issued by the FDIC on this
regulation at the institution level or at which is the objective of section 36 of
subject in December 1994 after
a suitable mid-tier holding company the FDI Act. The FDIC notes that the
reviewing the Part 363 Annual Reports
level. Nevertheless, the FDIC believes regulations adopted by the Securities
submitted earlier that year, which was
that the introduction of this percentage- and Exchange Commission (SEC) in
the first time these annual reports were
of-assets threshold strikes an 2003 implementing the requirement in
required to be filed with the FDIC.1
appropriate balance between insured section 404 of SOX for a management
institution financial data and audit 4. Definitions report on internal control over financial
coverage and the cost of compliance reporting requires the identification of
with part 363. The FDIC is proposing to add
§ 363.1(d), Definitions, to define several the internal control framework
As a related matter, guideline 3 to part management used to evaluate the
common terms used in part 363 and the
363, Compliance by Holding Company effectiveness of these controls and the
guidelines.
Subsidiaries, states that when a holding disclosure of any identified material
company submits audited consolidated B. Annual Reporting Requirements weakness.
financial statements and other reports or (§ 363.2 and Guidelines 5–12) Accordingly, to provide clearer
notices required by part 363 on behalf guidance on what should be included in
1. Audited Financial Statements
of any subsidiary institution, an the management report, the FDIC is
accompanying cover letter should Consistent with sound management proposing to expand § 363.2(b). As
identify all subsidiary institutions to practices and the objective of internal proposed, § 363.2(b) would require
which the statements, reports, or other control over financial reporting, the management’s assessment of
notices pertain. Because many cover FDIC is proposing to amend § 363.2(a) to compliance with the designated safety
letters received by the FDIC have not require that the annual financial and soundness laws and regulations to
sufficiently identified these subsidiary statements reflect all material correcting include a clear statement as to
institutions, the FDIC is proposing to adjustments identified by the management’s conclusion regarding
amend guideline 3 to clarify what independent public accountant. compliance and disclose any
information should be included in the Financial statements issued by insured noncompliance with such laws and
cover letter. For example, for a Part 363 depository institutions that are public regulations. In addition, amended
Annual Report, the cover letter should companies or by their parent holding § 363.2(b) would require management’s
identify the subsidiary institutions companies that are public companies assessment of internal control over
subject to part 363 included in the are already subject to such a financial reporting to identify the
holding company’s consolidated requirement pursuant to section 401 of internal control framework that
financial statements and state whether SOX. The FDIC believes this management used to make its
the other annual report requirements are requirement should also apply to evaluation, include a statement that the
being satisfied for these institutions at evaluation included controls over the
the holding company level or at the 1 See FDIC Financial Institution Letter (FIL) 86– preparation of regulatory financial
institution level. 94, dated December 23, 1994. statements, include a clear statement as
to management’s conclusion regarding institution level. As a result, the FDIC 363, the FDIC is proposing to add
the effectiveness of internal control over believes institutions would benefit from guideline 8A, Management’s
financial reporting, disclose all material clearer guidance regarding who must Assessment of the Effectiveness of
weaknesses identified by management, sign the management report. Therefore, Internal Control Over Financial
and preclude management from the FDIC is proposing to add § 363.2(c) Reporting. For an institution with $1
concluding that internal control over to specify which corporate officers must billion or more in total assets that is
financial reporting is effective if there sign the management report and also the subject to both part 363 and the SEC’s
are any material weaknesses. level of the corporate signers (i.e., rules implementing section 404 of SOX
Because part 363 and its guidelines insured depository institution level or (or whose parent holding company is
provide only limited guidance the holding company level). subject to section 404 provided the
concerning the contents of the condition in § 363.1(b)(2) is met), the
management report and the related 4. Institutions Merged Out of Existence proposed guideline describes two
signature requirements for this report, Currently, part 363 does not exempt options for complying with the filing
institutions and auditors have expressed an institution that is merged out of requirements regarding management’s
interest in examples of acceptable existence after the end of its fiscal year report on internal control over financial
reports. Therefore, to assist management but before the deadline for filing its Part reporting. These options are to prepare
of insured depository institutions in 363 Annual Report from filing an (1) a separate report to satisfy the FDIC’s
complying with the annual reporting annual report. Such institutions part 363 requirements and prepare a
requirements of § 363.2, the FDIC is typically submit a written request for separate report to satisfy the SEC’s
proposing to add ‘‘Appendix B to Part relief from the annual report filing section 404 requirements, or (2) a single
363—Illustrative Management Reports.’’ requirement and the request is approved report that satisfies all of the FDIC’s part
Proposed Appendix B would provide by the FDIC. To reduce regulatory 363 requirements and all of the SEC’s
guidance regarding reporting scenarios burden and provide certainty for section 404 requirements.
that satisfy the annual reporting merging institutions, the FDIC is
requirements of part 363, illustrative 6. Internal Control Reports for Acquired
proposing to add guideline 5A, Businesses
management reports, and an illustrative Institutions Merged Out of Existence, to
cover letter for use when an institution explicitly provide relief from filing a Currently, under the reporting
complies with the annual reporting Part 363 Annual Report to an institution requirements of part 363, both
requirements at the holding company that is merged out of existence after the management’s and the related
level. The use of the wording in the end of its fiscal year, but before the independent public accountant’s
illustrative management reports and deadline for filing its Part 363 Annual evaluation of an institution’s internal
cover letter would not be required. Report. However, a covered institution control over financial reporting must
Regarding management’s that is acquired after the end of its fiscal include controls at an institution in its
responsibility for assessing compliance year, but retains its separate corporate entirety, including all of its
with the designated safety and existence rather than being merged out consolidated businesses, including
soundness laws and regulations, the of existence, would continue to be businesses that were recently acquired.
FDIC is proposing to revise and update required to file a part 363 Annual However, the FDIC recognizes that it
Table 1 to Appendix A of part 363 to Report for that fiscal year. may not always be possible for
reflect changes in these safety and management to conduct an evaluation of
soundness laws and regulations that 5. Management’s Assessment of the the internal control over financial
have occurred since this table was last Effectiveness of Internal Control Over reporting of an acquired business in the
revised in 1997. Financial Reporting period between the consummation date
The FDIC has publicly advised of the acquisition and the due date of
3. Management Report Signatures
institutions with $1 billion or more in management’s internal control
Section 36(b)(2) of the FDI Act total assets that are public companies or evaluation. For public companies
requires an institution’s management subsidiaries of public companies that subject to the internal control reporting
report to be signed by the chief they have considerable flexibility in requirements of section 404 of SOX, the
executive officer and the chief determining how best to satisfy the SEC staff has also acknowledged that
accounting officer or chief financial SEC’s requirements for management’s conducting an internal control
officer. In its reviews of management assessment of internal control over evaluation of such an acquired business
reports, the FDIC has encountered financial reporting which implement may not always be possible. This led the
inconsistencies between the level at section 404 of SOX, and the FDIC’s SEC staff to provide guidance to public
which the management report requirements in part 363.2 The reporting companies stating that the staff would
components are being satisfied (insured not object to the exclusion of the
flexibility available to institutions
depository institution level versus acquired business from management’s
subject to both the section 404 and the
holding company level) and the evaluation of internal control over
part 363 requirements was initially
corporate level of the officers who are financial reporting, provided certain
described in the preamble to the SEC’s
signing the management report. More disclosures are made and other
section 404 final rule release (68 FR
specifically, management reports are conditions are met.3 The FDIC has
36642, June 18, 2003). This final rule
often not signed by the officers at the received several written requests from
release explained that the flexible
appropriate corporate level when the institutions subject to the internal
reporting approach described in the
audited financial statements control reporting requirements of part
preamble had been developed by the
requirement is satisfied at the holding 363 concerning their ability to exclude
SEC staff in consultation with the staff

company level or when one or more of
of the federal banking agencies. To
the components of the management 3 See Question 3 in the SEC staff’s Frequently
codify this reporting flexibility in part Asked Questions on Management’s Report on
report is satisfied at the holding
Internal Control Over Financial Reporting and
company level and the remaining 2 70 FR 71231, November 28, 2005; 70 FR 44295, Certification of Disclosure in Exchange Act Periodic
components of the management report August 2, 2005; FDIC Financial Institution Letter Reports at http://www.sec.gov/info/accountants/
are satisfied at the insured depository (FIL) 137–2004, December 21, 2004. controlfaq1004.htm.
recently acquired businesses from the preamble to the SEC’s section 404 final company’s financial statements should
scope of management’s internal control rule release (68 FR 36648, June 18, report on a timely basis to the
evaluation as of the end of the year of 2003). The FDIC believes that a company’s audit committee: (1) All
the acquisition. The FDIC staff has framework with these attributes is critical accounting policies, (2)
granted such requests for relief subject appropriate for all institutions whether alternative accounting treatments
to the same disclosure parameters and or not they are public companies. discussed with management, and (3)
other conditions that are laid out in the written communications provided to
SEC staff’s guidance on this matter. C. Independent Public Accountant
management, such as a management
To reduce regulatory burden, (§ 363.3 and Guidelines 13–21)
letter or schedule of unadjusted
including the burden of submitting 1. Internal Control Over Financial differences. These reporting
written requests to the FDIC, and Reporting requirements are intended to strengthen
provide certainty to institutions, the the relationship between the audit
FDIC is proposing to add guideline 8B, As with its experience in reviewing
the portion of the management report in committee and the accountant. The
Internal Control Reports for Acquired FDIC has previously stated that effective
Businesses, to explicitly provide relief which management provides its
assessment of the effectiveness of the communication between the accountant
from the reporting requirements who audits the institution’s financial
regarding internal control over financial institution’s internal control over
financial reporting, the FDIC has found statements and the institution’s audit
reporting related to business committee assists the audit committee
acquisitions made by an institution some independent public accountants’
internal control attestation reports to be in carrying out its responsibilities. For
during its fiscal year. As proposed and this reason, the FDIC encouraged
consistent with the SEC staff’s guidance, less than sufficiently informative. Such
attestation reports are, therefore, institutions, regardless of whether they
guideline 8B would permit are public companies or not, to arrange
management’s evaluation of internal inconsistent with the objectives of
section 36 of the FDI Act. As a with their accountant to institute these
control over financial reporting to reporting practices.4 Requirements that
exclude internal control over financial consequence, the FDIC is proposing to
amend § 363.3(b), which governs the are similar, but not identical, to those
reporting for the acquired business, set forth in section 204 apply to
provided management’s report identifies independent public accountant’s report
on internal control over financial accountants who audit the financial
the acquired business, states that the statements of entities that are not
acquired business is excluded from reporting, to specify that, consistent
with generally accepted standards for public.5 Therefore, consistent with
management’s evaluation of internal current best practices and standards for
control over financial reporting, and attestation engagements, the Public
Company Accounting Oversight Board’s audits of both public and non-public
indicates the significance of the entities, the FDIC is proposing to amend
acquired business to the institution’s (PCAOB) auditing standards, and
related PCAOB staff implementation part 363 by adding § 363.3(d),
consolidated financial statements. Also, Communications with audit committee,
proposed guideline 8B would clarify guidance, the accountant’s report must:
• Not be dated prior to the date of to set a uniform minimum requirement
that if the acquired business is an for such communication. As proposed,
insured depository institution that is management’s report on its assessment
of the effectiveness of internal control § 363.3(d) would require the
subject to part 363 and it is not merged independent public accountant to report
out of existence before the deadline for over financial reporting;
• Identify the internal control the information identified in section 204
filing its Part 363 Annual Report, the
framework that the accountant used to of SOX to the audit committee.
acquired business (institution) must
continue to comply with all of the make the evaluation (which must be the 3. Retention of Working Papers
applicable requirements of part 363. same as the internal control framework
Section 36(g)(3)(A) of the FDI Act
used by management);
7. Standards for Internal Control • Include a statement that the states that an independent public
At present, guideline 10, Standards accountant’s evaluation included accountant who performs audit services
for Internal Control, provides that each controls over the preparation of required by section 36 must agree to
institution should determine its own regulatory financial statements; provide related working papers to the
standards for establishing, maintaining, • Include a clear statement as to the FDIC, any appropriate federal banking
and assessing the effectiveness of its accountant’s conclusion regarding the agency, and any state bank supervisor.
internal control over financial reporting. effectiveness of internal control over However, when seeking to review audit
However, the guideline does not financial reporting; working papers, the FDIC has
describe the characteristics of a suitable • Disclose all material weaknesses previously encountered situations
internal control framework. identified by the accountant; and where the working papers had been
Accordingly, the FDIC is proposing to • Conclude that internal control is retained for only a limited number of
amend guideline 10 to provide guidance ineffective if there are any material years. The SEC’s rules and the PCAOB’s
regarding the attributes of a suitable weaknesses. auditing standards implementing
internal control framework to be used The FDIC is also proposing to amend sections 802 and 103 of SOX,
by management in its evaluation of an guideline 18, Attestation Report, to be respectively, now specify a 7-year
institution’s internal control over consistent with § 363.3(b)(2) by retention period for audit working
financial reporting. Recognizing that a reiterating that the attestation report on papers. The American Institute of
significant percentage of institutions internal control over financial reporting Certified Public Accountants’ (AICPA)
subject to part 363 or their parent should include a statement as to auditing standards provide that the
holding companies are also subject to regulatory reporting. retention period for audit working
the internal control reporting
requirements of section 404 of SOX, the 2. Communications With Audit 4 See FDIC Financial Institution Letter (FIL) 17–
attributes described in amended Committee 2003, dated March 5, 2003.

5 See Statement on Auditing Standards No. 114,
guideline 10 are consistent with the According to section 204 of SOX, an The Auditor’s Communication With Those Charged
attributes the SEC described in the accountant who audits a public With Governance, December 2006.
papers should not be shorter than five guidelines. At present, guideline 15 to submitting the letter it provided to
years.6 Since the retention period part 363 provides that to be acceptable, management to be filed with the
applicable to audits of public companies a peer review should, among other institution’s or the holding company’s
is seven years, the FDIC believes that a things, be generally consistent with current report filed with the SEC or the
uniform retention period should apply AICPA standards. Since part 363 was appropriate federal banking agency or
to audits of all institutions subject to originally adopted, the PCAOB has been (2) relying on the institution’s or the
part 363. Accordingly, consistent with created and conducts inspections of holding company’s current report filed
the current practices and professional registered public accounting firms, some by management with the FDIC that
standards for audits of both public and of which audit insured depository includes the independent public
non-public entities, the FDIC is institutions subject to part 363 or their accountant’s notice of termination of its
proposing to amend part 363 by adding parent holding companies. These services, provided the independent
§ 363.3(e), Retention of working papers. inspections serve a similar purpose as public accountant confirms that
As proposed, § 363.3(e) would require peer reviews. In addition, the PCAOB management has filed a current report
the independent public accountant to issues reports on its inspections of these that includes the accountant’s letter to
retain the working papers related to its accounting firms. satisfy the requirements of § 363.3(c).
audit of the financial statements and, if In response to this development and
in light of the agencies’ issuance of rules D. Filing and Notice Requirements
applicable, its evaluation of internal (§ 363.4 and Guidelines 22–26)
control over financial reporting for of practice implementing the
seven years. enforcement provisions of section 36, as 1. Annual Reporting
mentioned above, the FDIC is proposing
4. Independence Currently, the annual reporting
to add new § 363.3(g) on peer reviews.
requirements of part 363 require each
Section 36 of the FDI Act states that The FDIC would move the requirements
insured depository institution to file its
an ‘‘independent public accountant’’ for peer reviews and retention of the
Part 363 Annual Report within 90 days
must perform the audit and attestation peer review working papers from
after the end of its fiscal year. Part 363
services required by section 36 but it guideline 15, Peer Reviews, to § 363.3(g).
also requires each institution to file the
does not define ‘‘independent,’’ leaving In addition, the requirements for filing
independent public accountant’s report
this to the FDIC’s rulemaking authority. peer review reports would be moved to
on the audited financial statements and,
As adopted by the FDIC in 1993, part new § 363.3(g) from guideline 16, Filing
if applicable, the accountant’s
363 includes guideline 14, Peer Review Reports. As proposed,
§ 363.3(g) would also clarify that attestation report on management’s
Independence, which identifies the assessment of internal control over
independence standards applicable to acceptable peer reviews include peer
reviews performed in accordance with financial reporting, both of which are
accountants performing services under components of the Part 363 Annual
section 36 and part 363. In 2003, the the AICPA’s Peer Review Standards and
inspections conducted by the PCAOB. It Report, within 15 days of receipt by the
agencies jointly issued rules of practice institution, which can present a conflict
to implement the enforcement would also provide that the FDIC would
not make available for public inspection with the annual report filing
provisions of section 36(g)(4), which requirement. The FDIC is also aware of
authorize the FDIC or an appropriate the portion of any peer review report
and inspection report determined to be the impact that earlier filing deadlines
federal banking agency to remove, established by the SEC for annual
suspend, or bar an accountant, for good nonpublic by the AICPA and the
PCAOB, respectively. Finally, the FDIC reports filed by certain public
cause, from performing audit and companies under the federal securities
attestation services for institutions is proposing to revise guideline 15 to
explain that a peer review, other than a laws (e.g., SEC Form 10–K) and more
subject to section 36 and part 363.7 To robust auditing standards related to
enhance the enforceability of the PCAOB inspection, should be generally
consistent with AICPA Peer Review internal control over financial reporting
independence standards with which an have had on the management of
accountant must comply for purposes of Standards.
institutions, on the resources of
part 363, the FDIC is proposing to move 6. Notice of Termination independent public accountants, and on
the independence requirements for auditing costs. To reduce cost and
Guideline 26, Notices Concerning
independent public accountants from burden, the FDIC is proposing to amend
Accountants, permits an institution that
guideline 14, Independence, to new § 363.4(a) by extending the time period
is a public company or a subsidiary of
§ 363.3(f), Independence. As proposed, within which an insured depository
a public company to satisfy the
§ 363.3(f) would also clarify that the institution that is not a public company
requirement for filing a notice of
independent public accountant must or a subsidiary of a public company
termination of its independent public
comply with the independence must file its Part 363 Annual Report
accountant by using its current report
standards and interpretations of the from within 90 days to within 120 days
(e.g., SEC Form 8–K) concerning a
PCAOB that have been approved by the after the end of its fiscal year. An
change in accountant to satisfy the
SEC in addition to the independence similar notice requirements of part 363. insured depository institution that is a
standards and interpretations of the To reduce regulatory burden and public company, or that is a subsidiary
AICPA and the SEC. provide flexibility to the independent of a public company that meets certain
5. Peer Reviews public accountant of such an institution, criteria, would continue to be required
Section 36(g)(3)(A)(ii) of the FDI Act the FDIC is proposing to amend to file its Part 363 Annual Report within
requires an independent public guideline 20, Notice of Termination, to 90 days after the end of its fiscal year,
permit the independent public which is consistent with the maximum
accountant to have received a peer

review or be enrolled in a peer review accountant to satisfy the requirement to time frame that public companies have
program that meets acceptable file a notice of termination of its for filing annual reports under the
services in a similar manner. As federal securities laws. The FDIC would
6 See Statement on Auditing Standards No. 103, proposed, the independent public also eliminate the ambiguity in § 363.4
Audit Documentation, December 2006. accountant generally could satisfy the concerning the filing deadline for the
7 68 FR 48256, August 13, 2003. part 363 notice requirement by (1) components of the Part 363 Annual
Report that are prepared by the In the Interagency Advisory on the late filing before the filing deadline for
independent public accountant. Unsafe and Unsound Use of Limitation the report or notice. The late filing
An insured depository institution of Liability Provisions in External Audit notice shall disclose the institution’s
with consolidated total assets of less Engagement Letters, the federal banking inability to timely file all or specified
than $1 billion that is a public company agencies expressed their concerns about portions of its Part 363 Annual Report
or a subsidiary of a public company is limitation of liability provisions or other report or notice, the reasons
required to file management’s included in external audit engagement therefore in reasonable detail, and the
assessment of the effectiveness of letters and advised institutions against date when the report or notice will be
internal control over financial reporting entering into engagement letters filed.
with the SEC or the appropriate federal containing such provisions.8 To enable The FDIC is also proposing to amend
banking agency in accordance with the the FDIC to timely review institutions’ guideline 23 by changing its focus from
compliance dates of the SEC’s rules engagement letters with their extension requests to late filing notices
implementing section 404 of SOX. independent public accountants, the consistent with the approach taken in
Management’s findings and conclusions FDIC is also proposing to amend new § 363.4(e). Amended guideline 23
with respect to internal control over § 363.4(c) to require institutions to file would explain that submitting a late
financial reporting, as disclosed in the copies of audit engagement letters, filing notice would not cure the
assessment that management files with including any related agreements and apparent violation of part 363 arising
the SEC or the appropriate federal amendments, with the FDIC, the from an institution’s failure to timely
banking agency, provide information appropriate federal banking agency, and file a Part 363 Annual Report or any
that would aid in meeting the objective any appropriate state bank supervisor other required report or notice. The
of section 36 of the FDI Act. within 15 days of acceptance by the supervisory response to such an
Therefore, the FDIC is proposing to institution. apparent violation would take into
add a provision to § 363.4(a) that would account the facts and circumstances
require an institution of this size to 3. Notification of Late Filing
surrounding an institution’s delay in
submit a copy of management’s section Guideline 23, Relief from Filing filing. As proposed, guideline 23 would
404 internal control assessment with its Deadlines, currently provides that in the also provide that, if the late filing
Part 363 Annual Report, but this occasional event that an institution is applies to only a portion of the Part 363
assessment will not be considered part confronted with extraordinary Annual Report or any other report or
of the institution’s Part 363 Annual circumstances beyond its reasonable notice, the components of the report or
Report. control that justifies an extension of the notice that have been completed should
deadline for filing its Part 363 Annual be filed within the prescribed filing
2. Independent Public Accountant’s
Report or another required report or period accompanied by either a cover
Reports
notice, the institution may submit a letter that indicates which components
Section 36(h)(2)(A) of the FDI Act and written request for an extension of the
§ 363.4(c) require an institution to file a are omitted or a combined late filing
filing deadline of not more than 30 days
copy of any management letter or other notice and cover letter.
that explains the reasons for the request.
report issued by its independent public Such a request may be granted for good 4. Place for Filing
accountant that pertains to the financial cause. Over the last several years, the Current guideline 22 identifies the
statement audit and the attestation on reasons set forth in the requests for office of the FDIC, the appropriate
internal control over financial reporting extensions of time for filing Part 363 federal banking agency, and the
within 15 days after receipt by the Annual Reports that have been appropriate state bank supervisor to
institution. The FDIC’s experience in submitted to the FDIC generally did not
administering part 363 indicates that which reports and notices (other than
represent extraordinary circumstances peer review reports) required by part
institutions are often uncertain as to beyond the institution’s reasonable
which types of reports they receive from 363 are to be filed. Nevertheless, the
control, the standard currently set forth FDIC has found that some institutions
their independent public accountant in guideline 23. Also, several extension
must be submitted to the FDIC, the submit required reports and notices to
requests were repeats of requests from incorrect locations. The FDIC staff also
appropriate federal banking agency, and the same institutions from the previous
any appropriate state bank supervisor receives questions from institutions
year. asking where reports and notices should
pursuant to this filing requirement. As Based upon this experience and given
stated above, this uncertainty extends to be filed. To make the information as to
the proposed amendment to § 363.4(a)
this 15-day filing requirement and its where Part 363 Annual Reports, written
to extend the filing deadline for Part 363
relationship to the filing deadline for notices of late filing, and other reports
Annual Reports for non-public
the Part 363 Annual Report. To clarify and notices (except peer review reports)
institutions from 90 to 120 days, the
the requirements for the filing of are to be filed more prominent, the FDIC
FDIC is proposing to replace the
accountants’ reports, the FDIC is is proposing to move this information
extensions of time for filing reports that
proposing to amend § 363.4(c), from guideline 22, Place for Filing, to a
are available only in extraordinary
Independent public accountant’s letters new § 363.4(f), Place for filing.
circumstances under guideline 23 with
and reports, by providing examples of a new § 363.4(e), E. Audit Committees (§ 363.5 and
the types of reports issued by an Notification of late filing. In place of Guidelines 27–35)
institution’s independent public filing extensions that have limited
accountant, except for the accountant’s applicability, this new section would be 1. Composition
reports that are required to be included applicable to all institutions and would Section 36(g)(1) of the FDI Act and
in the institution’s Part 363 Annual require an institution that is unable to § 363.5(a) require each insured
Report, that are to be filed within 15 timely file all or any portion of its Part depository institution subject to part
days after receipt. Guideline 25, 363 Annual Report or any other report 363 to have an independent audit
Independent Accountant’s Reports, or notice to submit a written notice of committee comprised entirely of outside
would be deleted because it would be directors. As defined in § 363.5(a)(3), in
redundant and no longer needed. 8 71 FR 6847, February 9, 2006. general, an outside director is a director
who is not an officer or employee of the are so general that they fail to provide national securities exchange on which
institution or any affiliate of the meaningful guidance to boards of the public institution or its public
institution. In addition, the outside directors. At the same time, many of the parent company is listed for purposes of
directors who serve on the audit institutions subject to part 363 or their determining audit committee member
committee must be ‘‘independent of parent holding companies are public independence. Similarly, all other
management,’’ although a minority of companies with securities listed on a institutions, including those that are not
the audit committee members of national securities exchange. Under the public companies, may elect to use the
institutions with $500 million or more SEC’s Rule 10A–3 (17 CFR § 240.10A– audit committee provisions of the listing
but less than $1 billion in total assets 3), each audit committee member of a standards of a national securities
need not be ‘‘independent of listed issuer must be a director of the exchange or association for determining
management.’’ According to guideline issuer and must otherwise be audit committee member independence.
27, Composition, each institution’s independent. The listing standards of
3. Duties
board of directors is responsible for the national securities exchange must
determining at least annually whether set forth the criteria for determining the According to section 36(g)(1)(B) of the
existing and potential audit committee independence of directors who are to FDI Act and § 363.5(a), an audit
members satisfy the requirements serve on a listed issuer’s audit committee’s duties include reviewing
governing audit committee composition. committee. the basis for the Part 363 Annual Report
Guidelines 28 and 29 set forth certain Based on its review, the FDIC believes with both management and the
factors for boards of directors to that the independence criteria for audit independent public accountant.
consider in determining whether an committee members included in the Guideline 31 further provides that the
outside director is ‘‘independent of listing standards of the national audit committee’s duties should be
management.’’ securities exchanges, together with the appropriate to the size of the institution
In order for a board of directors to FDIC’s existing stock ownership and the complexity of its operations and
perform its evaluation of audit criterion in guideline 29, represent an it identifies additional duties that could
committee members in a consistent, appropriate framework for determining be appropriate for the audit committee.
effective, and reviewable manner, the whether an outside director is These additional duties include
FDIC believes the board should be ‘‘independent of management’’ for discussing with management the
guided by an approved policy or set of purposes of part 363. Furthermore, for selection and termination of the
criteria that identifies the factors to be an institution whose audit committee institution’s independent public
taken into account by the board. members or whose parent holding accountant. In addition, guideline 26
Accordingly, the FDIC is proposing to company’s audit committee members, if provides that, before engaging an
amend guideline 27 to state that an the holding company meets the holding independent public accountant, an
institution’s board of directors should company provisions of § 363.1(b), are institution should review and satisfy
maintain and use an approved set of subject to the listing standards of a itself that the accountant is in
written criteria for evaluating audit national securities exchange, allowing compliance with the required
committee member independence and the institution to use these standards for qualifications set forth in guidelines 13
that the results of and basis for the part 363 purposes will reduce the through 15, including the accountant’s
board’s determination with respect to institution’s burden. independence and receipt of a peer
each existing and potential audit Therefore, the FDIC is proposing to review.
committee member should be recorded combine guidelines 28 and 29 and Under section 301 of SOX, the audit
in the board’s minutes. provide expanded guidance for an committee of each public company
Guideline 30, Holding Company institution’s board of directors to use in listed on a national securities exchange
Audit Committees, provides guidance its assessment of an outside director’s or association must be responsible for
for complying with the audit committee relationship to the institution for the the appointment, compensation, and
requirements of part 363 at the holding purposes of making ‘‘independent of oversight of the accounting firm engaged
company level. The FDIC is proposing management’’ determinations regarding to prepare or issue an audit report or
to amend guideline 30 for consistency audit committee members. For example, perform related work. As the SEC noted
with the proposed revisions to the the proposed amendment to guideline when it adopted its final rule
holding company provisions of 28 includes a list of criteria that an implementing section 301, ‘‘the auditing
§ 363.1(b) and to reflect the difference in institution’s board of directors should process may be compromised when a
the audit committee composition consider when determining whether an company’s outside auditors view their
requirements in § 363.5(a) for outside director would be considered responsibility as serving the company’s
institutions with more than and less ‘‘independent of management.’’ In management rather than its full board of
than $1 billion in total assets. developing the proposed list of criteria, directors or audit committee. This may
the FDIC considered the portion of the occur if the auditor views management
2. ‘‘Independent of Management’’ listing standards of the national as the employer with hiring, firing and
Considerations securities exchanges that apply to audit compensating powers. Under these
Guideline 28, ‘‘Independent of committees. An institution’s board of conditions, the auditor may not have the
Management’’ Considerations, identifies directors may also conclude that it appropriate incentive to raise concerns
five factors for a board of directors to should consider additional criteria that and conduct an objective review. * * *
consider when determining the may be appropriate in its particular One way to help promote auditor
independence of an outside director. circumstances. As an alternative to the independence, then, is for the auditor to
Guideline 29, Lack of Independence, listed criteria, proposed guideline 28 be hired, evaluated and, if necessary,
states that a director who owns or would permit an institution that is a terminated by the audit committee.’’
controls 10 percent or more of any class public company or that is a subsidiary Because the intent and purpose of
of the institution’s voting securities of a public company, when the holding section 36 of the FDI Act is the early
should not be considered ‘‘independent company provisions of § 363.1(b) are identification of needed improvements
of management.’’ The FDIC has found met, to apply the audit committee in financial management, it is critical
that some of the factors in guideline 28 provisions of the listing standards of the for the accountants that perform audit
and attestation services for insured central to achieving the intent and regulation took effect in 1993, with a
depository institutions subject to section purpose of section 36 of the FDI Act. revised guideline 35, ‘‘Transition Period
36 to have an appropriate incentive to Therefore, the FDIC is proposing to add for Forming and Restructuring Audit
raise concerns and conduct an objective § 363.5(c), Independent public Committees.’’ As proposed, guideline 35
review. In this regard, the FDIC believes accountant engagement letters, and would provide a one-year transition
it is a sound corporate governance amend guideline 31, Duties, to period for forming or restructuring the
practice for an institution’s audit incorporate the principal provisions of audit committee when an institution
committee, rather than its management, the Interagency Advisory. first becomes subject to part 363, when
to be responsible for the appointment, As proposed, § 363.5(c) and guideline an institution’s assets first reach the
compensation, and oversight of the 31 would require the audit committee to $1 billion asset-size threshold, and
accountant, regardless of whether the ensure that audit engagement letters and when an institution’s assets first reach
institution is a public company. any related agreements with the the $3 billion asset-size threshold. The
Therefore, the FDIC is proposing to independent public accountant for proposed revised guideline would state
amend § 363.5(a), Composition and services to be performed under part 363 that, when an institution first crosses
duties, and guideline 31, Duties, to do not contain any limitation of liability one of these three thresholds based on
specify that, in addition to reviewing provisions that: (1) Indemnify the its total assets at the beginning of its
with management and the independent independent public accountant against fiscal year, no regulatory action would
public accountant the basis for the claims made by third parties; (2) hold be taken if the institution forms or
reports issued under part 363, the duties harmless or release the independent restructures its audit committee to
of the audit committee include the public accountant from liability for comply with the applicable
appointment, compensation, and claims or potential claims that might be requirements governing the composition
oversight of the independent public asserted by the client insured depository of the committee by the end of that
accountant who performs services institution, other than claims for fiscal year, provided the institution
required under part 363. In order to punitive damages; or (3) limit the complied with any applicable audit
discharge these duties with respect to remedies available to the client insured committee requirements for its
the independent public accountant, the depository institution. Consistent with preceding fiscal year.
audit committee should also review and the Interagency Advisory, the proposed
satisfy itself as to the independent amendment would not preclude the use F. Other Changes to Part 363
public accountant’s compliance with of alternative dispute resolution The FDIC also proposes to make other
the independence, peer review, and agreements and jury trial waivers. changes to part 363 to improve its
other qualifications under part 363. clarity, readability, and consistency of
5. Transition Period for Forming and
Additionally, the audit committee language, and to correct or eliminate
Restructuring Audit Committees
should be familiar with and ensure outdated terms, references, and
management’s compliance with the When an insured depository provisions in the regulation and
requirement to file notices concerning institution first exceeds the $500 appendix A.
the engagement, resignation, or million total assets threshold and
dismissal of an independent public becomes subject to part 363, particularly G. Proposed Amendment to Part 308,
accountant. The FDIC is proposing to an institution with few shareholders, Subpart U
include these duties in guideline 31. the FDIC has observed that, in some In August 2003, pursuant to section
cases, such an institution encounters 36(g)(4) of the FDI Act, the FDIC and the
4. Independent Public Accountant difficulty in satisfying the requirements
Engagement Letters other federal banking agencies jointly
governing the composition of the issued final rules governing their
In response to an observed increase in independent audit committee. If the authority to take disciplinary actions
the types and frequency of provisions in board of directors lacks a sufficient against independent public accountants
financial institutions’ external audit number of outside directors who are and accounting firms that perform audit
engagement letters that limit the independent of management to serve on and attestation services required by
auditors’ liability, the federal banking the audit committee, the board members section 36.10 Under the final rules,
agencies issued an Interagency Advisory must identify and attract qualified certain violations of law, negligent
on the Unsafe and Unsound Use of individuals in their community who conduct, reckless violation of
Limitation of Liability Provisions in would be willing to become directors professional standards, or lack of
External Audit Engagement Letters and audit committee members and who qualifications to perform auditing
(Interagency Advisory) in February would be ‘‘independent of services may be considered good cause
2006.9 When they issued the management.’’ The lack of guidance in to remove, suspend, or bar an
Interagency Advisory, the agencies part 363 on the amount of time in which accountant or firm from providing audit
stated their belief that when institutions an institution must bring its audit and attestation services for institutions
agree to limit their external auditors’ committee into compliance with the subject to section 36. The rules also
liability in provisions in engagement requirements governing its composition prohibit an accountant or accounting
letters, such provisions may weaken the when an institution first becomes firm from performing these services if
external auditors’ objectivity, subject to part 363 further complicates the accountant or firm has been
impartiality, and performance, which this process. This lack of guidance on removed, suspended, or debarred by one
may reduce the reliability of audits and the time frame for attaining compliance of the agencies, or if the SEC or PCAOB
thereby raise safety and soundness also affects the other two asset-size takes certain disciplinary actions against
concerns. The reliability of audits is thresholds applicable to audit
the accountant or firm. Additionally, the

committee composition. final rules require an accountant or an
9 See 71 FR 6847, February 9, 2006, and FDIC To provide both clarity and regulatory
Financial Institution Letter (FIL) 13–2006, issued on accounting firm to provide the agencies
relief, the FDIC is proposing to replace
the same date. The Federal Financial Institutions
Examination Council on behalf of the agencies
outdated guideline 35, which dealt with 10 See 68 FR 48256, April 13, 2003, and the
issued the Interagency Advisory in proposed form compliance with the audit committee FDIC’s Financial Institution Letter (FIL) FIL–66–
for public comment on May 10, 2005 (70 FR 24576). requirements of part 363 when the 2006, dated August 18, 2003.
with written notification of the use plain language in all proposed and control number 3064–0113, pursuant to
accountant’s or firm’s removal, final rules published after January 1, the Paperwork Reduction Act (44 U.S.C.
suspension, or debarment. Part 308, 2000. We invite your comments on how 3501 et seq). The principal revisions
subpart U, of the FDIC’s rules and to make this proposal easier to that bear on the collection of
regulations implements the understand. For example: information under part 363 are the
requirements of section 36(g)(4) of the • Have we organized the material to extension of the filing deadline for the
FDI Act for institutions that are suit your needs? If not, how could this Part 363 Annual Report from 90 to 120
supervised by the FDIC. The FDIC is material be better organized? days after the end of the fiscal year for
proposing to amend § 308.604(c) to • Are the requirements in the an institution that is not a public
identify the FDIC location where an proposed regulation clearly stated? If company or a subsidiary of a public
accountant or accounting firm should not, how could the regulation be more company, the replacement of 30-day
file required notices of orders and clearly stated? extension requests (when an institution
actions regarding removal, suspension, • Does the proposed regulation is confronted with extraordinary
or debarment. contain language or jargon that is not circumstances beyond its reasonable
clear? If so, which language requires control) with late filing notices
IV. Request for Comments clarification? (regardless of the reason), the
The FDIC welcomes comments on all • Would a different format (grouping modification of the criteria governing
aspects of this proposal. In particular, and order of sections, use of headings, the acceptability of reports at the
the FDIC invites comments on the paragraphing) make the regulation holding company level rather than at
following: easier to understand? If so, what the institution level, the expanded
1. As proposed, the rule would changes to the format would make the guidance on the content of the
require management’s assessment of regulation easier to understand? management report and the
compliance with designated safety and • What else could we do to make the independent public accountant’s
soundness laws and regulations to regulation easier to understand? internal control attestation report, the
include a clear statement as to board of directors’ use of an approved
management’s conclusion regarding VI. Solicitation of Comments on Impact
on Community Banks set of written criteria for determining
compliance and disclose any whether an audit committee member is
noncompliance with such laws and The FDIC seeks comments on the an outside director and is ‘‘independent
regulations. The designated safety and impact of this proposal on community of management,’’ and the new
soundness laws and regulations relate to banks. The FDIC recognizes that guidelines for institutions merged out of
loans to insiders and dividend community banks operate with more existence and for internal control
restrictions. Management’s assessment limited resources than larger reports for acquired businesses. It is
of compliance is included in the institutions and may present a different anticipated that the overall effect of
management report within the Part 363 risk profile. Thus, the FDIC specifically these changes will be a small burden
Annual Report, which is available for requests comments on the impact of the increase for affected insured
public inspection. Should the disclosure proposal on community banks’ current institutions. Comments are invited on:
of instances of noncompliance with resources, including personnel, and (a) Whether this collection of
these designated laws and regulations whether the goals of the proposed rule information is necessary for the proper
be made available for public inspection could be achieved, for community performance of the FDIC’s functions,
or should the FDIC designate such banks, through an alternative approach. including whether the information has
disclosure as privileged and practical utility; (b) the accuracy of the
VII. Regulatory Flexibility Act Analysis
confidential and not available to the estimates of the burden of the
public? The Regulatory Flexibility Act (RFA) information collection; (c) ways to
2. As proposed, the rule would requires that each federal agency either enhance the quality, utility, and clarity
require the total assets of a holding certify that a proposed rule would not, of the information to be collected; and
company’s insured depository if adopted in final form, have a (d) ways to minimize the burden of the
institution subsidiaries to comprise 75 significant economic impact on a information collection on respondents,
percent or more of the holding substantial number of small entities or including through the use of automated
company’s consolidated total assets as prepare an initial regulatory flexibility collection techniques or other forms of
of the beginning of its fiscal year in analysis (IRFA) of the proposal and information technology.
order for an institution to comply with publish the analysis for comment. See 5 Comments should be addressed to
part 363 at the holding company level. U.S.C. 603, 605. The Small Business Steven F. Hanft, Paperwork Clearance
The holding company could be the Administration (SBA) defines small Officer, Room F–1062, Federal Deposit
institution’s top-tier or any mid-tier banks as those with less than $165 Insurance Corporation, 550 17th Street,
holding company that meets the 75 million in assets. Because this rule NW., Washington, DC 20429, with
percent threshold. Considering the costs expressly exempts insured depository copies to the OMB desk officer for the
and benefits of a threshold, is 75 percent institutions having assets of less than FDIC by mail to the Office of
or more of consolidated total assets an $500 million, it is inapplicable to small Information and Regulatory Affairs, U.S.
appropriate threshold? If not, what entities as defined by the SBA. Office of Management and Budget, New
would be an appropriate threshold to Therefore, it is certified that this Executive Office Building, Room 10235,
use for compliance with part 363 at a proposed rule would not have a 725 17th Street, NW., Washington, DC
holding company level? significant economic impact on a 20503 or by fax to (202) 395–6974.
The paperwork burden associated
substantial number of small entities.

V. Solicitation of Comments on Use of with this rule was last reviewed in 2005.
Plain Language VIII. Paperwork Reduction Act At that time, the FDIC estimated the
Section 722 of the Gramm-Leach- This proposed rule would revise a burden of this information collection to
Bliley Act, Pub. L. 106–102, sec. 722, collection of information that has been be 65,612 hours for FDIC-supervised
113 Stat. 1338, 1471 (Nov. 12, 1999), reviewed and approved by the Office of institutions. Before giving effect to the
requires the federal banking agencies to Management and Budget (OMB) under proposed amendments, the estimated
burden would be 79,721 hours, an days before an accountant or accounting or any mid-tier holding company if the
adjustment of 14,109 hours attributable firm accepts an engagement to provide insured depository institution meets the
to an increase in the number of FDIC- audit services, whichever date is earlier. criterion specified in § 363.1(b)(1) and
supervised institutions subject to part The written notice must be filed by the if:
363. If the revisions in this proposed independent public accountant or (i) The services and functions
rule are implemented, the resulting accounting firm with the FDIC, comparable to those required of the
estimated reporting burden for the Accounting and Securities Disclosure insured depository institution by this
collection of information would be Section, 550 17th Street, NW., part are provided at the holding
83,599 hours, a program increase of Washington, DC 20429. company level; and
3,878 hours over the adjusted burden of 3. Revise part 363 to read as follows: (ii) The insured depository institution
79,721 hours. The most significant has as of the beginning of its fiscal year:
component of the increase is PART 363—ANNUAL INDEPENDENT (A) Total assets of less than $5 billion;
attributable to the proposed revised AUDITS AND REPORTING or
requirements related to audit committee REQUIREMENTS (B) Total assets of $5 billion or more
composition. and a composite CAMELS rating of 1 or
Sec.
Number of Respondents: 5,230. 363.0 OMB control number.
2.
Total Annual Responses: 16,231. 363.1 Scope and definitions. (3) The appropriate federal banking
Total Annual Burden Hours: 83,599. 363.2 Annual reporting requirements. agency may revoke the exception in
363.3 Independent public accountant. paragraph (b)(2) of this section for any
List of Subjects institution with total assets in excess of
363.4 Filing and notice requirements.
12 CFR Part 308 363.5 Audit committees. $9 billion for any period of time during
Appendix A to Part 363—Guidelines and which the appropriate federal banking
Administrative practice and Interpretations agency determines that the institution’s
procedure, Bank deposit insurance, Appendix B to Part 363—Illustrative exemption would create a significant
Banks, banking, Claims, Crime, Equal Management Reports
risk to the Deposit Insurance Fund.
access to justice, Investigations, Authority: 12 U.S.C. 1831m. (c) Financial reporting. For purposes
Lawyers, Penalties, State nonmember
of the management report requirement
banks. § 363.0 OMB control number.
of § 363.2(b) and the internal control
12 CFR Part 363 The information collection reporting requirement of § 363.3(b),
requirements in this part have been ‘‘financial reporting’’ includes both
Accounting, Administrative practice approved by the Office of Management
and procedure, Banks, banking, financial statements prepared in
and Budget under OMB control number accordance with generally accepted
Reporting and recordkeeping 3064–0113.
requirements. accounting principles and those
§ 363.1 Scope and definitions. prepared for regulatory reporting
For the reasons set forth in the purposes.
preamble, the Board of Directors of the (a) Applicability. This part applies to
(d) Definitions. For purposes of this
FDIC proposes to amend title 12, any insured depository institution with
part, the following definitions apply:
chapter III, of the Code of Federal respect to any fiscal year in which its (1) AICPA means the American
Regulations as follows: consolidated total assets at the Institute of Certified Public
beginning of such fiscal year are $500 Accountants.
PART 308—RULES OF PRACTICE AND million or more. The requirements (2) GAAP means generally accepted
PROCEDURE specified in this part are in addition to accounting principles.
any other statutory and regulatory (3) PCAOB means the Public
1. The authority citation for part 308
requirements otherwise applicable to an Company Accounting Oversight Board.
continues to read as follows:
insured depository institution. (4) Public company means an insured
Authority: 5 U.S.C. 504, 554–557; 12 (b) Compliance by subsidiaries of
U.S.C. 93(b), 164, 505, 1815(e), 1817, 1818, depository institution or other company
holding companies. (1) The audited that has a class of securities registered
1820, 1828, 1829, 1829b, 1831i, 1831m(g)(4), financial statements requirement of
1831o, 1831p–1, 1832(c), 1884(b), 1972, with the U.S. Securities and Exchange
3102, 3108(a), 3349, 3909, 4717; 15 U.S.C.
§ 363.2(a) for any fiscal year may be Commission or the appropriate federal
78(h) and (i), 78o–4(c), 78o–5, 78q–1, 78s, satisfied for an insured depository banking agency under Section 12 of the
78u, 78u–2, 78u–3 and 78w, 6801(b), institution that is a subsidiary of a Securities Exchange Act of 1934.
6805(b)(1); 28 U.S.C. 2461 note; 31 U.S.C. holding company by audited (5) SEC means the U.S. Securities and
330, 5321; 42 U.S.C. 4012a; Sec. 3100(s), Pub. consolidated financial statements of the Exchange Commission.
L. 104–134, 110 Stat. 1321–358. top-tier or any mid-tier holding (6) SOX means the Sarbanes-Oxley
company provided that the consolidated Act of 2002.
Subpart U—Removal, Suspension, and total assets of the insured depository
Debarment of Accountants From institution (or the consolidated total § 363.2 Annual reporting requirements.
Performing Audit Services assets of all insured depository (a) Audited financial statements. Each
2. Revise § 308.604(c) to read as institutions, regardless of size, if the insured depository institution shall
follows: holding company owns or controls more prepare annual financial statements in
than one insured depository institution) accordance with GAAP, which shall be
§ 308.604 Notice of removal, suspension, comprise 75 percent or more of the audited by an independent public
or debarment. consolidated total assets of the holding accountant. The annual financial
* * * * * company at the beginning of its fiscal statements must reflect all material
(c) Timing and place of notice. year. correcting adjustments identified by the
Written notice required by this (2) The other requirements of this part independent public accountant.
paragraph shall be given no later than for an insured depository institution (b) Management report. Each insured
15 calendar days following the effective that is a subsidiary of a holding depository institution annually shall
date of an order or action, or 15 calendar company may be satisfied by the top-tier prepare, as of the end of the institution’s
most recent fiscal year, a management (c) Management report signatures. institution’s fiscal year, the independent
report that must contain the following: Subject to the criteria specified in public accountant who audits the
(1) A statement of management’s § 363.1(b): institution’s financial statements shall
responsibilities for preparing the (1) If the audited financial statements examine, attest to, and report separately
institution’s annual financial requirement specified in § 363.2(a) is on, the assertion of management
statements, for establishing and satisfied at the insured depository concerning the effectiveness of the
maintaining an adequate internal institution level and the management institution’s internal control structure
control structure and procedures for report requirement specified in and procedures for financial reporting.
financial reporting, and for complying § 363.2(b) is satisfied in its entirety at The attestation and report shall be made
with laws and regulations relating to the insured depository institution level, in accordance with generally accepted
safety and soundness that are the management report must be signed standards for attestation engagements or
designated by the FDIC and the by the chief executive officer and the the PCAOB’s auditing standards, if
appropriate federal banking agency; chief accounting officer or chief applicable. The accountant’s report
financial officer of the insured must not be dated prior to the date of
(2) An assessment by management of depository institution; the management report and
the insured depository institution’s (2) If the audited financial statements management’s assessment of the
compliance with such laws and requirement specified in § 363.2(a) is effectiveness of internal control over
regulations during such fiscal year. The satisfied at the holding company level financial reporting. The accountant’s
assessment must state management’s and the management report requirement report must include the following:
conclusion as to whether the insured specified in § 363.2(b) is satisfied in its
depository institution has complied (1) A statement identifying the
entirety at the holding company level, internal control framework used by the
with the designated safety and the management report must be signed
soundness laws and regulations during independent public accountant, which
by the chief executive officer and the must be the same as the internal control
the fiscal year and disclose any chief accounting officer or chief
noncompliance with these laws and framework used by management, to
financial officer of the holding evaluate the effectiveness of the insured
regulations; and company; and depository institution’s internal control
(3) For an insured depository (3) If the audited financial statements
over financial reporting;
institution with consolidated total assets requirement specified in § 363.2(a) is
of $1 billion or more at the beginning of satisfied at the holding company level (2) A statement that the independent
such fiscal year, an assessment by and: public accountant’s evaluation included
management of the effectiveness of such (i) The management report controls over the preparation of
internal control structure and requirement specified in § 363.2(b) is regulatory financial statements in
procedures as of the end of such fiscal satisfied in its entirety at the insured accordance with regulatory reporting
year that must include the following: depository institution level; or instructions including identification of
(ii) One or more of the components of such regulatory reporting instructions;
(i) A statement identifying the
the management report specified in and
internal control framework 1 used by
management to evaluate the § 363.2(b) is satisfied at the holding (3) A statement expressing the
effectiveness of the insured depository company level and the remaining independent public accountant’s
institution’s internal control over components of the management report conclusion as to whether the insured
financial reporting; are satisfied at the insured depository depository institution’s internal control
institution level, the management report over financial reporting is effective. The
(ii) A statement that the assessment must be signed by the chief executive report must disclose all material
included controls over the preparation officers and the chief accounting officers weaknesses in internal control over
of regulatory financial statements in or chief financial officers of both the financial reporting that the independent
accordance with regulatory reporting holding company and the insured public accountant has identified. The
instructions including identification of depository institution and the independent public accountant is
such regulatory reporting instructions; management report must clearly precluded from concluding that the
and indicate the level (institution or holding insured depository institution’s internal
(iii) A statement expressing company) at which each of its control over financial reporting is
management’s conclusion as to whether components is being satisfied. effective if there are one or more
the insured depository institution’s material weaknesses.
internal control over financial reporting § 363.3 Independent public accountant.
(a) Annual audit of financial (c) Notice by accountant of
is effective. Management must disclose
statements. Each insured depository termination of services. An independent
all material weaknesses in internal
institution shall engage an independent public accountant performing an audit
control over financial reporting, if any,
public accountant to audit and report on under this part who ceases to be the
that it has identified. Management is
its annual financial statements in accountant for an insured depository
precluded from concluding that the
accordance with GAAP and section 37 institution shall notify the FDIC and the
insured depository institution’s internal
of the Federal Deposit Insurance Act (12 appropriate federal banking agency in
control over financial reporting is
U.S.C. 1831n). The scope of the audit writing of such termination within 15
effective if there are one or more
engagement shall be sufficient to permit days after the occurrence of such event,
material weaknesses.
such accountant to determine and report and set forth in reasonable detail the
whether the financial statements are reasons for such termination. The
1 In the United States, the Committee of
Sponsoring Organizations (COSO) of the Treadway presented fairly and in accordance with written notice shall be filed at the place
Commission has published Internal Control— GAAP. identified in § 363.4(f).
Integrated Framework, including an addendum on (b) Internal control over financial (d) Communications with audit
safeguarding assets. Known as the COSO report,
this publication provides a suitable and available
reporting. For each insured depository committee. The independent public
framework for purposes of management’s institution with total assets of $1 billion accountant must report the following on
assessment. or more at the beginning of the a timely basis to the audit committee:
(1) All critical accounting policies accountant’s report thereon, a (ii) Any written communication of
used by the insured depository management report, and, if applicable, significant deficiencies and material
institution, the independent public accountant’s weaknesses in internal control required
(2) Alternative accounting treatments attestation report on management’s by the AICPA’s or the PCAOB’s auditing
the independent public accountant has assessment concerning the institution’s standards;
discussed with management, and internal control structure and (iii) For institutions with total assets
(3) Other written communications the procedures for financial reporting as of less than $1 billion as of the
independent public accountant has required by §§ 363.2(a), 363.3(a), beginning of their fiscal year that are
provided to management, such as a 363.2(b), and 363.3(b), respectively. public companies or subsidiaries of
management letter or schedule of (2) Subject to the criteria specified in public companies that meet the criterion
unadjusted differences. § 363.1(b), each insured depository specified in § 363.1(b)(1), any
(e) Retention of working papers. The institution with consolidated total assets independent public accountant’s report
independent public accountant must of less than $1 billion as of the on the audit of internal control over
retain the working papers related to the beginning of its fiscal year that is financial reporting required by section
audit of the insured depository required to file, or whose parent holding 404 of SOX and the PCAOB’s auditing
institution’s financial statements and, if company is required to file, standards; and
applicable, the evaluation of the management’s assessment of the (iv) For all institutions that are public
institution’s internal control over effectiveness of internal control over companies or subsidiaries of public
financial reporting for seven years, financial reporting with the SEC or the companies that meet the criterion
unless a longer period of time is appropriate federal banking agency in specified in § 363.1(b)(1), any
required by law. accordance with section 404 of SOX independent public accountant’s
(f) Independence. The independent must submit a copy of such assessment written communication of all
public accountant must comply with the to the FDIC, the appropriate federal deficiencies in internal control over
independence standards and banking agency, and any appropriate financial reporting that are of a lesser
interpretations of the AICPA, the SEC, state bank supervisor with its Part 363 magnitude than significant deficiencies
and the PCAOB. Annual Report as additional required by the PCAOB’s auditing
(g) Peer reviews. (1) Prior to information. This assessment will not be standards.
commencing any services for an insured considered part of the institution’s Part (2) Each insured depository
depository institution under this part, 363 Annual Report. institution shall file with the FDIC, the
the independent public accountant must (3) (i) Each insured depository appropriate federal banking agency, and
have received a peer review, or be institution that is neither a public any appropriate state bank supervisor, a
enrolled in a peer review program, that company nor a subsidiary of a public copy of any audit engagement letter,
meets acceptable guidelines. Acceptable company that meets the criterion including any related agreements and
peer reviews include peer reviews specified in § 363.1(b)(1) shall file its amendments, within 15 days of
performed in accordance with the Part 363 Annual Report within 120 days acceptance by the institution.
AICPA’s Peer Review Standards and after the end of its fiscal year. (d) Notice of engagement or change of
inspections conducted by the PCAOB. (ii) Each insured depository accountants. Each insured depository
(2) Within 15 days of receiving institution that is a public company or institution shall provide, within 15 days
notification that a peer review has been a subsidiary of public company that after the occurrence of any such event,
accepted or a PCAOB inspection report meets the criterion specified in written notice to the FDIC, the
has been issued, or before commencing § 363.1(b)(1) shall file its Part 363 appropriate federal banking agency, and
any audit under this part, whichever is Annual Report within 90 days after the any appropriate state bank supervisor of
earlier, the independent public end of its fiscal year. the engagement of an independent
accountant must file two copies of the (b) Public availability. The annual public accountant, or the resignation or
most recent peer review report and the report in paragraph (a)(1) of this section dismissal of the independent public
most recent PCAOB inspection report, if shall be available for public inspection. accountant previously engaged. The
any, accompanied by any letters of (c) Independent public accountant’s notice shall include a statement of the
comments, response, and acceptance, letters and reports. (1) Except for the reasons for any such resignation or
with the FDIC, Accounting and independent public accountant’s reports dismissal in reasonable detail.
Securities Disclosure Section, 550 17th that are included in its Part 363 Annual (e) Notification of late filing. No
Street NW., Washington, DC 20429, if Report, each insured depository extensions of time for filing reports
the report has not already been filed. institution shall file with the FDIC, the required by § 363.4 shall be granted. An
Except for the portions of any peer appropriate federal banking agency, and insured depository institution that is
review report and inspection report any appropriate state bank supervisor, a unable to timely file all or any portion
determined to be nonpublic by the copy of any management letter or other of its Part 363 Annual Report or any
AICPA and the PCAOB, respectively, report issued by its independent public other report or notice required by
the report will be made available for accountant with respect to such § 363.4 shall submit a written notice of
public inspection by the FDIC. institution and the services provided by late filing to the FDIC, the appropriate
such accountant pursuant to this part federal banking agency, and any
§ 363.4 Filing and notice requirements. within 15 days after receipt. Such appropriate state bank supervisor. The
(a) Part 363 Annual Report. (1) Each reports include, but are not limited to: notice shall disclose the institution’s
insured depository institution shall file (i) Any written communication inability to timely file all or specified
with each of the FDIC, the appropriate regarding matters that are required to be portions of its Part 363 Annual Report
federal banking agency, and any communicated to the audit committee or any other report or notice and the
appropriate state bank supervisor, two (for example, critical accounting reasons therefore in reasonable detail.
copies of its Part 363 Annual Report. A policies, alternative accounting The late filing notice shall also state the
Part 363 Annual Report must contain treatments discussed with management, date when the report or notice will be
audited comparative annual financial and any schedule of unadjusted filed. The written notice shall be filed
statements, the independent public differences), on or before the deadline for filing the
Part 363 Annual Report or any other who are independent of management, if 4A. Financial Reporting
report or notice, as appropriate. the agency determines that the Annual Reporting Requirements (§ 363.2)
(f) Place for filing. The Part 363 institution has encountered hardships
5. Annual Financial Statements
Annual Report, any written notification in retaining and recruiting a sufficient 5A. Institutions Merged out of Existence
of late filing, and any other report or number of competent outside directors 6. Holding Company Statements
notice required by § 363.4 should be to serve on the audit committee of the 7. Insured Branches of Foreign Banks
filed as follows: institution. 8. Management Report
(1) FDIC: Appropriate FDIC Regional (3) An outside director is a director 8A. Management’s Assessment of the
or Area Office (Division of Supervision who is not, and within the preceding Effectiveness of Internal Control over
and Consumer Protection), i.e., the FDIC fiscal year has not been, an officer or Financial Reporting
regional or area office in the FDIC region 8B. Internal Control Reports for Acquired
employee of the institution or any Businesses
or area that is responsible for affiliate of the institution. 9. Safeguarding of Assets
monitoring the institution or, in the case (b) Committees of large institutions. 10. Standards for Internal Control
of a subsidiary institution of a holding The audit committee of any insured 11. Service Organizations
company, the consolidated company. A depository institution that has total 12. Compliance with Laws and Regulations
filing made on behalf of several covered assets of more than $3 billion, measured Role of Independent Public Accountant
institutions owned by the same parent as of the beginning of each fiscal year, (§ 363.3)
holding company should be shall include members with banking or 13. General Qualifications
accompanied by a transmittal letter related financial management expertise, 14. Reserved
identifying all of the institutions have access to its own outside counsel, 15. Peer Review Guidelines
covered. and not include any large customers of 16. Reserved
(2) Office of the Comptroller of the the institution. If a large institution is a 17. Information to be Provided to the
Currency (OCC): Appropriate OCC subsidiary of a holding company and Independent Public Accountant
Supervisory Office. relies on the audit committee of the 18. Attestation Report and Management
(3) Federal Reserve: Appropriate Letter
holding company to comply with this 19. Reviews with Audit Committee and
Federal Reserve Bank. rule, the holding company’s audit
(4) Office of Thrift Supervision (OTS): Management
committee shall not include any 20. Notice of Termination
Appropriate OTS District Office. members who are large customers of the 21. Reliance on Internal Auditors
(5) State bank supervisor: The filing subsidiary institution.
office of the appropriate state bank Filing and Notice Requirements (§ 363.4)
(c) Independent public accountant
supervisor. engagement letters. (1) In performing its 22. Reserved
23. Notification of Late Filing
§ 363.5 Audit committees. duties with respect to the appointment 24. Public Availability
(a) Composition and duties. Each of the institution’s independent public 25. Reserved
insured depository institution shall accountant, the audit committee shall 26. Notices Concerning Accountants
establish an audit committee of its board ensure that engagement letters and any
Audit Committees (§ 363.5)
of directors, the composition of which related agreements with the
independent public accountant for 27. Composition
complies with paragraphs (a)(1), (2), and 28. ‘‘Independent of Management’’
(3) of this section. The duties of the services to be performed under this part
Considerations
audit committee shall include the do not contain any limitation of liability 29. Reserved
appointment, compensation, and provisions that: 30. Holding Company Audit Committees
oversight of the independent public (i) Indemnify the independent public 31. Duties
accountant who performs services accountant against claims made by third 32. Banking or Related Financial
parties; Management Expertise
required under this part, and reviewing 33. Large Customers
with management and the independent (ii) Hold harmless or release the
independent public accountant from 34. Access to Counsel
public accountant the basis for the 35. Transition Period for Forming and
reports issued under this part. liability for claims or potential claims Restructuring Audit Committees
(1) Each insured depository that might be asserted by the client
insured depository institution, other Other
institution with total assets of $1 billion
or more as of the beginning of its fiscal than claims for punitive damages; or 36. Modifications of Guidelines
year shall establish an independent (iii) Limit the remedies available to Introduction
audit committee of its board of the client insured depository institution.
Congress added section 36, ‘‘Early
directors, the members of which shall be (2) Alternative dispute resolution
Identification of Needed Improvements in
outside directors who are independent agreements and jury trial waiver Financial Management’’ (section 36), to the
of management of the institution. provisions are not precluded provided Federal Deposit Insurance Act (FDI Act) in
(2) Each insured depository that they do not incorporate any 1991.
institution with total assets of $500 limitation of liability provisions set The FDIC Board of Directors adopted 12
forth in paragraph (c)(1) of this section. CFR part 363 of its rules and regulations (the
million or more but less than $1 billion Rule) to implement those provisions of
as of the beginning of its fiscal year shall Appendix A to Part 363—Guidelines section 36 that require rulemaking. The FDIC
establish an audit committee of its board and Interpretations also approved these ‘‘Guidelines and
of directors, the members of which shall Interpretations’’ (the Guidelines) and
be outside directors, the majority of Table of Contents directed that they be published with the Rule
whom shall be independent of Introduction to facilitate a better understanding of, and
management of the institution. The full compliance with, the provisions of

Scope of Rule (§ 363.1)
appropriate Federal banking agency section 36.
1. Measuring Total Assets Although not contained in the Rule itself,
may, by order or regulation, permit the 2. Insured Branches of Foreign Banks some of the guidance offered restates or refers
audit committee of such an insured 3. Compliance by Holding Company to statutory requirements of section 36 and is
depository institution to be made up of Subsidiaries therefore mandatory. If that is the case, the
less than a majority of outside directors 4. Comparable Services and Functions statutory provision is cited.
Furthermore, upon adopting the Rule, the must satisfy the remaining provisions of this § 363.1(b)(1)), is not required to file a Part
FDIC reiterated its belief that every insured part on an individual institution basis and 363 Annual Report for the last fiscal year of
depository institution, regardless of its size or maintain its own audit committee. Subject to its existence.
charter, should have an annual audit of its the criteria in §§ 363.1(b)(1) and (2), a multi- 6. Holding Company Statements. Subject to
financial statements performed by an tiered holding company may satisfy all of the the criterion specified in § 363.1(b)(1),
independent public accountant, and should requirements of this part at the top-tier or any subsidiary institutions may file copies of
establish an audit committee comprised mid-tier holding company level. their holding company’s audited financial
entirely of outside directors. 4. Comparable Services and Functions. statements filed with the SEC or prepared for
The following Guidelines reflect the views Services and functions will be considered their FR Y–6 Annual Report under the Bank
of the FDIC concerning the interpretation of ‘‘comparable’’ to those required by this part Holding Company Act of 1956 to satisfy the
section 36. The Guidelines are intended to if the holding company: audited financial statements requirement of
assist insured depository institutions (a) Prepares reports used by the subsidiary § 363.2(a).
(institutions), their boards of directors, and institution to meet the requirements of this 7. Insured Branches of Foreign Banks. An
their advisors, including their independent part; insured branch of a foreign bank should
public accountants and legal counsel, and to (b) Has an audit committee that meets the satisfy the financial statements requirement
clarify section 36 and the Rule. It is requirements of this part appropriate to its by filing one of the following for the two
recognized that reliance on the Guidelines largest subsidiary institution; and preceding fiscal years:
may result in compliance with section 36 and (c) Prepares and submits management’s (a) Audited balance sheets, disclosing
the Rule which may vary from institution to assessment of compliance with the information about financial instruments with
institution. Terms which are not explained in Designated Laws defined in guideline 12 and, off-balance-sheet risk;
the Guidelines have the meanings given them if applicable, management’s assessment of (b) Schedules RAL and L of form FFIEC
in the Rule, the FDI Act, or professional the effectiveness of internal control over 002, prepared and audited on the basis of the
accounting and auditing literature. financial reporting based on information instructions for its preparation; or
concerning the relevant activities and (c) With written approval of the
Scope of Rule (§ 363.1) appropriate federal banking agency,
operations of those subsidiary institutions
1. Measuring Total Assets. To determine within the scope of the Rule. consolidated financial statements of the
whether this part applies, an institution 4A. Financial Reporting. (a) For purposes parent bank.
should use total assets as reported on its most of this part, ‘‘financial reporting’’ includes 8. Management Report. Management
recent Report of Condition (Call Report) or financial statements prepared under GAAP should perform its own investigation and
Thrift Financial Report (TFR), the date of and those prepared for regulatory reporting review of the effectiveness of internal
which coincides with the end of its purposes. Financial statements prepared for controls and compliance with the Designated
preceding fiscal year. If its fiscal year ends regulatory reporting purposes consist of the Laws defined in guideline 12. Management
on a date other than the end of a calendar schedules equivalent to the basic financial also should maintain records of its
quarter, it should use its Call Report or TFR statements that are included in an determinations and assessments until the
for the quarter end immediately preceding institution’s appropriate regulatory report, next federal safety and soundness
the end of its fiscal year. e.g., the bank Consolidated Reports of examination, or such later date as specified
2. Insured Branches of Foreign Banks. Condition and Income (Call Report) and the by the FDIC or appropriate federal banking
Unlike other institutions, insured branches of Thrift Financial Report (TFR). agency. Management should provide in its
foreign banks are not separately incorporated (b) Financial statements prepared for assessment of the effectiveness of internal
or capitalized. To determine whether this regulatory reporting purposes do not include controls, or supplementally, sufficient
part applies, an insured branch should regulatory reports prepared by a non-bank information to enable the accountant to
measure claims on non-related parties subsidiary of a holding company or an report on its assertions. The management
reported on its Report of Assets and institution. For example, if a bank holding report of an insured branch of a foreign bank
Liabilities of U.S. Branches and Agencies of company or an insured depository institution should be signed by the branch’s managing
Foreign Banks (form FFIEC 002). owns an insurance subsidiary, financial official if the branch does not have a chief
3. Compliance by Holding Company statements prepared for regulatory reporting executive or financial officer.
Subsidiaries. Audited consolidated financial purposes would not include any regulatory 8A. Management’s Assessment of the
statements and other reports or notices reports that the insurance subsidiary is Effectiveness of Internal Control over
required by this part that are submitted by a required to submit to its appropriate Financial Reporting. An institution with $1
holding company for any subsidiary insurance regulatory agency. billion or more in total assets as of the
institution should be accompanied by a cover beginning of its fiscal year that is subject to
letter identifying all subsidiary institutions Annual Reporting Requirements (§ 363.2) both part 363 and the SEC’s rules
subject to part 363 that are included in the 5. Annual Financial Statements. Each implementing section 404 of SOX (as well as
holding company’s submission. When institution should prepare comparative a public holding company permitted under
submitting a Part 363 Annual Report, the annual consolidated financial statements the holding company exception in
cover letter should identify all subsidiary (balance sheets and statements of income, § 363.1(b)(2) to file an internal control report
institutions subject to part 363 included in changes in equity capital, and cash flows, on behalf of a subsidiary institution or
the consolidated financial statements and with accompanying footnote disclosures) in institutions with $1 billion or more in total
state whether the other annual report accordance with GAAP for each of its two assets) can choose either of the following two
requirements (i.e., management’s statement most recent fiscal years. Statements for the options for filing management’s report on
of responsibilities, management’s assessment earlier year may be presented on an internal control over financial reporting.
of compliance with designated safety and unaudited basis if the institution was not (i) Management can prepare two separate
soundness laws and regulations, and, if subject to this part for that year and audited reports on the institution’s or the holding
applicable, management’s assessment of the statements were not prepared. company’s internal control over financial
effectiveness of internal control over 5A. Institutions Merged Out of Existence. reporting to satisfy the FDIC’s part 363
financial reporting and the independent An institution that is merged out of existence requirements and the SEC’s section 404
public accountant’s attestation report on after the end of its fiscal year, but before the requirements; or
management’s internal control assessment) deadline for filing its Part 363 Annual Report (ii) Management can prepare a single report
are being satisfied for these institutions at the (120 days after the end of its fiscal year for on internal control over financial reporting
holding company level or at the institution an institution that is neither a public provided that it satisfies all of the FDIC’s part
level. An institution filing holding company company nor a subsidiary of a public 363 requirements and all of the SEC’s section
consolidated financial statements as company that meets the criterion specified in 404 requirements.
permitted by § 363.1(b)(1) also may report on § 363.1(b)(1), and 90 days after the end of its 8B. Internal Control Reports for Acquired
changes in its independent public accountant fiscal year for an institution that is a public Businesses. Generally, the FDIC expects
on a holding company basis. An institution company or a subsidiary of a public company management’s and the related independent
that does not meet the criteria in § 363.1(b)(2) that meets the criterion specified in public accountant’s report on an institution’s
internal control over financial reporting to safeguards, but does require the accountant Role of Independent Public Accountant
include controls at an institution in its to determine whether safeguarding policies (§ 363.3)
entirety, including all of its consolidated exist.2 13. General Qualifications. To provide
entities. However, it may not always be 10. Standards for Internal Control. The audit and attest services to insured
possible for management to conduct an management of each insured depository depository institutions, an independent
assessment of the internal control over institution with $1 billion or more in total public accountant should be registered or
financial reporting of an acquired business in assets as of the beginning of its fiscal year licensed to practice as a public accountant,
the period between the consummation date should base its assessment of the and be in good standing, under the laws of
of the acquisition and the due date of effectiveness of the institution’s internal the state or other political subdivision of the
management’s internal control assessment. United States in which the home office of the
control over financial reporting on a suitable,
(a) In such instances, the acquired institution (or the insured branch of a foreign
business’s internal control structure and recognized control framework established by
a body of experts that followed due-process bank) is located. As required by section
procedures for financial reporting may be 36(g)(3)(A)(i), the accountant must agree to
excluded from management’s assessment procedures, including the broad distribution
of the framework for public comment. In provide copies of any working papers,
report and the accountant’s attestation report policies, and procedures relating to services
on internal control over financial reporting. addition to being available to users of
performed under this part.
However, the FDIC expects management’s management’s reports, a framework is
14. [Reserved.]
assessment report to identify the acquired suitable only when it: 15. Peer Review Guidelines. The following
business, state that the acquired business is • Is free from bias; peer review guidelines are acceptable:
excluded, and indicate the significance of • Permits reasonably consistent qualitative (a) The external peer review should be
this business to the institution’s consolidated and quantitative measurements of an insured conducted by an organization independent of
financial statements. Notwithstanding depository institution’s internal control over the accountant or firm being reviewed, as
management’s exclusion of the acquired financial reporting; frequently as is consistent with professional
business’s internal control from its • Is sufficiently complete so that those accounting practices;
assessment, management should disclose any relevant factors that would alter a conclusion (b) The peer review (other than a PCAOB
material change to the institution’s internal about the effectiveness of an insured inspection) should be generally consistent
control over financial reporting due to the depository institution’s internal control over with AICPA Peer Review Standards; and
acquisition of this business. Also, financial reporting are not omitted; and (c) The review should include, if available,
management may not omit the assessment of • Is relevant to an evaluation of internal at least one audit on an insured depository
the acquired business’s internal control from institution or consolidated depository
control over financial reporting.
more than one annual part 363 assessment institution holding company.
In the United States, Internal Control—
report on internal control over financial 16. [Reserved.]
Integrated Framework, including its
reporting. When the acquired business’s 17. Information to be Provided to the
internal control over financial reporting is addendum on safeguarding assets, which was
Independent Public Accountant. Attention is
excluded from management’s assessment, the published by the Committee of Sponsoring
directed to section 36(h) which requires
independent public accountant may likewise Organizations of the Treadway Commission,
institutions to provide specified information
exclude this acquired business’s internal and is known as the COSO report, provides to their accountants. An institution also
control over financial reporting from the a suitable and recognized framework for should provide its accountant with copies of
accountant’s evaluation of internal control purposes of management’s assessment. Other any notice that the institution’s capital
over financial reporting. suitable frameworks have been published in category is being changed or reclassified
(b) If the acquired business is or has a other countries or may be developed in the under section 38 of the FDI Act, and any
consolidated subsidiary that is an insured future. Such other suitable frameworks may correspondence from the appropriate federal
depository institution subject to part 363 and be used by management and the institution’s banking agency concerning compliance with
the institution is not merged out of existence independent public accountant in this part.
before the deadline for filing its Part 363 assessments, attestations, and audits of 18. Attestation Report and Management
Annual Report (120 days after the end of its internal control over financial reporting. Report. The independent public accountant
fiscal year for an institution that is neither a 11. Service Organizations. Although should provide the institution with any
public company nor a subsidiary of a public service organizations should be considered in management letter and, if applicable, an
company that meets the criterion specified in determining if internal controls are adequate, internal control attestation report (as required
§ 363.1(b)(1), and 90 days after the end of its an institution’s independent public by section 36(c)(1)) at the conclusion of the
fiscal year for an institution that is a public accountant, its management, and its audit audit. The independent public accountant’s
company or a subsidiary of a public company committee should exercise independent attestation report on internal control over
that meets the criterion specified in judgment concerning that determination.
financial reporting must specifically include
§ 363.1(b)(1)), the acquired institution must a statement as to regulatory reporting. If a
Onsite reviews of service organizations may
continue to comply with all of the applicable holding company subsidiary relies on its
not be necessary to prepare the report
requirements of part 363, including filing its holding company management report, the
Part 363 Annual Report. required by the Rule, and the FDIC does not accountant may attest to and report on the
9. Safeguarding of Assets. ‘‘Safeguarding of intend that the Rule establish any such management’s assertions in one report,
assets,’’ as the term relates to internal control requirement. without reporting separately on each
policies and procedures regarding financial 12. Compliance with Laws and subsidiary covered by the Rule. The FDIC has
reporting and which has precedent in Regulations. The designated laws and determined that management letters are
accounting and auditing literature, should be regulations are the federal laws and exempt from public disclosure.
encompassed in the management report and regulations concerning loans to insiders and 19. Reviews with Audit Committee and
the independent public accountant’s the federal and state laws and regulations Management. The independent public
attestation discussed in guideline 18. Testing concerning dividend restrictions (the accountant should meet with the institution’s
the existence of and compliance with Designated Laws). Table 1 to this Appendix audit committee to review the accountant’s
internal controls on the management of A lists the designated federal laws and reports required by this part before they are
assets, including loan underwriting and regulations pertaining to insider loans and filed. It also may be appropriate for the
documentation, represents a reasonable dividend restrictions that are applicable to accountant to review its findings with the
implementation of section 36. The FDIC each type of institution. institution’s board of directors and
expects such internal controls to be management.
encompassed by the assertion in the 2 It is management’s responsibility to establish 20. Notice of Termination. The notice of
management report, but the term policies concerning underwriting and asset termination required by § 363.3(c) should
‘‘safeguarding of assets’’ need not be management and to make credit decisions. The state whether the independent public
specifically stated. The FDIC does not require auditor’s role is to test compliance with accountant agrees with the assertions
the accountant to attest to the adequacy of management’s policies relating to financial report. contained in any notice filed by the
institution under § 363.4(d), and whether the termination of an independent public persons or organizations with which the
institution’s notice discloses all relevant accountant, an institution’s management and director has an affiliation. These
reasons for the accountant’s termination. audit committee should be familiar with the relationships can include, but are not limited
Subject to the criteria specified in notice requirements in § 363.4(d) and to, commercial, banking, consulting,
§ 363.1(b)(1) regarding compliance with the guideline 20, and management should send charitable, and family relationships. The
audited financial statements requirement at a copy of any notice required under board of directors should apply its approved
the holding company level, the independent § 363.4(d) to the independent public set of written criteria for determining
public accountant for an insured depository accountant when it is filed with the FDIC. An whether existing and potential members of
institution that is a public company and files insured depository institution that is a public the audit committee are outside directors and
reports with its appropriate federal banking company and files reports required under the whether they are ‘‘independent of
agency, or is a subsidiary of a public federal securities laws with its appropriate management.’’ To assist boards of directors in
company that files reports with the SEC, may federal banking agency, or is a subsidiary of fulfilling this requirement, paragraphs (a)
submit the letter it furnished to management a public company that files such reports with through (d) of this guideline provide
to be filed with the institution’s or the the SEC, may use its current report (e.g., SEC guidance for determining whether audit
holding company’s current report (e.g., SEC Form 8–K) concerning a change in committee members are ‘‘independent of
Form 8–K) concerning a change in accountant to satisfy the notice requirements management.’’ (a) Notwithstanding the
accountant to satisfy the notice requirements of § 363.4(d) subject to the criterion of criteria set forth in paragraphs (b), (c), and (d)
of § 363.3(c). Alternatively, if the § 363.1(b)(1) regarding compliance with the of this guideline, if an outside director, either
independent public accountant confirms that audited financial statements requirement at directly or indirectly, owns or controls, or
management has filed a current report (e.g., the holding company level. has owned or controlled within the
SEC Form 8–K) concerning a change in preceding fiscal year, 10 percent or more of
accountant that satisfies the notice Audit Committees (§ 363.5) any outstanding class of voting securities of
requirements of § 363.4(d) and includes an 27. Composition. The board of directors of the institution, the outside director will not
independent public accountant’s letter that each institution should determine whether be considered ‘‘independent of
satisfies the requirements of § 363.3(c), the each existing or potential audit committee management.’’
independent public accountant may rely on member meets the requirements of section 36 (b) The following list sets forth additional
the current report (e.g., SEC Form 8–K) filed and this part. To do so, the board of directors criteria, that, at a minimum, a board of
with the FDIC by management concerning a should maintain an approved set of written directors should consider when determining
change in accountant to satisfy the notice criteria for determining whether a director whether an outside director is ‘‘independent
requirements of § 363.3(c). who is to serve on the audit committee is an of management.’’ The board of directors may
21. Reliance on Internal Auditors. Nothing outside director (as defined in § 363.5(a)(3)) conclude that additional criteria are also
in this part or this appendix is intended to and is independent of management. At least relevant to this determination in light of the
preclude the ability of the independent annually, the board of each institution particular circumstances of its institution.
public accountant to rely on the work of an should apply these criteria and determine Accordingly, an outside director will not be
institution’s internal auditor. whether each existing or potential audit considered ‘‘independent of management’’ if:
Filing and Notice Requirements (§ 363.4) committee member is an outside director. In (1) The director serves, or has served
22. [Reserved.] addition, at least annually, the board of an within the last three years, as a consultant,
23. Notification of Late Filing. (a) An institution with $1 billion or more in total advisor, promoter, underwriter, legal
institution’s submission of a written notice of assets at the beginning of its fiscal year counsel, or trustee of or to the institution or
late filing does not cure the requirement to should determine whether all existing and its affiliates.
timely file the Part 363 Annual Report or potential audit committee members are (2) The director has been, within the last
other reports or notices required by § 363.4. ‘‘independent of management of the three years, an employee of the institution or
An institution’s failure to timely file is institution’’ and the board of an institution any of its affiliates or an immediate family
considered an apparent violation of part 363. with total assets of $500 million or more but member is, or has been within the last three
(b) If the late filing notice submitted less than $1 billion as of the beginning of its years, an executive officer of the institution
pursuant to § 363.4(e) relates only to a fiscal year should determine whether the or any of its affiliates.
portion of a Part 363 Annual Report or any majority of all existing and potential audit (3) The director has participated in the
other report or notice, the insured depository committee members are ‘‘independent of preparation of the financial statements of the
institution should file the other components management of the institution.’’ The minutes institution or any of its affiliates at any time
of the report or notice within the prescribed of the board of directors should contain the during the last three years.
filing period together with a cover letter that results of and the basis for its determinations (4) The director has received, or has an
indicates which components of its Part 363 with respect to each existing and potential immediate family member who has received,
Annual Report or other report or notice are audit committee member. Because an insured during any twelve-month period within the
omitted. An institution may combine the branch of a foreign bank does not have a last three years, more than $60,000 in direct
written late filing notice and the cover letter separate board of directors, the FDIC will not or indirect compensation from the institution
into a single notice that is submitted together apply the audit committee requirements to or any of its affiliates other than director and
with the other components of the report or such branch. However, any such branch is committee fees and pension or other forms of
notice that are being timely filed. encouraged to make a reasonable good faith deferred compensation for prior service
24. Public Availability. Each institution’s effort to see that similar duties are performed (provided such compensation is not
Part 363 Annual Report should be available by persons whose experience is generally contingent in any way on continued service).
for public inspection at its main and branch consistent with the Rule’s requirements for Direct compensation also would not include
offices no later than 15 days after it is filed an institution the size of the insured branch. compensation received by the director for
with the FDIC. Alternatively, an institution 28. ‘‘Independent of Management’’ former service as an interim chairman or
may elect to mail one copy of its Part 363 Considerations. It is not possible to interim chief executive officer. Indirect
Annual Report to any person who requests it. anticipate, or explicitly provide for, all compensation includes payments to spouses
The Part 363 Annual Report should remain circumstances that might signal potential and children as well as organizations that
available to the public until the Part 363 conflicts of interest in, or that might bear on, provide financial services to the institution
Annual Report for the next year is available. an outside director’s relationship to an or any of its affiliates in which the director
An institution may use its Part 363 Annual insured depository institution and whether is a partner or principal.
Report under this part to meet the annual the outside director should be deemed (5) The director or an immediate family
disclosure statement required by 12 CFR ‘‘independent of management.’’ When member is a current partner of a firm that
350.3, if the institution satisfies all other assessing an outside director’s relationship performs internal or external auditing
requirements of 12 CFR part 350. with an institution, the board of directors services for the institution or any of its
25. [Reserved.] should consider the issue not merely from affiliates; the director is a current employee
26. Notices Concerning Accountants. With the standpoint of the director himself or of such a firm; the director has an immediate
respect to any selection, change, or herself, but also from the standpoint of family member who is a current employee of
such a firm and who participates in the firm’s part 363 and should perform all the duties of effectiveness of internal control over
audit, assurance, or tax compliance practice; the audit committee of a subsidiary financial reporting, and the resolution of
or the director or an immediate family institution subject to part 363, even if the identified material weaknesses and
member was within the last three years (but holding company directors are not directors significant deficiencies in internal control
no longer is) a partner or employee of such of the institution. over financial reporting, including the
a firm and personally worked on the audit of (b) When an insured depository institution prevention or detection of management
the insured depository institution or any of subsidiary with total assets of $1 billion or override or compromise of the internal
its affiliates within that time. more as of the beginning of its fiscal year control system;
(6) The director or an immediate family does not meet the requirements for the (c) Reviewing with management the
member is, or has been within the last three holding company exception specified in institution’s compliance with the designated
years, employed as an executive officer of §§ 363.1(b)(1) and (2) or maintains its own laws and regulations identified in guideline
another entity where any of the present separate audit committee to satisfy the 12;
executive officers of the institution or any of requirements of this part, the members of the (d) Discussing with management and the
its affiliates at the same time serves or served audit committee of the top-tier or any mid- independent public accountant any
on that entity’s compensation committee. tier holding company may serve on the audit significant disagreements between
(7) The director is a current employee, or committee of the subsidiary institution if management and the independent public
an immediate family member is a current they are otherwise independent of accountant; and
executive officer, of an entity that has made management of the subsidiary institution, (e) Overseeing the internal audit function.
payments to, or received payments from, the and, if applicable, meet any other 32. Banking or Related Financial
institution or any of its affiliates for property requirements for a large subsidiary Management Expertise. At least two members
or services in an amount which, in any of the institution covered by this part. of the audit committee of a large institution
last three fiscal years, exceeds the greater of (c) When an insured depository institution shall have ‘‘banking or related financial
$200 thousand, or 5 percent of such entity’s with total assets of $500 million or more but management expertise’’ as required by
consolidated gross revenues. This would less than $1 billion as of the beginning of its section 36(g)(1)(C)(i). This determination is to
include payments made by the institution or fiscal year does not meet the requirements for be made by the board of directors of the
any of its affiliates to not-for-profit entities the holding company exception specified in insured depository institution. A person will
where the director is an executive officer or §§ 363.1(b)(1) and (2) or maintains its own be considered to have such required
where an immediate family member of the separate audit committee to satisfy the expertise if the person has significant
director is an executive officer. requirements of this part, the members of the executive, professional, educational, or
(8) For purposes of paragraph (b) of this audit committee of the top-tier or any mid- regulatory experience in financial, auditing,
guideline, the following definitions apply: tier holding company may serve on the audit accounting, or banking matters as determined
committee of the subsidiary institution by the board of directors. Significant
(i) An ‘‘immediate family member’’
provided a majority of its audit committee experience as an officer or member of the
includes a person’s spouse, parents, children,
members are independent of management of board of directors or audit committee of a
siblings, mothers and fathers-in-law, sons
the subsidiary institution. financial services company would satisfy
and daughters-in-law, brothers and sisters-in-
(d) Officers and employees of a top-tier or these criteria.
law, and anyone (other than domestic
any mid-tier holding company may not serve 33. Large Customers. Any individual or
employees) who shares such person’s home. on the audit committee of its subsidiary entity (including a controlling person of any
(ii) The term affiliate of, or a person institutions. such entity) which, in the determination of
affiliated with, a specified person, means a 31. Duties. The audit committee should the board of directors, has such significant
person or entity that directly, or indirectly perform all duties determined by the direct or indirect credit or other relationships
through one or more intermediaries, controls, institution’s board of directors, and it should with the institution, the termination of which
or is controlled by, or is under common maintain minutes and other relevant records likely would materially and adversely affect
control with, the person specified. of its meetings and decisions. The duties of the institution’s financial condition or results
(c) An insured depository institution that the audit committee should be appropriate to of operations, should be considered a ‘‘large
is a public company and a listed issuer (as the size of the institution and the complexity customer’’ for purposes of § 363.5(b).
defined in Rule 10A–3 of the Securities of its operations, and, at a minimum, should 34. Access to Counsel. The audit
Exchange Act of 1934 (Exchange Act)), or is include the appointment, compensation, and committee should be able to retain counsel
a subsidiary of a public company that meets oversight of the independent public at its discretion without prior permission of
the criterion specified in § 363.1(b)(1) and is accountant; reviewing with management and the institution’s board of directors or its
a listed issuer, may use the definition of the independent public accountant the basis management. Section 36 does not preclude
audit committee member independence set for their respective reports issued under advice from the institution’s internal counsel
forth in the listing standards applicable to the §§ 363.2(a) and (b) and §§ 363.3(a) and (b); or regular outside counsel. It also does not
public institution or its public company reviewing and satisfying itself as to the require retaining or consulting counsel, but if
parent. independent public accountant’s compliance the committee elects to do either, it also may
(d) All other insured depository with the required qualifications for elect to consider issues affecting the
institutions may use the definition of audit independent public accountants set forth in counsel’s independence. Such issues would
committee member independence set forth in §§ 363.3(f) and (g) and guidelines 13 include whether to retain or consult only
the listing standards of a national securities through16; ensuring that audit engagement counsel not concurrently representing the
exchange that is registered with the SEC letters comply with the provisions of institution or any affiliate, and whether to
pursuant to section 6 of the Exchange Act or § 363.5(c) before engaging an independent place limitations on any counsel representing
a national securities association that is public accountant; being familiar with the the institution concerning matters in which
registered with the SEC pursuant to section notice requirements in § 363.4(d) and such counsel previously participated
15A(a) of the Exchange Act. guideline 20 regarding the selection, change, personally and substantially as outside
29. [Reserved.] or termination of an independent public counsel to the committee.
30. Holding Company Audit Committees. accountant; and ensuring that management 35. Transition Period for Forming and
(a) When an insured depository institution sends a copy of any notice required under Restructuring Audit Committees.
satisfies the requirements for the holding § 363.4(d) to the independent public (a) When an insured depository
company exception specified in accountant when it is filed with the FDIC. institution’s total assets at the beginning of
§§ 363.1(b)(1) and (2), the audit committee Appropriate additional duties could include: its fiscal year are $500 million or more for
requirement of this part may be satisfied by (a) Reviewing with management and the the first time and it thereby becomes subject
the audit committee of the top-tier or any independent public accountant the scope of to part 363, no regulatory action will be taken
mid-tier holding company. Members of the services required by the audit, significant if the institution forms or restructures its
audit committee of the holding company accounting policies, and audit conclusions audit committee to comply with § 363.5(a)(2)
should meet all the membership regarding significant accounting estimates; by the end of that fiscal year.
requirements applicable to the largest (b) Reviewing with management and the (b) When an insured depository
subsidiary depository institution subject to accountant their assessments of the institution’s total assets at the beginning of
its fiscal year are $1 billion or more for the if the institution forms or restructures its authority to make and publish in the Federal
first time, no regulatory action will be taken audit committee to comply with § 363.5(b) by Register minor technical amendments to the
if the institution forms or restructures its the end of that fiscal year, provided that the Guidelines in this appendix, in consultation
audit committee to comply with § 363.5(a)(1) composition of its audit committee meets the with the other appropriate federal banking
by the end of that fiscal year, provided that requirements specified in § 363.5(a)(1) at the agencies, to reflect the practical experience
the composition of its audit committee meets beginning of that fiscal year, if such gained from implementation of this part. It is
the requirements specified in § 363.5(a)(2) at requirements were applicable.
the beginning of that fiscal year, if such not anticipated any such modification would
requirements were applicable. Other be effective until affected institutions have
(c) When an insured depository 36. Modifications of Guidelines. The been given reasonable advance notice of the
institution’s total assets at the beginning of FDIC’s Board of Directors has delegated to modification. Any material modification or
its fiscal year are $3 billion or more for the the Director of the FDIC’s Division of amendment will be subject to review and
first time, no regulatory action will be taken Supervision and Consumer Protection approval of the FDIC Board of Directors.
TABLE 1 TO APPENDIX A
Designated Federal Laws and Regulations Applicable to
State State
National Savings
ember non-mem-
banks associations
banks ber banks
Insider Loans—Parts and/or Sections of Title 12 of the United States Code
375a .................................... Loans to Executive Officers of Banks ............................ √ √ (A) (A)

375b .................................... Extensions of Credit to Executive Officers, Directors, √ √ (A) (A)
and Principal Shareholders of Banks.
1468(b) ............................... Extensions of Credit to Executive Officers, Directors, .................... .................... .................... √
and Principal Shareholders.
1828(j)(2) ............................ Extensions of Credit to Officers, Directors, and Prin- .................... .................... √ ....................
cipal Shareholders.
1828(j)(3)(B) ....................... Extensions of Credit to Officers, Directors, and Prin- (B) .................... (C) ....................
cipal Shareholders.
Parts and/or Sections of Title 12 of the Code of Federal Regulations
31 ........................................ Extensions of Credit to Insiders ..................................... √ .................... .................... ....................

32 ........................................ Lending Limits ................................................................. √
215 ...................................... Loans to Executive Officers, Directors, and Principal √ √ (D) (E)
Shareholders of Member Banks.
337.3 ................................... Limits on Extensions of Credit to Executive Officers, Di- .................... .................... √ ....................
rectors, and Principal Shareholders of Insured Non-
member Banks.
563.43 ................................. Loans by Savings Associations to Their Executive Offi- .................... .................... .................... √
cers, Directors, and Principal Shareholders.
Dividend Restrictions—Parts and/or Sections of Title 12 of the United States Code
56 ........................................ Prohibition on Withdrawal of Capital and Unearned √ √ .................... ....................

Dividends.
60 ........................................ Dividends and Surplus Fund .......................................... √ √ .................... ....................
1467a(f) .............................. Declaration of Dividend .................................................. .................... .................... .................... √
1831o(d)(1) ......................... Prompt Corrective Action—Capital Distributions Re- √ √ √ √
stricted.
Parts and/or Sections of Title 12 of the Code of Federal Regulations
5 Subpart E ........................ Payment of Dividends ..................................................... √ .................... .................... ....................

6.6 ....................................... Prompt Corrective Action—Restrictions on Under- √ .................... .................... ....................
capitalized Institutions.
208.5 ................................... Dividends and Other Distributions .................................. .................... √ .................... ....................
208.45 ................................. Prompt Corrective Action—Restrictions on Under- .................... √ .................... ....................
325.105 ............................... Prompt Corrective Action—Restrictions on Under- .................... .................... √ ....................
563 Subpart E .................... Capital Distributions ........................................................ .................... .................... .................... √
565.6 ................................... Prompt Corrective Action—Restrictions on Under- .................... .................... .................... √
A. Subsections (g) and (h) of section 22 of the Federal Reserve Act [12 U.S.C. 375a, 375b].
B. Applies only to insured federal branches of foreign banks.
C. Applies only to insured state branches of foreign banks.

D. See 12 CFR 337.3.
E. See 12 CFR 563.43.
Appendix B to Part 363—Illustrative effectiveness of internal control over companies have had management’s
Management Reports financial reporting (if applicable) at the assessment and the accountant’s attestation
insured depository institution level. cover the schedules equivalent to the basic
Table of Contents (ii) An institution that is a subsidiary of a financial statements that are included in the
1. General holding company may satisfy the appropriate regulatory report, e.g., Call
2. Reporting Scenarios for Institutions that requirements for audited financial Report and the TFR, of each subsidiary
are Holding Company Subsidiaries statements, management’s statement of institution subject to part 363. Other holding
3. Illustrative Management Report— responsibilities, management’s assessment of companies have had management’s
Statement of Management’s the institution’s compliance with laws and assessment and the accountant’s attestation
Responsibilities regulations, management’s assessment of the cover the schedules equivalent to the basic
4. Illustrative Management Report— effectiveness of internal control over financial statements that are included in the
Management’s Assessment of Compliance financial reporting (if applicable), and the holding company’s year-end regulatory
with Laws and Regulations independent public accountant’s attestation report (FR Y–9C report) to the Federal
5. Illustrative Management Report— on management’s assertion as to the Reserve Board.
Management’s Assessment of Internal effectiveness of internal control over 3. Illustrative Management Report—
Control Over Financial Reporting financial reporting (if applicable) at the Statement of Management’s Responsibilities.
6. Illustrative Management Report— holding company level. The following illustrative statements of
Combined Statement of Management’s (iii) An institution that is a subsidiary of management’s responsibilities satisfy the
Responsibilities, Management’s a holding company may satisfy the requirements of § 363.2(b)(1).
Assessment of Compliance with Laws and requirement for audited financial statements (a) Statement Made at Insured Depository
Regulations, and Management’s at the holding company level and may satisfy Institution Level
Assessment of the Effectiveness of Internal the requirements for management’s statement To: The Board of Directors and Audit
Control Over Financial Reporting of responsibilities, management’s assessment Committee, ABC Depository Institution
7. Illustrative Cover Letter—Compliance by of the institution’s compliance with laws and Re: Statement of Management’s
Holding Company Subsidiaries regulations, management’s assessment of the Responsibilities
1. General. The reporting scenarios, effectiveness of internal control over The management of ABC Depository
illustrative management reports, and the financial reporting (if applicable), and the Institution (the ‘‘Institution’’) is responsible
cover letter (when complying at the holding independent public accountant’s attestation for preparing the Institution’s annual
company level) in Appendix B to part 363 are on management’s assertion as to the financial statements in accordance with
intended to assist managements of insured effectiveness of internal control over generally accepted accounting principles; for
depository institutions in complying with the financial reporting (if applicable) at the establishing and maintaining an adequate
annual reporting requirements of § 363.2 and insured depository institution level. internal control structure and procedures for
guideline 3, Compliance by Holding (iv) An institution that is a subsidiary of a financial reporting, including controls over
Company Subsidiaries, of Appendix A to part holding company may satisfy the the preparation of regulatory financial
363. However, use of the wording in the requirements for audited financial statements in accordance with the
illustrative management reports and cover statements, management’s statement of instructions for regulatory reporting [specify
letter is not required. The managements of responsibilities, and management’s the regulatory reporting instructions]; and for
insured depository institutions are assessment of the institution’s compliance complying with laws and regulations relating
encouraged to tailor their management with laws and regulations at the insured to safety and soundness that are designated
reports and cover letters to fit their particular depository institution level and may satisfy by the FDIC and the appropriate federal
circumstances and avoid the use of the requirements for the assessment by banking agency [specify the appropriate
‘‘boilerplate’’ language. Terms that are not management of the effectiveness of internal federal banking agency, if applicable].
explained in Appendix B have the meanings control over financial reporting (if ABC Depository Institution
given them in part 363, the FDI Act, or applicable), and the independent public lllllllllllllllllllll
professional accounting and auditing accountant’s attestation on management’s John Doe, Chief Executive Officer
literature. Instructions to the preparer of the assertion as to the effectiveness of internal Date: llllllllllllllllll
management reports are shown in brackets control over financial reporting (if lllllllllllllllllllll
within the illustrative reports. applicable) at the holding company level. Jane Doe, Chief Financial Officer
2. Reporting Scenarios for Institutions that (b) For an institution with total assets of $1 Date: llllllllllllllllll
are Holding Company Subsidiaries. (a) billion or more as of the beginning of its (b) Statement Made at Holding Company
Subject to the criteria specified in § 363.1(b), fiscal year, the assessment by management of Level
an insured depository institution that is a the effectiveness of internal control over To: The Board of Directors and Audit
subsidiary of a holding company has financial reporting and the independent Committee BCD Holding Company
flexibility in satisfying the reporting public accountant’s attestation on Re: Statement of Management’s
requirements of part 363. When reporting at management’s assertion as to the Responsibilities
the holding company level, the management effectiveness of internal control over The management of BCD Holding
report should identify those subsidiary financial reporting (if applicable) must both Company (the ‘‘Company’’) is responsible for
institutions that are subject to part 363 and be performed at the same level, i.e., either at preparing the Company’s annual financial
the extent to which they are included in the the insured depository institution level or at statements in accordance with generally
scope of the management report. The the holding company level. accepted accounting principles; for
following reporting scenarios reflect how an (c) Financial statements prepared for establishing and maintaining an adequate
insured depository institution that meets the regulatory reporting purposes encompass the internal control structure and procedures for
criteria set forth in § 363.1(b) could satisfy schedules equivalent to the basic financial financial reporting, including controls over
the annual reporting requirements of § 363.2. statements in an institution’s appropriate the preparation of regulatory financial
Other reporting scenarios are possible. regulatory report, e.g., the bank Consolidated statements in accordance with the
(i) An institution that is a subsidiary of a Reports of Condition and Income (Call instructions for regulatory reporting [specify
holding company may satisfy the Report) and the Thrift Financial Report the regulatory reporting instructions]; and for
requirements for audited financial (TFR). When internal control assessments complying with laws and regulations relating
statements, management’s statement of and attestations are performed at the holding to safety and soundness that are designated
responsibilities, management’s assessment of company level, the FDIC believes that by the FDIC and the appropriate federal
the institution’s compliance with laws and holding companies have flexibility in banking agency [specify the appropriate
regulations, management’s assessment of the interpreting ‘‘financial reporting’’ as it relates federal banking agency, if applicable]. The
effectiveness of internal control over to ‘‘regulatory reporting’’ and has not following subsidiary institutions of the
financial reporting (if applicable), and the objected to several reporting approaches Company that are subject to Part 363 are
independent public accountant’s attestation employed by holding companies to cover included in the scope of this management
on management’s assertion as to the ‘‘regulatory reporting.’’ Certain holding report: [Identify the subsidiary institutions.]
BCD Holding Company ABC Depository Institution and regulations relating to safety and
lllllllllllllllllllll lllllllllllllllllllll soundness.]
John Doe, Chief Executive Officer John Doe, Chief Executive Officer BCD Holding Company
Date: llllllllllllllllll Date: llllllllllllllllll lllllllllllllllllllll
lllllllllllllllllllll lllllllllllllllllllll John Doe, Chief Executive Officer
Jane Doe, Chief Financial Officer Jane Doe, Chief Financial Officer Date: llllllllllllllllll
Date: llllllllllllllllll Date: llllllllllllllllll lllllllllllllllllllll
4. Illustrative Management Report— (c) Statement Made at Holding Company Jane Doe, Chief Financial Officer
Management’s Assessment of Compliance Level—Compliance Date: llllllllllllllllll
with Laws and Regulations. The following To: The Board of Directors and Audit 5. Illustrative Management Report—
illustrative reports of management’s Committee, BCD Holding Company Management’s Assessment of Internal
assessment of compliance with laws and Re: Management’s Assessment of Compliance Control Over Financial Reporting. The
regulations satisfy the requirements of with Laws and Regulations following illustrative reports of
§ 363.2(b)(2). The management of BCD Holding management’s assessment of internal control
(a) Statement Made at Insured Depository Company (the ‘‘Company’’) has assessed the over financial reporting satisfy the
Institution Level—Compliance Company’s compliance with the laws and requirements of § 363.2(b)(3).
To: The Board of Directors and Audit regulations relating to safety and soundness (a) Statement Made at Insured Depository
Committee, ABC Depository Institution that are designated by the FDIC and the Institution Level—No Material Weaknesses
Re: Management’s Assessment of Compliance appropriate federal banking agency [specify To: The Board of Directors and Audit
with Laws and Regulations the appropriate federal banking agency, if Committee, ABC Depository Institution
The management of ABC Depository applicable] during the fiscal year that ended Re: Management’s Assessment of Internal
on December 31, 20XX. Based upon its Control Over Financial Reporting
Institution (the ‘‘Institution’’) has assessed
assessment, management has concluded that ABC Depository Institution’s (the
the Institution’s compliance with the laws
the Company complied with the laws and ‘‘Institution’’) internal control over financial
and regulations relating to safety and
regulations relating to safety and soundness reporting is a process designed to provide
soundness that are designated by the FDIC
that are designated by the FDIC and the reasonable assurance regarding the reliability
and the appropriate federal banking agency
appropriate federal banking agency [specify
[specify the appropriate federal banking of financial reporting and the preparation of
appropriate federal banking agency, if
agency, if applicable] during the fiscal year financial statements in accordance with
applicable] during the fiscal year that ended
that ended on December 31, 20XX. Based accounting principles generally accepted in
on December 31, 20XX. The following
upon its assessment, management has the United States of America, including those
subsidiary institutions of the Company that
concluded that the Institution complied with prepared for regulatory reporting purposes
are subject to Part 363 are included in the
the laws and regulations relating to safety [specify the regulatory reports]. The
scope of management’s assessment of
and soundness that are designated by the Institution’s internal control over financial
compliance with laws and regulations:
FDIC and the appropriate federal banking reporting includes those policies and
[Identify the subsidiary institutions.]
agency [specify the appropriate federal procedures that (1) pertain to the
banking agency, if applicable] during the BCD Holding Company maintenance of records that, in reasonable
lllllllllllllllllllll detail, accurately and fairly reflect the
fiscal year that ended on December 31, 20XX.
John Doe, Chief Executive Officer transactions and dispositions of the assets of
ABC Depository Institution Date: llllllllllllllllll
lllllllllllllllllllll the Institution; (2) provide reasonable
lllllllllllllllllllll assurance that transactions are recorded as
John Doe, Chief Executive Officer Jane Doe, Chief Financial Officer
Date: llllllllllllllllll necessary to permit preparation of financial
Date: llllllllllllllllll statements in accordance with accounting
lllllllllllllllllllll (d) Statement Made at Holding Company
Jane Doe, Chief Financial Officer principles generally accepted in the United
Level—Noncompliance States of America, and that receipts and
Date: llllllllllllllllll To: The Board of Directors and Audit expenditures of the Institution are being
(b) Statement Made at Insured Depository Committee, BCD Holding Company made only in accordance with authorizations
Institution Level—Noncompliance Re: Management’s Assessment of Compliance of management and directors of the
To: The Board of Directors and Audit with Laws and Regulations Institution; and (3) provide reasonable
Committee, ABC Depository Institution The management of BCD Holding assurance regarding prevention or timely
Re: Management’s Assessment of Compliance Company (the ‘‘Company’’) has assessed the detection of unauthorized acquisition, use, or
with Laws and Regulations Company’s compliance with the laws and disposition of the Institution’s assets that
The management of ABC Depository regulations relating to safety and soundness could have a material effect on the financial
Institution (the ‘‘Institution’’) has assessed that are designated by the FDIC and the statements.
the Institution’s compliance with the laws appropriate federal banking agency [specify Because of its inherent limitations, internal
and regulations relating to safety and the appropriate federal banking agency, if control over financial reporting may not
soundness that are designated by the FDIC applicable] during the fiscal year that ended prevent or detect misstatements. Also,
and the appropriate federal banking agency on December 31, 20XX. The following projections of any evaluation of effectiveness
[specify the appropriate federal banking subsidiary institutions of the Company that to future periods are subject to the risk that
agency, if applicable] during the fiscal year are subject to Part 363 are included in the controls may become inadequate because of
that ended on December 31, 20XX. Because scope of management’s assessment of changes in conditions, or that the degree of
of the noncompliance during the fiscal year compliance with laws and regulations: compliance with the policies and procedures
that ended on December 31, 20XX, with the [Identify the subsidiary institutions.] may deteriorate.
laws and regulations relating to safety and Because of the noncompliance during the Management assessed the effectiveness of
soundness noted below, management has fiscal year that ended on December 31, 20XX, the Institution’s internal control over
determined that the Institution did not with the laws and regulations relating to financial reporting, including controls over
comply with the laws and regulations safety and soundness noted below, preparation of regulatory financial statements
relating to safety and soundness that are management has determined that the in accordance with the instructions for
designated by the FDIC and the appropriate Company did not comply with the laws and regulatory reporting [specify the regulatory
federal banking agency [specify the regulations relating to safety and soundness reporting instructions], as of December 31,
appropriate federal banking agency, if that are designated by the FDIC and the 20XX, based on the framework set forth by
applicable] during the fiscal year that ended appropriate federal banking agency [specify the Committee of Sponsoring Organizations
on December 31, 20XX. the appropriate federal banking agency, if of the Treadway Commission in Internal
[Identify and describe the instance or applicable] during the fiscal year that ended Control—Integrated Framework. Based on
instances of noncompliance with the laws on December 31, 20XX. that assessment, management concluded that,
and regulations relating to safety and [Identify and describe the instance or as of December 31, 20XX, the Institution’s
soundness.] instances of noncompliance with the laws internal control over financial reporting,
including controls over preparation of statements in accordance with the to future periods are subject to the risk that
regulatory financial statements in accordance instructions for regulatory reporting [specify controls may become inadequate because of
with the instructions for regulatory reporting the regulatory reporting instructions], as of changes in conditions, or that the degree of
[specify the regulatory reporting December 31, 20XX, based on the framework compliance with the policies and procedures
instructions], is effective based on the criteria set forth by the Committee of Sponsoring may deteriorate.
established in Internal Control—Integrated Organizations of the Treadway Commission Management assessed the effectiveness of
Framework. in Internal Control—Integrated Framework. the Company’s internal control over financial
Management’s assessment of the Because of the material weakness (or reporting, including controls over the
effectiveness of internal control over weaknesses) noted below, management preparation of regulatory financial statements
financial reporting, including controls over determined that the Institution’s internal in accordance with the instructions for
the preparation of regulatory financial control over financial reporting, including regulatory reporting [specify the regulatory
statements in accordance with the controls over the preparation of regulatory reporting instructions], as of December 31,
instructions for regulatory reporting [specify financial statements in accordance with the 20XX, based on the framework set forth by
the regulatory reporting instructions], as of instructions for regulatory reporting [specify the Committee of Sponsoring Organizations
December 31, 20XX, has been audited by the regulatory reporting instructions], was of the Treadway Commission in Internal
[name of auditing firm], an independent not effective as of December 31, 20XX. Control—Integrated Framework. Based on
public accounting firm, as stated in their [Identify and describe the material that assessment, management concluded that,
report dated March XX, 20XX. weakness or weaknesses.] as of December 31, 20XX, the Company’s
ABC Depository Institution Management’s assessment of the internal control over financial reporting,
lllllllllllllllllllll effectiveness of internal control over including controls over the preparation of
John Doe, Chief Executive Officer financial reporting, including controls over regulatory financial statements in accordance
Date: llllllllllllllllll the preparation of regulatory financial with the instructions for regulatory reporting
lllllllllllllllllllll statements in accordance with the [specify the regulatory reporting
Jane Doe, Chief Financial Officer instructions for regulatory reporting [specify instructions], is effective based on the criteria
Date: llllllllllllllllll the regulatory reporting instructions], as of established in Internal Control—Integrated
(b) Statement Made at Insured Depository December 31, 20XX, has been audited by Framework. The following subsidiary
Institution Level—One or More Material [name of auditing firm], an independent institutions of the Company that are subject
Weaknesses public accounting firm, as stated in their to Part 363 are included in the scope of this
To: The Board of Directors and Audit report dated March XX, 20XX. assessment of internal control over financial
Committee, ABC Depository Institution ABC Depository Institution reporting: [Identify the subsidiary
Re: Management’s Assessment of Internal lllllllllllllllllllll institutions.]
Control Over Financial Reporting John Doe, Chief Executive Officer Management’s assessment of the
Date: llllllllllllllllll effectiveness of internal control over
ABC Depository Institution’s (the financial reporting, including controls over
‘‘Institution’’) internal control over financial lllllllllllllllllllll
Jane Doe, Chief Financial Officer the preparation of regulatory financial
reporting is a process designed to provide statements in accordance with the
reasonable assurance regarding the reliability Date: llllllllllllllllll
instructions for regulatory reporting [specify
of financial reporting and the preparation of (c) Statement Made at Holding Company
the regulatory reporting instructions], as of
financial statements in accordance with Level—No Material Weaknesses
December 31, 20XX, has been audited by
accounting principles generally accepted in To: The Board of Directors and Audit
[name of auditing firm], an independent
the United States of America, including those Committee, BCD Holding Company
public accounting firm, as stated in their
prepared for regulatory reporting purposes Re: Management’s Assessment of Internal
report dated March XX, 20XX.
[specify the regulatory reports]. The Control Over Financial Reporting
Institution’s internal control over financial BCD Holding Company
BCD Holding Company’s (the ‘‘Company’’)
reporting includes those policies and lllllllllllllllllllll
internal control over financial reporting is a
procedures that (1) pertain to the John Doe, Chief Executive Officer
process designed to provide reasonable
maintenance of records that, in reasonable Date: llllllllllllllllll
assurance regarding the reliability of
detail, accurately and fairly reflect the lllllllllllllllllllll
financial reporting and the preparation of
transactions and dispositions of the assets of Jane Doe, Chief Financial Officer
financial statements in accordance with
the Institution; (2) provide reasonable Date: llllllllllllllllll
accounting principles generally accepted in
assurance that transactions are recorded as the United States of America, including those (d) Statement Made at Holding Company
necessary to permit preparation of financial prepared for regulatory reporting purposes Level—One or More Material Weaknesses
statements in accordance with accounting [specify the regulatory reports]. The To: The Board of Directors and Audit
principles generally accepted in the United Company’s internal control over financial Committee, BCD Holding Company
States of America, and that receipts and reporting includes those policies and Re: Management’s Assessment of Internal
expenditures of the Institution are being procedures that (1) pertain to the Control Over Financial Reporting
made only in accordance with authorizations maintenance of records that, in reasonable BCD Holding Company’s (the ‘‘Company’’)
of management and directors of the detail, accurately and fairly reflect the internal control over financial reporting is a
Institution; and (3) provide reasonable transactions and dispositions of the assets of process designed to provide reasonable
assurance regarding prevention or timely the Company; (2) provide reasonable assurance regarding the reliability of
detection of unauthorized acquisition, use, or assurance that transactions are recorded as financial reporting and the preparation of
disposition of the Institution’s assets that necessary to permit preparation of financial financial statements in accordance with
could have a material effect on the financial statements in accordance with accounting accounting principles generally accepted in
statements. principles generally accepted in the United the United States of America, including those
Because of its inherent limitations, internal States of America, and that receipts and prepared for regulatory reporting purposes
control over financial reporting may not expenditures of the Company are being made [specify the regulatory reports]. The
prevent or detect misstatements. Also, only in accordance with authorizations of Company’s internal control over financial
projections of any evaluation of effectiveness management and directors of the Company; reporting includes those policies and
to future periods are subject to the risk that and (3) provide reasonable assurance procedures that (1) pertain to the
controls may become inadequate because of regarding prevention or timely detection of maintenance of records that, in reasonable
changes in conditions, or that the degree of unauthorized acquisition, use, or disposition detail, accurately and fairly reflect the
compliance with the policies and procedures of the Company’s assets that could have a transactions and dispositions of the assets of
may deteriorate. material effect on the financial statements. the Company; (2) provide reasonable
Management assessed the effectiveness of Because of its inherent limitations, internal assurance that transactions are recorded as
the Institution’s internal control over control over financial reporting may not necessary to permit preparation of financial
financial reporting, including controls over prevent or detect misstatements. Also, statements in accordance with accounting
the preparation of regulatory financial projections of any evaluation of effectiveness principles generally accepted in the United
States of America, and that receipts and with Laws and Regulations and No Material disposition of the Institution’s assets that
expenditures of the Company are being made Weaknesses in Internal Control Over could have a material effect on the financial
only in accordance with authorizations of Financial Reporting statements.
management and directors of the Company; To: The Board of Directors and Audit Because of its inherent limitations, internal
and (3) provide reasonable assurance Committee, ABC Depository Institution control over financial reporting may not
regarding prevention or timely detection of Re: Management Report prevent or detect misstatements. Also,
unauthorized acquisition, use, or disposition projections of any evaluation of effectiveness
of the Company’s assets that could have a Statement of Management’s Responsibilities to future periods are subject to the risk that
material effect on the financial statements. The management of ABC Depository controls may become inadequate because of
Because of its inherent limitations, internal Institution (the ‘‘Institution’’) is responsible changes in conditions, or that the degree of
control over financial reporting may not for preparing the Institution’s annual compliance with the policies and procedures
prevent or detect misstatements. Also, financial statements in accordance with may deteriorate.
projections of any evaluation of effectiveness generally accepted accounting principles; for Management assessed the effectiveness of
to future periods are subject to the risk that establishing and maintaining an adequate the Institution’s internal control over
controls may become inadequate because of internal control structure and procedures for financial reporting, including controls over
changes in conditions, or that the degree of financial reporting, including controls over the preparation of regulatory financial
compliance with the policies and procedures the preparation of regulatory financial statements in accordance with the
may deteriorate. statements in accordance with the instructions for regulatory reporting [specify
Management assessed the effectiveness of instructions for regulatory reporting [specify the regulatory reporting instructions], as of
the Company’s internal control over financial the regulatory reporting instructions]; and for December 31, 20XX, based on the framework
reporting, including controls over the complying with laws and regulations relating set forth by the Committee of Sponsoring
preparation of regulatory financial statements to safety and soundness that are designated Organizations of the Treadway Commission
in accordance with the instructions for by the FDIC and the appropriate federal in Internal Control—Integrated Framework.
regulatory reporting [specify the regulatory banking agency [specify the appropriate Based on that assessment, management
reporting instructions], as of December 31, federal banking agency, if applicable]. concluded that, as of December 31, 20XX, the
20XX, based on the framework set forth by Institution’s internal control over financial
the Committee of Sponsoring Organizations Management’s Assessment of Compliance reporting, including controls over the
of the Treadway Commission in Internal With Laws and Regulations preparation of regulatory financial statements
Control—Integrated Framework. Because of Management of ABC Depository Institution in accordance with the instructions for
the material weakness (or weaknesses) noted (the ‘‘Institution’’) has assessed the regulatory reporting [specify the regulatory
below, management determined that the Institution’s compliance with the laws and reporting instructions], is effective based on
Company’s internal control over financial regulations relating to safety and soundness the criteria established in Internal Control—
reporting, including controls over the that are designated by the FDIC and the Integrated Framework.
preparation of regulatory financial statements appropriate federal banking agency [specify Management’s assessment of the
in accordance with the instructions for the appropriate federal banking agency, if effectiveness of internal control over
regulatory reporting [specify the regulatory applicable] during the fiscal year that ended financial reporting, including controls over
reporting instructions], was not effective as of on December 31, 20XX. Based upon its the preparation of regulatory financial
December 31, 20XX. The following assessment, management has concluded that statements in accordance with the
subsidiary institutions of the Company that the Institution complied with the laws and instructions for regulatory reporting [specify
are subject to Part 363 are included in the regulations relating to safety and soundness the regulatory reporting instructions], as of
scope of this assessment of internal control that are designated by the FDIC and the December 31, 20XX, has been audited by
over financial reporting: [Identify the appropriate federal banking agency (specify [name of auditing firm], an independent
subsidiary institutions.] the appropriate federal banking agency, if public accounting firm, as stated in their
[Identify and describe the material applicable) during the fiscal year that ended report dated March XX, 20XX.
weakness or weaknesses.] on December 31, 20XX. ABC Depository Institution
Management’s assessment of the lllllllllllllllllllll
effectiveness of internal control over Management’s Assessment of Internal John Doe, Chief Executive Officer
financial reporting, including controls over Control Over Financial Reporting Date: llllllllllllllllll
the preparation of regulatory financial ABC Depository Institution’s (the lllllllllllllllllllll
statements in accordance with the ‘‘Institution’’) internal control over financial Jane Doe, Chief Financial Officer
instructions for regulatory reporting [specify reporting is a process designed to provide Date: llllllllllllllllll
the regulatory reporting instructions], as of reasonable assurance regarding the reliability (b) Management Report Made at Holding
December 31, 20XX, has been audited by of financial reporting and the preparation of Company Level—Compliance with Laws and
[name of auditing firm], an independent financial statements in accordance with Regulations and No Material Weaknesses in
public accounting firm, as stated in their accounting principles generally accepted in Internal Control Over Financial Reporting
report dated March XX, 20XX. the United States of America, including those To: The Board of Directors and Audit
BCD Holding Company prepared for regulatory reporting purposes Committee, BCD Holding Company
lllllllllllllllllllll [specify the regulatory reports]. The Re: Management Report
John Doe, Chief Executive Officer Institution’s internal control over financial
reporting includes those policies and Statement of Management’s Responsibilities
Date: llllllllllllllllll
procedures that (1) pertain to the The management of BCD Holding
lllllllllllllllllllll
maintenance of records that, in reasonable Company (the ‘‘Company’’) is responsible for
Jane Doe, Chief Financial Officer
detail, accurately and fairly reflect the preparing the Company’s annual financial
Date: llllllllllllllllll
transactions and dispositions of the assets of statements in accordance with generally
6. Illustrative Management Report— the Institution; (2) provide reasonable accepted accounting principles; for
Combined Statement of Management’s assurance that transactions are recorded as establishing and maintaining an adequate
Responsibilities, Management’s Assessment necessary to permit preparation of financial internal control structure and procedures for
of Compliance with Laws and Regulations, statements in accordance with accounting financial reporting, including controls over
and Management’s Assessment of the principles generally accepted in the United the preparation of regulatory financial
Effectiveness of Internal Control Over States of America, and that receipts and statements in accordance with the
Financial Reporting, if applicable. The expenditures of the Institution are being instructions for regulatory reporting [specify
following illustrative management reports made only in accordance with authorizations the regulatory reporting instructions]; and for
satisfy the requirements of §§ 363.2(b)(1), (2), of management and directors of the complying with laws and regulations relating
and (3). Institution; and (3) provide reasonable to safety and soundness that are designated
(a) Management Report Made at Insured assurance regarding prevention or timely by the FDIC and the appropriate federal
Depository Institution Level—Compliance detection of unauthorized acquisition, use, or banking agency [specify the appropriate
federal banking agency, if applicable]. The necessary to permit preparation of financial [name of auditing firm], an independent
following subsidiary institutions of the statements in accordance with accounting public accounting firm, as stated in their
Company that are subject to Part 363 are principles generally accepted in the United report dated March XX, 20XX.
included in the scope of this management States of America, and that receipts and BCD Holding Company
report, management’s assessment of expenditures of the Company are being made lllllllllllllllllllll
compliance with laws and regulations, and only in accordance with authorizations of John Doe, Chief Executive Officer
management’s assessment of internal control management and directors of the Company; Date: llllllllllllllllll
over financial reporting: [Identify the and (3) provide reasonable assurance
subsidiary institutions.] regarding prevention or timely detection of lllllllllllllllllllll
unauthorized acquisition, use, or disposition Jane Doe, Chief Financial Officer
Management’s Assessment of Compliance of the Company’s assets that could have a Date: llllllllllllllllll
With Laws and Regulations material effect on the financial statements. 7. Illustrative Cover Letter—Compliance by
Management of BCD Holding Company Because of its inherent limitations, internal Holding Company Subsidiaries. The
(the ‘‘Company’’) has assessed the Company’s control over financial reporting may not following illustrative cover letter satisfies the
compliance with the laws and regulations prevent or detect misstatements. Also, requirements of guideline 3, Compliance by
relating to safety and soundness that are projections of any evaluation of effectiveness Holding Company Subsidiaries, of Appendix
designated by the FDIC and the appropriate to future periods are subject to the risk that A to part 363.
federal banking agency [specify the controls may become inadequate because of To: (Appropriate FDIC Regional or Area
appropriate federal banking agency, if changes in conditions, or that the degree of Office) Division of Supervision and
applicable] during the fiscal year that ended compliance with the policies and procedures
Consumer Protection, FDIC, and
on December 31, 20XX. Based upon its may deteriorate.
assessment, management has concluded that (Appropriate District or Regional Office of
Management assessed the effectiveness of
the Company complied with the laws and the Primary Federal Regulator(s), if not the
the Company’s internal control over financial
regulations relating to safety and soundness FDIC), and (Appropriate State Bank
reporting, including controls over the
that are designated by the FDIC and the Supervisor(s), if applicable)
preparation of regulatory financial statements
appropriate federal banking agency [specify in accordance with the instructions for Dear [Insert addressees]:
appropriate federal banking agency, if regulatory reporting [specify the regulatory BCD Holding Company (the ‘‘Company’’) is
applicable] during the fiscal year that ended reporting instructions], as of December 31, filing two copies of the Part 363 Annual
on December 31, 20XX. 20XX, based on the framework set forth by Report for the fiscal year ended December 31,
the Committee of Sponsoring Organizations 20XX, on behalf of its insured depository
Management’s Assessment of Internal institution subsidiaries listed in the chart
of the Treadway Commission in Internal
Control Over Financial Reporting Control—Integrated Framework. Based on below that are subject to Part 363. The Part
BCD Holding Company’s (the ‘‘Company’’) that assessment, management concluded that, 363 Annual Report contains audited
internal control over financial reporting is a as of December 31, 20XX, the Company’s comparative annual financial statements, the
process designed to provide reasonable internal control over financial reporting, independent public accountant’s report on
assurance regarding the reliability of including controls over the preparation of the audited financial statements,
financial reporting and the preparation of regulatory financial statements in accordance management’s statement of responsibilities,
financial statements in accordance with with the instructions for regulatory reporting management’s assessment of compliance
accounting principles generally accepted in [specify the regulatory reporting with laws and regulations, and [if applicable]
the United States of America, including those instructions], is effective based on the criteria management’s assessment of and the
prepared for regulatory reporting purposes established in Internal Control—Integrated independent public accountant’s attestation
[specify the regulatory reports]. The Framework. report on internal controls over financial
Company’s internal control over financial Management’s assessment of the reporting. The chart below also indicates the
reporting includes those policies and effectiveness of internal control over level (institution or holding company) at
procedures that (1) pertain to the financial reporting, including controls over which the requirements of Part 363 are being
maintenance of records that, in reasonable the preparation of regulatory financial satisfied. The Company’s insured depository
detail, accurately and fairly reflect the statements in accordance with the institution subsidiary that complies with all
transactions and dispositions of the assets of instructions for regulatory reporting [specify of the Part 363 annual reporting requirements
the Company; (2) provide reasonable the regulatory reporting instructions], as of at the institution level has filed [or will file]
assurance that transactions are recorded as December 31, 20XX, has been audited by its Part 363 Annual Report separately.
Management’s
Management’s Management’s Independent auditor’s
Institutions subject to Audited financial assessment of
statement of internal control internal control
part 363 statements compliance with laws
responsibilities assessment attestation report
and regulations
ABC Depository Insti- HC Level ................... HC Level ................... HC Level ................... HC Level ................... HC Level.
tution.
DEF Depository Insti- HC Level ................... Institution Level ......... Institution Level ......... Institution Level ......... Institution Level.
tution.
If you have any questions regarding the BCD Holding Company Federal Deposit Insurance Corporation.
annual report [or reports] of the Company’s Date: llllllllllllllllll Robert E. Feldman,
insured depository institution subsidiaries [Insert officer’s name and title.] Executive Secretary.
subject to part 363 or if you need any further By order of the Board of Directors.
information, you may contact me at 987– [FR Doc. E7–21168 Filed 11–1–07; 8:45 am]
654–3210. Dated at Washington, DC, this 16th day of
BILLING CODE 6714–01–P
October, 2007.

Proposed Rule: Practice and Procedure: Annual Independent Audits and Reporting Requirements

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Proposed Rule: Practice and Procedure: Annual Independent Audits and Reporting Requirements

Încărcat de

Drepturi de autor:

Formate disponibile

Friday,

actions with the FDIC.

TABLE OF PROPOSED CHANGES TO PART 363 AND APPENDICES

Part 363—Annual Independent Audits and Reporting Requirements

Table of Contents ............................................................................................................ .................... X .................... ....................

OMB Control Number

§ 363.0 ............................................................................................................................. X .................... .................... ....................

§ 363.1(a) ......................................................................................................................... .................... X .................... ....................

§ 363.1(d) ......................................................................................................................... .................... .................... X ....................

Annual Reporting Requirements

§ 363.2(a) ......................................................................................................................... .................... X .................... ....................

TABLE OF PROPOSED CHANGES TO PART 363 AND APPENDICES—Continued

§ 363.2(b)(2) ..................................................................................................................... .................... X .................... ....................

Independent Public Accountant

§ 363.3(a) ......................................................................................................................... X .................... .................... ....................

Filing and Notice Requirements

§ 363.4(a) ......................................................................................................................... .................... X .................... ....................

§ 363.5(a) ......................................................................................................................... .................... X .................... ....................

Appendix A to Part 363—Guidelines and Interpretations

Table of Contents ............................................................................................................ .................... X .................... ....................

Guideline 1 ....................................................................................................................... X .................... .................... ....................

Annual Reporting Requirements (§ 363.2)

Guideline 5 ....................................................................................................................... .................... X .................... ....................

Role of Independent Public Accountant (§ 363.3)

Guideline 13 ..................................................................................................................... .................... X .................... ....................

Guideline 21 ..................................................................................................................... X .................... .................... ....................

Filing and Notice Requirements (§ 363.4)

Guideline 22 ..................................................................................................................... .................... .................... .................... X

TABLE OF PROPOSED CHANGES TO PART 363 AND APPENDICES—Continued

Guideline 25 ..................................................................................................................... .................... .................... .................... X

Audit Committees (§ 363.5)

Guideline 27 ..................................................................................................................... .................... X .................... ....................

Guideline 36 ..................................................................................................................... X .................... .................... ....................

SEC staff in consultation with the staff

attributes described in amended Committee 2003, dated March 5, 2003.

accountant to have received a peer

the accountant or firm. Additionally, the

substantial number of small entities.

1 In the United States, the Committee of

management of the institution. The full compliance with, the provisions of

Insider Loans—Parts and/or Sections of Title 12 of the United States Code

375a .................................... Loans to Executive Officers of Banks ............................ √ √ (A) (A)

Parts and/or Sections of Title 12 of the Code of Federal Regulations

31 ........................................ Extensions of Credit to Insiders ..................................... √ .................... .................... ....................

Dividend Restrictions—Parts and/or Sections of Title 12 of the United States Code

56 ........................................ Prohibition on Withdrawal of Capital and Unearned √ √ .................... ....................

Parts and/or Sections of Title 12 of the Code of Federal Regulations

5 Subpart E ........................ Payment of Dividends ..................................................... √ .................... .................... ....................

C. Applies only to insured state branches of foreign banks.

S-ar putea să vă placă și