Friday,
November 2, 2007
Part II
Federal Deposit
Insurance
Corporation
12 CFR Parts 308 and 363
Annual Independent Audits and Reporting
Requirements; Proposed Rule
VerDate Aug<31>2005 16:31 Nov 01, 2007 Jkt 211001 PO 00000 Frm 00001 Fmt 4717 Sfmt 4717 E:\FR\FM\02NOP2.SGM 02NOP2
pwalker on PROD1PC71 with PROPOSALS2
November 2, 2007
Part II
Federal Deposit
Insurance
Corporation
12 CFR Parts 308 and 363
Annual Independent Audits and Reporting
Requirements; Proposed Rule
VerDate Aug<31>2005 16:31 Nov 01, 2007 Jkt 211001 PO 00000 Frm 00001 Fmt 4717 Sfmt 4717 E:\FR\FM\02NOP2.SGM 02NOP2
pwalker on PROD1PC71 with PROPOSALS2
62310 Federal Register / Vol. 72, No. 212 / Friday, November 2, 2007 / Proposed Rules
FEDERAL DEPOSIT INSURANCE
CORPORATION
12 CFR Parts 308 and 363
RIN 3064–AD21
Annual Independent Audits and
Reporting Requirements
AGENCY: Federal Deposit Insurance
Corporation (FDIC).
ACTION: Notice of proposed rulemaking.
SUMMARY: Section 36 of the Federal
Deposit Insurance Act (FDI Act) and the
FDIC’s implementing regulations (part
363) set forth annual independent audit
and reporting requirements for insured
depository institutions with $500
million or more in total assets. Given
changes in the industry, certain sound
audit, reporting, and audit committee
practices incorporated in the Sarbanes-
Oxley Act of 2002 (SOX); and the FDIC’s
experience in administering part 363,
the FDIC is proposing to amend part 363
of its regulations. These amendments
are designed to further the objectives of
section 36 by incorporating these sound
practices into part 363 and to provide
clearer and more complete guidance to
institutions and independent public
accountants concerning compliance
with the requirements of section 36 and
part 363. As required by section 36, the
FDIC has consulted with the other
federal banking agencies. The FDIC is
also proposing a technical amendment
to its rules and procedures (part 308,
subpart U) for the removal, suspension,
or debarment of accountants and
accounting firms.
DATES: Comments must be received on
or before January 31, 2008.
ADDRESSES: You may submit comments
by any of the following methods:
• Agency Web Site: http://
www.fdic.gov/regulations/laws/federal.
Follow instructions for submitting
comments on the Agency Web Site.
• E-mail: Comments@FDIC.gov.
Include ‘‘Part 363—Independent Audits
and Reporting Requirements’’ in the
subject line of the message.
• Mail: Robert E. Feldman, Executive
Secretary, Attention: Comments, Federal
Deposit Insurance Corporation, 550 17th
Street, NW., Washington, DC 20429.
• Hand Delivery/Courier: Guard
station at the rear of the 550 17th Street
Building (located on F Street) on
business days between 7 a.m. and 5 p.m.
• Federal eRulemaking Portal: http://
www.regulations.gov. Follow the
instructions for submitting comments.
Public Inspection: All comments
received will be posted without change
to http://www.fdic.gov/regulations/laws/
federal including any personal
information provided. Comments may
be inspected and photocopied in the
FDIC Public Information Center, 3501
North Fairfax Drive, Room E–1002,
Arlington, VA 22226, between 9 a.m.
and 5 p.m. on business days. Paper
copies of public comments may be
ordered from the Public Information
Center by telephone at (877) 275–3342
or (703) 562–2200.
FOR FURTHER INFORMATION CONTACT:
Harrison E. Greene, Jr., Senior Policy
Analyst (Bank Accounting), Division of
Supervision and Consumer Protection,
at hgreene@fdic.gov or (202) 898–8905;
or Michelle Borzillo, Counsel,
Supervision and Legislation Section,
Legal Division, at mborzillo@fdic.gov or
(202) 898–7400.
SUPPLEMENTARY INFORMATION:
I. Executive Summary
Section 36 of the Federal Deposit
Insurance Act (FDI Act) and the FDIC’s
implementing regulations (part 363) are
generally intended to facilitate early
identification of problems in financial
management at insured depository
institutions with total assets above
certain thresholds through annual
independent audits, assessments of the
effectiveness of internal control over
financial reporting and compliance with
designated laws and regulations, the
establishment of independent audit
committees, and related reporting
requirements. The asset-size threshold
for internal control assessments is
$1 billion and the threshold for the
other requirements is $500 million.
Given changes in the industry, certain
sound audit, reporting, and audit
committee practices incorporated in the
Sarbanes-Oxley Act of 2002 (SOX); and
the FDIC’s experience in administering
part 363, the FDIC is proposing to
amend part 363 of its regulations. These
amendments are designed to further the
objectives of section 36 by incorporating
these sound practices into part 363 and
to provide clearer and more complete
guidance to institutions and
independent public accountants
concerning compliance with the
requirements of section 36 and part 363.
The most significant revisions
included in the proposed amendments
would: (1) Require management and the
independent public accountant to
identify the internal control framework
used to evaluate internal control over
financial reporting and disclose all
identified material weaknesses; (2)
extend the time period for a non-public
institution to file its Part 363 Annual
Report by 30 days and replace the 30-
day extensions of the filing deadline
that may be granted if an institution
(public or non-public) is confronted
with extraordinary circumstances
beyond its reasonable control with a late
filing notification requirement that
would have general applicability; (3)
provide relief from the annual reporting
requirements for institutions that are
merged out of existence before the filing
deadline; (4) provide relief from
reporting on internal control over
financial reporting for businesses
acquired during the fiscal year; (5)
require management’s assessment of
compliance with designated safety and
soundness laws and regulations to state
management’s conclusion regarding
compliance and disclose any
noncompliance with such laws and
regulations; (6) clarify the independence
standards with which independent
public accountants must comply and
enhance the enforceability of
compliance with these standards; (7)
specify that the duties of the audit
committee include the appointment,
compensation, and oversight of the
independent public accountant; (8)
require audit committees to ensure that
audit engagement letters do not contain
unsafe and unsound limitation of
liability provisions and require
institutions to file copies of these letters;
(9) require certain communications by
independent public accountants to audit
committees and establish retention
requirements for audit working papers;
(10) require boards of directors to adopt
written criteria for evaluating an audit
committee member’s independence and
provide expanded guidance for boards
of directors to use in determining
independence; (11) require the total
assets of a holding company’s insured
depository institution subsidiaries to
comprise 75 percent or more of the
holding company’s consolidated total
assets in order for an institution to
comply with part 363 at the holding
company level; and (12) provide
illustrative management reports to assist
institutions in complying with the
annual reporting requirements.
The FDIC is also proposing to amend
its rules and procedures (part 308,
subpart U) for the removal, suspension,
or debarment of accountants and
accounting firms from performing audit
services required by section 36 of the
FDI Act by specifying where an
accountant or accounting firm should
file required notices of orders and
actions with the FDIC.
II. Background
Section 112 of the Federal Deposit
Insurance Corporation Improvement Act
of 1991 (FDICIA) added section 36,
‘‘Early Identification of Needed
VerDate Aug<31>2005 16:31 Nov 01, 2007 Jkt 211001 PO 00000 Frm 00002 Fmt 4701 Sfmt 4702 E:\FR\FM\02NOP2.SGM 02NOP2
pwalker on PROD1PC71 with PROPOSALS2
FEDERAL DEPOSIT INSURANCE
CORPORATION
12 CFR Parts 308 and 363
RIN 3064–AD21
Annual Independent Audits and
Reporting Requirements
AGENCY: Federal Deposit Insurance
Corporation (FDIC).
ACTION: Notice of proposed rulemaking.
SUMMARY: Section 36 of the Federal
Deposit Insurance Act (FDI Act) and the
FDIC’s implementing regulations (part
363) set forth annual independent audit
and reporting requirements for insured
depository institutions with $500
million or more in total assets. Given
changes in the industry, certain sound
audit, reporting, and audit committee
practices incorporated in the Sarbanes-
Oxley Act of 2002 (SOX); and the FDIC’s
experience in administering part 363,
the FDIC is proposing to amend part 363
of its regulations. These amendments
are designed to further the objectives of
section 36 by incorporating these sound
practices into part 363 and to provide
clearer and more complete guidance to
institutions and independent public
accountants concerning compliance
with the requirements of section 36 and
part 363. As required by section 36, the
FDIC has consulted with the other
federal banking agencies. The FDIC is
also proposing a technical amendment
to its rules and procedures (part 308,
subpart U) for the removal, suspension,
or debarment of accountants and
accounting firms.
DATES: Comments must be received on
or before January 31, 2008.
ADDRESSES: You may submit comments
by any of the following methods:
• Agency Web Site: http://
www.fdic.gov/regulations/laws/federal.
Follow instructions for submitting
comments on the Agency Web Site.
• E-mail: Comments@FDIC.gov.
Include ‘‘Part 363—Independent Audits
and Reporting Requirements’’ in the
subject line of the message.
• Mail: Robert E. Feldman, Executive
Secretary, Attention: Comments, Federal
Deposit Insurance Corporation, 550 17th
Street, NW., Washington, DC 20429.
• Hand Delivery/Courier: Guard
station at the rear of the 550 17th Street
Building (located on F Street) on
business days between 7 a.m. and 5 p.m.
• Federal eRulemaking Portal: http://
www.regulations.gov. Follow the
instructions for submitting comments.
Public Inspection: All comments
received will be posted without change
to http://www.fdic.gov/regulations/laws/
federal including any personal
information provided. Comments may
be inspected and photocopied in the
FDIC Public Information Center, 3501
North Fairfax Drive, Room E–1002,
Arlington, VA 22226, between 9 a.m.
and 5 p.m. on business days. Paper
copies of public comments may be
ordered from the Public Information
Center by telephone at (877) 275–3342
or (703) 562–2200.
FOR FURTHER INFORMATION CONTACT:
Harrison E. Greene, Jr., Senior Policy
Analyst (Bank Accounting), Division of
Supervision and Consumer Protection,
at hgreene@fdic.gov or (202) 898–8905;
or Michelle Borzillo, Counsel,
Supervision and Legislation Section,
Legal Division, at mborzillo@fdic.gov or
(202) 898–7400.
SUPPLEMENTARY INFORMATION:
I. Executive Summary
Section 36 of the Federal Deposit
Insurance Act (FDI Act) and the FDIC’s
implementing regulations (part 363) are
generally intended to facilitate early
identification of problems in financial
management at insured depository
institutions with total assets above
certain thresholds through annual
independent audits, assessments of the
effectiveness of internal control over
financial reporting and compliance with
designated laws and regulations, the
establishment of independent audit
committees, and related reporting
requirements. The asset-size threshold
for internal control assessments is
$1 billion and the threshold for the
other requirements is $500 million.
Given changes in the industry, certain
sound audit, reporting, and audit
committee practices incorporated in the
Sarbanes-Oxley Act of 2002 (SOX); and
the FDIC’s experience in administering
part 363, the FDIC is proposing to
amend part 363 of its regulations. These
amendments are designed to further the
objectives of section 36 by incorporating
these sound practices into part 363 and
to provide clearer and more complete
guidance to institutions and
independent public accountants
concerning compliance with the
requirements of section 36 and part 363.
The most significant revisions
included in the proposed amendments
would: (1) Require management and the
independent public accountant to
identify the internal control framework
used to evaluate internal control over
financial reporting and disclose all
identified material weaknesses; (2)
extend the time period for a non-public
institution to file its Part 363 Annual
Report by 30 days and replace the 30-
day extensions of the filing deadline
that may be granted if an institution
(public or non-public) is confronted
with extraordinary circumstances
beyond its reasonable control with a late
filing notification requirement that
would have general applicability; (3)
provide relief from the annual reporting
requirements for institutions that are
merged out of existence before the filing
deadline; (4) provide relief from
reporting on internal control over
financial reporting for businesses
acquired during the fiscal year; (5)
require management’s assessment of
compliance with designated safety and
soundness laws and regulations to state
management’s conclusion regarding
compliance and disclose any
noncompliance with such laws and
regulations; (6) clarify the independence
standards with which independent
public accountants must comply and
enhance the enforceability of
compliance with these standards; (7)
specify that the duties of the audit
committee include the appointment,
compensation, and oversight of the
independent public accountant; (8)
require audit committees to ensure that
audit engagement letters do not contain
unsafe and unsound limitation of
liability provisions and require
institutions to file copies of these letters;
(9) require certain communications by
independent public accountants to audit
committees and establish retention
requirements for audit working papers;
(10) require boards of directors to adopt
written criteria for evaluating an audit
committee member’s independence and
provide expanded guidance for boards
of directors to use in determining
independence; (11) require the total
assets of a holding company’s insured
depository institution subsidiaries to
comprise 75 percent or more of the
holding company’s consolidated total
assets in order for an institution to
comply with part 363 at the holding
company level; and (12) provide
illustrative management reports to assist
institutions in complying with the
annual reporting requirements.
The FDIC is also proposing to amend
its rules and procedures (part 308,
subpart U) for the removal, suspension,
or debarment of accountants and
accounting firms from performing audit
services required by section 36 of the
FDI Act by specifying where an
accountant or accounting firm should
file required notices of orders and
actions with the FDIC.
II. Background
Section 112 of the Federal Deposit
Insurance Corporation Improvement Act
of 1991 (FDICIA) added section 36,
‘‘Early Identification of Needed
VerDate Aug<31>2005 16:31 Nov 01, 2007 Jkt 211001 PO 00000 Frm 00002 Fmt 4701 Sfmt 4702 E:\FR\FM\02NOP2.SGM 02NOP2
pwalker on PROD1PC71 with PROPOSALS2