I. FIRREA REQUIREMENTS
The Financial Institutions Reform, Recovery, and Enforcement Act (FIRREA) requires banks to provide certain materials to their independent auditors.
An FDIC insured bank that engaged the services of an independent auditor within two years prior to the enactment of FIRREA (August 9, 1989) must provide the auditor with a copy of the bank’s most recent Report of Condition and most recent examination report.
Where applicable, the bank must also provide:
(1) Any written agreement or memorandum of understanding between the bank and any supervisory agency that is in effect during the period covered by the audit; (2) Any final order that results from an action taken by a federal supervisory agency under section 8 of the Federal Deposit Insurance Act including termination of insurance, suspension or removal of a related party, civil money penalties, and cease-and-desist orders; (3) Any final order taken by a state banking agency; or (4) Any other civil penalty assessed against the bank or a related party.
Pending actions as well as final orders must be reported. The bank must provide such documents to auditors hired since August 9, 1987, even though no longer retained by the bank.
The FDIC requires the bank to ask the auditor for a receipt for the documents, along with the auditor’s acknowledgment that the documents are provided only to comply with FIRREA. The auditor must agree in writing to keep the examination report confidential, to refrain from copying it, and to return it to the bank or maintain it at the bank in a confidential file.
II. INTERAGENCY POLICY STATEMENT On July 23, 1992, the FDIC, FRB, OCC and OTS adopted a policy statement on coordination and communication between a bank’s external auditors and federal bank examiners. The policy statement provides guidelines regarding information that should be provided to external auditors and meetings between external auditors and examiners in connection with safety and soundness examinations. The following are the major points contained in the interagency policy statement.
A. Coordination of External Audits and Examinations When notified, institutions are encouraged to promptly advise their external auditors of the date(s) and scope of supervisory examinations in order to facilitate the auditors’ planning and scheduling of audit work. The external auditors may also advise the appropriate regulatory agency regarding the planned dates for the auditing work on the institution’s premises in order to facilitate coordination with the examiners. B. Other Information Provided by the Institution The bank should provide its external auditors with a copy of certain documents, including:
C. External Auditor Attendance at Meetings Between Management and Examiners Generally, the federal bank regulatory agencies encourage auditors to attend examination exit conferences upon completion of field work or other meetings between supervisory examiners and the bank’s management or Board of Directors (or a committee thereof) at which examination findings are discussed that are relevant to the scope of the audit. When other conferences between examiners and management are scheduled (i.e., do not involve examination findings relevant to the scope of the external auditor’s work), the bank shall first obtain approval from the appropriate federal bank agency in order for the auditor to attend the meetings. This does not preclude the federal bank agencies from holding meetings with bank management without auditor attendance or from requiring that the auditor attend only certain portions of the meetings.
D. Meetings and Discussions Between External Auditors and Examiners
An auditor may request a meeting with any or all of the appropriate federal bank regulatory agencies involved in the bank’s supervision or its holding company during, or after completion of, examinations in order to inquire about supervisory matters relevant to the bank under audit. External auditors should provide an agenda in advance to the agencies that will attend. The federal bank regulatory agencies will generally request that bank management be represented at the meeting. Examiners generally will only discuss with an auditor examination findings that have been presented to the bank’s management.
In certain cases, external auditors may wish to discuss with regulators matters relevant to the bank under audit at meetings without the representation from the bank’s management. External auditors may request such confidential meetings with any or all of the federal bank regulatory agencies, and the agencies may also request such meetings with the external auditor.
E. Confidentiality of Supervisory Information
While the policies of the federal bank regulatory agencies permit external auditors to have access to the previously mentioned information on banks under audit, banks and their auditors are reminded that information contained in examination reports, inspection reports, and supervisory discussions – including any summaries or quotations – is confidential supervisory information and must not be disclosed to any party without the written permission of the appropriate federal regulatory agency. Unauthorized disclosure of confidential supervisory information may subject the auditor to civil and criminal actions and fines and other penalties.
III. FDICIA REQUIREMENTS
The Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) also contained several provisions relating to audit reports, external auditors, auditor attestation, accounting principles, audit committees and exchanges of audit information.
A. Safety and Soundness Attestation
Section 112 of FDICIA assigns management and auditors of banks over $150 million in assets with responsibilities for assessing and reporting on the bank’s safety and soundness. Management is required to assess and report to bank regulators on the effectiveness of the bank’s internal reporting controls and on its compliance with safety and soundness laws and regulation. Auditors are required to attest to this assessment, in accordance with generally accepted standards and procedures established by FDIC. The report and attestation will be available to the public.
B. Accountants Regulation
Outside auditors are subject to a publicly available peer review, and must agree toprovide regulators with working papers, policies, and procedures.
With a showing of good cause, the FDIC or another regulatory may remove, bar, or suspend an individual independent accountant or firm from performing audit services for a bank or all institutions, as institution-affiliated parties.
C. Uniform Accounting
Section 121 of FDICIA requires the uniform application to all financial institutions of generally accepted accounting principles, while encouraging each agency to write more stringent regulatory accounting rules. The agencies are to focus on accurate reporting of capital, ease of regulatory supervision, and prompt corrective action to reduce costs of the insurance funds.
Each agency and the FDIC, by December 1992, was required to provide:
1. disclosure requirement for contingent and off-balance sheet assets and liabilities; and 2. supplemental disclosure of the fair market value of liabilities and assets.
D. Outside Audit Committee
An insured bank with assets greater than $150 million must establish an audit committee composed entirely of outside directors. Depositories under $5 billion in assets or under $9 billion in assets with a CAMEL relating of 1 or 2 may satisfy this requirement at the holding company level. For large institution, audit committee members may not be large customers, must include persons with banking or financial expertise, and must have access to their own counsel (Section 112 of FDICIA).
E. Information Exchange
Within 15 days of receipt, an insured bank must send FDIC and its federal or state regulator any management letter or any audit or other report received from its independent auditors. The bank must advise the regulators within 15 days of any change of auditors. The external auditor must receive the institution’s most recent regulatory examination and call reports, as well as copies of any regulatory agreement, memorandum, or enforcement action involving the bank.
NOTE: Additional information concerning independent audits and reporting requirements since the passage of the Sarbanes –Oxley Act of 2002 is described in this same section.