You have no problem Maria since you do not have class of securities registered with the SEC. But the FDIC has said that it wants its large banks to comply with the spirit of SOX. That is what we have done at my bank since we are privately held. Section 301 states that each member of the audit committee must be independent of the bank and cannot accept any consulting, advisory or compensatory fee from the bank (other than for serving as a board member).
Our audit and compliance committee is composed of only outside members but two of them have business relationships that are advisory or consutative in nature. We noted that but have done nothing more since we technically do not have to comply with SOX. We concluded that if we were publically held, we would have engaged legal counsel specializing in SEC matters to review the business relationships to determine if these board members could remain on the audit and compliance committee.
Section 407 was the difficult hurdle for us to get over. This section requires at least one member of the committee be a "audit committee financial expert" and then defines the position as one who is an auditor, controller, chief accounting officer, chief financial officer or a supervisor of one of these positions. Now we have some pretty powerful board members but none of them fit this definition precisely. I suspect this is the section that is most difficult to comply with. Don't sweat this stuff if you are privately held, and take comfort in the fact that if and when your bank goes public, it will have to have a compliance officer that does nothing but SEC compliance. Or they might just add that fuction to your job description since you are the devil with with blue dress.