I am looking for a one page (don't laugh) review of the SOX requirements. Our Board has decided they don't want training, just one page on the requirements. We do not have to comply with SOX but, (don't laugh) our President thinks we should anyways.


I think Devil Queen left her handbasket in my office.

There was a good white paper on SOX out on Bindview's website, I don't have the link to the article, but I am sure you can find it. www.bindview.com

Try the AICPA, too. Don't have the link, either, but I remember a good summary of the different sections and what they require.

I came across this in my SOX folder: Impact on and Considerations for Fin. Inst.

SOX Overview
Board of Directors Meeting
6/16/03

SOX affects non-public banks (over $500M) in the following way:

Large Banking Organizations: All insured depository institutions that have assets of $500 million or more, whether or not they are public companies, are subject to the provisions of Section 36 of the Federal Deposit Insurance Act (12 U.S.C. 1831m) and the FDIC’s implementing regulations and guidelines (12 CFR Part 363). Section 36 and Part 363 require an annual management report, and impose annual auditing and attestation, and audit committee requirements on covered depository institutions. In addition, the FDIC’s implementing guidelines reference and incorporate the SEC’s requirements and interpretations concerning auditor independence. As a result certain provisions of the Sarbanes-Oxley Act relating to auditor independence are applied to institutions that are covered by the FDIC’s guidelines.

In a large part, banks are already complying with this under the FDIA and FDIC’s Part 363. At KFSB, along with a lot of other things, we are already complying by:

1. Having an Audit committee that has an independent financial expert and that otherwise (with one exception) consists of independent directors (with one exception);
2. Having an external independent audit annually;
3. Having a Code of Ethics and Conflict of Interest/Usurpation policies.

Going forward, (PROACTIVE APPROACH) we will need to address the following(samples attached):
1. A formal Audit Committee charter & policy (this will address the responsibility and authority of the committee members).
2. A Whistleblower policy (a policy that provides for communication to either our independent auditor, the audit committee, or an independent third party to address concerns and complaints).


Financial Experts
Sarbanes-Oxley calls for the Audit Committee to have at least one financial expert (who must have education and expertise as a CFO or Principal Accounting Officer, Controller, Public Accountant, or Auditor) who is a director but otherwise independent from the Bank.



Independent Audit Committee Requirements as per the Fed Dep Ins Act (FDIA)
Section 36 FDIA
(1) INDEPENDENT AUDIT COMMITTEE.--
{{4-30-97 p.1421}}
(A) ESTABLISHMENT.--Each insured depository institution (to which this section applies) shall have an independent audit committee entirely made up of outside directors who are independent of management of the institution, except as provided in subparagraph (D), and who satisfy any specific requirements the Corporation may establish.
(B) DUTIES.--An independent audit committee's duties shall include reviewing with management and the independent public accountant the basis for the reports issued under subsections (b)(2), (c), and (d).
(C) Criteria applicable to committees of large insured depository institutions.--In the case of each insured depository institution which the Corporation determines to be a large institution, the audit committee required by subparagraph (A) shall--
(i) include members with banking or related financial management expertise;
(ii) have access to the committee's own outside counsel; and
(iii) not include any large customers of the institution.
(D) NOTICE TO INSTITUTION.--The Corporation shall promptly notify an insured depository institution, in writing, of a determination pursuant to subparagraph (A) to require a review of such institution's quarterly financial reports.



12 CFR PART 363
§ 363.5 Audit committees.

(a) Composition and duties. Each insured depository institution shall establish an independent audit committee of its board of directors, the members of which shall be outside directors who are independent of management of the institution, and the duties
of which shall include reviewing with management and the independent public accountant the basis for the reports issued under this part.

(b) Committees of large institutions. The audit committee of any insured depository institution that has total assets of more than $3 billion, measured as of the beginning of each fiscal year, shall include members with banking or related financial management expertise, have access to its own outside counsel, and not include any large customers of the institution. If a large institution is a subsidiary of a holding company and relies on the audit committee of the holding company to comply with this rule, the holding company audit committee shall not include any members who are large customers of the subsidiary institution.


Sources: http://www.ots.treas.gov/docs/25174.pdf.; NJ League: Responsibilities & Liabilities in the Sarbanes-Oxley Era; Section 36 of the Federal Deposit Insurance Act (12 U.S.C. 1831m) and the FDIC’s implementing regulations and guidelines (12 CFR Part 363)

Thanks!