Skip to content
BOL Conferences
Thread Options
#95738 - 07/10/03 02:18 PM FDIC Improvement Act

We are creeping up on the $500 million in assets threshold. Since I started with the Bank, have been documenting controls while preparing my audits, as well as started an Audit Committee consisting solely of outside directors.

I am unable to find, and I am curious, as to how the auditing department will change when this threshold is reached.

Any links, documentation or thoughts that anyone is able to provide is greatly appreciated.

Return to Top
#95739 - 07/10/03 03:08 PM Re: FDIC Improvement Act
Risk Officer Offline
100 Club
Joined: Apr 2001
Posts: 205
Surprisingly, there is limited written guidance on the requirements of least from the regulators. I would contact your external auditor for assistance.

Some of the main changes will be: 1) senior management will have to positively assert that the bank's internal control structure is in place and is effective as of December 31 of each year (after it becomes applicable to you, of course); 2) you will probably need to adopt an internal control framework (i.e. COSO's Internal Control - Integrated Framework is the predominate one) to use as a benchmark for making the assertion; 3) Your internal control documentation will need to be will probably need to document your risk assessment, starting with the bank's and each department's objectives, the specific risks involved, and the controls in place to mitigate the risks. You will also have to document that these controls were tested and are effective. If you already have this documentation, or some of it where you can just cross reference to it, you don't have to generate new documentation just to satisfy FDICIA; 4) your extenal auditors will have to review your documentation, test some of the controls themselves, and attest to the internal control assertion made by your CEO and CFO...and of course charge you about $10,000 for this (they actually have to do extensive review and testing, so maybe they earn it).

Again, I would start with your external auditors...ask them exactly what they want to see when they do their review. They should have sample worksheets and checklists for you to start with.
My opinions are just opinions.

Return to Top
#95740 - 07/10/03 05:07 PM Re: FDIC Improvement Act
LiL Bit Moore Offline
Platinum Poster
LiL Bit Moore
Joined: Nov 2002
Posts: 624
When the bank I was previously with hit that benchmark, finding resources on implementing or putting together your FIDICIA documentation became somewhat of a task. Our external auditors did not have any other institution over $500M, so together we came up with banks of similiar size and structure for which we had some contacts and visited with them. At least two of them shared their program and documentation format. However, if you are regulated by OCC, you should look to 12 CFR 363 for guidance on requirements.

Another item you will need to consider. Your audit committee has to be made up of members who meet certain criteria, which is determined by answering about 5 questions. Simply being outside directors may not be enough. Their status, in relation to the questions, should be reviewed annually and approved by the board. Again, see the CFR referenced above. In addition, we had our external auditors hold a "special meeting" to explain the new requirements to them and what their resonsibilites w/b in relation to that. They need to know that they are responsible for ensuring risk is adequately identified, disclosed and managed, and that they are in effect the auditors supervisor. Our department always met with them after the a/c meeting without any other officers or employees present for candid discussions or questions. The regulators really like that!

The examiners will want to see a strong program with detailed workpapers. I found the attestation and format, although a requirement, were not the main focus during the exam. They were more concerned with the audit program, my qualifications, resources (usage and adequacy), and my workpapers. That is where our E/A's were a huge help. We decided to mirror my w/p format after theirs, which also helped them at y/e to move through them quickly and use a lot of what I had already done. And, at least once or twice a year one of them would come review the w/p's, provide suggestions for improvement and/or bless the program, reports and recommendations. The system worked well and was "strongly" accepted by the examiners.
An error is not a mistake until you refuse to correct it

Return to Top
#95741 - 08/08/03 04:31 AM Re: FDIC Improvement Act
tsorbe Offline
Joined: Dec 2000
Posts: 55
Brookings, SD
The Financial Managers Society puts on a seminar entitled Complying with FDICIA that is pretty good. I would highly recommend it for an auditor at a bank that is about to exceed $500M. Here's the link:
Trent Sorbe President First Community Financial, Inc. Brookings, SD

Return to Top
#95742 - 08/08/03 01:21 PM Re: FDIC Improvement Act
Roun Offline
Joined: Apr 2003
Posts: 79
Another good resource to consider would be the FDIC Rules and Regulations - Part 363 - which establishes audit and reporting requirements for FDIC insured institutions with total assets of $500 million or more. Can be found on the FDIC's website.

Return to Top
#95743 - 01/12/04 11:58 PM Re: FDIC Improvement Act

Is there a requirement for a formal risk management structure at the $500 million level? It certainly doesn't seem to be spelled out. 12 CFR 364 App A (II)(A)(2)looked like the clearest thing, although App. A to Part 363, guideline #10 states that it's up to each institution to determine their own standards for internal controls.

12 CFR 364 says it's applicable to banks that are subject to Section 39 of the FDI Act. Section 39 seems to have no restrictions, but points to Sec. 36, which says $150 million or a higher amount as set by regulation.

I wish they'd come out with a "FDICIA - getting it right" guide!

Any help where I can find the reference to this? I have seen references to a "FDICIA Risk Assessment." Also, what relation to this is the "framework for risk-focused supervision of Large Complex Institutions"?

Return to Top

Moderator:  Andy_Z