The current trend among community banks is significant asset growth due to the multitude of government stimulus efforts related to COVID-19. Some institutions’ total assets increased so significantly that bank management was revisiting the Federal Deposit Insurance Corporation (FDIC) Improvement Act of 1991 (FDICIA) requirements in Part 363 of the FDIC’s Laws and Regulations. It wasn’t until the FDIC Board of Directors voted on October 20, 2020, to issue an Interim Final Rule (IFR) due to this situation. The IFR provides temporary relief to Part 363 requirements for insured depository institutions (IDIs) that had asset growth due to these government stimulus efforts. The essential elements of the IFR are outlined below.

  • Permits an IDI to determine if it is subject to the requirements of Part 363 for fiscal years ending in 2021 using the lesser of the IDI’s (a) total consolidated assets as of December 31, 2019, or (b) consolidated total assets as of the beginning of its fiscal year ending in 2021
  • Reserves the FDIC authority to require an IDI to comply with one or more requirements of Part 363 if the asset growth was related to merger or acquisition transactions
  • Allows the FDIC to advise the IDI that it must comply with one or more of the Part 363 requirements
  • Provides the FDIC consideration to exercise the reservation of authority on a case-by-case basis after reviewing the facts and circumstances

Also, banker management is currently assessing the length of time that these expanded balance sheets may continue given interim regulatory relief. They are effectively using this time to ask questions and learn more about FDICIA. Below are some examples of potential questions:

Why was FDICIA enacted, and where are the primary requirements found?

  • Congress enacted FDICIA in 1991 in response to the savings and loan crisis in the United States. Its passage strengthened the FDIC’s power and reduced the negative impacts of this crisis.
  • The primary requirements of FDICIA are included in Part 363 of the FDIC’s Laws and Regulations.

What are the primary asset thresholds for FDICIA, and what is the measurement point?

  • $500 million
  • $1 billion
  • Bank management should be aware that there are additional requirements at $3 billion in total assets. The audit committee should include members with banking or related financial management expertise, have access to its own outside counsel, and not include any large customers of the institution as defined in the guidance.
  • The measurement point is the IDI’s total assets’ at the beginning of the fiscal year. It is critical that institutions actively monitor their asset sizes particularly close to these thresholds to allow adequate preparation time for the implementation process.

What are the primary FDICIA requirements at $500 million and $1 billion in total assets?

$500 million

  • A majority of the audit committee members must be independent of management (e.g., outside directors).
  • Bank management (generally CEO and CFO) is required to provide a statement of responsibilities for preparing the annual financial statements, establishing and maintaining an adequate internal control structure for financial reporting, and complying with designated laws and regulations.
  • Bank management is required to provide an assessment and a conclusion regarding compliance with designated laws and regulations relating to insider loans and dividend restrictions.
  • The external audit firm must comply with additional independence standards and interpretations of the American Institute of Certified Public Accountants (AICPA), Securities and Exchange Commission (SEC), and the Public Company Accounting Oversight Board (PCAOB) regardless of whether the institution is a public company. The most restrictive independence standards should be followed. Generally speaking, SEC and PCAOB standards are more restrictive than AICPA standards with respect to allowable non-audit services. Therefore, as an institution nears the $500 million total asset threshold, it is imperative to evaluate non-attest services performed by the independent external auditor. Some examples of common non-attest services that are no longer permitted include the external auditor’s preparation of the institution’s financial statements and the tax accrual preparation.

$1 billion

  • All audit committee members must be independent of management (outside directors).
  • Bank management (generally CEO and CFO) is required to provide a statement of responsibilities for preparing the annual financial statements, establishing and maintaining an adequate internal control structure for financial reporting, and complying with designated laws and regulations.
  • Bank management is required to provide an assessment and a conclusion regarding compliance with designated laws and regulations relating to insider loans and dividend restrictions.
  • Bank management must assess the effectiveness of internal control over financial reporting (including regulatory reporting) as of the fiscal year end.
  • The independent auditors must also issue a report on internal controls over financial reporting. For non-public filers, the internal controls audit is conducted in accordance with the AU-C 940An Audit of Internal Control Over Financial Reporting That Is Integrated with an Audit of the Financial Statements. The external auditor must also still comply with the independence standards and interpretations of the AICPA, SEC, and the PCAOB.

What are some important aspects of a successful implementation?

  • Monitor IDI asset size to allow adequate implementation time.
  • Determine if a third-party professional services firm is needed to assist with the process.
  • Formulate a detailed FDICIA Action Plan with deadlines and important dates.
  • Conduct a meeting of business owners/stakeholders within the institution to obtain buy-in and determine a communication plan.
  • Receive the external auditor’s involvement and provide regular status updates to the audit committee and external auditor.
  • Expect some internal controls to be ineffective as part of the initial implementation and require remediation—some problematic controls may need to be tested more than once depending on the remediation’s effectiveness.

When it comes to implementing FDICIA, the process can be time-consuming and confusing. Be sure to reach out to a CRI advisor for advice and assistance to ensure your implementation process runs smoothly and efficiently. Please refer to CRI’s FDICIA service offerings for more information.