The Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) is getting more attention as financial institutions increase assets through mergers and acquisitions as well as organic growth. Bankers need to understand the requirements of this guidance at the $500 million and $1 billion asset thresholds in order to successfully implement FDICIA to prevent external audit or regulatory issues. FDICIA may be complex to inexperienced bankers, so it is important to have an experienced advisor on your side to ensure an efficient and effective implementation process.
Why was the Federal Deposit Insurance Corporation Improvement Act (FDICIA) enacted and where are the primary requirements found?
- Congress enacted FDICIA in 1991 in response to the savings and loan crisis in the United States. It was passed to strengthen the power of the Federal Deposit Insurance Corporation and reduce the negative impacts of this crisis.
- The primary requirements of FDICIA are included in Part 363 of the FDIC’s Laws and Regulations.
What are the primary asset thresholds for FDICIA and what is the measurement point?
- $500 million
- $1 billion
The measurement point is the institution’s beginning of the fiscal year total assets.
Also, it is critical that institutions actively monitor their asset sizes particularly close to these thresholds in order to allow adequate preparation time for the implementation process.
What are the primary FDICIA requirements at $500 million and at $1 billion in assets?
- A majority of the audit committee members must be independent of management (e.g. outside directors).
- Bank management (generally CEO and CFO) is required to provide a statement of responsibilities for preparing the financial statements, establishing and maintaining an adequate internal control structure, and complying with designated laws and regulations.
- Bank management is required to provide an assessment as well as a conclusion regarding compliance with designated laws and regulations relating to insider loans and dividend restrictions.
- The external audit firm must comply with additional independence standards of the American Institute of Certified Public Accounts (AICPA), Securities and Exchange Commission (SEC), and the Public Company Accounting Oversight Board (PCAOB) at the $500 million total asset level regardless of whether the institution is a public company. The independence standards that are most restrictive are the ones that should be followed. Generally, SEC and PCAOB standards are more restrictive than AICPA standards with respect to allowable nonaudit services. Therefore, as an institution nears the $500 million total asset threshold, it is imperative to evaluate non-attest services performed by the independent external auditor. Some common non-attest services that are no longer permitted are the external auditor’s preparation of the institution’s financial statements and preparation of the tax accrual.
- All of the audit committee members must be independent of management (outside directors).
- Bank management (generally CEO and CFO) is required to provide a statement of responsibilities for preparing financial statements, establishing and maintaining an adequate internal control structure, and complying with designated laws and regulations.
- Bank management is required to provide an assessment and conclusion relating to compliance with designated laws and regulations pertaining to insider loans and dividend restrictions.
- Bank management must make an assessment of the effectiveness of internal control over financial reporting as of the fiscal year end.
- The independent auditors must also issue a report on internal controls over financial reporting. For non-public filers, the internal controls audit is conducted in accordance with the American Institute of Certified Public Accountants (AU-C 940, An Audit of Internal Control Over Financial Reporting that Is Integrated with an Audit of Financial Statements). The external auditor must also still comply with the independence standards of the AICPA, SEC, and the PCAOB at the $1 billion asset threshold.
What are some important aspects of a successful FDICIA implementation?
- Monitor institution asset size to allow adequate implementation time.
- Schedule a meeting with senior management and audit committee to discuss requirements.
- Determine if a third-party professional services firm is needed to assist with the process.
- Formulate a detailed FDICIA Action Plan with deadlines and meeting dates.
- Conduct a meeting of business owners/stakeholders within the institution to get buy-in as well as determine communication plan.
- Obtain the external auditor involvement and give regular status updates to the audit committee and external audit team.
- Expect some internal controls to be ineffective as part of the initial implementation and require remediation—some problematic controls may need to be tested more than once depending on effectiveness of the remediation.
- Give sufficient time for retesting and follow-up of ineffective controls.
When it comes to implementing FDICIA, the process can be a little confusing. Be sure to reach out to a CRI advisor for advice and assistance to help ensure your implementation process runs smoothly and efficiently.