During these extraordinary times, bank balance sheets have been impacted by Paycheck Protection Program (PPP) loans, an increase in deposits due to changing consumer behavior in response to the pandemic and money market mutual fund liquidity facility. The FDIC recognized these temporary impacts to bank balance sheets due to the pandemic, and they have recently issued an interim final rule.
If your bank’s temporary and significant growth will impact consolidated total assets thresholds as of December 31, 2019, the rule will allows banks to be exempt from developing processes and systems to comply with the independent audits and reporting requirements. The rule remains in effect through December 31, 2021, unless extended by the FDIC.
If your bank’s growth is not expected to be temporary, it’s important to anticipate when it will reach these thresholds and begin to prepare well in advance. Starting early helps you ensure a smooth transition and gives you an opportunity to do a “dry run” of new internal controls and procedures. That way, you can remedy any deficiencies before you’re required to report them to banking regulators.
The Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) was designed to strengthen the FDIC and improve the safety and soundness of financial institutions. It imposes stricter auditing, reporting and governance obligations on institutions as their assets cross the $500 million and $1 billion marks.
Once your bank reaches $500 million in assets, you’ll need to take the following steps:
At $1 billion in assets, in addition to the above, your bank must do the following:
Many of these requirements will be time and resource intensive — particularly the enhanced documentation and testing necessary to evaluate and attest to the effectiveness of ICFR.
How should you prepare?
When your bank reaches the above thresholds, the new requirements take effect at the beginning of the next fiscal year. But if you wait until then, you may have to implement them quickly. This may create stress, increase your costs and jeopardize your ability to transition effectively to the new financial reporting environment. A better approach is to track your growth closely, estimate when you’ll reach the threshold and begin preparations well in advance — ideally 18 to 24 months before the new requirements take effect.
As you develop your plan for crossing the $500 million threshold, here are some key issues to consider. If you don’t currently prepare audited financial statements, consider at least a balance sheet audit for the year before you become subject to FDICIA requirements. Your auditor’s report will discuss any material weaknesses or significant deficiencies in your ICFR revealed during the audit. Thus, this step allows you to identify and remedy problems before you’re required to submit the report to federal regulators.
In addition, review the services you receive from your accountants to identify potential independence issues that may arise once you cross the threshold. If you anticipate conflicts, start planning for separate firms to provide audit services and prohibited nonaudit services. Keep in mind that your auditor won’t be permitted to draft your financial statements, so management will need to assume more responsibility for financial statement preparation and review. Be sure that you have the personnel you need in place — as well as appropriate controls and procedures — by the time the FDICIA requirements take effect.
Finally, review the composition of your board of directors to ensure that you can appoint an audit committee with a majority of independent members. If it’s necessary to add directors, leave ample time to conduct a thorough search.
What’s your plan?
Advance planning is even more critical as you approach the $1 billion threshold. In addition to the steps outlined here, you’ll need time to incorporate a recognized ICFR framework and appoint a fully independent audit committee. The former may require you to modify your ICFR structure and procedures and to develop a process for evaluating their effectiveness.
If you expect your bank to grow large enough to trigger FDICIA requirements, start to prepare as early as possible. By developing a detailed implementation plan and beginning to phase in changes before you have to, you can minimize disruptions and avoid issues after the requirements take effect.Is your auditor independent?
FDICIA-covered banks are subject to the same auditor independence requirements as public companies. Among other things, that means your financial statement auditor must avoid specific conflicts of interest and prohibited financial relationships with the bank, rotate audit partners at least every five years, and refrain from providing prohibited nonaudit services to the bank.
Prohibited services include:
As your bank and assets grows — organically or through mergers and acquisitions — it’s important to anticipate when it will reach these thresholds and begin to prepare well in advance. Starting early helps you ensure a smooth transition and gives you an opportunity to do a “dry run” of new internal controls and procedures. That way, you can remedy any deficiencies before you’re required to report them to banking regulators.
For any questions related to this article, or financial institutions in general, contact Larry Brown, VonLehman’s community bank specialist, at firstname.lastname@example.org or 800.887.0437.