VLCPA logo

Recent Tweets

Articles

FDIC Provides Guidance on Temporary and Significant Growth Related to Pandemic

10/19/20 – Larry Brown

LinkedIn
Share Article


During these extraordinary times, bank balance sheets have been impacted by Paycheck Protection Program (PPP) loans, an increase in deposits due to changing consumer behavior in response to the pandemic and money market mutual fund liquidity facility. The FDIC recognized these temporary impacts to bank balance sheets due to the pandemic, and they have recently issued an interim final rule

If your bank’s temporary and significant growth will impact consolidated total assets thresholds as of December 31, 2019, the rule will allows banks to be exempt from developing processes and systems to comply with the independent audits and reporting requirements. The rule remains in effect through December 31, 2021, unless extended by the FDIC.

If your bank’s growth is not expected to be temporary, it’s important to anticipate when it will reach these thresholds and begin to prepare well in advance. Starting early helps you ensure a smooth transition and gives you an opportunity to do a “dry run” of new internal controls and procedures. That way, you can remedy any deficiencies before you’re required to report them to banking regulators.

What’s required?

The Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA) was designed to strengthen the FDIC and improve the safety and soundness of financial institutions. It imposes stricter auditing, reporting and governance obligations on institutions as their assets cross the $500 million and $1 billion marks.

Once your bank reaches $500 million in assets, you’ll need to take the following steps:

  • Prepare audited comparative annual financial statements and submit them, together with the independent public accountant’s report, to the appropriate federal banking agency within 120 days after the end of the fiscal year (90 days for publicly traded banks).
  • Comply with the sameauditor independence standards that apply to public companies. (See “Is your auditor independent?” below)
  • Submit annual management reports that include a statement on management’s responsibility for 1) preparing financial statements, 2) establishing and maintaining an adequate internal control over financial reporting (ICFR) structure, and 3) complying with certain safety and soundness laws and regulations.
  • Maintain an audit committee, a majority of whose members are outside directors independent of management.

At $1 billion in assets, in addition to the above, your bank must do the following:

  • Submit expanded management reports, including an evaluation of the effectiveness of your bank’s ICFR as of the end of the fiscal year, based on a recognized framework. Most banks use the Internal Control — Integrated Framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
  • Submit an independent auditor’s attestation report on the effectiveness of ICFR as of the end of the fiscal year.
  • Maintain an audit committee, all of whose members are outside directors independent of management.

Many of these requirements will be time and resource intensive — particularly the enhanced documentation and testing necessary to evaluate and attest to the effectiveness of ICFR.

How should you prepare?

When your bank reaches the above thresholds, the new requirements take effect at the beginning of the next fiscal year. But if you wait until then, you may have to implement them quickly. This may create stress, increase your costs and jeopardize your ability to transition effectively to the new financial reporting environment. A better approach is to track your growth closely, estimate when you’ll reach the threshold and begin preparations well in advance — ideally 18 to 24 months before the new requirements take effect.

As you develop your plan for crossing the $500 million threshold, here are some key issues to consider. If you don’t currently prepare audited financial statements, consider at least a balance sheet audit for the year before you become subject to FDICIA requirements. Your auditor’s report will discuss any material weaknesses or significant deficiencies in your ICFR revealed during the audit. Thus, this step allows you to identify and remedy problems before you’re required to submit the report to federal regulators.

In addition, review the services you receive from your accountants to identify potential independence issues that may arise once you cross the threshold. If you anticipate conflicts, start planning for separate firms to provide audit services and prohibited nonaudit services. Keep in mind that your auditor won’t be permitted to draft your financial statements, so management will need to assume more responsibility for financial statement preparation and review. Be sure that you have the personnel you need in place — as well as appropriate controls and procedures — by the time the FDICIA requirements take effect.

Finally, review the composition of your board of directors to ensure that you can appoint an audit committee with a majority of independent members. If it’s necessary to add directors, leave ample time to conduct a thorough search.

What’s your plan?

Advance planning is even more critical as you approach the $1 billion threshold. In addition to the steps outlined here, you’ll need time to incorporate a recognized ICFR framework and appoint a fully independent audit committee. The former may require you to modify your ICFR structure and procedures and to develop a process for evaluating their effectiveness.

If you expect your bank to grow large enough to trigger FDICIA requirements, start to prepare as early as possible. By developing a detailed implementation plan and beginning to phase in changes before you have to, you can minimize disruptions and avoid issues after the requirements take effect.Is your auditor independent?

FDICIA-covered banks are subject to the same auditor independence requirements as public companies. Among other things, that means your financial statement auditor must avoid specific conflicts of interest and prohibited financial relationships with the bank, rotate audit partners at least every five years, and refrain from providing prohibited nonaudit services to the bank.

Prohibited services include:

  • Bookkeeping,
  • Financial statement preparation,
  • Valuation,
  • Outsourced internal audits (including loan reviews),
  • Tax return preparation for individuals in a financial reporting oversight role (or their family members), and
  • Financial information systems design and implementation.

As your bank and assets grows — organically or through mergers and acquisitions — it’s important to anticipate when it will reach these thresholds and begin to prepare well in advance. Starting early helps you ensure a smooth transition and gives you an opportunity to do a “dry run” of new internal controls and procedures. That way, you can remedy any deficiencies before you’re required to report them to banking regulators.

For any questions related to this article, or financial institutions in general, contact Larry Brown, VonLehman’s community bank specialist, at lbrown@vlcpa.com or 800.887.0437.