The Federal Deposit Insurance Corp. Improvement Act of 1991 will materially add to the duties of audit committees of boards of directors of "large" banks, as defined by the FDIC, and the new audit requirements will add to already-swollen compliance costs.
It is not yet possible to state the audit committee's new responsibilities in plain language because Congress has left so much definition to administrative discretion. Here are the new responsibilities as enumerated by Congress.
In addition to the audit committee's customary role of providing outside-director oversight of internal and independent audit functions, the law will require audit committees, beginning in 1993, to "review with management and the independent public accountant the basis for the reports issued under" several new requirements.
The newly required management and accountant reports that the audit committee must review include:
* Management's "statement" of its own "responsibilities, for such matters as financial statement preparation, internal controls, and compliance with federal bank safety and soundness laws."
* Management's assessment" of the effectiveness of such internal control structure and procedures.
* Management's "assessment" of the institution's "compliance" with safety and soundness regulations designated by federal regulatory agencies (which are likely to include new asset quality and earnings benchmarks).
* The outside auditor's required "attestation" to the foregoing.
* And, more familiarly, the audited financial statements albeit with some new linguistic twists and with market value disclosures.
All of this material will become part of an annual report that will be filed with the regulators and will be publicly available. The information will therefore be relied upon by the public, the securities markets, and the regulatory authorities.
The audit committee is not explicitly required to review another category of laws, which is unspecified in the statute but is to be defined by the FDIC, as to which the outside auditors are required to attest; but the audit committee may find itself unable to ignore a report on those issues prepared by presumably the same outside auditors that prepared the foregoing reports.
In addition, the outside auditors will be required to review quarterly financial statements and "shall provide the audit committee ... with reports on the reviews ... and the audit committee shall provide such reports to" the FDIC and other appropriate banking agencies.
More Fine-Tuning Needed
These are the main features of the new requirements for audit committees of "large" banks. For holding-company-owned banks that have less than $5 billion of assets or between $5 billion and $9 billion of assets and a Camel rating of 1 or 2, most of the requirements can be satisfied at the holding company level. Clearly, the new provisions need to be further defined by some significant future FDIC rulemaking.
The implications of audit committees' new responsibilities are not entirely clear. However, it appears that audit committees will, because of the safety and soundness rules be expected to take more responsibility for the adequacy of loanloss reserves.
It also appears that the public disclosure rules, combined with the rules restricting the FDIC's ability to protect uninsured deposits will gave directors in general, and audit committee member in particular increased responsibilities to depositors.
Access to Outside Experts
To help them cope with their new responsibilities, the law has provided audit committees of "large" banks with "access" to their "own outside counsel" and has required that each audit committee of a large bank "include members with banking or related financial management expertise."
Presumably, the audit committee's outside counsel, like the members of the audit committee and the outside auditors, will have to be independent of the bank as defined by the FDIC. …