Search | Accessibility | Privacy | Information Quality | Plain Writing Act of 2010 | Contact Us | Site Map | Home

FDIC's Implementation of the Sarbanes-Oxley Act of 2002

September 29, 2004
Audit Report No. 04-042

FDIC
Federal Deposit Insurance Corporation
Office of Audits
Office of Inspector General
Washington, D.C. 20434

DATE: September 29, 2004

MEMORANDUM TO: Michael J. Zamorski, Director, Division of Supervision and Consumer Protection

FROM: Russell A. Rau [Electronically produced version; original signed by Russell A. Rau], Assistant Inspector General for Audits

SUBJECT: FDIC's Implementation of the Sarbanes-Oxley Act of 2002 (Report No. 04-042)

This report presents the results of our audit of the Federal Deposit Insurance Corporation's (FDIC) implementation of the Sarbanes-Oxley Act of 2002, which is described in detail in the Background section of the report. As of June 30, 2004, the FDIC is the primary federal regulator for approximately 5,300 state-chartered financial institutions throughout the United States and its territories. [1] Of these institutions, approximately 100 FDIC-supervised banks are directly subject to the provisions of the Sarbanes-Oxley Act. In addition, approximately 500 FDIC-supervised institutions are controlled by holding companies [2] that are subject to the Act.

The objective of the audit was to determine whether the FDIC has taken adequate steps to issue implementing guidance to financial institutions and examiners for applicable provisions of the Sarbanes-Oxley Act. To accomplish our objective, we reviewed the actions taken by the FDIC, primarily within the Division of Supervision and Consumer Protection (DSC), with assistance from the FDIC's Legal Division and Office of Legislative Affairs (OLA), to provide guidance to financial institutions and examiners for applicable provisions of the Sarbanes-Oxley Act. This audit did not cover the implementation of this guidance by financial institutions or the FDIC's examiners. Additionally, we did not review guidance issued, if any, to bank holding companies. These issues may be addressed in a subsequent audit of examiner assessment of institution compliance with the Sarbanes-Oxley Act. Appendix I of this report discusses our objective, scope, and methodology in detail.

BACKGROUND

The Sarbanes-Oxley Act, signed into law on July 30, 2002, strengthened penalties for accounting fraud, provided greater financial transparency, and established an independent board to oversee the public accounting industry. The Act applies to all companies with publicly traded securities. [3] The Act's stated purpose is to improve quality and transparency in financial reporting and independent audits and accounting services for public companies, create a Public Company Accounting Oversight Board (PCAOB), enhance the standard-setting process for auditing practices, strengthen the independence of firms that audit public companies, increase corporate responsibility and the usefulness of corporate financial disclosure, protect the objectivity and independence of securities analysts, and improve the U.S. Securities and Exchange Commission's (SEC) [4] resources and oversight. In addition, the Sarbanes-Oxley Act imposed new obligations on directors, officers, accountants, auditors, and insiders. Violations of these obligations would be the basis for professional liability lawsuits. A summary of Sarbanes-Oxley Act provisions can be found in Appendix II.

Securities Exchange Act of 1934

For state-chartered financial institutions that are not members of the Federal Reserve System and that have one or more classes of securities [5] subject to the registration provisions of sections of the Securities Exchange Act of 1934 (the Exchange Act), [6] the FDIC is vested with the powers, functions, and duties of the SEC to administer and enforce various securities regulations, including:

  • Securities Exchange Act of 1934, sections:
    • 10A(m), Standards Relating to Audit Committees,
    • 12, Registration Requirements for Securities,
    • 13, Periodical and Other Reports,
    • 14(a), Solicitation of Proxies,
    • 14(c), Information Statements,
    • 14(d), Tender Offers,
    • 14(f), Election of Directors, and
    • 16, Beneficial Ownership and Reporting.
  • Sarbanes-Oxley Act of 2002, sections:
    • 302, Corporate Responsibility for Financial Reports,
    • 303, Improper Influence on Conduct of Audits,
    • 304, Forfeiture of Certain Bonuses and Profits,
    • 306, Insider Trades During Pension Fund Blackout Periods,
    • 401(b), Disclosures in Periodic Reports,
    • 404, Management Assessment of Internal Controls,
    • 406, Code of Ethics for Senior Financial Officers, and
    • 407, Disclosure of Audit Committee Financial Expert.

The Exchange Act further prescribes that the FDIC has the power to make rules and regulations necessary to execute the functions with which it is vested.

FDIC Rules and Regulations Part 335 – Securities of Nonmember Insured Banks

The FDIC's Rules and Regulations, Part 335, Securities of Nonmember Insured Banks, incorporates, through reference, the SEC regulations issued under the Exchange Act sections listed above, except where the FDIC has found that these regulations are not necessary or appropriate. Therefore, after the SEC issues implementing regulations, they are automatically incorporated, by reference, into Part 335. The FDIC reviews the SEC's implementing regulations to determine whether any are not necessary or appropriate and, if so, issues regulations excluding those requirements from Part 335. The FDIC also issues guidance to its registered banks about the changes applicable to them.

DSC's Accounting and Securities Disclosure Section is principally responsible for administering Part 335. This Section also maintains public files for periodic reports made under the Securities Exchange Act of 1934 by FDIC-supervised financial institutions that have registered securities, including: Registration Statements (Forms 10 and 10-SB), Annual Reports (Forms 10-K and 10-KSB), Quarterly Reports (Forms 10-Q and 10-QSB), Proxy Statements, Current Reports (Form 8-K), Beneficial Ownership Reports (Forms F-7, F-8 and F-8A), and Acquisition Statements (Schedules 13D and 13G).

The Section is also responsible for administering the use of offering circulars in connection with the public distribution of bank securities by insured state nonmember banks. The issuance of securities by banks is subject to the antifraud provisions of the federal securities laws which require full and adequate disclosure of material facts. In view of the FDIC's statutory duty to determine capital adequacy when acting on an application for federal deposit insurance, the FDIC determines whether public investors have been provided sufficient disclosure of material facts by an insured state nonmember bank. The FDIC also reviews any offering circular issued by a bank operating under an administrative order, or used in a mutual-to-stock conversion as part of the application process.

The Accounting and Securities Disclosure Section also maintains and monitors interagency files for Peer Reviews of public accounting firms filed under Part 363 of the FDIC's Rules and Regulations and performs reviews of disclosures to bank shareholders of regulatory enforcement actions against FDIC-insured banks. These disclosures of enforcement actions principally involve FDIC Cease and Desist Orders. In addition, DSC's Accounting and Securities Disclosure Section writes guidance related to matters of accounting, securities, and disclosure.

FDIC Rules and Regulations Part 363 – Annual Independent Audits and Reporting Requirements

Section 112 of the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA), Independent Annual Audits of Insured Depository Institutions, amended the Federal Deposit Insurance (FDI) Act by adding section 36, [7] Early Identification of Needed Improvements in Financial Management. Section 36 of the FDI Act, codified to 12 United States Code (U.S.C.) 1831m and implemented by FDIC regulation 12 Code of Federal Regulations (C.F.R.), Part 363, requires every large (total assets of $500 million or more) insured depository institution to submit an annual report containing the institution's financial statements and certain management assessments to the FDIC, the appropriate federal banking agency, and any appropriate state bank supervisor. Section 36 of the FDI Act also requires that an independent public accountant audit the insured depository institution's annual financial statements to determine whether those statements are presented fairly in accordance with generally accepted accounting principles (GAAP) and with the accounting objectives, standards, and requirements described in section 37 of the FDI Act. Under section 37, the accounting principles applicable to financial statements required to be filed with the federal banking agencies must be uniform and consistent with GAAP. In addition, the accountant must attest to and report on management's assertions concerning internal controls over financial reporting. The institution's annual report must also contain the accountant's audit and attestation reports. Therefore, Part 363 established auditing and reporting requirements for institutions with assets of $500 million or more before the Sarbanes-Oxley Act was passed.

The auditing and reporting requirements of the FDIC's Part 363 are similar to certain provisions of the Sarbanes-Oxley Act, but the Act differs in a few significant respects. Although the SEC's final rules for section 404 of the Sarbanes-Oxley Act, Management Assessment of Internal Controls, are similar to the FDIC's Part 363 internal control report requirements, the SEC's final rules did not require a statement of compliance with designated laws and regulations relating to safety and soundness.

Instead, the SEC included the following provisions related to internal control that are not in the FDIC's regulations:

  • The report must include a statement identifying the framework used by management to evaluate the effectiveness of the company's internal control over financial reporting. [8]

  • Management must disclose any material weakness [9] that it has identified in the company's internal control over financial reporting (and related stipulation that management is not permitted to conclude that the company's internal control over financial reporting is effective if there are one or more material weaknesses).

  • The company must state that the registered public accounting firm that audited the financial statements included in the annual report has issued an attestation report on management's assessment of the company's internal control over financial reporting.

  • The company must provide the registered public accounting firm's attestation report on management's assessment of internal control over financial reporting in the company's annual report filed under the Exchange Act. [10]

The FDIC's Board of Directors adopted Rules and Regulations Part 363 to implement section 36 provisions that required rulemaking. The auditor independence requirements of the Sarbanes Oxley Act affect all Part 363 institutions because Guideline 14, found in Part 363 Appendix A, Guidelines and Interpretations, provides that an auditor should "… meet the independence requirements and interpretations of the SEC and its staff." Thus, requirements of the Act would affect the auditors engaged by institutions covered by Part 363 (some of whom are not SEC registrants) and the reports that the institutions file with the FDIC.

FDIC Guidance

The FDIC distributes the majority of its guidance to bankers through Financial Institution Letters (FILs). FILs are addressed to the Chief Executive Officers of the financial institutions listed on the FDIC's FILs distribution list – generally, FDIC-supervised institutions. The FILs generally announce new regulations and policies, new FDIC publications, and a variety of other matters of principal interest to bank management. In some cases, FILs explain specific examination procedures to be performed by FDIC examiners, as is the case with FIL-21-2003, Interagency Policy Statement on the Internal Audit Function and Its Outsourcing, dated March 17, 2003.

Under section 10(d) of the FDI Act, all FDIC-insured institutions are required to undergo on site safety and soundness examinations by a federal regulator [11] every 12 or 18 months, [12] depending on asset size and CAMELS [13] ratings. Safety and soundness examinations are the primary means to identify weaknesses that may ultimately lead to institution failure. The FDIC implements its authority to perform on-site safety and soundness examinations through a series of directives in DSC's Memorandum System that are addressed to Regional Directors; manuals, such as DSC's Manual of Examination Policies and Case Manager's Procedures Manual; and DSC Examination Documentation (ED) Modules that provide examination direction and are periodically updated.

RESULTS OF AUDIT

The FDIC took adequate steps to issue implementing guidance for applicable provisions of the Sarbanes-Oxley Act. In addition, the Act did not have a major impact on FDIC-supervised financial institutions because of pre-existing audit committee and internal control reporting requirements imposed by FDICIA. Further, of the 5,300 financial institutions supervised by the FDIC, only 94 are public companies, and 524 other FDIC-supervised institutions are subsidiaries of public bank holding companies – limiting the number of institutions directly or indirectly subject to the Sarbanes-Oxley Act provisions.

The FDIC has provided adequate guidance to the FDIC-supervised financial institutions. For public financial institutions and financial institutions that are subsidiaries of public bank holding companies, the FDIC guidance required compliance with the Sarbanes-Oxley Act. For nonpublic financial institutions, the FDIC encouraged compliance with the Sarbanes-Oxley Act – including those provisions governing auditor independence, corporate responsibility, and enhanced financial disclosures – and the implementing regulations because of their relevance to sound corporate governance practices.

The FDIC has also provided adequate guidance to its bank examiners by issuing revised examination procedures, clarifying its position on Sarbanes-Oxley Act issues, and reemphasizing expectations about governance practices that the FDIC had previously endorsed. Examiners were advised to continue to encourage nonpublic banking institutions to periodically review their policies and procedures relating to corporate governance, including internal controls and auditing matters.

However, it is not clear how examiners monitor compliance with Sarbanes-Oxley Act provisions at institutions that are subsidiaries of public bank holding companies or whether the FDIC is responsible for monitoring compliance by these institutions. In addition, the Sarbanes-Oxley Act has brought about differences in internal control requirements and reporting for public and nonpublic institutions. As a result, it is possible that institutions that pose similar risks to the deposit insurance funds will receive inconsistent treatment by examiners. These issues may be addressed in a subsequent audit of examiner assessment of institution compliance with the Sarbanes-Oxley Act.

GUIDANCE TO FDIC-SUPERVISED FINANCIAL INSTITUTIONS

The FDIC provided adequate implementation guidance to FDIC-supervised financial institutions. For public financial institutions, the FDIC's guidance required compliance with the Sarbanes-Oxley Act, and the FDIC encouraged nonpublic financial institutions to comply with certain provisions of the Act because of its relevance to sound corporate governance practices. Appendix III of this report contains guidance issued to financial institutions and FDIC examiners regarding requirements of amendments and additions to the Exchange Act made by the Sarbanes-Oxley Act, and new sections of the Sarbanes-Oxley Act for which the FDIC has enforcement authority.

With respect to the Sarbanes-Oxley Act, the bulk of the implementation guidance to financial institutions was issued in FIL-17-2003, Corporate Governance, Audits, and Reporting Requirements, dated March 5, 2003.
FIL-17-2003 provided guidance to institutions about selected provisions of the Sarbanes-Oxley Act, including the actions that the FDIC encouraged institutions to take to ensure sound corporate governance. The guidance also discussed the applicability of the auditor independence provisions of the Act and the SEC's implementing regulations for institutions with $500 million or more in total assets.

There were two attachments to FIL-17-2003; each attachment provided insured institutions with bank policy guidance and comments on sound corporate governance practices for banks based on provisions of the Sarbanes-Oxley Act. Attachment I was addressed to insured institutions with less than $500 million in total assets that are not public companies, and Attachment II addressed insured institutions with $500 million or more in total assets. Attachment II also indicated that the FDIC is considering possible amendments to Part 363 of its Rules and Regulations to extend certain provisions of the Sarbanes-Oxley Act to all insured institutions with $500 million or more in total assets, whether or not the institutions are public companies or subsidiaries of public companies. The FDIC advised public company financial institutions to comply with applicable sections of the Act and encouraged nonpublic institutions to implement recommended policies and corporate governance practices. A summary of additional guidance to financial institutions relative to certain titles and sections of the Sarbanes-Oxley Act is in Appendix IV.

In addition, on August 9, 2004, the FDIC issued a limited-distribution [14] FIL regarding recent SEC developments and changes in filing requirements as published by the SEC and PCAOB. The purpose of this FIL is to provide approximately 100 FDIC-registered banks (state nonmember banks with securities registered under the Exchange Act of 1934) with an overview of the new requirements and references to obtain further information. The limited-distribution FIL addresses the SEC's latest amendments to rules regarding implementation of section 302 (Corporate Responsibility for Financial Reports), section 404 (Management Assessment of Internal Controls), section 409 (Real Time Issuer Disclosures), and section 906 (Corporate Responsibility for Financial Reports) of the Sarbanes-Oxley Act.

The issuance of a FIL in the case of new legislation, law, rule, or regulation involves a collaborative effort between FDIC divisions. In the case of the Sarbanes-Oxley Act, implementing guidance to affected institutions involved the FDIC's OLA, [15] the Legal Division's Supervision and Legislation Section, [16] and the DSC's Accounting and Securities Disclosure Section. OLA kept the Legal Division's Supervision and Legislation Section and DSC's Accounting and Securities Disclosure Section informed by providing early draft versions of the law. The Supervision and Legislation Section provided legal analysis to the OLA and DSC's Accounting and Securities Disclosure Section of the provisions of the new law as it evolved, including actions required by the FDIC to implement provisions of the new law. DSC's Accounting and Securities Disclosure Section authored the implementing FILs and related examination guidance. The Supervision and Legislation Section also reviewed FILs and Regional Director (RD) Memoranda associated with implementation of the Sarbanes-Oxley Act before the guidance was issued.

In our opinion, the collaborative effort between DSC's Accounting and Securities Disclosure Section, OLA and the Legal Division resulted in the Corporation providing adequate implementing guidance to affected FDIC-supervised financial institutions. For public financial institutions, the FDIC's guidance was clear about required compliance with the Sarbanes-Oxley Act, and for nonpublic financial institutions, the FDIC encouraged compliance with certain provisions of the Act because of the Act's relevance to sound corporate governance practices.

GUIDANCE TO FDIC EXAMINERS

The FDIC also provided adequate guidance to its bank examiners by revising its examination procedures, clarifying its position on Sarbanes-Oxley Act issues, and reemphasizing expectations about governance practices that the FDIC has endorsed. This guidance is listed in Appendix III. However, as discussed at the end of this section, we are concerned (1) about the ambiguity surrounding responsibility for monitoring compliance with the Act by subsidiaries of public companies and (2) that examiners may treat similar public and nonpublic entities differently because the Act applies only to public entities.

DSC's Planning and Development Section communicated guidance to FDIC bank examiners regarding applicable sections of the Act primarily through issuance of RD Memoranda. In addition to RD Memoranda, DSC communicated developments concerning the implementation of the Sarbanes-Oxley Act through seminars and other forums. Sarbanes-Oxley Act developments were also communicated and discussed through presentations at DSC regional conferences regarding the effects of the Act on the banking industry; contacts between DSC's Accounting and Securities Disclosure Section, Regional Accountants, and DSC field accounting subject matter experts; field examiner contacts with their respective DSC accounting subject matter expert; and participation by DSC regional accountants and field examiner subject matter experts in the annual accounting seminars sponsored by the FDIC, the FRB, the Office of the Comptroller of the Currency (OCC), the Office of Thrift Supervision (OTS), and the National Credit Union Administration (NCUA).

DSC issued two RD Memoranda that communicated examination guidance with respect to the Sarbanes-Oxley Act. Memorandum 2003-027, Corporate Governance, Audits, and Reporting Requirements, dated July 9, 2003, provides guidance to examiners on the impact of the Act on insured depository institutions. RD Memorandum 2004-021, Revised Examination Modules, dated May 14, 2004, provides updated risk-focused ED Modules. This RD Memorandum included the module, Management and Internal Controls Evaluation, which incorporates changes relative to corporate governance, auditing, and reporting guidance as prescribed by the Sarbanes-Oxley Act.

In RD Memorandum 2003-027, the DSC transmitted general guidance to its examiners regarding the Sarbanes-Oxley Act, along with a copy of FIL-17-2003. The FDIC advised its examiners that the Sarbanes-Oxley Act imposed new auditor independence, reporting, and corporate governance requirements on all publicly traded companies, including insured depository institutions and bank holding companies. The FDIC also stated that certain provisions of the Sarbanes-Oxley Act would also affect insured institutions subject to section 36 of the FDI Act. [17]

The FDIC explained in the RD Memorandum that FIL-17-2003 was issued to provide comprehensive guidance on the sound corporate governance practices set forth in the Sarbanes-Oxley Act, including how such practices may benefit all banking organizations, including nonpublic insured depository institutions. The FDIC also noted that after the issuance of FIL-17-2003, the FRB, OCC, and OTS issued guidance on this subject that differed in language – but not in substance – from FIL-17-2003. The FDIC stated that, based on confusion expressed by bankers and concern over enforcement of perceived different standards, the Corporation issued RD Memorandum 2003-027 to clarify the FDIC's position on the matter.

The FDIC also instructed its examiners that FIL-17-2003 did not establish any new mandates for nonpublic institutions with total assets of less than $500 million. The FDIC expected that these institutions would continue to follow the sound corporate governance practices that the FDIC has long endorsed – practices based on existing banking laws, regulations, and guidelines. [18] Examiners were advised to continue to encourage nonpublic banking institutions to periodically review their policies and procedures relating to corporate governance and auditing matters. Such reviews would ensure that policies and procedures were consistent with applicable laws, regulations, and supervisory guidance and appropriate to the institution's size, operations, and resources. Examiners were also advised to exercise sound judgment and good common sense when evaluating management's decisions.

RD Memorandum 2004-021 transmitted to examiners an update of the risk-focused supervision ED Module, Management and Internal Control Evaluation. The updated ED Module contained several revisions designed to address corporate governance guidance, audit, and other independent review issues; business continuity planning; and conflicts of interest. The DSC made substantive changes to the Core Analysis sections of the Management and Internal Controls Evaluation ED Module related to the requirements found in Title II, Auditor Independence, and Title III, Corporate Responsibility, of the Sarbanes-Oxley Act. These revisions captured the essence of the new requirements found in titles and sections of the Sarbanes-Oxley Act.

In our opinion, the DSC's RD Memorandum guidance and other communication efforts on Sarbanes-Oxley Act developments to its bank examiners was adequate.

Monitoring Compliance of Public Company Subsidiaries and Examiner Treatment of Public vs. Nonpublic Entities

Although we are not making any recommendations, we are concerned about the treatment of subsidiaries of public companies and that examiners may treat similar public and nonpublic entities differently. It is not clear whether or how examiners should monitor compliance with Sarbanes-Oxley Act provisions at FDIC-supervised financial institutions that are subsidiaries of public bank holding companies. We understand that the FRB is responsible for inspecting bank holding companies subject to the Bank Holding Company Act of 1956, as amended, and would be responsible for monitoring compliance with the Sarbanes-Oxley Act at the holding company level. However, the FDIC's guidance did not clearly identify who would be responsible for monitoring such compliance at the subsidiary level or at bank holding companies that are not supervised by the FRB. In addition, the Sarbanes-Oxley Act has brought about differences in internal control requirements and reporting for public and nonpublic institutions. As a result, it is possible that institutions that pose similar risks to the deposit insurance funds will receive inconsistent treatment by examiners. These issues may be addressed in a subsequent audit of examiner assessment of institution compliance with the Sarbanes-Oxley Act.

CORPORATION COMMENTS AND OIG EVALUATION

Although the report did not contain recommendations, the Director, DSC, provided a written response to the draft report on September 22, 2004. The response is presented, in its entirety, in Appendix V of this report. DSC concurred with the OIG's observation that the Sarbanes-Oxley Act did not have a major impact on FDIC-supervised financial institutions because of pre-existing audit committee and internal control reporting requirements imposed by FDICIA.



APPENDIX I

OBJECTIVE, SCOPE, AND METHODOLOGY

The objective of this audit was to determine whether the FDIC has taken adequate steps to issue implementing guidance to financial institutions and examiners for applicable provisions of the Sarbanes-Oxley Act of 2002. To accomplish our objective, we reviewed the actions taken by the FDIC, primarily within the DSC, with assistance from the FDIC's Legal Division and the OLA, to implement guidance for financial institutions and examiners regarding applicable provisions of the Sarbanes-Oxley Act. In addition, we reviewed RD Memoranda, FILs, and operating manuals and policies. The audit field work was performed at the FDIC's Washington, D.C. offices. We performed our audit from June 2004 through August 2004 and in accordance with generally accepted government auditing standards. Accomplishing the audit objectives is discussed in the following sections.

Reliance on Computer-Processed Data

Computer-processed data were not significant to the accomplishment of our audit objectives, findings, or conclusions. Therefore, we did not perform tests to determine the reliability or validity of data.

Management Controls

We gained an understanding of relevant control activities by reviewing the FDIC's policies and procedures applicable to issuance of guidance to FDIC-supervised financial institutions and FDIC examiners. These policies and procedures are contained in the FDIC's Manual of Examination Policies, Case Manager Procedures Manual, ED Modules, RD Memoranda, and FILs. Our review of the management controls for the implementation of the Sarbanes-Oxley Act of 2002 did not identify control weaknesses.

Prior Audit Coverage

This issue area has not previously been audited.

Laws and Regulations

We gained an understanding of certain aspects of laws and regulations and evaluated the FDIC's implementation of procedures applicable to implementation of the Sarbanes-Oxley Act of 2002. These included the following:

  • Laws
    • Sarbanes-Oxley Act of 2002
    • Securities Exchange Act of 1934
    • Federal Deposit Insurance Act
    • Bank Holding Company Act of 1956

  • FDIC Regulations
    Title 12 C.F.R., Banks and Banking
    • Part 335, Securities of Nonmember Insured Banks, which also incorporates, through reference, the regulations of the SEC issued under certain sections of the Exchange Act
    • Part 363, Annual Independent Audits and Reporting Requirements

Government Performance and Results Act

We reviewed DSC's performance measures under the Government Performance and Results Act (GPRA), Public Law 103-62. We determined that the FDIC did not have a corporate performance objective specifically related to financial institution compliance with the Sarbanes-Oxley Act of 2002. However, according to the FDIC's 2004 Annual Performance Plan, as shown in the following table, the FDIC established a strategic goal, objective, and annual performance goal that include assessing each institution's management practices and policies and compliance with applicable regulations, as part of the FDIC's overall assessment of risk management and safety and soundness. Compliance with provisions of the Sarbanes-Oxley Act will be reviewed in a subsequent audit.

Performance Measures Related to Supervision and Examination
Strategic Goal Strategic Objective Annual Performance Goal Operational Processes
FDIC-supervised institutions are safe and sound. FDIC-supervised institutions appropriately manage risk. Conduct on-site safety and soundness examinations to assess an FDIC-supervised insured depository institution's overall financial condition, management practices and policies, and compliance with applicable regulations. Risk management examinations assess an FDIC-supervised insured depository institution's overall financial condition, management practices and policies, and compliance with applicable regulations. The FDIC projected that in 2004 it will conduct 2,561 examinations required under statute, FDIC policy, or agreement with state supervisors.
Source: Federal Deposit Insurance Corporation 2004 Annual Performance Plan.

Fraud and Illegal Acts

The limited nature of the audit objective did not require that we assess the possibility for fraud and illegal acts. However, throughout the audit we were alert to the possibility of fraud and illegal acts, and no instances came to our attention.



APPENDIX II

SUMMARY OF SARBANES-OXLEY ACT PROVISIONS

Section Title Requirements of the Act Respon-sibility
1 Short title and table of contents The Act may be cited as the "Sarbanes-Oxley Act of 2002." --
2 Definitions Defines the Act's operative terms. --
3 Commission rules and enforcement Requires the SEC to issue rules and regulations necessary to implement and enforce the Act. A violation could subject a person to the same penalties as a violation under the Securities Exchange Act of 1934. SEC

Title I – Public Company Accounting Oversight Board
Section Title Requirements of the Act Respon-sibility
101 Establishment and administrative provisions Establishes the PCAOB as an independent, non-governmental board to oversee audits of public companies that are subject to the securities laws to protect the interests of investor and public interests through the preparation of informative, accurate, and independent financial reports. Defines the PCAOB's duties, membership and appointments, powers, rules, and reports. SEC
102 Registration with the board Requires public accounting firms to register with and provide information to the PCAOB in order to perform audits of public companies. External Auditor
103 Auditing, quality control, and independence standards and rules The PCAOB must establish standards for auditing and related attestations, quality control, ethics, and independence to be used by registered public accounting firms in the preparation and issuance of audit reports. PCAOB
104 Inspections of registered public accounting firms Requires the PCAOB to conduct a continuing program of inspections to assess the degree of compliance of each registered public accounting firm with the Act. PCAOB
105 Investigations and disciplinary proceedings Requires the PCAOB to establish rules and procedures to investigate and discipline registered public accounting firms. The PCAOB is given broad investigatory authority regarding acts or omissions by a registered public accounting firm or associated person. PCAOB
106 Foreign public accounting firms Extends the requirements of the Act to foreign public accounting firms that prepare or assist in preparing an audit report for an issuer. External Auditor
107 Commission oversight of the board The SEC has oversight and enforcement authority over the PCAOB. SEC
108 Accounting standards The SEC may recognize as "generally accepted" any accounting principles established by a standard setting body that meets criteria set forth in the Act. (For example, the Financial Accounting Standards Board would satisfy these criteria.) SEC
109 Funding Provides funding for the PCAOB from annual accounting reporting fees, investigation fees, and issuer fees. PCAOB

Title II – Auditor Independence
Section Title Requirements of the Act Respon-sibility
201 Services outside the scope of practice of auditors External auditors cannot provide specific non-audit services to an audit client, including: (1) bookkeeping; (2) financial information system design and implementation; (3) appraisal or valuation services; (4) actuarial services; (5) internal audit; (6) management or human resource services; (7) broker-dealer, investment adviser, or investment banking services; (8) legal and expert services unrelated to the audit; and (9) any other service that the PCAOB determines impermissible. External Auditor
202 Preapproval requirements Audit committees must preapprove and periodic reports must disclose all audit services and permissible non-audit services provided by the issuer's external auditor. Public Company and its Audit Committee
203 Audit partner rotation Requires lead and review partners to be rotated after 5 years and other partners who were part of the audit team to be rotated after 7 years. External Auditor
204 Auditor report to audit committees External auditors are required to report to audit committees all critical accounting policies and practices, all alternative accounting and disclosure treatments discussed with management, and other material written communications with the management of the issuer. External Auditor, Public Company, and Audit Committee
205 Conforming amendments Conforms definitions of certain terms used in the Act to the definitions in related securities laws. --
206 Conflicts of interest A registered public accounting firm cannot perform audit services for an issuer if a chief executive officer, controller, chief financial officer, chief accounting officer, or equivalent officer was employed by the auditing firm during the 1-year period preceding the initiation of the audit service. Public Company and External Auditor
207 Study of mandatory rotation of registered public accounting firms The Government Accountability Office (GAO) is required to conduct a study and review of the potential effects of requiring mandatory rotation of registered public accounting firms and report its findings to the Congress. GAO
208 Commission authority SEC is required to issue implementing regulations for auditor independence, making it unlawful for any registered public accounting firm to prepare or issue any audit report if the firm has engaged in prohibited activity as defined by subsections (g) through (l) of section 10A of the 1934 Exchange Act, or rule or regulation of the SEC or PCAOB. SEC
209 Considerations by appropriate state regulatory authorities It is the sense of the Congress that, in supervising non-registered public accounting firms and associated persons, appropriate state regulatory authorities should make an independent determination of the proper standards applicable, taking into consideration the size and nature of the firms' business. --

Title III – Corporate Responsibility
Section Title Requirements of the Act Respon-sibility
301 Public company audit committees

Requires the SEC to direct the national securities exchanges and associations to prohibit the listing of any security of an issuer that is not in compliance with certain requirements.

The section also prescribes requirements for

  • independence of audit committee members,
  • the audit committee's responsibility to select and oversee the independent auditor,
  • complaint procedures regarding accounting practices,
  • authority of the audit committee to engage advisors, and
  • funding for the independent auditor and any outside advisors engaged by the audit committee.

SEC




Audit Committee
302 Corporate responsibility for financial reports

An issuer's chief executive officer (CEO) and chief financial officer (CFO) must certify that

  • they have reviewed annual and quarterly reports;
    • the reports do not contain any untrue statement of material fact or have not omitted a material fact in light of the circumstances; and
    • the financial statements fairly present in all material respects the financial condition and operations of the issuer;
  • they are responsible for the issuer's internal controls and have evaluated them and presented in the report their conclusions about the effectiveness of the controls;
  • they have disclosed to the auditors and audit committee
    • all deficiencies and material weaknesses in internal controls;
    • any fraud, whether material or not, involving management or others who have a significant role in internal controls; and
  • they have identified significant changes in internal controls or other factors that could significantly affect internal controls, including any corrective actions with regard to significant deficiencies and material weaknesses.

(Section 906 also requires a certification and imposes criminal penalties for violations.)

Public Company
303 Improper influence on conduct of audits It is unlawful for any officer or director of an issuer, or any person acting under the direction thereof, to take any action to fraudulently influence, coerce, manipulate, or mislead any independent public or certified accountant engaged in the performance of an audit of the financial statements for the purpose of rendering them materially misleading. Public Company and External Auditor
304 Forfeiture of certain bonuses and profits If, as a result of misconduct, an issuer is required to restate its financial statements due to a material non-compliance with any financial reporting requirement, then the CEO and CFO are required to reimburse the issuer for any bonus or other incentive-based or equity-based compensation received and any profits realized from the sale of the issuer's securities during the 12 months following the filing of the financial statements embodying the noncompliance. Public Company and SEC
305 Officer and director bars and penalties An officer or director can be barred from serving as a corporate officer if found to be unfit for that office, and may be forced to disgorge benefits from any misconduct. The SEC has the authority to grant equitable relief to investors if appropriate. SEC
306 Insider trades during pension fund blackout periods During a blackout period, officers and directors cannot trade company securities acquired in connection with their service as a director or officer. Any profits realized would inure to and be recoverable by the issuer. The section also sets requirements concerning duties of retirement plan administrators, notices to employees concerning blackout periods, and penalties for violations. Public Company
307 Rules of professional responsibility for attorneys Mandates that the SEC issue rules prescribing minimum standards of professional conduct for attorneys appearing and practicing before it in any way in the representation of issuers, including, at a minimum, a rule requiring an attorney to report evidence of a material violation of securities laws or breach of fiduciary duty or similar violation by the issuer or any agent thereof to appropriate officers within the issuer and, thereafter, to the highest authority within the issuer, if the initial report does not result in an appropriate response. Public Company's Counsel
308 Fair funds for investors The SEC is authorized to set aside recoveries under the Securities Exchange Act for the victims of securities laws violations and may accept and administer donations to a disgorgement fund. The SEC is also to study and report to Congress its enforcement actions over the last 5 years to identify ways to provide for restitution for injured investors. SEC

Title IV – Enhanced Financial Disclosures
Section Title Requirements of the Act Respon-sibility
401 Disclosures in periodic reports

Financial reports filed with the SEC are to reflect material correcting adjustments identified by a registered public accounting firm. The reports must also disclose all material off-balance sheet transactions and relationships that may have a material current or future effect on financial condition, changes in financial condition, results of operations, liquidity, capital expenditures, capital resources, or significant components of revenues or expenses.

In addition, the SEC is to issue implementing regulations providing that pro forma financial information included in any periodic report shall be presented in a manner that is not misleading in light of the circumstances under which it is presented and shall reconcile the financial report with the financial condition of the issuer under GAAP.

The SEC is also to study and report to Congress with recommendations on issuer filings and disclosures to determine the extent of off-balance sheet transactions and the use of special-purpose entities and whether GAAP rules result in financial statements that reflect the economics to investors.




Public Company








SEC







SEC
402 Enhanced conflict of interest provisions Issuers are prohibited from extending credit in the form of a personal loan to any director or executive officer. Home improvement loans are permitted if made in the ordinary course of the consumer credit business of the issuer, are generally available to the public, and made on market terms. This provision does not apply to any loan from an insured depository institution if the loan is subject to the insider lending restrictions under section 22(h) of the Federal Reserve Act. Public Company
403 Disclosures of transactions involving management and principal stockholders Changes shareholding and transaction reporting requirements for directors, officers and principal (i.e., greater than 10-percent ownership) stockholders from 10 days following the end of the month to 2 business days following the transaction. Also requires electronic disclosure. Public Company
404 Management assessment of internal controls The SEC is to issue rules requiring annual reports to contain an internal control report containing the items listed in this section. The public accounting firm preparing the report is to separately attest to management’s assessment. SEC,Public Company,and External Auditor
405 Exemption Sections 401, 402, and 404 and applicable implementing rules do not apply to any investment company registered under section 8 of the Investment Company Act. --
406 Code of ethics for senior financial officers Requires issuers to disclose in annual reports whether they have adopted a code of ethics that applies to the company's principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions and, if not, the reasons why. Public Company
407 Disclosure of audit committee financial expert Requires companies to disclose whether the audit committee includes at least one financial expert and, if not, the reason. Public Company
408 Enhanced review of periodic disclosures by issuers Requires the SEC to review disclosures, reports, and financial statements of issuers on a regular and systematic basis; and, at a minimum, at least once every 3 years. In scheduling reviews, the SEC must consider issuers that
  • have issued material restatements of financial results,
  • experience significant stock price volatility,
  • have the largest market capitalization,
  • are emerging companies with disparities in price to earnings ratios, or
  • have operations that significantly affect any material sector of the economy.
SEC
409 Real-time issuer disclosures Issuers of securities registered under section 13(a) or 15(d) of the Securities Exchange Act of 1934 are required to make public disclosure, on a rapid and current basis, of information concerning the issuer’s financial condition and operations, in plain English. Public Company

Title V – Analyst Conflicts of Interest
Section Title Requirements of the Act Respon-sibility
501 Treatment of securities analysts by registered securities associations and national securities exchanges The SEC was required to adopt rules designed to address analyst conflicts of interest and improve the objectivity of their research, including a requirement that brokers or dealers or their employees may not retaliate against securities analysts for negative reports that may adversely affect the present or prospective investment banking relationship of the broker or dealer. SEC Regulation Analyst Certification (AC) requires that brokers, dealers, and certain persons associated with a broker or dealer include in research reports certifications by the research analyst that the views expressed in the report accurately reflect the analyst's personal views, and disclose whether or not the analyst received compensation or other payments in connection with specific recommendations or views. Broker-dealers are also required to obtain periodic certifications by research analysts in connection with the analysts' public appearances. SEC and Exchanges

Title VI – Commission Resources and Authority
Section Title Requirements of the Act Respon-sibility
601 Authorization of appropriations Authorizes funding for the SEC. SEC
602 Appearance and practice before the commission The SEC can censure any person or deny any person the privilege of appearing or practicing before the SEC if the person is not qualified to represent others, engages in improper professional conduct or willfully violated the securities laws. SEC
603 Federal court authority to impose penny stock bars Courts may prohibit anyone from offering penny stock under certain conditions. Federal Courts
604 Qualifications of associated persons of brokers and dealers This section enhances the qualifications of associated persons of brokers and dealers. SEC, and Brokers and Dealers

Title VII – Studies and Reports
Section Title Requirements of the Act Respon-sibility
701 GAO study and report regarding consolidation of public accounting firms GAO is to conduct a study to identify
  • the factors leading to consolidation of public accounting firms since 1989 and the consequent reduction of the number of firms capable of providing audit services to large national and multi-national business organizations that are subject to the securities laws;
  • the present and future impact of this consolidation on capital formation and securities markets;
  • solutions to problems identified, including ways to increase competition;
  • problems faced by business organizations, resulting from limited competition among public accounting firms; and
  • whether federal or state regulations impede that competition.

The GAO is to consult with the SEC, the regulatory agencies that perform functions similar to the SEC in the Group of Seven Industrialized Nations member countries, the Department of Justice, and any other public or private sector organization the Comptroller deems appropriate, and to report the results to Congress.

GAO
702 Commission study and report regarding credit rating agencies The SEC is to study and report to Congress the role and function of credit rating agencies in the operation of the securities market, examining
  • their role in the evaluation of issuers;
  • their importance to investors and the markets;
  • impediments to the accurate appraisal of the financial resources and risks of issuers;
  • any barriers to entry into the business of credit rating agencies;
  • measures needed to improve dissemination of information when credit rating agencies announce credit ratings; and
  • conflicts of interest and ways to mitigate them.
SEC
703 Study and report on violators and violations The SEC is to study and report to Congress information for the period January 1, 1998, to December 31, 2001, to determine the number of securities professionals (accountants, investment bankers, brokers, dealers, and attorneys) found to have violated or assisted in the violation of securities laws. SEC
704 Study of enforcement actions The SEC is to review and analyze its enforcement actions over the past 5 years and identify areas of reporting that are most susceptible to fraud and inappropriate earnings management and report the results to Congress. SEC
705 Study of investment banks The GAO is to study whether investment banks and financial advisers have assisted public companies in manipulating their earnings and obfuscating their true financial condition. The GAO is to specifically address the role of these entities in the collapse of Enron, Global Crossing, and general marketing transactions and report the results to Congress. GAO

Title VIII – Corporate and Criminal Fraud Accountability
Section Title Requirements of the Act Respon-sibility
801 Short title Corporate and Criminal Fraud Accountability Act of 2002 --
802 Criminal penalties for altering documents

It is a federal crime punishable by fine and/or imprisonment up to 20 years for anyone to knowingly alter, destroy, mutilate, hide or falsify any document or tangible object with intent to impede or influence the investigation or proper administration of any agency or in any bankruptcy case.

Accountants who audit an issuer are to maintain all audit or review workpapers for 5 years from the end of the fiscal period in which the audit or review was concluded. The SEC later issued a final rule increasing the retention period to 7 years. Violations are punishable by fine and/or imprisonment of up to 10 years.



Courts and Law Enforcement



External Auditors
803 Debts nondischargeable if incurred in violation of securities fraud laws Debts arising under a claim relating to securities law violations or common law fraud in connection with a securities transaction cannot be discharged in bankruptcy. Courts and Law Enforcement
804 Statute of limitations for securities fraud A private right of action involving fraud, deceit, manipulation, or contrivance involving the securities laws may be brought not later than the earlier of: 2 years after the discovery of facts constituting the violation or 5 years after the violation. Courts and Law Enforcement
805 Review of federal sentencing guidelines for obstruction of justice and extensive criminal fraud The United States Sentencing Commission (USSC) is to review and amend the Federal Sentencing Guidelines and policy statements to ensure they are sufficient to deter and punish cases involving document destruction, financial fraud, and organized crime. USSC
806 Protection for employees of publicly traded companies who provide evidence of fraud Provides whistle-blower protection for employees who report securities laws violations by their employers. An employee proven to have been discriminated against by the employer is entitled to compensatory damages, including reinstatement, back pay with interest, and special damages. Courts and Public Company
807 Criminal penalties for defrauding shareholders of publicly traded companies Whoever knowingly executes or attempts to execute a scheme to defraud a person in connection with a security or obtains by false pretenses money or property in connection with a securities transaction could be fined and/or imprisoned up to 25 years. Courts and Law Enforcement

Title IX – White Collar Crime Penalty Enhancements
Section Title Requirements of the Act Respon-sibility
901 Short title White-Collar Crime Penalty Enhancement Act of 2002. --
902 Attempts and conspiracies to commit criminal fraud offenses It is a federal crime for any person to attempt or conspire to commit any offense under chapter 63 of Title 18 U.S.C. and is punishable by fine and/or imprisonment to the same extent as the actual offense. Courts and Law Enforcement
903 Criminal penalties for mail and wire fraud Maximum imprisonment for mail and wire fraud is increased from 5 years to 20 years. Courts and Law Enforcement
904 Criminal penalties for violations of the Employee Retirement Income Security Act (ERISA) of 1974 This section increases the penalties for violating ERISA. Courts and Public Company
905 Amendment to sentencing guidelines relating to certain white collar offenses The USSC is to review and, if appropriate, amend the Federal Sentencing Guidelines and policy statements to implement this Act. USSC
906 Corporate responsibility for financial reports Financial statements are to include a written statement by the CEO and CFO, or equivalent, certifying that the financial statements fairly present, in all material respects, the issuer's operations and financial condition. Violations are punishable by fines of up to $5 million and/or imprisonment of up to 20 years. Public Company

Title X – Corporate Tax Returns
Section Title Requirements of the Act Respon-sibility
1001 Sense of the Senate regarding the signing of corporate tax returns by CEOs It is the sense of the Senate that federal income tax returns of a corporation should be signed by the corporation's chief executive officer. --

Title XI – Corporate Fraud and Accountability
Section Title Requirements of the Act Respon-sibility
1101 Short Title Corporate Fraud Accountability Act of 2002 --
1102 Tampering with a record or otherwise impeding an official proceeding It a crime for anyone to alter, destroy, mutilate, or hide a record or object with intent to impair its integrity or impede any official proceeding. Violations are punishable by fine and/or imprisonment of up to 20 years. Courts and Law Enforcement
1103 Temporary freeze authority for the Securities and Exchange Commission The SEC has the authority to temporarily freeze the funds of an issuer it believes may have violated federal securities laws. SEC
1104 Amendment to the federal sentencing guidelines The USSC is to review sentencing guidelines applicable to securities and accounting fraud, consider enhancing those applicable to officers and directors of publicly traded companies, and report the findings and recommendations to Congress. USSC
1105 Authority of the SEC to prohibit persons from serving as officers and directors The SEC has the authority to prohibit, permanently or temporarily, anyone who has violated section 10(b) (insider trading restrictions) of the Securities Exchange Act from acting as an officer or director of any issuer with securities registered under section 12 of the Act or that is required to file reports under section 15(d) of the Act, if that person's conduct demonstrates unfitness to serve as an officer or director. SEC
1106 Increased criminal penalties under Securities Exchange Act of 1934 Penalties for willful violation are increased from fines of $1 million and/or imprisonment of up to 10 years to $5 million and 20 years, respectively, for natural persons (individuals), and up to $25 million in fines for other than natural persons (business entities). Courts and Law Enforcement
1107 Retaliation against informants Anyone who knowingly with intent to retaliate takes an action to harm anyone who provides information to law enforcement officials regarding a Federal offense may be fined and/or imprisoned up to 10 years. Courts and Law Enforcement
Source: FDIC Legal Division and OIG analysis.



APPENDIX III

GUIDANCE ISSUED BY THE FDIC IMPLEMENTING
PROVISIONS OF THE SARBANES-OXLEY ACT

Section Financial Institution Guidance Examiner Guidance
Sections Added to the Securities Exchange Act of 1934
  • 10A(m) – Standards Relating to Audit Committees
  • 13(i) – Accuracy of Financial Reports
  • 13(j) – Off-Balance Sheet Transactions
  • 13(k) – Prohibition on Personal Loans to Executives
  • 13(l) – Real Time Issuer Disclosures
  • FDIC limited-distribution* FIL, August 13, 2002, Financial Statement Certification and Beneficial Ownership Filing Requirements of the Sarbanes-Oxley Act of 2002
  • FIL-17-2003, March 5, 2003, Corporate Governance, Audits, and Reporting Requirements
  • Regional Directors Memorandum 2003-027, July 9, 2003, Corporate Governance, Audits, and Reporting Requirements
  • RD Memorandum
    2004-021, May 14, 2004, Revised Examination Modules
Sections Amended in the Securities Exchange Act of 1934
  • 12(i) – Conforming Amendment [defines section numbering change in the Exchange Act]
  • 13(b)(2) – Conforming Amendment [adds new language to the Exchange Act]
  • Limited-distribution* FIL, August 13, 2002, Financial Statement Certification and Beneficial Ownership Filing Requirements of the Sarbanes-Oxley Act of 2002
  • FIL-17-2003, March 5, 2003, Corporate Governance, Audits, and Reporting Requirements
  • Not Applicable
  • 16(a) – [Beneficial Ownership] Disclosures Required
  • Limited-distribution* FIL, August 13, 2002, Financial Statement Certification and Beneficial Ownership Filing Requirements of the Sarbanes-Oxley Act of 2002
  • FIL-60-2003, July 28, 2003, Federal Banking Agencies Announce New Interagency Electronic Filing System for Beneficial Ownership Reports
  • FIL-41-2004, April 15, 2004, Mandatory Electronic Filing of Beneficial Ownership Reports by Insiders of FDIC-Supervised Registered Banks
  • Not Applicable
New Sections in the Sarbanes-Oxley Act of 2002
  • 302 – Corporate Responsibility for Financial Reports
  • 303 – Improper Influence on Conduct of Audits
  • 304 – Forfeiture of Certain Bonuses and Profits
  • 306 – Insider Trades During Pension Fund Blackout Periods
  • 401(b) – Commission Rules on Pro Forma Figures
  • 404 – Management Assessment of Internal Controls
  • 406 – Code of Ethics for Senior Financial Officers
  • 407 – Disclosure of Audit Committee Financial Expert
  • Limited-distribution* FIL, August 13, 2002, Financial Statement Certification and Beneficial Ownership Filing Requirements of the Sarbanes-Oxley Act of 2002
  • FIL-17-2003, March 5, 2003, Corporate Governance, Audits, and Reporting Requirements
  • FIL-66-2003, August 18, 2003, Rules of Practice for the Removal, Suspension, and Debarment of Accountants and Accounting Firms
  • Limited-distribution* FIL, August 9, 2004, Recent SEC Developments and Changes in Filing Requirements
  • RD Memorandum
    2003-027, July 9, 2003, Corporate Governance, Audits, and Reporting Requirements
  • RD Memorandum
    2004-021, May 14, 2004, Revised Examination Modules
Source: OIG analysis.
* Distributed only to FDIC-supervised registrants.



APPENDIX IV

SUMMARY OF SARBANES-OXLEY ACT RELATED
FINANCIAL INSTITUTION LETTERS

FIL DATED SUBJECT SUMMARY
Limited Distribution* 08/13/02 Financial Statement Certification and Beneficial Ownership Filing Requirements of the Sarbanes-Oxley Act of 2002 The FDIC explained its expectations with respect to sections 302 and 906 of the Sarbanes-Oxley Act that require written certifications to accompany periodic reports containing financial statements required by sections 13(a) or 15(d) of the Securities Exchange Act of 1934.
FIL-21-2003 03/17/03 Interagency Policy Statement on the Internal Audit Function and Its Outsourcing The federal banking agencies have revised their 1997 internal audit policy statement to update guidance (in light of the Sarbanes-Oxley Act) on the independence of an accountant who provides both external audit and internal audit services to an institution. Other parts of the 1997 policy statement also have been revised.
FIL-60-2003 07/28/03 Federal Banking Agencies Announce New Interagency Electronic Filing System for Beneficial Ownership Reports Directors, officers, and principal shareholders of institutions whose equity securities are registered with the FDIC, the FRB, and the OCC were encouraged to use a new interagency electronic filing system, as required by the Sarbanes-Oxley Act, to submit their beneficial ownership reports to the agencies beginning July 30, 2003.
FIL-66-2003 08/18/03 Rules of Practice for the Removal, Suspension, and Debarment of Accountants and Accounting Firms The banking and thrift regulatory agencies have issued final rules governing their authority to take disciplinary actions against independent public accountants and accounting firms that perform audit and attestation services required by section 36 of the FDI Act. Section 36 final rules for disciplinary actions address violations by accountants of certain provisions of the Sarbanes-Oxley Act of 2002.
Limited Distribution* 02/13/04 Recently Required Financial Reporting Disclosures for Publicly Reporting Banks The FDIC explained the disclosure requirements for off-balance sheet arrangements, which was added by section 401(a) of the Sarbanes-Oxley Act. The changes effective for financial institution registrants with respect to Management's Discussion and Analysis of Financial Condition and Results of Operations (MD&A) were also explained.
FIL-41-2004 04/15/04 Mandatory Electronic Filing of Beneficial Ownership Reports by Insiders of FDIC-Supervised Registered Banks The FDIC issued an interim final rule amending Part 335 of its regulations to require electronic filing of beneficial ownership reports by directors, executive officers, and principal shareholders of banks with equity securities registered with the FDIC under the federal securities laws. This rule, which took effect June 11, 2004, implemented certain requirements of the Sarbanes-Oxley Act of 2002.
Limited Distribution* 08/09/04 Recent SEC Developments and Changes in Filing Requirements The FDIC informed financial institutions about several important SEC and PCAOB reporting changes. The FIL also addresses the latest amendments to rules regarding implementation of sections 302, 404, 409, and 906 of the Sarbanes-Oxley Act.
Source: OIG Analysis.
* Distributed only to FDIC-supervised registrants.



APPENDIX V

CORPORATION COMMENTS

Corporation Comments - Page 1
[D]

| Accessibility | Privacy | Information Quality | Plain Writing Act of 2010 | Contact Us | Site Map | Home

Last updated 10/26/04