Compliance by subsidiaries of holding companies
The final rule provides criteria to determine if the audited financial statements and other requirements of Part 363 may be satisfied at a holding company level. For an institution to comply with Part 363, the total assets of a holding company’s insured depository institution subsidiary must comprise 75 percent or more of the holding company’s consolidated total assets. This threshold is being established to ensure the independent audit work performed at the insured depository institution is sufficient to satisfy the intent of Section 36:  early identification of needed improvements in financial management at insured institutions. To provide those institutions that currently report at the holding company level but do not meet the 75 percent threshold sufficient time to comply with this new requirement, the FDIC has delayed the effective date for implementing this threshold until fiscal years ending on or after June 15, 2010. Until then, institutions may continue to satisfy the audited financial statements requirement at a holding company level whether or not consolidated total assets of the institution comprise 75 percent or more of the holding company’s consolidated total assets.

Compliance with laws and regulations
Management must include their assessment of compliance with laws and regulations relating to insider loans and dividend restrictions. The report must include a clear statement as to management’s conclusion with respect to compliance and disclosure of any noncompliance with such laws and regulations. The disclosure should include appropriate qualitative and quantitative information to describe the nature, type and significance of noncompliance.

Internal control evaluation
Management will be required to identify the internal control framework they used to assess internal control over financial reporting. The evaluation must:

• Contain a statement incorporating controls over preparation of regulatory financial statements
• Contain a clear statement as to management’s conclusion about the effectiveness of internal control over financial reporting as well as noncompliance with the designated safety and soundness laws and regulations – insider loans and dividend restrictions 
• Disclose any material weaknesses identified by management in internal control over financial reporting not remediated before the end of the fiscal year

Acquisitions during the year
The final rule provides relief from reporting on internal control over financial reporting for businesses acquired during the fiscal year. The FDIC recognizes it may not always be possible for management to conduct an evaluation of internal control over financial reporting of an acquired business in the period between the date of the acquisition and the date their internal control evaluation is due. The U.S. Securities and Exchange Commission (SEC) has provided similar guidance to public companies with respect to the exclusion of the acquired business from management’s evaluation in the period of acquisition.

Filing deadline
The time period for a nonpublic institution to file its Part 363 Annual Report will be extended 30 days to within 120 days after the end of its fiscal year. The 30-day extension of the filing deadline is granted if an institution is faced with extraordinary circumstances beyond its reasonable control will be replaced with a late filing notification. This notification must disclose the institution’s inability to timely file all or specified portions of its Part 363 Annual Report, the reasons in detail and the date when the report will be filed.

Transition period for forming & restructuring audit committees
Many of the changes in the final rule for audit committees are designed to incorporate certain corporate governance practices of public companies implemented under the Sarbanes-Oxley Act of 2002 into requirements of institutions that are subject to Part 363. The final rule provides a one-year transition period for forming or restructuring the audit committee when:

• An institution becomes subject to Part 363
• Its assets first reach the $1 billion asset-size threshold
• Its assets first reach the $3 billion asset-size threshold

Audit committee composition
Each insured depository institution subject to Part 363 must have an independent audit committee composed entirely of outside directors, i.e., a director who is not an officer or employee of the institution or any affiliate of the institution. In addition, the outside directors who serve on the audit committee must be independent of management, although a minority of audit committee members of institutions with $500 million or more but less than $1 billion in total assets need not be independent of management. The audit committee of any insured depository institution with $3 billion in total assets or more should include members with banking or related financial management expertise, have access to its own outside counsel and not include any large customers of the institution.

The final rule also states the board of directors of an institution should maintain and use an approved set of written criteria for evaluating audit committee member independence and the results and basis for the board’s determination be recorded in the board’s minutes. The criteria developed should be applied at least annually to determine whether each existing or potential audit committee member meets requirements of Section 36 and Part 363. The deadline is December 31, 2009, to develop and adopt a set of written criteria to determine whether a director to serve on the audit committee is an outside director and independent of management. All other provisions regarding the composition of the audit committee is effective 30 days from date of publication in the Federal Register.

The final rule includes guidance regarding ownership percentage and compensation amounts for an institution’s board to consider when making the independent of management determinations for audit committee members. Consistent with the SEC’s and national securities exchanges’ rules, the ownership of 10 percent or more of any class of voting securities is not an automatic trigger to determine if an outside director is independent of management. However, the final rule states when an outside director’s stock ownership equals or exceeds the 10 percent threshold, the board is required to determine and document its conclusion as to whether such ownership would hinder the outside director’s independent judgment in carrying out responsibilities of an audit committee member. The compensation limit applicable to audit committee members for direct and indirect compensation has been increased from $60,000 to $100,000.  The FDIC has revised and expanded guidance to specify what payments are not included within the meaning of terms direct and indirect compensation and payments.

Audit committee duties
The audit committee’s duties should be appropriate to the size of the institution and the complexity of its operations. The final rule states an audit committee is to review the basis for the Part 363 Annual Report with both management and the independent public accountant. The audit committee will be made explicitly responsible for the appointment, compensation and oversight of the independent public accountant who performs services under Part 363. The audit committee also will have to review and satisfy itself as to the independent public accountant’s compliance with the independence, peer review and other qualifications under Part 363. 

Independent public accountant engagement letters
The final rule also requires the audit committee ensures audit engagement letters and any related agreements with the independent public accountant for services to be performed under Part 363 do not contain any limitation of liability provisions that:

• Indemnify the independent public accountant against claims made by third parties
• Hold harmless or release the independent public accountant from liability or claims that might be asserted by the client insured depository institution, other than claims for punitive damages
• Limit the remedies available to the client insured depository institution  (The final rule does not preclude the use of alternative dispute resolution agreements and jury trial waivers)

Additional information about the final rule may be found in the Federal Register, Volume 74, No. 128, July 7, 2009, Part II – Federal Deposit Insurance Corporation, 12 CFR Parts 308 and 363, page 32226, Annual Independent Audits and Reporting Requirements.

Changes to truth in lending act are closer than you think

This is a reminder that significant changes to Federal Reserve Board Regulation Z will go into effect July 30, 2009.  If you expected this date to be October 1, 2009, please read further.  Those of you who attended our recent webinar are aware the Mortgage Disclosure Improvement Act, which was passed by Congress July 30, 2008, made substantive changes to the timing and delivery requirements associated with the early Truth in Lending (ETIL) disclosure.  These changes are discussed below.  In addition, one significant change was made in the final rule issued May 19, 2009, that differs from the proposed provisions, which was part of the basis for BKD’s webinar.

The most significant change to the ETIL requirements is the creation of a waiting period between when the ETIL is provided and when the loan may be consummated.  For applications received on or after July 30, 2009, a financial institution must deliver or place the ETIL in the mail “not later than the seventh business day before consummation of the transaction.”  In addition, if the ETIL becomes inaccurate by such an amount that it would exceed the standard tolerance for violation, a corrected ETIL disclosure must be provided no later than three business days before consummation.

In addition to the waiting period prior to consummation, as of July 30, 2009, financial institutions will no longer be able to charge a fee, other than a bona fide credit report fee, prior to the consumer having“received” the ETIL.  If the disclosures are mailed to the consumer, the consumer is considered to have “received” them three business days after they are mailed.  For purpose of this timing requirement, business day is defined as “all calendar days except Sundays and the legal public holidays specified….” 

This special definition of business day also applies to both the seven- and three- day waiting periods after delivery of the ETIL and/or corrected ETIL.  This is perhaps the only significant change from the proposed regulation that applied the standard definition of business day, i.e., a day on which the creditor’s offices are open for carrying on substantially all of its business functions, to the seven day waiting period.  It’s also worth mentioning that the standard definition of business day continues to apply to the three-day time period in which the ETIL must be initially mailed or delivered.

We recommend that financial institutions closely review the aforementioned changes and begin considering any necessary procedural changes.  Below is a link to BKD’s archived webinar and the final rule to assist in this review.  Contact your BKD advisor if you have additional questions on any of these changes.

Financial Services Webinars

http://edocket.access.gpo.gov/2009/pdf/E9-11567.pdf