Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

FIL-19-95 Attachment

[Federal Register: February 15, 1995 (Volume 60, Number 31)]
[Proposed Rules]               
[Page 8583-8591]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]


-----------------------------------------------------------------------

 

FEDERAL DEPOSIT INSURANCE CORPORATION
12 CFR Part 363

RIN 3064--AA83


Annual Independent Audits and Reporting Requirements

AGENCY: Federal Deposit Insurance Corporation (FDIC or Corporation).

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: Section 314 of the Riegle Community Development and Regulatory 
Improvement Act of 1994 (RCDRIA) amends sections 36(i) and 36(g)(2) of 
the Federal Deposit Insurance Act (FDI Act). Section 36 of the FDI Act 
is generally intended to facilitate early identification of problems in 
financial management through annual independent audits, assessments of 
the effectiveness of internal controls and of compliance with 
designated laws and regulations, and more stringent reporting 
requirements. Section 314(a) provides relief from certain duplicative 
reporting under section 36 of the FDI Act for sound, well managed 
insured depository institutions with over $9 billion in total assets 
which are subsidiaries of multibank holding companies. Section 314(b) 
requires the Corporation to notify a large insured depository 
institution in writing if it decides a review by an independent public 
accountant of such institution's quarterly financial reports is 
required. [[Page 8584]] The Corporation's regulations governing annual 
independent audits implement section 36 of the FDI Act and this 
proposed amendment seeks to conform the regulations to the amended 
statute.
   In addition, the FDIC proposes several minor, technical amendments 
to the guidelines and interpretations (Guidelines), published as an 
appendix concerning compliance with certain provisions of section 36. 
The FDIC also proposes to amend the schedule entitled, ``Agreed Upon 
Procedures for Determining Compliance with Designated Laws'', to 
implement recent amendments to the federal regulations concerning loans 
to insiders improve the format of the procedures, streamline the 
specific procedures, and eliminate ambiguities. These proposed 
amendments reflect the experience of the Corporation, institutions, and 
accountants with the existing procedures during the past year.

DATES: Comments must be received by April 17, 1995.

ADDRESSES: Send comments to Robert E. Feldman, Acting Executive 
Secretary, FDIC, 550 17th Street, N.W., Washington, D.C. 20429. 
Comments may be hand-delivered to room 400, 1776 F Street, N.W., 
Washington, D.C. 20429 on business days between 8:30 a.m. and 5:00 p.m. 
(FAX number: (202) 898-3838.) Comments will be available for inspection 
in room 7118, 550 17th Street, N.W., Washington, D.C., between 9 a.m. 
and 4:30 p.m. on business days.

FOR FURTHER INFORMATION CONTACT: Doris L. Marsh, Examination 
Specialist, Division of Supervision, (202) 898-8905, or Sandra 
Comenetz, Counsel, Legal Division, (202) 898-3582, FDIC, 550 17th 
Street N.W., Washington, D.C. 20429.

SUPPLEMENTARY INFORMATION:

I. Background

   Section 112 of the Federal Deposit Insurance Corporation 
Improvement Act of 1991 (FDICIA) added section 36, ``Independent Annual 
Audits of Insured Depository Institutions'', to the FDI Act (12 U.S.C. 
1831m). Section 36 requires the FDIC, in consultation with the 
appropriate federal banking agencies, to promulgate regulations 
requiring each insured depository institution over a certain asset size 
(covered institution) to have an annual independent audit of its 
financial statements performed in accordance with generally accepted 
auditing standards and section 37 of the FDI Act (12 U.S.C. 1831n), and 
to provide a management report and independent public accountant's 
attestation concerning both the effectiveness of the institution's 
internal controls for financial reporting and its compliance with 
designated safety and soundness laws. Section 36 also requires each 
covered institution to have an independent audit committee. The audit 
committee of each large covered institution (total assets exceeding $3 
billion) must meet additional requirements.
   Section 36 also requires the FDIC, in consultation with the other 
federal banking agencies, to designate laws and regulations concerning 
safety and soundness. This section requires the institution's 
independent public accountant to perform procedures agreed upon by the 
Corporation to determine an institution's compliance with these 
designated laws and regulations. The ``Designated Laws'' selected by 
the Corporation are the federal laws and regulations concerning loans 
to insiders and the federal and state laws and regulations concerning 
dividend restrictions.
   In June 1993, the FDIC published 12 CFR part 363 (58 FR 31332, June 
2, 1993) to implement the provisions of section 36 of the FDI Act. 
Under part 363, the requirements of section 36 apply to each insured 
depository institution with $500 million or more in total assets at the 
beginning of any fiscal year that begins after December 31, 1992.
   Section 314 of RCDRIA amends sections 36(i) and 36(g)(2) of the FDI 
Act (12 U.S.C. 1831m (i) and (g)(2)). The purpose of section 314(a) is 
to provide relief from certain duplicative reporting under section 36 
of the FDI Act for sound, well managed insured depository institutions 
with over $9 billion in total assets which are subsidiaries of 
multibank holding companies. Section 314(b) requires the Corporation to 
notify a large insured depository institution in writing if it decides 
to require a review by an independent public accountant of such 
institution's quarterly financial reports. In addition, the federal 
regulations concerning loans to insiders (Federal Reserve Regulation O, 
12 CFR part 215), which are included in one of the Designated Laws, 
were amended during 1994.
   The FDIC proposes certain amendments to 12 CFR Part 363, which 
conform Part 363 to the amended statute. The FDIC also proposes several 
minor, technical amendments to the guidelines and interpretations 
(Guidelines), published as Appendix A to part 363, concerning 
compliance with certain provisions of section 36.
   In addition, a year's experience with Part 363 indicates that a 
clarification of certain of the specific procedures in Schedule A to 
Appendix A of the Guidelines would make them more efficient and less 
burdensome. The FDIC therefore proposes to amend Schedule A to Appendix 
A--Agreed Upon Procedures for Determining Compliance with Designated 
Laws, to reflect the recent amendments to the federal regulations 
concerning loans to insiders (12 CFR Part 215), improve the format of 
the procedures, streamline the specific procedures, and eliminate 
ambiguities. The proposed amendments reflect the experience of the 
Corporation, institutions, and accountants dealing with the existing 
procedures during the past year.
   Section 36(g)(2) of the FDI Act authorizes the FDIC to require 
independent public accountants for ``large institutions'' to review 
such institutions' quarterly financial reports. This provision is 
amended by Section 314(b) of RCDRIA to add section 36(g)(3) which 
requires the Corporation to notify a large insured depository 
institution in writing if it decides to require a review of its 
quarterly financial reports by an independent public accountant. When 
the FDIC adopted Part 363, it elected not to exercise its authority in 
this area for reasons of cost and limited expected benefits, preferring 
instead to request such reviews on a case-by-case basis. The FDIC has 
not changed its opinion. Should the FDIC decide to request an 
independent public accountant's review of the quarterly financial 
statements of a large insured depository institution, it will make the 
request in writing.

II. The Proposal

   The FDIC proposes to make conforming amendments to Part 363 so that 
it is consistent with section 36 as amended by section 314 of RCDRIA, 
and to make minor, technical, and clarifying changes to the Guidelines 
in Appendix A. In addition, the FDIC proposes to amend and reformat the 
specific procedures in Schedule A to Appendix A to make them more 
efficient and less burdensome.

A. Amendments to the Rule

   Section 363.1--Scope. In Sec. 363.1(b), the phrase ``but less than 
$9 billion'' would be deleted from the provisions of the regulation 
describing the institutions eligible to report using the holding 
company exception set forth in section 36(i). This revision would make 
the regulation consistent with the amendment to section 36(i) made by 
section 314 of RCDRIA. In addition, the subsection would be reformatted 
and another paragraph added to incorporate the provisions of section 
314(a)(3) of RCDRIA which identifies the [[Page 8585]] circumstances 
under which the appropriate federal banking agency may require a large 
institution subsidiary of a holding company to have its own audit 
committee and report separately.
   Section 363.4--Filing and notice requirements. The citation in 
Sec. 363.4(b) would be corrected so that it is clear that only the 
annual report in Sec. 363.4(a)(1) is available for public inspection. 
This correction would make the Rule consistent with section 36 of the 
FDI Act.
   Section 363.5--Audit committees. A new sentence would be added at 
the end of Sec. 363.5(b) to make the rule consistent with the amendment 
to section 36(i) made by section 314 of RCDRIA. The new sentence 
prohibits any large customers of a large insured depository institution 
from being members of the audit committee of the institution's holding 
company if the institution relies on the audit committee of the holding 
company to comply with this rule.

B. Amendments to Appendix A to Part 363--Guidelines and Interpretations

   Guideline 4. Comparable Services and Functions--An amendment to 
Guideline 4(c) under ``Scope of Rule'' would replace the word ``all'' 
with the word ``those'' to clarify that only information pertaining to 
covered institutions must be included in reports filed under Part 363.
   Guideline 9. Safeguarding of Assets. The third and fourth sentences 
of Guideline 9 and the addition of a phrase to the footnote would be 
revised. When Part 363 was adopted, the FDIC determined that 
``safeguarding of assets'', as the term relates to internal control 
policies and procedures for financial reporting, should be addressed in 
the management report and the independent public accountant's 
attestation discussed in guideline 18. In May, 1994, the Committee of 
Sponsoring Organizations (COSO) of the Treadway Commission issued an 
Addendum to the ``Reporting to External Parties'' volume of COSO's 
September 1992 Internal Control--Integrated Framework (COSO Report). 
The Addendum expanded the discussion of the scope of a management 
report on internal controls to address additional controls pertaining 
to safeguarding of assets. It states that ``Such internal control can 
be judged effective if the board of directors and management have 
reasonable assurance that unauthorized acquisition, use or disposition 
of the entity's assets that could have a material effect on the 
financial statements is being prevented or detected on a timely 
basis''. The FDIC, therefore, believes that the concern that existed at 
the time of the adoption of Part 363 over the lack of criteria against 
which the accountant may judge safeguarding of assets for financial 
reporting no longer exists. Thus, the last two sentences and the 
footnote to this Guideline would be revised.
   Guideline 10. Standards for Internal Controls. The footnote to 
Guideline 10 includes a list of sources of information on safeguarding 
of assets and standards for internal controls for financial reporting 
that may be considered for use by institutions. The Addendum to the 
COSO Report now contains information regarding safeguarding of assets. 
Therefore, a reference to this standard would be added to the list in 
the footnote, and Guideline 10 revised appropriately.
   In addition, the American Institute of Certified Public Accountants 
(AICPA) issued Statement on Auditing Standards No. 55 (SAS 55), 
``Consideration of the Internal Control Structure in a Financial 
Statement Audit''. SAS 55 has superseded AICPA Statement on Auditing 
Standards No. 30 (SAS 30), ``Reporting on Internal Accounting 
Control'', which is currently listed as a standard in the footnote to 
Guideline 10. Therefore, SAS 30 would be deleted from the footnote and 
replaced with SAS 55.
   Guideline 15. Peer Reviews--The footnote to Guideline 15 includes 
the names of the three peer and quality review programs of the AICPA. 
Since the AICPA is combining two of these programs into a single peer 
review program, the footnote to Guideline 15 would be amended to 
identify the two acceptable peer review programs to which an 
independent public accountant performing audit and attestation work may 
belong.
   Guideline 24. Relief from Filing Deadlines--The phrase referring to 
section 36 of the FDI Act in the second sentence of Guideline 24 would 
be deleted since section 36 does not provide authority to the FDIC to 
provide relief to, or exempt institutions from, provisions in the 
statute. This Guideline has also been revised to make it more readable.
   Guideline 31. Holding Company Audit Committees--The first sentence 
of Guideline 31 would be amended to clarify that a holding company 
audit committee, on which subsidiary institutions rely in order to 
comply with this rule, must meet the requirements for the audit 
committee of the largest subsidiary institution.
   The proposal would revise Guideline 31 because it has been widely 
misunderstood. The first two sentences of this Guideline apply to the 
situation where an insured depository institution subsidiary has $5 
billion or more in total assets, and a 3, 4, or 5 composite CAMEL 
rating. Such a subsidiary must have its own audit committee separate 
from the audit committee of the holding company. It was not clear that 
the third sentence of Guideline 31 addressed the situation where an 
insured depository institution subsidiary has either less than $5 
billion in total assets, or $5 billion or more in total assets and a 1 
or 2 composite CAMEL rating, and its holding company performs services 
and functions comparable to those required by the statute. In the 
latter situation, an institution may choose to rely on the holding 
company's audit committee. The members of the audit committee of the 
holding company are expected to meet the membership requirements of the 
largest subsidiary depository institution and may perform the duties of 
the audit committee for a subsidiary institution without becoming 
directors of the institution. This Guideline would be amended to 
clarify its meaning.
   Guideline 32. Duties--The second sentence of Guideline 32 would be 
amended to complete the citation to certain sections of Part 363. The 
sentence states that the duties of a covered institution's audit 
committee should be appropriate to the size of the institution and the 
complexity of its operations, and should include reviewing with 
management and the independent public accountant the basis for the 
reports issued under Secs. 363.2 (a) and (b) and 363.3 (a) and (b) of 
the rule. At present, the citation refers only to Sec. 363.2(b) of the 
rule.

C. Amendments to Schedule A to Appendix A--Agreed Upon Procedures for 
Determining Compliance with Designated Laws

   The agreed upon procedures in Schedule A would be amended to 
clarify the numbering system, make the procedures consistent with 
amendments to insider loan regulations, and adopt suggestions of 
institutions and accountants to make the performance of the agreed upon 
procedures more efficient and less burdensome.
   Proposed formatting changes include renumbering the paragraphs and 
adding more subject titles. The procedures applicable to insider 
extensions of credit granted, insider extensions of credit outstanding, 
aggregate insider extensions of credit outstanding, overdrafts, 
limitations on extensions of credit to executive officers, and reports 
on indebtedness to correspondent banks would all be placed in separate 
[[Page 8586]] subsections of the procedures for more efficient 
performance of the procedures and ease of reference. The amendments to 
the Federal Reserve Board's Regulation O (12 CFR Part 215), the federal 
rules governing insider loans, necessitated citation changes.
   The proposed revisions to the procedures should make them less 
burdensome for institutions and accountants since they will permit the 
use of the most recently completed Reports of Condition and Income 
(Call Report) or Thrift Financial Report (TFR) available when the 
procedures are being performed rather than requiring the use of only 
the year-end Call Report or TFR. The scope of the required reading of 
board and committee minutes and reports under the Securities Exchange 
Act of 1934 (15 U.S.C. 78a) would also be more clearly defined. 
Inadvertent overdrafts in an aggregate amount of $1,000 or less, which 
are exempt from Regulation O proscriptions (See 12 CFR 215.4(e)), would 
no longer need to be separately tracked by institutions, listed when 
certain representations are made by management, or tested by the 
accountant. Where accountants were expected to compare insider 
transactions to transactions with nonaffiliated persons, the comparison 
period within which nonaffiliated transactions can take place would be 
expanded from four to eight weeks. In addition, where no maximum number 
transactions to which comparisons must be made were previously 
included, comparisons would now be limited to a maximum of three. If no 
comparable transactions exist, an alternative procedure would be 
available to the institution.
   To ensure that some tests were performed on each category of 
extension of credit, including overdrafts and loans from correspondent 
banks, accountants would be requested to obtain three separate samples. 
In accordance with suggestions received for the procedures covering 
extensions granted and outstanding during the year, the proposal would 
have accountants focus the testing on a sample of insiders rather than 
a sample of transactions.
   Under the guidelines, an institution may choose to have some of the 
testing required in the agreed-upon procedures performed by its 
internal auditor with less testing performed by its independent public 
accountant. When the holding company exception set forth in section 
36(i) is used at a holding company with more than one covered 
subsidiary institution, the proposal would extend to internal auditors 
the same testing requirements that are now applicable to independent 
public accountants. This would eliminate the existing requirement that 
internal auditors perform the procedures on each covered subsidiary 
every year. Thus, the testing of samples from all covered subsidiaries 
every two or three years that has been required of independent public 
accountants would now apply to internal auditors, and a requirement 
that the lead institution or a few very large covered subsidiary 
institutions be included every year has been added for both accountants 
and internal auditors. However, in response to the proposed reduction 
in testing requirements applicable to internal auditors, the FDIC would 
increase the size of the sample required to be tested by the 
independent public accountant from 20 to 30 percent of the transactions 
in the sample used by the internal auditor. This change would generally 
not result in any increase in the number of transactions tested by the 
independent public accountant for reports on holding companies with two 
or more covered subsidiary institutions. Previously, the internal 
auditor had to perform procedures on a sample of transactions from each 
covered subsidiary and the independent public accountant had to test a 
sample from the consolidated holding company that was at least 20 
percent of the size of the aggregate samples used by the internal 
auditor. Under the proposal, the internal auditor may also select a 
sample on a consolidated holding company basis (so long as some 
transactions come from each covered subsidiary institution at least 
every two or three years), but the accountant would have to test a 
sample of transactions that was at least 30 percent of the size of the 
sample used by the internal auditor. In most cases, testing 30 percent 
of the number of transactions in the one sample from the consolidated 
entity used by the internal auditor will consist of fewer transactions 
to test than 20 percent of the transactions included in the samples 
aggregated from each covered institution.
   The changes and reformatting in the procedures from the current 
rule to the proposal are outlined in the table below:

----------------------------------------------------------------------------------------------------------------
                            Subject                                     Old section I           New section I  
----------------------------------------------------------------------------------------------------------------
Insider Loans:                                                                                                  
   Designated Laws and Regulations.............................  A.1                         A.1               
   General Information.........................................  A.2.a.                      A.2.a             
   Calculations................................................  A.2.b                       A.4               
   Policies and Procedures.....................................  A.2.c                       A.3               
   Insider Transactions........................................  A.2.d                       A.5               
   Loans to Correspondent Banks................................  A.2.d.(1)                   A.10              
   Aggregate Indebtedness......................................  A.2.d.(2)(a)                A.2.b.(3)         
                                                                                             A.2.d.(7)         
                                                                                             A.8               
   Executive Officers..........................................  A.2.d.(2)(b) & (c)          Deleted           
                                                                 A.2.e.(ii)                  A.7               
   Insider Extensions of Credit................................  A.2.d.(2)(d) & (e)          A.5, A.6          
                                                                 A.2.d.(5) & (6)                               
   Overdrafts..................................................  A.2.d.(3)                   A.9               
   Reports on Indebtedness to..................................                                                
   Correspondent Banks.........................................  A.2.e.                      A.10              
Dividend Restrictions:                                                                                          
   Designated Laws and Regulations.............................  B.1                         B.1               
   General Information.........................................  B.2                         B.2               
   Policies and Procedures.....................................  B.2.b                       B.3               
   Board Minutes...............................................  B.2.c                       B.4               
   Calculation of Undercapitalization..........................  B.2.d                       B.5               
   Dividends Declared by Banks.................................  B.2.e                        B.6              
   Dividends Declared by Savings Associations..................  B.2.f                        B.7              
----------------------------------------------------------------------------------------------------------------
[[Page 8587]]                                                                                                  
                                                                                                               
                            Subject                                    Old section II          New section II  
----------------------------------------------------------------------------------------------------------------
Procedures for the Independent Public Accountant:                                                               
   Designated Laws and Regulations.............................  A. & B.1                    A. & B.1          
   Internal Auditor's Workpapers...............................  B.2                         B.2               
   Testing.....................................................  C.                          B.3               
   Reports Concerning Holding Companies........................  D.                          B.4               
----------------------------------------------------------------------------------------------------------------

D. Timing and Effective Date

   Since the vast majority of covered institutions have fiscal years 
that coincide with the calendar year, they will be or are in the 
process of preparing the annual reports and having the agreed-upon 
procedures performed. In order to make this process less burdensome for 
institutions and their accountants, the FDIC will raise no objection if 
an institution chooses to follow immediately the provisions of this 
proposal for any fiscal year that ends prior to such time as any final 
amendment is adopted. However, if an institution chooses to follow 
these provisions and procedures, it must do so for both of the 
Designated Laws.

III. Regulatory Flexibility Act

   The rule expressly exempts insured depository institutions having 
assets of less than $500 million, and, for that reason, is inapplicable 
to small entities. Therefore, pursuant to section 605(b) of the 
Regulatory Flexibility Act (Pub. L. 96-354, 5 U.S.C. 601 et seq.), the 
FDIC Board of Directors certifies that the rule would not have a 
significant impact on a substantial number of small entities.

IV. Paperwork Reduction Act

   The proposed rule would reduce the burden in a collection of 
information that has been reviewed and approved by the Office of 
Management and Budget under control number 3064-0113, pursuant to the 
Paperwork Reduction Act of 1980 (44 U.S.C. 3501 et seq.). The currently 
approved burden for this collection is 76,330 hours per year. Of the 
reports filed during the first year of implementation of Part 363, 
nearly half (500) were submitted using the holding company exception. 
However, institutions generally reported that the time expended was 
greater than had been previously estimated. For this reason, the hours 
per response estimated is nearly double the previous estimate.
   The amended provisions of RCDRIA permit additional use of the 
holding company exception. Additional burden reduction is expected from 
the reformatted and streamlined specific procedures in Schedule A to 
Appendix A to Part 363. It is expected that the proposal would reduce 
the currently approved burden by 18,360 hours, to an industry-wide 
total of 57,970 hours per year.
   The total estimated reporting burden for the collection under Part 
363 as it is proposed to be amended would be:
   Number of Respondents: 450.
   Number of Responses Per Respondent: 3.19.
   Total Annual Responses: 1,435.5.
   Hours per Response: 40.38.
   Total Annual Burden Hours: 57,970.
   The proposed changes to this collection of information have been 
submitted to OMB for review and approval pursuant to the Paperwork 
Reduction Act. Comments on the accuracy of the burden estimate, and 
suggestions for reducing the burden, should be directed to the Office 
of Management and Budget, Paperwork Reduction Project 3064-0113, 
Washington, D.C. 20503, with copies of such comments to Steven F. 
Hanft, Office of the Executive Secretary, Room F-400, 550 17th St. 
N.W., Washington, D.C. 20429.

List of Subjects in 12 CFR Part 363

   Accounting, Administrative practice and procedure, Banks, Banking, 
Reporting and recordkeeping requirements.

   For the reasons set forth in the preamble, the Board of Directors 
of the FDIC proposes to amend part 363 of title 12, chapter III, of the 
Code of Federal Regulations as follows:

PART 363--ANNUAL INDEPENDENT AUDITS AND REPORTING REQUIREMENTS

   1. The authority citation for part 363 continues to read as 
follows:

   Authority: 12 U.S.C. 1831m.

   2. Section 363.1 is amended by revising paragraph (b) to read as 
follows:


Sec. 363.1  Scope.

* * * * *
   (b) Compliance by subsidiaries of holding companies. (1) The 
audited financial statements requirement of Sec. 363.2(a) may be 
satisfied for an insured depository institution that is a subsidiary of 
a holding company by audited financial statements of the consolidated 
holding company.
   (2) The other requirements of this part for an insured depository 
institution that is a subsidiary of a holding company may be satisfied 
by the holding company if:
   (i) The services and functions comparable to those required of the 
insured depository institution by this part are provided at the holding 
company level; and
   (ii) Either the insured depository institution has total assets as 
of the beginning of such fiscal year of:
   (A) Less than $5 billion; or
   (B) $5 billion or more and a composite CAMEL rating of 1 or 2.
   (3) The appropriate federal banking agency may suspend the 
exception in paragraph (b)(2) of this section regarding any institution 
with total assets in excess of $9 billion for any period of time during 
which the appropriate federal banking agency determines that the 
institution's exemption would create a significant risk to the affected 
deposit insurance fund.
   3. Section 363.4 is amended by revising paragraph (b) to read as 
follows:


Sec. 363.4  Filing and notice requirements.

* * * * *
   (b) Public availability. The annual report in paragraph (a)(1) of 
this section shall be available for public inspection.
* * * * *
   4. Section 363.5 is amended by revising paragraph (b) to read as 
follows:


Sec. 363.5  Audit committees.

* * * * *
   (b) Committees of large institutions. The audit committee of any 
insured depository institution that has total assets of more than 
Sec. 3 billion, measured as of the beginning of each fiscal year, shall 
include members with banking or related financial management expertise, 
have access to its own outside counsel, and not include any large 
customers of the institution. If a large institution is a subsidiary of 
a holding company and relies on the audit committee of the holding 
company to comply with this part, the holding company audit committee 
shall not include any members who are large customers of the subsidiary 
institution. [[Page 8588]] 
   5. Appendix A to Part 363 is amended by revising guidelines 4(c), 
9, footnote 2 in guideline 10, footnote 3 in guideline 15(b), 24, 31, 
and the introductory paragraph of guideline 32 and footnotes 2 and 3 to 
read as follows:

Appendix A to Part 363--Guidelines and Interpretations

* * * * *
   4. Comparable Services and Functions. * * * (c) Prepares and 
submits the management assessments of the effectiveness of the 
internal control structure and procedures for financial reporting 
(internal controls), and compliance with the Designated Laws defined 
in guideline 12 that are based on information concerning the 
activities and operations of those subsidiary institutions within 
the scope of the rule.
* * * * *
   9. Safeguarding of Assets. ``Safeguarding of assets'', as the 
term relates to internal control policies and procedures regarding 
financial reporting, and which has precedent in accounting 
literature, should be addressed in the management report and the 
independent public accountant's attestation discussed in guideline 
18. Testing the existence of and compliance with internal controls 
on the management of assets, including loan underwriting and 
documentation, represents a reasonable implementation of section 36. 
Management therefore should include such internal controls as part 
of its assertion in the management report. The accountant's 
attestation to management's assertion concerning the effectiveness 
of internal controls for financial reporting should also include 
safeguarding of assets against unauthorized acquisition, use or 
disposition.1

   \1\ It is management's responsibility to establish policies 
concerning underwriting and asset management and to make credit 
decisions. The auditor's role is to test compliance with 
management's policies relating to financial reporting.
---------------------------------------------------------------------------

   10. * * *\2\

   \2\In considering what information is needed on safeguarding of 
assets and standards for internal controls, management may review 
guidelines provided by its primary federal regulator; the Federal 
Financial Institutions Examination Council's ``Supervisory Policy 
Statement on Securities Activities''; the FDIC's ``Statement of 
Policy Providing Guidance on External Auditing Procedures for State 
Nonmember Banks'' (Jan. 16, 1990), ``Statement of Policy Regarding 
Independent External Auditing Programs of State Nonmember Banks'' 
(Nov. 16, 1988), and Division of Supervision Manual of Examination 
Policies; the Federal Reserve Board's Commercial Bank Examination 
Manual and other relevant regulations; the Office of Thrift 
Supervision's Thrift Activities Handbook; the Comptroller of the 
Currency's Handbook for National Bank Examiners; standards published 
by professional accounting organizations, such as the American 
Institute of Certified Public Accountant's (AICPA) Statement on 
Auditing Standards No. 55, ``Consideration of the Internal Control 
Structure in a Financial Statement Audit''; the Committee of 
Sponsoring Organizations (COSO) of the Treadway Commission's 
Internal Control--Integrated Framework, including its addendum on 
safeguarding of assets; and other internal control standards 
published by the AICPA, other accounting or auditing professional 
associations, and financial institution trade associations.
---------------------------------------------------------------------------

* * * * *
   15. * * *
   (b) * * *\3\ * * *

   \3\These would include standards for Performing and Reporting on 
Peer Reviews, codified in the SEC Practice Section Reference Manual, 
and Standards for Performing and Reporting on Peer Reviews, 
contained in Volume 2 of the AICPA's Professional Standards.
---------------------------------------------------------------------------

* * * * *
   24. Relief from Filing Deadlines. Although the reasonable 
deadlines for filings and other notices established by this part are 
specified, some institutions may occasionally be confronted with 
extraordinary circumstances beyond their reasonable control that may 
justify extensions of a deadline. In that event, upon written 
application from an insured depository institution, setting forth 
the reasons for a requested extension, the FDIC or appropriate 
federal banking agency may, for good cause shown, extend a deadline 
in this part for a period not to exceed 30 days.
* * * * *
   31. Holding Company Audit Committees. When an insured depository 
institution subsidiary fails to meet the requirements for the 
holding company exception in Sec. 363.1(b)(2) or maintains its own 
separate audit committee to satisfy the requirements of this part, 
members of the independent audit committee of the holding company 
may serve as the audit committee of the subsidiary institution if 
they are otherwise independent of management of the subsidiary, and, 
if applicable, meet any other requirements for a large subsidiary 
institution covered by this part. However, this would not permit 
officers or employees of the holding company to serve on the audit 
committee of its subsidiary institutions. When the subsidiary 
institution satisfies the requirements for the holding company 
exception in Sec. 363.1(b)(2), members of the audit committee of the 
holding company should meet all the membership requirements 
applicable to the largest subsidiary depository institution and may 
perform all the duties of the audit committee of a subsidiary 
institution, even though such holding company directors are not 
directors of the institution.
   32. Duties. The audit committee should perform all duties 
determined by the institution's board of directors. The duties 
should be appropriate to the size of the institution and the 
complexity of its operations, and include reviewing with management 
and the independent public accountant the basis for the reports 
issued under Secs. 363.2 (a) and (b) and 363.3(a) and (b) of the 
rule. Appropriate additional duties could include:
* * * * *
   6. Schedule A to Appendix A to Part 363 is revised to read as 
follows:

Schedule A to Appendix A--Agreed Upon Procedures for Determining 
Compliance With Designated Laws

   i. Schedule A is attached to the Guidelines and Interpretations 
issued by the FDIC as an appendix to this part 363 adopted to 
implement section 36 of the FDI Act.
   ii. The Agreed Upon Procedures set forth in this schedule are 
referred to in guideline 19. They should be followed by the 
institution's independent public accountant (or, with respect to the 
procedures set forth in section I of this schedule, by the 
institution's internal auditor if the accountant is to perform the 
procedures set forth in section II of this schedule) in order to 
permit the accountant to report on the extent of compliance with the 
Designated Laws (defined in guideline 12) as required by section 
36(e) (1) and (2).
   iii. Additional guidance concerning the role of the institution, 
its internal auditor, and its independent public accountant in 
assessing the institution's compliance with the Designated Laws is 
set forth in the Guidelines. All terms not defined in this schedule 
have the meanings given them in this part 363, the Guidelines, and 
professional accounting and auditing literature.

Section I--Procedures for Individual Institutions

   The following procedures should be performed by the 
institution's independent public accountant in accordance with 
generally accepted standards for attestation engagements, or by the 
institution's internal auditor if the procedures set forth in 
section II of this schedule are to be performed by the independent 
public accountant. To the extent permitted by Sec. 363.1(b), these 
procedures may be performed on a holding company basis rather than 
at each covered subsidiary insured depository institution. (See 
section II.B.3. for information concerning testing by the 
independent public accountant when the institution's internal 
auditor is performing the procedures in Section I.)
   A. Loans to Insiders.
   1. Designated Laws. The following federal laws and regulations 
(Designated Insider Laws), to the extent that they are applicable to 
the institution, should be read:
   a. Laws: 12 U.S.C. 375, 375a, 375b, 376, 1468(b), 1828(j)(2), 
1828(j)(3)(B), and 1972; and
   b. Regulations: 12 CFR 23.5, 31, 215, 337.3, 349.3, and 563.43.
   2. General.
   a. Information. Obtain from management of the institution, the 
following information for the institution's fiscal year:
   (1) Management's assessment of compliance with the Designated 
Insider Laws;
   (2) All minutes (including minutes drafted, but not approved) of 
the meetings of the board and committees of the board which have 
been delegated authority pertaining to insider lending;
   (3) Reports of examination, supervisory agreements, and 
enforcement actions issued by the institution's primary federal and 
state regulators, if applicable;
   (4) The annual survey which identifies all insiders of the 
institution (i.e., directors, executive officers, and principal 
shareholders, and includes their related interests) and/or other 
records maintained for insiders of the institution's affiliates 
(pursuant to 12 CFR 215.8(c));
   (5) All Forms 10-K, 10-Q, and 8-K and proxy statements filed 
with the SEC and [[Page 8589]] comparable documents filed with the 
FDIC, Federal Reserve Board, OCC, or OTS under the Securities 
Exchange Act of 1934 containing information pertaining to insider 
lending;
   (6) A list of loans, including all overdrafts of executive 
officers and directors,1 and other extensions of credit to 
insiders (including their related interests) outstanding at any time 
during the fiscal year (and which identifies those extensions 
granted during the year) as well as the amounts outstanding of such 
extensions of credit as of the date of the most recently completed 
Call Report or TFR (Insider Extensions List); and

   \1\Overdrafts of an executive officer or director in an 
aggregate amount of $1,000 or less need not be included on this list 
if management provides a written representation that policies and 
procedures are in effect to report as extensions of credit all 
overdrafts that do not meet the criteria listed in paragraph 9.a.(2) 
of this section concerning overdrafts in an aggregate amount of 
$1,000 or less.
---------------------------------------------------------------------------

   (7) Management's written representation concerning the 
completeness of:
   (a) Its records concerning insider loans and extensions of 
credit; and
   (b) The Insider Extensions List.
   b. Procedures:
   (1) Read the foregoing information.
   (2) If the institution has excluded any officers or directors 
from being considered executive officers for purposes of paragraph 
2.a.(4) of this section, ascertain that any such exclusions have 
been approved by resolution of the board or the bylaws of the bank 
or company.
   (3) Trace and agree each insider loan and other extension of 
credit disclosed in the documents listed in paragraphs 2.a. (2) 
through (5) of this section to see that it is included on the 
Insider Extensions List.
   3. Policies and Procedures.
   a. Information. Obtain the institution's written policies and 
procedures concerning its compliance with the Designated Insider 
Laws, including any written ``Code of Ethics'' or ``Conflict of 
Interest'' policy statements. If the institution has no written 
policies and procedures, obtain a narrative from management that 
describes the methods for complying with such laws and regulations, 
and includes provisions similar to those listed in paragraph A.3.b 
of this section.
   b. Procedures. Ascertain that the policies and procedures 
include, or incorporate by reference, provisions consistent with the 
Designated Insider Laws for:
   (1) Defining terms;
   (2) Restricting loans to insiders;
   (3) Maintaining records of insider loans;
   (4) Requiring reports and/or disclosures by the institution and 
by executive officers, directors, and principal shareholders (and 
their related interests);
   (5) Disseminating policy information;
   (6) Revising policies to reflect subsequent changes in the law 
and regulations;
   (7) Educating employees about the legal requirements and 
management's related policies and procedures;
   (8) Prior approval of the board of directors; and
   (9) Reporting insider loans to regulatory agencies on the 
institution's Call Report or TFR.
   4. Calculations of Lending Limits.
   a. Information. Obtain management's calculation of the following 
items as of the date of the institution's most recently completed 
Call Report or TFR and as of a Call Report or TFR date six or nine 
months earlier:
   (1) The institution's unimpaired capital and surplus (the legal 
lending limit for all insiders);
   (2) The greater of 5 percent of the institution's unimpaired 
capital and surplus or $25,000; and
   (3) The institution's individual lending limit (12 CFR 
215.4(c)).
   b. Procedures. Recalculate the amounts in paragraph 4.a. of this 
section for mathematical accuracy, and trace the amounts used in 
management's calculations to the most recently completed Call Report 
or TFR.
   5. Insider Extensions of Credit Granted.
   a. Information. Obtain management's written representations 
regarding whether the terms and creditworthiness of insider 
extensions of credit granted during the fiscal year are comparable 
to those that would have been available to unaffiliated third 
parties.
   b. Procedures. Select a sample of insiders who were granted or 
had outstanding extensions of credit during the fiscal year from the 
Insider Extensions List. For each extension of credit granted during 
the fiscal year to each insider in the sample selected:
   (1) If a credit granted during the year (aggregated with all 
other extensions of credit to that person and all related interests 
of that person) exceeds the lesser of the amounts calculated in 
paragraph 4.a.(2) of this section on either of the dates used in 
paragraph 4.a. of this section or $500,000, read the minutes of the 
meetings of the board of directors and determine whether the minutes 
indicate that:
   (a) The credit was approved in advance by the board; and
   (b) The insider abstained from participating directly or 
indirectly in voting on the transactions;
   (2) Obtain management's calculation of the institution's 
individual lending limit for insiders pursuant to 12 CFR 215.4(c) as 
of the date when the extension of credit was granted and ascertain 
whether the amount of the extension of credit being granted to the 
insider, when combined with all other extensions of credit to that 
insider, exceeds such limit;
   (3) Based on the types of extensions of credit granted during 
the fiscal year in the sample selected, select a sample of three (or 
such smaller number that exists) for each similar type of extension 
of credit to persons who are not insiders or employees of the 
institution or its affiliates that were granted within four weeks 
before or after the granting of the insider extension of credit:
   (a) Compare the terms of the transactions with the persons not 
affiliated with the institution to those with the insiders, and note 
in the findings any material differences in the terms favorable to 
the insiders compared to the terms of the transactions with persons 
not affiliated with the institution or its affiliates;
   (b) Alternatively, if no comparable transactions with persons 
who are not insiders exist within the time period specified in 
paragraph 5.b.(3) of this section, compare the terms of the insider 
transaction to approved policies delineating the interest rate and 
other terms and conditions in effect for similar extensions of 
credit to unaffiliated persons. Note in the findings any material 
differences in the terms favorable to the insiders compared to the 
terms of the approved policies for an extension of credit to persons 
not affiliated with the institution or its affiliates;
   (4) For each extension of credit granted to each executive 
officer in the sample selected in paragraph 5.b. of this section, 
ascertain that each credit was:
   (a) Preceded by submission of financial statements;
   (b) Approved by, or promptly reported to, the board of 
directors, as appropriate; and
   (c) Made subject to the written condition, as specified in the 
note or other evidence of indebtedness, that the extension of credit 
will become, at the option of the institution, due and payable at 
any time that the executive officer is indebted to other insured 
institutions in an aggregate amount greater than the executive 
officer would be able to borrow from the institution.
   6. Insider Extensions of Credit Outstanding.
   a. Information. Use the sample of insiders selected in paragraph 
5.b. of this section.
   b. Procedure. Trace and agree amounts outstanding from insiders 
in the sample to the supporting documents, as applicable, for the 
line item aggregating indebtedness of all insiders on the 
institution's most recently completed Call Report or TFR.
   7. Limitation on Extensions of Credit to Executive Officers.
   a. Information. From the sample selected in paragraph 5.b. of 
this section, select the executive officers who were granted 
extensions of credit during the year.
   b. Procedures.
   (1) For each executive officer selected, obtain management's 
calculation as of the two dates used in paragraph 4.a. of this 
section of:
   (a) The aggregate amount of extensions of credit to the 
executive officer; and
   (b) 2.5 percent of the institution's unimpaired capital and 
surplus.
   (2) Ascertain whether, and report as an exception if, the 
aggregate amount of the extensions of credit to the executive 
officer exceeds the greater of $25,000 or 2.5 percent of the 
institution's unimpaired capital and surplus, but in no event more 
than $100,000. The aggregate amount should exclude the types of 
extensions of credit set forth in 12 CFR 215.5(c)(1) through (3).
   (3) Recalculate management's computations for mathematical 
accuracy and trace amounts used in management's computations to the 
institution's most recently completed Call Report or TFR.
   (4) If the credit extended is a real estate loan, obtain 
documentation for the credit and note whether such documentation 
contains representations that:
   (a) The purpose of the credit is for the purchase, construction, 
maintenance, or improvement of the executive officer's residence; 
[[Page 8590]] 
   (b) The credit is secured by a first lien on the residence; and
   (c) The executive officer owns or expects to own the residence 
after the extension of credit.
   8. Aggregate Insider Extensions of Credit Outstanding.
   a. Information. Obtain management's calculation of the aggregate 
extensions of credit to executive officers, directors, and principal 
shareholders of the institution and to their related interests as of 
the two dates selected in paragraph 4.a. of this section.
   b. Procedures. Recalculate the amounts obtained in paragraph 
8.a. of this section for mathematical accuracy.
   (1) Compare this total with 100 percent of the institution's 
unimpaired capital and surplus calculated in paragraph 4.a.(1) of 
this section.
   (2) Report any amount by which the aggregate extensions of 
credit exceed 100 percent of the institution's capital and surplus 
as an exception in the findings.
   9. Overdrafts.
   a. Information. Select a sample of insiders from the Insider 
Extensions List who had overdrafts outstanding during the fiscal 
year.
   (1) Obtain a written history of the insider's overdrafts for the 
year and management's written representation concerning the 
completeness of that history.
   (2) For overdrafts of an executive officer or director in an 
aggregate amount of $1,000 or less included in the sample, obtain 
management's written representation that:
   (a) It believes the overdrafts were inadvertent;
   (b) The account was overdrawn in each case for no more than 5 
business days; and
   (c) The institution charged the executive officer or director 
the same fee that it would charge any other customer in similar 
circumstances.
   b. Procedures. For each overdraft by an insider in the sample 
selected in paragraph 9.a. of this section:
   (1) Inquire whether cash items for the insider were being held 
by the institution during the time that the overdraft was 
outstanding to prevent additional overdrafts;
   (2) Trace and agree subsequent payment by the insider of the 
insider's overdrafts to records of the account at the institution; 
and
   (3) For overdrafts of executive officers and directors included 
in the sample that were paid by the institution for the executive 
officer and director from an account at the institution:
   (a) Trace and agree to a written, pre-authorized, interest-
bearing extension of credit plan that specifies a method of 
repayment; or
   (b) Trace and agree to a written, pre-authorized transfer of 
funds from another account of the insider at the institution.
   10. Reports on Indebtedness to Correspondent Banks.
   a. Information. Obtain from management:
   (1) A list of executive officers and principal shareholders and 
related interests thereof that filed reports of indebtedness to a 
correspondent bank. This list should be prepared as of the calendar 
year for which the management assessment and independent public 
accountant's attestation are being filed. If the institution is not 
on a calendar year fiscal year, the list should be prepared as of 
the end of the calendar year during its fiscal year.
   (2) Its written representation concerning the completeness of 
the list for paragraph 10.a.(1) of this section and its written 
representation that all executive officers and principal 
shareholders have been notified of the reporting requirements for 
the calendar year in paragraph 10.a.(1) of this section relative to 
borrowings from correspondent banks by executive officers and 
principal shareholders and their related interests.
   (3) Its representation concerning the amount each executive 
officer would have been able to borrow from the reporting 
institution.
   b. Procedures. Select a sample of executive officers, principal 
shareholders, and related interests thereof from the list obtained 
in paragraph 10.a.(1) of this section.
   (1) Ascertain that each executive officer and principal 
shareholder (or related interest thereof) included in the sample 
reported to the board of directors (on or before the January 31 
following the calendar year in paragraph 10.a.(1)), indebtedness to 
correspondent banks and that such report states:
   (a) The maximum amount of indebtedness during that calendar 
year;
   (b) The amount of indebtedness outstanding 10 days prior to 
report filing; and
   (c) A description of the loan terms and conditions, including 
the rate or range of interest rates, original amount and date, 
maturity date, payment terms, security, and any unusual terms or 
conditions.
   (2) If any executive officer's extensions of credit from all 
correspondent banks from the list obtained in paragraph 10.a.(1) of 
this section exceed the total amount that management represents that 
the executive officer would have been able to borrow from the 
reporting institution during the fiscal year, note whether a report 
pursuant to 12 CFR 215.9 was made to the board of directors of the 
officer's institution within 10 days of the date the indebtedness 
reached such a level.
   B. Dividend Restrictions. If the institution has declared any 
dividends during the fiscal year, the following procedures should be 
performed for each dividend declared. (These procedures are not 
applicable to mutual institutions and insured branches of foreign 
banks.)
   1. Designated Laws. The following federal laws and regulations 
(Designated Dividend Laws), to the extent that they are applicable 
to the institution (see paragraph 2 below), should be read:
   a. Laws: 12 U.S.C. 56, 60, 1467(a)(f), 1831o; and
   b. Regulations: 12 CFR 5.61, 5.62, 6, 7.6120, 19, 208.19, 
208.30, 263, 325.105, 563.134, and 565.
   2. General. Although the information requirements and procedures 
in paragraphs 2. through 5. of this section are applicable to all 
institutions, paragraphs 6. and 7. of this section were designed to 
be applicable to national banks and federally-chartered savings 
associations. However, if the institution is state chartered, and 
the state has dividend restrictions substantially identical to those 
for national banks and federally-chartered savings associations, the 
requirements in paragraphs 6. and 7. of this section for information 
and procedures to be performed should be applied to the state bank 
or savings association.
   a. Information. Obtain from management of the institution the 
following information for the institution's most recent fiscal year:
   (1) Its assessment of the institution's compliance with the 
Designated Dividend Laws and any applicable state laws and 
regulations cited in its assessment.
   (2) A copy of any supervisory agreements with, orders by, or 
resolutions of any regulatory agency (including a description of the 
nature of any such agreements, orders, or resolutions) containing 
restrictions on dividend payments by the institution.
   (3) Its written representation whether dividends declared comply 
with any restrictions on dividend payments under any supervisory 
agreements with, orders by, or resolutions of any regulatory agency 
(including a description of the nature of any such agreements, 
orders, or resolutions).
   b. Procedures.
   (1) Read the foregoing information.
   (2) If any restrictions on dividend payments exist in any 
documents obtained in paragraph 2.a.(2) of this section, test and 
agree dividends declared with any such quantitative restrictions.
   3. Policies and Procedures.
   a. Information. Obtain the institution's written policies and 
procedures concerning its compliance with the Designated Dividend 
Laws. If the institution has no written policies and procedures, 
obtain from the institution a narrative that describes the 
institution's methods for complying with the Designated Dividend 
Laws, and includes provisions similar to those below.
   b. Procedures: Ascertain whether the policies and procedures 
include, or incorporate by reference, provisions which are 
consistent with the Designated Dividend Laws. These would include 
capital limitation tests, including section 38 of the Federal 
Deposit Insurance Act (12 U.S.C. 1831o), earnings limitation tests, 
transfers from surplus to undivided profits, and restrictions 
imposed under any supervisory agreements, resolutions, or orders of 
any federal or state bank regulatory agency. In addition, for 
savings associations, this would include prior notification to the 
OTS.
   4. Board Minutes.
   a. Information. Obtain the minutes of the meetings of the board 
of directors for the most recent fiscal year to ascertain whether 
dividends (either paid or unpaid) have been declared.
   b. Procedures. Trace and agree total dividend amounts to the 
general ledger records and the institution's most recently completed 
Call Report or TFR.
   5. Calculation of Undercapitalization.
   a. Information. Obtain management's computation of the amount at 
which declaration of a dividend would cause the institution to be 
undercapitalized as of each date on which a dividend was declared 
during the fiscal year.
   b. Procedures: Recalculate management's computation (for 
mathematical accuracy) and [[Page 8591]] compare management's 
calculations to the amount of any dividend declared to determine 
whether it exceeded the amount.
   6. Dividends Declared by Banks.
   a. Information. Obtain the computations by the management of 
each national and state member bank concerning the bank's compliance 
with 12 U.S.C. 56, ``Capital Limitation Test'', 12 U.S.C. 60, ``The 
Earnings Limitation Test'', and transfers from surplus to undivided 
profits after declaration of the dividends referenced in paragraph 
4.a. of this section. In a state with substantially similar laws, 
obtain the corresponding computations by the management of each 
state nonmember bank.
   b. Procedures. Recalculate management's computations (for 
mathematical accuracy) and compare management's calculations to the 
standards defined in the tests set forth in paragraph 6.a. of this 
section to ascertain whether the dividends declared fall within the 
permissible levels under these standards. If dividends are not 
permissible in the amounts declared under such standards, ascertain 
whether the dividends were declared with the approval of the 
appropriate federal banking agency or under any other exception to 
the standards. If not, report the findings.
   7. Dividends Declared by Savings Associations.
   a. Information. Obtain management's documentation of the OTS 
determination whether the institution is a Tier 1, Tier 2, or Tier 3 
savings association and management's computations of its capital 
ratio after declarations of dividends under the Tier determined by 
the OTS. For dividends declared, obtain copies of the savings 
association's notifications to the OTS to ascertain whether 
notifications were made at least 30 days before payment of any 
dividends.
   b. Procedures: Recalculate management's computations (for 
mathematical accuracy) and trace amounts used by management in its 
calculations to the institution's TFRs.

Section II--Procedures for the Independent Public Accountant

   If the internal auditor has performed the procedures set forth 
in section I for either or both Designated Laws, the following 
procedures may be performed by the independent public accountant for 
the appropriate designated law(s) if neither the FDIC nor the 
appropriate federal banking agency has objected in writing. The 
report of procedures performed and list of exceptions found by the 
internal auditor, identifying the institution with respect to which 
any exception was found, should be submitted to the audit committee 
of the board of directors. Management should file a summary of the 
internal auditor's significant findings and management's response to 
those findings with the FDIC at the same time as the independent 
public accountant's attestation report is filed.2

   \2\Since this summary supplements the independent public 
accountant's attestation on the Designated Laws, the FDIC has 
determined that the summary is exempt from public disclosure 
consistent with the guidance in Guideline 18 in Appendix A to this 
part 363.
---------------------------------------------------------------------------

   A. Review of Designated Laws. Read either or both of the 
Designated Insider Laws and Designated Dividend Laws applicable to 
the institution, as appropriate to the engagement.
   B. Information and Procedures. Perform the procedures indicated 
as follows:
   1. Designated Laws. Read Section I of this schedule. Obtain 
management's assessment contained in its management report on the 
institution's or holding company's compliance with the Designated 
Laws for the fiscal year.
   2. Internal Auditor's Workpapers.
   a. Information. If an internal auditor performed the procedures 
in Section I, obtain the internal auditor's workpapers documenting 
the performance of those procedures on the institution and the chief 
internal auditor's written representation that:
   (1) The internal auditor or audit staff, if applicable, 
performed the procedures listed in section I on the institution;
   (2) The internal auditor tested a sufficient number of 
transactions governed by the Designated Laws so that the testing was 
representative of the institution's volume of transactions;
   (3) The workpapers accurately reflect the work performed by the 
internal auditor and, if applicable, the internal audit staff;
   (4) The workpapers obtained are complete; and
   (5) The internal auditor's report, which describes the 
procedures performed for the fiscal year as well as the internal 
auditor's findings and exceptions noted, has been presented to the 
institution's audit committee.
   b. Procedures.
   (1) Compare the workpapers to the procedures that are required 
to be performed under section I. Report as an exception any 
procedures not documented and any procedures for which the sample 
size is not sufficient.
   (2) Compare the exceptions and errors listed by the internal 
auditor in its report to the audit committee to those found in the 
workpapers, and report as an exception any exception or error found 
in the internal auditor's workpapers and not listed in the internal 
auditor's list of exceptions.
   3. Testing. a. The independent public accountant should perform 
the procedures listed in Section I on representative samples of the 
insiders and/or transactions of the institution to which the 
Designated Law applies. If the institution's internal auditor is 
performing the procedures in Section I, the samples tested by the 
independent public accountant should be at least 30 percent of the 
size of the samples tested by the internal auditor although samples 
selected by the accountant should be from the population at large. 
However, if there are so few transactions in any area that the 
internal auditor cannot use sampling, but must test all 
transactions, the independent public accountant should also test all 
transactions.
   b. If the testing is being performed on a holding company with 
more than one subsidiary institution that is subject to this part 
363 (covered subsidiary), the samples tested should include a 
combination of insiders and transactions from each covered 
subsidiary with total assets (after deductions of intercompany 
amounts that would be eliminated in consolidation) in excess of 25 
percent of the holding company's total assets every fiscal year. 
Samples should be tested for each smaller covered subsidiary at 
least every other fiscal year unless the holding company has more 
than eight covered subsidiaries, in which case the samples to be 
tested for each Designated Law should be drawn from each smaller 
covered subsidiary at least every third fiscal year.
   4. Reports Concerning Holding Companies. Only one report of any 
exceptions noted from application of the procedures in section II 
performed by the independent public accountant should be filed as 
required by guideline 3 in Appendix A to this part 363, but the 
report should identify, for each exception or error noted, the 
identity of the covered subsidiary to which it relates.

   By order of the Board of Directors.

   Dated at Washington, D.C. this 31st day of January, 1995.

   Federal Deposit Insurance Corporation.
Robert E. Feldman,
Acting Executive Secretary.
[FR Doc. 95-3176 Filed 2-14-95; 8:45 am]
BILLING CODE 6174-01-P

Last Updated: March 24, 2024