Agencies Issue Guidance on Corporate Governance for Non-Public Banks
The Federal Reserve, the OCC and the OTS have issued a joint statement concerning the applicability of recent corporate governance initiatives to non-public banks. While these three agencies encourage all banks to review their practices and procedures to ensure that appropriate controls, disclosures and operations are in effect, the good news is that these agencies do not expect to apply the board composition, director independence, audit committee, auditor independence and other requirements of the Sarbanes-Oxley Act or NYSE and NASDAQ proposals generally to non-public banks with less than $500 million in assets.
"Our regulatory approach, as well as the approach adopted by Congress in the Sarbanes-Oxley Act, has sought to balance the goal of strong corporate governance with the recognition that smaller, non-public banking organizations typically have fewer resources and less complex operations than public organizations," the statement says.
Examiners will continue to assess a bank's policies and procedures for corporate governance, internal controls and auditing, however, and may take action if they find deficiencies or weaknesses inconsistent with sound corporate governance practices or safety and soundness. Banks are reminded of two previous interagency policy statements-"External Auditing Programs of Banks and Savings Associations" (Sept. 1999) which encourages all banks to obtain an independent external audit and have an independent audit committee, and "Internal Audit Function and its Outsourcing" (March 2003) which encourages (but does not require) non-public banks to separate the internal audit function from their external auditor.
This latest Fed/OCC/OTS statement contrasts significantly with earlier guidance issued by the FDIC (FIL-17-2003), which details what the FDIC "encourages," but does not require for non-public FDIC-supervised banks with less than $500 million in assets. For example: (1) the FDIC encourages audit partner rotation and "time out" periods if the bank's accounting firm is not "small" (i.e., fewer than ten audit partners), (2) the audit committee should have a mechanism, appropriate to the bank's size and complexity, for employees to submit confidential, anonymous concerns about questionable accounting or auditing matters, (3) each bank should adopt a code of ethics for senior financial officers and, if the bank decides not to do so, the FDIC encourages it to explain why in the board minutes, and (4) although the FDIC does not expect a bank to disclose whether or not it has a financial expert on its audit committee, a "bank may choose to make such a disclosure on its own."
It remains to be seen whether the FDIC encouragements and suggestions in the corporate governance area will turn into items that FDIC examiners expect of non-public banks or whether the FDIC's supervision in this area will be any different from the other agencies. In any case, all non-public banks should review the guidance to see how the agencies will assess their corporate governance.