FDIC's Implementation of the Sarbanes-Oxley Act of 2002 – Footnotes
September 29, 2004
Audit Report No. 04-042
Footnote 1: This includes a small number of banks in Puerto Rico, Guam, American Samoa, the Federated States of Micronesia, and the Virgin Islands. At the time of our audit, there were no FDIC-supervised banks in the District of Columbia.
Footnote 2: A holding company is a corporation that exercises control over another company by owning enough voting shares of outstanding common stock and/or controls several related companies.
Footnote 3: A publicly traded company generally has assets exceeding $1 million and a class of equity securities held by 500 or more persons.
Footnote 4: The SEC is a government commission created by the Congress to regulate the securities markets and protect investors. The statutes administered by the SEC are designed to promote full public disclosure and protect the investing public against fraudulent and manipulative practices in the securities markets. Generally, most issues of securities offered in interstate commerce, either through the mail or on the Internet, must be registered with the SEC.
Footnote 5: A class is a group of securities with similar features such as voting rights and dividend payments.
Footnote 6: The Exchange Act identifies and prohibits certain types of conduct in the markets and provides the SEC with disciplinary powers over regulated entities and persons associated with them. The Act also empowers the SEC to require periodic reporting of information by companies with publicly traded securities, and requires companies to file proxy materials with the SEC to ensure compliance with disclosure rules.
Footnote 7: The statute gives the FDIC Board of Directors the discretion to establish the threshold asset size at which a section 36 annual report is required. That amount is currently set at $500 million. A section 36 audit is not required of financial institutions with less than $500 million in total assets. However, the federal banking agencies encourage every insured depository institution, regardless of its size or character, to have an annual audit of its financial statements by an independent public accountant.
Footnote 8: The FDIC's Rules and Regulations do not specifically require that management identify the control framework used to evaluate the effectiveness of the institution's internal control over financial reporting. However, given the requirements of sections 101 and 501 of the American Institute of Certified Public Accountants' attestation standards, the FDIC believes that the framework used must be disclosed or otherwise publicly available to all users of reports that institutions file with the FDIC pursuant to Part 363 of the FDIC's Rules and Regulations.
Footnote 9: A material weakness is a condition where the design or operation of one or more of the internal control components does not reduce to a relatively low level the risk that misstatements caused by errors or fraud in amounts that would be material in relation to the financial statement being audited may occur and not be detected within a timely period by employees in the normal course of performing their assigned functions.
Footnote 10: The FDIC's Rules and Regulations do require an independent public accountant to examine, attest to, and report separately on, the assertion of management concerning the institution's internal control structure and procedures for financial reporting. The Rules and Regulations do not require the accountant to be a registered public accounting firm.
Footnote 11: The four federal regulators are the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System (FRB), the Office of the Comptroller of the Currency, and the Office of Thrift Supervision.
Footnote 12: The FDI Act requires all FDIC-insured banks to be examined on a 12-month cycle. The Act allows the examination cycle to be extended to 18 months for banks with assets of $250 million or less if other factors are met – primarily that the bank is CAMELS-rated 1 or 2 (see footnote 13), well managed, and well capitalized.
Footnote 13: CAMELS (Capital, Asset quality, Management, Earnings, Liquidity, and Sensitivity to market risk) are the rating factors used by federal regulators in examining the safety and soundness of FDIC-insured institutions. A rating of 1 through 5 is given, with 1 having the least regulatory concern and 5 having the greatest concern.
Footnote 14: These letters are distributed only to FDIC-supervised financial institutions with a class of securities registered with the FDIC (registrants).
Footnote 15: OLA was established to act as a central contact point for congressional members and their staff who have inquiries relating to the work of the FDIC. OLA monitors new legislation affecting the banking industry as it makes its way through the legislative process and coordinates with affected FDIC divisions.
Footnote 16: The Supervision and Legislation Section develops, drafts, and provides legal opinions to the Corporation on legislation, regulations, and policy statements that govern the activities, operations, and structures of operating insured depository institutions. The Section also provides guidance on deposit insurance coverage and assessments of member institutions, federal securities laws, and consumer laws. Furthermore, the Supervision and Legislation Section is responsible for the Corporation's compliance with laws and regulations governing rulemaking and information-collection practices.
Footnote 17: Banks with less than $500 million in total assets are not subject to the annual audit and reporting requirements of section 36 of the FDI Act.
Footnote 18: Guidelines include the Interagency Policy Statement on External Programs of Banks and Savings Associations (September 1999) and the Interagency Policy Statement on the Internal Audit Function and its Outsourcing (revised March 2003).