FDICIA Compliance Readiness: Is Your Financial Institution Prepared?

FDICIA stands for the Federal Deposit Insurance Corporation Improvement Act. It is a law enacted in the United States in 1991 as a response to the savings and loan crisis of the 1980s. 

Enforced by the Federal Deposit Insurance Corporation (FDIC), the FDICIA as we know it today covers Section 36 of the FDI Act and Part 363 of the FDIC’s regulations. Compliance with these laws is a top priority for financial institutions, whether you are a public or privately insured depository institution (IDI). The laws require you to maintain higher capital levels, implement internal controls and risk management systems, and undergo periodic independent audits. It also includes several other provisions intended to improve the banking industry’s financial stability and regulatory oversight.  

Insured depository institutions with $500 million assets and $1 billion are particularly subject to FDICIA. They must meet certain audit and reporting requirements and document and submit them to appropriate regulatory agencies within a specified time. Mostly within four months of the end of its fiscal year or 120 days.

It is important to note that FDICIA compliance requires a lot of time and resources. For this reason, it is recommended that insured institutions that are close to reaching the stipulated asset mark prepare in time (12-24 months ahead) and start operating like an FDICIA-covered entity prior to when the laws become effective.

FDICIA reporting requirements

What are FDICIA requirements?

1. Audited comparative financial statements (annual)

2. Audited financial statements, as reported on by an independent public accountant.

3. A management report that details the following:

A. A statement of management’s responsibilities for:
Preparing the annual balance sheets and income statements
II . Creating and maintaining a system of internal controls over financial reporting
III. Complying with laws and regulations governing the making of insider loans and restrictions on dividends.

B. The Bank’s annual internal control assessment must analyze the effectiveness of its financial reporting processes during the fiscal year, which includes the following, which is part of FDICIA internal control requirements:
I. Determine the framework used by management to evaluate its internal controls.
Ii.  Examine whether financial statements are presented in accordance with the company’s regulatory reporting instructions;
Iii.  A conclusion is whether the Bank’s internal control over financial reporting is effective as of its fiscal year-end.
Iv.  Disclose all deficiencies in internal control over financial reporting that management has identified and has not been able to resolve prior to the Bank’s fiscal year-end.

C.  The Bank’s management assesses its compliance with laws and regulations that limit loans to officers, directors, or employees of the institution and prohibit distribution of dividends (by subsidiaries to their relatives).

D. The public accountant’s report on the effectiveness of an institution’s internal controls.

4. Required to file its annual report within 120 days of the end of each fiscal year.

5. All members of the audit committee must be independent of management.

Key steps to take in preparing for $500 Million Asset Growth

1. Hire an independent public accountant

The FDICIA strongly emphasizes the need for independently-created financial reports. As such, FDICIA reports are to be filed by an independent public accountant, and whenever there is a new one, appropriate authorities must be notified within 15 days. 

The role of the independent public accountant is “to audit and report on its annual financial statements in accordance with generally accepted auditing standards or the PCAOB’s auditing standards.”

2. Get ready to file an annual report on financial condition and management.

According to the FDIC, institutions with at least $500 million but less than $1 billion in consolidated total assets must submit the following information in their Annual Report:

  • Audited comparative annual financial statements;
  • The independent public accountant’s report on the audited financial statements
  • A management report that contains a statement of management’s responsibilities for preparing the annual financial statements, establishing and maintaining an adequate internal control structure over financial reporting, and complying with the designated safety and soundness laws and regulations pertaining to insider loans and dividend restrictions.
  • An assessment by management of the institution’s compliance with the designated laws and regulations pertaining to insider loans and dividend restrictions during the year must state management’s conclusion regarding compliance and disclose any noncompliance with these laws and regulations.

Under Part 363 of the FDIC’s regulations, privately-owned financial institutions or subsidiaries of a public holding company are given a maximum of 120 days as an accounting period/to file an audit after the end of their financial year. On the other hand, public-owned financial institutions must file an audit within 90 days

3. Establish an Independent audit committee

The FDICIA strongly emphasizes the need for independently-created financial reports. Aside from having an independent auditor, banks must create an audit committee primarily consisting of outside directors who are said to be independent of the institution’s management. The role of this committee is to facilitate room for accountability between the bank and the independent auditor in creating compliant-backed FDICIA reports. Its activities will include reviewing reports from the independent public accountant before it is submitted to the FDIC.

Keys steps to take in preparing for the $1 billion mark

Hitting the $1 billion asset size requires a stronger internal control framework and enhanced procedure for FDICIA reporting. Here are some key considerations for welcoming this significant milestone.

1. Create or hire an FDICIA compliance team

In addition to creating an audit committee primarily composed of external directors, it is necessary, at this stage, to create a team dedicated to compliance with FDICIA. This team should include the audit committee, internal auditors, independent public accountants,s and any other persons in the executive management. This team will help streamline the process and procedures that must be implemented as your bank reaches $1 million or more in asset size.

2. Review current operations and financial reporting strategies

When planning ahead for FDICIA implementation, covered institutions must create internal control over their financial reporting and conduct a thorough analysis of their current operations to identify any areas that may be subject to additional scrutiny under FDICIA. This should include an assessment of their capital adequacy, risk management practices, internal controls, and contingency planning.

Financial institutions should develop a plan to address any areas that require improvement in assessing their current operations. This should include a timeline for implementing any necessary changes, as well as identifying any resources that may be needed to support the implementation of the plan. Conducting this analysis may require a lot of time. Therefore, institutions should start implementing it in advance as part of their FDICIA compliance controls.

3. Assess the effectiveness of internal control over financial reporting

This is a key requirement of the FDICIA annual report that must be implemented by an independent public accountant. Part 18A of the FDICIA Guidelines and Interpretations detailed the standards to be followed by an independent public accountant as regards internal control for banks with $1 billion or more in asset size. Among other things, it states;

(1) For an insured institution that is neither a public company nor a subsidiary of a public company, its independent public accountant needs only to follow the AICPA’s attestation standards.

(2) For an insured institution that is a public company that must comply with the auditor attestation requirement of section 404 of SOX, its independent public accountant should follow the PCAOB’s auditing standards.

How RADD LLC Can Help?

Our team of experienced experts can step in to alleviate the burden and minimize the overhead costs associated with FDICIA compliance for privately held covered financial institutions.

A well-designed FDICIA compliance program ensures that you meet the regulatory mandate to provide an annual attestation of the adequacy of design and operational effectiveness of your internal control over financial reporting. Equally important, it provides management with the peace of mind that operating policies are being followed and is a sound part of good corporate governance.

For many financial institutions, conducting FDICIA compliance-related activities or FDICIA audits and FDICIA controls in-house may be overwhelming and impractical. For example, developing a compliance plan, assessing related risks, devising controls, and maintaining documentation or other necessary activities requires specialized expertise and is time-consuming.

By outsourcing your FDICIA compliance program management to RADD, you benefit from having a team of highly credentialed subject-matter experts who have served as senior compliance leaders and former examiners on your side. Contact us here today!

Download Our Comprehensive Compliance Guide:

Get expert insights on navigating the complex world of financial regulations.