bank's total assets and tangible equity and deduct such investment from its total risk-based capital (this deduction shall be made equally from Tier 1 and Tier 2 capital). (b) Community Reinvestment Act (CRA). An insured state nonmember bank may not commence any new activity subject to section 46(a) of the Federal Deposit Insurance Act (12 U.S.C. 1831w) or directly or indirectly acquire control of a company engaged in any such activity pursuant to § 362.18(a)(1), if the bank or any of its insured depository institution affiliates received a CRA rating of less than "satisfactory record of meeting community credit needs" in its most recent CRA examination. (c) Other requirements. An insured state nonmember bank controlling or holding an interest in a financial subsidiary under section 46(a) of the Federal Deposit Insurance Act (12 U.S.C. 1831w) must meet and continue to meet the requirements set forth in paragraph (a) of this section as long as the insured state nonmember bank holds the financial subsidiary and: (1) Disclose and continue to disclose the capital separation required in paragraph (a)(3) in any published financial statements; (2) Comply and continue to comply with sections 23A and 23B of the Federal Reserve Act (12 U.S.C. 371c and 371c-1) as if the subsidiary were a financial subsidiary of a national bank; and (3) Comply and continue to comply with the financial and operational standards provided by section 5136A(d) of the Revised Statutes of the United States (12 U.S.C. 24A(d)), unless otherwise determined by the FDIC. (d) Securities underwriting. If the financial subsidiary of the insured state nonmember bank will engage in the public sale, distribution or underwriting of stocks, bonds, debentures, notes, or other securities activity of a type permissible for a national bank only through a financial subsidiary, then the state nonmember bank and the financial subsidiary also must comply and continue to comply with the following additional requirements: (1) The securities business of the financial subsidiary must be physically separate and distinct in its operations from the operations of the bank, provided that this requirement shall not be construed to prohibit the bank and its financial subsidiary from sharing the same facility if the area where the financial subsidiary conducts securities business with the public is physically distinct from the routine deposit taking area of the bank; (2) The financial subsidiary must conduct its securities business pursuant to independent policies and procedures designed to inform customers and prospective customers of the financial subsidiary that the financial subsidiary is a separate organization from the insured state nonmember bank and that the insured state nonmember bank is not responsible for and does not guarantee the obligations of the financial subsidiary; (3) The bank must adopt policies and procedures, including appropriate limits on exposure, to govern its participation in financing transactions underwritten by its financial subsidiary; and (4) The bank must not express an opinion on the value or the advisability of the purchase or sale of securities underwritten or dealt in by its financial subsidiary unless the bank notifies the customer that the entity underwriting, making a market, distributing or dealing in the securities is a financial subsidiary of the bank. (e) Applications for exceptions to certain requirements. Any insured state nonmember bank that is unable to comply with the well-managed requirement of §362.18(a)(1) and (c)(1), any state nonmember bank that has appropriate reasons for not meeting the financial and operational standards applicable to a financial subsidiary of a national bank conducting the same activities as provided in §362.18(c)(3) or any state nonmember bank and its financial subsidiary subject to the securities underwriting activities requirements in § 362.18(d) that is unable to meet such requirements may submit an application in compliance with § 303.121 of this chapter to seek a waiver or modification of such requirements under the procedure in §303.122(b) of this chapter. The FDIC may impose additional prudential safeguards as are necessary as a condition of its consent. 197-036 D-01--15 (f) Failure to meet requirements. (1) Notification by FDIC. The FDIC will notify the insured state nonmember bank in writing and identify the areas of noncompliance, if: (i) The FDIC finds that an insured state nonmember bank or any of its insured depository institution affiliates is not in compliance with the CRA requirement of § 362.18(b) at the time any new activity is commenced or control of the financial subsidiary is acquired; (ii) The FDIC finds that the facts to which an insured state nonmember bank certified under §362.18(a) are not accurate in whole or in part; or (iii) The FDIC finds that the insured state nonmember bank or any of its insured depository institution affiliates or the financial subsidiary fails to meet or continue to comply with the requirements of § 362.18(c) and (d), if applicable, and the FDIC has not granted an exception under the procedures set forth in § 362.18(e) and in §303.122(b) of this chapter. (2) Notification by state nonmember bank. An insured state nonmember bank that controls or holds an interest in a financial subsidiary must promptly notify the FDIC if the bank becomes aware that any depository institution affiliate of the bank has ceased to be well-capitalized. (3) Subsequent action by FDIC. The FDIC may take any appropriate action or impose any limitations, including requiring that the insured state nonmember bank to divest control of any such financial subsidiary, on the conduct or activities of the insured state nonmember bank or any financial subsidiary of the insured state bank that fails to: (i) Meet the requirements listed in § 362.18(a) and (b) at the time that any new section 46 activity is commenced or control of a financial subsidiary is acquired by an insured state nonmember bank; or (ii) Meet and continue to meet the requirements listed in § 362.18(c) and (d), as applicable. (g) Coordination with section 24 of the Federal Deposit Insurance Act. (1) Continuing authority under section 24. Notwithstanding § 362.18(a) through (f), an insured state bank may retain its interest in any subsidiary: (i) That was conducting a financial activity with authorization in accordance with section 24 of the Federal Deposit Insurance Act (12 U.S.C. 1831a) and the applicable implementing regulation found in subpart A of this part 362 before the date on which any such activity became for the first time permissible for a financial subsidiary of a national bank; and (ii) Which insured state nonmember bank and its subsidiary continue to meet the conditions and restrictions of the section 24 order or regulation approving the activity as well as other applicable law. (2) Continuing authority under section 24(f) of the Federal Deposit Insurance Act. Notwithstanding § 362.18(a) through (f), an insured state bank with authority under section 24(f) of the Federal Deposit Insurance Act (12 U.S.C. 1831a(f)) to hold equity securities may continue to establish new subsidiaries to engage in that investment activity. (3) Relief from conditions. Any state nonmember bank that meets the requirements of paragraph (g)(1) of this section or that is subject to section 46(b) of the Federal Deposit Insurance Act (12 U.S.C. 1831w(b)) may submit an application in compliance with § 303.121 of this chapter and seek the consent of the FDIC under the procedure in §303.122(b) of this chapter for modification of any conditions or restrictions the FDIC previously imposed in connection with a section 24 order or regulation approving the activity. (4) New financial subsidiaries. Notwithstanding subpart A of this part 362, an insured state bank may not, on or after November 12, 1999, acquire control of, or acquire an interest in, a financial subsidiary that engages in activities as principal or commences any new activity under section 46(a) of the Federal Deposit Insurance Act (12 U.S.C. 1831w) other than as provided in this section. 363.4 Filing and notice requirements. 363.5 Audit committees. APPENDIX A TO PART 363-GUIDELINES AND INTERPRETATIONS AUTHORITY: 12 U.S.C. 1831m. SOURCE: 58 FR 31335, June 2, 1993, unless otherwise noted. § 363.0 OMB control number. The collecting of information requirements in this part have been approved by the Office of Management and Budget under OMB control number 3064-0113. §363.1 Scope. (a) Applicability. This part applies with respect to fiscal years of insured depository institutions which begin after December 31, 1992. This part does not apply with respect to any fiscal year of any insured depository institution, the total assets of which, at the beginning of such fiscal year, are less than $500 million. (b) Compliance by subsidiaries of holding companies. (1) The audited financial statements requirement of §363.2(a) may be satisfied for an insured depository institution that is a subsidiary of a holding company by audited financial statements of the consolidated holding company. (2) The other requirements of this part for an insured depository institution that is a subsidiary of a holding company may be satisfied by the holding company if: (i) The services and functions comparable to those required of the insured depository institution by this part are provided at the holding company level; and (ii) The insured depository institution has as of the beginning of its fiscal year: (A) Total assets of less than $5 billion; or (B) Total assets of $5 billion or more and a composite CAMEL rating of 1 or 2. (3) The appropriate federal banking agency may revoke the exception in paragraph (b)(2) of this section for any institution with total assets in excess of $9 billion for any period of time during which the appropriate federal banking agency determines that the institution's exemption would create a sig nificant risk to the affected deposit insurance fund. [58 FR 31335, June 2, 1993, as amended at 61 FR 6493, Feb. 21, 1996] § 363.2 Annual reporting requirements. (a) Audited financial statements. Each insured depository institution shall prepare annual financial statements in accordance with generally accepted accounting principles which shall be audited by an independent public accountant. (b) Management report. Each insured depository institution annually shall prepare, as of the end of the institution's most recent fiscal year, a management report signed by its chief executive officer and chief accounting or chief financial officer which contains: (1) A statement of management's responsibilities for preparing the institution's annual financial statements, for establishing and maintaining an adequate internal control structure and procedures for financial reporting, and for complying with laws and regulations relating to safety and soundness which are designated by the FDIC and the appropriate federal banking agency; and (2) Assessments by management of the effectiveness of such internal control structure and procedures as of the end of such fiscal year and the institution's compliance with such laws and regulations during such fiscal year. § 363.3 Independent public accountant. (a) Annual audit of financial statements. Each insured depository institution shall engage an independent public accountant to audit and report on its annual financial statements in accordance with generally accepted auditing standards and section 37 of the Federal Deposit Insurance Act (12 U.S.C. 1831n). The scope of the audit engagement shall be sufficient to permit such accountant to determine and report whether the financial statements are presented fairly and in accordance with generally accepted accounting principles. (b) Additional report. Such independent public accountant shall examine, attest to, and report separately on, the assertion of management concerning the institution's internal control structure and procedures for financial reporting. The attestation shall be made in accordance with generally accepted standards for attestation engagements. (c) Notice by accountant of termination of services. An independent public accountant performing an audit under this part who ceases to be the accountant for an insured depository institution shall notify the FDIC and the appropriate federal banking agency in writing of such termination within 15 days after the Occurrence of such event, and set forth in reasonable detail the reasons for such termination. [58 FR 31335, June 2, 1993, as amended at 62 FR 63257, Nov. 28, 1997] § 363.4 Filing and notice requirements. (a) Annual reporting. Within 90 days after the end of its fiscal year, each insured depository institution shall file with each of the FDIC, the appropriate federal banking agency, and any appropriate state bank supervisor, two copies of an annual report containing audited annual financial statements, the independent public accountant's report thereon, management's statements and assessments, and the independent public accountant's attestation report concerning the institution's internal control structure and procedures for financial reporting as required by §§ 363.2(a), 363.3(a), 363.2(b), and 363.3(b), respectively. (b) Public availability. The annual report in paragraph (a) of this section shall be available for public inspection. (c) Independent accountant's reports. Each insured depository institution shall file with the FDIC, the appropriate federal banking agency, and any appropriate state bank supervisor, a copy of any management letter, qualification, or other report issued by its independent public accountant with respect to such institution and the services provided by such accountant pursuant to this part within 15 days after receipt. (d) Notice of engagement or change of accountants. Each insured depository institution shall provide, within 15 days after the occurrence of any such event, written notice to the FDIC, the appropriate federal banking agency, and any appropriate state bank supervisor of the engagement of an independent public accountant, or the resignation or dismissal of the independent public accountant previously engaged. The notice shall include a statement of the reasons for any such event in reasonable detail. [58 FR 31335, June 2, 1993, as amended at 61 FR 6493, Feb. 21, 1996; 62 FR 63257, Nov. 28, 1997] §363.5 Audit committees. (a) Composition and duties. Each insured depository institution shall establish an independent audit committee of its board of directors, the members of which shall be outside directors who are independent of management of the institution, and the duties of which shall include reviewing with management and the independent public accountant the basis for the reports issued under this part. (b) Committees of large institutions. The audit committee of any insured depository institution that has total assets of more than $3 billion, measured as of the beginning of each fiscal year, shall include members with banking or related financial management expertise, have access to its own outside counsel, and not include any large customers of the institution. If a large institution is a subsidiary of a holding company and relies on the audit committee of the holding company to comply with this rule, the holding company audit committee shall not include any members who are large customers of the subsidiary institution. [58 FR 31335, June 2, 1993, as amended at 61 FR 6493, Feb. 21, 1996] APPENDIX A TO PART 363-GUIDELINES AND INTERPRETATIONS TABLE OF CONTENTS Introduction Scope of Rule (§ 363.1) 1. Measuring Total Asset 2. Insured Branches of Foreign Banks 3. Compliance by Holding Company Subsidiaries 4. Comparable Services and Functions Annual Reporting Requirements (§ 363.2) 5. Annual Financial Statements 6. Holding Company Statements 7. Insured Branches of Foreign Banks 8. Management Report 9. Safeguarding of Assets 10. Standards for Internal Controls 11. Service Organizations 12. Compliance with Laws and Regulations Role of Independent Public Accountant 13. General Qualifications 14. Independence 15. Peer Reviews 16. Filing Peer Review Reports 17. Information to Independent Public Accountant 18. Attestation Report 19. Reviews with Audit Committee and Management 20. Notice of Termination 21. Reliance on Internal Auditors Filing and Notice Requirements (§ 363.4) 22. Place for Filing 23. Relief From Filing Deadlines 24. Public Availability 25. Independent Public Accountant's Reports 26. Notices Concerning Accountants Audit Committees (§ 363.5) 27. Composition 28. "Independent of Management" Considerations 29. Lack of Independence 30. Holding Company Audit Committees 31. Duties 32. Banking or Related Financial Management Expertise 33. Large Customers 34. Access to Counsel 35. Forming and Restructuring Audit Committees Other 36. Modifications of Guidelines Schedule A to Appendix A-Agreed Upon Procedures for Determining Compliance With Designated Laws INTRODUCTION Congress added section 36, "Early Identification of Needed Improvements in Financial Management" (section 36), to the Federal Deposit Insurance Act (FDI Act) in 1991. The FDIC Board of Directors adopted 12 CFR part 363 of its rules and regulations (the Rule) to implement those provisions of section 36 that require rulemaking. The FDIC also approved these "Guidelines and Interpretations" (the Guidelines) and directed that they be published with the Rule to facilitate a better understanding of, and full compliance with, the provisions of section 36. Although not contained in the Rule itself, some of the guidance offered restates or refers to statutory requirements of section 36 and is therefore mandatory. If that is the case, the statutory provision is cited. Furthermore, upon adopting the Rule, the FDIC reiterated its belief that every insured depository institution, regardless of its size or charter, should have an annual audit of its financial statements performed by an independent public accountant, and should establish an audit committee comprised entirely of outside directors. The following Guidelines reflect the views of the FDIC concerning the interpretation of section 36. The Guidelines are intended to assist insured depository institutions (institutions), their boards of directors, and their advisors, including their independent public accountants and legal counsel, and to clarify section 36 and the Rule. It is recognized that reliance on the Guidelines may result in compliance with section 36 and the Rule which may vary from institution to institution. Terms which are not explained in the Guidelines have the meanings given them in the Rule, the FDI Act, or professional accounting and auditing literature. SCOPE OF RULE (§ 363.1) 1. Measuring Total Assets. To determine whether this part applies, an institution should use total assets as reported on its most recent Report of Condition (Call Report) or Thrift Financial Report (TFR), the Idate of which coincides with the end of its preceding fiscal year. If its fiscal year ends on a date other than the end of a calendar quarter, it should use its Call Report or TFR for the quarter end immediately preceding the end of its fiscal year. 2. Insured Branches of Foreign Banks. Unlike other institutions, insured branches of foreign banks are not separately incorporated or capitalized. To determine whether this part applies, an insured branch should measure claims on non-related parties reported on its Report of Assets and Liabilities of U.S. Branches and Agencies of Foreign Banks (form FFIEC 002). 3. Compliance by Holding Company Subsidiaries. Audited consolidated financial statements and other reports or notices required by this part which are submitted by a holding company for any subsidiary institution, should be accompanied by a cover letter identifying all subsidiary institutions to which they pertain. An institution filing holding company consolidated financial statements as permitted by §363.1(b) also may report on changes in its independent public accountant on a holding company basis. An institution that does not meet the criteria in section 36(i) must satisfy the remaining provisions of the statute and this part on an individual institution basis, and maintain its own audit committee. Multi |