The FDIC Improvement Act of 1991 sets specific requirements for bank audit committees. It places new responsibilities on, and creates new potential liabilities for, the directors who serve on those committees.
In the case of "large institutions," the act also requires that the audit committee have access to its own counsel.
Under the FDIC's recently proposed regulations, a large institution is one with $500 million or more in assets. Thus, if the regulation are approved as is, a great number of institutions - 1,000 by the FDIC's count -- will have to hire audit committee lawyers.
The purpose is not stated in the statute, but it is clear that a lawyer is thought necessary to advise the committee of its legal obligations and rights in the event that it is forced into positions that are adversarial to management, and possibly to the rest of the board.
Independent from Regular Counsel
The lawyer should be independent of the financial institution's regular counsel, given the statutory mandate that the institution have "it's own outside counsel" and the potential that the committee may, from time to time, be at variance with management and the full board.
Given the responsibilities imposed by law on the bank audit committee, and other recent legislative and regulatory efforts to hold directors liable for management's every foible, all audit committees, and possibly all boards of directors, may be well advised to have access to their own lawyer at all times.
The law focuses on an institution's internal controls and requires greater scrutiny of bank operations than ever before by outside regulators and the bank's own auditors and board of directors.
Specific Filings Mandated
The law adds to the Federal Deposit Insurance Act a new section 36, which requires banks to make specific filings in annual reports.
It also requires that the FDIC, in consultation with the appropriate federal banking agencies, prescribe regulations requiring an annual independent audit of an institution's financial statements in accordance with generally accepted auditing standards and section 37 of the FDIC law (which requires that financial statements conform to generally accepted accounting principles and imposes other accounting requirements).
The audit will indicate whether the financial statement of the institution is presented fairly in accordance with GAAP and complies with any other disclosure requirements of the law and banking regulators.
Review of Accounting Reports
The 1991 law requires each institution to have an audit committee composed of outside directors who are independent of management. This committee must review with management and the independent accountant the basis for the reports made under this section.
In the case of large institutions, the audit committee will include members who have banking or financial management expertise and have access to the committee's own outside counsel, and may not include any large customers of the institution.
Independent auditors must agree to provide working papers to the FDIC and banking regulators, when requested, and they must have received a peer review that meets guidelines acceptable to the FDIC. Reports on auditor peer reviews will be filed with the FDIC and will be publicly available.
Auditor Must Get Most Recent Data
A depository institution must provide the auditor with its most recent report of condition and most recent examination report.
It must also provide information about any supervisory actions taken against the institution. Insured institutions must inform the FDIC and appropriate state of federal regulators in writing within 15 days of a change of auditor due to resignation or dismissal.
The responsibilities imposed by the statute fall as much on the audit committee as on the institution itself, and add to the bank director's burden of liability.
Role of State Law
Generally speaking, directors' liability for decisions made affecting the operation of the financial institution are governed by state Law.
Most states follow some form of the Model Business Corporation Act, which requires that directors execute their responsibilities in good faith, exercising the degree of "care that an ordinarily prudent person would exercise under similar circumstances."
Under this standard, a director charged with negligence could rely in many cases on the rule that a director is not responsible for adverse consequences if the decision in question appeared to represent sound business judgment at the time it was made.
Standard Appears Tougher
Under the audit committee requirements of the 1991 law, however, the standard of care has arguably been made stricter. For the first time, there is a statutory directive for the audit committee to assume a participatory role with management.
How the courts will view this liability is yet to be determined, but there are signs that directors sitting on audit committees can expect to be held to higher than usual standards.
Lawyers advising boards of directors and audit committees are well advised to keep this potentially higher level of liability in mind when considering the scope of their engagement. Here is an outlined of what might be expected:
* Hiring the auditor. The law sets guidelines for hiring the auditor. The Attorney should see to it that the audit committee is advised about what the guidelines are, and that the hiring process is thoroughly documented. Documentation should include a thorough explanation of the committee's reason for selecting the auditor.
* Overseeing the audit. The auditor's role is to ensure the accuracy of the reports published by management. Hence the auditor should be completely independent of management, and the audit committee should rely to some degree on the auditor.
However, in these times of affirmative duties for directors, one cannot be too careful. The attorney should educate the directors on the role of the auditor, so that the committee is prepared to be certain that the auditor is conducting its work appropriately.
* Communications and disclosures. Management is responsible for making certain disclosures to the auditor about the condition and supervisory performance of the institution. The attorney should work closely with the audit committee to ensure that the auditor makes these disclosures and follows up on them.
* Records and files. The audit committee should keep complete records of its meetings, decision-making process, and recommendations. The attorney should be certain that these records are accurate.
* Accuracy of the final report. The audit committee is ultimately responsible for ensuring that the auditor has properly verified the bank's financial statements and that the final financial statement is not at odds with its own findings.
* Audit committee rights and responsibilities. If the authority of the audit committee is questioned, the attorney should be prepared to provide legal advice explaining the rights and duties of the committee.