Federal regulators on Monday told large banks - whether public or private - to hire different accountants to perform internal and external audits and encouraged small banks to do the same.
The policy statement - published jointly by the Federal Deposit Insurance Corp., the Office of the Comptroller of the Currency, the Federal Reserve System, and the Office of Thrift Supervision - had been expected, because the Sarbanes-Oxley Act contained the same requirement for public companies.
The agencies extended the requirement to private banks and thrifts with more than $500 million of assets, and the statement "encourages" those with less than $500 million "to refrain from outsourcing internal audit activities to their external auditor."
Private banks with under $500 million of assets are not even required to obtain an external audit - though the agencies encourage them to do so.
Officials at the trade associations for community banks repeated their concerns about the requirement and urged the regulators to tread as lightly as possible.
"It's actually sort of a problem, because especially in a small town, where do you find enough people to do the work?" said Charlotte Bahin, the director of regulatory affairs at America's Community Bankers. "Where do you find the people who have the independence?"
Karen Thomas, the director of regulatory affairs at the Independent Community Bankers of America, said regulators must be careful not to push too hard on small banks and thrifts, because if they forego an external audit altogether, the net effect would be less disclosure.
"Regulators have to be careful that they don't discourage institutions from having the external audit by having a rigid rule regarding who can perform what function," she said.
The policy statement means that private banks will have to find a second auditor if they want to outsource accounting functions like bookkeeping, or if they need appraisal or valuation services, fairness opinions on acquisitions, actuarial services, or consulting on the design or implementation of information technology systems.
That has become standard practice in recent years as scrutiny of accounting and corporate governance has increased. In fact, U.S. Bancorp was the last of the large banking companies to separate the functions, and it announced its intention to do so even before Congress passed Sarbanes-Oxley.
Accountants have generally reaped higher fees from banks, especially large ones, for performing internal audit functions. Of the $384 million that the largest 14 U.S. banking companies paid to auditors in 2001, less than a quarter was for external services.
Separating the functions is not a new idea.
In 2000, when he was the chairman of the Securities and Exchange Commission, Arthur Levitt suggested that performing internal auditing services threatened the objectivity of an external auditor. Under his leadership, the SEC proposed a rule that would have forbidden an accounting firm from performing both external and internal audit services for the same company, but the agency backed down under withering criticism from public companies and their auditors.
The accounting scandals of late 2001 and 2002 changed the corporate-governance landscape and galvanized congressional support for the reforms that eventually became part of Sarbanes-Oxley.
