Many bank balance sheets grew rapidly during the pandemic as a result of significant deposit growth. While institutions may be back to pre-pandemic growth rates, leadership shouldn’t lose sight of key asset thresholds that will trigger additional regulatory requirements. Increases to borrowings to fund liquidity or loan growth, declines in unrealized losses on investment securities, or a strategic merger/acquisition are just a few items that could expand an institution’s balance sheet and trigger expanded regulatory requirements. The Federal Deposit Insurance Corporation Improvement Act (FDICIA) sets the following two asset-size thresholds for additional compliance requirements:
- The first set of additional requirements go into effect when a bank charter reaches assets of $500 million or more as of the first date of its fiscal year.
- The second set of additional compliance requirements apply once the bank charter reaches assets of $1 billion or more.
Preparing for the increased compliance requirements is a significant undertaking and early planning is key, especially for the requirements that come along with the $1 billion mark.
New requirements at $500 million
Once a bank exceeds the $500 million mark as of the first day of its fiscal year, it will need to comply with the following three new requirements:
- First, bank management must prepare a complete set of comparative financial statements with the initial filing to the Federal Deposit Insurance Corporation (FDIC).
- Second, management-prepared financial statements must be audited by an auditor who’s independent in accordance with the stricter provisions set forth by both the Securities and Exchange Commission (SEC) and Public Company Accounting Oversight Board (PCAOB), regardless of whether the bank is an SEC registrant.
- Lastly, the bank will need to establish an audit committee consisting primarily of outside directors.
It’s important to start planning at least a year in advance of crossing this threshold to ensure that the bank’s financial statement auditor meets the stricter independence rules, that the bank can develop a plan to prepare its own complete set of financial statements, and that the bank has the time to locate and recruit the right outside directors.
Crossing the $1 billion threshold
Reaching $1 billion in assets represents another critical milestone for any bank. Crossing this threshold adds to the requirements discussed above and is a much larger undertaking. Most notably, when the bank crosses this threshold, the financial statement auditor must be engaged to provide an opinion on the design and operating effectiveness of internal controls over financial reporting. Essentially, think Sarbanes-Oxley but for all banks, even if not registered with the SEC.
The key to complying with the new requirement at the $1 billion milestone is the early development of a roadmap that ensures a smooth adoption. The bank’s goal should be to have internal controls designed and operating effectively on the first day of the fiscal year in which this milestone applies. Board members and management that start late and identify modifications to the design and operation of internal controls midyear often find themselves facing resource constraints and related costs that could have been avoided.
The roadmap below is designed to assist banks and their audit committees by describing some best practices they can use in evaluating the status of their internal controls implementation. With the expiration of the FDICIA relief provided by the regulators, many banks will be subject to compliance with the requirements of one of these FDICIA thresholds in the upcoming years. A proactive approach with constant monitoring and communication between all parties is a must. To assist with the oversight, we recommend developing a roadmap with milestones to monitor and stay on track for a successful adoption.
The below roadmap shows when the more significant requirements of the $1 billion threshold will first apply.
Conclusion
If you have any questions about the FDICIA implementation roadmap and related requirements, please contact us.