A regional head of the Federal Deposit Insurance Corp. told local bankers on Tuesday that fraud is a factor behind the FDIC’s embrace of the Sarbanes-Oxley Act of 2002.
Daniel Frye, area director of the Boston office of the FDIC, gave a detailed speech on the agency’s opinion on the Sarbanes-Oxley Act of 2002 before a large crowd at the Connecticut Bankers Association’s 2003 Directors and Senior Officers Symposium.
The symposium, which took place at the Aqua Turf Club in Plantsville, was a chance for bank administrators to be updated on current industry trends and regulations. Among the featured speakers was Frye, who spoke at length on how Connecticut banks will be affected by the act.
The act, adopted in November of last year, was designed to improve the quality and transparency in financial reporting, independent audits and accounting services for public companies. Part of that involves the creation of an accounting oversight board for public companies and the enhancement of the standard setting process for accounting practices.
Other areas of the act include the strengthening of the independence of firms that audit public companies, increasing corporate responsibility and the usefulness of corporate financial disclosure, and the protection of objectivity and independence of securities analysts.
“There has been a lot of trepidation as to how heavy-handed the FDIC will be in complying with Sarbanes-Oxley,” said Frye. “What I’m saying is that just because it’s out there doesn’t mean it’s law or practice.”
Frye added, “Banking is well ahead of other industries as far as regulation is concerned. Banking has always had regulation and is used to this level of it.”
‘Red Flags’
The provisions of the act are primarily directed toward companies, including insured depository institutions that have a class of securities registered with the Securities and Exchange Commission or are public companies. Since the enactment of the act, the FDIC has received questions about the applicability of Sarbanes-Oxley to insured depository institutions. According to Frye, the answers to those questions depend, in large part, on an institution’s size and whether it is a public company or a subsidiary of a public company.
“From our perspective the industry has done a really good job, and for many institutions this isn’t a big change,” said Frye, noting that there are only six publicly traded banks in Connecticut.
One of the main reasons behind Sarbanes-Oxley and the FDIC’s compliance with it is the fact that fraud has become increasingly rampant among banking institutions in recent years. According to Frye, fraud was a significant reason in more than half of all bank failures since 1997, totaling $1.2 billion in fraud losses.
“As technology has advanced it has become easier for insiders and outside forces to access banks and commit fraud,” said Frye. Among those banks that failed due to fraud, an average of 45 percent of their total assets were lost. That is compared to only 21 percent from a non-fraud failure.
“We haven’t done a good job of recognizing red flags,” said Frye. He said that collusion and a dominant individual on a board were the most common factors in bank fraud.
“We’re going to be stepping up our examiner training with fraud-specific components,” said Frye.
The FDIC has set up three categories for financial institutions. The first is publicly traded banks and institutions, including banks that are subsidiaries of public holding companies. The second category is non-public banks with $500 million in total assets or more and the third is non-public banks with less than $500 million in total assets.
“Small banks in New England are a lot different than those in the rest of the country,” said Frye, noting that throughout most of the United States, 50 percent of banks have less than $100 million in total assets. That isn’t the case in New England, where a much larger percent of banks have more than $100 million in assets.
There are a total of 386 banks in New England, he added.
As far as compliance with Sarbanes-Oxley is concerned, publicly traded companies must be in full compliance and follow all of the tenants outlined in the act, according to Frye.
Non-public banks with assets over $500 million are subject to most of the requirements under the act. Frye said those institutions are subject to the annual audit and regulatory requirements.
Frye spoke primarily about Title II of the act, which deals mostly with auditor independence. Basically, as Frye put it, the auditors involved must be rotated on a regular basis. All engagements by auditors are to be recorded by the audit committee at the institution as well. Also, auditors must not perform certain duties within the institution. For example, the external auditor must not be the internal auditor as well, and they must not perform bookkeeping services or other similar services in the bank.
The lead partner on an audit team must be rotated every five years. They must then sit out for five years until they can serve again as lead partner. Lesser partners can serve for seven years and only have to sit out two before they can serve again.
Frye pointed out that there are small-firm exceptions to those rules. Also, the rules don’t necessarily apply to banks under $500 million. If, for example, a bank wants to have the same audit firm for both its internal and external audits, it must document its reasons for doing so.
“Basically, Sarbanes-Oxley is a laundry list of bank practices that are already used in the industry,” said Frye, noting that most of the rules outlined in the act are already common sense to bank administrators. “You really just need to look at the act and see what aspects work for you.”
He added, “The act is really pushing for strong internal control and strong corporate governance, and the smaller you are, the more difficult a bank is to control. That said, I think that this is more about self discipline than a regulatory burden.”
Frye recommended making sure that a bank is getting an independent look from its audit team, and to have the bank’s audit committee pre-approve any engagements before they take place.
Frye, who was recently appointed to his position as area director, previously had served as the Boston regional manager for the FDIC’s Division of Insurance since July of 1996. He began his career with the FDIC in August of 1977 as a bank examiner in Augusta, Maine. Frye left the FDIC in 1983 and worked for a New Hampshire bank for nine years before it failed. He returned in 1992 as a bank examiner and capital markets specialist prior to being appointed to the DOI.