With the passage of the Sarbanes-Oxley Act in 2002 1("Sarbanes-Oxley") , a new era of corporate responsibility and accountability for public corporations was born. In many respects, however, the passage of Sarbanes-Oxley was not a watershed event for banking institutions, whether public or private, which were already subject to a multitude of regulatory oversight and statutes. In fact, some of the basic underpinnings of Sarbanes-Oxley were modeled after the Federal Deposit Insurance Corporation Improvement Act (FDICIA), a statute enacted after the savings and loan crisis of the late 1980s and early 1990s to effectuate reform among the nation's banking institutions.
Because some of the requirements of Sarbanes-Oxley are duplicative of those already required under FDICIA, many of the nations banks, particularly smaller community banks, have been calling for Congress and the Securities Exchange Commission (SEC) to give relief from certain provisions of Sarbanes-Oxley. In particular, the call to ease the regulatory burden was most strongly influenced by the subsequent implementation of the Act and accompanying regulations relating to obligations caused by the internal control and external auditing requirements of Sarbanes-Oxley.
Sarbanes-Oxley was passed by Congress in the wake of corporate accounting and disclosure scandals earlier this decade including, among other more notorious examples, the collapses of Enron and WorldCom. Sarbanes-Oxley's aim was to implement a series of controls and safeguards on public companies to establish a more uniform system of corporate accountability and disclosure and to reaffirm the public's confidence in the nation's financial markets. One of the significant provisions of Sarbanes-Oxley was the creation of the Public Company Accounting Oversight Board (PCAOB) whose stated goal was to "oversee the audit of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, accurate, and independent audit reports" for public companies.
Because the perceived need for reform legislation was so great at the time, the sweep of Sarbanes-Oxley was broad and implicated every public company, including those public companies, such as banks and other financial institutions, already under relatively strict governance and oversight control of other federal agencies, including the Federal Reserve Bank (FED), the Office of the Comptroller of the Currency (OTC), the Federal Deposit Insurance Corporation (FDIC), the Office of Thrift Supervision (OTS) as well as a multitude of State Banking Departments.
Almost immediately upon its passage, the FED issued a Supervisory Letter (SR 02-20) outlining the basic provisions of Sarbanes-Oxley and confirming the Act's applicability to banks and bank holding companies that are public companies. Of particular emphasis to banks, the FED pointed out Section 301's requirement that each bank subject to the Act have an audit committee comprised of entirely independent directors whose duties are to oversee responsibility for the appointment and compensation of the bank's outside auditors. The audit committee's responsibilities include establishing and overseeing methods and controls for receiving and addressing any complaints about the bank's accounting, internal accounting controls or auditing matters.
The FED also highlighted in its Supervisory Letter the certification and management assessment requirements comprising a bank's financial disclosure and reporting obligations. In particular, the FED highlighted Section 302 which requires the principal executive officer and principal financial officer of the bank to include certifications in annual and quarterly reports filed by the bank under the Securities and Exchange Act of 1934.
Compliance with Section 302 requires a certifying officer to certify that they have reviewed the report and that based on the certifying officer's knowledge, the report does not contain any material misstatement or omit any material facts necessary to prevent any statement in the report from being misleading. Additionally, Section 302 requires certifying officers to acknowledge they are responsible for maintaining disclosure controls and procedures for the bank and that disclosure of any significant deficiencies or material weakness in the bank's internal controls relating to financial reporting have been reported to the bank's auditor and audit committee.
Lastly, the FED Supervisory Letter recognized the application of Section 404 of the Act to public banking organizations and specifically, the requirement that a bank's annual reports include a statement that the bank's management is responsible for ensuring adequate internal control structures and procedures for financial reporting. This annual certification must be attested to by the bank's external auditor.
Under existing banking laws, including FDICIA, banking organizations are already required to prepare audited financial statements and submit an annual report on internal controls, including an attestation by the bank's outside auditor relating to the bank management's assessment of internal controls. As such, Section 404, having been fashioned after the internal control requirements contained in FDICIA was duplicative and saddled banking organizations with unnecessary compliance costs.
This spring, the Senate Committee on Banking, Housing and Urban Affairs heard testimony in support of the Senate's "Consideration of Regulatory Relief Proposals" for banking organizations. America's Community Bankers (ACB), a national trade association comprised of community banks, was one of the advocates seeking regulatory relief that had representatives submit testimony before the United States Senate. Community Banks, unlike much larger national commercial banks, have found certain provisions of Sarbanes-Oxley particularly burdensome and redundant due to the manpower needed to ensure compliance with the duplicative nature of the regulations and the significant costs associated with compliance.
In its testimony, the ACB acknowledged the benefits of Sarbanes-Oxley in terms of implementing reforms necessary to restore investor confidence in the stock market. The ACB also recognized that improved corporate governance had the effect of strengthening investor protection and promoting the safety and soundness of the banking system. However, the ACB made clear that implementation of Sarbanes-Oxley by the SEC and the PCAOB and the interpretation of the regulatory requirements by outside accounting firms have resulted in costly, burdensome and likely unintended consequences for community banks.
One of the examples noted by the ACB in its testimony was the tremendous burden in terms of cost and time that compliance with Section 404 of Sarbanes-Oxley has created for community banks. Although Section 404 was modeled after the internal control requirements contained FDICIA, only a management statement of assessment of the effectiveness of internal controls over financial reporting is required under FDICIA. In contrast, under Section 404, a banking institution must obtain an independent auditor's attestation and report on the bank management's assessment of the internal controls.
As was stated by the ACB, in implementing Section 404, the SEC approved PCAOB Accounting Standard 2, a standard that entails an external audit of the bank's internal controls and the requirement of an external auditor opinion on the effectiveness of the internal controls. Under FDICIA, banks were allowed to have their external auditor audit the bank's principal executive officer and principal financial officer attestation regarding internal controls, a much less expensive compliance cost.
The ACB testified that this one change in prior practice was the cause of a significant increase in bank audit fees, citing an example that many publicly traded banks are reporting an increase in audit fees of 75 percent over prior years and that some banking organizations audit fees are equaling up to twenty percent (20%) of the bank's net income.
The implementation of Section 404 has also had an apparent effect on the role of outside auditors. In testimony in June 2005 before the Senate Committee on Banking, Housing and Urban Affairs, The Financial Services Roundtable (The Roundtable), an organization representing 100 of the nation's largest integrated financial services companies, noted that implementation of Section 404 has "made auditors hesitant to provide advice to clients, caused auditors to impose excessive testing and documentation requirements on clients, and significantly increased the cost of outside audits."
The American Bankers Association (ABA) also joined in the ACB's call for regulatory relief before the Senate Committee this spring. A representative of the ABA stressed in the ABA's testimony before the Committee that banking organizations are "struggling under the weight of increasing levels of regulatory burdens, many of which do not serve the objective of making the nation's banks operate more soundly or to provide meaningful protections to consumers." The ABA highlighted that "[b]anks, particularly community banks, are strained to the breaking point under the weight of thousands of pages of regulation, guidance, and other mandates."
With respect to implementation of Section 404 of Sarbanes-Oxley, the ABA stressed that the related SEC regulations needed further refinement in order to reduce the significant costs associated with compliance, pointing out that the rules issued by PCAOB to carry out Section 404 went further than the requirements of FDICIA in calling for an additional audit opinion on internal controls. As the ABA contended, the PCAOB's added requirement has resulted in an "unnecessary duplication of effort and cost with little corresponding benefit."
Senator Richard Shelby opened the Senate Committee hearings concerning regulatory relief proposals with an acknowledgement that changes in the financial marketplace "occur quickly and can often lead a once useful regulation to become obsolete and overly burdensome." As the testimony of the ACB and ABA before the Committee make clear, however, the impact of Sarbanes-Oxley on banking organizations is in need of refinement in order to ensure the continued viability of at least some sectors of the nation's banking industry. As the ABA went on to warn the "community bank is in great danger of being regulated right out of business."1Sarbanes Oxley is officially known as the "Public Company Accounting Reform and Corporate Responsibility Act," 15 U.S.C 7201 et. seq.
Published July 1, 2006.