Implementing a SOX / FDICIA Compliance Program


Implementing a SOX / FDICIA Compliance ProgramFinancial institutions with assets of $1 billion or more are required to comply with the FDIC’s regulations implementing the Financial Deposit Improvement Act of 1991 (12 CFR 363, Appendix A). Similarly, publicly held companies must comply with the provisions of the Sarbanes-Oxley Act Section 404. Those regulations, among other factors, require (1) an assessment, as of the end of each fiscal year, of internal control structure and procedures for financial reporting and or (2), in the case of FDICIA, an assessment by management of the institution’s compliance with certain designated laws and regulations relating to safety and soundness during the fiscal year.

The FDICIA regulations further require that the Bank’s independent public accountant examine and attest to management’s assessments. Public accountants must also attest to management assessments for public companies who are accelerated filers under the provisions of SOX 404. In recent years, FDICIA compliance has converged with Sarbanes-Oxley requirements for public companies to focus primarily on internal controls over financial reporting (ICOFR). This is a departure from previous years that required significant effort to document internal control procedures. The current methodology focuses on the most critical and highest level internal controls throughout the organization thereby limiting the number of internal controls that need to be documented and tested annually for compliance.

Our Approach to FDICIA Compliance

We have assisted our larger and publicly held clients in implementing their Sarbanes-Oxley 404 and/or FDIC Improvement Act Section 363 compliance programs. The process is risk / materiality based and begins with identifying the correct internal controls over financial reporting. Our clients have engaged us to assist them in identifying and documenting their SOX / FDICIA controls or in streamlining existing controls for greater efficiency. We work with management and your external auditors to ensure that the identified controls are correct and appropriate for the size and complexity of your organization.

Our customized approach to assisting with FDICIA compliance is based on the following principles:

  1. Simplicity. Our M&M FDICIA model has been tested and proven to be effective for community banks. Documentation of your internal controls over financial reporting is maintained in an Excel workbook that is easy to use and maintain.
  2. Transparency. We map every internal control to an audit and provide instructions to our staff members to test controls during our routine internal audits conducted during the year. Management is informed of any control failures immediately so that remedial action can be taken.
  3. Efficiency. At the end of the FDICIA year, all of the testing results are accumulated by our staff in separate work files for each control and linked to the workbook. We provide a final report that summarizes our work, any outstanding issues, and provides an opinion on compliance with FDICIA internal controls.

Assuming that we establish a working relationship with your organization, we can work with you in one of two ways. While management is ultimately responsible for ownership of the process, we can perform the record keeping aspects of the program and keep management appraised of the status of compliance. Or, the client can manage the record keeping and we will perform the testing and turn the test results over to the client.

Please note that as part of the FDICIA requirements management should be selecting an internal control framework for documenting internal controls. Most companies conform (or are in the process of conforming) to the COSO 2013 framework. We can also assist you with conformance to the COSO 2013 internal control framework guidelines including the 17 principles of internal control mandated by the guidelines.


Successful implementation will result in assurance regarding FDICIA or SOX compliance with respect to internal controls over financial reporting and controls related to compliance with the designated laws and regulations.


We will provide the Bank with an Excel workbook detailing the Bank’s controls for financial reporting for applicable areas, e.g. loans, deposits, accounting, etc. The workbook will detail appropriate test strategies and sampling plans.

Written by: Scott White

No comments yet.

Leave a Reply