Are audit committees a regulatory requirement or just a best practice? It depends on the size and type of your financial institution.
Banks and credit unions have different regulatory requirements and expectations for their audit and supervisory committees. Institution size can also impact expectations for how audit committees are composed.
Where do you fit in? Read on to find out which regulations and audit committee formation applies to your FI.
Read also: Credibility in an Era of Misinformation: What is the Purpose of Auditing
Audit committees are a good practice and sometimes even required by regulation.
Banks with $500 million or more in assets. Section 363.5(a) of the FDIC’s regulations requires federally insured banks with $500 million or more in assets to have a dedicated audit committee.
Banks with less than $500 million in assets. For those under the asset threshold, the OCC encourages banks to have a similarly structured audit committee.
Banks with $1 billion or more in assets. Institutions with $1 billion or more in assets have additional composition requirements. Generally, only outside directors (independent of management) should be part of the audit committee. Section 363.5(a)(3) defines an outside director as an individual who is not, and within the preceding year has not been, an officer or employee of the institution or any affiliate of the institution.
In addition, the FDIC’s Guidelines to Part 363 provide that the board of directors should determine annually whether all existing and potential audit committee members are independent of management. The guidelines also describe the factors that should be considered when making this determination.
Banks with $3 billion or more in assets. The FDIC rule requires these banks’ audit committees include:
These criteria are all described in section 363.5(b) and in Appendix A, sections 32 and 33.
Publicly traded banks. Public reporting banks should also understand securities regulations (12 CFR 11 and 16.17) that impose specific audit committee requirements.
Federal credit unions are required to have a supervisory committee per the Federal Credit Union Act. Most federally insured state-chartered credit unions have similar requirements dictated by state statute or regulation. State-chartered credit unions may find slight differences in their own statutes and regulations but all federally insured credit unions must follow the audit and verification requirements for Supervisory Committees found in Part 741.
A credit union’s supervisory committee is essentially its audit committee. This is reflected in the requirements that the supervisory committee performs an annual audit and submit an audit report to the board of directors and the members during the annual meeting of the credit union.
The composition of the Supervisory Committee is a statutory matter. The Federal Credit Union Act requires that the board of directors appoints a committee with three to five members, one of whom may be an uncompensated director. Additional limitations on who may serve on the supervisory committee may be found in your credit union bylaws (e.g., employees and certain officers may not serve).
The now-retired NCUA Supervisory Committee Guide provides excellent insights into the type of background and skills members of the Supervisory Committee should possess:
The bottom line on audit committees: Audit committees are generally required by regulation and are also a best practice. They are an integral component of the safety and soundness of a financial institution. Make sure audit committee members are supported through continuous training in accounting and risk management.