CFOs: If your bank is approaching $1 billion in assets, you can’t keep putting off FDICIA

As banks approach the $1 billion asset threshold, CFOs face a regulatory reality that is widely known, yet frequently underestimated. The Federal Deposit Insurance Corporation Improvement Act (FDICIA) establishes new requirements for audit scope, auditor independence, governance and management’s reporting responsibilities.

The key challenge for many institutions isn’t understanding the requirements, but building enough lead time to implement them. Keep reading to learn more.

FDICIA readiness begins well before the threshold

For banks with over $750 million in assets, planning should already be underway. Key decisions — particularly around auditor independence, audit committee oversight and the availability of qualified service providers — often must be made well before the first year of compliance.

Starting early gives finance leaders time to confirm the audit approach, address independence-related service restrictions and if needed, conduct an orderly auditor transition or engage alternative providers without compressing timelines.

• While the statutory requirements apply at the beginning of the fiscal year following the year a bank reaches $1 billion in assets, regulators and boards expect management to create, and begin working through a plan well in advance of this milestone.
• Most institutions benefit from beginning FDICIA readiness planning 12–18 months before management anticipates crossing the threshold.
• This lead time is critical because FDICIA affects more than compliance checklists. It reshapes auditor relationships, internal controls, documentation standards and board oversight, which are all areas that require coordination, resources and time.
• CFOs who delay planning often discover that the most complex changes are the ones they assumed would be simplest.

CFOs should start thinking about audit independence early on

Auditor independence is an ongoing evaluation of whether the financial statement auditor can perform a financial statement audit objectively and without assuming management responsibilities. Independence considerations are present for all audits; however, once a bank becomes subject to FDICIA, the independence requirements typically become more restrictive.

• This is particularly important when the financial statement audit firm also performs non-attest (non-audit) services.
• These restrictions apply to all of the years presented in the financial statements, including years presented before FDICIA first applies.
• For that reason, banks approaching $1 billion in assets should assess independence impacts in advance rather than waiting until FDICIA is effective to avoid unnecessary and costly changes at the last minute.

Certain audit and tax services become prohibited for your financial statement auditor

In practice, services that become prohibited for the financial statement auditor under FDICIA include assistance with financial statement preparation, internal audit outsourcing or co-sourcing, IT general controls (ITGC) reviews and certain tax services provided to bank executives. Where these services are currently provided by the financial statement audit firm, management may need to plan for taking on these responsibilities internally or transitioning the work to other providers to maintain audit independence.

This is not a reflection of audit quality or trust. It is a structural requirement of FDICIA. And resolving it effectively requires advanced preparation.

How do you select the right financial statement auditor?

When a bank becomes subject to FDICIA, the annual financial statements must be audited by an independent public accountant. For some institutions, that means selecting a financial statement audit firm for the first time. For others it means confirming that the current financial statement auditor can continue under the enhanced independence requirements.

Leave plenty of time to find your independent auditor

Whether the bank is getting a financial statement audit for the first time or transitioning to a different firm, the process can be disruptive if it is initiated late. A request-for-proposal, firm qualification and selection, engagement scoping and audit onboarding all take time.

Delays here often translate into compressed timelines for management, heavier documentation requests and higher professional fees. In some cases, banks may also face overlapping work as responsibilities move from one provider to another.

CFOs who address the audit requirement early can control the outcome by confirming the right firm, setting expectations with the audit committee and managing provider changes in a deliberate way. The objective is to avoid last‑minute decisions that limit options and increase disruption during the first year the bank is subject to FDICIA.

Your board will need to establish an audit committee

FDICIA explicitly requires your bank to establish an audit committee within the board of directors. For institutions with total assets of $1 billion or more but less than $5 billion, the audit committee must entirely consist of outside directors, and a majority of those outside directors must be independent of management.

These definitions matter. An “outside director” generally means a director who is not — and within the preceding fiscal year has not been — an officer or employee of the institution or an affiliate. As banks approach the threshold, management should map current committee membership to the “outside” and “independent” criteria, identify gaps early and coordinate with nominating governance well ahead of the effective year.

In parallel, the audit committee charter, meeting cadence and reporting package should be updated to reflect the committee’s required role in appointing and overseeing the independent public accountant and in reviewing the FDICIA reporting requirements.

Your biggest FDICIA readiness risk is simply running out of time

While audit independence often triggers FDICIA planning, time is the underlying risk CFOs must manage. FDICIA readiness touches nearly every process related to financial reporting and governance. So as documentation standards increase and testing expands, coordination with external auditors and outside partners becomes more structured and more frequent, all of which takes time.

Banks rarely struggle with FDICIA because they misunderstand the rules, but because they haven’t properly planned to implement them.

• Internal teams get overwhelmed by day‑to‑day responsibilities.
• Leaders focused on growth put FICIDIA issues on the back burner.
• CFOs find themselves reacting to deadlines rather than addressing them proactively.

Taking an early readiness approach allows CFOs to spread work across reporting cycles, address independence issues deliberately and prevent bottlenecks during critical audit periods.

Effective FDICIA readiness focuses on control rather than compliance

The most effective CFOs approach FDICIA readiness with a clear objective: maintain control over timelines, auditor relationships and communication with regulators and the board. In practice, maintaining control requires early decisions across several workstreams.

• Confirming when statutory requirements become effective.
• Aligning the audit committee’s structure and oversight responsibilities.
• Evaluating auditor independence and the impact of non-attest services provided.
• Selecting/onboarding the appropriate financial statement auditor.

Addressing these items early reduces late‑cycle surprises, spreads effort across reporting periods and helps management enter the first year under FDICIA with a plan that is credible to the board and regulators.

As your bank continues to growth toward $1 billion in assets, FDICIA readiness will increasingly shape your CFO’s role. If you treat it as an early strategic priority — rather than a late‑stage compliance requirement — you will navigate the transition with greater confidence, fewer disruptions and stronger institutional trust.

How Wipfli can help

We advise financial institutions approaching $1 billion in assets on how to meet new FDICIA requirements. Our team will guide you through the $1 billion transition process and help ensure you have the appropriate audit independence and internal control structures in place. Start a conversation.

Get ready for $1 billion

Read more

• How to mitigate ransomware attacks on financial institutions
• How should financial institutions respond to the federal compliance pullback?
• How can financial institutions get more value from using AI?