Articles & E-Books


FDICIA requirements as PPP, mortgages push asset growth

Nov 03, 2020

Many banks have experienced significant asset growth during 2020, driven by Paycheck Protection Program (PPP) lending and strong mortgage demand. As a result, banks are advancing on Federal Deposit Insurance Corporation Improvement Act (FDICIA) thresholds more quickly than expected. Two asset size thresholds subject banks to Part 363 of the FDICIA regulations.

Banks with consolidated assets of at least $500 million

Banks that have reached or exceeded $500 million in consolidated assets at the beginning of their fiscal year are required to submit the following to the FDIC annually:

  • Audited comparative financial statements in accordance with accounting principles generally accepted in the United States (GAAP)
  • Independent public accountant’s report on the audited financial statements
  • Management report containing:
    • A statement of management’s responsibilites for:
      • Preparing the annual finanical statements
      • Establishing and maintaining an adequate internal control structure over financial reporting
      • Complying with the safety and soundness laws and regulations pertaining to insider loans and dividend restrictions
    • An assessment by management of the bank’s compliance with the safety and soundness laws and regulations during the fiscal year
  • Independent public accountant’s management letter or other required communication letters issued in connection with the audit of the bank. These additional letters must be submitted within 15 days after receipt and may include, but are not limited to, the following:
    • Any written communication to the audit committee (e.g., critical accounting policies, alternative accounting treatments discussed with management, any schedule of unadjusted differences, realtionships that bear on the accountant’s independence)
    • Any written communication of significant deficiencies and material weakenesses in internal control
    • Any written communication of deficiencies in internal control over financial reporting that are not considered signficant deficiencies

Banks with consolidated assets of at least $1 billion

Banks that have reached or exceeded $1 billion in consolidated assets at the beginning of their fiscal year are required to comply with all the requirements listed above for banks with consolidated assets of at least $500 million and the following requirements:

  • The management report is expanded to include management’s assessment of the effectiveness of the bank’s internal control over financial reporting.
  • The independent public accountant’s report must include a report on the effectiveness of the bank’s internal control over financial reporting.

Timing requirement for filing Part 363 annual reports

Banks subject to Part 363 are required to file an annual report containing the audited financial statements and management report with the FDIC and the bank’s primary federal and/or state regulators within a set time frame as follows:

  • Nonpublic banks:within 120 days after the end of its fiscal year-end
  • Public banks: within 90 days after the end of its fiscal year-end

Other reports and letters, such as management letters and required communications, must be filed with the same regulatory agencies within 15 days of receipt.

Impact on audit committee 

Banks with at least $500 million in consolidated assets are required to have an audit committee comprising outside directors, a majority of whom must be independent from management. Banks with at least $1 billion in consolidated assets are required to have an audit committee composed entirely of outside directors independent from managament. All oustisde directors must be evaluated annually to determine whether they are still independent of management. The audit committee is also responsible for the appointment, compensation and oversight of the independent auditor and review of the required audited financial statements and management report with management and the independent auditor.

Impact on independent auditor 

The independent auditor must adhere to different independence standards that further restrict what services may be performed for the bank. For example, non-audit services such as loan file reviews, internal audit procedures and certain accounting services (e.g., depreciation of fixed assets) that might have previously been performed generally cannot be performed by the independent auditor under Part 363. In addition, the independent auditor cannot provide any significant financial statement preparation assistance, including typing or word processing services, once subject to the additional independence rules.

Preparing for FDICIA requirements

As banks approach the $500 million asset threshold, they should prepare for the new requirements by considering doing the following:

  • Learning about the specific requirements of Part 363
  • Understanding the additional requirements as noted above and beginning implementation or strengthening of current controls and procedures to allow management to make the required assessment
  • Evaluating the current audit committee or creating an audit committee that is composed of outside directors, the majority of whom are independent from management
  • If not already obtaining a financial statement audit, discussing options and timing with your accounting firm
  • Discussing the independence requirements with the independent auditor to ensure services provided do not impair independence

As banks approach the $1 billion asset threshold, they should preapare for the additional requirements by:

  • Evaluating key controls and procedures over financial reporting. The initial assessment of key controls can be a signficant task that management should invest an appropriate amount of time in properly planning for it.
  • Discussing with the independent auditor what additional testing will be required and how the bank’s management and internal audit function can assist in making the additional work as efficient as possible.

Approaching either of these thresholds requires a significant investment of time and preparation. For more information regarding FDICIA requirements, please contact your Wipfli relationship executive.

Additional consideration

With PPP lending causing substantial growth for many banks during 2020, banking groups have expressed concern that many financial institutions may pass the FDICIA thresholds faster than anticipated. As a result, requests have been made to regulators to reevaluate the appropriateness of the current thresholds. For example, the American Bankers Association (ABA) has requested the banking regulatory agencies exclude PPP loans from asset-based regulatory thresholds, deposit insurance premiums and other regulatory requirements. However, to date, there has not been any action to exclude these loans.

Need more help with COVID-19 issues?

We’re here to help you navigate the uncertainty of the COVID-19 pandemic and its impact on your people, finances and business. We have developed a library of resources in our COVID-19 resource center to help you stabilize today and prepare for tomorrow. We also have solutions that can help you manage your people, strategy, operations, business finances and technology. We’re here to help. Contact us today.

See our articles on:

Managing disruption
Your workforce
Financial strategies
Cybersecurity and technology
Working remotely
Legislation, stimulus funding


Stephanie Suchla, CPA
View Profile