Is Your Regulatory House in Order? Here's What You Need to Do.

As public banks and companies continue to grow, whether through mergers and acquisitions or organically, it’s not unusual for them to forget about important regulations.

In this blog, we wanted to focus on the requirements of the Securities and Exchange Commission (SEC) that require companies to provide an annual report on internal controls for their fiscal year end.[1] In particular, these internal control report requirements impact accelerated and large accelerated filers.[2]

The rules implementing Section 404 of the Sarbanes-Oxley (SOX) Act require management to produce an annual internal control report that includes:

  • A declaration of responsibility for establishing and maintaining adequate "internal control over financial reporting"
  • An assessment of the effectiveness of the company's internal control over financial reporting as of the end of the company's most recent fiscal year, including a statement of the effectiveness of the company's internal control over financial reporting
  • A description of the framework used to conduct the evaluation (typically the 2013 COSO Framework)
  • A statement that the public accounting firm that audited the company's financial statements included in the annual report has issued an attestation report on management's assessment

While management is not required to produce this internal control report on a quarterly basis, they must perform a quarterly evaluation of any changes that have or are likely to materially affect the company's internal control over financial reporting. This evaluation must occur under the supervision of the company CEO and CFO. SEC reporting companies must disclose any material changes to internal control over financial reporting that have occurred during the most recent quarter covered by the report.

If your organization fits the profile of a company that must comply with these rules or is close to reaching the applicable market capitalization, it is important to know what you are required to do and provide. For example, if your company’s market cap reaches the applicable market caps for accelerated and large accelerated filers as of June 30 for a calendar year end company, then a Form 10-k for that fiscal year will be due on an accelerated basis. As an accelerated or larger accelerated filer, the registrant also is required to comply with Section 404(b) in that Form 10-K.

Example:

Bank A had a market cap of $70 million as of December 31, 2015. On June 30, 2016, their market cap increased to $76 million. They are now required to receive an audit on their internal controls over financial reporting. The registrant’s 2016 Form 10-K will be due 75 days after year end and must include its auditor’s report on the effectiveness of internal controls over financial reporting as of December 31, 2015.

As a result of the complexity and breadth of the SEC disclosure requirements and the ongoing increases in regulatory scrutiny, filers should be diligent about keeping their house in order. Penalties for missing these deadlines vary based on the nature of the missed report, and internal control gaps can occur if the deadlines are not addressed in a timely manner.

The ability to attest to the quality of internal controls over financial reporting is rooted in the strength of your internal audit process. While compliance is the objective outcome, sustaining internal control over financial reporting requires that you have the right structures in place and that management, board of directors, team members, and your independent auditor are working consistently with a shared understanding of financial reporting requirements and the tasks required for compliance.

HORNE helps companies stay aware of and manage regulatory and legal changes impacting how they do business and build strategy. We can help you transform these complexities into opportunity. 

What You Need To Remember About SEC Mandates

  1. Within the first filing year that your organization exceeds the $75 million market cap, you are required to receive an audit on the internal controls over financial reporting in order to remain in compliance
  2. The annual report must be prepared by management and attested to by an independent auditor
  3. Quarterly, the company must disclose any material changes to their controls
  4. The SEC has modified existing CEO and CFO certification requirements under Sections 302 and 906 of the Sarbanes-Oxley Act of 2002 [3]
  5. Penalties for non-compliance or missed deadlines are levied based on the nature of the report and delinquency

 

Join the conversation and receive updates of new posts:

Subscribe to the Banking Blog

 

[1] Sarbanes-Oxley Update: SEC Mandates Management Report on Internal Controls and Modifies Officer Certification Requirements

[2] Final Rule: Management's Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports, Securities and Exchange Commission

[3] SEC Release No. 33-8238

Topics: Regulations, SEC

Leave A Comment

Related Posts