[Federal Register Volume 64, Number 3 (Wednesday, January 6, 1999)]
[Proposed Rules]
[Pages 776-784]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-150]


 ========================================================================
 Proposed Rules
                                                 Federal Register
 ________________________________________________________________________
 
 This section of the FEDERAL REGISTER contains notices to the public of 
 the proposed issuance of rules and regulations. The purpose of these 
 notices is to give interested persons an opportunity to participate in 
 the rule making prior to the adoption of the final rules.
 
 ========================================================================
 

  Federal Register / Vol. 64, No. 3 / Wednesday, January 6, 1999 / 
Proposed Rules  

[[Page 776]]


-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION

12 CFR Parts 701, 715 and 741


Supervisory Committee Audits and Verifications

AGENCY: National Credit Union Administration.

ACTION: Proposed rule.

-----------------------------------------------------------------------

SUMMARY: The Credit Union Membership Access Act has amended certain 
audit and financial reporting requirements of the Federal Credit Union 
Act. The National Credit Union Administration solicits public comment 
on proposed rules implementing those amendments. The amendments specify 
the minimum annual audit a credit union is required to obtain according 
to its charter type and asset size, the licensing authority required of 
persons performing certain audits, the auditing principles which apply 
to certain audits, and the accounting principles which must be followed 
in reports filed with the NCUA Board.

DATES: Comments must be received on or before March 8, 1999.

ADDRESSES: Comments should be directed to Becky Baker, Secretary of the 
Board. Mail or hand deliver comments to: National Credit Union 
Administration Board, 1775 Duke Street, Alexandria, VA 22314-3428. You 
may fax comments to (703) 518-6319. You may E-mail comments to 
[email protected]. Please send comments by one method only.

FOR FURTHER INFORMATION CONTACT: Karen Kelbly, Program Officer, Office 
of Examination and Insurance, at (703) 518-6360, or Steven W. Widerman, 
Trial Attorney, Office of General Counsel, at (703) 518-6540, at the 
above address.

SUPPLEMENTARY INFORMATION:

I. Background

A. Current Supervisory Committee Audit Requirements

    Two of the duties that Sec. 115 of the Federal Credit Union Act 
(FCUA), 12 U.S.C. 1761d, imposes on the Supervisory Committee of a 
federally-insured credit union are: (1) to ``make or cause to be made 
an annual audit'' of the credit union; and (2) to ``cause the passbooks 
and accounts of the members to be verified with the records of the 
treasurer from time to time, and not less frequently than once every 
two years.'' Current Sec. 701.12 of NCUA's rules and regulations, 12 
CFR 701.12, sets forth the Supervisory Committee's responsibilities in 
meeting the audit and verification requirements of FCUA 115.
    Current Sec. 701.12 requires a Supervisory Committee to perform, or 
engage another to perform an annual supervisory committee audit. The 
scope of the audit must include a level of audit testing based on the 
Supervisory Committee's assessment of control risk. Sec. 701.12(c)(3). 
If the Committee engages an independent, compensated auditor to perform 
the credit union's audit, the terms and conditions must be memorialized 
in an engagement letter. Sec. 701.12(d). Whether produced by the 
Committee itself or received from an independent auditor, a written 
report of the audit must be submitted to the board of directors and, 
upon request, to NCUA. Sec. 701.12(e). The Committee is responsible for 
maintaining the audit working papers and/or ensuring that they will be 
accessible to NCUA. Sec. 701.12(e). It also must conduct a verification 
of members' accounts against the records of the credit union using 
prescribed sampling methods. Sec. 701.12(h). The requirements of 
Sec. 701.12 apply to Federally-insured State-chartered credit unions 
(``FISCUs''), 12 CFR 741.202, both as a prerequisite for share 
insurance and under NCUA's administrative powers. 12 U.S.C. 1781(b)(9), 
1789(a)(11). The NCUA may impose sanctions against a credit union which 
violates these audit rules. Sec. 701.12(f).
    Additional audit remedies are available against federal credit 
unions by statute, 12 U.S.C. 1782(a)(6)(A), as added by the Financial 
Institutions Reform, Recovery and Enforcement Act, Pub. L. No. 101-73, 
103 Stat. 482 (1989). Current Sec. 701.13 of NCUA's rules and 
regulations, 12 CFR 701.13, establishes three conditions under which 
the NCUA Board may compel a federal credit union to use an outside, 
independent State-licensed auditor, Sec. 701.13(a)(1)-(2). One of these 
conditions also may be the basis for compelling a federal credit union 
to obtain a financial statement audit (performed by an independent 
State-licensed auditor). Sec. 701.13(a)(3), (b)-(c). These sanctions 
also are available against FISCUs under current Sec. 701.12(f)(ii). 
NCUA is permitted to treat the failure to use an independent State-
licensed auditor or to obtain a financial statement audit, when ordered 
to do so, as an unsafe and unsound practice for purposes of terminating 
the credit union's insurance. 12 U.S.C. 1782(a)(6)(B) and 1786(b).

B. New Statutory Audit Requirements

    Section 201(a) of the Credit Union Membership Access Act (CUMAA), 
Pub. L. No. 105-219, 112 Stat. 918 (1998), has now added two new 
subsections to section 202(a)(6) of the FCUA, 12 U.S.C. 1782(a)(6)(C) 
and (D). Subsection (C) addresses accounting principles; it generally 
requires credit unions having assets of $10 million or more to follow 
generally accepted accounting principles (GAAP) in all reports or 
statements filed with the NCUA Board.\1\ 12 U.S.C. 1782(a)(6)(C). The 
NCUA Board, and State credit union supervisors under applicable 
statutes, are given the authority to require credit unions having less 
than $10 million in assets to follow GAAP. 12 U.S.C. 
1782(a)(6)(C)(iii).
---------------------------------------------------------------------------

    \1\ In lieu of GAAP, the NCUA Board may prescribe ``an 
accounting principle * * * that is no less stringent than [GAAP].'' 
12 U.S.C. 1782(a)(6)(C)(ii).
---------------------------------------------------------------------------

    Subsection (D) imposes audit requirements for large federally-
insured credit unions-those having assets of $500 million or more. A 
credit union at or above that level of assets, whether State- or 
Federally-chartered, is required to obtain an annual independent audit 
of its financial statements performed in accordance with generally 
accepted auditing standards (GAAS). Furthermore, that audit must be 
performed by an independent certified public accountant or public 
accountant licensed to do so by the appropriate State or jurisdiction. 
12 U.S.C. 1782(a)(6)(D)(i). (This audit engagement is popularly termed 
an ``opinion audit,''

[[Page 777]]

but is hereinafter referred to as a ``financial statement audit.'')
    A federally-chartered credit union having total assets of less than 
$500 million but more than $10 million is subject to only one 
requirement under subsection (D). If that credit union elects to obtain 
the financial statement audit required of a credit union having assets 
of $500 million or more, the audit must be performed consistent with 
the accountancy laws and licensing requirements of the appropriate 
State or jurisdiction.\2\ 12 U.S.C. 1782(a)(6)(D)(ii). The appropriate 
State or jurisdiction normally will be the State in which the credit 
union is located.
---------------------------------------------------------------------------

    \2\ According to the CCH Accountancy Law Reporter, State-
licensing requirements for persons who perform audits are as 
follows:
     4 states permit anyone to render accounting and 
auditing services but restrict the use of the titles ``Certified 
Public Accountant'' (CPA) and Public Accountant (PA) to persons 
licensed as such (Arizona, Kansas, North Carolina, and Wyoming).
     36 states have a ``grandfathered'' class of licensed 
accountants--non CPAs who were practicing public accounting on the 
effective date of their current accountancy laws.
     10 states license a class of accountants in addition to 
CPAs variously entitled ``accounting practitioner,'' ``registered 
public accountant,'' ``licensed public accountant,'' or ``public 
accountants'' (Delaware, Georgia, Indiana, Iowa, Maine, Montana, 
Oklahoma, Oregon, South Carolina, and Vermont).
     All 50 states allow unlicensed persons to provide the 
general public with a variety of accounting and bookkeeping 
services, including the preparation of financial statements without 
reports, provided that such individuals do not use certain titles, 
perform services prohibited by law, or otherwise hold themselves out 
as licensed by the State.
---------------------------------------------------------------------------

    Subsection (D) imposes no audit requirements on federally-chartered 
credit unions having total assets of less than $500 million but more 
than $10 million which do not voluntarily elect to obtain a financial 
statement audit performed in accordance with GAAS (as credit unions 
having assets of $500 million or more must obtain under subsection 
(D)(i)). See Sec. 715.2(f) (GAAS definition). Only in the case of a 
financial statement audit performed in accordance with GAAS, whether by 
choice or by law, do State accountancy laws and licensing requirements 
apply.\3\ Subsection (D) is silent regarding audits of federally-
chartered credit unions having assets of $10 million or less, and 
FISCUs having assets of less than $500 million.
---------------------------------------------------------------------------

    \3\ Section 202(a)(6)(D)(ii), 12 U.S.C. 1782(a)(6)(D)(ii), 
provides: ``If a Federal credit union that is not required to 
conduct an audit under clause (i), and that has total assets of more 
than $10,000,000 conducts such an audit for any purpose, using an 
independent auditor who is compensated for this or her audit 
services with respect to that audit, the audit shall be performed 
consistent with the accountancy laws of the appropriate State or 
jurisdiction, including licensing requirements.'' (emphasis added.) 
``Such an audit'' refers back to ``an audit under clause (i)'' of 
section 202(a)(6)(D). A clause (i) audit is a financial statement 
audit performed in accordance with GAAS. The clause (ii) requirement 
to follow State accountancy and licensing laws is triggered only 
when a credit union voluntarily chooses a financial statement audit.
---------------------------------------------------------------------------

    The threshold set by subsection (D) at $500 million for requiring a 
financial statement audit puts federally-insured credit unions in 
parity with other federally-insured depository institutions. 
Institutions supervised by the Federal Deposit Insurance Corporation, 
the Office of Thrift Supervision, the Office of Comptroller of the 
Currency, and the Federal Reserve Board are required to obtain a 
financial statement audit if they have assets of $500 million or 
more.\4\ 12 CFR part 363. For institutions having assets of less than 
$500 million, the Federal Financial Institutions Examination Council 
(FFIEC) recently proposed audit options identical or similar to those 
proposed here. FFIEC, Policy Statement on External Auditing Programs of 
Banks and Savings Associations, 63 FR 7796 (Feb. 17, 1998) (FFIEC 
Policy Statement).
---------------------------------------------------------------------------

    \4\ The statute authorizing 12 CFR 363, originally established a 
$150 million asset floor for requiring a financial statement audit. 
12 U.S.C. 1831m(j)(2). However, the banking agencies exercised their 
statutory authority to increase the asset floor to $500 million, 
thereby exempting two-thirds of all institutions required under 
Sec. 1831m to obtain a financial statement audit. 12 CFR 363.1(a); 
58 FR 31332 (June 2, 1993).
---------------------------------------------------------------------------

II. Section-Within-Subject Analysis of Proposed Rule

    For ease of access to the proposed rules implementing section 201 
of CUMAA, NCUA has consolidated and restructured its current audit 
rule. Current sections 701.12 [supervisory committee audits and 
verifications] and 701.13 [requirements for an outside audit] have been 
eliminated and the surviving provisions of each have been combined in a 
proposed new Part 715 of NCUA's rules and regulations [supervisory 
committee audits and verifications], 12 CFR 715. Part 715 incorporates 
the statutory auditing requirements introduced in CUMAA. The references 
within section 741.202 have been revised to apply Part 715 to FISCUs. 
See 12 U.S.C. 1781(b)(9), 1789(a)(11) (application to FISCUs). Section 
741.6 [financial and statistical and other reports], 12 CFR 741.6, 
remains intact but for the revision of Call Report filing dates in 
subsection (a) and the introduction of new subsections (b) and (c) 
requiring the use of GAAP in those reports.

A. Scope and Definitions

    Section 715.1--Scope of This Part. For the convenience of the 
reader, this section provides a guide to what is, and is not, covered 
in proposed Part 715. Citations to statutory authority are included. 
This section makes clear that both the new and existing auditing 
regulations are combined within the scope of this Part. It directs the 
reader to Part 741.6 for regulations revising certain Call Report 
filing dates and mandating GAAP as the measurement requirement for Call 
Reports.
    Section 715.2--Definitions Used In This Part. This section imports 
all of the defined terms from current Sec. 701.12(a) that will be used 
in this Part. All but one of the imported definitions are virtually 
identical in form and substance to their predecessors. The exception is 
the definition of ``State-licensed person'' at Sec. 715.2(k), which has 
been revised to reflect the statutory language in 12 U.S.C. 
1782(a)(6)(D). Two new terms are introduced in this section which refer 
to new audit options in Sec. 715.9(a)-(b)--``balance sheet audit'' as 
defined at Sec. 715.2(a), and ``review and evaluation of internal 
controls'' as defined at Sec. 715.2(j). This section identifies 
alternative terms which are popularly used in place of defined 
technical terms, although popular terms are not used in this Part. See, 
e.g., Sec. 715.2(d) and (l). In many instances within the substantive 
text of the rules a defined term is expanded to include a phrase from 
the definition of that term. The purpose of this is to reduce the need 
for readers to cross-reference this section for definitions when 
reading the substantive provisions of this Part.

B. Supervisory Committee Responsibilities

    Section 715.3--General Responsibilities of the Supervisory 
Committee. This section divides the Supervisory Committee's 
responsibilities into three categories. Subsection (a) sets forth the 
Committee's two basic, overall duties--to ensure that required 
financial reporting objectives are met and safeguards are in place to 
protect members' assets. To carry out these basic responsibilities, 
subsection (b) sets forth four specific criteria which the Committee 
must oversee--internal controls, accurate preparation of records and 
reports, administration of plans, policies and control procedures, and 
the adequacy of those plans, policies and procedures to protect the 
credit union against wrongdoing. Finally, subsection (c) sets forth 
four specific actions the Supervisory Committee must take to

[[Page 778]]

fulfill its responsibilities--ensure that management properly prepares 
and files reports with the NCUA Board (e.g., Forms 5300 and 5310 Call 
Reports per 12 CFR 741.6), obtain a supervisory committee audit 
annually, conduct a verification of members' passbooks and accounts, 
and ensure that the credit union complies with this Part. This section 
is similar in substance to current Sec. 701.12(b) except for revisions 
to conform to the supervisory committee audit options in Sec. 715.9(c).
    Section 715.4--Audit Responsibility of the Supervisory Committee. 
This section sets forth the specific audit responsibilities of the 
Supervisory Committee of a federally insured credit union. Subsection 
(a), which restates the annual audit requirement in 12 U.S.C. 1761d, 
parallels current Sec. 701.12(c)(1). Subsection (b) is the first of 
several places in this Part which point out that, regardless of the 
asset and charter criteria in the immediately following sections, a 
financial statement audit is always considered to fall within the 
definition of a supervisory committee audit, Sec. 715.2(m) , and if 
performed adequately, will always satisfy a credit union's audit 
responsibility. For those credit unions that do not choose to obtain a 
financial statement audit, subsection (c) introduces minimum audit 
requirements according to asset size and charter type. For the 
convenience of the reader, these are summarized in a diagram preceding 
Sec. 715.5, the first of four sections setting forth minimum audit 
requirements.

C. Minimum Audit Requirements

    Section 715.5--Audit of Federally-Insured Credit Unions Having 
Total Assets of $500 Million or Greater. This section sets forth the 
new ``large credit union audit requirement'' imposed by CUMAA. 12 
U.S.C. 1782(a)(6)(D)(i). Credit unions having total assets of $500 
million or greater, whether State-or Federally-chartered, must obtain a 
financial statement audit to satisfy their supervisory committee audit 
responsibility. By definition, a financial statement audit must be 
performed in accordance with GAAS, and must be performed by a person 
who is licensed to do so by an appropriate State or jurisdiction, i.e., 
in which the credit union is located. This section imposes the single 
most significant revision to current Sec. 701.12--establishing the 
financial statement audit as the minimum audit for large credit unions. 
The effect of this section is to codify the level of audit engagement 
that nearly all of the affected credit unions already obtain 
voluntarily.
    Section 715.6--Audit of Federally-Insured State-Chartered Credit 
Unions Having Total Assets of Less Than $500 Million. This section 
addresses Federally-insured State-chartered credit unions (FISCUs) 
only, which have total assets of less than $500 million and thus are 
not considered to be ``large credit unions'' for purposes of 
Sec. 715.4. CUMAA is silent regarding audits of credit unions in this 
category. Accordingly, this section provides that a FISCU having assets 
of less than $500 million may fulfill its supervisory committee audit 
responsibility either by ``obtain[ing] an annual supervisory committee 
audit as prescribed in section 715.9 or 715.4(b), or an audit as 
prescribed by the State or jurisdiction in which the credit union is 
located, whichever is more stringent.'' \5\ (Emphasis added.) 
Theoretically, this presents the FISCU with a choice among three audit 
options-a financial statement audit, one of the Sec. 715.9 options, or 
a State-prescribed audit. Unless the credit union voluntarily chooses 
to obtain a financial statement audit, however, the result is 
effectively predetermined simply by whether the audit prescribed by 
State law or regulation is ``more stringent'' than that available under 
Sec. 715.9(c).\6\
---------------------------------------------------------------------------

    \5\ The doctrine of Federal preemption permits NCUA to establish 
minimum audit requirements for federally-insured credit unions, as 
Sec. 715.9 does, which preempt conflicting audit requirements 
prescribed by State law or regulation. However, this does not 
preclude the States from imposing additional,non-conflicting audit 
requirements on FISCUs, making their audits ``more stringent'' that 
those NCUA prescribes.
    For purposes of clarification to aid the reader, this preamble 
and proposed rule expressly references certain powers that Federal 
law and NCUA regulations grant to the States (or their credit union 
supervisors),  e.g., Secs. 715.6, 741.6(b); 12 U.S.C. 
1782(a)(6)(C)(iii). The absence of express reference to State powers 
elsewhere in this preamble and proposed rule does not diminish or 
preclude the power of States to act pursuant to State laws that do 
not conflict with Federal law or NCUA rules. See, e.g., Colo. Rev. 
Stat. Sec. 11-30-106(3); Wash Rev. Code Sec. 31.12.569 (authorizing 
Statute supervisory authority to require FISCUs to follow GAAP or 
other standards).
    \6\ NCUA does not define ``stringent'' except to suggest that it 
might involve enhanced audit scope and depth. ``Stringent'' is not 
defined in 12 U.S.C. 1782(a)(6)(C)(iii), which refers to an 
accounting principle that is ``no less stringent'' than GAAP.
    In comparison to NCUA's current supervisory committee audit 
rule, Sec. 701.12, State-prescribed audits for credit unions 
generally fall into three categories: (1) States which prescribe 
audits substantially similar to 12 U.S.C. 1761d and/or Sec. 701.12; 
(2) States which prescribe audits which differ in some respects from 
12 U.S.C. 1761d and/or Sec. 701.12, but which are not necessarily 
``more stringent,'' including four States which determine the type 
of audit by asset size, e.g., Mich. Comp. Laws Sec. 490.11(2); and 
(3) States in which a financial statement audit is prescribed for 
certain credit unions.
---------------------------------------------------------------------------

    Section 715.7--Audit of Federally-Chartered Credit Unions Having 
Total Assets of Less Than $500 Million But More Than $10 Million. This 
section addresses Federally-chartered credit unions only, which have 
total assets of less than $500 million but more than $10 million. It 
provides that a credit union which does not choose to obtain a 
financial statement audit under Sec. 715.4(b) must obtain a supervisory 
committee audit under Sec. 715.9. Credit unions in this category are 
allowed to voluntarily obtain a financial statement audit. If a credit 
union voluntarily chooses to obtain a financial statement audit, the 
audit must be performed consistent with the accountancy laws and 
licensing requirements of the State in which the credit union is 
located. See supra note 3 and accompanying text. By its terms, this is 
the only requirement that 12 U.S.C. 1782(a)(6)(D)(ii) imposes on credit 
unions in this category. Nothing in that provision restricts a credit 
union from using the alternatives to a financial statement audit that 
are available in Sec. 715.9.
    Section 715.8--Audit of Federally-Chartered Credit Unions Having 
Less Than $10 Million. CUMAA is silent about audits of federally-
chartered credit unions having less than $10 million in assets. 
Accordingly, this section requires credit unions in this category to 
obtain a supervisory committee audit under Sec. 715.9.
    Section 715.9--Supervisory Committee Audit Requirements If Not A 
Financial Statement Audit. This section applies to federally-insured 
credit unions that are not required, and have not chosen, to obtain a 
financial statement audit. Three options are provided for credit unions 
in this category to fulfill their supervisory committee audit 
responsibility, two of which are analogous to options proposed by the 
FFIEC for other Federally-insured financial institutions.
    The first option is an ``opinion on the balance sheet'' of the 
credit union. Sec. 715.9(a). Like a financial statement audit, this 
engagement must be performed in accordance with GAAS by a person who is 
licensed by State law to do so. This engagement consists of an 
examination of assets, liabilities and equity and requires an opinion 
by the auditor on the fairness of the balance sheet only. (In contrast, 
a financial statement audit requires an opinion addressing additional 
financial statements such as the income statement, statement of changes 
in equity (including comprehensive income) and statement of cash 
flows.) This option is identical to that of the same name proposed by 
the FFIEC. FFIEC Policy Statement, 63 FR at 7797, 7800.

[[Page 779]]

    The second option is a ``review and evaluation of internal controls 
over Call Reporting,'' Sec. 715.9(b), which is available to all credit 
unions but those deemed ``complex'' under 12 U.S.C. 1790d(d)(1) for 
purposes of prompt corrective action.\7\ This engagement consists of an 
examination of management's written assertions concerning the 
effectiveness of internal controls over data reported in Call Reports 
(NCUA Form 5300) which addresses the following high risk areas: loans, 
investments, and cash and deposit activity. The result of this 
engagement is a report by the auditor on management's assertions on the 
effectiveness of internal controls on the data limited to these high 
risk areas. This option is comparable to the FFIEC-proposed option of 
an ``attestation report on internal control assertions.'' 63 FR at 
7797, 7800.
---------------------------------------------------------------------------

    \7\ NCUA is required to adopt rules defining a ``complex'' 
credit union for prompt corrective action purposes no later than 
August 7, 2000, to become effective January 1, 2001. CUMAA 
Sec. 301(d)(2)(B) and (e)(2).
---------------------------------------------------------------------------

    The principal difference between NCUA's ``review and evaluation of 
internal controls over Call Reporting'' and FFIEC's ``attestation 
report on internal control assertions'' concerns who is qualified to 
perform the engagement. NCUA's ``review and evaluation'' may be 
performed by an independent, State-licensed person or other ``qualified 
person'' unless the credit union is deemed ``complex'' under 12 U.S.C. 
1790d(d)(1) (in which case only an independent, State-licensed person 
may perform the engagement). In contrast, FFIEC's ``attestation 
report'' option always must be performed by an independent, State-
licensed person. The reason for relaxing the level of qualification for 
persons performing NCUA's ``review and evaluation of internal controls 
over Call Reporting'' is that its scope is far narrower than that of 
FFIEC's ``attestation report.'' The NCUA ``review and evaluation'' is 
limited to certain data reported in three Call Report schedules--that 
which concerns loans, investments, and cash and deposit activity. In 
contrast, FFIEC's ``attestation report'' goes much further--it 
encompasses ``all or specified schedules of the institution's 
regulatory reports'' concerning loans and lease financing receivables; 
past due and nonaccrual loans, leases, and other assets; allowance for 
credit losses; securities; and in some cases trading assets and 
liabilities and off-balance sheet items. 63 FR 7800. Accordingly, for a 
credit union which is not deemed ``complex,'' NCUA permits a ``review 
and evaluation of internal controls over Call Reporting'' to be 
performed by a ``qualified person,'' which includes the Supervisory 
Committee itself, the credit union's internal auditor (provided that 
person reports directly to the Committee), or by an independent, State-
licensed person.\8\
---------------------------------------------------------------------------

    \8\ Because there are no specific standards to follow in a 
``review and evaluation of internal controls over Call Reporting,'' 
this engagement is subject to an NCUA examiner's finding that the 
auditor's report is unacceptable on a subjective basis due to, for 
example, insufficient scope or depth. In that event, the credit 
union may be required by NCUA to have its audit re-done, either by 
the same person or by an independent State-licensed person, or to 
obtain a financial statement audit engagement. Secs. 715.13(a)(2), 
715.14.
---------------------------------------------------------------------------

    The final option offered by NCUA is the audit program prescribed in 
NCUA's Supervisory Committee Guide (Guide), as revised to conform to 
Part 715. Sec. 715.9(c). This engagement is similar to a ``Directors' 
Examination'' used by some Federally-insured banks. Like the ``review 
and evaluation of internal controls over Call Reporting,'' a Guide 
engagement may be performed by an independent, State-licensed person or 
other ``qualified person.'' The Guide will be amended to detail the 
minimum scope and procedures of the engagement, and to clearly 
distinguish a Guide engagement from a financial statement audit 
engagement.
    Credit unions having assets of $500 million or more now must obtain 
a financial statement audit, and June 1998 NCUA Call Report data shows 
that 80% of Federally-insured credit unions above $50 million in assets 
already do so by choice. NCUA encourages all credit unions, regardless 
of asset size, to obtain financial statement audits,\9\ but recognizes 
that financial statement audits may not be practical for all credit 
unions. Accordingly, NCUA seeks to preserve less burdensome audit 
alternatives for credit unions which do not obtain financial statement 
audits. NCUA believes this section accomplishes that objective without 
compromising the Supervisory Committee's ability to carry out its 
oversight responsibilities.
---------------------------------------------------------------------------

    \9\ Credit unions (through their voluntary boards of directors) 
should recognize that they will receive greater degree of comfort 
from a financial statement audit performed by a State-licensed 
person who must follow specific auditing standards, is subject to 
peer reviews (available for inspection prior to hiring a licensed 
auditor), and is required to satisfy continuing education 
requirements in order to remain licensed.
---------------------------------------------------------------------------

    This section is a significant departure from the supervisory 
committee audit standards and scope set forth in current section 
701.12(c). But it is consistent with the overall objective of proposed 
Part 715 to clearly delineate the differences in scope, and therefore 
in burden, between a financial statement audit--which is warranted for 
large credit unions--and the alternatives for a supervisory committee 
audit, which are suited to credit unions of moderate and smaller size.

D. Verification of Accounts

    Section 715.10--Requirements for Verification of Accounts and 
Passbooks. As mandated by 12 U.S.C. 1761d, this section requires the 
Supervisory Committee to conduct a verification of the passbooks and 
accounts of the members against the records of the credit union at 
least once every two years. This section is identical to current 
Sec. 701.12(h) except that it has been restructured and reworded to 
enhance clarity.

E. Other Audit Requirements

    Section 715.11--Assistance From Outside Compensated Person. This 
section sets the independence and engagement letter requirements that 
are triggered when the Supervisory Committee engages an outside person 
who is compensated to perform, or to assist in the performance of, a 
supervisory committee audit under this Part. Subsection (a), which 
concerns the auditor's independence from credit union officials, is 
identical in substance to current Sec. 701.12(g), but has been reworded 
to enhance clarity and eliminate the need to cross-reference the 
``Definitions'' section of this Part. Subsection (b) sets forth the 
general requirement for an engagement letter between the Supervisory 
Committee and the outside auditor memorializing the terms and 
conditions of the audit engagement. It is identical to current 
Sec. 701.12(d)(1), except that a sentence has been relocated to this 
section to emphasize that ``the engagement must be contracted directly 
with the Supervisory Committee.'' The purpose of this addition is to 
clarify that the engagement must be with the Supervisory Committee, not 
the credit union's board of directors or management. However, this does 
not preempt State laws requiring the board of directors to authorize 
compensation for auditing assistance sought by the Supervisory 
Committee. See, e.g., Colo. Rev. Stat. Sec. 11-30-109(1)(i). Subsection 
(c) sets forth the required contents of an engagement letter; it 
retains all eight items in current Sec. 701.12(d)(i)-(viii) with minor 
revisions to conform to Sec. 715.9.
    Subsections (d) and (e) together retain an innovation from current 
Sec. 701.12(d)(2)-(3) that has effectively solved the problem of after-
the-fact

[[Page 780]]

disputes between the credit union and its outside auditor over which 
components of an audit were to be included in the engagement, and which 
were to be excluded. Thus, subsection (d) requires that the auditor 
give notice in the engagement letter when all items within the scope of 
an audit will be addressed in the engagement, thus yielding a complete 
supervisory committee audit under Sec. 715.9(b) or (c). Conversely, 
subsection (e) requires the engagement letter to identify any items 
that will be excluded from the engagement, and which will render the 
supervisory committee audit incomplete unless the Supervisory Committee 
itself addresses the excluded items.
    Section 715.12--Audit Report and Working Paper Maintenance and 
Access. This section combines two sets of requirements--the procedure 
for distributing the audit report produced either by the Supervisory 
Committee or by an outside person who performed the audit, and the 
responsibility for maintenance of, and access to, the auditor's 
``working papers'' once the engagement is complete. Subsection (a), 
which concerns distribution of the audit report, is identical to 
current Sec. 701.12(e)(1) with a single exception--it expressly states 
that credit union members must be provided with a report of the results 
of an audit (which can be oral or written) if not with a copy of the 
audit report itself. This revision conforms to 12 U.S.C. 1761d and 
reflects current practice. It is consistent with the view that most 
members are interested in the results of the audit, but not in 
receiving a report of the audit. Subsection (b), which concerns 
maintenance and access to audit working papers, is identical in form 
and substance to current Sec. 701.12(e)(2).

F. Sanctions and Remedies

    Section 715.13--Sanctions For Failure To Comply With This Part. 
This section imposes sanctions when a Supervisory Committee or its 
independent compensated auditor violates a provision of this Part or of 
an engagement letter prescribed by this Part. A Regional Director is 
permitted to reject an audit or to impose the same conditions on the 
audit as Sec. 715.4 prescribes, and the NCUA Board is permitted to seek 
formal administrative sanctions such as a cease and desist order or a 
civil money penalty. This section is identical in form and substance to 
current Sec. 701.12(f).
    Section 715.14--Statutory Audit Remedies for Federal Credit Unions. 
This section provides the NCUA Board with a pair of additional remedies 
which, if certain conditions are met, apply to federally-chartered 
credit unions by statute, 12 U.S.C. 1782(a)(6)(A), and to State-
chartered credit unions by regulation. Sec. 701.13(a)(2). The remedies 
are the authority to compel a credit union in this category to have its 
audit performed by a State-licensed person, Sec. 715.14(a), or to 
compel the credit union to obtain a financial statement audit even when 
it is not otherwise required to do so. Sec. 715.14(b). This section is 
identical to current Sec. 701.13, with two exceptions. First, 
subsection (b), which makes ``serious and persistent recordkeeping 
deficiencies'' a basis for compelling a credit union to obtain a 
financial statement audit, now includes a sentence describing the 
objective of such an audit: ``to reconstruct the records of the credit 
union sufficient to allow an unqualified or, if necessary, a qualified 
opinion on the credit union's financial statements. An adverse opinion 
should be the exception rather than the norm.'' Second, subsection (c), 
which defines ``serious and persistent recordkeeping deficiencies,'' is 
restructured to define ``serious'' and ``persistent'' separately.

G. Call Reporting Requirements

    Section 741.6--Financial and Statistical and Other Reports. This 
section sets deadlines for filing Call Reports with NCUA. The proposed 
rule revises filing dates in subsection (a), adds two new subsections 
(b) and (c), and redesignates current subsection (b) as a new 
subsection (d). In subsection (a), the filing dates for semiannual Call 
Reports are changed from ``on or before January 31 and on or before 
July 31'' to ``on or before January 22 and on or before July 22,'' 
respectively, to reflect current practice. New subsection (b) 
incorporates accounting principles mandated by 12 U.S.C. 1782(a)(6)(C) 
for reports or statements required to be filed with the NCUA Board 
under subsection (a). Call Reports filed by credit unions having assets 
of $10 million or more now must adhere to measurement principles 
consistent with GAAP. 12 U.S.C. 1782(a)(6)(C)(i); see also supra note 
1. This includes Call Reports filed by corporate credit unions. State 
credit union supervisors may require Federally-insured State-chartered 
credit unions to follow GAAP regardless of asset size. 12 U.S.C. 
1782(a)(6)(C)(iii); see supra note 7 and accompanying text. For the 
convenience of affected credit unions, subsection (c) cross-references 
the definition of GAAP at Sec. 715.2(d), distinguishes GAAP from GAAS, 
and identifies authoritative sources for the pronouncements of GAAP.

Regulatory Procedures

Regulatory Flexibility Act

    The Regulatory Flexibility Act requires NCUA to prepare an analysis 
to describe any significant economic impact a proposed regulation may 
have on a substantial number of small credit unions (primarily those 
under $1 million in assets). The NCUA Board has determined and 
certifies that the proposed rule, if adopted, will not have a 
significant economic impact on a substantial number of small credit 
unions. Thus, a Regulatory Flexibility Analysis is not required.

Paperwork Reduction Act

    The Paperwork Reduction Act imposes no additional information 
collection requirements beyond those in the current rule. Therefore, no 
Paperwork Reduction Act analysis is required.

Executive Order 12612

    Executive Order 12612 requires NCUA to consider the effect of its 
actions on state interests. The proposed amendment will not have a 
substantial direct effect on the states, on the relationship between 
the national government and the states, or on the distribution of 
rights and responsibilities among the various levels of government.

List of Subjects

12 CFR Parts 701 and 741

    Credit unions, Reporting and recordkeeping requirements.

12 CFR Part 715

    Audits, Credit unions, Reporting and recordkeeping requirements, 
Supervisory committee.

    By the National Credit Union Administration Board on December 
17, 1998.
Becky Baker,
Secretary of the Board.

    Accordingly, it is proposed that 12 CFR, parts 701, 715 and 741 be 
amended as set forth below:

PART 701--ORGANIZATION AND OPERATION OF FEDERAL CREDIT UNIONS

    1. The authority citation for part 701 continues to read as 
follows:

    Authority: 12 U.S.C. 1752(5), 1755, 1756, 1757, 1759, 1761a, 
1761b, 1766, 1767, 1782, 1784, 1787, 1789 and 1798. Section 701.6 is 
also authorized by 31 U.S.C. 3717. Section 701.31 is also authorized 
by 15 U.S.C. 1601 et seq.; 42 U.S.C. 1981 and 3601-3610. Section 
701.35 is also authorized by 42 U.S.C. 4311-4312.

[[Page 781]]

Secs. 701.12 and 701.13  [Removed]

    2. Sections 701.12 and 701.13 are removed.
    3. Part 715 is added to read as follows:

PART 715--SUPERVISORY COMMITTEE AUDITS AND VERIFICATIONS

Sec.
715.1  Scope of this part.
715.2  Definitions used in this part.
715.3  General responsibilities of the Supervisory Committee.
715.4  Audit responsibility of the Supervisory Committee.
715.5  Audit of Federally-insured credit unions having total assets 
of $500 million or greater.
715.6  Audit of Federally-insured State-chartered credit unions 
having total assets of less than $500 million.
715.7  Audit of Federally-chartered credit unions having total 
assets of less than $500 million but more than $10 million.
715.8  Audit of Federally-chartered credit unions having total 
assets of $10 million.
715.9  Other Supervisory Committee audit requirements if not 
financial statement audit.
715.10  Requirements for verification of accounts and passbooks.
715.11  Assistance from outside, compensated person.
715.12  Audit report and working paper maintenance and access.
715.13  Sanctions for failure to comply with this part.
715.14  Statutory audit remedies for Federal credit unions.

    Authority: 12 U.S.C. 1761d, 1782(a)(6).

Sec. 715.1  Scope of this part.

    This part implements section 202(a)(6)(D) of the Federal Credit 
Union Act, 12 U.S.C. 1782(a)(6)(D), as added by section 201(a) of the 
Credit Union Membership Access Act, Pub. L. No. 105-219, 112 Stat. 918 
(1998). This part prescribes the responsibilities of the Supervisory 
Committee to obtain an annual audit of the credit union according to 
its charter type and asset size, and to conduct a verification of 
members' accounts. Revised filing dates and required accounting 
principles for Call Reports (NCUA Forms 5300 and 5310) can be found in 
Sec. 741.6 of this chapter.


Sec. 715.2  Definitions used in this part.

    As used in this part:
    (a) Balance sheet audit refers to the examination of a credit 
union's assets, liabilities, and equity under generally accepted 
auditing standards (GAAS) by an independent public accountant for the 
purpose of opining on the fairness of the presentation on the balance 
sheet. The opinion under this type of engagement would not address the 
fairness of the presentation of the credit union's income statement, 
statement of changes in equity (including comprehensive income), or 
statement of cash flows.
    (b) Compensated person refers to any accounting/auditing 
professional, excluding a credit union employee, who is compensated for 
performing more than one supervisory committee audit and/or 
verification of members' accounts per calendar year.
    (c) Financial statements refers to a presentation of financial 
data, including accompanying notes, derived from accounting records of 
the credit union, and intended to disclose a credit union's economic 
resources or obligations at a point in time, or the changes therein for 
a period of time, in conformity with GAAP, as defined herein, or 
regulatory accounting procedures. Each of the following is considered 
to be a financial statement: a balance sheet or statement of financial 
condition; statement of income or statement of operations; statement of 
undivided earnings; statement of cash flows; statement of changes in 
members' equity; statement of assets and liabilities that does not 
include members' equity accounts; statement of revenue and expenses; 
and statement of cash receipts and disbursements.
    (d) Financial statement audit (popularly known as an ``opinion 
audit'') refers to an audit of the financial statements of a credit 
union performed in accordance with GAAS by an independent auditor who 
is licensed by the appropriate State or jurisdiction. The objective of 
a financial statement audit is to express an opinion as to whether 
those financial statements of the credit union present fairly, in all 
material respects, the financial position and the results of its 
operations and its cash flows in conformity with GAAP, as defined 
herein, or regulatory accounting practices.
    (e) GAAP is an acronym for ``generally accepted accounting 
principles'' which refers to the conventions, rules, and procedures 
which define accepted accounting practice. GAAP includes both broad 
general guidelines and detailed practices and procedures, provides a 
standard by which to measure financial statement presentations, and 
encompasses not only accounting principles and practices but also the 
methods of applying them.
    (f) GAAS is an acronym for ``generally accepted auditing 
standards'' which refers to the standards approved and adopted by the 
American Institute of Certified Public Accountants which apply when an 
``independent, licensed certified public accountant'' audits financial 
statements. Auditing standards differ from auditing procedures in that 
``procedures'' address acts to be performed, whereas ``standards'' 
measure the quality of the performance of those acts and the objectives 
to be achieved by use of the procedures undertaken. In addition, 
auditing standards address the auditor's professional qualifications as 
well as the judgment exercised in performing the audit and in preparing 
the report of the audit.
    (g) Independent means the impartiality necessary for the 
dependability of the compensated auditor's findings. Independence 
requires the exercise of fairness toward credit union officials, 
members, creditors and others who may rely upon the report of a 
supervisory committee audit report.
    (h) Internal controls refers to the process, established by the 
credit union's board of directors, officers and employees, designed to 
provide reasonable assurance of reliable financial reporting and 
safeguarding of assets against unauthorized acquisition, use, or 
disposition. A credit union's internal control structure consists of 
five components: control environment; risk assessment; control 
activities; information and communication; and monitoring. Reliable 
financial reporting refers to preparation of Call Reports (NCUA Forms 
5300 and 5310) that meet management's financial reporting objectives. 
Internal control over safeguarding of assets against unauthorized 
acquisition, use, or disposition refers to prevention or timely 
detection of transactions involving such unauthorized access, use, or 
disposition of assets which could result in a loss that is material to 
the financial statements.
    (i) Reportable conditions refers to a matter coming to the 
attention of the independent, compensated auditor which, in his or her 
judgment, represents a significant deficiency in the design or 
operation of the internal control structure of the credit union, which 
could adversely affect its ability to record, process, summarize, and 
report financial data consistent with the representations of management 
in the financial statements.
    (j) Review and evaluation of internal controls over Call Reporting 
refers to an engagement under which management reviews its internal 
controls over Call Reporting with a concentration in the following high 
risk areas: loans, investments and cash and deposit activity, and 
documents its review. Management would then provide a written assertion 
stating whether it

[[Page 782]]

believes its internal controls are effective. The credit union's 
auditor would examine management's assertion and provide an appropriate 
report assessing that assertion.
    (k) State-licensed person refers to a person who is licensed by the 
State or jurisdiction where the credit union is located to perform 
accounting or auditing services for that credit union.
    (l) Supervisory committee refers to a supervisory committee as 
defined in Section 111(b) of the Federal Credit Union Act, 12 U.S.C. 
1786(r). For some federally-insured state chartered credit unions, the 
``audit committee'' designated by state statute or regulation is the 
equivalent of a supervisory committee.
    (m) Supervisory committee audit refers to an examination under 
either Sec. 715.4(b) or Sec. 715.9 of this part. An financial statement 
audit, as defined herein, fulfills the requirements of a ``supervisory 
committee audit.''
    (n) Working papers refers to the principal record, in any form, of 
the work performed by the auditor and/or supervisory committee to 
support its findings and/or conclusions concerning significant matters. 
Examples include the written record of procedures applied, tests 
performed, information obtained, and pertinent conclusions reached in 
the engagement, proprietary audit programs, analyses, memoranda, 
letters of confirmation and representation, abstracts of credit union 
documents, reviewer's notes, if retained, and schedules or commentaries 
prepared or obtained by the independent, compensated auditor.


Sec. 715.3  General responsibilities of the supervisory committee.

    (a) Basic. The supervisory committee is responsible for ensuring 
that the board of directors and management of the credit union meet 
required financial reporting objectives and establish practices and 
procedures sufficient to safeguard members' assets.
    (b) Specific. To carry out the responsibilities set forth in 
paragraph (a) of this section, the supervisory committee must determine 
whether:
    (1) Internal controls are established and effectively maintained to 
achieve the credit union's financial reporting objectives which must be 
sufficient to satisfy the requirements of the supervisory committee 
audit, verification of members' accounts and its additional 
responsibilities;
    (2) The credit union's accounting records and financial reports are 
promptly prepared and accurately reflect operations and results;
    (3) The relevant plans, policies, and control procedures 
established by the board of directors are properly administered; and
    (4) Policies and control procedures are sufficient to safeguard 
against error, conflict of interest, self-dealing and fraud.
    (c) Mandates. In carrying out the responsibilities set forth in 
paragraphs (a) and (b) of this section, the supervisory committee must:
    (1) Adhere to the measurement and filing requirements for reports 
filed with the NCUA Board under Sec. 741.6;
    (2) Ensure that the credit union fulfills its responsibility to 
obtain a supervisory committee audit, as prescribed in Sec. 715.4 of 
this part;
    (3) Ensure that the credit union verifies members' passbooks and 
accounts against the records of the credit union, as prescribed in 
Sec. 715.10 of this part;
    (4) Act to avoid sanctions for failure to comply with the 
requirements of this part, as prescribed in Secs. 715.13 and 715.14 of 
this part.


Sec. 715.4  Audit responsibility of the supervisory committee.

    (a) Annual audit requirement. A federally-insured credit union is 
required to obtain an annual supervisory committee audit which occurs 
at least once every calendar year (period of performance) and must 
cover the period elapsed since the last audit period (period 
effectively covered).
    (b) Financial statement audit option. Any federally-insured credit 
union, whether federally- or State-chartered and regardless of asset 
size, may choose to fulfill its supervisory committee audit 
responsibility by obtaining an annual audit of its financial statements 
performed in accordance with GAAS by an independent person who is 
licensed to do so by the State or jurisdiction in which the credit 
union is located. (A ``financial statement audit'' is distinct from a 
``supervisory committee audit,'' although a financial statement audit 
is included among the options for fulfilling the supervisory committee 
audit requirement. Compare Sec. 715.2(c) and (j).)
    (c) Other audit options. A federally-insured credit union which 
does not choose to obtain a financial statement audit as permitted by 
subsection (b) must fulfill its supervisory audit responsibility under 
either of Secs. 715.6, 715.7 or 715.8 of this part, as required. See 
Table 1.

                       Table 1.--Minimum Audit Requirements by Charter Type and Asset Size
----------------------------------------------------------------------------------------------------------------
                                                                 Minimum audit required to fulfill
          Type of charter                   Asset size              supervisory committee audit        Part 715
                                                                         responsibility \1\            section
----------------------------------------------------------------------------------------------------------------
Federal or State..................  $500 Million or more......  Financial statement audit per GAAS         715.5
                                                                 by independent, State-licensed
                                                                 person.
State.............................  Less than $500 Million....  Supervisory committee audit per            715.6
                                                                 Sec.  715.9 or State-prescribed
                                                                 audit, whichever is more stringent.
Federal...........................  Less than $500 Million but  Supervisory committee audit per            715.7
                                     greater than $10 Million.   Sec.  715.9.
Federal...........................  $10 Million or less.......  Supervisory committee audit per            715.8
                                                                 Sec.  715.9.
----------------------------------------------------------------------------------------------------------------
\1\ The Supervisory Committee audit responsibility under part 715 can always be fulfilled by obtaining a
  financial statement audit. Sec.  715.4(b).

Sec. 715.5  Audit of federally-insured credit unions having total 
assets of $500 million or greater.

    To fulfill its supervisory committee audit responsibility, a 
federally-insured credit union, whether federally- or State-chartered, 
having total assets of $500 million or greater must obtain an annual 
audit of its financial statements performed in accordance with GAAS by 
an independent person who is licensed to do so by the State or 
jurisdiction in which the credit union is located.


Sec. 715.6  Audit of federally-insured State-chartered credit unions 
having total assets of less than $500 million.

    To fulfill its supervisory committee audit responsibility, a 
federally-insured State-chartered credit union having total assets of 
less than $500 million must obtain an annual supervisory committee

[[Page 783]]

audit as prescribed under either Sec. 715.9 or Sec. 715.4(b), or an 
audit as prescribed by the State or jurisdiction in which the credit 
union is located, whichever is more stringent.


Sec. 715.7  Audit of federally-chartered credit unions having total 
assets of less than $500 million but more than $10 million.

    To fulfill its supervisory committee audit responsibility, a 
federally-chartered credit union having total assets of less than $500 
million but more than $10 million which does not choose to obtain an 
audit under Sec. 715.4(b), must obtain an annual supervisory committee 
audit as prescribed in Sec. 715.9.


Sec. 715.8  Audit of federally-chartered credit unions having total 
assets of $10 million or less.

    To fulfill its supervisory committee audit responsibility, a 
federally-chartered credit union having total assets of $10 million or 
less must obtain an annual supervisory committee audit as prescribed in 
Sec. 715.9.


Sec. 715.9  Other Supervisory Committee audit requirements if not a 
financial statement audit.

    A credit union which is not required to obtain a financial 
statement audit may fulfill its supervisory committee responsibility by 
having its Supervisory Committee or other qualified person perform any 
one of the following engagements:
    (a) Balance sheet audit. A balance sheet audit, as defined by 
Sec. 715.2(a), performed by a person who is licensed to do so by the 
State or jurisdiction in which the credit union is located; or
    (b) Review and evaluation of internal controls over call reporting. 
A ``review and evaluation of internal controls over Call Reporting'' 
(NCUA Form 5300), as defined in Sec. 715.2(j) (except that this 
engagement may be performed only by an independent, State-licensed 
person if the credit union is deemed ``complex'' pursuant to 12 U.S.C. 
1790d(d)(1)); or
    (c) Audit per supervisory committee Guide. An audit performed in 
accordance with the procedures prescribed in NCUA's Supervisory 
Committee Guide published after final adoption of this part.


Sec. 715.10  Requirements for verification of accounts and passbooks.

    (a) Verification obligation. The supervisory committee shall, at 
least once every two years, cause the passbooks (including any book, 
statements of account, or other record approved by the NCUA Board) and 
accounts of the members to be verified against the records of the 
treasurer of the credit union.
    (b) Methods. Any of the following methods may be used to verify 
members' passbooks and accounts, as appropriate:
    (1) Controlled verification. A controlled verification of 100 
percent of members' share and loan accounts;
    (2) Statistical method. A sampling method which provides for:
    (i) Random selection;
    (ii) A sample which is representative of the population from which 
it was selected;
    (iii) An equal chance of selecting each dollar in the population;
    (iv) Sufficient accounts in both number and scope to provide 
assurance that the General Ledger accounts are fairly stated to meet 
management's financial reporting objectives; and
    (v) Additional procedures to be performed if the auditor concludes 
that evidence provided by confirmations alone is not sufficient.
    (3) Non-statistical method. When the verification is performed by 
an independent auditor licensed by the State or jurisdiction in which 
the credit union is located, the auditor may choose among the sampling 
methods set forth in paragraphs (b)(1) and (2) of this section and non-
statistical sampling methods consistent with GAAS if such methods 
provide for:
    (i) Sufficient accounts in both number and scope to provide 
assurance that the General Ledger accounts are fairly stated in 
relation to the financial statements taken as a whole;
    (ii) Additional procedures to be performed if the auditor concludes 
that evidence provided by confirmations alone is not sufficient; and
    (iii) Documentation of the sampling procedures used and of their 
consistency with GAAS (to be provided to the NCUA Board upon request).
    (c) Retention of records. The supervisory committee must retain the 
records of each verification of members' passbooks and accounts until 
it completes the next verification of members' passbooks and accounts.


Sec. 715.11  Assistance from outside, compensated person.

    (a) Unrelated to officials. A compensated auditor who performs a 
supervisory committee audit on behalf of a credit union shall not be 
related by blood or marriage to any employee, or member of either the 
board of directors, the supervisory committee or the credit committee, 
or loan officer of that credit union, or to the spouse, child, parent, 
grandchild, grandparent, brother or sister of such employee, member or 
officer.
    (b) Engagement letter. The engagement of a compensated auditor to 
perform all or a portion of the scope of a financial statement audit or 
supervisory committee audit shall be evidenced by an engagement letter. 
In all cases, the engagement must be contracted directly with the 
supervisory committee. The engagement letter must be signed by the 
compensated auditor and acknowledged therein by the Supervisory 
Committee prior to commencement of the engagement.
    (c) Contents of letter. The engagement letter shall:
    (1) Specify the terms, conditions, and objectives of the 
engagement;
    (2) Identify the basis of accounting to be used;
    (3) If not a financial statement audit or balance sheet audit, 
include an appendix setting forth the procedures to be performed;
    (4) Specify the rate of, or total, compensation to be paid for the 
audit;
    (5) Provide that the auditor shall, upon completion of the 
engagement, deliver to the Supervisory Committee a written report of 
the audit and notice in writing, either within the report or 
communicated separately, of any internal control reportable conditions 
and/or irregularities or illegal acts, if any, which come to the 
auditor's attention during the normal course of the audit (i.e., no 
notice required if none noted);
    (6) Specify a target date of delivery of the written reports;
    (7) Certify that NCUA staff and/or the State credit union 
supervisor, or designated representatives of each, will be provided 
unconditional access to the complete set of original working papers, 
either at the offices of the credit union or at a mutually agreed upon 
location, for purposes of inspection; and
    (8) Acknowledge that working papers shall be retained for a minimum 
of three years from the date of the written audit report.
    (d) Complete scope. If the engagement is to perform a supervisory 
committee audit that will address all of the requirements of 
Sec. 715.9(b) or (c), the engagement letter shall certify that the 
audit addresses the complete scope of a supervisory committee audit.
    (e) Exclusions from scope. If the engagement is to perform a 
supervisory committee audit which will exclude any item required by 
Sec. 715.9(b) or (c), the engagement letter shall:
    (1) Identify the excluded items;
    (2) State that, because of the exclusion(s), the resulting audit 
will not, by itself, fulfill the scope of a supervisory committee 
audit; and

[[Page 784]]

    (3) Caution that the supervisory committee will remain responsible 
for fulfilling the scope of a supervisory committee audit with respect 
to the excluded items.


Sec. 715.12  Audit report and working paper maintenance and access.

    (a) Audit report. Upon completion and/or receipt of the written 
report of a financial statement audit or a supervisory committee audit, 
the Supervisory Committee must verify that the audit was performed and 
reported in accordance with the terms of the engagement letter 
prescribed herein. The Supervisory Committee must submit the report(s) 
to the board of directors, and submit a report of the results of the 
audit to the members of the credit union at the next annual meeting of 
the credit union. The Supervisory Committee shall, upon request, 
provide to the National Credit Union Administration a copy of each of 
the audit reports it receives or produces.
    (b) Working papers. The supervisory committee shall be responsible 
for preparing and maintaining, or making available, a complete set of 
original working papers supporting each supervisory committee audit. 
The supervisory committee shall, upon request, provide NCUA staff 
unconditional access to such working papers, either at the offices of 
the credit union or at a mutually agreeable location, for purposes of 
inspecting such working papers.


Sec. 715.13  Sanctions for failure to comply with this part.

    (a) Sanctions. Failure of a supervisory committee and/or its 
independent compensated auditor or other person to comply with the 
requirements of this section, or the terms of an engagement letter 
required by this section, is grounds for:
    (1) The regional director to reject the supervisory committee 
audit;
    (2) The regional director to impose the remedies available in 
Sec. 715.14 of this part, 12 CFR 715.14, provided any of the conditions 
specified therein is present; and
    (3) The NCUA Board to seek formal administrative sanctions against 
the supervisory committee and/or its independent, compensated auditor 
pursuant to section 206(r) of the Federal Credit Union Act, 12 U.S.C. 
1786(r).
    (b) State charters. In the case of a federally-insured State-
chartered credit union, NCUA shall provide the state regulator an 
opportunity to timely impose a remedy satisfactory to NCUA before 
seeking to impose a sanction permitted under paragraph (a) of this 
section.


Sec. 715.14  Statutory audit remedies for Federal credit unions.

    (a) Independent auditor required. The NCUA Board may compel a 
federal credit union to obtain a supervisory committee audit which 
meets the minimum requirements of Sec. 715.4(c), and which is performed 
by an independent person who is licensed by the State or jurisdiction 
in which the credit union is located, for any fiscal year in which any 
of the following three conditions is present:
    (1) The supervisory committee has not obtained an annual financial 
statement audit or performed a supervisory committee audit; or
    (2) The supervisory committee has obtained a financial statement 
audit or performed a supervisory committee audit which does not meet 
the requirements of part 715 including those of Sec. 715.10.
    (3) The credit union has experienced serious and persistent 
recordkeeping deficiencies as defined in paragraph (c) of this section.
    (b) Financial statement audit required. The NCUA Board may compel a 
federal credit union to obtain a financial statement audit performed in 
accordance with GAAS by an independent person who is licensed by the 
State or jurisdiction in which the credit union is located (even if 
such audit is not required by section 715.5), for any fiscal year in 
which the credit union has experienced serious and persistent 
recordkeeping deficiencies as defined in paragraph (c) of this section. 
The objective of a financial statement audit performed under this 
subsection is to reconstruct the records of the credit union sufficient 
to allow an unqualified or, if necessary, a qualified opinion on the 
credit union's financial statements. An adverse opinion should be the 
exception rather than the norm.
    (c) ``Serious and persistent recordkeeping deficiencies.'' A 
recordkeeping deficiency is ``serious'' if the NCUA Board reasonably 
believes that the board of directors and management of the credit union 
have not timely met financial reporting objectives and established 
practices and procedures sufficient to safeguard members' assets. A 
serious recordkeeping deficiency is ``persistent'' when it continues 
beyond a usual, expected or reasonable period of time.

PART 741--REQUIREMENTS FOR INSURANCE

    4. The authority citation for part 741 continues to read as 
follows:

    Authority: 12 U.S.C. 1757, 1766, and 1781-1790. Section 741.4 is 
also authorized by 31 U.S.C. 3717.

    5. Section 741.6 is amended to change the phrase in paragraph (a) 
from ``before January 31 and on or before July 31'' to ``before January 
22 and on or before July 22''; and to redesignate paragraph (b) as 
paragraph (d) and to add paragraphs (b) and (c) to read as follows:


Sec. 741.6  Financial and statistical and other reports.

* * * * *
    (b) Consistency with GAAP. The financial statements and reports 
required to be filed quarterly or semiannually under paragraph (a) of 
this section must reflect measurement principles consistent with GAAP 
if the credit union has total assets of $10 Million or greater, but may 
reflect measurement principles which differ from GAAP if the credit 
union has total assets of less than $10 Million (except that a 
Federally-insured State-chartered credit union may be required by its 
state credit union supervisor to follow GAAP regardless of asset size).
    (c) GAAP sources. GAAP means generally accepted accounting 
principles, as defined in Sec. 715.2(e) of this chapter. GAAP is 
distinct from GAAS, which means generally accepted auditing standards, 
as defined in Sec. 715.2(f) of this chapter. Authoritative sources of 
GAAP include, but are not limited to, pronouncements of the Financial 
Accounting Standards Board (FASB) and its predecessor organizations, 
the Accounting Standards Executive Committee (AcSEC) of the American 
Institute of Certified Public Accountants (AICPA), the FASB's Emerging 
Issues Task Force (EITF), and the applicable AICPA Audit and Accounting 
Guide.
* * * * *


Sec. 741.202  [Amended]

    6. Section 741.202 is amended to change: the references in 
paragraph (a) from ``Secs.  701.12 and 701.13'' to ``Sec. 715.2 through 
Sec. 715.6 and Sec. 715.9 through Sec. 715.14''; to add at the ending 
of paragraph (a) after ``of this chapter'' the phrase ``or applicable 
state law, if more stringent.''; and to change references in paragraph 
(b) from ``Secs. 701.12(e) and 701.13'' to ``Secs. 715.10, 715.13, and 
715.14''.

[FR Doc. 99-150 Filed 1-5-99; 8:45 am]
BILLING CODE 7535-01-U