Dear Manager and Board of Directors:
The recently enacted provisions of the Sarbanes-Oxley Act of 2002 (SarbanesOxley) are designed to improve the corporate governance1, financial disclosures and auditing relationships of public companies.2 The federal banking agencies recently issued guidance for financial institutions on compliance with the Sarbanes-Oxley Act. While the Sarbanes-Oxley Act and the Securities and Exchange Commission’s (SEC’s) implementing regulations do not apply specifically to federal credit unions (FCUs), certain provisions may be appropriate to consider for some FCUs. Accordingly, this Letter and its enclosure provide a summary of selected provisions of the Sarbanes-Oxley Act that NCUA believes are relevant to FCUs.
FCUs are encouraged to consider the guidance provided and are urged to periodically review their policies and procedures as they relate to matters of corporate governance and auditing. A proper review should take into account the size, operations and resources of the credit union and should ensure that all policies and procedures are consistent with applicable laws, regulations, and supervisory guidance.
The enclosure includes guidance patterned after similar guidance issued by the Federal Deposit Insurance Corporation (FDIC) in its Financial Institution Letter (FIL-17-2003) issued March 5, 2003. Each section of the enclosure selects a provision of the Sarbanes-Oxley Act, provides a summary of the provision (enclosure, column 1), and identifies any implementing regulation. Each section summary is followed by a description of related, existing statutes, regulations, or issuances applicable to FCUs (enclosure, column 2) or comments concerning sound corporate governance practices that FCUs may wish to consider implementing, to the extent feasible given the credit union’s size, complexity, and risk profile (enclosure, column 3).
1“Corporate governance” means practices and procedures that comply with applicable chartering acts and other federal law, rules, and regulations, and must be consistent with the safe and sound operations of a company. Each credit union must follow the corporate governance practices and procedures of the applicable law of the jurisdiction in which the FCU’s principal office is located, to the extent not inconsistent with federal law. Generally, each credit union designates in its bylaws the body of law elected for its corporate governance practices and procedures.
2Public companies mean those companies that have a class of securities registered with the Securities and Exchange Commission (SEC) or the appropriate federal banking agency under Section 12 of the Securities Exchange Act of 1934.