Full Text

Commercial banking has traditionally been a highly regulated industry. The Federal Deposit Insurance Corporation Improvement Act (FDICIA) of 1991 required significant auditing, corporate reporting, and governance reforms for all banking institutions with more than $500 million in assets. This threshold increased to $1 billion in 2006. Some compliance requirements of FDICIA are similar to the Sarbanes-Oxley Act of 2002 (SOX). Both FDICIA and SOX have provisions dealing with audit committees, management responsibilities, internal control reporting, and auditor requirements. SOX was modeled after FDICIA, but the provisions of SOX go far beyond those of the model and require an audit of the internal controls of an SEC registrant throughout the year.

The present study compares the profitability of public and private bank holding companies in the years prior and subsequent to the passage of SOX. Public companies report under SOX and FDICIA, whereas private companies report only under FDICIA. The comparison shows that public bank holding companies have significantly lower profitability ratios than private ones. When profitability for 2001 (the year before SOX was passed) is compared to profitability for 2003 (the year after), the profitability ratios of public bank holding companies do not significantly increase, while those of private ones do. This implies that SOX compliance procedures did not help public bank holding companies realize sufficient operational efficiencies to outweigh the costs of SOX implementation.

Reporting Requirements, Costs, and Profitability

The reporting requirements under FDICIA and SOX are somewhat similar, but there are significant differences. If these requirements are extensive and costly under SOX, as has been reported, profitability may be affected for public companies.

FDICIA requires that the audit committee be composed of directors who are independent of management. The committee's mandate includes reviewing the bank's financial and internal control reports with the bank's management and external auditors. When a bank has more than $3 billion in assets, FDICIA also requires it to: 1) have at least one member of the audit committee with banking or related financial expertise; 2) have an audit committee with members that have access to their own outside counsel; and 3) exclude any large bank clients from committee membership.

SOX goes further than FDICIA by increasing and defining its requirements. For example, SOX requires each public company to have...