the Sarbanes-Oxley Act Is Affecting Profitability in the Banking
A Comparison Study of the Initial Impact
Carl Borgia and Philip H. Siegel
- Commercial banking has traditionally been a highly regulated industry.
The Federal Deposit Insurance Corporation Improvement Act (FDICIA)
of 1991 required significant auditing, corporate reporting, and
governance reforms for all banking institutions with more than $500
million in assets. This threshold increased to $1 billion in 2006.
Some compliance requirements of FDICIA are similar to the Sarbanes-Oxley
Act of 2002 (SOX). Both FDICIA and SOX have provisions dealing with
audit committees, management responsibilities, internal control
reporting, and auditor requirements. SOX was modeled after FDICIA,
but the provisions of SOX go far beyond those of the model and require
an audit of the internal controls of an SEC registrant throughout
present study compares the profitability of public and private
bank holding companies in the years prior and subsequent to the
passage of SOX. Public companies report under SOX and FDICIA,
whereas private companies report only under FDICIA. The comparison
shows that public bank holding companies have significantly lower
profitability ratios than private ones. When profitability for
2001 (the year before SOX was passed) is compared to profitability
for 2003 (the year after), the profitability ratios of public
bank holding companies do not significantly increase, while those
of private ones do. This implies that SOX compliance procedures
did not help public bank holding companies realize sufficient
operational efficiencies to outweigh the costs of SOX implementation.
Requirements, Costs, and Profitability
requirements under FDICIA and SOX are somewhat similar, but there
are significant differences. If these requirements are extensive
and costly under SOX, as has been reported, profitability may
be affected for public companies.
that the audit committee be composed of directors who are independent
of management. The committee’s mandate includes reviewing
the bank’s financial and internal control reports with the
bank’s management and external auditors. When a bank has
more than $3 billion in assets, FDICIA also requires it to: 1)
have at least one member of the audit committee with banking or
related financial expertise; 2) have an audit committee with members
that have access to their own outside counsel; and 3) exclude
any large bank clients from committee membership.
further than FDICIA by increasing and defining its requirements.
For example, SOX requires each public company to have an audit
committee composed entirely of independent directors with outside
counsel, not just access to outside counsel. An additional stipulation
is that the audit committee must not only have a financial expert,
but it must also disclose annually whether one or more financial
experts are represented on the committee.
reporting requirements. FDICIA requires each bank
holding company to file annual audited financial statements with
its regulator. In addition, management must file a report that
does the following:
management’s responsibility for preparing the bank’s
financial statements, maintaining adequate controls for financial
reporting, and complying with laws related to dividends and
the effectiveness of the bank’s financial reporting controls
as of year-end; and
the bank’s compliance with laws related to dividends and
insider loans throughout the year.
responsibilities under SOX are similar to those required under
FDICIA. Like FDICIA, SOX requires that management file a report
acknowledging its responsibility for preparing the company’s
financial statements, and evaluating the effectiveness of financial
reporting controls as of year-end. SOX further specifies that
the management report include an evaluation of the maintenance
of controls for financial reporting. In effect, this requires
a complete audit of internal controls, which significantly increases
auditors’ time and other costs involved in examining these
reporting requirements. FDICIA requires that the
auditor attest to management’s evaluation of the effectiveness
of its financial reporting controls as of year-end. The external
accountants of a covered bank holding company must comply with
- Be licensed
by an appropriate state body;
to provide regulators with access to the auditor’s workpapers;
peer review reports with FDICIA;
to the independence requirements of both the AICPA and SEC;
regulators as to whether they agree with the reasons stated
by a former client for terminating the auditor’s services.
to the SOX requirement that independent accountants evaluate management’s
maintenance of internal controls, auditors use the standards set
forth by the Public Company Accounting Oversight Board’s
(PCAOB) Auditing Standard 2 (AS2). These standards require a complete
examination by external auditors that is separate and apart from
and Income After SOX
that a company and its auditors perform many more tests of documentation,
development, and evaluation of internal controls than are required
under FDICIA. Therefore, SOX compliance costs are expected to
be higher than those under FDICIA.
increased compliance costs in the early 1990s, but bank holding
companies benefited from operational improvements. Studies showed
that profitability ratios not only covered the increased compliance
costs, but also added to overall profitability due to operational
(“Before and After the FDICIA: A Look into Commercial Banking
Risk Behavior and Profit,” The Park Place Economist,
volume 9, issue 1, 1999) studied the initial effect of FDICIA
on the banking industry and found profitability measures improved.
The average return on assets (ROA) increased from 1.13 to 1.46
during the six years following enactment, an increase of 29% for
Koehn and Stephen C. Del Vecchio (“Ripple Effects of the
Sarbanes-Oxley Act,” The CPA Journal, February
2004) studied the effects of SOX implementation on public companies.
They reported the results of a survey on the cost of SOX compliance
on 32 mid-sized companies. The overall compliance cost increased
from $1,303,000 to $2,463,000 per year, an increase of 88.3%.
Susan W. Eldridge and Burch T. Kealey (“SOX Costs: Auditor
Attestation Under Section 404,” Social Science Research
Network, 2005, http://ssrn.com/abstract=743285)
investigated the effect of SOX upon bank holding companies and
reported an average increase of 100% in audit fees from 2003 to
2004 for their sample of banks. They attributed this increase
to the additional cost of SOX audit compliance.
of Bank Profitability Ratios
conducted research to examine the profitability ratios of all
2,300 active bank holding companies (private and public) that
were required to file consolidated regulatory reports with the
Federal Reserve from 2001 through 2003. Data were collected to
calculate the return on assets and the average return on equity
(ROE) of public and of private bank holding companies for 2001
(the year before SOX was passed) and 2003 (the year after). These
ratios are primary measures of overall profitability.
how effectively a bank holding company uses its assets, but it
does not consider how effectively these assets have been financed.
ROE indicates the ultimate return to shareholders of the company,
including both the profits generated by the assets and the way
in which these assets have been financed.
cost of SOX compliance has been shown to be high, profitability
after SOX implementation was expected to be negatively impacted
for public bank holding companies but not for private ones. ROA
and ROE for private and public banks were calculated using data
for 2001 and for 2003. These ratios were then tested for statistical
differences for each group using an analysis of variance (ANOVA).
bank holding companies experienced an increase in profitability
measures from 2001 to 2003. ROA went from 1.06 to 1.10, and ROE
increased from 12.20 to 12.55. The statistical tests, however,
showed no significant difference for these increases.
holding companies had an increase in profitability measures from
2001 to 2003. ROA went from 1.10 to 1.18, and ROE increased from
12.20 to 13.21. For these companies, the statistical tests indicated
significant differences for these results.
of this study are fairly telling about how SOX affects profitability
of public bank holding companies. ROA increased only 4% for public
companies from 2001 to 2003, but it increased twice as much (8%)
for private companies. ROE showed even greater differences for
public and private entities. For public companies, ROE increased
3%, whereas private companies experienced an 8% increase. Clearly,
SOX had a negative initial impact on the profitability of public
bank holding companies.
Is SOX too
much too soon, and overkill? Or do improved operational efficiencies
for SOX-compliant companies outweigh its costs? This analysis
indicates that public bank holding companies were not as profitable
as private companies after implementation of SOX, implying that,
at least initially, operational efficiencies did not outweigh
the costs of SOX.
that over time, SOX-compliance costs will fall as companies continue
to implement its requirements. The argument against this position,
however, is that many industries, such as banking, experience
rapid technological change and, therefore, face continuous costs
of developing, implementing, examining, and reporting on new internal
controls in order to satisfy SOX requirements.
to the high cost of SOX compliance as a factor in the loss of
market share by U.S. securities markets. To compete in the international
arena, U.S. securities markets must operate as efficiently as
possible. If companies do not show operating efficiencies as a
result of SOX procedures, their ability to compete may be affected.
This also may give them the incentive to go private to avoid SOX
industry offers an opportunity to monitor the effects of SOX compliance
on public companies from another perspective. Because banking
is a highly regulated industry, information is available to the
public on both private and public companies. This offers the opportunity
to continue monitoring the impact of SOX compliance on public
Borgia, PhD, CPA, is an associate professor, and Philip
H. Siegel, PhD, CPA, is a visiting professor, both in the
School of Accounting of the College of Business of Florida Atlantic
University, Boca Raton, Fla.