How the Sarbanes-Oxley Act Is Affecting Profitability in the Banking Industry
A Comparison Study of the Initial Impact

By Carl Borgia and Philip H. Siegel

E-mail Story
Print Story
AUGUST 2008 - Commercial banking has traditionally been a highly regulated industry. The Federal Deposit Insurance Corporation Improvement Act (FDICIA) of 1991 required significant auditing, corporate reporting, and governance reforms for all banking institutions with more than $500 million in assets. This threshold increased to $1 billion in 2006. Some compliance requirements of FDICIA are similar to the Sarbanes-Oxley Act of 2002 (SOX). Both FDICIA and SOX have provisions dealing with audit committees, management responsibilities, internal control reporting, and auditor requirements. SOX was modeled after FDICIA, but the provisions of SOX go far beyond those of the model and require an audit of the internal controls of an SEC registrant throughout the year.

The present study compares the profitability of public and private bank holding companies in the years prior and subsequent to the passage of SOX. Public companies report under SOX and FDICIA, whereas private companies report only under FDICIA. The comparison shows that public bank holding companies have significantly lower profitability ratios than private ones. When profitability for 2001 (the year before SOX was passed) is compared to profitability for 2003 (the year after), the profitability ratios of public bank holding companies do not significantly increase, while those of private ones do. This implies that SOX compliance procedures did not help public bank holding companies realize sufficient operational efficiencies to outweigh the costs of SOX implementation.

Reporting Requirements, Costs, and Profitability

The reporting requirements under FDICIA and SOX are somewhat similar, but there are significant differences. If these requirements are extensive and costly under SOX, as has been reported, profitability may be affected for public companies.

FDICIA requires that the audit committee be composed of directors who are independent of management. The committee’s mandate includes reviewing the bank’s financial and internal control reports with the bank’s management and external auditors. When a bank has more than $3 billion in assets, FDICIA also requires it to: 1) have at least one member of the audit committee with banking or related financial expertise; 2) have an audit committee with members that have access to their own outside counsel; and 3) exclude any large bank clients from committee membership.

SOX goes further than FDICIA by increasing and defining its requirements. For example, SOX requires each public company to have an audit committee composed entirely of independent directors with outside counsel, not just access to outside counsel. An additional stipulation is that the audit committee must not only have a financial expert, but it must also disclose annually whether one or more financial experts are represented on the committee.

Management reporting requirements. FDICIA requires each bank holding company to file annual audited financial statements with its regulator. In addition, management must file a report that does the following:

  • Acknowledges management’s responsibility for preparing the bank’s financial statements, maintaining adequate controls for financial reporting, and complying with laws related to dividends and insider loans;
  • Evaluates the effectiveness of the bank’s financial reporting controls as of year-end; and
  • Assesses the bank’s compliance with laws related to dividends and insider loans throughout the year.

Management’s responsibilities under SOX are similar to those required under FDICIA. Like FDICIA, SOX requires that management file a report acknowledging its responsibility for preparing the company’s financial statements, and evaluating the effectiveness of financial reporting controls as of year-end. SOX further specifies that the management report include an evaluation of the maintenance of controls for financial reporting. In effect, this requires a complete audit of internal controls, which significantly increases auditors’ time and other costs involved in examining these controls.

Auditor reporting requirements. FDICIA requires that the auditor attest to management’s evaluation of the effectiveness of its financial reporting controls as of year-end. The external accountants of a covered bank holding company must comply with the following:

  • Be licensed by an appropriate state body;
  • Agree to provide regulators with access to the auditor’s workpapers;
  • File peer review reports with FDICIA;
  • Conform to the independence requirements of both the AICPA and SEC; and
  • Notify regulators as to whether they agree with the reasons stated by a former client for terminating the auditor’s services.

When attesting to the SOX requirement that independent accountants evaluate management’s maintenance of internal controls, auditors use the standards set forth by the Public Company Accounting Oversight Board’s (PCAOB) Auditing Standard 2 (AS2). These standards require a complete examination by external auditors that is separate and apart from management’s report.

Costs and Income After SOX

SOX requires that a company and its auditors perform many more tests of documentation, development, and evaluation of internal controls than are required under FDICIA. Therefore, SOX compliance costs are expected to be higher than those under FDICIA.

FDICIA provisions increased compliance costs in the early 1990s, but bank holding companies benefited from operational improvements. Studies showed that profitability ratios not only covered the increased compliance costs, but also added to overall profitability due to operational efficiencies.

Lisa Birr (“Before and After the FDICIA: A Look into Commercial Banking Risk Behavior and Profit,” The Park Place Economist, volume 9, issue 1, 1999) studied the initial effect of FDICIA on the banking industry and found profitability measures improved. The average return on assets (ROA) increased from 1.13 to 1.46 during the six years following enactment, an increase of 29% for the period.

Jo Lynne Koehn and Stephen C. Del Vecchio (“Ripple Effects of the Sarbanes-Oxley Act,” The CPA Journal, February 2004) studied the effects of SOX implementation on public companies. They reported the results of a survey on the cost of SOX compliance on 32 mid-sized companies. The overall compliance cost increased from $1,303,000 to $2,463,000 per year, an increase of 88.3%. Susan W. Eldridge and Burch T. Kealey (“SOX Costs: Auditor Attestation Under Section 404,” Social Science Research Network, 2005, investigated the effect of SOX upon bank holding companies and reported an average increase of 100% in audit fees from 2003 to 2004 for their sample of banks. They attributed this increase to the additional cost of SOX audit compliance.

Comparison of Bank Profitability Ratios

The authors conducted research to examine the profitability ratios of all 2,300 active bank holding companies (private and public) that were required to file consolidated regulatory reports with the Federal Reserve from 2001 through 2003. Data were collected to calculate the return on assets and the average return on equity (ROE) of public and of private bank holding companies for 2001 (the year before SOX was passed) and 2003 (the year after). These ratios are primary measures of overall profitability.

ROA measures how effectively a bank holding company uses its assets, but it does not consider how effectively these assets have been financed. ROE indicates the ultimate return to shareholders of the company, including both the profits generated by the assets and the way in which these assets have been financed.

Because the cost of SOX compliance has been shown to be high, profitability after SOX implementation was expected to be negatively impacted for public bank holding companies but not for private ones. ROA and ROE for private and public banks were calculated using data for 2001 and for 2003. These ratios were then tested for statistical differences for each group using an analysis of variance (ANOVA).

SOX-compliant bank holding companies experienced an increase in profitability measures from 2001 to 2003. ROA went from 1.06 to 1.10, and ROE increased from 12.20 to 12.55. The statistical tests, however, showed no significant difference for these increases.

Private bank holding companies had an increase in profitability measures from 2001 to 2003. ROA went from 1.10 to 1.18, and ROE increased from 12.20 to 13.21. For these companies, the statistical tests indicated significant differences for these results.

The results of this study are fairly telling about how SOX affects profitability of public bank holding companies. ROA increased only 4% for public companies from 2001 to 2003, but it increased twice as much (8%) for private companies. ROE showed even greater differences for public and private entities. For public companies, ROE increased 3%, whereas private companies experienced an 8% increase. Clearly, SOX had a negative initial impact on the profitability of public bank holding companies.

Jury Still Out

Is SOX too much too soon, and overkill? Or do improved operational efficiencies for SOX-compliant companies outweigh its costs? This analysis indicates that public bank holding companies were not as profitable as private companies after implementation of SOX, implying that, at least initially, operational efficiencies did not outweigh the costs of SOX.

Some argue that over time, SOX-compliance costs will fall as companies continue to implement its requirements. The argument against this position, however, is that many industries, such as banking, experience rapid technological change and, therefore, face continuous costs of developing, implementing, examining, and reporting on new internal controls in order to satisfy SOX requirements.

Critics point to the high cost of SOX compliance as a factor in the loss of market share by U.S. securities markets. To compete in the international arena, U.S. securities markets must operate as efficiently as possible. If companies do not show operating efficiencies as a result of SOX procedures, their ability to compete may be affected. This also may give them the incentive to go private to avoid SOX compliance.

The banking industry offers an opportunity to monitor the effects of SOX compliance on public companies from another perspective. Because banking is a highly regulated industry, information is available to the public on both private and public companies. This offers the opportunity to continue monitoring the impact of SOX compliance on public firms.

Carl Borgia, PhD, CPA, is an associate professor, and Philip H. Siegel, PhD, CPA, is a visiting professor, both in the School of Accounting of the College of Business of Florida Atlantic University, Boca Raton, Fla.




















The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices