The Unintended Consequences of SarbOx 404

The proposed requirement on internal control attestation will unnecessarily divert credit union resources away from the strategic imperative to strengthen member value.

 
 

Until now, credit unions have been exempt from the public company albatross known as Sarbanes-Oxley. This may be about to change. NCUA has proposed that credit unions adopt processes for ensuring the integrity of internal controls—processes very similar to those outlined in the dreaded Section 404 of the Sarbanes-Oxley Act.

Section 404 requires documentation and testing of the minute details of a company’s internal financial and operational controls. Corporate America, which has been struggling for two years to implement Section 404, has had this to say about its requirements:

  • “A dagger aimed at the heart of the economy”
  • “The worst affliction visited on public companies in the last 70 years”
  • “Illustrates the folly of Congress trying to legislate risk- and error-free business operations”

I have nothing against regulation in general, and believe that Sarbanes-Oxley and other regulation inspired by it in many areas works very effectively. However, I do have concerns about regulation that is designed not to address existing weaknesses but instead to synchronize regulation across disparate types of organizations. As cooperatives, credit unions already have a level of shareholder (i.e. member) oversight and involvement that is unheard of in public companies, and it is difficult to see benefits from this regulation that come close to outweighing the costs.

Here are some of the questions you should be thinking about as you formulate your comments to NCUA (due on April 24):

  • What projects will you have sideline or delay because resources must be reallocated to compliance? How important are those projects to your strategic plan and to your members?
  • What new skills will you need on staff to manage the process? What will you have to pay them?
  • Do you have existing relationships with experienced outside resources to get this project done?
  • Can you pay the costs of compliance out of cash flow, or will you need to dip into capital? How will these expenditures affect your dividend and loan rates?
  • What software or systems will you need to purchase in order to comply?
  • How will the proposed standard affect your future systems decisions? Are your IT systems sufficiently flexible?
  • How will the standard affect your willingness to take measured risk?
  • How will this standard affect or complicate merger activity?

It is essential for credit unions to educate themselves on this process, estimate the direct and indirect costs of compliance, and respond with comments by the deadline.

 

 

 

March 20, 2006


Comments

 
 
 
  • I agree that we have a "run away train" now in DC. Everyone is assumed to be Kenneth Lay until we spend XX of unproductive hours and dollars coming up with some vague report that lets congress and regulators say "isn't our fault, we made them dig deeper".
    Anonymous
     
     
     
  • "As cooperatives, credit unions already have a level of shareholder (i.e. member) oversight and involvement that is unheard of in public companies, and it is difficult to see benefits from this regulation that come close to outweighing the costs." I quote this line because I feel it is the heart of a flawed argument. You are deluding yourself if you believe that level of member involvement and oversight in most U.S. credit unions is sufficient enough to prevent the kinds of actions that Sarbanes-Oxley is designed to curtail. Hopelessy out-of-date board selection procedures for credit unions make credit union elections more akin to conspiracies than to actual democratic processes. How can such practices result in "increased member value" unless we are defining that as "increasing the value of those members closest to the board"?
    Anonymous