12 CFR § 363.5 - Audit committees.
(a) Composition and duties. Each insured depository institution shall establish an audit committee of its board of directors, the composition of which complies with paragraphs (a)(1), (2), and (3) of this section. The duties of the audit committee shall include the appointment, compensation, and oversight of the independent public accountant who performs services required under this part, and reviewing with management and the independent public accountant the basis for the reports issued under this part.
(1) Each insured depository institution with total assets of $1 billion or more as of the beginning of its fiscal year shall establish an independent audit committee of its board of directors, the members of which shall be outside directors who are independent of management of the institution.
(2) Each insured depository institution with total assets of $500 million or more but less than $1 billion as of the beginning of its fiscal year shall establish an audit committee of its board of directors, the members of which shall be outside directors, the majority of whom shall be independent of management of the institution. The appropriate Federal banking agency may, by order or regulation, permit the audit committee of such an insured depository institution to be made up of less than a majority of outside directors who are independent of management, if the agency determines that the institution has encountered hardships in retaining and recruiting a sufficient number of competent outside directors to serve on the audit committee of the institution.
(3) An outside director is a director who is not, and within the preceding fiscal year has not been, an officer or employee of the institution or any affiliate of the institution.
(b) Committees of large institutions. The audit committee of any insured depository institution with total assets of more than $3 billion as of the beginning of its fiscal year shall include members with banking or related financial management expertise, have access to its own outside counsel, and not include any large customers of the institution. If a large institution is a subsidiary of a holding company and relies on the audit committee of the holding company to comply with this rule, the holding company's audit committee shall not include any members who are large customers of the subsidiary institution.
(c) Independent public accountant engagement letters.
(1) In performing its duties with respect to the appointment of the institution's independent public accountant, the audit committee shall ensure that engagement letters and any related agreements with the independent public accountant for services to be performed under this part do not contain any limitation of liability provisions that:
(i) Indemnify the independent public accountant against claims made by third parties;
(ii) Hold harmless or release the independent public accountant from liability for claims or potential claims that might be asserted by the client insured depository institution, other than claims for punitive damages; or
(iii) Limit the remedies available to the client insured depository institution.
(2) Alternative dispute resolution agreements and jury trial waiver provisions are not precluded from engagement letters provided that they do not incorporate any limitation of liability provisions set forth in paragraph (c)(1) of this section.