12 CFR § 9.9 - Audit of fiduciary activities.
(a) Annual audit. At least once during each calendar year, a national bank shall arrange for a suitable audit (by internal or external auditors) of all significant fiduciary activities, under the direction of its fiduciary audit committee, unless the bank adopts a continuous audit system in accordance with paragraph (b) of this section. The bank shall note the results of the audit (including significant actions taken as a result of the audit) in the minutes of the board of directors.
(b) Continuous audit. In lieu of performing annual audits under paragraph (a) of this section, a national bank may adopt a continuous audit system under which the bank arranges for a discrete audit (by internal or external auditors) of each significant fiduciary activity (i.e., on an activity-by-activity basis), under the direction of its fiduciary audit committee, at an interval commensurate with the nature and risk of that activity. Thus, certain fiduciary activities may receive audits at intervals greater or less than one year, as appropriate. A bank that adopts a continuous audit system shall note the results of all discrete audits performed since the last audit report (including significant actions taken as a result of the audits) in the minutes of the board of directors at least once during each calendar year .
(c) Fiduciary audit committee. A national bank's fiduciary audit committee must consist of a committee of the bank's directors or an audit committee of an affiliate of the bank. However, in either case, the committee:
(1) Must not include any officers of the bank or an affiliate who participate significantly in the administration of the bank's fiduciary activities; and
(2) Must consist of a majority of members who are not also members of any committee to which the board of directors has delegated power to manage and control the fiduciary activities of the bank.