Establishment and Purposes of the Committee
The Board of Directors of Paragon Bank (the “Bank”) hereby creates the Audit & Compliance Committee (the “Committee”) of the Board of Directors, which shall: (1) assist the Board of Directors in its oversight of (a) the Bank's accounting and financial reporting principles and policies and internal audit controls and procedures, (b) the integrity of the Bank's financial statements, (c) the Bank’s compliance with legal and regulatory requirements, (d) the independent auditor's qualifications and independence, and (e) the performance of the independent auditor and Bank’s internal audit function. In so doing, it is the responsibility of the Audit and Compliance Committee to maintain free and open communication between the directors, the independent auditors, the internal audit, loan review and regulatory compliance personnel, and management of the Bank.
In accordance with the Bank’s by-laws, there shall be an Audit and Compliance Committee composed of at least three directors, exclusive of any active officers, as appointed by the Board at least annually. The duty of this Committee shall be to examine at least once during each calendar year and within 15 months of the last examination the affairs of the Bank or cause suitable examinations to be made by auditors responsible only to the Board and report the result of the examination in writing to the Board at the next regular meeting. The Audit & Compliance Committee will report all actions taken by the Committee to monitor diligently the sound condition of the Bank, the adequacy of its internal controls, and that internal control procedures are being followed. The report will include all significant findings and concerns of the internal and external auditors, how significant problems were resolved, and shall recommend to the Board any changes of conducting the affairs of the Bank as shall be determined to be advisable.
The function of the Committee is oversight. Management of the Bank is responsible for preparation, presentation and integrity of the Bank’s financial statements. Management is responsible for maintaining appropriate accounting and financial reporting principles and policies and internal controls and procedures to provide for compliance with accounting standards and applicable laws and regulations, and the internal auditor is responsible for testing such internal controls and procedures. The independent auditor is responsible for planning and carrying out a proper audit of the Bank’s annual financial statements, reviews of the Bank’s quarterly financial statements prior to the filing of each quarterly report on Form 10-Q, and other procedures. It is recognized that, in fulfilling their responsibilities hereunder, members of the Committee are not full-time employees of the Bank and are not, and do not represent themselves to be, performing the functions of accountants or auditors. As such, it is not the duty or responsibility of the Committee or its members to conduct “field work” or other types of auditing or accounting reviews or procedures or to set auditor independence standards, and each member of the Committee shall be entitled to rely on (1) the integrity of those persons and organizations within and outside the Bank from which it receives information, (2) the accuracy of the financial and other information provided to the Committee by such persons or organizations absent actual knowledge to the contrary (which shall be promptly reported to the Board) and (3) the representations made by management as to any non-audit services provided by the independent auditor to the Bank. Further, in fulfilling their responsibilities hereunder, the members of the Committee will incorporate the use of reasonable materiality standards, including the size of the Bank and the nature, scope and risks of the activities conducted.
The independent auditor for the Bank is accountable to the Committee as representatives of the shareholders and must report directly to the Committee. The Committee has the authority and responsibility directly to appoint (subject, if applicable, to shareholder ratification), retain, compensate, evaluate and terminate the Bank’s independent auditor and to oversee the work of such independent auditor.
The independent auditor shall submit to the Committee annually a formal written statement (the “Auditor's Statement”) describing: the independent auditor's internal quality-control procedures; any material issues raised by the most recent internal quality-control review or peer review of the independent auditor, or by any inquiry or investigation by governmental or professional authorities, within the preceding five years, respecting one or more independent audits carried out by the independent auditor, and any steps taken to deal with such issues; and (to assess the independent auditor's independence) all relationships between the independent auditor and the Bank addressing each non-audit service provided to the Bank and at least the matters set forth in Independence Standards Board Standard No. 1.
The independent auditor shall submit to the Committee annually a formal written statement of the aggregate fees billed for each of the last two fiscal years for professional services rendered by the independent auditor in the following categories (as defined by the rules of the SEC): audit, audit-related, tax and all other services.
The Audit and Compliance Committee of the Board of Directors shall be comprised of at least three directors who are independent of management and the Bank. Members of the Audit and Compliance Committee shall meet the independence and qualification requirements of the federal securities laws and the applicable regulations of the Securities and Exchange Commission (“SEC”), the NASDAQ Stock Market, Inc. (“NASDAQ”) and the Public Bank Accounting Oversight Board. All Audit and Compliance Committee members shall be financially literate, at least one member shall be a financial expert (as defined by the rules and regulations promulgated under the Sarbanes Oxley Act of 2002), and at least one member will have accounting or related financial management expertise. The qualification of persons to serve on the Audit and Compliance Committee shall be determined by the Board of Directors and all members shall be elected annually by the Board.
The Audit and Compliance Committee shall meet at least four (4) times annually, or more frequently as circumstances dictate. As part of its job to foster open communication, the Audit and Compliance Committee shall provide sufficient opportunity for the internal and independent auditors and loan review and regulatory compliance personnel to meet with the Audit and Compliance Committee without members of management present. Periodically the Audit and Compliance Committee shall meet separately with the independent auditors, with the internal audit, loan review and regulatory compliance personnel, and with management.
In carrying out its responsibilities, the Audit and Compliance Committee believes its policies and procedures should remain flexible, in order to best react to changing conditions and to provide oversight responsibilities to the directors and shareholders that the corporate auditing, accounting and financial reporting practices of the Bank are in accordance with all requirements and are of the highest quality. In carrying out these responsibilities, the Audit and Compliance Committee will:
• Obtain the full Board of Directors’ approval of this Charter and review and reassess this Charter, the performance of the Audit and Compliance Committee and the Committee’s role and responsibility as conditions dictate (at least annually).
• Will report all oversight actions taken by the Committee to monitor diligently the sound condition of the Bank, the adequacy of its internal controls, and that internal control procedures are being followed. The report will include all significant findings and concerns of the internal and external auditors, how significant problems were resolved, and shall recommend to the Board any changes of conducting the affairs of the Bank as shall be determined to be advisable.
• Be directly responsible for the appointment, compensation, oversight and, where appropriate, replacement of the independent auditors to be selected to audit the financial statements of the Bank and its divisions and subsidiaries.
• Have a clear understanding with the independent auditors that they are ultimately accountable to the Audit and Compliance Committee, as the shareholders’ representatives.
• Communicate, to the extent appropriate, throughout the year with senior management, other committee chairpersons and other key committee advisors, external and internal auditors, and loan review and regulatory compliance personnel, as applicable, to strengthen the Audit and Compliance Committee’s knowledge of relevant current and prospective business issues.
• Review and concur with management’s appointment, termination, or replacement of employees in internal audit, loan review and corporate compliance.
• Meet with the independent auditors of the Bank to review and approve in advance for the current year the engagement of the independent auditors to audit the annual financial statements of the Bank and its divisions and subsidiaries. The Audit and Compliance Committee may meet with management of the Bank and solicit its views as to the engagement of the independent auditors, but the Audit and Compliance Committee shall retain the ultimate authority and responsibility for such engagement. The engagement of the independent auditors shall comply with all applicable requirements of law, including the following:
1. The Audit and Compliance Committee shall approve in advance all audit services to be performed by the auditors.
2. Each of the lead (or coordinating) audit partner (having primary responsibility for the audit) and the audit partner responsible for reviewing the audit shall have not performed audit services for the Bank in each of the 5 previous fiscal years of the Bank.
3. Review procedures to be utilized by the independent auditors (including planning and staffing of the audit) and at the conclusion of such engagement, any comments or recommendations of the independent auditors.
4. Review the nature and scope of all professional services other than audit services to be provided to the Bank by the independent auditors and consider the relationship to the auditors’ independence. With respect to all non-audit services:
• The independent auditors shall not perform any services that are prohibited by the Sarbanes-Oxley Act of 2002 or any rule or regulation promulgated hereunder.
• The Audit and Compliance Committee shall approve in advance as required by law any non-audit services that may be performed by the auditors and verify such non-audit services are disclosed in the Bank’s periodic reports. The Committee may delegate to one or more its designated members, the authority to grant pre-approvals of non-audit services. The decisions of any designee to pre-approve a non-audit service shall be presented to the full Committee at each of its scheduled meetings.
- On an annual basis, obtain from the independent auditors a written communication delineating all relationships with and professional services to the Bank as required by Independence Standards Board Standard No. 1 Independence Discussions with Audit and Compliance Committees. In addition, review with the independent auditors the nature and scope of any disclosed relationships or professional services and take, or recommend that the Board of Directors take, appropriate action to maintain the continuing independence of the auditors.
• The Audit and Compliance Committee shall have the authority to engage independent counsel and other advisers, as it determines necessary to carry out its duties.
• The Bank shall provide for appropriate funding, as determined by the Audit and Compliance Committee, in its capacity as a committee of the Board of Directors, for payment of compensation to the independent auditors and to any advisers employed by the Audit and Compliance Committee.
• Review with the independent auditors, the Bank’s internal auditors, and financial and accounting personnel, the adequacy and effectiveness of the accounting and financial controls of the Bank, and elicit any recommendations for the improvement of such internal controls or particular areas where new or more detailed controls or procedures are desirable.
• Review reports not reviewed by the Board of Directors that are received from regulators and other legal and regulatory agencies that may have a material effect on the financial statements or related Bank compliance policies.
• Review the risk management function (including internal audit, loan review and regulatory compliance) of the Bank including the independence and authority of its reporting obligations, the proposed audit plans, loan workplans, and regulatory compliance workplans for the coming year, and the coordination of such plans.
• Inquire of management, the internal audit, loan review and regulatory compliance personnel, and the independent auditors about the Bank’s risk management process, significant risks or exposures to the Bank and assess the steps management has taken to minimize such risks to the Bank.
• Review, assess and approve with the input of management, the Bank’s code of ethical conduct and conduct oversight on whether management has established an effective system to monitor and enforce such code. Regarding the Code of Ethics, the Committee shall:
1. Approve a process for (a) the receipt, retention, and treatment of complaints received by the Bank regarding accounting, internal accounting controls, or auditing matters and (b) the confidential, anonymous submission by employees of the Bank of concerns regarding questionable accounting or auditing matters.
2. Approve the method of public disclosure of the Code of Ethics.
3. Periodically review and assess the Code of Ethics and approve any recommended changes thereto.
4. Periodically review the adequacy of the Bank’s ethics compliance programs and the performance of the regulatory compliance officer and make recommendations for any changes with respect thereto.
5. Have the sole authority to grant waivers of the Code of Ethics for executive officers (including the Bank’s principal financial and accounting officers) and directors, and only disinterested Committee members may participate in any such waiver deliberations.
6. Approve a policy for the prompt public disclosure of any waivers of the Code of Ethics granted in favor of any directors or executive officer.
• Review with the members of management that are responsible for administering the Bank’s regulatory compliance programs any issues that could have a significant impact on the Bank’s financial statements. Also review and assess the adequacy of the Bank’s regulatory compliance programs.
• Receive prior to each meeting, a summary of findings from completed internal audits, loan workplans and regulatory compliance workplans and a progress report on the proposed plans for such areas, with explanations for any deviations from the original plans.
• Review the financial statements contained in the annual report to shareholders with management and the independent auditors to determine that the independent auditors are satisfied with the disclosure and content of the financial statements to be presented to the shareholders and that the auditors believe such financial statements reflect all material correcting adjustments that have been identified by the independent auditors in accordance with generally accepted accounting principles and the rules and regulations of the SEC.
• Review with financial management and the independent auditors the results of their timely analysis of significant financial reporting issues and practices, including changes in, or adoptions of, accounting principles and disclosure practices, and discuss any other matters required to be communicated to the Audit and Compliance Committee by the auditors. Also review with financial management and the independent auditors their judgments about the quality, not just acceptability, of accounting principles, the consistency of application of the Bank’s accounting practices, and the clarity of the financial disclosure practices used or proposed to be used, and particularly, the degree of aggressiveness or conservatism of the organization’s accounting principles and underlying estimates, and other significant decisions made in preparing the financial statements.
• Discuss with management the Bank’s earnings press releases, including the use of “pro forma” or “adjusted” non-GAAP information prior to their release.
• Discuss with management and the independent auditors the effect of regulatory and accounting initiatives as well as off-balance sheet structures on the Bank’s financial statements.
• Provide sufficient opportunity for the internal and independent auditors and the loan review and regulatory compliance personnel to meet with the members of the Audit and Compliance Committee without members of management present. Among the items to be discussed in these meetings are the independent auditors’ evaluation of the Bank’s financial, accounting, and auditing personnel, and the cooperation that the independent auditors received during the course of audit.
• Report the results of the annual audit to the Board of Directors. If requested by the board, invite the independent auditors to attend the full Board of Directors’ meeting to assist in reporting the results of the annual audit or to answer other directors’ questions (alternatively, the other directors, particularly the other independent directors, who may be invited to attend the Audit and Compliance Committee meeting during which the results of the annual audit are reviewed).
• Obtain from the independent auditors assurance that they have not detected or otherwise become aware of any information that is required to be disclosed to the Committee pursuant to Section 10A of the Securities Exchange Act of 1934.
• Have the authority to engage third parties to review the performance of the financial, accounting and internal control functions of the Bank.
• Submit the minutes of all meetings of the Audit and Compliance Committee to, or discuss the matters discussed at each Audit and Compliance Committee meeting with, the Board of Directors.
• Investigate any matter brought to its attention within the scope of its duties, with the power to retain outside counsel for this purpose if, in its judgment, that is appropriate.
• Disclose in the Bank’s periodic reports any non-audit services that are performed by the independent auditors.
• Discuss with the independent auditors any difficulties encountered in the course of the audit work, including any restrictions on the scope of activities or access to requested information, and any significant disagreements with management.
• Approve procedures for disclosing in the Bank’s periodic reports the independence and qualifications of the Audit and Compliance Committee members, including whether or not any members are “financial experts” as that term is defined by the rules and regulations promulgated under the Sarbanes-Oxley Act of 2002.
• Disclose annually in the Proxy Statement that the Bank has an Audit and Compliance Committee and the members of the Audit and Compliance Committee are independent of the Bank and management as the term independent is defined in the listing standards of the NASDAQ.
• Review all reports of Paragon’s financial information to third parties, including regulators, prior to dissemination.
Limitations on the Committee’s Role
While the Audit and Compliance Committee has the responsibilities and powers set forth in this Charter, it is not the Audit and Compliance Committee’s duty to audit the Bank’s financial statements or to determine that the Bank’s financial statements are complete and accurate or in accordance with GAAP. These are the responsibilities of management and the independent auditors