April 2024 financial reporting, governance, and risk management

Message from John Epperson, Managing Principal, Financial Services

Dear FIEB readers,

We have observed a flurry of activity regarding the Securities and Exchange Commission (SEC) final rules on climate since their passage on March 6. The most recent development was on April 4, when the SEC issued a voluntary stay on the rules, pending judicial review in the U.S. Court of Appeals for the 8th Circuit. We have digested the rules and offer a deeper dive in our 40 pages of analysis, “Wonder No More: The SEC’s Final Climate-Related Disclosure Rules.” Also, you can watch the recording of our April 9 webinar, “The New SEC Climate Rules: What You Need to Know.”

On April 9, the Public Company Accounting Oversight Board (PCAOB) issued two proposals – one on public reporting of standardized firm and engagement metrics and one on the PCAOB framework for collecting information from audit firms.

In news from Norwalk, Connecticut, the Financial Accounting Standards Board named its new technical director on March 20 and announced members of its reconstituted Emerging Issues Task Force (EITF) on April 3. Congratulations to Jack Day, the new technical director, and the members of the new EITF.

On a lighter note, early April brought the NCAA basketball finals; for those of you watching, we hope your favorite teams and brackets performed well. April 8 brought the eclipse, and whether you were in the path for the best view or not, you were unlikely to miss its occurrence.

It’s hard to believe we already are seeing first quarter results. We look forward to keeping you informed.

Subscribe now

From the federal financial institution regulators

FDIC proposes revised criteria for bank merger evaluations

On March 21, 2024, the Federal Deposit Insurance Corp. (FDIC) issued proposed changes to its statement of policy governing its review of bank merger applications. Among other updates, the proposed guidance:

Clarifies the scope of merger transactions subject to FDIC evaluation, including mergers in substance and deposit transfers between insured and noninsured institutions
Describes FDIC expectations, including scenarios and fact patterns that could indicate the presence of deficiencies that might result in the denial of the application
Discusses statutory factors considered, including competitive and market concentration effects, financial and operational considerations of institutions involved, convenience and needs of the community to be served, risk to overall national financial stability, and effectiveness in combatting money laundering activities

Further, the proposed revisions would require any divestitures included in a merger transaction application to be completed prior to the merger transaction date. They also would prohibit noncompete agreements with employees of divested entities.

The Office of the Comptroller of the Currency (OCC) issued a similar proposal in January of 2024 to update its rules for business combinations involving national banks and federal savings associations along with a policy statement to clarify the OCC’s review of applications under the Bank Merger Act (BMA).

Comments on the FDIC proposal are due within 60 days of publication in the Federal Register.

Fed issues final rule updating risk management requirements for certain FMUs

On March 8, 2024, the Federal Reserve Board (Fed) announced final amendments to risk management requirements governing certain systemically important financial market utilities (FMUs) that provide critical infrastructure to clear and settle financial transactions. The amendments modernize requirements for testing frameworks and review and remediation procedures, incident management and notification, business continuity, and third-party risk management. Among other updates, they require incident notification to the Board in the event of an unauthorized entry or a vulnerability that could allow an entry, and notification to participants and other relevant entities in the event of a material operational incident.

The final rule is effective April 15, 2024.

OCC releases mortgage performance report for fourth quarter of 2023

On March 19, 2024, the OCC released its quarterly report on mortgage performance and modification activity through the quarter ended Dec. 31, 2023, based on data from seven national banks with large mortgage-servicing portfolios. The report includes the following notable metrics:

Percent of mortgages current and performing remained relatively stable at 97.2%, compared to 97.3% in the prior quarter and 97.1% in Q4 22.
Seriously delinquent loans remained relatively unchanged at 1.2%, compared to 1.1% in the prior quarter and 1.3% in Q4 22.
Newly initiated foreclosures declined to 8,320, compared to 9,166 in Q4 22. Home forfeiture actions declined to 1,913, compared to 2,525 in Q4 22.
Modifications declined to 7,382 from 7,436 in the previous quarter. Of the total, 6,416 were “combination modifications” consisting of multiple actions such as interest rate reduction and term extension.

The loans serviced by the surveyed banks total approximately 11.7 million first-lien residential mortgage loans, or around $2.9 trillion in principal balances, representing 22.2% of total outstanding residential mortgage debt in the U.S. The OCC noted that reported metrics reflected the impact of recent events including loan forbearance allowances under the Coronavirus Aid, Relief, and Economic Security Act and foreclosure moratoriums in response to the COVID-19 pandemic.

CISA proposes rule on reporting cyberattacks and ransomware payments

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA), an operational component of the Department of Homeland Security, issued a proposed rule requiring cyber incident and ransom payment reporting for covered entities. The proposed rule would fulfill the mandate established by the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

Under the proposed rule, a covered entity would be required to submit a report to CISA within 72 hours of determining that it has experienced a substantial cyber incident, or within 24 hours of making a ransom payment as a result of a ransomware attack. Covered entities also would be required to submit additional reports “promptly” upon learning of any substantial new or different information concerning a previously reported incident, which CISA interprets as within 24 hours of the triggering event.

The agency proposed a definition of "substantial cyber incident" to include those that have a substantial impact on an entity’s system or network integrity, on its business or industrial operations, or on the safety and resiliency of its processes. Under the proposed rule, covered incidents could include those resulting from the compromise of a third-party provider, a denial-of-service or ransomware attack, or exploitation of a zero-day vulnerability.

Comments are due June 3, 2024.

From the Financial Accounting Standards Board (FASB)

FASB issues profits interest awards guidance

Profits interest and similar awards are more prevalent in private equity and commercial entities; however, the awards also have been observed in financial institutions (for example, phantom stock plans, stock appreciation rights). The FASB on March 21, 2024, issued Accounting Standards Update (ASU) 2024-01, “Compensation – Stock Compensation (Topic 718): Scope Application of Profits Interest and Similar Awards,” which aims to reduce complexity and diversity in practice in determining whether a profits interest award is accounted for as a share-based payment under Topic 718. The ASU amends Topic 718, “Compensation – Stock Compensation,” by adding an illustrative example to demonstrate how this guidance applies to facts and circumstances associated with common types of profits interest awards and makes minor clarifications to the scoping guidance language in Topic 718.

The ASU is effective for annual reporting periods beginning after Dec. 15, 2024, and interim periods therein for public business entities. All other entities must adopt the ASU in annual reporting periods beginning after Dec. 15, 2025, and interim periods therein.

For additional information, see the Crowe article “FASB Issues Profits Interest Awards Guidance.”

From the Securities and Exchange Commission (SEC)

SEC issues discretionary stay on climate disclosure rules

On April 4, 2024, the SEC issued a voluntary stay on its recently issued climate-related disclosure rules, pending judicial review in the U.S. Court of Appeals for the 8th Circuit. This case consolidates challenges brought through multiple appellate courts following the rules’ adoption. In the order, the SEC states that the voluntary stay will allow for an “orderly judicial resolution” and avoid regulatory uncertainty. The SEC maintains that the final rules are “consistent with applicable law and within the Commission’s long-standing authority to require the disclosure of information important to investors” and notes it will continue “vigorously defending” the final rules.

SEC adopts amendments to internet investment adviser exemption

On March 27, 2024, the SEC adopted final amendments to the internet investment adviser exemption under the Investment Advisers Act of 1940. The amendments revise qualifying criteria for the exemption, which allows internet-based advisers to register with the SEC. Under the amendments, advisers must provide ongoing investment services to all clients exclusively through an operational, interactive website or similar digital platform throughout the time that it relies on the exemption. The amendments also eliminate the de minimis threshold that previously permitted such advisers to maintain fewer than 15 non-internet-based clients in the preceding 12 months.

The final rule becomes effective July 8, 2024.

SEC issues video statement on AI washing

On March 18, 2024, the SEC issued a short informational video warning against the dissemination of false or misleading claims on the use of artificial intelligence (AI), also known as AI washing. In the video, Chair Gary Gensler stated that investment advisers, broker-dealers, and public companies that make claims regarding the use of AI models in their investment strategies or their business must ensure that these claims are truthful and have a reasonable basis, or they risk violating securities laws.

Chair speaks on mandatory disclosures

On March 22, 2024, Gensler made remarks before the Columbia Law School conference honoring Professor John C. Coffee. Gensler shared his belief in the merits of mandatory disclosures, describing information on securities as a “public good.” Although they impose additional burdens on registrants, Gensler stated that such disclosures are vital to provide investors with meaningful information given the “imperfect alignment” of management and shareholder interests.

Gensler highlighted the SEC’s recent activity regarding mandatory disclosures – including climate, cyber risk, and executive compensation – and drew parallels to past rulemaking that Gensler described as sparking controversy at the time of adoption but integral to the current disclosure regime.

SEC participates in Practising Law Institute’s “SEC Speaks” conference

Several commissioners and directors made remarks before the Practising Law Institute’s “The SEC Speaks in 2024” conference, April 2-3, 2024.

Gensler spoke on the history of the SEC, emphasizing the agency’s foundational role in promoting the “key public goods” of greater trust and greater efficiency and competition in the capital markets through oversight of exchanges, broker-dealers, and securities trading in secondary markets. Gensler stated that these public goods, which encourage greater capital formation and liquidity, could not be achieved based on private incentives alone and must be promoted through enforcement. He summarized historical and present-day rulemaking activity covering clearance and settlement, exchanges and alternative trading systems, the National Market System, best execution, and order competition and execution quality.

Commissioner Hester Peirce expressed concerns regarding current rulemaking practices, which she described as consisting of “very broad proposals, unreasonably short public comment periods, pared back final rules with substantial elements on which the public has not commented,” and lack of meaningful post-adoption engagement with the public. Peirce issued a call to action outlining priorities for the SEC, staff, and market participants, whom she encouraged to be persistent and intentional in engaging with the agency. She also criticized Staff Accounting Bulletin 121, referencing her own past remarks on the “secret garden” of practice-defining SEC staff guidance.

Commissioner Mark Uyeda also remarked on recent rulemaking, voicing criticism of rules that potentially mandate disclosures that are not financially material to investors and therefore fall outside the commission’s authority to regulate. Referencing past regulations on conflict minerals, Uyeda warned against the danger of enacting new disclosures that effect unintended consequences – for example, for the climate rule, the potential to inadvertently increase outsourcing or discourage commitments to emissions reductions targets to avoid triggering disclosure requirements.

Division of Enforcement Director Gurbir Grewal spoke on enforcement issues, focusing on crypto enforcement actions and addressing recent criticism of the division. Grewal described the enforcement approach as “consistent, principled, and tethered to the federal securities laws and legal precedent,” emphasizing that the SEC transparently and consistently applies the well-established “Howey test” to evaluate whether a certain crypto product is a security. Condemning the “predatory inclusion” tactics used by certain crypto entities, and underlining the “devastating” impacts to victims of past cases of unlawful tactics and schemes, Grewal stressed the importance of the division’s work to protect the investing public. Grewal concluded by stating that the division must prioritize maintaining public trust by acknowledging its mistakes and will embrace any scrutiny it faces.

Following Grewal, Division of Enforcement Deputy Director Sanjay Wadhwa highlighted the division’s work in fiscal year 2023 and addressed its recent actions and approach on two ongoing enforcement initiatives: the recordkeeping initiative and the amended marketing rule initiative. Wadhwa summarized the factors considered to determine the size of the penalty levied against each investment adviser, broker-dealer, or credit ratings agency for recordkeeping violations. Such factors include the size of the firm, the scope of violations, the historical precedence, and the firm’s proactive compliance efforts. Wadhwa emphasized that self-reporting is the “most significant factor in terms of moving the needle on penalties” but stated that a firm that does not self-report may still “receive credit” based on its cooperation with an investigation. In addition, Wadhwa noted that assets under management, regulatory history, promptness of remediation, and the need to “send strong messages of accountability and deterrence” are all considered when assessing penalties for violations of the amended marketing rule and that, as with all cases, self-reporting and cooperation are significant factors.

CorpFin addresses priorities at the “SEC Speaks” conference

At the conference, senior officials from the Division of Corporation Finance (CorpFin) spoke on recent rules – highlighting key aspects of the SEC rules on climate disclosures, special purpose acquisition company transactions, conflicts of interest in certain securitizations, and others – and division priorities. Deputy Director Cicely LaMothe enumerated three primary disclosure initiatives in the year ahead: incorporating new rulemaking into disclosure review, proactively addressing emerging issues, and strategically engaging with stakeholders.

Throughout panel discussions, division staff also highlighted disclosure priorities and emerging risks in 2024, referencing market disruptions in banking – including interest rate risk, liquidity risk, and the continued impacts of inflation – as well as AI, exposure and changes in the commercial real estate market, accounting matters requiring the use of judgment, and the implementation of recent SEC rules.

Observing rising rates of AI-related disclosures by large accelerated filers, staff urged registrants to consider specific facts and circumstances when disclosing the use and development of AI and material AI-related risk. Registrants also should critically consider their basis for AI claims when discussing related opportunities and risks, as well as the nature and extent of the board of directors’ role in AI oversight.

In light of continued challenges in the commercial real estate market, staff noted that the division will, when applicable, expect more detailed and granular disclosures to address these risks – for example, disaggregation of loan portfolio by relevant risk characteristics, greater granularity in disclosing metrics such as loan-to-value and occupancy rates, and more detailed discussion of policies, procedures, and other steps taken by management to manage portfolio risk.

From the Public Company Accounting Oversight Board (PCAOB)

PCAOB considers firm and engagement metrics and firm reporting proposals

On April 9, 2024, the PCAOB issued proposals for public comment related to firm and engagement metrics and firm reporting. The firm and engagement metrics proposal would require some public accounting firms registered with the PCAOB to publicly report certain metrics relating to their audit engagements and practices. The firm reporting proposal would amend PCAOB annual and special reporting requirements to provide more complete, standardized, and timely information by registered firms.

Comments are due June 7, 2024.

Portions of AICPA materials reprinted with permission. Copyright 2024 by AICPA.

FASB materials reprinted with permission. Copyright 2024 by Financial Accounting Foundation, Norwalk, Connecticut. Copyright 1974-1980 by American Institute of Certified Public Accountants.