August 2023 financial reporting, governance, and risk management

| 8/16/2023
August 2023 financial reporting, governance, and risk management

Message from John Epperson, Managing Principal, Financial Services

Dear FIEB readers,

With fall just around the corner, many students are heading back to school to prepare for future opportunities. Hopefully, you are enjoying the tail end of summer. This month brings the Federal Deposit Insurance Corp.’s annual risk review report, a lengthy proposal on regulatory capital for the largest banks, and a continued focus on liquidity with updated guidance from the federal financial institution regulators.

We see high interest in the Financial Accounting Standards Board (FASB) proposal on purchased financial assets to address the “double count” issue under the current expected credit loss standard. While the comment due date is Aug. 28, the FASB will consider comment letters through at least Sept. 20, according to a letter submitted by the American Bankers Association.

We hope to see you at one of these national conferences. As we shared last month, here are discounts:

  • The 2023 AICPA & CIMA Conference on Banks & Savings Institutions will be Sept. 11-13 at the Gaylord National, National Harbor, Maryland. Use the code “BAN23” to save a $100 on the in-person or the virtual option.
  • The 2023 AICPA & CIMA Conference on Credit Unions will be Oct. 23-25 at the Grand Hyatt, Denver, Colorado. Use the code “CU23” to save a $100 on the in-person or the virtual option. This discount may be applied in addition to the early bird discount of $100 – for a total savings of $200 off the regular registration fee – for those who register by Sept. 8, 2023.

We thank you for the privilege of keeping you informed.

Sign up to receive updates on accounting, governance, risk management, and compliance issues.
From the federal financial institution regulators

FDIC issues annual risk review

On Aug. 14, 2023, the Federal Deposit Insurance Corp. (FDIC) published its 2023 “Risk Review” to summarize conditions in the U.S. economy, financial markets, and banking industry. In addition to the executive summary and overview, the 92-page report covers credit risks, markets, operational risk, and climate-related financial risk, and it includes a new section on crypto asset risk. Given the FDIC’s role as the primary regulator for the majority of community banks, the report focuses on key risks to that sector.

Banking agencies issue regulatory capital proposal for large banks

The FDIC, the Office of the Comptroller of the Currency (OCC), and the Federal Reserve (Fed) on July 27, 2023, approved a highly anticipated notice of proposed rulemaking that would substantially revise capital standards for institutions with $100 billion or more in assets, essentially implementing Basel III in the U.S. If finalized, the rule would have a three-year transition period starting on July 1, 2025, to be fully implemented in July 2028.

These are some of the noteworthy items:

  • The revised capital standards would apply to institutions with $100 billion or more in assets and any with less than $100 billion where trading assets and liabilities are over $5 billion or represent 10% or more of total assets. Institutions with under $100 billion in assets will continue to use existing capital standards unless they exceed trading activity thresholds.
  • The FDIC estimates the proposal would result in common equity tier one increasing roughly 16% for covered holding companies and 9% for insured depository institutions.
  • Category 3 and 4 institutions (those with between $100 billion and $250 billion in assets) would lose their accumulated other comprehensive income opt-out, so unrealized gain/loss on available-for-sale securities would be reflected in regulatory capital.
  • An expanded standardized approach would replace current Basel II advanced internal ratings-based models.

At the FDIC board meeting, FDIC Chair Martin Gruenberg, acting Comptroller Michael Hsu, and Consumer Financial Protection Bureau Director Rohit Chopra voted in support of the proposal. FDIC Vice Chair Travis Hill and board member Jonathan McKernan voted against it. Fed governors dissenting were Michelle Bowman and Christopher Waller.

Comments are due Nov. 30, 2023.

Banking agencies and NCUA update guidance on liquidity and contingency plans

On July 28, 2023, the federal banking agencies and the National Credit Union Administration (NCUA) issued an addendum to the 2010 interagency policy statement on liquidity risk management and the importance of contingency funding plans. The updated guidance encourages institutions to incorporate the Fed discount window and Federal Home Loan Bank (FHLB) borrowing capacity as part of their contingency funding plans. In addition, the guidance directs institutions to establish and maintain operational readiness to use the discount window and conduct periodic transactions, which might involve initiating or renewing contact with the Fed and the FHLB systems.

FFIEC updates BSA/AML exam manual

On Aug. 2, 2023, the Federal Financial Institutions Examination Council (FFIEC) announced several updates to the FFIEC Bank Secrecy Act (BSA)/Anti-Money Laundering (AML) Examination Manual, as part of the agencies’ aim to promote a risk-based approach to BSA/AML examinations and streamline interagency efforts, thereby reducing the burden on banks. Changes include updates to these sections:

  • Special Information Sharing Procedures to Deter Money Laundering and Terrorist Activity
  • Due Diligence Programs for Correspondent Accounts for Foreign Financial Institutions
  • Due Diligence Programs for Private Banking Accounts
  • Prohibition on Correspondent Accounts for Foreign Shell Banks; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process
  • Summons or Subpoena of Foreign Bank Records; Termination of Correspondent Relationship; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process
  • Reporting Obligations on Foreign Bank Relationships With Iranian-Linked Financial Institutions

FDIC issues FIL on reporting of estimated uninsured deposits

On July 24, 2023, the FDIC issued a Financial Institution Letter (FIL) noting that certain insured depository institutions failed to comply with call report instructions when reporting estimated uninsured deposits. The FIL includes two examples of noncompliant reporting: first, inappropriately reducing reported uninsured deposits by the balance of such deposits collateralized by pledged assets, and second, reducing the amount reported on Schedule RC-O by excluding intercompany deposit balances of subsidiaries.

The FIL reiterates that institutions are responsible for attesting to the correctness of their call reports and for filing amendments (including submitting revised data) in the event of inappropriate reporting.

Fed launches FedNow

The Fed announced the launch of the FedNow Service on July 20, 2023. The service gives banks and credit unions the ability to provide instant payment capabilities to their customers at any time on any day. Customers of a participating financial institution will be able to send secure instant payments through the financial institution’s web or mobile application.

At the time of the announcement, the service was limited to 35 early adopting banks and credit unions, the U.S. Department of the Treasury’s Bureau of Fiscal Service, and 16 service providers, but the Fed is committed to making it widely available. Financial institutions interested in the FedNow Service can contact their Federal Reserve relationship manager to learn more.

Fed provides additional information on supervision of novel activities

On Aug. 8, 2023, the Fed issued a supervision and regulation letter on the creation of the novel activities supervision program to oversee banks’ participation in crypto asset and distributed ledger technology activities as well as complex, technology-driven partnerships with nonbanks. The Fed stated its intent to engage internal and external experts to inform the program’s supervisory activities and to develop guidance for banks. In accordance with the program’s risk-based approach, level of supervision will be correlated with each bank’s degree of involvement in novel activities.

Also on Aug. 8, the Fed issued a letter clarifying the process by which state member banks must obtain a written notification of supervisory nonobjection prior to engaging in activities involving dollar tokens using distributed ledger or similar technologies. To obtain a written notification of supervisory nonobjection, a bank must notify its lead supervisory point of contact at the Fed and provide a description of the dollar token activities it wishes to participate in. The Fed will assess the bank’s risk management practices associated with the proposed activities, including operational risk, cybersecurity risk, liquidity risk, illicit financial risk, and consumer compliance risk.

FSB issues recommendations on crypto regulations

On July 17, 2023, the Financial Stability Board (FSB) issued a regulatory framework for crypto asset activities. The framework provides high-level recommendations for the regulation, supervision, and oversight of crypto asset activities and markets as well as revised recommendations for stablecoin arrangements. The framework takes into consideration events in the crypto asset market over the past year as well as feedback from public consultations and stakeholder outreach.

The two distinct sets of recommendations primarily address risks to financial stability while still allowing for responsible innovation in the industry and flexibility of application at the jurisdictional level. While the framework does not comprehensively address all risks arising from the crypto asset market, it is intended to provide a foundation for consistent global regulation and oversight in accordance with the shared work plan of the FSB and the sectoral standard-setting bodies.

Among other matters, the recommendations relate to a general regulatory framework, governance, risk management, disclosures, data collection and reporting, and cross-border cooperation. The revised high-level recommendations for global stablecoin arrangements address comprehensive oversight, governance structures and decentralized operations, data storage and access, and recovery and resolution plans.

From the Financial Accounting Standards Board (FASB)

FASB proposes disaggregation to income statement expense disclosures

The FASB on July 31, 2023, published a proposed Accounting Standards Update (ASU), “Income Statement – Reporting Comprehensive Income – Expense Disaggregation Disclosures (Subtopic 220-40) – Disaggregation of Income Statement Expenses,” aimed at providing more decision-useful information about a public business entity’s expenses.

Under the proposed ASU, public companies would provide detailed disclosure in interim and annual periods of specified categories underlying certain expense captions. Relevant expense categories for financial institutions include, among others, employee compensation, depreciation, and amortization of intangible assets. Other expenses presented on the face of the income statement (for example, credit losses or income taxes) are not expense categories listed in the proposed ASU and therefore do not require disaggregated disclosure. Financial institutions should refer to Example 3 for an illustrative example. Institutions reporting under Securities and Exchange Commission (SEC) Rule 9-04 of Regulation S-X can elect to apply a practical expedient to continue presenting salaries and employee benefits under Rule 9-04 instead of the definition under Subtopic 220-40.

Comments are due Oct. 30, 2023.

On Dec. 13, 2023, the FASB will host a public roundtable to get additional feedback on the proposed ASU. Details will be posted on the FASB website.

FASB amends SEC paragraphs pursuant to SAB 121

On Aug. 3, 2023, the FASB issued ASU 2023-04, “Liabilities (Topic 405): Amendments to SEC Paragraphs Pursuant to SEC Staff Accounting Bulletin No. 121.” Staff Accounting Bulletin (SAB) 121 addresses accounting for obligations to safeguard crypto assets an entity holds for its platform users, and this guidance is now incorporated into the Accounting Standards Codification (ASC).

FASB updates ASC for SEC guidance

On July 14, 2023, the FASB issued ASU 2023-03, “Presentation of Financial Statements (Topic 205), Income Statement – Reporting Comprehensive Income (Topic 220), Distinguishing Liabilities From Equity (Topic 480), Equity (Topic 505), and Compensation – Stock Compensation (Topic 718),” which amends the SEC paragraphs within the ASC to conform to SEC SAB 120, “SEC Staff Announcement at the March 24, 2022 EITF Meeting,” and SAB Topic 6.B, “Accounting Series Release 280 – General Revision of Regulation S-X: Income or Loss Applicable to Common Stock.” This ASU introduces no new guidance, so no transition period or effective date is associated with it.

FASB addresses segment reporting

At its July 26, 2023, board meeting, the FASB discussed a proposed ASU, “Segment Reporting (Topic 280): Improvements to Reportable Segment Disclosures,” and affirmed the decision to base the principle on the significant segment expenses that are regularly provided to the chief operating decision-maker (CODM) and included in the measure of segment profit or loss.

In addition, the FASB affirmed the decisions to:

  • Require that a public entity consider quantitative and qualitative factors when assessing significance
  • Require that a public entity disclose an amount and qualitative description for other segment items for each reportable segment
  • Require that a public entity disclose the nature of the segment expense information that the CODM uses to manage operations if the entity does not disclose expenses under the principle for one or more of its reportable segments
  • Not require disclosure of a reconciliation of the total of the reportable segment’s amount for each significant expense category to its corresponding consolidated expense amount
  • Require that a public entity disclose interest expense for a financial operation segment when that item represents a significant expense in accordance with the principle
  • Retain all existing segment disclosure requirements of both Topic 280 and other GAAP topics
  • Require that a public entity disclose significant expense categories and amounts that are easily computable from the management reports that are regularly provided to the CODM
  • Allow a public entity to report multiple measures of a segment’s profit or loss that the CODM uses to allocate resources and assess performance
  • Require that the total of the reportable segments’ amount for each measure of segment profit or loss be reconciled in accordance with paragraph 280-10-50-30(d)
  • Require disclosures for a reportable segment’s profit or loss and assets on an interim and annual basis
  • Require that a public entity recast segment expense categories and amounts in prior periods when a change occurs in the composition of reportable segments in the current period, unless impracticable
  • Require that a public entity disclose the title and position of its CODM

The segment disclosure requirements apply to all public entities, including those that have a single reportable segment. The amendments will be applied on a retrospective basis unless impracticable and will be effective for fiscal years beginning after Dec. 15, 2023, and interim periods within fiscal years beginning after Dec. 15, 2024, with early adoption permitted. The final ASU is expected to be issued in the third quarter of 2023.

From the Securities and Exchange Commission (SEC)

SEC issues cybersecurity incident, risk management, and governance disclosure final rule

On July 26, 2023, the SEC issued a final rule requiring enhanced standardized disclosures of material cybersecurity incidents and cybersecurity risk management, strategy, and governance. Under the new rule, registrants are required to disclose when they have experienced a material cybersecurity incident on Form 8-K within four days of determining that the incident is material. Registrants also must make the following disclosures annually on Form 10-K:

  • Risk management: The registrant’s processes for assessing, identifying, and managing material risks from cybersecurity threats as well as whether and how any cybersecurity threats, including previous incidents, have materially impacted or are likely to materially impact the registrant’s business strategy, results, or financial condition
  • Governance: A description of board oversight over cybersecurity risk as well as management’s role in assessing and managing material cybersecurity risks

Cybersecurity incident disclosures are required beginning Dec. 18, 2023 (or June 15, 2024, for smaller reporting companies). Risk management, strategy, and governance disclosures are required beginning with annual reports for fiscal years ending on or after Dec. 15, 2023.

For additional information about the new rule, see the Crowe article “SEC Ruling on Cybersecurity Incident Disclosure: What to Know.”

SEC proposes new rules for broker-dealer predictive analytics and conflicts of interest

On July 26, 2023, the SEC proposed new rules addressing potential conflicts of interest created when broker-dealers and investment advisers use predictive data analytics, artificial intelligence (AI), and similar technologies to interact with investors. Technologies within the scope of the proposed rule include computational models, algorithms, and other predictive methods or processes that could guide an investor’s behavior and therefore have the potential to prioritize the firm’s interests over those of an investor. Under the proposal, firms using such technologies would be required to eliminate or address conflicts of interest, maintain written policies and procedures designed to prevent violations of or achieve compliance with the proposed rules, and maintain books and records related to the requirements of the proposed rules.

Comments are due Oct. 10, 2023.

SEC proposes amendments to internet-based investment adviser exemption

The SEC proposed new rule amendments on July 26, 2023, to enact more restrictive requirements on the exemption that permits internet-based investment advisers to register with the commission. To qualify for the exemption under the proposal, internet-based investment advisers would be required to maintain an operational and interactive website and to provide advisory services to all clients exclusively through such a website. In accordance with these changes, the proposal also would make corresponding changes to Form ADV.

Comments are due Oct. 2, 2023.

SEC chair speaks on climate risk disclosure and discontinuance of LIBOR

Chair Gary Gensler remarked on climate risk disclosure and the phase-out of the London Interbank Offered Rate (LIBOR) before the Financial Stability Oversight Council on July 28, 2023. Regarding the former, Gensler emphasized the role of the SEC in providing investors with fair and truthful disclosures, allowing investors to make informed investment decisions while remaining neutral on the merits of such investments. As such, Gensler noted that the SEC’s role in climate risk disclosures is to mandate consistent and comparable disclosures.

Gensler commented on the discontinuation of LIBOR, comparing the previously ubiquitous rate, which often lacked meaningful underlying transactions, to the “emperor with no clothes.” Gensler cited multiple cases of banks fraudulently manipulating the rate and called for new alternatives to LIBOR to be transparent, robust, and appropriately supported by underlying transactions.

SEC chief accountant issues statement on crypto asset services

On July 27, 2023, SEC Chief Accountant Paul Munter issued a statement that cautions accounting firms that perform nonaudit work for crypto asset clients to be aware of the risks presented by providing such services. Risks include:

  • Potential liability for antifraud violations. Firms should consider the potential liability caused by statements made and language used by both the firm and its clients over the scope of work performed. Firms should take precautions during their client acceptance procedures, even with new clients with no previous history of misrepresentations.
  • Auditor independence. Firms should consider whether their public statements, as well as any advocacy or lobbying efforts on behalf of an audit client, would lead a reasonable investor to believe that the firm’s independence is impaired.

In addition, Munter emphasized that firms found in violation of antifraud provisions of the federal securities laws or applicable independence requirements could be censured or suspended from appearing or practicing before the SEC pursuant to Rule 102(e) of the commission’s Rules of Practice.

SEC chair testifies before Senate subcommittee

On July 19, 2023, Gensler testified before the U.S. Senate Appropriations Subcommittee on Financial Services and General Government to summarize the SEC’s fiscal year 2024 budget request. In his testimony, Gensler stated his support for the $2.4 billion budget request as well as for additional funding of $39.6 million requested to support General Services Administration-led real estate projects. Gensler detailed how the funds and proposed staffing levels would be allocated among the SEC’s divisions.

Gensler stressed the evolving threats presented by the market and noted that the increase in budget would help maintain and add to current staffing levels to help the SEC fulfill its expansive and growing responsibilities.

SEC chair remarks on AI

On July 17, 2023, Gensler spoke on AI and exponential data growth before the National Press Club. Gensler highlighted examples of the some of the regulatory and enforcement challenges presented by the integration of AI in the capital markets, such as:

  • The potential for predictive models to mask systemic bias or to place the interests of advisers and brokers before those of retail investors and clients
  • The rise of misinformation generated by or disseminated through AI
  • The threat of concentration to a limited number of AI platforms, fed by the data of applications built on top of those platforms
  • Threats to data privacy and ownership of intellectual property
  • The risk of heightened financial instability by causing herd behavior in individual investors

Gensler concluded by reiterating both the challenges and opportunities presented by AI, and he emphasized that the SEC is “technology neutral.”

From the Public Company Accounting Oversight Board (PCAOB)

PCAOB provides preview of 2022 inspection observations

The PCAOB on July 25, 2023, released the report “Staff Update and Preview of 2022 Inspection Observations,” which provides aggregate observations from the PCAOB’s inspections of public company audits in 2022. The report shows a year-over-year increase in the number of audits with deficiencies and highlights common deficiencies, observations related to quality control systems, trends in areas with recurring deficiencies, and good practices. According to the report, PCAOB staff expects approximately 40% of the audits reviewed will have at least one deficiency to include in Part I.A of the individual audit firm’s inspection report; this is up from 34% in 2021.

The report also includes questions audit committees should consider in discussions with independent auditors to address the PCAOB inspection findings. These questions focus primarily on whether the audit engagement has been inspected, whether the engagement partner has been inspected, inspection results, and how the audit firm is addressing inspection findings.

PCAOB introduces online tools to compare inspection report data

On July 19, 2023, the PCAOB announced six new search filters that users can apply to PCAOB inspection reports, giving investors, audit committee members, and other stakeholders better access to compare and understand inspection report data. The new filters are inspection type, total issuer audit clients, Part I.A deficiency rate, specific global network, inspection year, and audits reviewed.

Contact

Sydney Garmong
Sydney Garmong
Partner, National Office
Mark Shannon
Mark Shannon
Partner, National Office
Dennis Hild
Dennis Hild
Principal, National Office