Current financial reporting, governance, and risk management topics
From the Federal Financial Institution Regulators
OCC Revises Exam Policy for Dealing With CRA RatingsOn Oct. 12, 2017, the Office of the Comptroller of the Currency (OCC) issued a revised supervision manual that outlines how examiners should approach Community Reinvestment Act (CRA) ratings and instructs examiners to limit the number of CRA rating downgrades based on evidence that a bank has engaged in discriminatory practices or violated other laws. The goal is to align banks’ CRA activities with CRA performance evaluation ratings. The OCC noted it will fully consider banks’ efforts to take corrective action.
According to the revised policy, “limited, technical, or immaterial instances of discriminatory or illegal credit practices directly related to CRA lending activities in the context of otherwise good-to-excellent performance” may be criticized in the performance evaluation, but a composite rating downgrade “should be supported by strong evidence of quantitatively and qualitatively material instances of discriminatory or illegal credit practices directly related to CRA lending activities that have resulted in material harm to customers.”
OCC Issues Guidance on Risk Management of New ActivitiesAn OCC bulletin issued on Oct. 20, 2017, highlights the risk management principles banks should follow when offering new, modified, or expanded products and services. Principles outlined in the guidance include adequate due diligence and approvals; policies and procedures to properly measure, monitor, and mitigate risk; effective change management; and ongoing monitoring.
New activities should be consistent with sound risk management practices, align with the bank’s overall strategic plan, encourage fair access to financial services and fair treatment of consumers, and comply with applicable laws and regulations.
Agencies Issue FAQs on Liquidity Coverage Ratio (LCR)On Oct. 23, 2017, the OCC, the Board of Governors of the Federal Reserve System (Fed), and the Federal Deposit Insurance Corp. (FDIC) published a set of frequently asked questions about the LCR rule, which is applicable only to depository institutions with $10 billion or more in total consolidated assets that are consolidated subsidiaries of internationally active banking organizations. The rule requires banks to hold highly liquid assets relative to cash outflows over a 30-day period during a stressed scenario.
The FAQs address outflow amounts for liquidity facilities to public sector entities in connection with variable rate demand note programs; outflow amounts for trusts; maturity determination for instruments with remote contingency call options; outflow amounts for trust ledger deposit accounts and custody assets; multicurrency deposit balances; inflows from secured loans to retail clients with open maturities; securities lending as a form of evidence of ability to monetize; and foreign withdrawable reserves.
NCUA Finalizes Rules on Appeals Process for Regulations and for Supervisory ActionsThe National Credit Union Administration (NCUA) approved two final rules, on Oct. 19, 2017, related to exam appeals. The final rules were posted in the Federal Register on Oct. 30, 2017. The first approved rule, “Appeals Procedures,” standardizes the appeals process for regulations that currently have their own review and appeals procedures. The second rule, “Supervisory Review Committee; Procedures for Appealing Material Supervisory Determinations,” expands the number of supervisory determinations appealable to the agency’s Supervisory Review Committee and provides credit unions the opportunity for additional review by the director of the Office of Examination and Insurance.
The new rules will affect appeals of decisions in areas including chartering and field of membership, investment authority, conversions and mergers, creditor claims in liquidations, and share insurance determinations. Certain areas, such as formal enforcement actions, prompt corrective action, and material supervisory determinations, are not covered under the new rules.
Both rules are effective Jan. 1, 2018.
From the Consumer Financial Protection Bureau (CFPB)
CFPB Outlines Principles for Third-Party Data AccessOn Oct. 18, 2017, the CFPB issued nine guiding principles for protecting consumers who choose to share their financial data with third parties and data aggregators. These principles, which do not reflect any new formal guidance, were born from the CFPB’s ongoing study of consumer-authorized data access and a formal request for information from a range of stakeholders.
While the CFPB affirmed that consumers should generally have the ability to share their financial data, it noted that they should not be required to give up their banking credentials to do so. The principles establish that third parties that are granted access to customer data should use it only to the extent necessary to provide the products and services selected by the customer and that the data should be accessed, stored, and used safely and securely. In addition, the CFPB emphasized that consumers should have the ability to quickly review who has access to their data and have disputes over unauthorized access resolved in a timely manner.
From the Government Accountability Office (GAO)
GAO Concludes Leveraged Lending Guidance Is a Rule for Purposes of Congressional Review ActAccording to an Oct. 19, 2017, GAO statement, the 2013 federal banking agencies’ interagency guidance on leveraged lending is a general statement of policy with general applicability and does not meet any Congressional Review Act (CRA) exceptions and therefore is a rule for purposes of the CRA. Under the CRA, if certain criteria are met, Congress can vote to overturn a rule within 60 legislative days.
The GAO’s statement leaves the future of the leveraged lending guidance in question and introduces significant uncertainty about regulators’ ability to continue applying and enforcing it during bank exams.
From the Financial Accounting Standards Board (FASB)
EITF Discusses Implementation Costs in Cloud Computing ArrangementsAt its Oct. 12, 2017, meeting, the Emerging Issues Task Force (EITF) addressed whether implementation costs associated with cloud computing arrangements (CCAs) should be capitalized or expensed under Accounting Standards Update (ASU) 2015-05, “Intangibles – Goodwill and Other – Internal-Use Software (Subtopic 350-40): Customer’s Accounting for Fees Paid in a Cloud Computing Arrangement.” The EITF took up this project given the diversity in practice.
The EITF agreed with the FASB staff’s view that all hosting arrangements (including CCAs) include a software element and preliminarily concluded to align the accounting for implementation costs with Accounting Standards Codification (ASC) Subtopic 350-40 for internal-use software. As such, implementation costs incurred in a CCA would be accounted for as follows:
- Costs in the preliminary project and post-implementation operation stages are expensed.
- Setup fees are accounted for as prepaid assets in Topic 340, or other relevant guidance.
- Integration costs for on-premise software, coding, and configuration or customization are capitalized as intangible assets.
- Data conversion and training costs are expensed.
- Business process re-engineering costs are expensed as incurred in accordance with Subtopic 720-45.
From the Securities and Exchange Commission (SEC)
Chief Accountant Discusses Revenue Recognition, Leases, Credit Losses, Auditor’s Reporting Model (ARM), and TechnologySEC Chief Accountant Wesley R. Bricker addressed the Financial Executives International 36th Annual Current Financial Reporting Issues Conference on Nov. 14, 2017, where he discussed “Effective Financial Reporting in a Period of Change.” The topics that he covered related to the implementation of the revenue, leases, and credit losses accounting standards as well as the recently SEC-approved auditor’s reporting model audit standard from the Public Company Accounting Oversight Board (PCAOB).
Discussing the revenue standard, Bricker cautioned preparers to consider internal controls and documentation that address management’s judgments and estimates required for implementation and application. He encouraged audit committees to pay close attention to the status of implementation reported to them by management and by the auditors. He also announced his expectation that companies should be in a position, through third- and fourth-quarter reporting, to disclose “the anticipated impact, at least qualitatively and directionally, of adoption of the revenue standard.”
For leases, Bricker emphasized the need for preparers to begin identifying and working through accounting questions for lease arrangements, and he highlighted a best practice to concurrently (rather than sequentially) implement the leases and revenue standards.
Related to credit losses, Bricker covered factors that the FASB considered in developing the standard, such as these:
- Bias-free financial reporting that is transparent in all market cycles
- Credit loss estimates that include forward-looking information and timelier recognition
- Total economics of lending transactions, including both credit losses and interest income (which will continue to be separately reported in the financial statements)
- Financial statement preparation costs – noting that many loss-estimation methods used today will be appropriate under the new standard, accompanied by changes to inputs and assumptions
Turning to the PCAOB ARM standard – in particular, the requirement to disclose critical audit matters (CAMs) during the second phase of implementation, which is effective for large accelerated filers in audits of fiscal years ending on or after June 30, 2019 – Bricker recommended a few questions that audit committees could ask when planning for implementation of the audit standard:
- “What would the critical audit matters be this year?
- “What would be the close calls?
- “When could those matters have been raised, and which ones could have been identified at the start of the audit cycle?
- “What does the auditor expect to say about those matters?
- “When would we expect to see a draft report or at least a draft of the critical audit matters?”
SEC Approves PCAOB Standard on the Auditor’s Reporting ModelOn Oct. 23, 2017, the SEC approved a PCAOB auditing standard, AS 3101, “The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion,” which the PCAOB adopted on June 1, 2017. The SEC previously issued a release (No. 34-81187) and obtained comments from stakeholders on the auditing standard. The final standard will change the auditor’s report significantly.
Effective dates for the standard will occur in two phases. In the first phase, the auditor’s report will disclose auditor tenure and make other improvements including clarifying the auditor’s responsibilities. The first phase applies to audit reports issued on financial statements of public companies for fiscal years ending on or after Dec. 15, 2017, which first applies to Dec. 31, 2017, for calendar year-end public companies.
In the second phase, the auditor is required to include critical audit matters in the auditor’s report. A CAM is a matter that is communicated or required to be communicated to the audit committee and that 1) relates to accounts or disclosures that are material to the financial statements, and 2) involves especially challenging, subjective, or complex auditor judgment. The second phase is effective for fiscal years ending on or after June 30, 2019, for large accelerated filers. For all other entities, the second phase is effective for fiscal years ending on or after Dec. 15, 2020.
On Oct. 24, 2017, the Center for Audit Quality issued Alert 2017-06, “The Auditor's Report – New Requirements for 2017,” to summarize the audit standard.
Corp Fin Updates Non-GAAP Measures GuidanceThe SEC’s Division of Corporation Finance (Corp Fin) on Oct. 17, 2017, updated its Compliance and Disclosure Interpretations (C&DIs) for non-GAAP (generally accepted accounting principles) measures by adding two questions related to business combinations:
- Question 101.01 clarifies that financial measures included in forecasts provided to a financial adviser and used in connection with a business combination transaction are not non-GAAP financial measures if they meet certain criteria identified in the C&DIs.
- Question 101.02 clarifies that the exemption from Regulation G and Item 10(e) of Regulation S-K for non-GAAP measures disclosed in communications relating to a business combination transaction does not extend to the same non-GAAP measures disclosed in registration statements, proxy statements, and tender offer statements.
Division of Enforcement Co-director Speaks on CybersecurityDuring an Oct. 26, 2017, speech, Stephanie Avakian, co-director in the SEC’s Division of Enforcement, spelled out the division’s priorities for retail investors (spearheaded by the newly created Retail Strategy Task Force) and cyber matters (the focus of the newly formed Cyber Unit).
Avakian discussed Corp Fin’s reminders to registrants that material information regarding cyberrisk may be required disclosure in Management’s Discussion and Analysis and Risk Factors. She said:
“In an era where nearly every company is dependent on computer systems to operate their business, it is frequently necessary to provide meaningful and timely disclosures regarding cyber risks and incidents. These disclosures are often material on their own or necessary in order to make other disclosures, in light of the circumstances under which they are made, not misleading. The guidance issued by the Corp Fin staff in 2011 is principles based and remains an important indication of how issues related to cybersecurity should be disclosed in SEC filings. We recognize this is a complex area subject to significant judgment, and we are not looking to second-guess reasonable, good faith disclosure decisions, though we can certainly envision a case where enforcement action would be appropriate.”
From the American Institute of Certified Public Accountants (AICPA)
AICPA Issues Q&A on Public Business Entities (PBEs), Including Banks, Thrifts, and Credit UnionsWith the major standards from the FASB first becoming effective in the first quarter of 2018, it is critical to determine whether or not an entity meets the definition of a PBE for financial reporting purposes. The definition can be far-reaching and includes institutions beyond those that file with the SEC. The FASB typically uses this definition to determine effective dates, scale disclosure, and offer practical expedients – making the determination of whether an entity is a PBE an important step.
On Oct. 24, 2017, the AICPA issued a technical question-and-answer (TQA) document on the “Definition of a Public Business Entity,” including 16 new questions and answers that provide guidance on terms, definitions, and numerous other matters.
These are among the topics:
- Industry-specific questions about banks, mutual and credit unions, and broker-dealers
- Use of terms including “security,” “over-the-counter market,” “conduit bond obligor,” “contractual restriction on transfer,” “prepare,” “publicly available,” “financial statements,” and “periodic basis”
- Types of resale restrictions that qualify as contractual restrictions (for example, typical S-corporation management preapproval for resale) and types of resale restrictions that do not qualify (for example, right of first refusal)
- Types of instruments including brokered certificates of deposit, 144 and 144A (referred to as “private for life”) securities, and not-for-profit conduit debt securities
- How to evaluate tiered organizational structures (parent, subsidiary, nonconsolidated pass-through entities, and guarantees)
- Equity method pickups
- Transactions reported in Financial Industry Regularity Authority (FINRA) Trade Reporting and Compliance Engine (TRACE) or Municipal Securities Rulemaking Board (MSRB) Electronic Municipal Market Access (EMMA)
From the Society of Actuaries (SOA)
Society of Actuaries Issues Updated Mortality Improvement ScaleThe SOA on Oct. 20, 2017, updated its mortality improvement scale for pension plans. According to the SOA, mortality rates increased between 2014 and 2015, which is the first annual rate increase since 2005. The SOA noted that the increase in mortality rates, reflected in the new MP-2017 improvement scale, might reduce pension plan obligations. The updated mortality scale incorporates data through 2014 and preliminary 2015 data developed by the SOA and obtained from the Centers for Disease Control and Prevention, the Centers for Medicare & Medicaid Services, and the U.S. Census Bureau.
From the Institute of Internal Auditors (IIA)
IIA Reports on the Role of Internal Audit in Assuring Accurate InformationThe October 2017 issue of IIA’s Tone at the Top, “Internal Audit’s Role in Assuring Accurate Board Information,” issued on Oct. 16, 2017, covers the part internal audit plays in assuring the accuracy and completeness of information that a company’s board of directors receives. The report states that although a board needs good, reliable information to make critical decisions, a survey conducted by the National Association of Corporate Directors (NACD) revealed that boards are dissatisfied with and lack complete trust in the information they receive to help them do so.
The issue notes that the internal audit role relating to the quality of board information often comes after decisions have been made – in assessing whether activities based on those decisions occurred as planned. The IIA recommends that internal audit be involved up front by prompting the board to question the quality of their information and ask about, for example:
- The origin, currency, and trustworthiness of the underlying data
- Whether the report considers the relevant risks and reflects the appropriate mitigation of those risks
- Whether the report balances historical information and emerging trends
- Whether reports are supplemented or updated
- How marketplace developments are considered
From the Center for Audit Quality (CAQ)
CAQ Discusses Audit Committee TransparencyThe CAQ distributed its fourth annual, “Audit Committee Transparency Barometer” report on Nov. 1, 2017. The report includes audit committee disclosure examples, and it shows that since 2014 a larger percentage of public companies are voluntarily including more robust disclosure of their audit committee’s external auditor oversight activities in proxy statements, particularly for the following:
- Considerations in recommending the appointment of the audit firm
- Criteria considered when evaluating the audit firm
- Length of the audit firm engagement
- The audit committee’s responsibility for fee negotiations
- The audit committee’s involvement in selecting the audit engagement partner
- The rotation of the engagement partner every five years