Current financial reporting, governance, and risk management topics
On Feb. 2, 2018, the Federal Deposit Insurance Corp. (FDIC) announced, through a Financial Institution Letter, FIL-8-2018, “Community Bank Webinar: Implementation Examples for the Current Expected Credit Losses Methodology (CECL),” a CECL webinar with implementation examples for community banks. The FDIC and the Board of Governors of the Federal Reserve System (Fed), in conjunction with the Financial Accounting Standards Board, the Securities and Exchange Commission, and the Conference of State Bank Supervisors, will host the webinar on Feb. 27, 2018, beginning at 1 p.m. Eastern.
The webinar will focus on loss rate methods and related data considerations and controls that smaller, less complex institutions can use to implement CECL.
On Jan. 4, 2018, the Fed proposed guidance that would clarify supervisory expectations related to risk management for large financial institutions, those with more than $50 billion in assets. The proposed guidance identifies core principles for effective senior management, including business line management and independent risk management.
This proposal is part of a broader Fed initiative to develop a new rating system for large financial institutions. The Fed issued two related proposals in August 2017 on a new supervisory risk rating scale for large bank holding companies with more than $50 billion in assets and on enhancing the effectiveness of boards of directors. The comment period on the ratings scale closed Feb. 15.
The Fed said in the Jan. 4 release that the core principles would be used in conjunction with the previously proposed board expectations to help inform the Fed’s overall supervisory evaluation of a firm’s governance and controls.
Comments on the proposed core principles guidance are due March 15, 2018.
The FDIC published, on Jan. 10, 2018, the winter 2017 issue of “Supervisory Insights.” The issue includes an article on credit management information systems (MIS), which banks use to gather loan-related data to develop reporting for a bank’s board of directors and senior management. “This article illustrates how banks can strengthen credit MIS by incorporating forward-looking risk indicators and establishing a sound governance framework,” said FDIC Director of Risk Management Supervision Doreen Eberley. Forward-looking indicators, such as an increase in policy exceptions or higher loan concentration levels, tend to be more predictive of future performance when identifying emerging risks.
The issue also includes an article, “Underwriting Trends and Other Highlights From the FDIC’s Credit and Consumer Products/Services Survey.” It summarizes survey results for examinations of FDIC-supervised institutions completed through Oct. 3, 2017, and indicates that credit and liquidity risks are increasing. Specifically, the FDIC notes that 68 percent of banks had either a credit or funding concentration as compared to only 56 percent in 2015. However, the article also states that overall loan performance appears favorable, as indicated by the near record low level of the industry’s past due and nonaccrual (PDNA) ratio (that is, loans 30 days or more past due or in nonaccrual status as a percentage of total loans). As of June 30, 2017, the PDNA ratio for all institutions was 1.84 percent, down 29 basis points from a year ago.
According to the agency’s “Semiannual Risk Perspective,” released on Jan. 18, 2018, the Office of the Comptroller of the Currency (OCC) has identified credit, operational, and compliance risks as the primary concerns for the federal banking system.
The report notes that asset quality remains strong and underwriting is “acceptable.” However, the credit environment continues to be influenced by aggressive competition, tighter spreads, and slowing loan growth, which are driving incremental easing in underwriting practices and increasing concentrations in certain loan portfolios.
The report also notes that operational risk remains elevated due to cybersecurity threats and third-party relationships.
Finally, the OCC reports that compliance risk remains elevated as banks struggle to manage money laundering risks. In addition, Bank Secrecy Act and anti-money laundering compliance risk management systems may not be keeping pace with evolving risks and resource constraints.
On Feb. 15, 2018, the National Credit Union Administration (NCUA) board voted to declare a $736 million distribution in the form of a pro rata dividend to eligible financial institutions, which include:
- “Active federally insured credit unions as of December 31, 2017;
- “Newly chartered federally insured credit unions that filed at least one Call Report for a reporting period in 2017 [which is the calendar year for which the board has declared a distribution];
- “Financial institutions that converted to federal share insurance during 2017, provided they filed at least one Call Report as a federally insured credit union for a reporting period in 2017;
- “Credit unions that converted to private insurance, provided they filed at least one Call Report as a federally insured credit union for a reporting period in 2017; and
- “Liquidation estates, provided the liquidated credit unions filed at least one Call Report as federally insured credit unions for a reporting period in 2017.”
The NCUA estimates the distribution will be paid in the third quarter of 2018.
The final rule, “Requirements for Insurance; National Credit Union Share Insurance Fund Equity Distributions,” will be effective 30 days after publication in the Federal Register. In addition, the NCUA has issued FAQs regarding the distribution.
On Jan. 16, 2018, the CFPB announced that it intends to reconsider its rule regarding short-term, small-dollar loans – that is, the Payday, Vehicle Title, and Certain High-Cost Installment Loans rule (known as the “Payday rule”). The Payday rule was finalized in October 2017 and is effective Jan. 16, 2018; however, most provisions do not require compliance until Aug. 19, 2019.
The Payday rule requires that before making short or long-term balloon payment loans (which are generally loans that require repayment of the entire debt at one time), lenders must reasonably determine that consumers have the ability to repay those loans, including payday and vehicle title loans, according to their terms. Because multiple failed withdrawal attempts from a consumer bank account can create additional burdens for the consumer, the rule also prohibits the practice of attempting withdrawals from consumer bank accounts after two consecutive payment attempts have failed, unless the consumer provides authorization to do so.
Under existing accounting guidance, deferred tax assets and liabilities (DTAs and DTLs) must be adjusted for tax law changes in the reporting period of the tax law’s enactment, and the effect must be included in income from continuing operations. This guidance is applicable even in situations in which the related income tax effects of items in accumulated other comprehensive income (AOCI) were originally recognized in other comprehensive income. After the issuance of tax reform law known as the Tax Cuts and Jobs Act, stakeholders raised the issue to the FASB that applying this guidance would cause the tax effects of items within AOCI not to reflect the appropriate tax rates, resulting in “stranded tax effects.”
In an expedited response, on Feb. 14, 2018, the FASB issued Accounting Standards Update (ASU) 2018-02, “Income Statement – Reporting Comprehensive Income (Topic 220): Reclassification of Certain Tax Effects From Accumulated Other Comprehensive Income.” It allows institutions to elect to reclassify the stranded tax effects from AOCI to retained earnings, limited only to amounts in AOCI that are affected by the tax reform law. This can include remeasuring DTAs (and related valuation allowances that were not originally charged to income from continuing operations) and DTLs related to items presented in AOCI at the newly enacted tax rate and other income tax effects on items remaining in AOCI.
Early adoption is permitted, and it is expected that many institutions will early adopt the ASU because the tax rate change was effective on Dec. 22, 2017. For those institutions that do not elect to early adopt, the ASU is effective for fiscal years beginning after Dec. 15, 2018, and interim periods within, which is March 31, 2019, interim financial statements for calendar year-ends. Certain disclosures are required in the period of adoption.
The FASB has addressed six implementation questions related to tax reform, resulting in the issuance of one ASU (2018-02), as previously noted, and five FASB Staff Q&As. The FASB Staff Q&A “Topic 740, No. 1: Whether Private Companies and Not-for-Profit Entities Can Apply SAB 118” was issued on Jan. 12, 2018.
The remaining four draft FASB Staff Q&As were discussed at the Jan. 18, 2018, Emerging Issues Task Force meeting. The staff noted it received minor changes. (Refer to “FASB Addresses Tax Reform Accounting Issues” in the “Financial Institutions Executive Briefing” dated Jan. 19, 2018.)
On Jan. 22, 2018, the FASB finalized the following Staff Q&As:
- “Topic 740, No. 2: Whether to Discount the Tax Liability on the Deemed Repatriation”
- “Topic 740, No. 3: Whether to Discount Alternative Minimum Tax Credits That Become Refundable”
- “Topic 740, No. 4: Accounting for the Base Erosion Anti-Abuse Tax”
- “Topic 740, No. 5: Accounting for Global Intangible Low-Taxed Income”
In its first standard of the year, issued Jan. 25, 2018, ASU 2018-01, “Leases (Topic 842): Land Easement Practical Expedient for Transition to Topic 842,” the FASB simplified transition to the lease accounting guidance specifically for land easements. A land easement is “a right to use, access, or cross another entity’s land for a specified purpose,” often referred to as a “right-of-way.” The simplification is for entities that apply existing accounting guidance other than Topic 840, “Leases.” Some entities use Topic 350, “Intangibles – Goodwill and Other,” or Topic 360, “Property, Plant, and Equipment,” to account for land easements, and for those entities, assessing whether existing or expired land easements meet the definition of a lease under the new guidance in Topic 842 would be costly and complex.
With the simplification in ASU 2018-01, entities may elect a practical expedient in transition for land easements that were not previously accounted for under Topic 840. For those existing or expired land easements only, the practical expedient allows entities to forego the lease evaluation under Topic 842 and continue applying current accounting policies. New or modified land easements will be evaluated prospectively under Topic 842.
This ASU effective date is consistent with ASU 2016-02, “Leases (Topic 842),” which generally is first effective for calendar year-end public business entities in the March 31, 2019, interim financial statements.
On Feb. 20, 2018, the FASB issued an exposure draft, “Derivatives and Hedging (Topic 815): Inclusion of the Overnight Index Swap (OIS) Rate Based on the Secured Overnight Financing Rate (SOFR) as a Benchmark Interest Rate for Hedge Accounting Purposes.” Benchmark interest rates frequently are used in accounting hedge designations of existing or forecasted issuances or purchases of fixed-rate financial assets or liabilities. The proposal to add OIS based on SOFR as a benchmark rate was at the request of the Federal Reserve Board and Federal Reserve Bank Alternative Reference Rates Committee due to concerns for the sustainability of the London Interbank Offered Rate (Libor).
Existing benchmarks under Topic 815 include U.S. Treasury, the Libor swap rate, the OIS rate based on the Fed Funds Effective Rate, and the Securities Industry and Financial Markets Association (SIFMA) Municipal Swap Rate. The OIS rate based on SOFR would be the fifth U.S. benchmark rate. Similar to the Fed Funds OIS rate, which is a swap rate based on the underlying overnight Fed Funds Effective Rate, the OIS rate based on SOFR will be a swap rate based on the underlying overnight SOFR rate.
Including the OIS based on SOFR as a benchmark interest rate will help institutions transition away from Libor by providing an alternative rate. The exposure draft does not yet include an effective date.
On Feb. 21, 2018, the SEC released interpretive guidance on cybersecurity disclosures, “Commission Statement and Guidance on Public Company Cybersecurity Disclosures.” The guidance includes the SEC’s views on cybersecurity risk and incident disclosure obligations under existing securities laws, including on Forms 10-K, 10-Q, and 8-K. It goes beyond what is included in the Division of Corporation Finance’s (Corp Fin’s) “Disclosure Guidance: Topic No. 2,” issued in 2011, by emphasizing the need for disclosure controls and procedures for material cybersecurity events and for insider trading policies in the context of nonpublic cyber event information. The guidance is for both companies that have experienced cyberattacks and those that may not yet have been the target of a cyberattack.
The guidance enumerates the applicable disclosure rules and related matters for public companies to consider as they evaluate their cybersecurity disclosures. It includes the SEC’s expectations for detailed, timely, accurate, and specific disclosure as well as acceptable and unacceptable limitations of cybersecurity disclosures.
In SEC Chairman Jay Clayton’s statement, he shared that Corp Fin will remain focused on registrants’ disclosures in this area as part of its filing reviews.
In testimony on distributed ledger technologies including cryptocurrencies and initial coin offerings (ICOs), Clayton emphasized the role and responsibilities of professional gatekeepers to protect Main Street investors in the securities markets. Speaking before the Senate Committee on Banking, Housing, and Urban Affairs on Feb. 6, 2018, Clayton said that to the extent that ICOs represent an offer and sale of securities (and he believes most do), they are subject to the securities laws. However, many ICOs are not currently being conducted under the securities laws, and, therefore, investors in those offerings are not benefiting from the protections offered by those laws. The SEC is seeking to enforce the securities laws for ICOs as evidenced by recent enforcement actions referenced in Clayton’s testimony. Cryptocurrencies, on the other hand, are more akin to money than a security and are not under the SEC’s jurisdiction.
Also, on Jan. 22, 2018, prior to testifying before the Senate committee, Clayton delivered opening remarks at the Securities Regulation Institute, where he provided his expectations for market professionals in the ICO space.
On Feb. 1, 2018, William Hinman, director of Corp Fin, delivered the keynote address at the Practising Law Institute’s Seventeenth Annual Institute on Securities Regulation in Europe. In his address, Hinman covered recent Corp Fin actions that reflect efforts to facilitate capital formation in the public markets, such as these:
- Expanding the confidential review process to all issuers conducting initial public offerings, initial Securities Act and Exchange Act registrations, and certain follow-on offerings within a year of initial registration
- Allowing non-EGCs (non-emerging growth companies), in addition to EGCs, to omit annual and interim financial information that they reasonably believe will not be required when the registration statement is filed publicly
- Assisting companies with the pay ratio disclosure by providing guidance for the calculation and use of statistical sampling
- Clarifying certain Form 8-K filing requirements related to implementing recent tax reform
- Reminding entities of the option to submit requests to Corp Fin under Rule 3-13 of Regulation S-X for modified financial statements
As for future Corp Fin actions, Hinman signaled that the following are on the agenda:
- Disclosure guidance for cybersecurity risks and incidents
- Rulemaking recommendations to raise the smaller reporting company (SRC) threshold, which potentially would allow more companies to qualify as SRCs
- Rulemaking recommendations for disclosure simplification across a broad array of existing SEC rules and guidance
- Proposal recommendations for financial statements of other entities, such as Rule 3-05 (for significant acquired entities) and Rule 3-10 (for guarantors) of Regulation S-X
- Recommendations to update Industry Guide 3 for financial institutions
On Feb. 15, 2018, the SEC announced that Kyle Moffatt is the new Corp Fin chief accountant. He has been the acting chief accountant since January, and prior to that he was an associate director in Corp Fin’s disclosure review program.
The AICPA released a paper, “SOC 2 Examinations and SOC for Cybersecurity Examinations: Understanding the Key Distinctions,” to clarify the differences between a System and Organization Controls (SOC) for cybersecurity examination (that is, an examination based on the AICPA’s attestation guide, “Reporting on an Entity’s Cybersecurity Risk Management Program and Controls”) and a SOC 2 examination. According to the paper, both examinations can provide useful information about an entity’s cybersecurity risk management program and related controls, but key differences exist.
The SOC for cybersecurity examination guide was released by the AICPA on April 26, 2017, as one of three parts in a framework for reporting on an entity’s cybersecurity risk management program and controls. A SOC for cybersecurity examination addresses an entity’s cybersecurity risk management program and controls, and the examination report is designed to be a general use report, which means the report is not restricted to specified parties. This type of examination requires a description of an entity’s cybersecurity risk management program and controls that satisfies the AICPA’s “Description Criteria for Management’s Description of an Entity’s Cybersecurity Risk Management Program.”
The SOC 2 examination, on the other hand, addresses controls at a service organization (that is, a third-party service provider) that cover the service organization’s systems used to process a particular entity’s data or information, and the report typically is restricted to specified users. In addition, the SOC 2 examination is specific to pre-established control criteria (that is, the AICPA’s trust services criteria) that address data security, availability, processing integrity, confidentiality, or privacy.