Financial Institutions Executive Briefing 4-15-2015

| 4/15/2015


The Financial Institutions Executive Briefing offers updates on financial reporting, governance, and risk management topics from Crowe. In each issue of this electronic newsletter, you will find abstracts of recent standard-setting activities and regulatory developments affecting financial institutions.

From the Federal Financial Institution Regulators

Cybersecurity Self-Assessment Tool in Development

The Federal Financial Institutions Examination Council (FFIEC) on March 17, 2015, announced its cybersecurity priorities for the rest of the year. Based on last year’s pilot assessment of cybersecurity readiness at 500 financial institutions, the FFIEC identified seven areas of concentration where additional tools and process enhancements for cybersecurity are warranted.

As part of this focus, the FFIEC is developing a tool for financial institutions to assess their own readiness to identify, mitigate, and respond to cyberthreats. The other six areas involve the FFIEC enhancing its own incident analysis, crisis management, training, policy development, technology service provider strategy, and collaboration capabilities.

Cyberattack Warnings Issued for Destructive Malware and Compromised Credentials

The FFIEC on March 30, 2015, issued two statements warning of the increasing risks of cyberattacks related to destructive malware and cyberattacks that compromise customers’ online credentials. The statements do not contain any new regulatory expectations.

The malware statement notes that bankers should prepare to ensure business continuity and the rapid recovery, resumption, and maintenance of the institution’s operations after a malware attack. The statement identifies the following steps that financial institutions should consider implementing to protect against effects of malware: 

  • Configure systems and services securely.
  • Review, update, and test plans for incident response and business continuity.
  • Perform ongoing assessments of information security risk.
  • Conduct security monitoring, prevention, and risk mitigation.
  • Protect against access by unauthorized users.
  • Regularly implement and test critical systems controls.
  • Enhance programs for information security awareness and training.
  • Participate in information-sharing forums conducted throughout the industry.

According to the statement on cyberattacks compromising credentials, cybercriminals increasingly are targeting customers’ online credentials and account login information, which may be stolen through a variety of means and used to commit fraud. The statement suggests that financial institutions should design numerous layers of security controls to create several lines of defense and make certain that their risk management processes address the risks posed by compromised credentials. The statement further identifies steps to be considered:

  • Perform ongoing assessments of information security risk.
  • Conduct security monitoring, prevention, and risk mitigation.
  • Protect against access by unauthorized users.
  • Regularly implement and test critical systems controls.
  • Enhance programs for information security awareness and training.
  • Participate in information-sharing forums conducted throughout the industry.

Reminder for AOCI Calculation Election Issued

The Federal Deposit Insurance Corp. (FDIC) issued Financial Institution Letter FIL-12-2015, “Regulatory Capital Rules: Accumulated Other Comprehensive Income (AOCI) Opt-Out Election,” on March 23, 2015, to remind banks not subject to the rules for advanced approaches risk-based capital (under Basel III) that they may choose to calculate regulatory capital using the treatment for AOCI permitted in the FDIC's general regulatory capital rules in effect prior to Jan. 1, 2015. In the letter, the FDIC points out that this is a permanent one-time opt-out election that must be made on Schedule RC-R of the March 31, 2015, call report.

The letter also says that, in accordance with the rules in effect prior to Jan. 1, 2015, entities making the opt-out election are required to add to common equity tier one capital any net unrealized losses and subtract any net unrealized gains on available-for-sale debt securities. Additionally, any net unrealized losses on available-for-sale equity securities must be included in common equity tier one capital.

Small Bank Holding Company Policy Revised by Fed

On April 9, 2015, the Federal Reserve (Fed) issued a final rule, “Small Bank Holding Company Policy Statement; Capital Adequacy of Board-Regulated Institutions; Bank Holding Companies; Savings and Loan Holding Companies,” in response to legislation enacted on Dec. 18, 2014. The Fed had issued a press release on Jan. 29, 2015, with a notice of proposed rule-making and changes to reporting requirements.  

The final rule raises the asset threshold of the Small Bank Holding Company Policy Statement from $500 million to $1 billion in total consolidated assets, and it expands the policy statement’s application to savings and loan holding companies. Holding companies still must meet qualitative requirements related to nonbanking activities, off-balance-sheet activities, and publicly registered debt and equity.

The final rule is effective 30 days after publication in the Federal Register.

As noted in the attachments accompanying the Jan. 29 press release, the Fed has used its authority through the emergency review process of the Paperwork Reduction Act to relieve the regulatory reporting burden for holding companies that have less than $1 billion in total consolidated assets and meet the qualitative requirements. For those holding companies, the board has eliminated the quarterly consolidated financial reporting requirements (FR Y-9C, “Consolidated Financial Statements for Holding Companies”) and instead requires parent-only financial statements (FR Y-9SP, “Parent Company Only Financial Statements for Small Holding Companies”). The change allows approximately 483 bank holding companies and 40 savings and loan holding companies with consolidated assets of $500 million to $1 billion to file the less complex, parent-only FR Y-9SP semiannually instead of the consolidated FR Y-9C quarterly. Without this relief, those holding companies would have become subject to revised capital reporting requirements for the first time on March 31, 2015, and the reporting requirements would apply for only a few months until the regular clearance process could be completed.

The Fed filed a request with the Office of Management and Budget to make these changes effective on March 31, 2015, and has updated its instructions for reporting Form FR Y-9C and instructions for reporting Form FR Y-9LP. The changes are effective for six months. During this time, the Fed will complete the notice and comment process. In the final rule issued on April 9, the Fed notes the pending changes to the reporting requirements and, because the comment period for those changes closed on April 6, indicates it will consider all comments on the proposed changes to the reporting requirements before finalization.

March Issue of “The NCUA Report” Published

On March 18, 2015, the National Credit Union Administration (NCUA) posted the March 2015 issue of “The NCUA Report.” This issue includes columns from NCUA board members and articles from several NCUA offices on the NCUA’s initiatives and information on supervisory, regulatory, and compliance issues.

Articles in this month’s report include: 

  • “Funnel Accounts: A Funny Name, but a Serious Concern”
  • “Vice Chairman Metsger’s Perspective: Charter Choice and the Law of Natural Selection”
  • “Board Actions: NCUA Board Proposes $100 Million Threshold for Regulatory Relief”
  • “A Quick Guide for New Supervisory Committee Members”
  • “Cyber Vulnerabilities and the Real Exposures”

From the Consumer Financial Protection Bureau (CFPB)

Exam Issues Documented

The CFPB issued on March 11, 2015, its winter 2015 “Supervisory Highlights” report outlining several areas of concern its examiners identified related to deposits, mortgage origination, fair lending, consumer reporting, and debt collection covering the period from July 2014 through December 2014.

Examiners also uncovered instances of weak compliance management systems, including inadequate board and employee training as well as social media advertisements by loan originators that failed to include required disclosures.

Consumer Stories Included in Complaint Database

On March 19, 2015, the CFPB finalized its plans to add consumers’ narratives to the publicly available material in its consumer complaint database.

Under the plan, which is similar to the one proposed last summer, complainants must opt in to have their stories published and may opt out at any time. Personally identifiable information would be concealed in the customer narrative and company response.

A company subject to a complaint would be given an opportunity to post one of nine optional structured responses that would appear next to a customer’s story. The CFPB also issued a request for comments on ways to incorporate positive feedback about companies independent from the complaint database.

Comments are due within 60 days of publication in the Federal Register.

From George Mason University’s Mercatus Center

Number of Small Banks Shrinking

Researchers at George Mason University’s Mercatus Center report in a study, “Small Banks by the Numbers, 2000-2014,” published March 17, 2015, that the number of community banks has fallen by 28 percent since 2000, with approximately half of that decline coming since the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act. In examining reasons for the decline, the researchers identified both market forces and regulatory pressure.

“While bank concentration itself is not bad, increasing regulatory burdens should not be the driver of regulatory consolidation,” the researchers said. “To the extent this trend is driven by regulation – not market forces – it is troubling, since small banks are important members of the financial industry and of the local communities they serve.”

From the Financial Accounting Standards Board (FASB)

One-Year Deferral of the New Revenue Recognition Standard Proposed

On April 1, 2015, the FASB voted for a one-year deferral of the effective date of the new revenue recognition standard, Accounting Standards Update (ASU) No. 2014-09, “Revenue From Contracts With Customers (Topic 606),” for both public and nonpublic entities.

The proposed deferral would cause the ASU to be effective for public entities for reporting periods beginning after Dec. 15, 2017 – changed from Dec. 15, 2016 – including interim reporting periods. Public entities would be permitted to adopt the standard as of the original effective date – that is, beginning after Dec. 15, 2016. For nonpublic entities, the ASU would be effective for annual reporting periods beginning after Dec. 15, 2018 – changed from Dec. 15, 2017 – and interim periods within annual reporting periods beginning after Dec. 15, 2019. Nonpublic entities would be permitted to adopt the standard as of the original effective date for public companies – that is, beginning after Dec. 15, 2016.

The FASB plans to issue an exposure draft with a 30-day comment period.

Guidance Published on the Presentation of Debt Issue Costs

As part of its simplification initiative, the FASB issued ASU 2015-03, “Interest – Imputation of Interest (Subtopic 835-30): Simplifying the Presentation of Debt Issuance Costs,” on April 7, 2015. The ASU requires that “debt issuance costs related to a recognized debt liability be presented in the balance sheet as a direct deduction from the carrying amount of that debt liability, consistent with debt discounts.” The amendments do not change the recognition and measurement guidance for debt issuance costs.

For public business entities, the amendments are effective for financial statements issued for fiscal years beginning after Dec. 15, 2015, and interim periods within those fiscal years. For all other entities, the amendments are effective for financial statements issued for fiscal years beginning after Dec. 15, 2015, and interim periods within fiscal years beginning after Dec. 15, 2016. Early adoption is permitted.

The amendments are to be applied on a retrospective basis, with the period-specific effects of applying the new guidance reflected on the balance sheet of each period presented. Upon transition, the applicable disclosures for a change in an accounting principle should be followed, including disclosing the nature of and reason for the change and describing the method of transition, the retrospectively adjusted prior-period information, and the effect of the change on the financial statement line items. 

From the Securities and Exchange Commission (SEC)

Capital Formation Discussed by SEC Commissioner

On March 27, 2015, SEC Commissioner Daniel M. Gallagher spoke at Vanderbilt Law School’s 17th Annual Law and Business Conference. Gallagher discussed key capital formation issues facing the SEC, including the recent adoption of Regulation A+ and existing exemptions within Regulation D. Gallagher provided the following insights:

  • “[T]he [SEC] was finally able to adopt changes to Regulation A to substantially resolve several of the key issues that previously afflicted the rule.”
  • “[The adopted changes to Regulation A are] not as good as they could have been. Three years after the law was enacted, we should have exercised our clear authority under the [Jumpstart Our Business Startups (JOBS) Act] to raise the offering limit to $75 million. We should have deemed Regulation A’s semiannual reporting to be ‘reasonably current’ for purposes of Rules 15c2-11, 144, and 144A. And, we should have allowed reporting issuers to use Regulation A.”
  • “I was delighted to see the SEC’s Advisory Committee on Small and Emerging Companies take up the issue of secondary market liquidity for small company shares, in particular the Committee’s emphasis on venture exchanges. There also appears to be sincere interest in this idea by the [SEC], and it has been a hot topic in Congress lately. Simply put, there is a real need to pursue venture exchanges for small companies.”
  • “Despite all the attention paid to Rule 506 offerings, there are two other small issues exemptions in Regulation D. Rules 504 and 505 permit capital raises of up to $1 million and $5 million, respectively – the former with general solicitation if registered with the states, and the latter without. The available data show that these rules are infrequently used; issuers much prefer to use Rule 506 for offerings of any size. This is, I believe, directly attributable to the lack of state law preemption. To fix these rules, we need to better balance the costs and benefits of each of these exemptions.”

Gallagher further highlighted that “given the substantial changes in technology and the markets since [Regulation D was originally adopted in 1982], … it may be time to identify if there are other ways to balance access to capital and investor protection, giving issuers other choices when raising capital.” His speech also emphasized other possible improvements to capital formation, including lessening the burden on smaller companies of SEC reporting requirements.

New Rules Adopted for Smaller Companies’ Access to Capital

As mandated by Title IV of the JOBS Act, on March 25, 2015, the SEC adopted final rules to facilitate smaller companies’ access to capital. The new rules, known as Regulation A+, update and expand Regulation A, which exempts smaller issuers of securities from registration. The revised exemption allows smaller companies to offer and sell up to $50 million of securities in a 12-month period, subject to certain eligibility, disclosure, and reporting requirements.

The new rules create a two-tiered system:

  • Tier one, for offerings of securities of up to $20 million in a 12-month period, with not more than $6 million in offers by selling security-holders that are affiliated with the issuer
  • Tier two, for offerings of securities of up to $50 million in a 12-month period, with not more than $15 million in offers by selling security-holders that are affiliated with the issuer

In addition to certain basic requirements that both tiers are subject to, tier two offerings also are subject to additional disclosure and ongoing reporting requirements. The exemption would not be available to certain investment companies or to companies that are already SEC reporting companies.

The rules will be effective 60 days after publication in the Federal Register.

Guidance Issued on Disqualification Waivers

The SEC’s Division of Corporation Finance (Corp Fin) staff issued on March 13, 2015, “Waivers of Disqualification Under Regulation A and Rules 505 and 506 of Regulation D,” which provides insights into Corp Fin’s process for granting disqualification waivers under Regulation A and Rules 505 and 506 of Regulation D under the Securities Act.

The guidance describes the following factors Corp Fin considers when granting waivers:

  • The nature of the violation or conviction and whether it involved the offer and sale of securities
  • Whether the conduct involved a criminal conviction or scienter-based violation, as opposed to a civil or administrative non-scienter based violation
  • Persons responsible for the misconduct
  • Duration of the misconduct
  • The remedial steps that have been taken
  • The severity of the impact on the issuer or third parties, such as investors, clients, or customers, if the waiver request is not granted

International Cooperation, Disclosure Effectiveness, and Global Accounting Standards Discussed by SEC Commissioner

SEC Commissioner Kara M. Stein spoke at the Brooklyn Law School International Business Law Breakfast Roundtable on March 26, 2015, about the importance of international cooperation in regulating the securities markets.

Stein further highlighted that Corp Fin is leading a project to examine the effectiveness of corporate disclosures that has grown from eliminating disclosure overload to addressing whether there is a “need to enhance, improve, and in some cases add disclosure.”

In addition, Stein discussed the debate regarding convergence of U.S. generally accepted accounting principles (GAAP) and International Financial Reporting Standards. She noted the appeal of one set of universally accepted accounting standards but added that the debate “needs to move on.” She said, “In practice and in reality, accounting standards may vary between jurisdictions due to legal and cultural factors, as well as differences in perspective."

Broker-Dealer Rule Amendments Proposed

On March 25, 2015, the SEC proposed amendments to Rule 15b9-1 of the Securities Exchange Act of 1934 that would require broker-dealers participating in off-exchange trading to become members of a national securities association. The goal of these amendments is to increase regulatory oversight of active proprietary trading firms, such as high-frequency traders.

The proposed amendments would narrow an exemption that currently exempts certain broker-dealers from having to join a national securities association if they are members of a national securities exchange, carry no customer accounts, and have annual gross income of no more than $1,000 that is derived from securities transactions effected otherwise than on a national securities exchange of which they are a member.

The proposed amendments would narrow the exemption to target broker-dealers with a business focused on an exchange floor and over which that exchange oversees their entire trading activity. The proposal also would eliminate the current proprietary trading exemption and replace it with one that would accommodate a floor-based dealer’s off-exchange transactions that are solely for the purpose of hedging the risks of its floor-based activities.

Comments are due within 60 days of publication in the Federal Register.

“2015 GAAP Financial Reporting Taxonomy” Adopted

On March 9, 2015, the SEC adopted the “2015 U.S. GAAP Financial Reporting Taxonomy.” The 2015 taxonomy includes updates for newly issued accounting standards and other improvements.

From the SEC Historical Society

“COSO at 30 Years” Presented by SEC Historical Society

The SEC Historical Society will hold a live audio broadcast discussion of “COSO at Thirty Years” on April 16, 2015, to recognize the 30th anniversary of the formation of the National Commission on Fraudulent Financial Reporting, known as the Treadway Commission. Dr. Mark Beasley, North Carolina State University, will moderate the program, which also will feature David Lansittel, chair emeritus, Committee of Sponsoring Organizations of the Treadway Commission (COSO); Larry Rittenberg, chair emeritus, COSO, and emeritus professor of accounting, University of Wisconsin; and Richard Steinberg, Steinberg Governance Advisors Inc.

The program is free and accessible worldwide without prior registration and will be recorded and made available afterward. A transcript also will be prepared and added to the SEC Historical Society website.

From the American Institute of Certified Public Accountants (AICPA)

Disclosures Regarding Uncertain Tax Positions Clarified

To clarify guidance regarding uncertain tax positions for nonpublic entities, the AICPA deleted its nonauthoritative guidance, which had been included in Technical Question and Answer Section 5250.15, “Application of Certain FASB Interpretation No. 48 (Codified in FASB ASC 740-10) Disclosure Requirements to Nonpublic Entities That Do Not Have Uncertain Tax Positions.” The guidance had said that nonpublic entities are required to make certain disclosures regardless of whether the entities have uncertain tax positions. During a Private Company Council (PCC) meeting in February, PCC and FASB members concluded that such disclosures, specifically the requirement to disclose the number of years that remain open subject to a tax examination, are necessary only if an entity has uncertain tax positions.

Contact us

Sydney Garmong
Sydney Garmong
Office Managing Partner, Washington, D.C.