CAQ issues cybersecurity tool; agencies propose capital rules changes 

| 4/20/2018
FIEB promo image

Current financial reporting, governance, and risk management topics

From the Federal Financial Institution Regulators

Banking Agencies Propose Revisions to Capital Rules for Credit Losses

On April 17, 2018, the banking agencies, including the Board of Governors of the Federal Reserve System (Fed), the Federal Deposit Insurance Corp. (FDIC), and the Office of the Comptroller of the Currency (OCC), proposed revisions to the regulatory capital requirements to address implementation of the credit losses accounting standard – that is, the current expected credit loss (CECL) method. The proposed rule-making is intended to address challenges in capital planning for CECL implementation, including the uncertainty of economic conditions at the time of adoption.

The proposal includes the following:

  • The identification of credit losses under CECL that would be included in regulatory capital, which is defined by a new term, “allowance for credit losses” (ACL). ACL includes the allowance amounts under CECL recorded as a charge against earnings (or retained earnings upon adoption of CECL). This definition would be narrower than the allowance for expected credit losses recorded under GAAP.
    • ACL would replace the regulatory capital term used under the previous incurred loss model which was the “allowance for loan and lease losses” (ALLL).
    • ACL would include, for example, the allowance on loans and held-to-maturity debt securities.
    • ACL would be eligible for inclusion in tier 2 capital, subject to the current limit for including ALLL in tier 2 capital (up to 1.25 percent of its standardized total risk-weighted assets, excluding its standardized market risk-weighted assets, if applicable).
    • ACL would not include allowances on purchased credit deteriorated (PCD) assets and available-for-sale (AFS) debt securities, and those amounts would be treated differently for regulatory capital purposes. Those allowances would not be included in tier 2 capital, and the carrying value of PCD assets and AFS debt securities would be net of allowances, for risk-weighted assets.
     
  • An option to phase in the day-one regulatory capital effects of CECL over three years (the “CECL transition provision”). The mechanics of the CECL transition provision are illustrated on pages 22-26, including a numerical illustration on page 25, “Table 1: Example of a CECL Transition Provision Schedule.”
    • The day-one effect would not be recalculated for business combinations taking place during that three-year period.
     
  • A requirement to exclude CECL provisioning from stress testing until the 2020 stress-test cycle (with earlier cycles calculated using the incurred loss model).

For calendar year-end institutions, adoption of CECL is allowed as early as the first quarter of 2019, and public business entities (PBEs) that are SEC filers will adopt it in the first quarter of 2020.

The agencies are seeking responses for 60 days after publication in the Federal Register.

FFIEC Issues Joint Statement on Cyber Insurance

The Federal Financial Institutions Examination Council (FFIEC) agencies issued a joint statement on April 10, 2018, to describe matters that financial institutions should consider if they are determining whether to use cyber insurance as a component of their risk management programs.

The release reminded financial institutions that the FFIEC does not require cyber insurance; however, cyber insurance could offset financial losses from a variety of cybersecurity-related exposures.

According to the statement, financial institutions should assess the scope of coverage of current insurance and consider how cyber insurance may fit into their overall risk management framework. The agencies said that cyber insurance may be a component of a broader risk management strategy that includes identifying, measuring, mitigating, and monitoring cyberrisk exposure.

FDIC Publishes 2018 Performance Plan

On March 14, 2018, the FDIC released its “2018 Annual Performance Plan,” which details objectives and performance measures for the upcoming year. Chairman Martin J. Gruenberg shared in his opening message to the report that in addition to fulfilling its core mission responsibilities during 2018, the FDIC will have “increased attention to cybersecurity and other new, technology-related risks in insured depository institutions.” The main strategic goals identified in the report address protection of insured depositors from loss without recourse; safety and soundness of FDIC-insured institutions; protection of consumers’ rights; bankruptcy resolution for large and complex financial institutions; and orderly resolutions and effective management of receiverships.

Banking Agencies Approve Increase to Appraisal Threshold for Commercial Real Estate

The Fed, the FDIC, and the OCC jointly issued, on April 2, 2018, a final rule increasing the appraisal threshold from $250,000 to $500,000 for commercial real estate (CRE) transactions. The agencies concluded that the new threshold will materially reduce regulatory burden and significantly reduce the number of CRE transactions requiring an appraisal but will not harmfully affect financial institutions’ safety and soundness. Under the final rule, banks will be allowed to use an evaluation, which will provide a market value estimate of the real estate, for exempt CRE transactions.

The rule became effective on April 9, 2018.

From the Consumer Finance Protection Bureau (CFPB)

CFPB Updates Small-Entity Compliance Guide for New Rules

On March 29, 2018, the CFPB updated the small-entity compliance guide to incorporate the changes made by a March 8, 2018 final rule for mortgage servicing. The guide, updated periodically, is designed to help financial institutions understand, implement, and comply with CFPB mortgage servicing rules. These latest updates include information on the new single-statement exemption when servicers provide modified or unmodified periodic statements and coupon books to consumers involved in bankruptcy proceedings. In addition, the CFPB created a mortgage servicing coverage chart for reference.

From the Financial Crimes Enforcement Network (FinCEN)

FinCEN Publishes FAQs on Customer Due Diligence Requirements

On April 3, 2018, FinCEN issued comprehensive answers to frequently asked questions to assist financial institutions in understanding the scope of customer due diligence requirements under the Bank Secrecy Act. In the introduction to the FAQs, FinCEN reminds financial institutions that regardless of the interpretations provided in the document, financial institutions need to consider whether to open or close an account or file a suspicious activity report if they have reasonable suspicion that a customer is attempting to evade beneficial interest or other customer due diligence requirements.

From the Government Accountability Office (GAO)

GAO Report Urges Regulatory Collaboration on Fintech

In a report issued on March 22, 2018, the GAO, in response to a request by Congress, addressed four major financial technology (fintech) product and service areas – payments, lending, wealth and financial advice, and distributed ledger technology. The report, “Additional Steps by Regulators Could Better Protect Consumers and Aid Regulatory Oversight,” provides GAO findings on the benefits, risks, and regulatory protections for users of fintech services and highlights efforts U.S. regulators have undertaken to oversee fintech activities and challenges with the regulatory process.

The GAO conducted more than 120 interviews with representatives from fintech providers, financial institutions, trade associations, state and federal financial regulators, and other related groups. The report found that while the emergence of fintech products has produced benefits, risks could correspondingly grow for some segments of the industry that regulators do not routinely examine. It notes that while regulators have taken corrective steps, opportunities remain to improve collaboration in line with GAO’s leading practices. The GAO provides recommendations for U.S. federal financial regulators to improve collaboration and their oversight of innovative fintech activities and encourages the adoption of some efforts already being used by regulators abroad.

From the Financial Accounting Standards Board (FASB)

FASAC Holds Quarterly Meeting

On March 20, 2018, the Financial Accounting Standards Advisory Council (FASAC) held its quarterly meeting of 2018 to discuss income tax accounting related to tax reform as well as implementation of the revenue recognition standard.

Among the observations regarding accounting for tax reform were:

  • Support for the FASB’s actions to provide guidance subsequent to the Dec. 22, 2017, Tax Cuts and Jobs Act and support for continuing to monitor certain accounting and disclosures in this area
  • Support for continued work on the FASB’s disclosure review project on income taxes and its research project on simplifications to accounting for income taxes

The discussion on revenue recognition implementation centered around initial and recurring costs of implementing the new standard, and observations included the following:

  • For some, the initial costs were somewhere higher than expected because of the need to review all contracts and revenue streams, even if the change in guidance did not result in a change in accounting treatment.
  • Some preparers were able to use existing information technology systems without modification.
  • For some, the contract review process provided value to their companies by identifying contract terms that could be negotiated differently.
  • Members anticipate that recurring costs will be substantially lower and may generate savings.

From the Securities and Exchange Commission (SEC)

Commissioner Jackson Addresses Cybersecurity

In a speech on March 15, 2018, Commissioner Robert Jackson Jr. discussed cyberrisk and the limited amount of disclosure that is provided by public companies related to cyberattacks. He shared a recommendation to his colleagues that Form 8-K requirements governing cybersecurity events should be re-evaluated. He also highlighted the need for policies and procedures to deter insider trading on nonpublic cybersecurity information as well as the risk of hackers profiting from their own cyberattacks. In addition, he covered the requirement to develop internal controls to address cybersecurity, which will require lawyers (and other professionals) to interact with IT experts.

Corp Fin Updates Non-GAAP Guidance

The SEC’s Division of Corporation Finance (Corp Fin) updated its Compliance and Disclosure Interpretations (C&DIs) on Non-GAAP Financial Measures on April 4, 2018, by adding two questions related to business combinations. The new answers clarify when certain forecasts disclosed by registrants would not meet the definition of a non-GAAP measure.

From the Public Company Accounting Oversight Board (PCAOB)

Swears in Final PCAOB Member

The SEC appointed the PCAOB chairman and four new board members on Dec. 12, 2017, and the last member, Duane M. DesParte, was sworn in on April 9, 2018. DesParte is one of two certified public accountants currently on the board.

PCAOB Seeks Input on Strategic Plan

The newly appointed board is seeking feedback from the public on its priorities over the next five-year cycle. On April 17, 2018, the PCAOB released a survey to gather views from external parties interested in the work of the board, including investors, auditors, preparers, audit committee members, and academics.

From the Center for Audit Quality (CAQ)

CAQ Releases Tool for Boards of Directors on Cybersecurity

On April 12, 2018, the CAQ released a new tool, “Cybersecurity Risk Management Oversight: A Tool for Board Members,” that board members can use to enhance their oversight of enterprisewide cybersecurity risk management. The tool includes questions that boards can ask management and financial statement auditors (or other CPA firms, depending on the engagement type).

The tool is organized into four sections:

  • Understanding how the financial statement auditor considers cybersecurity – in the context of financial statement and, if applicable, internal control over financial reporting audits

  • Understanding the role of management and responsibilities of the financial statement auditor related to cybersecurity disclosures – of both cybersecurity incidents and cybersecurity programs

  • Understanding management’s approach to cybersecurity risk management – including whether a framework has been used to design a cybersecurity risk management program
  • Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management – including independence considerations for entities subject to SEC independence rules and their financial statement auditors

CAQ Releases Audit Committee Tool for the Leases Accounting Standard

On April 4, 2018, the CAQ released a new tool, “Preparing for the Leases Accounting Standard: A Tool for Audit Committees,” that audit committees can use to enhance their oversight of management’s implementation of Accounting Standards Codification Topic 842, “Leases,” which begins to take effect for many public companies in January 2019. The tool includes questions that audit committees can ask management and their auditors, and is organized into four sections:

  • Understanding the new leases standard – identifying all contracts with leases and, for lessees, measurement of the new right-of-use asset and lease liability

  • Evaluating the company’s impact assessment – addressing disclosure of the expected impact on the financial statements as well as the impact on debt covenants, income tax effects, investor relations, regulatory compliance, and other considerations

  • Evaluating the implementation project plan – including an evaluation of the timeline, the corporate culture and resources, involvement of key stakeholders, accounting policies and judgments, and systems and controls

  • Other implementation considerations – including transition methods and disclosure requirements

Contact us

Sydney Garmong
Sydney Garmong
Office Managing Partner, Washington, D.C.