Current financial reporting, governance, and risk management topics
From the Federal Financial Institution Regulators
Banking Agencies Host Call to Discuss Proposed Rule for CECL Transition and Regulatory Capital
On May 15, 2018, the Federal Deposit Insurance Corp., the Office of the Comptroller of the Currency (OCC), and the Board of Governors of the Federal Reserve System hosted an interagency conference call to discuss the proposed changes to their capital rules in response to the adoption of the current expected credit loss (CECL) model.
Topics included the following:
- The definition of a new term, “allowance for credit losses” (ACL)
- The revised definition of “carrying value” for available-for-sale (AFS) debt securities and purchased credit deteriorated (PCD) assets
- The mechanics of the proposed CECL transition provision for regulatory capital
- The new disclosure and regulatory reporting requirements
On April 17, 2018, the banking agencies issued rel="noopener noreferrer" a proposed rule revising the regulatory capital requirements to address implementation of the credit losses accounting standard (that is, the CECL model).
The proposed rule was posted in the Federal Register on May 14, 2018. Comments are due July 13, 2018, which is 60 days after posting in the Federal Register.
NCUA Revises Stress-Testing Rule Requirements for Credit Unions
The National Credit rel="noopener noreferrer" Union Administration (NCUA) board approved a final rule on April 19, 2018, adjusting the asset thresholds and capital plan requirements that apply to credit unions with assets of $10 billion or more. Under the final rule, tier one (those with less than $15 billion in assets) and tier two credit unions (those with assets between $15 billion and $20 billion) will continue to develop annual capital plans, but those plans no longer will need to be submitted to the NCUA by May 31 each year. The plans for these credit unions instead will be reviewed as part of the supervisory examination process. Credit unions with assets greater than $20 billion (that is, tier three) will continue to submit capital plans that must be approved by the NCUA.
Additionally, stress-testing requirements under the final rule also are tiered. Tier one credit unions are not subject to any stress-testing requirements. In contrast, tier two and tier three credit unions are required to conduct stress testing, although tier two covered credit unions are not subject to a 5 percent minimum stress-test capital threshold. Last, under the final rule, the NCUA no longer will be required to conduct the annual supervisory stress tests on applicable covered credit unions. Rather, the covered credit unions will conduct the stress tests.
The final rule is effective June 1, 2018.
OCC Releases Recovery Planning Booklet for Large Banks
The OCC released a new booklet, “Recovery Planning,” part of the “Comptroller’s Handbook,” on April 26, 2018. A recovery plan gives a financial institution a framework to use when responding to a large-scale stress event such as significant financial losses, fraud, material litigation, certain cyberattacks, and natural disasters. The booklet explains the recovery planning guidelines (as set forth in “OCC Guidelines Establishing Standards for Recovery Planning by Certain Large Insured National Banks, Insured Federal Savings Associations, and Insured Federal Branches”) that apply to certain banks, including those with average total consolidated assets of $50 billion or more, and contains guidance for OCC examiners.
From the Consumer Finance Protection Bureau (CFPB)
CFPB Approves Final Amended Rule for TRID
On April 26, 2018, the CFPB finalized an amendment to the Truth in Lending Act and Real Estate Settlement Procedures Act (TILA-RESPA) integrated disclosure (TRID) rules. The amendment relates to when a creditor may compare charges paid by or imposed on the consumer to amounts disclosed on a closing disclosure (CD), instead of a loan estimate, to determine if an estimated closing cost was disclosed in good faith.
The amended rule also removes the four-business-day limit that was in the initial TRID rule with regard to providing a CD to reset tolerances and determine if an estimated closing cost was disclosed in good faith. The amended rule is effective June 1, 2018.
From the Financial Accounting Standards Board (FASB)
FASB Announces TRG for Credit Losses Meeting
The Transition Resource Group (TRG) for Credit Losses will meet with the FASB on June 11, 2018, to discuss issues related to the implementation of the credit losses standard (that is, Accounting Standards Update (ASU) No. 2016-13, “Financial Instruments – Credit Losses rel="noopener noreferrer" (Topic 326): Measurement of Credit Losses on Financial Instruments”).
Meeting materials will be posted to the TRG’s Meetings page in advance of the meeting.
FASB Supersedes Obsolete Deferred Tax Guidance for Financial Institutions
On May 7, 2018, the FASB issued ASU 2018-06, “Codification Improvements to Topic 942, Financial Services – Depository and Lending.” It supersedes guidance that originated from the OCC’s Banking Circular 202, “Accounting for Net Deferred Tax Charges,” which limits the net deferred tax debits that could be carried on a financial institution’s balance sheet for regulatory purposes to the amount that would be coverable by the net operating losses carrybacks. Because the OCC previously rescinded this guidance, it is no longer relevant.
No significant change in current practice is expected, and the final ASU is effective immediately.
From the Securities and Exchange Commission (SEC)
Chief Accountant Discusses FASB Role, New Standards, Non-GAAP, Market Risk Disclosures, Audit Firm Governance
SEC Chief Accountant Wesley Bricker addressed the 2018 Baruch College Financial Reporting Conference on May 3, 2018. He began by sharing his view on the objective of general purpose financial reporting and how the FASB’s general purpose financial reporting standards are formulated to meet that objective. He then contrasted general purpose financial reporting with special purpose financial reporting – noting that the latter fulfills more limited purposes – and observed that both types of financial reporting best serve their intended purpose when their objectives are kept separate.
He next touched on the new accounting standards on revenue, leases, and credit losses as well as the SEC staff guidance related to income tax reform, discussing how these changes will strengthen the overall financial reporting system. In addition, he briefly mentioned the new requirement to record the fair value changes of equity securities in the income statement rather than through other comprehensive income (OCI) as a result of ASU 2016-01, “Financial Instruments – Overall (Subtopic 825-10): Recognition and Measurement of Financial Assets and Financial Liabilities,” which is effective for public companies beginning in 2018. For companies that choose to present non-GAAP information related to this change, he emphasized “non-GAAP reporting may supplement but is not a substitute for GAAP reporting.”
Further, on non-GAAP measures, Bricker noted the requirement to have disclosure controls and procedures that would “prevent error, manipulation, or mischief with the numbers” and “a policy that addresses how any changes in the non-GAAP measure will be reported and how corrections of errors will be evaluated.” He encouraged audit committees that do not already do so to “review the [non-GAAP] metrics to understand how management evaluates performance, whether the metrics are consistently prepared and presented from period to period, and the related disclosure policies.”
In light of the recent rise in market interest rates, he reminded both audit committees and management of the market risk disclosure requirements, noting that some companies’ financial statements are particularly sensitive to market factors including market liquidity and pricing.
Bricker asked the audience to consider commenting on the May 2 rule proposal on auditor independence, known as the “Loan Provision.” The proposal seeks to identify lending relationships between the auditor and the equity owners of audit clients that could impair or appear to impair auditor objectivity and impartiality.
On the topic of audit firm governance, Bricker noted the need for constant efforts to “maintain and nurture trust.” He observed the largest accounting firms have appointed or are appointing independent directors or advisory council members and voluntarily produce audit quality reports to communicate “about the design of an audit firm’s governance and culture.”
SEC Proposes Changes to Auditor Independence for Certain Lending Relationships (the “Loan Provision”)
On June 20, 2016, the SEC issued a no-action letter to an investment management company stating that, if certain conditions were met, the SEC would not recommend enforcement action even though the company’s funds were not in compliance with the “Loan Provision” found in Rule 2-01 of Regulation S-X. The provision specifically relates to determining whether an auditor is independent when the auditor has a lending relationship with certain shareholders of rel="noopener noreferrer" the audit client. Subsequent to the release of the no-action letter, registrants and auditors rel="noopener noreferrer" continue to seek clarification from the SEC on various aspects of the provision.
On May 2, 2018, the SEC proposed a rule, “Auditor Independence With Respect to Certain Loans or Debtor-Creditor Relationships,” that would revise guidance on the Loan Provision. Covering both the audit and professional engagement periods, the proposal would revise the analysis to determine independence as follows:
- Center only on beneficial ownership, thus removing the owners of record (such as financial institutions and broker-dealers that register shares for the benefit of customers) from the analysis.
- Establish a new “significant influence” test to replace the 10 percent bright-line shareholder ownership test.
- Add a “known through reasonable inquiry” standard to identify beneficial equity owners.
- Revise, for a fund, the definition of “audit client” to exclude funds that would be considered rel="noopener noreferrer" affiliates of the audit client.
Comments are due July 9, 2018.
Corp Fin Director Testifies Before Congress
On April 26, 2018, Division of Corporation Finance (Corp Fin) Director William Hinman testified before the U.S. House of Representatives about Corp Fin activities. He covered the filing review process as well as recent initiatives and upcoming priorities for Corp Fin.
Hinman said that upcoming priorities for Corp Fin include the following recommendations for the SEC:
- Raise the “smaller reporting company” (SRC) threshold from $75 million to $250 million in public float, or if no public float, less than $100 million in revenue (which would be an increase from $50 million), which would allow more companies to apply the scaled disclosure requirements for SRCs.
- Update and simplify disclosure requirements in Regulations S-X and S-K, including industry guides.
- Extend the “test the waters” provision from the Jumpstart Our Business Startups Act to non-emerging growth companies, which would allow companies to communicate with potential investors meeting certain criteria before or following rel="noopener noreferrer" the filing of a registration statement.
From the Public Company Accounting Oversight Board (PCAOB)
PCAOB Releases Annual Report for 2017
On May 2, 2018, the PCAOB made public the 2017 annual report that it submitted to the SEC, as required by the Sarbanes-Oxley Act of 2002. The report provides an overview of the board’s activities for 2017, including public accounting firm registrations, inspections, standard setting, and enforcement actions, rel="noopener noreferrer" in addition to its audited financial statements and notes for 2017.
From the Center for Audit Quality (CAQ)
Executive Director Shares Insights on the Revised Auditor’s Reporting Model (ARM)
In an April 3, 2018, post on the National Association of Corporate Directors’ Board Leaders’ Blog, CAQ Executive Director Cindy Fornelli summarized insights about the updated ARM gleaned from participation in the “Challenges Facing the Audit Profession” panel during the American Accounting Association’s 2018 Auditing Section Midyear Meeting. In the post, Fornelli presented opportunities, challenges, and strategies for success related to the updated ARM.
The possibility for investor insight is identified as one of three opportunities for the revised auditor’s report. Challenges of the updated ARM include the potential for boilerplate language, the temptation for management to interfere with audit committee and external auditor communication, and the tension between management and the auditors based on what they want to disclose.
Finally, strategies for implementing the revised ARM successfully include maintaining an open dialogue between auditors and audit committees, rel="noopener noreferrer" doing preliminary testing of the revised model, and paying close attention to the post-implementation review.
From the American Institute of CPAs (AICPA)
AICPA Issues a Comparison of Cybersecurity Guidance
On April 13, 2018, the AICPA issued a comparison of its guidance (for both public and private entities) and the SEC’s guidance (for public companies) on cybersecurity, “Communications of Cybersecurity Incidents: Comparison Between SEC Release 33-10459 and the AICPA’s Cybersecurity Risk Management Framework.” In the comparison, the AICPA identifies the following similarities:
- Both describe cybersecurity processes and controls that should be designed and implemented for a robust cybersecurity risk management program.
- Both support the need for a robust program to manage an entity’s unique cybersecurity risks.
- Both include criteria for processes and controls necessary to effectively communicate material cybersecurity events to key shareholders.
- Both recognize that senior management and the board of directors should have effective oversight over the processes and controls in the program, including:
- Setting the “tone at the top” that cybersecurity matters are important
- Assessing identified deficiencies
- Monitoring the results of in-house cybersecurity controls evaluations
- Overseeing corrective actions
A difference noted in the comparison is that the SEC’s guidance addresses the need for corporate insiders to refrain from making selective disclosures of material nonpublic rel="noopener noreferrer" information about cybersecurity risks or incidents. That requirement is not included in the AICPA’s framework.
From the Institute of Internal Auditors (IIA)
Report Describes Data and Audit Risks of Artificial Intelligence Systems
On April 26, 2018, the Internal Audit Foundation issued a report titled “Artificial Intelligence: The Data Below” highlighting the differences between artificial intelligence (AI) or machine learning systems and static or standard IT systems and describing the data risks and unique audit considerations for AI systems.
In the report, data is identified as a significant component of AI systems. As AI systems evolve, many more risks relate to data as compared to static systems, which results in different answers as the data changes or more data is introduced. Machine learning systems provide results based on predictability and probabilities rather than correctness, which adds to challenges in auditing this type of system.
The report also identifies specific audit issues, risks related to those issues, and potential inquiries for auditors to consider for those matters.
