The Financial Institutions Executive Briefing offers updates on financial reporting, governance, and risk management topics from Crowe. In each issue of this electronic newsletter, you will find abstracts of recent standard-setting activities and regulatory developments affecting financial institutions.
Based on a 2014 pilot cybersecurity assessment of more than 500 financial institutions, the Federal Financial Institutions Examination Council (FFIEC) developed and released on June 30, 2015, a free Cybersecurity Assessment Tool to aid financial institutions of all sizes in identifying the cyberrisks they face and assessing their preparedness. The FFIEC plans to update the assessment as the cyberrisk environment evolves and to continue to solicit public comments on the assessment.
The tool includes a profile of inherent risks that correlate to individual financial institutions’ characteristics, such as technology profile, product lines, and size. In addition, it includes a self-assessment template for five dimensions of cybersecurity maturity and instructions for evaluating and understanding results. The tool also allows users to map the maturity levels to the National Institute of Standards and Technology’s voluntary cybersecurity benchmarks.
The Offices of Inspector General (IG) of the Federal Deposit Insurance Corp., the Federal Reserve, the Consumer Financial Protection Bureau (CFPB), the Office of the Comptroller of the Currency (OCC), and the National Credit Union Administration (NCUA) released a June 2015 report titled “Coordination of Responsibilities Among the Consumer Financial Protection Bureau and the Prudential Regulators – Limited Scope Review” summarizing their findings and recommendations on how the agencies are coordinating their regulatory activities. Generally, the IG offices noted that activities are in accordance with the Dodd-Frank Wall Street Reform and Consumer Protection Act and an interagency memorandum of understanding; however, they did identify several opportunities for improved coordination, including these:
- More simultaneous exams
- Better communication regarding matters identified in supervisory letters
- Development of a standard CFPB process for notifying the prudential regulators about potential consumer compliance lapses by the entities they supervise
- Quicker notification to prudential regulators when the CFPB seeks information from entities it does not directly supervise
In its “Semiannual Risk Perspective for Spring 2015” report released June 30, 2015, as a resource to financial institutions, examiners, and the public, the OCC identified nine areas of focus for midsize and community bank supervision considering the environment of high-credit, strategic, compliance, and operational risk.
The priorities identified in the report are governance and oversight, credit underwriting, overall regulatory compliance, cyberthreats, operational risk, Bank Secrecy Act/anti-money laundering compliance, fair access, responsiveness to matters requiring attention, and interest-rate risk.
Data in the report is presented in four sections: operating environment, bank condition, key risk issues, and regulatory actions.
At the Prudential Bank Regulation Conference held in Washington, D.C., on June 9, 2015, Comptroller of the Currency Thomas Curry said that the OCC looks to both boards of directors and senior management to set a tone at a bank that “encourages ethical and responsible behavior and demands individual accountability.” Curry also said that they must “articulate what the institution stands for” and set boundaries of unacceptable behavior.
Curry explained that the OCC does not “expect directors to manage the bank, but we do expect the board to look at high-level issues that relate to culture, from the compensation structure to how management deals with deviations from the standards the board has established.”
The OCC on June 15, 2015, released updates to its “Comptroller’s Handbook” guidance on residential real estate lending, replacing previous guidance and exam procedures issued in 1990, 1998, and 2011. The new booklet consolidates national bank and thrift guidance; provides examiner guidance on assessing residential real estate risk management; incorporates changes to production, servicing, collections, and foreclosures; and includes the CFPB’s mortgage rules.
At a June 18, 2015, board meeting, the NCUA proposed extensive changes to its member business loans rule. The proposal would replace the current rule’s limitations on collateral and security requirements, equity requirements, and loan limits. Proposed changes include these:
- Credit union loan officers would be able to waive a personal guarantee.
- Explicit loan-to-value limits would be removed, as would the need for a waiver process.
- Limits on construction and development loans would be removed.
- It would be made clear that nonmember loan participations will not count against the statutory member business lending cap.
In announcing the proposed changes, NCUA Chair Debbie Matz said, “It’s appropriate to move away from prescriptive regulatory limits to general principles providing credit unions with greater flexibility to serve their member businesses.
Comments are due 60 days after publication in the Federal Register.
The NCUA released on June 23, 2015, its 2014 annual report offering highlights of the agency’s year.
The NCUA’s initiatives and accomplishments for 2014 focused on:
- Modernizing rules to address emerging risks to the federally insured credit union system
- Reducing regulatory burden for credit unions by changing or eliminating – without jeopardizing safety and soundness – regulations that limit flexibility and growth
- Ensuring the system’s safety and soundness
- Managing resolution of the 2008-2010 corporate credit union crisis
- Helping credit unions to acclimate and succeed in a changing environment
- Protecting consumers, expanding access to affordable financial services, and increasing financial literacy
- Fostering transparency and developing strategic partnerships
- Becoming an employer of choice
- Being a model corporate steward
The report also provides an assessment of how well the NCUA has met its goals and objectives. Additionally, the report includes the audited financial statements of each of the NCUA’s four permanent funds and a section of historical data.
The Basel Committee issued on June 22, 2015, “Net Stable Funding Ratio Disclosure Standards,” providing a common format for internationally active banks to disclose the required NSFRs, which is planned to take effect in January 2018, subsequent to rulemaking in individual countries. The NSFR is to be reported quarterly, concurrently with financial reports.
The NSFR standard, which was finalized by the Basel Committee in October 2014, is a long-term liquidity measurement included in the Basel III liquidity standards that complements the shorter-term measure of cash flow liquidity coverage ratio. The ratio is calculated by dividing available stable funding by the minimum required amount of stable funding and must be equal to or greater than one.
On June 23, 2015, the CFPB issued its “Supervisory Highlights” report covering the first four months of 2015. The report outlines several areas of concern its examiners identified including mortgage origination and servicing, fair lending, debt collection, student loan servicing, and consumer reporting.
The report discloses CFPB findings related to:
- Illegal dual tracking of foreclosures and applications for loss mitigation
- Illegal runarounds with applications for loss mitigation
- Disregarded debt collection complaints
- Consumer reporting agencies’ accuracy problems
- Fair lending violations
The CFPB issued on June 24, 2015, a proposal to delay the effective date of the Truth in Lending Act (TILA) and Real Estate Settlement Procedures Act (RESPA) integrated disclosures to Oct. 3, 2015. The CFPB attributed its decision in part to an administrative error in which it failed to notify Congress 60 days prior to the rule taking effect as required by law. In addition, according to the press release, the CFPB also “believes that moving the effective date may benefit both industry and consumers with a smoother transition to the new rules.” The proposed effective date is on a Saturday in an effort to provide the industry time over a weekend to reconfigure and test systems.
Comments were due July 7, 2015.
The CFPB announced on June 25, 2015, that it published in its public database the first 7,700 narratives that consumers opted to have accompany their complaints. Since narratives were added in March, more than half of consumers submitting complaints have chosen to reveal their narratives. Complaint topics include issues with mortgages, bank accounts, credit cards, and debt collection. All personal identifying information is removed from the narratives, which are searchable in several ways within the database including by product name or feature, by specific company practices, and by state.
Related to these complaints, the CFPB published a notice in the Federal Register seeking comments on plans to develop a portal by which members of Congress, their staffs, and state agencies can access individual complaints. Through this portal, congressional offices and agencies would be able to search by company and complaint topic and also export complaint data.
Comments are due Aug. 24, 2015.
Simplifications to Employee Share-Based Accounting Proposed
The FASB issued a proposed Accounting Standards Update (ASU), “Compensation – Stock Compensation (Topic 718): Improvements to Employee Share-Based Payment Accounting,” on June 8, 2015. The proposed guidance addresses, among other topics, income tax consequences, awards classification, and classification on the statement of cash flows. The proposed amendments also would eliminate the guidance in Topic 718, “Compensation – Stock Compensation,” that had been indefinitely deferred.
Proposed changes to the recognition and measurement of share-based payment transactions generally would transition to the new guidance through a cumulative-effect adjustment to equity as of the beginning of the annual period in which the guidance is effective. The amendments for the accounting for excess tax benefits and tax deficiencies and the practical expedient for estimating the expected term would be applied prospectively. The proposed changes to the classification on the statement of cash flows would be applied retrospectively. Transition disclosures including the nature and reason for the change in accounting principle also would be required. Certain of the proposals would apply only to nonpublic entities.
Comments are due Aug. 14, 2015.
In April 2015, the FASB issued for comment a proposed ASU, “Revenue From Contracts With Customers (Topic 606): Deferral of the Effective Date,” which would defer the effective date of its new revenue recognition standard by one year. At its meeting on July 9, 2015, the FASB voted to approve this deferral.
The final ASU will permit public organizations to apply the new revenue standard to annual reporting periods beginning after Dec. 15, 2017. Nonpublic organizations will be permitted to apply the new revenue standard to annual reporting periods beginning after Dec. 15, 2018. Entities may still adopt the guidance early; however, they may not adopt it before the original public organization effective date of annual periods beginning after Dec. 15, 2016.
The FASB and International Accounting Standards Board (IASB) met on June 22, 2015, to discuss issues arising from meetings of the joint Transition Resource Group for Revenue Recognition. At the June 22 meeting, the FASB and IASB decided to propose amendments for the following principal versus agent considerations guidance in FASB Topic 606 and International Financial Reporting Standard (IFRS) 15, “Revenue From Contracts With Customers”:
- Unit of account – to make clear that a specified good or service is a distinct good or service and, depending on the circumstances, a specified good or service may be a right to an underlying good or service to be provided by another party
- Application of the control principle – to clarify the application of the control principle in the context of services
- Control indicators – to make clear the role of the indicators in paragraph 606-10-55-39 of Topic 606 and paragraph B37 of IFRS 15 and specifically: (a) that the indicators help in the evaluation of control rather than override or replace the control evaluation; (b) how each indicator relates to the control principle; and (c) that in different contracts one or more indicators may be more or less relevant to the control evaluation
Comments Sought on Audit Committee Disclosures
On July 1, 2015, the SEC issued for public comment “Possible Revisions to Audit Committee Disclosures,” a concept release on current audit committee disclosure requirements – specifically the committee’s oversight of independent auditors. The SEC wishes to obtain information about the audit committee and auditor relationship and whether improvement to the information provided to investors about the audit committee’s responsibilities and activities would be beneficial.
The majority of audit committee disclosure requirements are located in Item 407 of Regulation S-K as adopted in 1999. Since 1999, the role and responsibilities of audit committees have gone through significant changes because of new regulations and laws, Public Company Accounting Oversight Board (PCAOB) requirements, improved listing requirements, and other general changes in practice.
Comments are due 60 days after publication in the Federal Register.
The SEC on July 1, 2015, proposed rules aimed at national securities exchanges and associations. Under the proposed new Rule 10D-1, listed companies would have to create and enforce policies requiring current and former executive officers to repay incentive-based compensation if they would not have received the compensation based on the restatement.
The clawback period would be three fiscal years preceding the date of the restatement, and recovery would be required without regard to fault. The proposed rules also would require disclosure of listed companies’ recovery policies and their actions under those policies.
Comments are due 60 days after publication in the Federal Register.
The staff in the Division of Corporation Finance (Corp Fin) of the SEC announced on June 5, 2015, that it will begin releasing correspondence with issuers relating to Securities Act registration statements that are not selected for review. The release of such correspondence will be done through the Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system beginning with registration statements that have an effective date of July 1, 2015, or later. Corp Fin indicated that this change in process on the “no-review” letters is to increase the transparency of its filing review program.
On June 18, 2015, the SEC staff issued “Amendments to Regulation A: A Small Entity Compliance Guide,” which summarizes amendments to Regulation A issued in March 2015 by the SEC. These amendments, which were effective June 19, 2015, implement Section 401 of the Jumpstart Our Business Startups Act by expanding Regulation A into two tiers: (a) Tier 1, for securities offerings of up to $20 million in a 12-month period; and (b) Tier 2, for securities offerings of up to $50 million in a 12-month period.
Topics addressed in this guide include:
- Summary of Regulation A
- Scope of exemption
- Offering statement
- Solicitation of interest materials
- Ongoing reporting
- Bad actor disqualification
- Relationship with state securities law
- Transition issues
Corp Fin staff issued updates to the following Compliance and Disclosure Interpretations (C&DIs) on June 23, 2015:
- Securities Act rules (new questions 182.01-182.11)
- Securities Act forms (withdrawn questions 128.01 and 128.03)
The SEC issued on June 12, 2015, “Request for Comment on Exchange-Traded Products” for comments related to the listing and trading of new, novel, or complex exchange-traded products (ETPs) and the sales of these products by broker-dealers. The request centers on matters arising when a market participant seeks exemptions to trade a new ETP or when a securities exchange wants to establish standards for listing new ETPs.
The request for comment focusses on:
- ETP arbitrage mechanisms and market pricing
- Legal exemptions and other regulatory positions related to ETP trading
- ETP securities exchange listing standards
- Broker-dealer sales practices and investor understanding and use of ETPs
Comments are due Aug. 17, 2015.
The SEC has upgraded its EDGAR System Filer Manual, effective June 29, 2015. As a result, the EDGAR system no longer supports the 2013 generally accepted accounting principles financial reporting taxonomy or the 2013 Exchanges taxonomies. Companies should use the most recent version of taxonomy releases for their eXtensible Business Reporting Language exhibits so that the most current tags related to new accounting standards and other improvements are used.
The PCAOB issued a concept release on June 30, 2015, asking for comments on the content and possible uses of audit quality indicators (AQIs). According to the release, AQIs may inform and enhance discussions among audit committees, audit firms, investors, regulators, and all those interested in the financial reporting process. Such discussions could improve audits and create competition among audit firms based on the quality of work and not just fees.
The PCAOB seeks comments on 28 potential AQIs, covering measures in three general areas:
- Audit professionals – the availability, competence, and focus of auditors
- Audit process – an audit firm’s tone at the top and leadership, incentives, independence, investment in infrastructure needed to support quality auditing, and monitoring and remediation activities
- Audit results – financial statements (such as measures of financial reporting quality and the number and impact of restatements), internal control over financial reporting, going concern reporting, auditor and audit committee communications, and enforcement and litigation
Comments are due Sept. 29, 2015.
Comments Sought on New PCAOB Form for Disclosure of Engagement Partner and Other Participants in the Audit
On June 30, 2015, the PCAOB issued a supplemental request for comment on whether to require firms to file a new form, PCAOB Form AP, “Auditor Reporting of Certain Audit Participants,” to disclose the name of the engagement partner and information about certain other audit participants.
In response to concern over increased risk of auditor liability or litigation, the proposed Form AP is an alternative to the PCAOB’s 2013 proposal to require disclosure in the auditor’s report of the engagement partner’s name and information about certain other participants in the audit.
The forms would be posted and made searchable on the PCAOB’s website, and in addition to filing Form AP, auditors could voluntarily provide the same disclosures in the auditor’s report in order to create additional transparency for investors and other market participants about who is responsible for performing an audit.
Comments are due Aug. 31, 2015.
On July 7, 2015, COSO published a new white paper, “Leveraging COSO Across the Three Lines of Defense.” The COSO “Internal Control – Integrated Framework” outlines the components, principles, and factors necessary for effective risk management, and this white paper expands on the guidance by addressing how specific duties and roles should be assigned.
The Three Lines of Defense model, as described in the white paper, encourages clearly defining responsibilities for three aspects of risk: (1) functions that own and manage risks, (2) risk control and compliance functions that monitor risks, and (3) internal audit, which provides independent assurance on the effectiveness of control and compliance functions. The paper then assigns the corresponding framework principles into each of the three lines.