November 2023 financial reporting, governance, and risk management

| 11/15/2023
November 2023 financial reporting, governance, and risk management

Message from John Epperson, Managing Principal, Financial Services

Dear FIEB readers,

We lead off the month with a piece of personal risk management advice: Don’t take that backyard Thanksgiving football game too seriously!

Personal risk management aside, stakeholders in the world of financial reporting, governance, and risk management have their eyes on the markets, interest rates, and inflation. While we have good news on inflation, uncertainty still exists about where interest rates will go and if inflation will continue to ease.

Last week, we began our annual 2023 Crowe Financial Services Conferences occurring in seven locations. We kicked off with Chicago and Sonoma, California, and now we head to Dallas. After Thanksgiving, we are hosting in New York, Atlanta, Columbus, Ohio, and Indianapolis. Registration is available for the various in-person locations, all including 11.0 hours of CPE credit. We hope you are able to join us. If you are not able to attend in person, we hope you can join our webinar, on Dec. 15, for 3.0 hours of CPE – registration will open soon.

Finally, we’re excited to announce that the Financial Institutions Executive Briefing homepage has a new look starting this month to match the updated FIEB email. We’ll continue providing timely financial reporting, governance, risk management, and compliance updates for financial institutions as always, but we hope the new design is a welcome refresh for readers.

We wish you and yours a very happy Thanksgiving.

Sign up to receive updates on financial reporting, governance, risk management, and compliance issues.
Takeaways from the 2023 AICPA & CIMA credit union conference

AICPA & CIMA hold credit union conference

The annual American Institute of Certified Public Accountants (AICPA) and Chartered Institute of Management Accountants (CIMA) Conference on Credit Unions was held Oct. 23-25, 2023, and included remarks from representatives of the National Credit Union Administration (NCUA), the Financial Accounting Standards Board (FASB), and others.

The conference focused on the current economic environment, including liquidity concerns and costs of funds in a high-interest-rate environment. Fintech, payment modernization, and artificial intelligence (AI) were common themes throughout the conference, including how technology has affected the credit union industry and will continue to do so.

Industry hot topics such as current expected credit losses (CECL), collateral assignment split-dollar policies, and employee retention credits were covered. Other topics included hedging and derivatives, regulatory compliance, and mergers and acquisitions.

As in prior years, Crowe has issued a comprehensive report covering key takeaways from the conference with economic, accounting, and industry insights.

From the federal financial institution regulators

Fed governor remarks on regulation of digital assets

On Oct. 17, 2023, Federal Reserve (Fed) Gov. Michelle Bowman spoke to a roundtable presented by the Program on International Financial Systems on responsible innovation in money and payments, including the regulation of crypto assets. Bowman expressed skepticism on the benefits of a U.S. central bank digital currency and warned of unintended harm to consumers and risks to financial stability outside of regulatory authority. On technological innovations in wholesale payments, she noted the risks and operational complexities of integrating a digital ledger to facilitate high-value interbank transactions. While reiterating that the Fed remains open to continued innovation and improvement, Bowman emphasized the importance of thoroughly analyzing risks and trade-offs of new technology and ensuring that any new solution is truly needed and beneficial to users.

Fed issues financial stability report

The Fed issued its semiannual financial stability report in October, summarizing its observations on the stability and vulnerabilities of the U.S. financial system. The report noted the overall continued resilience of the banking system, citing the consistency of risk-based capital ratios with historical metrics as well as domestic banks’ ample liquidity and limited reliance on short-term wholesale funding. Conversely, the report also observed heightened vulnerability related to funding strains and notable declines in the fair value of longer-maturity, fixed-rate assets due to high interest rates.

The report summarized perceived risks to U.S. financial stability. Among the most-cited risks were those associated with persistent inflation leading to monetary tightening, potential losses in commercial and residential real estate, banking-sector stress, market liquidity strains and volatility, and economic weakness in China.

CFPB proposes data-sharing rule

On Oct. 19, 2023, the Consumer Financial Protection Bureau (CFPB) issued a long-anticipated and comprehensive proposed rule on personal financial data rights and protection. With the goal of promoting fair and open industry competition and enhanced consumer protections, the proposed rule would set forth privacy protection obligations for third parties accessing consumer data, ban companies from charging customers for electronic access to their own personal finance data, and provide users with the right to grant – or revoke – third-party access to their own data. The proposal also contains provisions to shift the industry away from the practice of screen scraping, to decrease sharing of consumer credentials and prevent the overcollection of consumer data.

Comments are due Dec. 29, 2023.

Bank regulators release final CRA rules

On Oct. 24, 2023, the Fed, the Federal Deposit Insurance Corp. (FDIC), and the Office of the Comptroller of the Currency (OCC) jointly released a final rule to modernize the regulations of the Community Reinvestment Act (CRA).

Among other provisions, the final rule establishes a revised evaluation framework whereby banks will be subject to different performance tests to assess their engagement with low- to moderate-income communities.

  • Large banks (with assets of at least $2 billion) face the most comprehensive evaluation and will be subject to:
    • The retail lending test
    • The retail services and products test
    • The community development financing test
    • The community development services test
  • Intermediate banks (with assets of at least $600 million and less than $2 billion) will be subject to:
    • The retail lending test
    • Either the intermediate bank community development test or the community development financing test, whichever they elect
  • Small banks (with assets of less than $600 million) will be subject to either the small-bank lending test or the retail lending test, whichever they elect.
  • Limited-purpose banks will be subject to the community development financing test for limited-purpose banks.

Notably, retail activities and community development activities will be given equal weight in assessments of large banks.

Consistent with the proposal, the final rule generally expands the geographic areas by which an institution’s services are assessed. For example, the final rule’s retail lending test creates a new category of assessment area for large banks: Assessment is triggered by a loan count threshold of 150 closed-end home mortgage loans or 400 small-business loans in each of the two prior calendar years. The test also establishes an outside retail lending area investment assessment, consisting of the nationwide area outside of facility-based assessment areas and applicable retail lending areas (excluding certain nonmetropolitan counties). In addition to providing a more comprehensive view of a bank’s retail lending to low- and moderate-income communities, the outside retail lending area assessment helps address the growth of mobile and online banking services. In addition, a bank’s digital delivery systems and remote service facilities will be considered under the retail services and products test for banks with more than $10 billion in assets as well as for other large banks if they do not operate physical branches or if they elect for such services to be assessed.

The final rule clarifies eligible categories of community development activities. It calls for the agencies to provide continuously updated lists of examples of qualifying community development activities and to evaluate the extent to which such activities are impactful and responsive to the community’s needs. The rule also imposes certain new data collection, maintenance, and reporting requirements on large banks.

The regulatory agencies were split on support for the final rule, with the Fed board voting 6-1 in favor and the FDIC board voting 3-2 in favor. While proponents on the boards stated that the final rule would encourage banks to expand needed services to low- and moderate-income communities and ensure the CRA’s continued relevance, dissenters stated that the new rule would overly complicate existing evaluation frameworks and disincentivize service offerings in certain communities.

Covered entities will be required to adopt most of the rule’s requirements beginning Jan. 1, 2026. Other requirements, including data reporting requirements, take effect on Jan. 1, 2027.

Banking agencies issue guidance for large banks on climate-related financial risk

On Oct. 24, 2023, the Fed, the FDIC, and the OCC released final interagency guidance on climate-related financial risk management for institutions with more than $100 billion in total consolidated assets. The guidance establishes general principles for institutions to follow as they monitor and manage physical and transition risks related to climate change. These principles include oversight of board governance and management, creation of formal policies and limits over climate-related risks, consideration of climate risks in strategic planning, development of processes to monitor and control climate-related risks, and use of data and scenario analyses. In analyzing relevant risks, institutions should consider credit risk, liquidity risk, operational risk, legal and compliance risk, and other financial and nonfinancial risks.

From the White House

President issues executive order on artificial intelligence

On Oct. 30, 2023, President Joe Biden issued an executive order establishing new standards for government use of AI. The order establishes guidelines for how government agencies use personal data, and it strengthens privacy guidance for federal agencies. The order also mandates the secretary of the U.S. Department of the Treasury to issue, within 150 days, a public report on best practices for financial institutions to manage AI-specific cybersecurity risks.

Broadly, agencies are encouraged to establish limits and safeguards to promote the responsible use of AI rather than impose general bans. The executive order encourages the Federal Housing Finance Agency and the CFPB to implement new AI usage regulations on the entities under their purview and to evaluate underwriting models, collateral valuation, and appraisal processes for underlying bias against protected groups. The agencies also are encouraged to address, within 180 days, the use of data leading to discriminatory outcomes for tenant screening systems as well as the use of algorithms to determine advertising delivery on digital platforms. The order also recommends that independent regulatory agencies consider issuing rules or guidance to address the risks and responsibilities presented by AI.

From the Financial Accounting Standards Board (FASB)

FASB discusses profit interest awards

At its Nov. 1, 2023 board meeting, the FASB discussed proposed Accounting Standards Update (ASU), “Compensation – Stock Compensation (Topic 718): Scope Application of Profits Interest Awards.” The board affirmed its decision that the amendments apply to all entities and to awards to both employees and nonemployees. The board also decided to revise the proposed illustrative example but to not address additional award characteristics or additional improvements to stock compensation guidance. The board agreed that entities should apply the amendments either retrospectively or prospectively with disclosure of the nature of and reason for the change in accounting principle. The staff will draft a final ASU for vote.

The proposed effective date for public business entities will be fiscal years beginning after Dec. 15, 2024, and interim periods within those fiscal years. For all other entities, the amendments will be effective one year later. Early adoption will be permitted.

From the Securities and Exchange Commission (SEC)

SEC proposes ban on volume-based exchange transaction pricing for national market system stocks

On Oct. 18, 2023, the SEC issued a proposed rule to restrict volume-based transaction pricing offered by national securities exchanges. Under the proposal rule, exchanges would be prohibited from offering volume-based transaction pricing when executing agency orders. Exchanges would be subject to anti-evasion clauses when executing member proprietary orders to facilitate members’ compliance with the prohibition on agency orders. In addition, they would be required to maintain written policies and procedures to enforce these measures. Finally, the proposed rule would require equity exchanges with volume-based pricing for member proprietary orders to submit electronic, machine-readable structured data tables detailing their pricing tiers and the number of members qualifying for each tier to be made available to the public.

Comments are due Jan. 5, 2024.

SEC adopts new rules on security-based swap execution facilities

On Nov. 2, 2023, the SEC adopted final rules – collectively, new Regulation SE – establishing a regulatory framework for security-based swaps aligned with the Commodity Futures Trading Commission’s rules governing swap execution facilities. The final rule requires security-based swap execution facilities (SBSEFs) to register with the SEC and imposes certain requirements on such entities. Among them, registered SBSEFs are subject to certain trade execution requirements, must submit filings for rules and products, must monitor trading for trading manipulation or transaction disruptions, and must publish timely trading data on security-based swap transactions. The rules also address cross-border application of trade execution requirements.

Certain registered clearing agencies and registered SBSEFs that provide a marketplace only for security-based swap transactions are exempt. Concurrently, the final rules end existing temporary exemptions that exempt certain entities from registering as SBSEFs, national securities exchanges, or clearing agencies.

The final rule becomes effective 60 days after publication in the Federal Register. Qualifying entities must file an application to register with the SEC on Form SBSEF within 180 days of the effective date. This application must be complete (that is, the entity must have responded to any staff requests) within 240 days of the effective date for the entity to operate while the application is pending.

SEC announces 2024 examination priorities

On Oct. 16, 2023, the SEC published the Division of Examination’s examination priorities, including both core and emerging risks observed in the markets, for the year ahead. The division’s risk-based approach gives greater weight to areas that present heightened risk to the markets and the investing public; priorities generally are tailored to the category of entity being examined. However, the division also identifies several risks affecting various market participants, including cybersecurity and operational resilience as well as emerging financial technology (including crypto assets).

SEC chair offers keynote before enforcement forum

On Oct. 25, 2023, SEC Chair Gary Gensler delivered the keynote speech at Securities Docket’s Securities Enforcement Forum. He spoke about the history and recent actions of the commission’s enforcement program. Gensler addressed the need for regulation of the crypto asset markets and spoke about recent enforcement actions, such as violations of recordkeeping requirements (including the use of personal devices and nonofficial channels to conduct business) and the use of exit agreements to impede an employee’s ability to file whistleblower complaints. In closing, Gensler emphasized the importance of protecting investors, working cooperatively in a timely fashion, and holding “gatekeepers” – those entities and individuals that uphold public trust, such as lawyers and auditors – especially accountable.

SEC chair speaks on regulation of Treasury markets

On Nov. 7, 2023, Gensler spoke before the Securities Industry and Financial Markets Association on the significance of the Treasury markets and warned of volatility that could result from the participation of bank and nonbank intermediaries and their use of leverage to fund positions in the repurchase markets. Drawing parallels between recent market “jitters” and the market stress and subsequent instability leading up to historical financial crises, Gensler voiced concern that many trading in today’s markets are unlikely to have experienced firsthand periods of instability and transitional monetary policy. Gensler summarized the commission’s recent rulemaking activities and collaborative interagency efforts and emphasized the value of these reforms in upholding the Treasury markets.

SEC enforcement director addresses New York City Bar Association Compliance Institute

On Oct. 24, 2023, Gurbir Grewal, director of the Division of Enforcement, spoke on the continued importance of the role of compliance professionals in maintaining fair and efficient markets and upholding the public trust. Grewal talked about a three-pronged approach to proactive compliance, consisting of continuous education on the law and SEC activity, engagement across the business, and enforcement of compliance policies and procedures. While noting that the SEC takes into account actions of good faith based on reasonable inquiry, he stated that the SEC would pursue action against compliance personnel who affirmatively participate in misconduct, mislead investors, or fail to carry out compliance responsibilities.

GAO decision, federal court ruling affecting SEC actions

On Oct. 31, 2023, the U.S. Government Accountability Office (GAO) issued a decision stating that the SEC had failed to follow agency protocol in issuing Staff Accounting Bulletin (SAB) 121, which publicized staff views on necessary disclosures of custodial obligations for entities trading in crypto assets. In its decision, the GAO said that the contents of the SAB constitute agency rulemaking and therefore should have been submitted for congressional review and subjected to a public comment period. U.S. Sen. Cynthia Lummis, who filed the request for decision with the GAO, released a statement expressing their intent to block the rule in the coming weeks under the Congressional Review Act.

On the same day, the U.S. Court of Appeals for the 5th Circuit ruled that the SEC had not followed protocol in adopting a new rule on share repurchase disclosures in March 2023. In its decision, the court stated that the SEC had failed to adequately address public comments, perform a proper economic cost-benefit analysis, and substantiate the need for the new rule. The SEC has until Nov. 30, 2023, to address the shortfalls identified in the ruling.

Stakeholders should monitor these events in the weeks ahead for further developments and potential impact.

From the Public Company Accounting Oversight Board (PCAOB)

PCAOB holds Standards and Emerging Issues Advisory Group meeting

On Nov. 2, 2023, the PCAOB’s Standards and Emerging Issues Group met to provide an update on standard-setting and rulemaking projects, to discuss emerging issues in auditing focusing on fraud detection, and to consider the uses of service organizations, among other topics. A recording of the meeting is available on the meeting event page.

PCAOB updates standard-setting, research, and rulemaking agendas

The PCAOB on Nov. 1, 2023, posted its updated agendas for its standard-setting, research, and rulemaking projects. In the release announcing the revisions, the PCAOB highlighted that during 2023 the board “has taken more formal actions on standard setting and rulemaking than any year in the last 10 years.” On the short-term standard-setting agenda, the PCAOB has eight projects, four of which have been proposed and are expected to be adopted in 2024 and four of which are expected to be proposed in 2024. The four projects that have been proposed include quality control, noncompliance with laws and regulations, general responsibilities of the auditor in conducting an audit, and amendments related to aspects of designing and performing audit procedures that involve technology-assisted analysis of information in electronic form. The planned proposals for 2024 include attestation, going concern, firm and engagement performance metrics, and substantive analytical procedures. The PCAOB also added a research project on communication of critical audit matters.

PCAOB seats new board member

George R. Botic was sworn in as a PCAOB board member on Oct. 25, 2023, for a term that ends Oct. 24, 2028. Botic, who has served as director of the PCAOB’s Division of Registration and Inspections since 2018, joined the PCAOB in 2003.

Contact us

Sydney Garmong
Sydney Garmong
Partner, National Office
Mark Shannon
Mark Shannon
Partner, National Office
Dennis Hild
Dennis Hild
Principal, National Office