September 2021 financial reporting, governance, and risk management

| 9/17/2021
FIEB Featured Image

Message from John Epperson, Managing Principal, Financial Services

Dear FIEB readers,

I hope this message finds you all well as we wind down the summer and begin to move into fall. Fall will be officially here, as of Wednesday, and brings the conference season and all things pumpkin. Like many of you, I wonder where the time has gone.

Regulatory and reporting activities remained on the lighter side for the past month, but we expect an uptick as we enter the latter months of 2021. Some key developments include more insight on the SEC’s priorities, including a continued focus on climate change and human capital. In addition, cybersecurity, fintech, and digital assets continue to be a focus for many agencies.

Two of the largest conferences for our industry are hosted by the American Institute of Certified Public Accountants (AICPA), each offering a virtual option. Next week is the annual AICPA national conference on banks and savings institutions. You can save $100 on the conference using coupon code “BAN21.”

The AICPA credit unions conference will be Oct. 18-20. Use coupon code “CU21” to receive a $100 discount off the regular registration price.

Sign up to receive updates on accounting, governance, risk management, and compliance issues.
Matters of importance from the federal financial institution regulators

FDIC issues quarterly banking profile for second quarter 2021

The Federal Deposit Insurance Corp. (FDIC) on Sept. 8, 2021, issued the Quarterly Banking Profile(QBP) covering the second quarter of 2021. According to the QBP, FDIC-insured banks and savings institutions earned $70.4 billion quarterly net income, a $51.9 billion (281%) increase from a year ago. That increase was largely driven by an aggregate negative provision expense, reflecting improvements in economic conditions and asset quality.

The QBP provides additional second quarter highlights:

  • Net interest income fell 1.7% from the previous year, totaling $129.1 billion. The average net interest margin decreased 31 basis points from the previous year to a record low 2.5%.
  • Noninterest income rose $5 billion compared to the previous year.
  • Total loans and leases increased by $33.2 billion from the previous quarter.
  • Noncurrent loans (those 90 days or more past due) declined $13.2 billion from first quarter 2021, and net charge-offs declined $8.3 billion from a year ago.
  • Community banks reported annual net income growth of $1.9 billion, up 28.7% from a year ago.

The total number of FDIC-insured commercial banks and savings institutions declined from 4,978 to 4,951 from the previous quarter. During the second quarter, three new banks were chartered, 28 banks were absorbed by mergers, two banks ceased operations, and no banks failed. The number of institutions on the FDIC’s problem bank list declined by four to 51 in the second quarter.

NCUA issues second quarter 2021 performance data

On Sept. 8, 2021, the National Credit Union Administration (NCUA) reported quarterly figures for federally insured credit unions based on call report data submitted to and compiled by the agency for the second quarter of 2021.

Highlights include:

  • The number of federally insured credit unions declined to 5,029 from 5,068 in the first quarter of 2021. In the second quarter of 2021, 3,143 federal credit unions and 1,886 federally insured, state-chartered credit unions existed.
  • Total assets reported for federally insured credit unions rose by 13.0% to $1.98 trillion, up $228 billion from a year ago.
  • Net income at an annual rate totaled $21.3 billion, up $11.9 billion (126.8%) from the previous year.
  • The return on average assets was 112 basis points in the second quarter of 2021, an increase of 57 basis points from the second quarter of 2020.
  • The credit union system’s net worth ratio decreased from 10.46% the previous year to 10.17% in the second quarter of 2021.

Federal banking agencies issue guide for community bank and fintech partnerships

The FDIC, the Office of the Comptroller of the Currency (OCC), and the Federal Reserve Board (Fed) on Aug. 27, 2021, jointly released a guide to help community banks assess risks when considering partnerships with fintech companies and adopting new technologies. The guide, “Conducting Due Diligence on Financial Technology Companies: A Guide for Community Banks,” addresses due diligence topics, including business experience, strategic goals, and qualifications; financial conditions and market information; legal and regulatory compliance; risk management policies, processes, and controls; information security programs; and operational resilience, such as business continuity planning, incident response, service-level agreements, and reliance on subcontractors.

According to the agencies, the guidance is voluntary, and community banks can tailor their use of the information to their specific circumstances, risk posed by each third-party relationship, and the related product, service, or activity offered by the fintech company.

The guide is written for community banks evaluating partnerships with fintechs, but it might be useful for banks of any size and for other types of third-party relationships.

FFIEC issues guidance on digital banking authentication

The Federal Financial Institutions Examination Council (FFIEC) on Aug. 11, 2021, issuedguidance for financial institutions on effective authentication and access risk management principles for digital banking services. The guidance, titled “Authentication and Access to Financial Institution Services and Systems,” does not impose any new regulatory requirements on banks, nor does it serve as a comprehensive framework for access management programs or endorse any specific information security framework or standard.

It replaces previously issued FFIEC authentication guidance from 2005 and related supplement from 2011. It provides banks with examples of effective authentication and access risk management principles and practices that address business and consumer customers, employees, and third parties who access digital banking services and bank information systems.

In this recent guidance, the FFIEC highlights current cybersecurity threats, including increased remote access by customers and attacks that take advantage of compromised credentials. It also includes information on the risks from push-payment capabilities, examples of authentication controls, and a list of government and industry resources to assist financial institutions with authentication and access management.

In addition, the new guidance highlights weaknesses in single-factor authentication and recommends that financial institutions use multifactor authentication as part of layered security when risk assessments indicate that single-factor authentication is inadequate.

CFPB issues proposed rule on small-business loan data collection

On Sept. 1, 2021, the Consumer Financial Protection Bureau (CFPB) issued a comprehensive notice of proposed rulemaking (NPRM) to implement Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. Section 1071 amends the Equal Credit Opportunity Act to require financial institutions to collect and report certain credit application data for small businesses, including women-owned and minority-owned small businesses. The 918-page proposal would require lenders to report the amount and type of small-business credit applied for and extended; the race, ethnicity, and sex of the small-business owners; and several elements of the price of the credit offered. A lender’s employees or officers who are involved in considering a small-business application would be prohibited from accessing the business’s demographic information unless the lender determines that such a prohibition is infeasible.

The rule would apply to financial institutions, including banks, credit unions, and nonbanks, that originate at least 25 credit transactions in each of the two preceding calendar years that meet the definition of “business credit” under Regulation B and that involve small businesses, defined as businesses with $5 million or less in gross annual revenue for the businesses’ preceding fiscal year. The CFPB proposal does not include an asset threshold exemption for smaller financial institutions.

The CFPB has indicated that compliance would not be required for 18 months after publication in the Federal Register of a final rule implementing Section 1071. Crowe will provide additional commentary after reviewing the lengthy proposal.

Comments on the NPRM are due 90 days after it is published in the Federal Register.

The CFPB has made available an eight-page summary of the proposal and has released a chart of proposed data points and an unofficial table of contents for the NPRM.

From the Securities and Exchange Commission (SEC)

Chair testifies on SEC’s unified rulemaking agenda

On Sept. 14, 2021, SEC Chair Gary Gensler testified before the Senate Committee on Banking, Housing, and Urban Affairs. His testimony focused on current work of SEC staff on areas identified in the most recent SEC rulemaking agenda, including:

  • Market structure (treasury, nontreasury fixed-income, equity, security-based swaps, and crypto asset markets)
  • Predictive data analytics
  • Issuers and issuer disclosure (including climate risk, human capital, cybersecurity, special purpose acquisition companies, China, and 10b5-1 plans)
  • Funds and investment management

Chair Gensler concluded his remarks with observations about the SEC’s enforcement and examinations activities.

SEC discusses competition and regulatory reform at the PCAOB

On Sept. 9, 2021, the SEC’s Investor Advisory Committee (IAC) met to discuss various matters including consideration of audit firm competition and regulatory reform at the PCAOB. The discussion of competition and regulatory reform included panelists representing various stakeholders in the financial reporting ecosystem. Panelists debated how audit opinion customers (that is, audit committees) and consumers (that is, investors) receive and use information about audit quality as well as how communication of that information could be changed or improved to meet various stakeholder objectives. The discussion also focused on the PCAOB’s current role in fostering audit quality and how that role might evolve in the ever-changing landscape of stakeholder needs and technology. Jurisdictional differences in audit regulatory regimes also arose as a topic.

The IAC meeting also included a panel discussion of investor protection in light of the behavioral design of certain online trading platforms, and the IAC also voted to provide the SEC with certain recommendations regarding special purpose acquisition companies and Rule 10b5-1 trading plans.

SEC Chair Gensler, Commissioners Hester Peirce and Elad Roisman, and some panelists offered prepared remarks.

Chair remarks on digital engagement practices, crypto assets, and disclosures

On Sept. 1, 2021, Chair Gensler provided remarks on digital engagement practices, crypto assets, and disclosures before the European Parliament Committee on Economic and Monetary Affairs, the financial advisory body of the European Union.

In the evolving area of technology and finance, Gensler discussed the use of predictive data analytics underlying the trading and wealth management apps flooding the market. The apps use individualized marketing and behavioral prompts, which encourage users to engage with a digital platform. These tools are designed to increase platform revenues, data collection, and customer engagement, leading to potential conflicts between the platform and investors. Use of digital enhancements raises questions about investor protection, securities laws implications, and how these tools and models ensure access and pricing fairness. He highlighted the SEC’s request for information and comment on digital engagement practices issued on Aug. 27 and warned of his concern that the broad adoption of deep learning models could contribute to a future crisis.

In his remarks about crypto assets, Gensler reiterated his position that the SEC needs to ensure it is achieving its public policy goals: protecting investors and consumers, guarding against illicit activity, and ensuring financial stability. He noted that most crypto platforms provide direct access for investors with no broker between the public and the platform, which creates vulnerability as these platforms do not have clear obligations to protect investors. Gensler said the use of stablecoins on these platforms might help those looking to avoid many of the public policies – such as anti-money laundering policies – in the traditional banking and financial system.

Lastly, recognizing investors’ increased demand for additional disclosures to understand climate risks, workforces, and cybersecurity risks of the companies they invest in, Gensler shared that he asked the SEC staff to develop a proposal for climate risk disclosure requirements and to examine information that can be learned from other frameworks and standards. He said he directed staff to review current fund branding practices and make recommendations about whether fund managers should disclose the criteria and underlying data they use to market themselves, and to consider disclosure requirements about human capital and board diversity.

SEC announces charges for deficient cybersecurity procedures

On Aug. 30, 2021, the SEC announced the sanctioning of eight firms in three actions for failures in their cybersecurity policies and procedures that resulted in cloud-based email account takeovers exposing personally identifying information of thousands of customers and clients at each firm. The firms are SEC-registered broker-dealers, investment advisory firms, or both. Specifically, the SEC noted that the affected accounts were not protected consistent with firm policies, breach notifications to clients included misleading language, and some of the firms failed to adopt and implement firmwide enhanced security policies and procedures after initial discovery of email account takeovers.

The SEC’s orders against each of the firms found that they violated Rule 30(a) of Regulation S-P, known as the Safeguards Rule, which is aimed at protecting confidential customer information. For two of the firms, the orders also found that they violated Section 206(4) of the Investment Advisers Act and Rule 206(4)-7 in connection with their breach notifications to clients. Although the firms did not admit to or deny the SEC’s findings, each agreed to cease and desist from future violations of the charged provisions, to be censured, and to pay a penalty.

SEC requests comments on digital practices of broker-dealers and investment advisers

The SEC, on Aug. 27, 2021, issued a request for information and public comment on broker-dealers’ and investment advisers’ use of digital engagement practices (DEPs). These DEPs include behavioral prompts, differential marketing, gamelike features, other design elements aimed at engaging with retail investors on digital platforms, and the analytical and technological tools and methods used. Investment advisers use DEPs to learn more about their clients in order to develop investment advice based on that information.

The SEC is issuing the request primarily to:

  • Develop a better understanding of the market practices associated with the use of DEPs and the related analytical and technological tools and methods
  • Learn what conflicts of interest may arise from optimization practices and whether those practices affect the determination of whether DEPs are making a recommendation or providing investment advice
  • Provide market participants and other interested parties an avenue to share their perspectives on the use of DEPs and the related tools and methods
  • Facilitate the SEC’s assessment of existing regulations and consideration of whether regulatory action may be needed, including additional investor protections

Comments are due Oct. 1, 2021.

SEC appoints senior adviser to the chair

The SEC announced, on Aug. 25, 2021, the appointment of Barbara Roper as senior adviser to Chair Gensler. Roper’s focus will be on retail investor protections, broker-dealer and investment adviser oversight, and examinations. She joins the SEC after 35 years at the Consumer Federation of America, most recently as director of investor protection, and is a leading consumer spokesperson on investor protection issues, specifically the standards that apply to investment professionals that investors rely on for advice and recommendations. Roper said she plans to bring that focus to her new position.

SEC and the European Central Bank sign memorandum of understanding on cooperation regarding security-based swap entities

On Aug. 16, 2021, the SEC and the European Central Bank signed a memorandum of understanding (MOU) to consult, cooperate, and exchange information in connection with the supervision, enforcement, and oversight of certain security-based swap dealers and major security-based swap participants that are registered with the SEC and supervised by the European Central Bank.

The MOU is intended to facilitate the SEC’s oversight of all SEC-registered security-based swap entities in European Union (EU) member states participating in the Single Supervisory Mechanism (SSM), which is the EU’s system of banking supervision. It comprises the European Central Bank and the relevant national authorities of participating EU member states.

In its announcement of the MOU, the SEC said that the MOU “will also support the SEC’s oversight of the operation of substituted compliance orders that the Commission has issued for security-based swap entities in France and Germany, as well as any future substituted compliance orders for such firms in other EU Member States that participate in the SSM.”

Crowe recaps SEC comment letters in the banking industry

Under the Sarbanes-Oxley Act of 2002, the SEC’s Division of Corporation Finance regularly reviews and occasionally comments on the filings of each SEC registrant. Crowe recaps recent themes from SEC comment letters for banking industry registrants to consider as they prepare disclosures.
From the Public Company Accounting Oversight Board (PCAOB)

PCAOB board members announce intentions to resign

On Aug. 23, 2021, in a joint public statement, PCAOB board members Rebekah Goshorn Jurata and Megan Zietsman announced their intention to resign from the PCAOB on the earlier of Oct. 1, 2021, or the appointment of new board members. Both expressed gratitude to the staff. They said it was an honor to serve and that they will remain committed to the mission and work of the PCAOB until they depart.

PCAOB issues annual broker-dealer inspection report

On Aug. 19, 2021, the PCAOB released its annual report on the 2020 interim inspections of broker-dealer auditors. The report includes observations from inspections during 2020, guidance about and examples of effective procedures, and information about the inspection approach. According to the report, the percentage of firms with audit and attestation engagement deficiencies dropped 14% from 2019 but remained high, and continued improvement is needed.

The PCAOB also notes that this report should help broker-dealer owners and audit committees or equivalents as they oversee the work of their auditors and engage on financial reporting.

With the report, the PCAOB released “Supplementary Information Related to Audits of Brokers and Dealers,” which provides comparative data about selected firms and engagements and the results of PCAOB inspections over multiyear periods.
From the Center for Audit Quality (CAQ)

CAQ addresses current requirements for climate-related considerations

On Sept. 9, 2021, the CAQ released Audited Financial Statements and Climate-Related Risk Considerations,” which provides information on the direct and indirect impacts of climate-related risks on financial statements and audits. As a foundation for preparing for upcoming regulatory changes, the document explores the current requirements under U.S. GAAP and PCAOB auditing standards for addressing climate-related risks and disclosures.

Contact us

Sydney Garmong
Sydney Garmong
Partner, National Office
Dennis Hild
Dennis Hild
Principal, National Office
Mark Shannon
Mark Shannon
Partner, National Office