The Financial Institutions Executive Briefing offers updates on financial reporting, governance, and risk management topics from Crowe Horwath LLP. In each issue of this electronic newsletter, you will find abstracts of recent standard-setting activities and regulatory developments affecting financial institutions.
From the Federal Financial Institution Regulators
FDIC “Quarterly Banking Profile” Issued
The Federal Deposit Insurance Corp. (FDIC) issued
, on Feb. 28, 2017, its “Quarterly Banking Profile
,” covering the fourth quarter of 2016. According to the report, FDIC-insured banks and savings institutions earned $43.7 billion in the fourth quarter, up 7.7 percent from the industry’s earnings a year before. The rise in net earnings resulted primarily from an increase of $8.4 billion in net interest income. The industry reported $171.3 billion in net income for full-year 2016, which is $7.9 billion (4.9 percent) more than the industry earned in 2015.
The report provides these additional fourth-quarter statistics:
- Community bank revenue growth outpaced the rest of the industry at 10.5 percent, and profits totaled $5.3 billion.
- Total loan balances increased by $466 billion, or 5.3 percent, from a year prior and increased $72.3 billion during the fourth quarter. Credit card balances rose by 5 percent during the quarter as a result of holiday spending. Nonfarm, nonresidential real estate properties also rose by 1.7 percent, and real estate and construction development loans increased by 3.3 percent. However, loans to commercial and industrial borrowers fell for the first time in more than two years, decreasing by 0.4 percent in the fourth quarter.
- Loan-loss provisions continued to increase, totaling $47.8 billion, representing a 28.8 percent increase from the year prior. Net charge-offs rose as banks closed out 2016, but they remained near historic lows at 0.47 percent.
- The proportion of banks that were unprofitable in the fourth quarter fell to 8.1 percent from 9.6 percent in 2015.
Additionally, the number of institutions on the problem banks list continued to decline from 132 at the end of the third quarter of 2016 to 123 at the end of the fourth quarter, and the Deposit Insurance Fund balance rose to $83.2 billion from $80.7 billion in the previous quarter.
Fourth-Quarter 2016 Data on Credit Union Performance Released
On March 6, 2017, the National Credit Union Administration (NCUA) reported
quarterly figures for federally insured credit unions based on call report data submitted to and compiled by the agency for the fourth quarter of 2016. These are highlights:
- The number of federally insured credit unions continued to drop – from 5,844 at the end of the third quarter of 2016 to 5,785 at the end of the fourth quarter, a decrease of 236 from a year earlier.
- Net income was $9.6 billion for 2016, up $0.9 billion (10.6 percent) over 2015.
- Total assets were $1.29 trillion, which represents growth of 7.3 percent for the year ending Dec. 31, 2016, as compared to 2015.
- Return on average assets decreased slightly to 77 basis points for the fourth quarter of 2016 from 78 basis points at the end of the third quarter; however, it was up slightly from 75 basis points a year earlier.
- Outstanding loan balances increased 10.4 percent year over year, to $869.1 billion.
- The delinquency rate rose slightly in the fourth quarter to 0.83 percent as compared to 0.81 percent in the fourth quarter of 2015. The net charge-off ratio was 55 basis points in the fourth quarter of 2016, up from 48 basis points in the fourth quarter of 2015.
- Deposits (shares) grew $67 billion (7.0 percent) year over year, to more than $1 trillion.
Gaps in Banks’ Vendor Contracts Highlighted
According to a report prepared by the Office of Inspector General (OIG) of the FDIC issued on Feb. 15, 2017, few banks’ contracts with technology service providers (TSPs) provide sufficient detail about the providers’ business continuity and incident response capabilities and duties. The report, titled “Technology Service Provider Contracts With FDIC-Supervised Institutions
,” identifies deficiencies in banks’ assessments of how providers could affect the banks’ own ability to plan for business continuity and incident response.
The OIG reviewed 48 technology vendor contracts and found that almost half included no discussion of business continuity, 10 percent included only a high-level discussion, and 42 percent included a detailed discussion.
With regards to incident response, 65 percent of contracts reviewed included a detailed discussion of security and confidentiality; however, only 23 percent covered performance standards in detail. According to the report, relevant terms in contracts also lacked specific definitions. “[Banks] may not be sufficiently engaged in writing and negotiating contracts to ensure their rights and TSP responsibilities are clearly defined,” the report finds. “TSPs appear to be drafting the contracts and ensuring that their rights are protected more than the [banks’ rights].”
In response to the OIG report, the FDIC says it will work with other Federal Financial Institution Examination Council agencies to update guidance on business continuity planning and incident response and will continue examinations and off-site monitoring of vendor management.
From the Consumer Financial Protection Bureau (CFPB)
Monthly Report on Consumer Complaints Issued
The CFPB released it latest “Monthly Complaint Report
” on Feb. 28, 2017. This month’s report details consumer complaint volume by product, state, and company; highlights credit reporting in its product spotlight section; and presents a geographically focused section on complaints in Louisiana and the New Orleans metro area. According to the CFPB’s monthly complaint snapshot, consumers complained most frequently about debt collection. The CFPB received approximately 29,000 complaints during January, of which more than 7,700 related to debt collection. Other common complaint topics included student loans, credit reporting, and mortgages.
The report includes a spotlight on credit reporting complaints, of which approximately 76 percent were related to incorrect information on the credit report. In addition, consumers complained of problems with disputing complaints on their credit reports and confusion about credit scoring.
The report also examines complaints that came from consumers in Louisiana, who complained most frequently about debt collection and credit reporting. Their mortgage-related complaints were below the national average.
Home Mortgage Disclosure Act Compliance Resources Updated
The CFPB has updated its compliance resources
on the Home Mortgage Disclosure Act
rule filing requirements. Resources include a webinar that discusses identifiers and other data points, including those related to applicants and borrowers, and a chart that illustrates banks’ options for collecting and reporting ethnicity and race information required by Regulation C. Also addressed are frequently asked questions.
From the New York State Department of Financial Services (DFS)
Cybersecurity Rules Finalized
As part of an ongoing effort to protect consumers and the state’s financial system from cybercrime, on Feb. 16, 2017, the New York DFS issued
final regulations that will require New York state-chartered financial institutions to establish and maintain a cybersecurity program.
The regulations are the first of this kind to be issued by a state regulator, and they require banks and other financial services providers to maintain a cybersecurity program based on the institution’s level of risk; maintain written cybersecurity policies and procedures; designate a chief information security officer; and maintain an audit trail for cybersecurity events. Additionally, the rules include accountability requirements related to annual certification, risk assessments, reporting, recordkeeping, and periodic reviews of access privileges.
The rules are effective March 1, 2017, and – with limited exceptions – financial institutions will have 180 days from the effective date to comply.
From the Financial Accounting Standards Board (FASB)
Improvements to Nonemployee Stock Compensation Proposed
On March 7, 2017, the FASB issued a proposed Accounting Standards Update (ASU), “Compensation – Stock Compensation (Topic 718): Improvements to Nonemployee Share-Based Payment Accounting
,” to simplify the accounting for share-based payments to nonemployees for goods and services. Such payments are relatively uncommon for most financial institutions. The guidance would not be applied to transactions that effectively are capital raises.
It would eliminate the existing accounting for nonemployee stock compensation payments (Accounting Standards Codification (ASC) Subtopic 505-50) and instead would apply the accounting model for share-based compensation to employees to nonemployee payments with two exceptions:
- Inputs to an option pricing model would be for the contractual term rather than the expected term, the latter of which is required for employee awards.
- The attribution of cost, which is the pattern of compensation cost recognition over the vesting period, would continue to be judgmentally determined for payments to nonemployees.
Many of the improvements to ASC Topic 718 that were finalized in ASU 2016-09 (see “New Standard on Employee Share-Based Payment Accounting Issued
” in the April 2016 edition of the Crowe Horwath LLP Financial Institutions Executive Briefing) would be applied to nonemployee awards. Notably, the board has proposed to extend the accommodation to nonpublic entities to make a one-time election to switch from measuring liability-classified share-based payment awards at fair value to measuring at intrinsic value.
Comments are due June 5, 2017.
Derecognition and Partial Sales of Nonfinancial Assets Guidance Issued
The FASB issued, on Feb. 22, 2017, ASU No. 2017-05, “Other Income – Gains and Losses From the Derecognition of Nonfinancial Assets (Subtopic 610-20): Clarifying the Scope of Asset Derecognition Guidance and Accounting for Partial Sales of Nonfinancial Assets
.” The ASU addresses questions on ASC 610-20 guidance that was added by ASU 2014-09 (the revenue recognition standard) for transfers of nonfinancial assets (e.g., intangible assets, land, buildings, equipment) to noncustomers. The amendments in ASU 2017-05 exclude all businesses and nonprofit activities from the scope of ASC 610-20 and require derecognition of those nonfinancial assets to be accounted for in accordance with ASC 810. While not pervasive, this guidance could apply to financial institutions.
The ASU accomplishes two primary objectives. First, the amendments clarify the scope of Subtopic 610-20 by defining an “in substance nonfinancial asset,” which is a new concept to many entities outside the real estate industry. The ASU defines that term, in part, as “a financial asset promised to a counterparty in a contract if substantially all of the fair value of the assets (recognized and unrecognized) that are promised to the counterparty in the contract is concentrated in nonfinancial assets.” If the definition is met, an entity is not required to separately account for the financial assets as they are in substance nonfinancial assets and will use the guidance in ASC 610-20. For each distinct in substance nonfinancial asset and each distinct nonfinancial asset promised to a counterparty, an entity should allocate consideration to each distinct asset by applying the guidance in Topic 610-20. An entity derecognizes each distinct asset when it transfers control of the asset and records a gain or loss. In some cases, control might transfer at the same time such that there is no need to separate and allocate consideration to each asset.
Second, the ASU provides guidance on partial sales, which is a term commonly used in the real estate industry when a seller retains an equity interest in the entity that owns the nonfinancial assets or has an equity interest in the buyer of the nonfinancial assets. Detailed guidance on partial sale transactions in Subtopic 360-20 was superseded in ASU 2014-09. Under this ASU, an entity derecognizes a distinct nonfinancial asset or distinct in substance nonfinancial asset in a partial sale when it 1) does not have, or ceases to have, a controlling financial interest in the legal entity that holds the asset in accordance with Topic 810 and 2) transfers control of the asset in accordance with Topic 606. Once an entity transfers control, any noncontrolling interest it receives, or retains, is measured at fair value (which can be a change from current generally accepted accounting principles as entities might use a carryover basis). If an entity transfers ownership interests in a consolidated subsidiary and continues to have a controlling financial interest in that subsidiary, the assets and liabilities of the subsidiary are not derecognized, and the transaction is accounted for as an equity transaction with no gain or loss recognized.
The amendments are effective consistent with the effective dates for ASU 2014-09, which was deferred by ASU 2015-14. For public business entities, the amendments are effective for annual reporting periods beginning after Dec. 15, 2017, including interim periods within, which is March 31, 2018, for calendar year-ends. For all other entities, the amendments are effective for annual reporting periods beginning after Dec. 15, 2018, and interim periods in annual periods beginning after Dec. 15, 2019.
From the Securities and Exchange Commission (SEC)
Comments Requested on Bank Holding Company Industry Guide
On March 1, 2017, the SEC published
“Request for Comment on Possible Changes to Industry Guide 3 (Statistical Disclosure by Bank Holding Companies)
.” The request seeks input on the statistical disclosures called for by Industry Guide 3 and asks for comments on new types of disclosures that would help modernize Guide 3.
The guide was originally published in 1976 and substantively revised only as recently as 1986. Since that time, the financial services industry has changed significantly. Not only have banking practices changed, but the FASB has modified accounting and disclosure standards, and the federal financial institution regulators have revised guidance, including reporting obligations that apply to the industry. As such, the disclosure guidance provided in the guide might not reflect the evolution of the industry or might be duplicative to or superseded by current accounting and reporting requirements. The SEC staff concluded that it is time to publicly revisit the guidance contained in Guide 3, and this request aims to gather input on the types of disclosure changes that would be meaningful to various stakeholders.
The SEC also encourages responders to consider and comment on whether Guide 3 should continue to be applicable for registrants other than bank holding companies that have material lending and deposit activities as well as foreign registrants.
Comments are due on May 8, 2017
Hyperlinks to Exhibits to Be Required
Today, when registration statements and periodic reports are filed with the SEC, the filings often include a list of previously filed exhibits in an index. Investors and other users of the filings must search through previous filings in order to find and access those exhibits.
In what acting SEC Chair Michael Piwowar calls a “commonsense solution,” the SEC approved, on March 1, 2017, a final rule
requiring companies to insert hyperlinks to each exhibit listed in the exhibit index. The rule seeks to improve access to information contained in exhibits for investors and other market participants seeking that information.
The rule applies to registrants that file registration statements or reports subject to the exhibit requirements under Item 601 of Regulation S-K. They must continue to submit such registration statements and reports on the Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system, but the format must be in HyperText Markup Language (HTML), because the text-based American Standard Code for Information Interchange (ASCII) format cannot support functional hyperlinks. Registrants may continue to file, in ASCII format, any schedules or forms that are not subject to the exhibit filing requirements under Item 601.
The rule is effective on Sept. 1, 2017, for all filers except nonaccelerated filers and smaller reporting companies that submit filings in ASCII; those will be required to comply on Sept. 1, 2018.
Inserting XBRL Data Directly Into Filings Proposed
As part of the SEC’s disclosure modernization initiative, on March 1, 2017, the SEC voted
to propose amendments to require the use of the Inline eXtensible Business Reporting Language (XBRL) format for the submission of public company financial statement information. A benefit of Inline XBRL is that it would allow registrants to embed XBRL data directly in their filings, which would eliminate the current practice of filing XBRL data as a separate “Interactive Data File” exhibit. In addition, the proposal would eliminate the requirement for filers to post XBRL data on their websites.
Comments are due 60 days after publication in the Federal Register.
From the Institute of Internal Auditors (IIA)
Security Intelligence Centers as a Cybersecurity Strategy Examined
The Internal Audit Foundation, working with Crowe Horwath LLP, published
, on Feb. 22, 2017, “Next Steps: Beyond Response to Anticipation,” which discusses the growing use of security operation centers and security intelligence centers as part of an organization’s cybersecurity strategy.
The report is based partially on an IIA Audit Executive Center and Crowe survey of chief audit executives and reveals that more than a third of respondents are using formal and informal security operation centers as part of their cybersecurity strategies.
The survey further states that a growing number of organizations recognize that achieving “100 percent protection 100 percent of the time” is not possible, and with this knowledge, an organization can shift its cybersecurity strategies “from a defensive posture to a more offensive and proactive one that focuses on learning about how certain threats operate, how their effects can be limited or mitigated, and how the incident response time (from identification to remediation) can be accelerated.”
Furthermore, the report identifies security operation centers’ common terminology, frameworks, metrics, and tools, and it looks at how these can evolve into security intelligence centers.
Disclosures Relating to Executive Compensation Discussed
The February 2017 issue of the IIA’s Tone at the Top, “Executive Compensation: It Pays to Review
,” was issued on Feb. 22, 2017. The issue covers the required disclosures about executive compensation, the concerns of both shareholders and employees that arise as a result of those required disclosures, and suggestions for internal audit departments to consider when examining executive compensation.
According to information from the IIA’s 2015 Common Body of Knowledge study, most internal auditors do not prioritize executive compensation assessments, and this issue of Tone at the Top suggests that examination by internal audit might be necessary.