CECL: Navigating Regulatory Expectations

CECL-11-24-17.pngThe issuance of the new current expected credit loss (CECL) standard in June 2016 represents a substantial accounting change, and many boards are trying to determine how their institutions will comply with the new standard. In Frequently Asked Questions on the New Accounting Standard on Financial Instruments—Credit Losses, the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corp. and National Credit Union Administration (collectively, the Agencies) state that they expect supervised institutions to make good-faith efforts to implement the new accounting standard in a sound and reasonable manner. Given the likely expectation that CECL will increase allowance levels and lower capital, regulatory expectations will be heightened.

Significant changes in the Allowance for Loan and Lease Losses (ALLL) are not unique. Institutions can look back just 20 years and recognize regulatory guidance that looked at percentages of classified loans as a measure of ALLL adequacy irrespective of the methodology chosen under generally accepted accounting principles (GAAP). Refinements in 2001 and 2006 furnished guidelines of acceptable ALLL methodologies to provide consistency for GAAP and regulatory purposes. Although mathematically accurate, as seen with the recent financial crisis and long recovery period, it’s becoming increasingly difficult to measure and react to changing economic conditions.

A noted benefit to the new standard is the flexibility in determining expected losses. The Agencies recognize this flexibility, but institutions should use judgment in developing estimation methods. Any method chosen should be well-documented, applied consistently over time and provide a good-faith estimate to the collectability of financial assets. Further, the Agencies have commented that smaller and less complex institutions will be able to adjust their existing allowance methods to meet the new accounting standard’s requirements without the use of costly, complex models.

So how do financial institutions focus on getting this methodology change right, and what should the board be focused on?

The board of directors plays a pivotal role in the effective governance of its institution by overseeing management and providing organizational leadership through core corporate values. This helps keep the institution operating in a safe and sound manner, and comply with applicable laws and regulations. Directors are not expected to be actively involved in day-to-day operations, but should provide clear guidance and monitor risk exposure through established policies, procedures and practices. The board, typically through an established audit committee, has broad oversight to monitor the financial reporting process and oversee the financial institution’s establishment of accounting policies and practices. In anticipation of implementing CECL, the board should consider reviewing the significant qualitative aspects of the bank’s accounting practices, including accounting estimates, financial reporting judgments and financial statement disclosures.

Existing regulatory guidance provides a roadmap of expectations regarding the ALLL methodology, and expectations will likely remain unchanged with the new CECL standard. The guidance states that for an institution’s ALLL methodology to be effective, the institution’s written policies and procedures should address:

  • The roles and responsibilities of bank personnel involved in the ALLL process,
  • The institution’s accounting policies affecting the ALLL,
  • A narrative of the institution’s methodology, and
  • Documentation of the internal controls used in the ALLL process.

Some institutions are considering the use of third-party vendors for CECL implementation, and in this case, boards should ensure their institutions have appropriate processes in place for selecting vendor models. As part of this process, institutions should require that the vendors provide developmental evidence explaining the product components, its design and proof that the product works as expected, with an understanding of the model’s limitations. Whether the model is developed in-house or by a vendor, all model components, including input, processing and reporting, should be subject to an independent validation that’s consistent with current regulatory guidance. Also, depending on the complexity of the method chosen, certain models likely will be within the scope of the Agencies’ model risk management guidelines, and institutions will need to consider ways to effectively challenge those new models.

Boards should become familiar with the new standard and work with management to understand the plan to implement it, based on the institution’s size and complexity prior to the applicable effective date. Boards should also make sure they’re regularly updated on the status of implementation efforts. It’s expected that examiners will begin to inquire about the status of institutions’ implementation efforts and as the effective date nears, examiners will want to know the new standard’s effect on the bank’s capital levels.

Implementing CECL will be a significant challenge for institutions that aren’t diligent and timely in creating and executing a plan with input from many key stakeholders—including the board. Active participation on the part of directors will be critical in its success.

Should the Wells Fargo Board Resign?

resign-5-5-17.pngWhat’s the minimum percentage of votes a director should get at the company’s annual shareholder meeting?

At San Francisco-based Wells Fargo & Co.’s recent shareholder meeting held April 25 in Ponte Vedra, Florida, nine of the 15 directors won re-election with less than 75 percent of the vote, even though there were no other candidates. Three of them plus the current chairman, Stephen Sanger, won with less than 60 percent of the vote, following last year’s revelation that thousands of employees had sold customers more than 2 million unauthorized accounts over several years to meet aggressive corporate sales goals. Then-CEO John Stumpf lost his job, and as did Carrie Tolstedt, the head of retail banking.

The question now is whether directors will lose their jobs as well. Sanger acknowledged that the vote last month wasn’t exactly a home run for the board.

Wells Fargo stockholders today have sent the entire board a clear message of dissatisfaction,’’ he wrote in a statement. “Let me assure you that the board has heard the message, and we recognize there is still a great deal of work to do to rebuild the trust of stockholders, customers and employees.”

There was no word on whether Sanger intends to step down soon, but he did tell reporters after the meeting that he and five other directors would retire during the next four years when they reach the board’s mandatory retirement age of 72. Sanger turned 71 in March.

Directors on other bank boards have taken the hint when shareholder votes showed a loss of confidence. Following JPMorgan Chase & Co.’s London whale trading scandal, two directors stepped down in 2013.

Receiving less than 80 percent of the vote in a no-contest election is a pretty clear sign of discontent, says Charles Elson, a professor of finance at the University of Delaware and the director of the John L. Weinberg Center for Corporate Governance. (He also happens to be a Wells Fargo shareholder.) Most directors garner more than 90 percent of shareholder votes, he adds.

Some of Wells Fargo directors could barely get support from half the shareholders. “The vote is significant,’’ Elson says. “It’s probably time to refresh that board.”

The board’s own conduct may have raised further questions about whether members were fit to meet their responsibilities. A report compiled by Shearman & Sterling LLP, a law firm working for the board, said in April that the board wasn’t aware of how many employees had been fired for sales-related practices until 2016.

The Los Angeles Times first reported on the extent of the problem in 2013 in a series of investigative stories. In 2015, the city of Los Angeles filed a lawsuit against Wells Fargo related to the practices. [For more on how “Wells Fargo Bungled Its Cross-Sell Crisis,” see Bank Director’s first quarter magazine.]

Sales practices were not identified to the board as a noteworthy risk until 2014,’’ the board’s investigation found. “By early 2015, management reported that corrective action was working. Throughout 2015 and 2016, the board was regularly engaged on the issue; however, management reports did not accurately convey the scope of the problem. The board only learned that approximately 5,300 employees had been terminated for sales practices violations through the September 2016 settlements with the Los Angeles City Attorney, the [Office of the Comptroller of the Currency] and the [Consumer Financial Protection Bureau].”

The report blames senior management, such as former CEO John Stumpf, a decentralized organizational structure and a culture of deference to the business units for missed opportunities in handling the problems sooner.

But the report also notes that the board could have handled things differently, by centralizing the risk function sooner than it did, for example. A decentralized risk framework meant the company’s chief risk officer was reduced to cajoling the heads of the different business units for information, each of whom had their own chief risk officers reporting to them. Also, the board could have required more detail from management.

Wells Fargo has lost unquantifiable sums in reputational costs and damage to its brand. It has paid about $185 million in settlements with regulators and recently paid out $142 million in a class action settlement with customers. It still is grappling with the loss of new customer accounts.

At this point, a board refresh—starting with the directors who polled less than 60 percent of the shareholder vote—might be the right signal to send.

The Cheesecake Factory and Banking: What a Successful Restaurant Knows About Risk Management

menu.jpgWhen eating out at a chain restaurant, food consistency is important. Restaurant patrons know what their favorite meal tastes like and expect a consistent product.

But, have you ever taken a moment to think about all of the processes and procedures a chain restaurant must have in place that enables them to deliver the exact same meal to the table no matter what the geographical location? In an August 13, 2012 article in The New Yorker, Dr. Atul Gawande, a professor of public health at Harvard, examined how the Cheesecake Factory consistently and efficiently implemented an updated menu twice per year in all of its restaurant chains across the country without sacrificing quality or disrupting service.

Impressed with the Cheesecake Factory’s ability to quickly and effectively distribute information to its geographically dispersed restaurants, enabling each chain to follow exactly the same protocols to deliver the same quality product, Dr. Gawande wondered if a similar business model might successfully be applied to the health care industry. Using the Cheesecake Factory’s model for information distribution and quality control, could the medical industry operate more efficiently and provide better service while simultaneously offering higher-quality care?

For the financial services industry, things are growing more complex everyday. However, like the Cheesecake Factory, the financial institutions that are successful are those that have implemented consistent processes and standards across the entire organization, and then effectively communicated this information throughout all levels. 

Key Steps in the Enterprise Risk Management Process: A Recipe for Success

To address unknown risks, financial institutions must adopt a systematic approach to emerging risk identification, assessment, monitoring and reporting. Following a consistent approach to managing risk can prevent unexpected and detrimental events from occurring and enable financial institutions to pinpoint areas of opportunity.

Step 1: Risk Identification

Financial institutions can better protect themselves and even further their business strategies and objectives by approaching risk management in a much more disciplined way. At every Cheesecake Factory restaurant, the kitchen manager inspects every dish before it leaves the kitchen to identify whether the dish meets the restaurant’s standards or needs to be redone. Much like the kitchen manager, a financial institution’s risk manager should identify potential risks not only for each business line, but also at a very high level throughout the organization as a whole.

Step 2: Risk Assessment

At each restaurant, the kitchen manager rates the food on the line using a scale of one-to-ten.

Similarly, while it is common for financial institutions to face a variety of risks, it is important to gather a manageable list of what are collectively seen as the most significant risks. Once the risks are identified, they can be scored or rated, and then prioritized based on their significance.

Step 3: Risk Monitoring

The fact each dish is inspected before it reaches the customer at the Cheesecake Factory, kitchen managers can coach their staff to aim for a score of 10 and provide customers with a consistent product.

Financial institutions should also be coaching their business line managers on how to understand and monitor their risk profiles. Risk monitoring protocols should be scheduled on a regular basis, so that risks can be reviewed, re-prioritized and controls can be tested and tweaked.

Step 4: Risk Reporting

Efficient communication is a key factor in the Cheesecake Factory’s ability to implement new menu items quickly and consistently. Most ERM programs should also have a robust reporting/communication component in place.

With all of the information at hand, knowing the full range of risks the financial institution faces as well as the controls at its disposal, the organization can use the risk data to implement practical business decisions.

Lessons Learned

For financial institutions, the end result is a strong risk management culture that will encourage innovation in business lines without exposing an organization to the kinds of risks that contributed to the financial crisis. Giving more thought as to how information is actually managed and distributed throughout an organization will only lead to more intelligent risk-taking that is more effectively communicated across the financial institution.

European Crisis: Should US Banks Be Concerned?

As Europe continues to experience a financial breakdown, there is no doubt that U.S. banks are and should be worried. All banks will be affected, although some more than others, depending on their relationship abroad. Business will be impacted in a number of ways, but according to the attorneys we polled, it’s not all bad.

Should boards at U.S. banks be concerned about the ongoing problems in Europe?

Sara-Lenet.jpgThe boards of U.S. banks that may be affected the most (such as banks that hold a significant amount of European debt, deal in Euros or otherwise engage in business in Europe or with European banks) should be particularly mindful of the situation. On the flipside, in some cases, the problems in Europe may actually open up new opportunities for U.S. banks, which are opportunities that boards of U.S. banks may want to consider. For instance, European banks may begin to lend less in the U.S. and focus on preserving capital and lending in their home countries, which would present increased lending opportunities to U.S. banks (including through loan syndications).

– Doug McClintock & Sara Lenet, Alston & Bird

dwight-smith.pngYes. On an immediate basis, the problems with the calculation of LIBOR will result in a different rate, although how that may be calculated is unclear. Since the rates on many commercial and consumer loans are based on LIBOR, any replacement will at a minimum complicate the lives of both borrowers and lenders. For lending going forward, a bank probably should not use a LIBOR-based rate and may want to consider whether to base lending on any standard rate. More broadly, on a macro basis, problems in Europe inevitably spill over into the United States.

Even though the spill-over seems unlikely to cause a second recession here, any resulting slow down necessarily will have an adverse effect on the U.S. banking industry—a phenomenon we are already experiencing. The macro consequences of the European problems are beyond the control of any bank, but on an individual basis, a U.S. bank should have a deep understanding of its European exposure. This would include not only any direct exposures, for example in the form of bonds, but also exposures to commercial borrowers that may depend to a material extent on their European businesses. A bank should re-visit the use of any foreign instruments that it may use for hedging purposes. The use of foreign exchange also may require more careful monitoring.

– Dwight Smith, Morrison Foerster

Chip-MacDonald.jpgOngoing problems in Europe affect U.S. monetary and fiscal policies, especially in a presidential election year. Concerns over Europe have led to an influx in foreign investment in U.S. Treasury securities as a safe haven investment. This has reduced yields upon Treasury instruments, and TIPs (Treasury Inflation Protected Securities) have even sold at negative rates. Lower Treasury rates adversely affect the yields on bank investment portfolios and compress margins on loans and other credit assets. This makes it more difficult for banks to generate returns on equity and funds available for dividends and repurchases of common stock. Current low interest policies may have created new systemic risks by encouraging investors to “reach” for higher yields in longer maturity securities with riskier credit quality.  

All directors should be concerned about current levels of interest rates, potential future inflation, and interest rate risks resulting from these policies driven by European and domestic U.S. concerns. The regulators are especially concerned about interest rate risks and their future effects on bank balance sheets and earnings.

– Chip MacDonald, Jones Day

john-bowman.pngYes. Boards of banks, regardless of asset size, must understand generally the business of their bank and the environment in which their bank operates. For example, it was not long ago that many bank directors had never heard of or made a subprime real estate loan. They quickly came to appreciate the many challenges to their banks that that loan product presented. The European Union is the largest trading partner of the U.S. Threats and the challenges presented by the second largest economy in the world (the combined economies of the euro zone) cannot and should not be ignored. Problems in Europe could have very real consequences for financial stability in the U.S. in areas such as employment and credit availability.

– John Bowman, Venable

Peter-Weinstock.jpgFortunately or unfortunately, the world in which we live is interconnected. What once appeared to be vast oceans now seem like small ponds (unless one is flying internationally in coach). With the current global economy, it is hard to avoid thinking of the Woody Allen quote, “More than any other time in history, mankind faces a crossroads. One path leads to despair and utter hopelessness; the other, to total extinction. Let us pray we have the wisdom to choose correctly.” Unfortunately, there are not many ways to inoculate our economy, and thus, the life blood of community banks from the contagion taking hold in Europe. Only if we as a country can get our own financial house in order will we be in a position not only to withstand, but to help the European economy to grow out of its problems.

– Peter Weinstock, Hunton & Williams

Nonaka_Michael.jpgObviously, boards at U.S. banks with European operations should pay close attention to country developments. However, boards at U.S. banks without European operations also should monitor Europe’s problems, because they have the potential for a major ripple effect if country initiatives are unsuccessful. A board should consider whether its bank has particular exposure to Europe and determine whether special contingency planning is necessary.

 —Jean Veta and Michael Nonaka, Covington & Burling

Top Issues for Audit Committees in 2012 and Beyond

We asked audit committee chairmen (and women) what their committees are grappling with in the year ahead. With the passage of the Dodd-Frank Act in 2010, it’s obvious from their responses that compliance with government regulations has become a huge concern. But so is monitoring the organization’s risks, including IT risks, and figuring out how to make a profit in an environment of low interest rates.

What do you believe are the top issues facing audit committee members in 2012 and into 2013?


Coleman-Robert.jpgStress Testing

We need to focus on developing the appropriate stress tests for our institutions to determine, monitor and support our capital adequacy; focus on liquidity risk as macro-economic conditions improve and many of our institutions face a run-off of deposits to higher earning assets; and institutionalize the lessons learned during this credit cycle. 

– Robert F. Coleman, audit committee chairman, PrivateBancorp, Inc., Chicago, IL


Stafford-Ingrid.jpgGrowing Profitability

I think the top issues are sustaining a risk-based focus with executive leadership, adapting risk oversight at the board level to new Dodd-Frank and Fed requirements and figuring out how to make money in a flat interest rate environment for the next two years. 

– Ingrid S. Stafford, audit committee chairman, Wintrust Financial Corporation, Lake Forest, IL

Copeland-Dave.jpgIT & Security Risks

I agree that compliance, particularly trying to understand what is coming with Dodd-Frank, is growing in importance.  IT risk is also taking a bigger share of our time. Everything from privacy and security (including cyber-security), to emerging technologies like the cloud, social and mobile are going to be a focus for us. 

– David L. Copeland, audit committee chairman, First Financial Bankshares, Abilene, TX

Compliance Issues

Compliance continues to be one of the top issues. More and more internal resources are being directed to the ever growing compliance requirements. Disclosure is another struggle. I suspect that eventually, the 10-Qs and 10-Ks will become so lengthy that no one will read them with footnotes that now span multiple pages and are seemingly redundant to matters covered in other sections of the submissions.  Risk is a concern. Each of us hopes that we do not overlook the obvious. 

– Gordon Budke, audit committee chairman, Banner Corporation, Walla Walla, WA

Seward-John.jpgExpanding Responsibilities

The exponential acceleration of regulations will become an increasing challenge for audit committees of all banks, regardless of size.  The compliance area alone, where banks are being required to implement government policy initiatives, is a prime example of this challenge.  In addition, regulators are requiring extensive documentation of all actions taken and not taken in a culture where risk is to be reduced to zero. Therefore, the audit committee’s role is changing rapidly and must constantly be reassessed with these increasing responsibilities.

– John E. Seward, Jr., audit committee chairman, Bank of Tennessee, Kingsport, TN and Carter County Bank, Elizabethton, TN

tim-matz.pngRisk Monitoring

I believe the top issues confronting audit committees this year and next are developing, implementing and monitoring audit plans, including internal audit. These plans are focused on the identification and weighting of risk elements arising out of the transition of the banking industry from the defensive/capital conservation strategies of the past three years to the growth/capital deployment strategies to be implemented over the next several years.  The economy and the need for bank financing will expand together with the regulatory risks presented by the Dodd-Frank legislation.

– Timothy B. Matz, audit committee chairman, PacWest Bancorp, San Diego, CA