August 2024 financial reporting, governance, and risk management

Message from Sydney Garmong, Partner, National Office

With fall just around the corner, many students are heading back to school to prepare for future opportunities. Hopefully, you are enjoying the tail end of summer.

Generative AI (GenAI) is certainly a hot topic and on the minds of many stakeholders. If GenAI is of interest, we draw your attention to the recent Public Company Accounting Oversight Board (PCAOB) staff update on its outreach on the use in audits and financial reporting and the Center for Audit Quality audit committee resource.

The second quarter of 2024 was relatively comparable to the first quarter, with net interest margin holding stable. The industry experienced a slight increase in allowance for credit losses, and overall credit quality decreased slightly.

Two of the largest American Institute of Certified Public Accountants (AICPA) conferences for our industry are just around the corner. This year, the AICPA banking conference and AICPA credit unions conference will occur concurrently Sept. 9-11, 2024, at the Gaylord National Resort & Convention Center, National Harbor, Maryland, just south of Washington, D.C. Here are the discount codes:

The 2024 national AICPA & CIMA Conference on Banks & Savings Institutions – use the code “BAN24” to save $100 on the in-person or the virtual option.

The 2024 AICPA & CIMA Conference on Credit Unions – use the code “CU24” to save $100 on the in-person or the virtual option.

We hope to see you in September. We look forward to keeping you informed and welcome any feedback.

Subscribe now

From the federal financial institution regulators

Banking agencies issue joint statement and RFI on third-party risk management

On July 25, 2024, the Federal Reserve Board (Fed), the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corp. (FDIC) issued a joint statement and related request for information (RFI) on risk management for banks engaging with third parties to provide deposit products and services.

The joint statement reiterates the principles and approach raised in guidance previously issued by the agencies. In it, the agencies state their support of “responsible innovation,” and emphasize that the use of third parties does not “diminish [a bank’s] responsibility to comply with all applicable laws and regulations.” The agencies highlight several risks that could be elevated by third-party arrangements, including:

Operational and compliance risks, such as the outsourcing of significant operations or compliance functions, lack of access to key records and data maintained by a third party, and insufficient risk management and audit oversight

Growth-related risks, characterized as the risk associated with rapid growth that outpaces operational and compliance capabilities, and places pressure on capital levels

Potential end-user confusion caused by misrepresentation of deposit insurance coverage in marketing materials or other statements issued by nonbank third parties

The concurrently issued RFI calls for stakeholder feedback on the nature of bank-fintech arrangements, effective risk management practices, and potential improvements to existing supervisory guidance.

Comments are due Sept. 30, 2024.

OCC updates BAAS

On Aug. 15, 2024, the OCC released an update to the Bank Accounting Advisory Series (BAAS). The BAAS covers a variety of topics and promotes consistent application of accounting standards among national banks and federal savings associations. The BAAS is updated annually to address accounting questions, newly issued and updated accounting standards, and emerging issues observed through March 31, 2024. This edition of the BAAS does not include new questions or substantive updates to existing questions; however, the OCC has made edits to improve general clarity, including revision, relocation, and renumbering of certain existing entries. The OCC noted that these edits do not alter prior conclusions or interpretations from prior editions.

The BAAS does not represent official rules or regulations of the OCC. Rather, it represents the OCC’s Office of the Chief Accountant’s interpretations of GAAP and regulatory guidance based on the facts and circumstances presented. While the BAAS is published by the OCC, the information in the BAAS is relevant to all financial institutions.

FDIC proposes rule to revise brokered deposit regulations

On July 30, 2024, the FDIC board of directors approved a proposal which would broaden existing regulations on brokered deposits by expanding the definition of a deposit broker established under a previous 2020 rule, and amending the qualification criteria for meeting certain exemptions. In the proposal, the FDIC cites some significant risks they perceive can be posed by brokered deposits – including undue reliance on brokered deposits by less-than-well-capitalized insured depository institutions (IDIs), and of underreported brokered deposits both to IDIs and to the Deposit Insurance Fund.

Among such changes, the proposed rule would:

Eliminate the exception for an entity that maintains an exclusive deposit placement arrangement with a single IDI
Revise the “primary purpose exception” (PPE), requiring entities to consider both the customer-third party relationship and the third party-IDI relationship, and specifically incorporating consideration of the third party’s intent in the placement of customer deposits
Prohibit third parties from applying for a PPE, requiring IDIs to apply for each third-party arrangement they hope to exempt
Replace the “25% test” with an exception for registered broker-dealers or investment advisers with less than 10% of total customer assets under management placed in non-maturity accounts at one or more IDIs
Eliminate the “enabling transactions” designated exception

Comments are due 60 days after publication in the Federal Register.

Banking agencies and NCUA propose BSA/AML rules

On July 19, 2024, the Fed, FDIC, OCC, and National Credit Union Administration (NCUA) issued for comment a proposed rule amending Bank Secrecy Act (BSA) compliance program requirements for covered institutions. The proposal would make conforming changes to align these requirements with those currently being proposed by the Financial Crimes Enforcement Network (FinCEN), pursuant to the Anti-Money Laundering Act of 2020.

The proposed amendments would establish minimum requirements for an “effective, risk-based, and reasonably designed” anti-money laundering and countering the financing of terrorism (AML/CFT) program, including a mandatory risk assessment process. Banks would be required to incorporate the national AML/CFT priorities issued by FinCEN in developing and executing their risk-based programs.

Comments are due Oct. 8, 2024.

Federal bank regulatory agencies seek comment on interagency effort to reduce regulatory burden

On July 25, 2024, the Fed, FDIC, and OCC issued a notice requesting public feedback to identify “outdated, unnecessary, or unduly burdensome” regulations as required every 10 years under the Economic Growth and Regulatory Paperwork Reduction Act of 1996. Stakeholders are invited to comment on outdated or unnecessary regulatory requirements in the following categories: consumer protection; directors, officers, and employees; and money laundering.

The agencies will hold a virtual public forum for comments on Sept. 25, 2024.

NCUA approves incentive-based compensation rules

On July 18, 2024, the NCUA board approved a re-proposed rule on incentive-based compensation arrangements in accordance with the Dodd-Frank Wall Street Reform and Consumer Protection Act. The revised proposal, which was previously approved by several agencies in May 2024, is pending approval from the Federal Reserve and the SEC. The joint proposal would expand regulations on the disclosure and reporting of compensation at certain financial institutions and would restrict incentive-based compensation arrangements that fail to support appropriate and effective risk management and corporate governance.

The proposed rule, which represents a re-proposal from those initially issued in 2016, identifies three categories of covered financial institutions based on average total consolidated assets – Level 3, from $1 billion to $50 billion; Level 2, from $50 billion to $250 billion; and Level 1, greater than $250 billion – with the largest institutions subject to the most rigorous requirements. In its press release, the NCUA observed that most federally insured credit unions would be exempt from the rule, with 441 credit unions categorized as Level 3 institutions as of the first quarter of 2024, two as Level 2, and none as Level 1.

From the Financial Accounting Standards Board (FASB)

FASB proposes changes to derivative scoping guidance

On July 23, 2024, FASB issued proposed amendments to refine existing scoping guidance in Topic 815, “Derivatives and Hedging,” and clarify accounting for vendors that receive share-based payments in revenue contracts. The proposal would expand current derivative scope exceptions by exempting contracts for which settlement is based on the operations or activities of one of the contract parties. It also would revise the predominant characteristics assessment for contracts with multiple underlyings, requiring entities to identify the underlying with the greatest expected impact on the contract’s fair value.

Additionally, the amendments would clarify that entities that receive share-based payments in exchange for providing goods and services should first apply the guidance on noncash consideration in Topic 606, “Revenue From Contracts With Customers,” before applying other guidance. Under the proposal, fewer contracts and embedded features would be accounted for as derivatives and entities would be permitted a one-time fair value election for contracts previously accounted for as derivatives that would no longer qualify under the amended guidance.

Comments are due Oct. 21, 2024.

For additional information, see the Crowe article “FASB Proposes Derivative Scope Refinements.”

From the Securities and Exchange Commission (SEC)

SEC issues proposed joint data standards

On Aug. 2, 2024, the SEC, jointly with several other financial regulatory agencies, issued for public comment proposed data standards in accordance with the Financial Data Transparency Act of 2022. If adopted, they would implement uniform data identifiers and principles-based data transmission and structuring standards with the aim of promoting greater “interoperability of financial regulatory data across the agencies.” Common data identifiers would be established for characteristics such as entity, geographic location, date, and certain products and currencies.

These identifiers are required to be “open license.” For example, the agencies designate the International Organization for Standardization (ISO) 17442-1:2020, Financial Services – Legal Entity Identifier (LEI) as the proposed legal entity identifier.

SEC Chair Gary Gensler and Commissioners Hester Peirce and Mark Uyeda issued statements on the proposal and called for stakeholder feedback.

Comments are due 60 days after publication in the Federal Register.

CorpFin issues new C&DIs on asset-backed securities

On July 31, 2024, the Division of Corporation Finance published updates to compliance and disclosure interpretations (C&DIs) on asset-backed securities. The revised C&DIs address the following issues:

Clarify that access to, or receipt of, information publicly available on EDGAR would not in itself result in an affiliate or subsidiary being classified as a securitization participant.
Describe the appropriate registration and periodic reporting forms for public utility securitizations structured as standalone trusts and meet the definition of an “asset-backed security,” and those structured as “series trusts.”
Clarify that the “discrete pool” requirement under Item 1101(c)(1) of Regulation AB does not preclude a security that is supported by the cash flow of a single asset.

SEC chief accountant remarks on FASB’s updated conceptual framework

On Aug. 12, 2024, Chief Accountant Paul Munter issued a statement on recent comprehensive updates to the FASB’s Conceptual Framework for Financial Reporting. This framework of financial reporting objectives and concepts guides the FASB’s agenda prioritization and decision-making in evaluating potential projects and new accounting pronouncements. Munter commented his belief that the updated framework could not only further the FASB’s ability to develop “high-quality accounting standards coupled with robust disclosures” but also help stakeholders to better understand FASB decisions and provide more meaningful, applicable feedback.

From the Public Company Accounting Oversight Board (PCAOB)

PCAOB summarizes outreach findings on use of GenAI

On July 22, 2024, the PCAOB released a staff Spotlight publication, “Staff Update on Outreach Activities Related to the Integration of Generative Artificial Intelligence in Audits and Financial Reporting.” It summarizes a survey of audit firms and preparers on the use of generative AI (GenAI) in audits and financial reporting and finds that integration is still in early stages but rapidly evolving. Audit firms and preparers alike said that they are exploring ways to integrate GenAI-enabled tools in auditing and financial reporting.

Audit firms are primarily using GenAI in administrative and research activities but see potential for using it in planning and performing audits. Observations touched on investment in GenAI, limitations specifically related to data privacy and data security concerns, supervision and review, risks related to input and output, other emerging risks, and the importance of firm policies and procedures related to GenAI. Additionally, the survey indicated that preparers are exploring how they can use GenAI throughout their operations and customer-facing areas.

PCAOB summarizes inspection results

On Aug. 15, 2024, concurrent with the posting of inspection reports for all 2023 annually inspected firms, the PCAOB published “Spotlight: Staff Update on 2023 Inspection Activities,” providing a summary of the 2023 inspections approach, common deficiencies, observations on quality control systems, and trends on recurring deficiencies. The document reveals that the aggregate deficiency rate in the audits of issuers and brokers and dealers increased in 2023; however, there were signs of improvement or leveling off at some of the largest firms, and the results of outlier inspections strongly influenced the aggregate rate. The areas of most common deficiencies included auditing internal control over financial reporting (ICFR), accounting estimates, revenue, inventory, business combinations, investment securities, and long-lived assets, goodwill, and intangible assets. The report also includes recommendations on best practices for auditing long-lived assets and revenue as well as reminders related to the auditor’s consideration of fraud.

PCAOB issues annual broker-dealer inspection report

The PCAOB on July 25, 2024, released its “Annual Report on the Interim Inspection Program Related to Audits of Brokers and Dealers,” which includes observations from inspections during 2023, guidance about and examples of effective procedures, and information about the inspection approach. According to the report, the percentage of firms with audit and/or attestation engagement deficiencies decreased slightly to 88%, from the 90% identified in 2022. The PCAOB noted that “these high deficiency rates across engagement types are a cause for significant concern.”

The PCAOB also notes that this report should help broker-dealer management and audit committees or equivalents as they oversee the work of their auditors and engage on financial reporting. With the report, the PCAOB released “Supplementary Information Related to Audits of Brokers and Dealers,” which provides comparative data about selected firms and engagements and the results of PCAOB inspections over multiyear periods.

PCAOB requests nominations for advisory groups

On July 29, 2024, the PCAOB announced that it is seeking nominations for members of its Investor Advisory Group and Standards and Emerging Issues Advisory Group. Links to nomination forms, qualifications, and information about the groups are in the announcement. New members will serve from Jan. 1, 2025, to Dec. 31, 2026. The nomination deadline is Sept. 6, 2024.

From the American Institute of Certified Public Accountants and Chartered Institute of Management Accountants (AICPA & CIMA)

AICPA & CIMA publish report on enterprise risk management practices

On July 23, 2024, the AICPA & CIMA and North Carolina State University (NCSU) Poole College of Management issued the 15th annual edition of “The State of Risk Oversight: An Overview of Enterprise Risk Management Practices.” Through a detailed analysis of components of the risk management processes, the report provides insights from business leaders on the state of enterprise risk management practices. The report covers risk environment, maturity of risk management practices, strategic value of risk management, processes to identify risks, techniques to prioritize and monitor risks, approaches to communicating risk insights, chief risk officers and management-level risk committees, board oversight of risks, expectations for enhanced risk management, barriers limiting risk management maturity, and next steps. For each of these areas the report includes insights and discussion items for management and board consideration to help them identify actions they can take to enhance the value of their risk oversight and evaluate the robustness of their entity’s approach to managing a rapidly evolving portfolio of risks.

From the Center for Audit Quality (CAQ)

CAQ issues GenAI audit committee resource

In July 2024, the CAQ published “Audit Committee Oversight in the Age of Generative AI,” providing an overview of GenAI technology, a description of the impact of GenAI on financial reporting and ICFR, and questions to ask management and the auditor.

The use of GenAI in financial reporting processes and ICFR creates new risks and considerations for companies including when and how to invest in GenAI technologies, and audit committees will have an important oversight role to play. The questions provided in this resource are aimed at helping audit committee members to better understand company management’s approach to the use of GenAI and oversee the related risks.

Portions of AICPA materials reprinted with permission. Copyright 2024 by AICPA.

FASB materials reprinted with permission. Copyright 2024 by Financial Accounting Foundation, Norwalk, Connecticut. Copyright 1974-1980 by American Institute of Certified Public Accountants.