June 2024 financial reporting, governance, and risk management

Message from Brook Behm, Managing Principal, Financial Services

Greetings to all. Crowe has an amazing financial services team, and I am honored to serve as the next managing principal of financial services for the firm. Thank you to John Epperson for his vision and leadership. I have been working closely with him as he transitions into the role of Crowe chief risk officer.

I’d like to thank each of you for subscribing to our Crowe Financial Institutions Executive Briefing. We strive to be a source of industry knowledge for our 2,700-plus financial services clients and other industry professionals – through this briefing as well as our various peer groups and webinars. I encourage you to review the following key highlights and take advantage of these resources. We also welcome your feedback on how to make this communication, or any of our events, more impactful.

Key highlights and updates:

June has been a busy month. It’s not surprising that the Federal Deposit Insurance Corp. annual risk review highlighted market risks, credit risks (including office and retail mall), operational and cyber risks, climate risks, and crypto asset risks.
Federal Reserve (Fed) Vice Chair of Supervision Michael Barr indicated in remarks that the Fed is thinking about changes to the liquidity regulations.
Securities and Exchange Commission (SEC) Chief Accountant Paul Munter issued a statement on tone at the top at audit firms, and Division of Corporation Finance Director Erik Gerding issued a statement on cybersecurity incident disclosures.
The Public Company Accounting Oversight Board issued its annual conversations with audit committee chairs and finalized two standards – one on quality control for external auditors and one on general responsibilities of the external auditor. Both are subject to SEC approval.
Also of interest is the Center for Audit Quality analysis of financial statement trends, which is an indicator of audit quality.
Our quarterly financial services audit committee webinar is next week on June 27 at 2 p.m. Eastern. While the focus is for audit committees, all are welcome.
Also next week, we are hosting our periodic peer groups. Join us for what is always a lively dialogue on the latest topics of interest. We have 90-minute CFO/CAO virtual peer groups for banks running June 24-28.
We have 90-minute virtual peer groups for credit union executives running June 25-26.

Subscribe now

From the federal financial institution regulators

FDIC issues banking profile for first quarter 2024

On May 29, 2024, the Federal Deposit Insurance Corp. (FDIC) issued the quarterly banking profile covering the first quarter of 2024. FDIC Chair Martin Gruenberg highlighted the resilience of the banking industry, noting generally favorable asset quality metrics, stable liquidity, and the net income recovery from nonrecurring expenses in the previous quarter. Conversely, Gruenberg also noted declining net interest margin due to upward pressure on rates paid on deposits and declining asset yields.

According to the report, FDIC-insured banks and savings institutions reported $64.2 billion first quarter net income, an increase of $28.4 billion or 79.5% from the prior quarter. The significant increase in net income was driven primarily by noninterest expense related to the special assessment, as well as higher noninterest income and lower provision expenses.

The report provides these additional statistics:

Net interest income totaled $171.6 billion in the first quarter of 2024, a decrease of 2.4% compared to $175.7 billion in the first quarter of 2023. Net interest margin decreased 10 basis points to 3.17%.
Aggregate return-on-assets ratio was 1.08% in the first quarter, compared to 0.61% in the prior quarter and 1.36% in the first quarter of the prior year.
Total loans and lease balances decreased $34.8 billion (0.3%) from the prior quarter, driven primarily by decreases in credit card and auto loan balances.
Domestic deposits increased $190.7 billion (1.1%) from the prior quarter, driven primarily by a $247.2 billion increase in transaction accounts, partially offset by a $125.5 billion decrease in savings deposit balances.
The noncurrent loan rate increased to 0.91%, up 5 basis points from the prior quarter and 16 basis points from the first quarter of the prior year. The non-owner occupied commercial real estate noncurrent rate of 1.59% is the highest since the fourth quarter of 2013.
Unrealized losses on securities totaled $516.5 billion in the first quarter, an increase of $38.9 billion, or 8.2%, from the prior quarter.
Community banks’ first quarter net income totaled $6.3 billion, an increase of $363.2 million, or 6.2%, from the prior quarter.
The Deposit Insurance Fund balance totaled $125.3 billion at quarter-end, an increase of $3.5 billion from the beginning of the quarter, driven primarily by assessment income.

The total number of FDIC-insured commercial banks and savings institutions that filed call reports declined by 19 to 4,568 at the end of the first quarter. During the quarter, one bank opened, four did not file a call report, and 16 merged with other institutions. The number of banks on the FDIC’s problem bank list increased by nine to 63 at quarter-end, representing 1.4% of total banks (within the range of 1-2% for noncrisis periods). Total assets of problem banks increased to $82.1 billion, an increase of $15.8 billion.

NCUA issues first quarter 2024 performance data

On June 5, 2024, the National Credit Union Administration (NCUA) reported quarterly figures for federally insured credit unions based on call report data submitted to and compiled by the agency for the first quarter of 2024. Highlights include the following statistics:

The number of federally insured credit unions declined to 4,572, compared to 4,712 in the first quarter of the prior year. Also in the first quarter, 2,862 federal credit unions and 1,710 federally insured, state-chartered credit unions existed.
Total assets reported for federally insured credit unions totaled $2.31 trillion, an increase of $96 billion (4.4%) over the year ending first quarter 2024.
Annualized net income totaled $15 billion, a decrease of $2.8 billion (15.6%) compared to the first quarter of the prior year.
Annualized return on average assets was 66 basis points, compared to 81 basis points in the first quarter of the prior year.

The credit union system’s net worth totaled $245 billion, an increase of $13.3 billion (5.7%) over the year. The NCUA noted that this ratio excludes the current expected credit loss transition provision beginning in the first quarter of 2023. Net worth as a percentage of assets increased to 10.62% from 10.48% in the first quarter of the prior year.

Treasury issues RFI on use of AI in financial services

On June 6, 2024, the U.S. Department of the Treasury issued a request for information (RFI), soliciting public comments on the use of artificial intelligence (AI) in the financial services sector. The RFI calls for feedback on opportunities and risks presented by AI use in the sector, impacts to stakeholders, challenges to responsible innovation, and how AI can advance “a financial system that delivers inclusive and equitable access to financial services.”

Comments are due Aug. 12, 2024.

FDIC issues annual risk review

On May 22, 2024, the FDIC published its 2024 “Risk Review” covering key banking risks of 2023, categorized as follows:

Market risks, including higher interest rates and declining bank deposits
Credit risks, including weaknesses in the markets for office and retail mall space, high residential mortgage rates, early signs of emerging stress in credit quality, declining household savings, and weaker consumer loan performance
Operational and cyber risks, including increased likelihood of cyberattacks due to geopolitical events as well as threats to critical infrastructure systems from quantum computing and AI
Climate-related financial risks, including heightened risk of loss due to climate events and more costly or unavailable insurance policies
Crypto asset risks

Fed vice chair of Supervision speaks on potential adjustments to liquidity regulations

On May 20, 2024, Federal Reserve (Fed) Vice Chair of Supervision Michael Barr spoke on the current status of monetary policy and the importance of capital, liquidity, and resolution resources to support a resilient banking system. Notably, Barr addressed potential regulatory changes to the liquidity framework that the Fed is considering in response to the bank failures of spring 2023, including:

Minimum requirements for readily available liquidity with a pool of reserves and pre-positioned collateral at the discount window, based on a fraction of uninsured deposits, for banks over a certain size
Restrictions on reliance on held-to-maturity assets in large-bank liquidity buffers
Changes to the treatment of certain types of deposits, such as deposit withdrawals by high net worth individuals, and companies associated with venture capital or crypto asset-related businesses

Barr stated that the Fed, working jointly with other federal banking regulators, continues to assess long-term debt requirements within the liquidity framework, including public comments on a minimum long-term debt proposal from August 2023.

CFPB sets application process for standard-setting bodies under open banking rule

On June 5, 2024, the Consumer Finance Protection Bureau (CFPB) finalized certain provisions of its Personal Financial Data Rights Rule on qualifications that standard-setting bodies must meet for formal CFPB recognition. Standard-setting bodies must obtain this recognition to issue technical standards that will be used by companies to comply with the provisions of the data rights rule, which is pending full adoption. The final rule also provides guidance on how standard-setters can apply for recognition and describes the CFPB’s evaluation process for applicants.

CFPB issues circular on unlawful and unenforceable contract terms

On June 4, 2024, the CFPB issued a circular on contract terms that are unlawful and unenforceable under federal or state law, emphasizing that covered persons who include such terms in contracts for consumer financial products violate the prohibition on deceptive acts or practices in the Consumer Financial Protection Act (CFPA). The CFPB noted that waivers that disclaim contract provisions as being “subject to applicable law” or as effective “except where unenforceable” do not remedy the misrepresentation arising from a material unlawful or unenforceable contract term.

CFPB revises Section 1071 compliance deadlines

On May 17, 2024, in response to the recent U.S. Supreme Court ruling on the constitutionality of the CFPB’s funding and an ongoing stay issued by a federal court in Texas, the bureau announced its intent to issue an interim final rule extending compliance deadlines for its small-business lending rule, which would require covered financial institutions to report data on small-business credit applications to the CFPB. The interim rule will push back the tiered compliance deadlines as follows:

Tier 1 institutions (highest volume lenders) will be subject to a revised compliance date of July 18, 2025, and a first filing deadline of June 1, 2026.
Tier 2 institutions will be subject to a revised compliance date of Jan. 16, 2026, and a first filing deadline of June 1, 2027.
Tier 3 institutions will be subject to a revised compliance date of Oct. 18, 2026, and a first filing deadline of June 1, 2027.

From the Securities and Exchange Commission (SEC)

SEC proposes rule on customer identification programs for RIAs and ERAs

On May 13, 2024, the SEC and the Financial Crimes Enforcement Network (FinCEN) jointly issued a proposed rule to subject registered investment advisers (RIAs) and exempt reporting advisers (ERAs) to customer identification program (CIP) requirements. Generally consistent with existing requirements for other financial institutions, the proposal would require RIAs and ERAs to establish and maintain written CIPs to verify the identities of their customers (to a reasonable extent), obtain certain information on each customer, and maintain records on the information used to verify customer identity. The proposed rule is issued in tandem with a previous FinCEN proposal to designate RIAs and ERAs as “financial institutions” under the Bank Secrecy Act, which would subject them to reporting obligations related to anti-money laundering and countering terrorism.

Comments are due July 22, 2024.

SEC adopts final amendments on consumer information protections

On May 16, 2024, the SEC adopted final amendments to Regulation S-P to modernize and enhance protection of nonpublic consumer information obtained by covered financial institutions. Covered institutions include broker-dealers (including funding portals), investment companies, registered investment advisers, and transfer agents.

Among other provisions, the amendments require covered institutions to:

Maintain written policies about detecting and responding to incidents of unauthorized access to sensitive consumer information
Establish procedures to notify individuals whose information has been accessed without authorization, or is reasonably likely to have been accessed, as soon as practicable and no more than 30 days after the institution becomes aware of the incident
Expand the scope of covered consumer information to include nonpublic personal information that a covered institution receives from other financial institutions, in addition to information that it collects directly from its own customers

Compliance dates are based on institution size. Larger entities must comply within 18 months of publication in the Federal Register, and smaller entities must comply within 24 months. Larger entities are defined in the final amendments as investment companies with $1 billion or more in net assets, registered investment advisers with $1.5 billion or more in assets under management, and broker-dealers and transfer agents not designated as small entities.

Chief accountant speaks on tone at the top at audit firms

On May 15, 2024, SEC Chief Accountant Paul Munter issued a statement on the responsibility of audit firm leadership to foster a healthy tone at the top. Munter emphasized the key role of the tone at the top in establishing firm culture, which in turn supports audit quality – for example, by empowering auditors to exercise professional skepticism and by serving as the foundation for an effective quality control system. Conversely, a weak firm culture could result in ethical misconduct by firm employees that undermines public trust in auditors. Munter stated that seeking investment from third parties that are not subject to auditor independence and ethics requirements, such as private equity firms, could create additional risks.

Munter highlighted the importance of leading by example, stating that audit firm leadership should:

Take care that the firm’s actions align with its written code of conduct or ethics
Incorporate ethics and character as key considerations in hiring, promotion, and compensation decisions to advance firm professionals who act ethically and serve as a positive example for less experienced staff
Encourage candor and transparency, empowering employees of all levels to provide confidential feedback on the firm’s culture and report misconduct without fear of retaliation
Conduct business strategy and communications to staff that reflect the importance of audit quality and compliance with professional standards

SEC issues statement on applying IFRS 19 in SEC filings

On May 17, 2024, Chief Accountant Munter and Division of Corporation Finance (CorpFin) Director Erik Gerding issued a joint statement on the application of International Financial Reporting Standard (IFRS) 19, “Subsidiaries Without Public Accountability: Disclosures,” which permits reduced financial statement disclosures for certain subsidiaries of eligible reporting companies that do not have public accountability. The statement addressed scenarios in which financial statements that apply IFRS 19 are included in an SEC filing. Munter and Gerding stated that entities in this scenario likely will be required to make additional disclosures due to investor use of those financials in the SEC filing.

CorpFin director releases statement on cybersecurity incident disclosures

On May 21, 2024, CorpFin Director Gerding issued a statement on the SEC’s rule requiring disclosure of material cybersecurity incidents on Item 1.05 of Form 8-K, encouraging companies that elect to make voluntary disclosures – for example, of incidents that are still undergoing assessment or incidents that have been determined immaterial – to do so on a different item of Form 8-K (such as Item 8.01) to avoid confusion or dilution of material disclosures required under Item 1.05. If a company does voluntarily disclose a cybersecurity incident under Item 8.01 but subsequently determines that the incident is material, it must still fully disclose the incident under Item 1.05.

Gerding emphasized that the materiality of a cybersecurity incident should be based on both qualitative and quantitative factors, including the impact on financial condition and results of operation; reputation; customer and vendor relationships; competitiveness; and possible litigation or regulatory actions that could arise from the incident.

Enforcement director speaks on cooperating with investigations

On May 23, 2024, Division of Enforcement Director Gurbir Grewal spoke on the benefits of cooperation with SEC investigations, stating that the division might recommend reduced or no charges or civil penalties to reward meaningful cooperation. Grewal described five principles of effective cooperation:

Self-policing prior to SEC involvement: Entities should encourage a culture of compliance and update risk awareness and compliance policies to keep up with technological advances.
Proactive self-reporting: Entities are encouraged to report as soon as they become aware of a potential issue; they don’t have to wait until they have reached a full conclusion. Proactive reporting can signal strong self-policing and an effective compliance culture, and it could help build credibility with SEC staff.
Proactive remediation: Meaningful cooperation credit can be given when an entity makes strong proactive remediation efforts prior to an enforcement action, even if the entity did not self-report.
Cooperation that goes “above and beyond”: Meaningful cooperation goes beyond bare minimum compliance efforts. For example, entities and their legal counsel can proactively call attention to relevant materials not included in initial requests, or they can aid the Enforcement team in contacting hard-to-reach witnesses.
Early, frequent, and purposeful collaboration: Establishing open communication with the Enforcement team is crucial to setting the foundations for meaningful cooperation.

Federal appeals court vacates private fund advisers rule

On June 5, 2024, the U.S. Court of Appeals for the 5th Circuit vacated the SEC’s final rule on private fund advisers, stating that the SEC exceeded its statutory authority in adopting the final rule. The rule, adopted in August 2023, prohibited private fund advisers from activities that result in preferential treatment to certain investors, and it required registered private fund advisers to issue quarterly statements for investors, among other provisions. The rule will be fully vacated in July 2024 absent further SEC action.

SEC holds Investor Advisory Committee meeting

The Investor Advisory Committee met on June 6, 2024. Agenda items included discussion of:

The increasing trend of investment advice offered through social media
Regulating the use of AI, disclosures of and data controls over AI, and the SEC’s role in advancing the responsible and ethical use of AI
A recommendation regarding the protection of self-directed investors when trading complex products and using complex strategies
A recommendation on financial literacy and investor education

From the Public Company Accounting Oversight Board (PCAOB)

PCAOB shares results from conversations with audit committee chairs

On June 11, 2024, the PCAOB released “Spotlight: 2023 Conversations With Audit Committee Chairs,” summarizing conversations with 230 audit committee chairs. The report presents high-level observations and key takeaways related to current economic and audit workforce environments. It also touches on significant discussions with auditors, monitoring quality control systems, and independence of the company’s auditors. The report includes PCAOB resources for audit committees.

PCAOB adopts new quality control standard

On May 13, 2024, the PCAOB adopted a new quality control standard that requires all PCAOB-registered firms to identify their risks and design a quality control (QC) system that includes policies and procedures to guard against those risks. Under the standard, firms would be required to annually evaluate their QC system and report the results of their evaluation to the PCAOB on a specific form, which would be certified by key firm personnel to reinforce individual accountability. Additionally, firms that annually audit more than 100 issuers would be required to establish an external oversight function for the QC system. Responsibilities of the external function would include evaluating the significant judgments made and the related conclusions reached by the firm when evaluating and reporting on the effectiveness of its QC system.

Subject to approval by the SEC, the new standard and related amendments will become effective on Dec. 15, 2025.

PCAOB Chair Erica Y. Williams shared thoughts on the new standard in a statement presented at the PCAOB open board meeting.

PCAOB adopts new standard on general responsibilities of the auditor

On May 13, 2024, the PCAOB adopted AS 1000, “General Responsibilities of the Auditor in Conducting an Audit,” which addresses the general principles and responsibilities of the auditor, including due professional care, professional skepticism, competence, and professional judgment. The new standard and related amendments provide clarification of the general principles and responsibilities of auditors and the auditor’s responsibility to evaluate whether the financial statements are presented fairly. They address the engagement partner’s due professional care responsibilities by adding specificity to certain audit performance principles detailed in the standards. In addition, they note that an auditor’s professional skepticism extends to other information that is obtained to comply with PCAOB standards and rules. The new standard also shortens the documentation completion date by reducing the maximum period for the auditor to assemble a complete and final set of audit documentation from 45 days to 14 days.

The new standard will apply to all audits conducted under PCAOB standards. Subject to SEC approval, the new standard will be effective for audits of financial statements for fiscal years beginning on or after Dec. 15, 2024. However, for certain firms, the documentation completion date will take effect for audits of financial statements for fiscal years beginning on or after Dec. 15, 2025.

PCAOB updates agendas

Citing the PCAOB’s progress in 2024 and continued drive toward its goal of modernizing its standards and rules, the PCAOB on May 14, 2024, posted updates to its standard-setting, research, and rulemaking agendas. The updates include:

Two projects completed and awaiting SEC approval (quality control and general responsibilities of the auditor in conducting an audit)
Two projects added to the short-term standard-setting agenda (Inventory and Other Reporting)
A new project on internal audit added to the midterm agenda
Timeline for the attestation standards update project updated to 2025
Follow-on disciplinary proceedings project removed from the rulemaking agenda

From the Center for Audit Quality (CAQ)

CAQ analyzes financial restatement trends

In June 2024 the CAQ released a report, “Financial Restatement Trends in the United States: 2013-2022,” that examines the trends in public company restatements and provides insights into restatement characteristics, accounting issues underlying restatements, investor concerns and restatement severity, restatement company characteristics, internal controls over financial reporting, and critical audit matters (CAMs). The report noted, “Restatement activity is frequently used as an outcome-based measure of financial reporting quality.” Considering changes in both the regulatory and economic environments, an analysis of restatement trends might provide some insight into how the financial reporting ecosystem is managing factors that can affect the risk of material misstatement.

Among other findings, the analysis revealed:

Expenses – specifically the misapplication of reporting rules for accruals, reserves, and estimates – are cited most frequently in restatement announcements.
Fraud is implicated in 3% of restatements.
The financial, banks, and insurance industry was identified as one of the top three industries reporting the most restatements.
Public companies that have announced restatements are more likely to have ineffective internal control over financial reporting based on management’s assessment.
Internal control over financial reporting reports are not predictive of restatements.
CAMs do not provide information about restatement risk.

Portions of AICPA materials reprinted with permission. Copyright 2024 by AICPA.

FASB materials reprinted with permission. Copyright 2024 by Financial Accounting Foundation, Norwalk, Connecticut. Copyright 1974-1980 by American Institute of Certified Public Accountants.