The ramifications of fraud and how you can prevent it

Read this if you are a broker-dealer. 

Effective January 1, 2023, the Financial Industry Regulatory Authority (FINRA) and other industry self-regulatory organizations adopted certain changes to the securities industry continuing education (CE) and registration rules to train registered persons more effectively.

These upcoming changes, which include the annual Regulatory Element for each registration category and the extension of the Firm Element to all registered persons, are expected to help make sure all registered persons receive timely and relevant training. See below for some of these changes.

Firms should begin to prepare now for these changes. FINRA and the CE Council are committed to developing resources and guidance to support firms as they assess their education needs and develop their training requirements. FINRA is committed to providing more information as it becomes available. 

What can you do now to comply with these upcoming rule changes by January 1, 2023?
Review FINRA’s Regulatory Notice 21-41 and FINRA’s CE Transformation resource page to become familiar with upcoming changes. Review the 2023 Regulatory Element topics on FINRA’s website.

If you have any questions about your specific situation or would like more information, please contact our Broker-dealers team. We're here to help. 

Read this if you are working with an auditor.

The standard report an auditor issues on an entity’s financial statements was created in 1988, and has only had minor tweaking since. Amazing when we think about how the world has changed since 1988! Back then:

• The World Wide Web hadn’t been invented
• The Simpsons wasn’t yet on TV, and neither was Seinfeld
• The Berlin Wall was still standing
• The Single Audit Act celebrated its fourth birthday

The Auditing Standards Board (ASB), an independent board of the American Institute of CPAs (AICPA) that establishes auditing rules for not-for-profit organizations (as well as private company and federal, state, and local governmental entities) has decided it was high time to revisit the auditor’s report, and update it to provide additional information about the audit process that stakeholders have been requesting.

In addition to serving as BerryDunn’s quality assurance principal for the past 23 years, I’ve been serving on the ASB since January 2017, and as chair since May 2020. (And thanks to the pandemic our meetings during my tenure as chair have been conducted from my dining room table.)  We thought you might be interested in a high-level overview of the coming changes to the auditor’s report, which will be effective starting with calendar 2021 audits, from an insider’s perspective.

So what’s changing?

The most significant changes you’ll be seeing, based on feedback from various users of auditor’s reports, are:

1. Opinion first
   The opinion in an audit report is the auditor’s conclusion as to whether the financial statements are in accordance with the applicable accounting standards, in all material respects. People told us this is the most important part of the report, so we’ve moved it to the first section of the report.
2. Auditor’s ethical responsibilities
   We’ve pointed out that an auditor is required to be independent of the organization being audited, and to meet certain other ethical responsibilities in the conduct of the audit.
3. “Going concern” responsibilities
   We describe management’s responsibility, under U.S. generally accepted accounting principles, and the auditor’s responsibility, under the auditing rules, for determining whether “substantial doubt” exists about the organization’s ability to continue in existence for at least one year following the date the financial statements are approved for issuance.
4. Emphasis on professional judgment and professional skepticism
   We explain how an audit requires the auditor to exercise professional judgment (for example, regarding how much testing to perform), and to maintain professional skepticism, i.e., a questioning mind that is alert to the possibility the financial statements may be materially misstated, whether due to error or fraud.
5. Communications with the board of directors
   We point out that the auditor is required to communicate certain matters to the board, such as difficulties encountered during the audit, material adjustments identified during the audit process, and which areas the auditor treated as “significant risks” in planning and performing the audit.
6. Responsibility related to the “annual report”
   If the organization issues an “annual report” containing or referring to the audited financial statements, we explain the auditor is required to review it for consistency with the financial statements, and for any known misstatements of fact.
7. Discussion of “key audit matters”
   While not required, your organization may request the auditor to discuss how certain “key audit matters” (those most significant to the audit) were addressed as part of the audit process. These are similar to the “critical audit matters” publicly traded company auditor’s reports are now required to include.

Yes, this means the auditor’s report will be longer; however, stakeholders told us inclusion of this information will make it more informative, and useful, for them.

Uniform Guidance standards also changing

Is your organization required to have a compliance audit under the federal Uniform Guidance standards? That report is also changing to reflect the items listed above to the extent they’re relevant.

What should you do?

Some actions to consider as you get ready for the first audit to which the new report applies (calendar 2021, or fiscal years ending in 2022) include:

1. Ask your auditor what your organization’s auditor’s report will look like
   Your auditor can provide examples of auditor’s reports under the new rules, or even draft a pro forma auditor’s report for your organization (subject, of course, to the results of the audit).
2. Outline and communicate your process for developing your annual report
   If your organization prepares an annual report, it will be important to coordinate its timing with that of the issuance of the auditor’s report, due to the auditor’s new reporting responsibility related to the annual report.
3. Discuss with your board whether you would like the auditor to include a discussion of “key audit matters” in the auditor’s report
   While not required for not-for-profits, some organizations may decide to request the auditor include a discussion of such matters in the report, from the standpoint of transparency “best practices.”

If you have any questions about the new auditor’s report or your specific situation, please contact us. We’re here to help.
 

On June 16^th the FASB issued the final standard for credit losses. We’ve analyzed the new standard and pulled together some key items you’ll need to know:

It looks like you should be able to implement CECL without purchasing expensive third-party models, if your institution is able to get adequate historical data from your core system and has the personnel available to crunch the numbers. Following is one approach that should pass muster with regulators (and, hopefully, the PCAOB):

1. Determine loans for which specific reserves are appropriate, much as you are currently doing. The notion of “impaired” loans goes away; a loan should be evaluated specifically if the institution becomes aware of loan-specific information indicating it has an exposure to loss that differs from other loans it would otherwise be pooled with. In practice, we think that’ll be largely the same loans that are currently being identified as impaired.
2. For the rest of the portfolio: Group loans by common characteristics – same as you’re doing now.
   1. For each group, create subgroups for each origination year. It looks like current year and previous four years are the critical ones to focus on; anything older than five years could probably be lumped together.
   2. For each subgroup, establish economic and other relevant conditions for the average term of loans in the subgroup. This includes actual conditions from year of origination to the present, forecasted conditions for the near future, and long-term historical conditions for the remaining average loan term
      • Select an historical loss period that best approximates the conditions established in (b) above.
      • Determine average lifetime chargeoffs for that historical loss period for each loan type
      • Adjust that average for any current or expected conditions that you believe are different from this historical data.  Such adjustments should be based on the institution’s chargeoff experience when similar conditions occurred in the past.  An example might be an actual or expected decline in real estate values that you believe is more pronounced than in the historical loss period chosen.

While not specifically mentioned in the guidance, we believe a modest unallocated allowance is still supportable, especially since imprecision is certainly higher when factoring in expected losses in addition to incurred losses.
 

Other points that caught our eye:

1. The guidance applies to purchased loans with credit deterioration, as well as originated loans. That will create more comparability in terms of the allowance as a % of loans for institutions that have done acquisitions vs. those who haven’t. An interesting twist, though – for acquired loans that have experienced a more-than-insignificant deterioration in credit quality since origination, the allowance established is simply an adjustment to (ultimately) the premium or discount, while for other loans acquired in the transaction, an allowance is established with an offset to loan loss expense at acquisition. 
2. The guidance applies to held-to-maturity debt securities, and there’s specific guidance that affects the accounting for available-for-sale debt securities as well. These will likely only come into play for institutions with private-label mortgage-backed securities and/or corporate bonds. However, some of the CECL disclosure requirements apply to securities as well; in particular, the one that caught our eye was the requirement in ASC 326-20-50-5 to disclose credit quality indicators (e.g., S&P ratings) for securities as well as loans.
3. Surprisingly, you continue to assume no change in future interest rates for purposes of establishing expected credit losses for specific variable rate loans. We think FASB may have missed the boat on this one, as resetting ARMs were one of the factors that led to the 2008 crisis that CECL is intended to be responsive to.
4. There will obviously be much, much more dialogue about these new rules, and we’ll need to begin the process of helping you understand them and prepare for implementation sooner rather than later.

Please call us if you have any questions.

When last we blogged about the Financial Accounting Standards Board’s (FASB) new “current expected credit losses” (CECL) model for estimating an allowance for loan and lease losses (ALLL), we reviewed the process for developing reasonable and supportable forecasts for use in establishing the ALLL. Once you develop those forecasts, how does that information translate into amounts to set aside for loan losses?

A portion of the ALLL will continue to be based on specifically identified loans you’re concerned about. For those loans, you will continue to establish a specific component of the ALLL based on your estimate of the loss ultimately expected on the loans.

The tricky part, of course, is estimating an ALLL for the other 99% of the loan portfolio. This is where the forecasts come in. The new rules do not prescribe a particular methodology, and banking regulators have indicated community banks will likely be able to continue with their current approach, adjusted to use appropriate inputs in a manner that complies with the CECL model. One of the biggest challenges is the expectation in CECL that the ALLL will be estimated using the institution’s historical information, to the extent available and relevant.

Following is just one of many ways  you can approach it. I’ve also included a link at the end of this article to an example illustrating this approach.

Step One: Historical Loss Factors

1. First, for a given subset of the loan portfolio (e.g., the residential loan pool), you might first break down the portfolio by the number of years remaining until expected payoff (via maturity or refinancing). This is important because, on average, a loan with seven years remaining until expected payoff will have a higher level of remaining lifetime losses than a loan with one year remaining. It therefore generally wouldn’t be appropriate to use the same loss factor for both loans.
    
2. Next, decide on a set of drivers that tend to correlate with loan losses over time. FASB has indicated it doesn’t expect highly mathematical correlation models will be necessary, especially for community banks. Instead, select factors in your bank’s experience indicative of future losses. These may include:
   • External factors, such as GDP growth, unemployment rates, and housing prices
   • Internal factors such as delinquency rates, classified asset ratios, and the percentage of loans in the portfolio for which certain policy exceptions (e.g., loan-to-value ratio or minimum credit score) were granted
      
3. Once you select this set of drivers, find an historical loss period — a period of years corresponding to the estimated remaining life of the portfolio in question — where the historical drivers best approximate those you’re expecting in the future, based on your forecasts. For that historical loss period, determine the lifetime remaining loss rates of the loans outstanding at the beginning of that period, broken down by the number of years remaining until payoff. (This may require significant data mining, especially if that historical loss period was quite a few years ago.
    
4. Apply those loss rates to the breakdown derived in (a) above, by years remaining until maturity.

   Step Two: Adjustments to Historical Loss Rates

   The CECL model requires we adjust historical loss factors for conditions that may not be adequately captured by the historical loss period analysis we’ve just described. Let’s say a particular geographical subset of your market area is significantly affected by the economic fortunes of a large employer in that area.  Based on economic trends or recent developments, you might expect that employer to have a particularly bright – or dim – future over the forecast period; accordingly, you forecast loans to borrowers in that area will have losses that differ significantly from the rest of the portfolio.

   The approach for these loans is the same as in the previous step. However:

   These loans would be segregated from the remainder of the portfolio, which would be subject to the general approach in step one. As you think through this approach, there are myriad variations and many decisions to make, such as:

   Our intent in describing this methodology is to help your CECL implementation team start the dialogue in terms of converting theoretical concepts in the CECL model to actual loans and historical experience.

   To facilitate that discussion, we’ve included a very simple example here that illustrates the steps described above. Analyzing an entire loan portfolio under the CECL model is an exponentially more complex process, but the concepts are the same — forecasting future conditions, and establishing an ALLL based on the bank’s (or, when necessary, peers’) lifetime loan loss experience under similar historical conditions.

   Given the amount of number crunching and analysis necessary, and the potentially significant increase in the ALLL that may result from a lifetime-of-loan loss model, it’s safe to say the time to start is now! If you have any questions about CECL implementation, please contact Tracy Harding or Rob Smalley.

   Other resources
   For more information on CECL, check out our other blogs:

   CECL: Where to Start
   CECL: Bank and Branch Acquisitions
   CECL: Reasonable and Supportable

   To sign up to receive notification of our next CECL update, click here.

   • In substep (c), you would focus on forecasted conditions (such as unemployment rate and changes in real estate values) in the geographical area in which the significant employer is located.
   • You would then select an historical loss period that had actual conditions for that area that best correspond to those you’ve just forecasted.
   • In substep (d), you would determine the lifetime remaining loss rates of loans outstanding at the beginning of that period.
   • In substep (e), you would apply those rates to loans in that geographic area.
   • How to break down the portfolio
   • Which conditions to analyze
   • How to analyze the conditions for correlation with historical loss periods
   • Which resulting loss factors to apply to which loans

By now, pretty much everyone in the banking industry has heard plenty of talk about CECL – the forthcoming “Current Expected Credit Loss” model of accounting for an institution’s allowance for loan losses (ALL). While the previous “Incurred Loss” model has been problematic to implement conceptually, and most of us thought CECL would improve ALL accounting and make it more comparable to how banks account for other debt instruments, it’s beginning to feel a bit like the dog who caught the car – now that we have this model, how the heck do we implement it?

The good news: We have a number of years before CECL’s effective date, and thus have some time to better understand the new rules and how to adapt an institution’s ALL model to reflect them. The bad news – the banking regulators recently announced they want banks to get cracking on this, and will expect to see some progress when they visit during upcoming exams – maybe not immediately, but likely at some point during the 2017 exam cycle.

This is the third in a series of articles addressing various aspects of this complex pronouncement. We hope that they provide you with practical advice that can help you get started on the nuts and bolts of CECL implementation.

Our previous article offered pointers on building the CECL team, brainstorming the process, and starting the data gathering conversation. In this article, we look at how to implement CECL when acquiring another bank, one or more branches of another bank, or simply a loan portfolio, such as a group of auto or credit card loans.

First, let’s remember the basics

The basic premise of CECL is that lifetime expected losses are to be booked at origination (or, in the case of an acquisition, at the acquisition date). You’ve likely heard some gnashing of teeth over the fact that this means losses are recorded “on Day One”, which many of us have some degree of conceptual difficulty with: For example, a higher risk loan will likely carry a higher yield at origination, so booking a higher level of expected losses on Day One (through the ALL) and the offsetting higher yield over the loan term (through interest income) feels like a mismatch between income and expense.

The Financial Accounting Standards Board (FASB) was sympathetic to this point, and spent a lot of time pondering it. Its international equivalent, the International Accounting Standards Board (IASB), which establishes – you guessed it – international accounting standards, actually tackled this issue by precluding Day One losses, unless they were expected to materialize within one year of origination (Day 365 losses?).

This approach, however, has led to a fairly convoluted – and challenging – model, which is already drawing a fair amount of criticism in the international community. In the end, although they had hoped to have a “converged” standard that would result in the same approach for U.S. and international institutions, FASB and the IASB decided to part company and use different models.

The short answer? We have to accept the notion of Day One losses as the price to pay for a less convoluted (but still complex to implement) model. This becomes important to remember as we look at accounting for acquisitions.

Accounting for acquisitions

Whether you’re acquiring a pool of loans, a branch, or an entire institution, the basic accounting under CECL is the same, and it’s the same (with a twist) as the accounting for originated loans: an ALL should be established for the purchase price allocated to the loans, and that ALL should reflect management’s estimate of the lifetime losses in the acquired portfolio.

Before we get into the details of how to do this, let’s take a moment to celebrate. Prior to CECL, it was not permissible to establish an initial ALL for acquired loans. Many bankers – and investors – complained that this made it difficult to compare one bank to another on metrics such as ALL coverage ratios. If one bank had a strategy that included acquisitions, and another didn’t, their ALLs would likely be quite different even if their loan portfolios and estimated incurred losses were similar. Now, with the CECL model, these two banks’ financial statements are much easier to compare.

As noted above, an ALL should be established for these loans under CECL, using the same methodology you would use for originated loans. The twist relates to what to do with the other side of the entry. The solution:

• For loans with a more-than-insignificant amount of credit deterioration since origination, the offset is to add this amount to the amount originally recorded for the purchase price allocated to the loans.

• For the rest of the acquired portfolio, the offset is to loan loss expense. That’s right, your provision is increased by the amount of ALL recorded in the transaction, except as noted in the previous bullet.

Why is this so? FASB is apparently assuming that:

• Buyers adjust the purchase price for the first item above. These loans, which we used to call “purchased – credit impaired (PCI)”, and now will call “purchased – credit deteriorated (PCD)” under CECL, are the loans with hair on them. They probably got some extra scrutiny during due diligence, thus theoretically depressing the purchase price a bit. Therefore, the amount of the purchase price allocated to loans is a lower number, and offsetting the establishment of the ALL by adding that amount to the purchase price assigned to the loans properly “grosses up” the recorded loan balance.

• Buyers don’t adjust the purchase price for other loans. This is probably true, as the lifetime losses on loans that aren’t PCD are just the cost of doing business for financial institutions. Therefore, as it is with originated loans, a big Day One provision is booked at closing.

It should be noted that the extent to which the definition of PCD loans differs from the previous definition of PCI loans depends on your interpretation of the old PCI definition. It appears clear that the new definition of PCD loans refers to loans that have specific indicators of significant credit deterioration since origination.

Let’s look at an example:

A bank buys three branches from another bank, which have total loans with a principal balance of $20 million and a fair value of $20,100,000. The portfolio includes loans with a principal balance of $1 million, and a fair value of $910,000, that are PCD.

The buyer bank determines the ALL under CECL would be $100,000 for the PCD loans and $475,000 for the rest of the acquired portfolio. Thus, the buyer bank records an ALL of $575,000. What’s the offset? As noted above:

• For the PCD loans, the offsetting $100,000 will be added to the $910,000 of purchase price allocated to those loans. As a result, these loans will have a gross amount allocated of $910,000 plus $100,000, or $1,010,000, which will then be reduced by an ALL of $100,000 on the balance sheet, for a net reported amount of $910,000 (their fair value). The difference between the gross amount assigned ($1,010,000) and the principal balance ($1 million), or $10,000, represents an implied adjustment to reflect current market interest rates, and is therefore amortized over the expected loan term through interest income.

• For the rest, the offsetting $475,000 will be an increase to the provision for loan losses, and will thus reduce income.

The last number could be a big one for institutions that do large or frequent acquisitions; thus, their balance sheets may be more comparable to other banks, but their income statements in the year of acquisition won’t be! The good news – like other acquisition costs such as legal fees and conversion expenses, this amount will be separately disclosed, so a reader can adjust for it if they believe it’s appropriate to do so.

Next time, we’ll look at the nuts and bolts of CECL’s concept of “reasonable and supportable” by considering proper documentation and controls over the ALL.

It’s Monday morning. You grab a cup of coffee and flip on the local morning news before you get ready for work. The lead story catches your attention “Local Accounts Payable Manager Steals Thousands.” Based on your experience as a board member of a nonprofit organization and the prior fraud you’ve heard about in the community, three things come into your mind:

1. The fraud involves either a nonprofit organization or local government.
2. The Board will come out and say how shocked they are – Fred has been here forever, and we trusted him!
3. The Board will state they have now put in place proper controls to ensure this will never happen again.

And you may be close to the mark. Nonprofits and governmental organizations often have a higher risk of fraudulent behavior and theft due to their limited resources and ability to implement strict fraud prevention controls. What makes these organizations so susceptible?

• They frequently run on tight or breakeven budgets, which means they have difficulty hiring enough people to implement strict internal controls.
• They often have a salary structure that is lower than that of for-profit companies, creating incentive for employees to commit theft in order to make ends meet.
• They are sometimes targeted by unscrupulous individuals who know that they likely lack the resources available to stop them.

In addition, nonprofits often seek to hire people who believe in the mission. While this can lead to tireless, dedicated employees, certain side effects of this approach may come into play and increase the risk of theft. For example:

• The passion for, and shared commitment to, the mission at many nonprofits give rise to a culture of trust. This culture of trust may cause the organization to be less likely to implement checks and balances critical to sound internal controls.
• New employees are sometimes drawn to a specific nonprofit organization because they have experienced some of the challenges which the organization was formed to address. Working for the organization may help them in some ways, but it may also create more financial strain for them or family members, increasing the chances of them committing illegal acts.

There are three elements that must be present for fraud to occur. These are the three sides of what is collectively called the fraud triangle: opportunity, incentive, and rationalization.

• Opportunity: an employee working at a nonprofit may have opportunity if they are a trusted employee and resources are limited, causing the internal controls to be less robust than they should be.
• Incentive: the incentive is in place when an employee, as mentioned above, has unexpected events happen in their life that may pressure them into committing fraud.
• Rationalization: the employee rationalizes that they need the money for their family to survive. This often starts as “I’ll just borrow the money until payday”. Unfortunately, payday arrives and the funds aren’t available to be repaid; in fact, they need to “borrow” just a little more.

Let’s be clear, though – many nonprofits, regardless of size, have appropriately designed and implemented controls that properly protect the organization from the risks of fraud.

Soon we’ll look further at the ramifications frauds can have for nonprofits and how any organization—even small nonprofits, can put certain internal controls in place, to reduce the chances they’ll be the next organization in the headline story of the morning news.

I have to say, accountants have really been taking some uncalled-for heat for causing the 2008 financial crisis. I understand the need to identify scapegoats, but when people hire mortgage brokers to originate bad loans, sell interests in those bad loans to investors, and insure it all through AIG, is it really the accountants’ fault when those loans go bad? And if the federal bank examiners missed the fact that Fannie Mae and Freddie Mac were engaged in such shenanigans, what hope do we have of being able to adequately apprise investors of such details via financial statement disclosures?

Undaunted, FASB has taken a shot at developing new requirements for banks to report information in their financial statement footnotes about their exposure to liquidity and interest rate risk. I understand the pressure FASB is under, I really do. There’s something called the Group of Twenty, consisting of the top finance officials from the 20 largest industrialized countries, that’s been pressuring FASB to improve accounting rules in a manner that will somehow prevent future financial meltdowns. To me, the Group of Twenty sounds uncomfortably similar to the Gang of Four, which ran China with an iron fist back in the Sixties and Seventies, so, if I were FASB, this group would make me nervous, too.

On the surface, it seems reasonable to expect that more information about liquidity and interest rate risk experienced by banks would be a good thing, as these are probably the two risks you hear about most when banks fail. Dig deeper, though, and two points about these new proposed disclosures become apparent:

1. Most of this information is already available to users, through SEC and bank regulatory filings.
2. To the extent it isn’t, that’s because no one uses the information, not even management of the banks!

It would be interesting to look back at some of the banks that failed during the recent recession, identify which of the proposed disclosures weren’t already available to investors and regulators, and decide whether anyone would have reacted differently if they were. Or was it simply the case that bad business decisions were made, and, when that happens, companies go under? And when recessions hit, sometimes banks fail?

I remember a TV interview during the height of the 2008 crisis, in which the focus was on blaming stock analysts (they hadn’t gotten around to accountants yet). The interviewer asked, “How many stock analysts do we have to hang on Wall Street before they all get the message?” The expert he was interviewing said, “Probably just one.” I’m guessing that holds true for accountants, too. There are already rules in place to disclose significant risks, concentrations, obligations of the institution, and the like. If Lehman Brothers and AIG don’t follow them, appropriate sanctions (I’m not advocating hanging, mind you) should follow; we can pass more rules, but if they didn’t comply with the existing rules, what makes us think they’ll follow the new ones?

If you have questions, please reach out to Tyler Butler or Tracy Harding.