In June 2016, the Financial Accounting Standards Board (FASB) issued an Accounting Standards Update designed to give investors and other financial statement users more timely information about credit losses on loans.
Under the Accounting Standards Update (ASU), all banks and financial institutions that issue loans or lines of credit must now predict and report the full amount of their future credit losses in their loan portfolios, using information from their previous experience, current conditions and reasonable and supportable forecasts.
Banks and other financial institutions will still be able to use many of the same loss estimation techniques they already use, however, the time frame for reporting anticipated losses will change under the ASU.
Intertwining Risk, Finance and IT Departments
The ASU is more forward-thinking than any other standard in history. It will require banks and other institutions to review and evaluate large amounts of data and apply their own judgment in making determinations about what potential future losses to report and when to report them.
While the risk department in some organizations already works closely with the finance and IT functions, the ASU will see them become even more intertwined. Decisions about what data to incorporate and determinations about how to calculate and report anticipated losses will need to be factored into the IT department’s strategic planning and budgeting process.
The internal audit and risk/compliance functions will also need to conduct risk assessments, develop and implement tracking mechanisms and perform periodic testing in order to ensure the organization is in compliance with the new standard.
For some community banks, the updated standard raises some potential concerns, as executives have questioned whether their institutions will be able to effectively meet the new mandate without the same resources larger, national financial institutions typically have at their disposal.
3 Tips to Prepare for the Updated Standards
The new requirement is not effective immediately. In fact, early application won’t begin until fiscal years beginning after December 15, 2018. So organizations have some time to plan ahead to meet the ASU's requirements.
Here are three tips to help ensure your organization is on the path toward compliance:
1. Start the Discussions Now.
Don’t be lulled into a false sense of security because the compliance deadline is years away; the FASB has provided time for banks and other financial institutions to comply - institutions should make the most of that time.
Meet with internal stakeholders and other decision-makers now to plan the scope of the project. This initial meeting should include key personnel from the finance, risk and IT departments. Your plan should include timelines with key deliverables and dates, a plan to educate personnel on the changes, and a realistic budget for the project.
When preparing your project plan, it is also important to consider other current and anticipated projects, including IT, security or compliance initiatives, and to coordinate projects and personnel as much as possible.
Failing to consider other key initiatives could inadvertently result in increased personnel costs and an increased level of risk to the organization if timelines are not met. For example, instead of redirecting personnel from penetration testing to work on the new accounting standard, be sure to plan to cover both initiatives so your institution isn’t inadvertently more vulnerable to attack because your attentions are elsewhere.
The ultimate goal should be to roll out any changes needed to comply with the ASU while minimizing impact on other initiatives to the greatest extent possible.
2. Assess Risk Models.
Reviewing your existing internal risk models periodically is a good business practice no matter what. In the context of the ASU, it is even more critical to do so.
Use your current models as a starting point. How do those models compare to what will be required under the new standard?
3. Identify Gaps in Systems and Processes.
Now is also the time to take a close look at all of your systems and processes, including both internally developed systems and third-party technology tools, with an eye toward identifying gaps in the systems’ data, accounting processes or IT capabilities. Consider current SOC reporting, and review providers’ reports carefully.
Where are your current systems adequate, and where do you need to expend additional resources to bring them up to compliance? You will need to have a robust data-quality process that allows for capturing, extracting and testing data needed for making expected credit loss determinations.
This analysis and planning is a critical step in preparing your institution for compliance with the ASU. By taking a proactive approach to financial compliance assurance, you can design an implementation plan truly tailored for your bank’s needs and balance sheet, rather than being reactive and adopting a plan designed for a different organizational structure.
Ensure Your Institution Has Needed Support
Meeting the new reporting and disclosure requirements under the ASU will not be without cost because it touches so many functions. For smaller institutions, one of the biggest challenges will be finding a way to balance and coordinate compliance initiatives with other ongoing, and equally necessary, projects.
At Vala Secure, we understand that many financial institutions will struggle with the potential cost of compliance with the ASU requirement. We offer a full range of strategic consulting, virtual compliance, and information security services designed to help organizations achieve and maintain regulatory compliance without having to add additional full-time staff positions.