Internal Audit and Compliance Insights - Home | Elliott Davisserve you. More than 100 banks in the...
Transcript of Internal Audit and Compliance Insights - Home | Elliott Davisserve you. More than 100 banks in the...
8:30 am - 9:00 am
Registra on & Con nental Breakfast
9:00 am - 9:05 am Welcome Jason Caskey, Financial Services Prac ce Chair, Ellio Davis
9:05 am - 9:30 am
Accoun ng & Audi ng Update—Let’s talk about CECL Lee Haynes, Shareholder, Ellio Davis
9:30 am - 10:30 am
Compliance Update Christopher Purvis, Senior Manager, Ellio Davis
10:30 am - 10:45 am Break
10:45 am - 11:15 am
COSO 2013: Implementa on Strategies For This New Framework Jay Brietz, Senior Manager, Ellio Davis
11:15 am - 12:20 pm
Cybersecurity and Risks Associated with IT Richard Cook, Senior Manager, Ellio Davis
12:20 pm - 1:00 pm Lunch
1:00 pm - 1:30 pm Interest Rate Risk / Liquidity Risk Mark Rufail, Senior Manager, Ellio Davis
1:30 pm - 2:00 pm Vendor Management Program Best Prac ces Karen Neely Louis, A orney, Bryan Cave
2:00 pm - 3:00 pm
Internal Audit / Compliance Panel Jason Caskey — Moderator Elaine Crawford, Senior Vice President—Director of Internal Audit, Park Sterling Bank Karen McCauley, Internal Auditor, First Community Bank Wendy Workman, AVP-Internal Audit Manager, The Palme o Bank
Internal Audit and Compliance Insights Tuesday, May 6, 2014
Columbia Metropolitan Conven on Center—Columbia, South Carolina
AGENDA
el l iottdav is .com ©ElliottDavisLLC©ElliottDavisPLLC
F inanc ia l Ser v ices - 360° Industr y Perspect ive
ARE YOU. . .Concernedaboutrisk?Consideringamergeroracquisition?Interestedinpreservingyourcapital?Lookingforstrategiestomanageeffectivetaxrates?StrugglingtostayabreastofcomplexSECreportingandregulations?Searchingforaresourcetoassistwithever-changingaccountingstandards?
ElliottDavisisamemberofTheLeadingEdgeAlliance,aworldwideassociationofindependentlyownedaccountingfirms.
SOLUTIONS
Assurance• Auditservices• Financialstatementpreparation
Non-Audit Ser v ices• BankSecrecyActcompliancereviews• Informationsystemaudits• Independentloanreviews• Outsourcedinternalaudit• SSAENo.16reports• ALLLvalidation
Tax• Incometaxpreparationandplanning• Stateandlocaltaxservices• Taxestimates• Evaluationofdeferredtaxasset
SEC Re lated Ser v ices• Preparationof10-Qsand10-Ks• SECregistrationandcompliance• SOX404documentationandtesting
Consul t ing• ALCOmodeltesting• Businessvaluationservices• Costsegregationstudies• Directortraining• Loananddepositcompliance•Managementandregulatoryservices•Mergersandacquisitions• Strategicplanning• Stockcompensationcalculations• Compliancewithenforcementactions
The banking industry is complex and rapidly evolving. You deserve the right team with the right leadership to serve you. More than 100 banks in the Southeast, large and small, depend on Elliott Davis’ Financial Services Practice for personal attention, industry experience and services including external and internal audit, SEC reporting, taxation and compliance. With a 60-year reputation and a team of 90 professionals serving financial institutions, we help banks operate stronger, wiser, better.
F INANCIAL SERVICES
Financial Services Shareholder Contact Informa on
Bob Beckwith, CPA Shareholder Direct: 864.552.4763 E-mail: rbeckwith@ellio davis.com
Paul Picke , CPA Shareholder Direct: 804.887.2256 E-mail: ppicke @ellio davis.com
Garry A. Rank, CPA Shareholder Direct: 864.242.2638 E-mail: grank@ellio davis.com
Barbara Rushing, CPA Shareholder Direct: 864.242.2625 E-mail: brushing@ellio davis.com
Jason Caskey, CPA Financial Services Prac ce Leader Direct: 803.255.1203 E-mail: jcaskey@ellio davis.com
Stacy Stokes, CPA Shareholder Direct: 803.255.1472 E-mail: sstokes@ellio davis.com
Lee Haynes, CPA Shareholder Direct: 704.808.5208 E-mail: lhaynes@ellio davis.com
Andy Mitchell, CPA Shareholder Direct: 864.242.2691 E-mail: amitchell@ellio davis.com
Beverly A. Seier, CPA, CPCU Shareholder Direct: 803.255.1214 E-mail: bseier@ellio davis.com
Bill Bossong, CPA, CBA Shareholder Direct: 803.255.1497 E-mail: wbossong@ellio davis.com
George Noonan, CPA Shareholder Direct: 704.808.5293 E-mail: gnoonan@ellio davis.com
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Accounting & Auditing Update Let’s Talk About CECL Risk Management and Internal Audit Seminar
2 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
This material was used by Elliott Davis during an oral presentation; it is not a complete record of the discussion. This presentation is for informational purposes and does not contain or convey specific advice. It should not be used or relied upon in regard to any particular situation or circumstances without first consulting the appropriate advisor. No part of the presentation may be circulated, quoted, or reproduced for distribution without prior written approval from Elliott Davis.
2014 Accounting & Auditing Update
AGENDA • Accounting Standards Updates (ASUs)
- ASUs 2014-01 through 2014-08
• Financial Instruments – Impairment (CECL Model) - Background - FASB’s Stated Measurement Objective - Scope - Key Concepts - Implementation Considerations
3 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update
4 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Accounting Standards Updates (ASUs)
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASUs ISSUED IN 2014 • ASU 2014-01 – Accounting for Investments in Qualified Affordable Housing Projects (a
consensus of the EITF)
• ASU 2014-02 – Accounting for Goodwill (a consensus of the PCC)
• ASU 2014-03 – Accounting for Certain Receive-Variable, Pay-Fixed Interest Rate Swaps—Simplified Hedge Accounting Approach (a consensus of the PCC)
• ASU 2014-04 – Reclassification of Residential Real Estate Collateralized Consumer Mortgage Loans upon Foreclosure (a consensus of the EITF)
• ASU 2014-05 –Service Concession Arrangements (a consensus of the EITF)
• ASU 2014-06 – Technical Corrections and Improvements Related to Glossary Terms
• ASU 2014-07 – Applying Variable Interest Entities Guidance to Common Control Leasing Arrangements (a consensus of the PCC)
• ASU 2014-08 – Reporting Discontinued Operations and Disclosures of Disposals of Components of an Entity
5 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
PRIVATE COMPANY COUNCIL • The Financial Accounting Foundation (“FAF”) Board of
Trustees has established the Private Company Council (“PCC”) in an effort to improve the process of setting accounting standards for private companies.
• Intended to put in place a system for recognizing differences in the needs of public and private company financial statement users and preparers that will avoid creation of a ‘two-GAAP’ system.
6 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
7 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
ASU No. 2014-02 Accounting for Goodwill (a consensus of the PCC)
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASU 2014-02 – Accounting for Goodwill • Issued on January 16, 2014 • Allows an accounting alternative for the subsequent
measurement of goodwill for private companies. • If elected, the accounting alternative requires the entity
to amortize goodwill on a straight-line basis over 10 years, or less than 10 years if the entity demonstrates that another useful life is more appropriate.
8 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
9 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
ASU No. 2014-03 Accounting for Certain Receive-Variable, Pay-Fixed Interest Rate
Swaps—Simplified Hedge Accounting Approach
(a consensus of the PCC)
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASU 2014-03 – Accounting for Certain Receive-Variable, Pay-Fixed Interest Rate Swaps—Simplified Hedge Accounting Approach
• Issued on January 16, 2014 • Provide an additional hedge accounting alternative to
private companies that are not financial institutions (simplified hedge accounting approach) for certain types of swaps if certain conditions are met.
• This accounting alternative is not available to financial institutions
10 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
11 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
ASU No. 2014-07 Applying Variable Interest Entities
Guidance to Common Control Leasing Arrangements
(a consensus of the PCC)
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASU 2014-07 – Applying Variable Interest Entities Guidance to Common Control Leasing Arrangements
• Issued on March 20, 2014 • Allows a private company to elect—when certain
conditions exist—not to apply VIE guidance to a lessor under common control
• Requires certain disclosures about the lessor and the leasing arrangement
12 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASUs ISSUED IN 2014 • ASU 2014-01 – Accounting for Investments in Qualified Affordable Housing Projects (a
consensus of the EITF)
• ASU 2014-02 – Accounting for Goodwill (a consensus of the PCC)
• ASU 2014-03 – Accounting for Certain Receive-Variable, Pay-Fixed Interest Rate Swaps—Simplified Hedge Accounting Approach (a consensus of the PCC)
• ASU 2014-04 – Reclassification of Residential Real Estate Collateralized Consumer Mortgage Loans upon Foreclosure (a consensus of the EITF)
• ASU 2014-05 –Service Concession Arrangements (a consensus of the EITF)
• ASU 2014-06 – Technical Corrections and Improvements Related to Glossary Terms
• ASU 2014-07 – Applying Variable Interest Entities Guidance to Common Control Leasing Arrangements (a consensus of the PCC)
• ASU 2014-08 – Reporting Discontinued Operations and Disclosures of Disposals of Components of an Entity
13 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
14 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
ASU No. 2014-01 Accounting for Investments in Qualified Affordable Housing
Projects (a consensus of the EITF)
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASU 2014-01 – Accounting for Investments in Qualified Affordable Housing Projects
• Issued on January 15, 2014
• Provides guidance on accounting for investments by a reporting entity in flow-through limited liability entities that manage or invest in affordable housing projects that qualify for the low-income housing tax credit.
• The ASU permits reporting entities to make an accounting policy election to account for their investments in qualified affordable housing projects using the proportional amortization method if certain conditions are met.
15 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASU 2014-01 – Accounting for Investments in Qualified Affordable Housing Projects
• Under the proportional amortization method, an entity amortizes the initial cost of the investment in proportion to the tax credits and other tax benefits received and recognizes the net investment performance in the income statement as a component of income tax expense (benefit).
• If elected, must be applied consistently to all qualifying affordable housing project investments rather than a decision to be applied to individual investments.
16 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
17 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
ASU No. 2014-04 Reclassification of Residential Real
Estate Collateralized Consumer Mortgage Loans upon Foreclosure
(a consensus of the EITF)
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASU 2014-04 – Reclassification of Residential Real Estate Collateralized Consumer Mortgage Loans upon Foreclosure
• Issued on January 17, 2014 • Clarifies when an in substance repossession or
foreclosure occurs: - Specifically, a creditor is considered to have received physical
possession of residential real estate property collateralizing a consumer mortgage loan, upon either (1) obtaining legal title upon completion of a foreclosure or (2) obtaining interest in the property in satisfaction of the loan through a deed in lieu of foreclosure or through a similar legal agreement.
18 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASU 2014-04 – Reclassification of Residential Real Estate Collateralized Consumer Mortgage Loans upon Foreclosure
• Additionally, the ASU requires interim and annual disclosure of both
- the amount of foreclosed real estate held and - the recorded investment in mortgage loans collateralized by
residential real estate property that are in the process of foreclosure according to local requirements of the applicable jurisdiction
19 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
20 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
ASU No. 2014-05 Service Concession Arrangements
(a consensus of the EITF)
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASU 2014-05 –Service Concession Arrangements • Issued on January 23, 2014 • Specifies that an operating entity should not account for
a service concession arrangement as a lease • The amendments also specify that the infrastructure
used in a service concession arrangement should not be recognized as property, plant, and equipment
NOTE: A service concession arrangement is an arrangement between a public-sector entity grantor and an operating entity under which the operating entity operates the grantor’s infrastructure (for example, airports, roads, and bridges)
21 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
22 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
ASU No. 2014-08 Reporting Discontinued Operations
and Disclosures of Disposals of Components of an Entity
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASU 2014-08 – Reporting Discontinued Operations and Disclosures of Disposals of Components of an Entity
• Issued on April 10, 2014 • Requires that only disposals representing a strategic
shift in operations should be presented as discontinued operations
• Requires expanded disclosures about discontinued operations
• Requires disclosure of the pre-tax income attributable to a disposal of a significant part of an organization that does not qualify for discontinued operations reporting
23 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASUs ISSUED IN 2014 • ASU 2014-01 – Accounting for Investments in Qualified Affordable Housing Projects (a
consensus of the EITF)
• ASU 2014-02 – Accounting for Goodwill (a consensus of the PCC)
• ASU 2014-03 – Accounting for Certain Receive-Variable, Pay-Fixed Interest Rate Swaps—Simplified Hedge Accounting Approach (a consensus of the PCC)
• ASU 2014-04 – Reclassification of Residential Real Estate Collateralized Consumer Mortgage Loans upon Foreclosure (a consensus of the EITF)
• ASU 2014-05 –Service Concession Arrangements (a consensus of the EITF)
• ASU 2014-06 – Technical Corrections and Improvements Related to Glossary Terms
• ASU 2014-07 – Applying Variable Interest Entities Guidance to Common Control Leasing Arrangements (a consensus of the PCC)
• ASU 2014-08 – Reporting Discontinued Operations and Disclosures of Disposals of Components of an Entity
24 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
25 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
ASU No. 2014-06 Technical Corrections and
Improvements Related to Glossary Terms
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
ASU 2014-06 – Technical Corrections and Improvements Related to Glossary Terms
• Issued on March 14, 2014 • Contains amendments related to the Master Glossary,
including: - technical corrections related to glossary links - changes to glossary terms - conforming the definition selected terms appearing in the
Master Glossary
26 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
EFFECTIVE DATES
27 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Public Companies Private CompaniesASU 2013-02 Comprehensive Income (Topic 220): Reporting of
Amounts Reclassified Out of Accumulated Other Comprehensive Income
Already effective Effective for reporting periods beginning after December 15, 2013*
ASU 2013-04 Liabilities (Topic 405): Obligations Resulting from Joint and Several Liability Arrangements for Which the Total Amount of the Obligation Is Fixed at the Reporting Date (a consensus of the FASB Emerging Issues Task Force)
Effective for fiscal years (including interim periods) beginning after December 15, 2013*
Effective for fiscal years ending after December 15, 2014, and interim and annual periods thereafter*
ASU 2013-11 Income Taxes (Topic 740): Presentation of an Unrecognized Tax Benefit When a Net Operating Loss Carryforward, a Similar Tax Loss, or a Tax Credit Carryforward Exists (a consensus of the FASB Emerging Issues Task Force)
Fiscal years (including interim periods) beginning after December 15, 2013*
Fiscal years (including interim periods) beginning after December 15, 2014*
ASU 2014-01 Investments—Equity Method and Joint Ventures (Topic 323): Accounting for Investments in Qualified Affordable Housing Projects (a consensus of the FASB Emerging Issues Task Force)
Effective for annual periods and interim reporting periods within those annual periods, beginning after December 15, 2014*
Effective for annual periods beginning after December 15, 2014 and interim periods within annual reporting periods beginning after December 15, 2015*
ASU 2014-02 Intangibles—Goodwill and Other (Topic 350): Accounting for Goodwill (a consensus of the Private Company Council)
N/A – PCC issue – only applies to private companies
Effective for annual periods beginning after December 15, 2014 and interim periods within annual periods beginning after December 15, 2015*
ASU Number DescriptionEffective Dates
* Early adoption permitted.
2014 Accounting & Auditing Update Accounting Standards Updates (ASUs)
EFFECTIVE DATES
28 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Public Companies Private CompaniesASU 2014-04 Receivables—Troubled Debt Restructurings by
Creditors (Subtopic 310-40): Reclassification of Residential Real Estate Collateralized Consumer Mortgage Loans upon Foreclosure (a consensus of the FASB Emerging Issues Task Force)
Effective for annual periods, and interim periods within those annual periods beginning after December 15, 2014*
Effective for annual periods beginning after December 15, 2014 and interim periods within annual periods beginning after December 15, 2015*
ASU 2014-06 Technical Corrections and Improvements Related to Glossary Terms
Effective upon issuance Effective upon issuance
ASU 2014-07 Consolidation (Topic 810): Applying Variable Interest Entities Guidance to Common Control Leasing Arrangements (a consensus of the Private Company Council)
N/A – PCC issue – only applies to private companies
Effective for annual periods beginning after December 15, 2014 and interim periods within annual periods beginning after December 15, 2015*
ASU 2014-08 Reporting Discontinued Operations and Disclosures of Disposals of Components of an Entity
Effective for transactions occur within annual periods beginning on or after December 15, 2014, and interim periods within those years
Effective for transactions occur within annual periods beginning on or after December 15, 2014, and interim periods within annual periods beginning on or after December 15, 2015
ASU Number DescriptionEffective Dates
* Early adoption permitted.
2014 Accounting & Auditing Update
29 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Financial Instruments – Impairment
(CECL Model)
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
30 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Proposed ASU No. 2012-260
Financial Instruments – Impairment
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
BACKGROUND • After the financial crisis, the Financial Crisis Advisory Group
(“FCAG”) asked to consider how improvements in financial reporting could enhance investors’ confidence in financial markets and noted the following related to accounting standards and their application:
- Identified weaknesses in today’s model for estimating credit losses (“Incurred Loss” model)
• “Probable incurred” loss threshold that was seen as delaying recognition of losses
- Identified weaknesses in existing accounting standards resulting from the inherent complexity of having multiple credit impairment models
• Exposure Draft issued December 20, 2012 31 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
FASB’s STATED MEASUREMENT OBJECTIVE • Current estimate of all contractual cash flows not expected
to be collected - For financial instruments whose objective to hold the financial
instruments for the collection of contractual cash flows, the FASB believes that the amortized cost measurement objective is consistent with the way an entity expects to realize cash flows from the assets, namely by holding the instrument for the collection of contractual cash flows.
- That amortized cost objective is to reflect the present value of cash flows that an entity expects to collect.
32 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
FASB’s STATED MEASUREMENT OBJECTIVE • Current estimate of all contractual cash flows not expected
to be collected - The FASB believes the proposed guidance achieves that
objective through the combined effect of a) the proposed guidance on classification and measurement
that would result in measurement of the amortized cost basis of the financial asset at a present value, based on contractual cash flows and
b) the proposed guidance on credit losses that would result in an allowance for credit losses at a present value, based on contractual cash flows not expected to be collected, both discounted at the effective interest rate.
33 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
SCOPE • CURRENT EXPECTED CREDIT LOSSES (“CECL”) MODEL
- Replaces multiple impairment models that exist in U.S. GAAP:
• Allowance for loan losses • Other-than-temporary impairment • ASC 310-30 (SOP 03-3) • ASC 325-40 (EITF 99-20)
- Depending on the nature of the financial asset, under current guidance a credit loss must either be probable or other than temporary before recognition. The proposal eliminates the “probable” recognition threshold on credit losses.
34 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
SCOPE • CURRENT EXPECTED CREDIT LOSSES (“CECL”) MODEL
- Applies to all entities, both public and nonpublic. - Must be applied to financial assets not accounted for at
fair value through net income (FV-NI) and exposed to potential credit risk would be affected by the proposed amendments:
• Financial assets measured at amortized cost • Financial assets measured at fair value with qualifying changes in
fair value recognized in other comprehensive income (FV-OCI) - Does not apply to financial assets accounted for at fair
value through net income (FV-NI) 35 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
SCOPE • CURRENT EXPECTED CREDIT LOSSES (“CECL”) MODEL
- Applies to: • Debt instruments • Securities measured at amortized cost and fair value
(FV-OCI) • Trade receivables • Loans • Loan commitments • Leases • Reinsurance receivables
36 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
SCOPE • CURRENT EXPECTED CREDIT LOSSES (“CECL”) MODEL
- For financial assets measured at fair value with qualifying changes in fair value recognized in other comprehensive income (FV-OCI), expected credit losses should be recognized as follows:
1) An entity should not recognize expected credit losses if the financial asset’s fair value equals or exceeds its amortized cost basis.
2) If the financial asset’s fair value is less than its amortized cost basis, an entity should recognize expected credit losses in net income determined under the CECL model but limited to the difference between the financial asset’s fair value and its amortized cost basis.
37 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
SCOPE • CURRENT EXPECTED CREDIT LOSSES (“CECL”) MODEL
- For both financial assets measured at amortized cost and financial assets measured at FV-OCI, the FASB plans to discuss at a future meeting whether expected credit losses recognized should be the entire difference between fair value and amortized cost when:
1) an entity subsequently identifies a financial asset for sale 2) it is more likely than not the entity will be required to sell
a financial asset before recovery of its amortized cost basis
38 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
KEY CONCEPTS • General “principles” that must be considered
- The entire contractual term of the financial asset - Internal and external information that is relevant to the
collectability of a financial asset’s remaining contractual cash flows
- Time value of money - Both the possibility that a credit loss will occur and the
possibility that no credit loss will occur - Whether and how much credit enhancements (other
than freestanding contracts) mitigate expected credit losses on financial assets
39 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
KEY CONCEPTS • Broadens information that must be considered
- Past events - Current conditions - Reasonable and supportable forecasts - Internal and external
• Quantitative and qualitative factors specific to borrower • Current economic environment of entity • Current point and forecasted direction of economic cycle
40 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
KEY CONCEPTS • Intended to leverage existing internal credit risk
management tools and systems; however, inputs to the measurement will change
• No specific guidance as to whether credit losses should be measured on an individual or collective (pool) basis
41 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
KEY CONCEPTS • Estimate shall reflect time value of money
- Example: discounted cash flow - Other methods implicitly consider time value of money such as
loss-rate, roll-rate, probability-of-default, and provision matrix - FV of collateral permitted for collateral dependent financial
assets
• Neither a best case or worst case scenario - Must reflect both the possibility that a credit loss will occur and
the possibility that no credit loss will occur - Cannot be based solely on the most likely outcome - Probability-weighted approach not required
42 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
KEY CONCEPTS • Permitted to measure impairment based on the fair
value of collateral less cost to sell when repayment is expected to be provided “primarily or substantially through the operation of the collateral by the lender or sale of the collateral.”
43 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
KEY CONCEPTS • Eliminates ASC 310-30 (SOP 03-3) in its entirety • May assess PCI definition at individual asset or pool basis • Day 1 – recognize allowance based on management’s current
estimate of contractual cash flows that the entity does not expect to collect
- Balance sheet grossed up - Bifurcate discount between credit and non credit
• Day 2 – favorable and unfavorable changes in the allowance recognized immediately through provision for credit losses
- Follow same measurement approach as originated and non-PCI assets
44 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
KEY CONCEPTS • The FASB has decided not to expand the PCI approach,
as proposed in the proposed ASU, to other financial assets.
• The FASB has also decided to include in the CECL Model a requirement that the non-credit-related discount or premium resulting from acquiring a pool of PCI financial assets should be allocated to each individual financial asset.
45 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
KEY CONCEPTS • Debt Securities
- Would record an allowance for credit losses (vs. current US GAAP which requires an adjustment to the amortized cost when there is OTTI)
• An entity may elect, as a practical expedient, not to recognize expected credit losses for FV-OCI financial assets if both:
- Fair value exceeds amortized cost - Expected credit losses are insignificant
46 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
KEY CONCEPTS • In measuring the expected credit losses:
1)An entity should revert to a historical average loss experience for the future periods beyond which the entity is able to make or obtain reasonable and supportable forecasts.
2)An entity should consider all contractual cash flows over the life of the related financial assets.
3)When determining the contractual cash flows and the life of the related financial assets:
a) An entity should consider expected prepayments b) An entity should not consider expected extensions, renewals, and
modifications unless the entity reasonably expects that it will execute a troubled debt restructuring with a borrower.
47 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
KEY CONCEPTS • In measuring the expected credit losses:
4)An entity’s estimate of expected credit losses should always reflect the risk of loss, even when that risk is remote. However, an entity would not be required to recognize a loss on a financial asset in which the risk of nonpayment is greater than zero yet the amount of loss would be zero.
5) In addition to using a discounted cash flow model to estimate expected credit losses, an entity would not be prohibited from developing an estimate of credit losses using loss-rate methods, probability-of-default methods, or a provision matrix using loss factors.
48 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
KEY CONCEPTS • Charge-off—The proposed ASU carries forward the existing
requirements that a charge-off should be recorded when there is no reasonable expectation of future recovery
• Nonaccrual—The FASB decided to exclude the proposed nonaccrual guidance from the CECL Model.
• TDRs—The FASB decided that the TDR classification remains relevant under the CECL model. In addition, the FASB decided to revise the CECL Model to require that, in certain TDRs, an entity may be required to increase the cost basis of the restructured financial asset through a corresponding increase in the entity’s allowance for expected credit losses.
• Disclosures—Will require expanded disclosures 49 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
KEY CONCEPTS • Expected to be finalized during the 2nd half of 2014 • Effective date
- To be determined • Transition
- Cumulative-effect adjustment to the statement of financial position as of the beginning of the first reporting period in which the guidance is effective
- No early adoption
50 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
IMPLEMENTATION CONSIDERATIONS • Improve Data Collection
- Begin gathering data now to ensure access to the right data and to establish processes to collect information on an ongoing basis:
• Specifically, loan-level data such as: - historical balances - risk ratings - charge-offs and recoveries
• Additionally, other data that could be correlated to loan losses such as:
- national, regional and local economic data - borrower financial data - real estate metrics such as price indexes
51 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Accounting & Auditing Update Financial Instruments – Impairment (CECL Model)
IMPLEMENTATION CONSIDERATIONS • Begin Planning for Potential Impact on Capital Levels
- Most analysts and bankers believe that the CECL model will increase an institution’s allowance reserve.
- If this is correct, this will require a one-time capital adjustment.
- Institutions should take proactive steps to increase capital in advance of the changes
52 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Questions?
53 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Contact Information
54 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Lee Haynes Email: [email protected] Phone: 704.808.5208 Website: www.elliottdavis.com
Elliott Davis, LLC/PLLC is one of the largest accounting, tax and consulting services firms in the Southeast and ranks among the top 50 CPA firms in the U.S. With offices in SC, NC, GA and VA, the firm provides clients across a wide range of industries with smart, customized solutions and its people with rewarding opportunities. Founded in 1925, Elliott Davis is a member of The Leading Edge Alliance, an international professional association of independently owned accounting firms based in the U.S. and is strategically aligned with LEA Europe and LEA Asia Pacific, a worldwide network of more than 450 offices in 100 countries around the globe. For more information about Elliott Davis and its services, visit http://www.elliottdavis.com.
Compliance Update
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Christopher R. Purvis, CPA Audit Senior Manager Sara N. Kollien, CPA Audit Manager
This material was used by Elliott Davis during an oral presentation; it is not a complete record of the discussion. This presentation is for informational purposes and does not contain or convey specific advice. It should not be used or relied upon in regard to any particular situation or circumstances without first consulting the appropriate advisor. No part of the presentation may be circulated, quoted, or reproduced for distribution without prior written approval from Elliott Davis.
2 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Agenda
I. Dodd-Frank Update – Regulation B, Regulation Z
and RESPA II. UDAAP
3 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
Dodd-Frank Act
Rulemaking Status Update • A total of 280 rulemaking deadlines have passed. This is 70.4% of the 398
total rulemaking requirements, and 100% of the 280 rulemaking requirements with specified deadlines.
• Of these 280 passed deadlines, 128 (45.7%) have been missed and 152 (54.3%) have been met with finalized rules. Regulators have not yet released proposals for 44 of the 128 missed rules.
• Of the 398 total rulemaking requirements, 206 (51.8%) have been met with finalized rules and rules have been proposed that would meet 94 (23.6%) more. Rules have not yet been proposed to meet 98 (24.6%) rulemaking requirements.
4 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
1) Equal Credit Opportunity Act (Regulation B) Disclosure and Delivery Requirements for Copies of Appraisals and Other Written Valuations
2) Appraisals for Higher-Priced Mortgage Loans (“HPMLs”) (Regulation Z)
3) Escrow Requirements for HPMLs (Regulation Z)
4) High-Cost Mortgages: Requirements and Prohibited Acts or Practices (Regulation Z)
5) Homeownership Counseling Amendments (RESPA)
5 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
6) Loan Originator Compensation Requirements (Regulation Z)
7) Ability to Repay Determination Requirements (Regulation Z)
8) Mortgage Servicing Rules (Regulation Z)
9) Mortgage Servicing Rules (RESPA)
6 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
1) Equal Credit Opportunity Act (Regulation B) Disclosure and Delivery Requirements for Copies of Appraisals and Other Written Valuations
Requires creditors to:
1. Notify applicants of their right to receive a copy of appraisals developed; 2. Provide applicants a copy of each appraisal or “other written valuation;” 3. Permit applicants to waive the timing requirement for providing those
copies; and 4. Prohibits creditors from charging for the copy of the appraisals and other
written valuations.
7 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
1) Equal Credit Opportunity Act (Regulation B) Disclosure and Delivery Requirements for Copies of Appraisals and Other Written Valuations
Other Written Valuations – Any estimate of the value of a dwelling developed in
connection with an application for credit.
8 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
1. Report prepared by an appraiser 1. Publicly available lists of valuations
2. Document prepared by the creditor’s staff that assigns value to the property
2. Governmental agency statements of appraised value that are publicly available
3. Report approved by a government-sponsored enterprise for describing to the applicant the estimate of the property’s value
3. Reports reflecting property inspections that do not provide an estimate of the value of the property and are not used to develop an estimate of the property
4. Report generated by use of an automated valuation model to estimate the property’s value
4. Internal documents that merely restate the estimated value of the dwelling contained in an appraisal
5. Broker Price Opinion 5. Manufacturer’s invoices for manufactured homes
Written Valuations Not Written Valuations
I. Dodd-Frank Update
2) Appraisals for Higher-Priced Mortgage Loans (“HPMLs”) (Regulation Z) General Rule: A creditor cannot extend a HPML to a consumer without obtaining, prior to consummation, a written appraisal of the property to be mortgaged. Note: The appraisal must be performed by a certified or licensed appraiser who conducts a physical visit of the interior of the property that will secure the transaction.
9 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
2) Appraisals for Higher-Priced Mortgage Loans (“HPMLs”) (Regulation Z) Additional Appraisal Requirements for Certain HPMLs - Two written appraisals are required in the following cases:
1) The seller acquired the property 90 or fewer days prior to the contract date and the price in the contract exceeds the seller’s purchase price by more than 10%; or
2) The seller acquired the property 91 to 180 days prior to the contract date and the price in the contract exceeds the seller’s purchase price by more than 20%.
10 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
2) Appraisals for Higher-Priced Mortgage Loans (“HPMLs”) (Regulation Z) Disclosure Requirements 1) Application Disclosure (3 days after application date) - “We may order an appraisal to determine the property’s value and charge you for
this appraisal. We will give you a copy of any appraisal, even if your loan does not close. You can pay for an additional appraisal for your own use at your own cost.”
2) Copy of Appraisal - A creditor must provide to the consumer a copy of any written appraisal performed
in connection with a HPML subject to the appraisal requirements. - Timing:
- No later than 3 business days prior to consummation of the loan; or - No later than 30 days after the creditor determines that the loan will not be consummated.
11 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
3) Escrow Requirements for HPMLs (Regulation Z)
Summary: 1) Amends the existing rule that creditors establish and maintain escrow accounts
for at least one year after originating a HPML to require generally that the accounts be maintained for at least five years
2) Creates an exemption from the escrow requirements for small creditors that operate predominantly in rural or underserved areas
3) Expands upon an existing exemption from escrowing for insurance premiums for condo units to extend the partial exemption to other situations in which an individual consumer’s property is covered by a master policy
4) Revised the definition of HPML
12 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
4) High-Cost Mortgages: Requirements and Prohibited Acts or Practices (Regulation Z)
High-Cost Mortgage: Consumer credit transaction that is secured by the consumer’s principal dwelling that meets any one of the following three tests: 1) APR Test: The APR will exceed the average prime offer rate (“APOR”) for a comparable transaction by more than:
- 6.5 percentage points for a first lien transaction other than one where the dwelling is a personal property and the loan amount is less than $50k;
- 8.5 percentage points for a first lien transaction if the dwelling is personal property and the loan amount is less than $50,000; or
- 8.5 percentage points for a subordinate lien transaction.
13 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
4) High-Cost Mortgages: Requirements and Prohibited Acts or Practices (Regulation Z)
High-Cost Mortgage: Consumer credit transaction that is secured by the consumer’s principal dwelling that meets any one of the following three tests, continued: 2) Total Points and Fees Test: The transaction’s total points and fees will exceed:
14 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
$20,000 or more 5% of Total Loan Amount
< $20,000 The lesser of 8% of the Total Loan Amount or $1,000
LOAN AMOUNT TOTAL POINTS AND FEES EXCEED
I. Dodd-Frank Update
4) High-Cost Mortgages: Requirements and Prohibited Acts or Practices (Regulation Z)
High-Cost Mortgage: Consumer credit transaction that is secured by the consumer’s principal dwelling that meets any one of the following three tests, continued: 3) Prepayment Penalty:
Under the terms of the loan contract or open-end credit agreement, the creditor can charge a prepayment penalty more than 36 months after consummation or account opening, or prepayment penalties can exceed, in total, more than 2% of the amount prepaid.
15 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
4) High-Cost Mortgages: Requirements and Prohibited Acts or Practices (Regulation Z)
Disclosure Requirements: - Specific disclosures are required for high-cost mortgages. - Must be furnished at least 3 business days prior to consummation. - If there is more than one consumer, the disclosures may be made to any
consumer who is primarily liable on the obligation. However, if the high-cost mortgage is rescindable, the disclosures must be provided to each consumer who has the right to rescind.
16 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
4) High-Cost Mortgages: Requirements and Prohibited Acts or Practices (Regulation Z)
Limitations and Prohibited Acts or Practices: 1) A high-cost mortgage cannot provide for any of the following terms:
Balloon payment Negative amortization Advance payments Increased default interest rate Rebates Prepayment penalties Acceleration of debt
17 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
4) High-Cost Mortgages: Requirements and Prohibited Acts or Practices (Regulation Z)
Limitations and Prohibited Acts or Practices, continued: 2) Home Improvement Contracts – A creditor cannot pay a contractor under a
home improvement contract from proceeds of a high-cost mortgage, other than: - By an instrument payable to the consumer or jointly to the consumer and the
contractor; or - At the election of the consumer, through a third-party escrow agent in accordance
with terms established in a written agreement signed by the consumer, the creditor, and the contractor prior to the disbursement.
18 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
4) High-Cost Mortgages: Requirements and Prohibited Acts or Practices (Regulation Z)
Limitations and Prohibited Acts or Practices, continued: 3) Notice to Assignee – A creditor may not sell or otherwise assign a high-cost
mortgage without furnishing the following statement to the purchaser or assignee:
“Notice: This is a mortgage subject to special rules under the Federal Truth- in-Lending Act. Purchasers or assignees of this mortgage could be liable for all claims and defenses with respect to the mortgage that the consumer could assert against the creditor.”
19 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
4) High-Cost Mortgages: Requirements and Prohibited Acts or Practices (Regulation Z)
Limitations and Prohibited Acts or Practices, continued: 4) Refinancings Within One Year Period – Within one year of having extended a
high-cost mortgage, a creditor cannot refinance any high-cost mortgage to the same consumer into another high-cost mortgage, unless the refinancing is in the consumer’s interest.
5) Repayment Ability for High-Cost Mortgages – A creditor cannot originate a high-cost mortgage without regard to the consumer’s repayment ability.
20 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
4) High-Cost Mortgages: Requirements and Prohibited Acts or Practices (Regulation Z)
Limitations and Prohibited Acts or Practices, continued: 6) Pre-Loan Counseling – A creditor cannot extend a high-cost mortgage to a
consumer unless a creditor receives written certification that the consumer has obtained counseling on the advisability of the mortgage from a counselor that is approved to provide such counseling by the Secretary of the HUD.
7) Recommended Default – A creditor or mortgage broker cannot recommend or encourage default on an existing loan or other debt prior to and in connection with the consummation of a high-cost mortgage that refinances all or any portion of such existing loan or debt.
21 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
4) High-Cost Mortgages: Requirements and Prohibited Acts or Practices (Regulation Z)
Limitations and Prohibited Acts or Practices, continued: 8) Modification and Deferral Fees – A creditor, successor-in-interest, assignee, or
any agent of such parties cannot charge a consumer any fee to modify, renew, extend or amend a high-cost mortgage, or to defer any payment due under the terms of such mortgage.
9) Late Fees – Any late payment charge imposed in connection with a high-cost mortgage must be specifically permitted by the terms of the loan contract and cannot exceed 4% of the amount of the payment past due.
22 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
4) High-Cost Mortgages: Requirements and Prohibited Acts or Practices (Regulation Z)
Limitations and Prohibited Acts or Practices, continued: 10) Payoff Statements – A creditor cannot charge a fee for providing a payoff
statement for a high-cost mortgage to a consumer.
11) Financing of Points and Fees – A creditor cannot finance charges that are required to be included in the calculation of points and fees.
12) Structuring Loan to Evade Requirements – A creditor cannot structure any transaction that is otherwise a high-cost mortgage with intent to evade the requirements of a high-cost mortgage.
23 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
5) Homeownership Counseling Amendments (RESPA) Overview: A lender must provide a loan applicant with a clear and conspicuous written list of homeownership counseling organizations that provide relevant counseling in the loan applicant’s location. - List must be provided not later than three business days after a lender, mortgage
broker, or dealer receives an application, or information sufficient to complete an application.
24 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
5) Homeownership Counseling Amendments (RESPA) Obtaining the list of Homeownership Counseling Organizations: - The list of homeownership counseling organizations provided to the applicant
must be obtained from either: 1) The web site maintained by the Bureau for lenders to use in complying with
these requirements; or 2) Data made available by the Bureau or HUD for lenders to use in complying
with these requirements, provided that the data is used in accordance with instructions provided with the data.
25 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
6) Loan Originator Compensation Requirements (Regulation Z) Overview: Imposes requirements and restrictions concerning: I. Loan Originator Compensation II. Loan Originator Qualification and Identification Requirements III. Compliance Policies and Procedures
26 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
6) Loan Originator Compensation Requirements (Regulation Z) I. Loan Originator Compensation Prohibition against Compensation Based on Terms of a Transaction: - No loan originator can receive and no person can pay to a loan originator,
directly or indirectly, compensation in an amount that is based on a term of a transaction.
27 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
6) Loan Originator Compensation Requirements (Regulation Z) I. Loan Originator Compensation, continued Permissible Methods of Compensation: - The loan originator’s overall dollar volume delivered to the customer. - The long-term performance of the originator’s loans. - An hourly rate of pay to compensate the originator for the actual number of hours
worked. - Whether the consumer is an existing customer of the creditor or a new customer. - A payment that is fixed in advance for every loan the originator arranges for the
creditor. - The % of applications submitted by the loan originator to the creditor that results in
consummated transactions. - The quality of the loan originator’s loan files.
28 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
6) Loan Originator Compensation Requirements (Regulation Z) I. Loan Originator Compensation, continued Prohibition Against Dual Compensation: - If any loan originator receives compensation directly from a consumer in a
covered transaction: - No loan originator can receive compensation, directly or indirectly, from any
other person other than the consumer in connection with the transaction; and
- No person who knows or has reason to know of the consumer-paid compensation to the loan originator (other than the consumer) can pay any compensation to a loan originator, directly or indirectly, in connection with the transaction.
29 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
6) Loan Originator Compensation Requirements (Regulation Z) II. Loan Originator Qualification and Identification Requirements - Qualification:
A loan originator must be registered and licensed in accordance with applicable state or federal laws, including the SAFE Act.
- Identification: Loan originator organization’s name and NMLSR ID and loan originator’s name and NMLSR ID must be included on the following loan documents: i. Credit Application ii. Note or Loan Contract iii. Security Agreement
30 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
6) Loan Originator Compensation Requirements (Regulation Z) III. Compliance Policies and Procedures - Requires banks to establish and maintain written policies and procedures
reasonably designed to ensure compliance with the loan originator compensation requirements.
31 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z) Overview: - Prohibits creditors from making mortgage loans without regard to the
consumer’s repayment ability. - The creditor’s determination of a consumer’s repayment ability must be
reasonable and in good faith.
32 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued Examples of “reasonable and in good faith”: - The consumer demonstrated actual ability to repay the loan for a significant period
of time after origination. - The bank used underwriting standards that have historically resulted in low rates of
delinquency and default.
33 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued Examples of “not reasonable and in good faith”: - The consumer defaulted on the loan a short time after origination.
- The creditor used underwriting standards that have historically resulted in high levels of delinquency.
- The creditor applied underwriting standards inconsistently or used underwriting standards different from those used for similar loans without reasonable justification.
- The creditor disregarded evidence that the underwriting standards it used are not effective at determining consumers’ repayment ability.
- The creditor disregarded evidence that the consumer may have insufficient residual income to cover other recurring obligations and expenses, taking into account the consumer’s assets other than the property securing the loan, after paying the monthly payments for the covered transaction, any simultaneous loans, mortgage-related obligations, and any current debt obligations.
- The creditor disregarded evidence that the consumer would have the ability to repay only if the consumer subsequently refinanced the loan or sold the property securing the loan.
34 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued 3 Ways to Comply with the Ability-to-Repay Requirements: i. Meet the General Ability-to-Repay (“ATR”) Standard ii. Refinance a “Non-Standard Mortgage” into a “Standard Mortgage” iii. Originate a “Qualified Mortgage” (“QM”)
35 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued i. Meeting the General Ability-to-Repay (“ATR”) Standard This Standard requires a creditor to consider eight (8) specific underwriting factors, verify these factors with reasonably reliable third-party records, and underwrite the mortgage using specific payment calculations. 1. Current or reasonably expected income or assets, other than the value of the
dwelling, including any real property attached to the dwelling, that secures the loan. 2. Current employment status, if the creditor relies on income from the consumer’s
employment in determining repayment ability. 3. Monthly payment, using the “fully indexed rate.”
Fully indexed rate - the interest rate calculated using the index or formula that will apply after recast, as determined at the time of consummation, and the maximum margin that can apply at any time during the loan term.
36 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued i. Meeting the General Ability-to-Repay (“ATR”) Standard, continued 4. Monthly payment on any simultaneous loans (i.e. HELOC secured by same dwelling). 5. Monthly payment for mortgage-related obligations. 6. Consumer’s current debt obligations, alimony, and child support. 7. Consumer’s monthly debt-to-income ratio, or monthly residual income.
- Ratio considers the ratio of the consumer’s “Total Monthly Debt Obligations” to “Total Monthly Income.”
8. Consumer’s credit history.
37 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued ii. Refinancing a Non-Standard Mortgage into Standard Mortgage A creditor is exempt from the general ability-to-repay requirements if the creditor refinances a non-standard mortgage into a standard mortgage, and other specified conditions are met.
38 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued iii. Originating a Qualified Mortgage A creditor of a covered transaction complies, or is presumed to comply, with the repayment ability requirements if the covered transaction is a “qualified mortgage” and the creditor complies with the requirements for origination of a qualified mortgage.
39 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued iii. Originating a Qualified Mortgage, continued Qualified Mortgage – A covered transaction that meets all of the following requirements: 1. Provides for regular periodic payments that do not:
- Result in an increase of the principal balance; - Allow the consumer to defer repayment of principal; or - Result in a balloon payment.
2. The loan term does not exceed 30 years. 3. The total points and fees payable in connection with the loan do not exceed the
amounts specified.
40 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued iii. Originating a Qualified Mortgage, continued 4. The creditor underwrites the loan, taking into account the monthly payment for
any mortgage-related obligations, using the “fully indexed rate” during the first five years.
5. The creditor considers and verifies, at or before consummation, the consumer’s current or reasonably expected income or assets other than the value of the dwelling (including any real property attached to the dwelling) that secures the loan.
6. The creditor considers and verifies, at or before consummation, the consumer’s current debt obligations, alimony, and child support.
41 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued iii. Originating a Qualified Mortgage, continued 7. The ratio of the consumer’s total monthly debt to total monthly income at the
time of consummation does not exceed 43%. (Not required if the creditor qualifies for the small creditor portfolio loan.)
42 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued iii. Originating a Qualified Mortgage, continued QUALIFIED MORTGAGE SMALL CREDITOR PORTFOLIO LOAN – Certain creditors may originate a qualified mortgage that does not have to meet the requirement limiting the consumer’s total monthly debt-to-income ratio to 43%, if the loan is generally held in the creditor’s portfolio for at least three years. In order to originate a qualified mortgage small creditor portfolio loan, a creditor must meet both of the following criteria: - During the preceding calendar year, the creditor together with its affiliates
originated 500 or fewer first-lien covered transaction; and - As of the end of the preceding calendar year, the creditor had total assets that do
not exceed the current asset threshold established by the Bureau. For calendar year 2013, the asset threshold was $2,000,000,000.
43 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued iii. Originating a Qualified Mortgage, continued Prepayment Penalties A covered transaction cannot include a prepayment penalty unless: - The prepayment penalty is otherwise permitted by law; and - The transaction:
- Has an APR that cannot increase after consummation; - Is a qualified mortgage; and - Is not a higher-priced mortgage loan.
44 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
7) Ability to Repay Determination Requirements (Regulation Z), continued iii. Originating a Qualified Mortgage, continued Prepayment Penalties, continued - If allowed, a prepayment penalty must be limited as follows:
- The penalty must not apply after the three-year period following consummation; and
- The penalty must not exceed the following percentages of the amount of the outstanding loan balance prepaid:
45 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
First two years following consummation 2%Third year following consummation 1%
If prepayment penaltyis incurred during
. . . then penalty cannot exceed this %of outstanding loan balance prepaid
I. Dodd-Frank Update
8) Mortgage Servicing Rules (Regulation Z) Small Servicer Exemption Servicers that qualify as small servicers are exempt from certain parts of the Mortgage Servicing Rules. Criteria for Small Servicer Exemption: - Servicer, together with any affiliates, must service 5,000 or fewer mortgage loans. - Servicer, or an affiliate, must be either the creditor or assignee for all of the
mortgage loans it services. This means that the servicer must either currently own or have originated all of the mortgage loans it services.
46 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
8) Mortgage Servicing Rules (Regulation Z), continued I. ARM Initial Rate Adjustment Notice and Payment Change Notices (Required for Small Servicers)
- Initial Rate Adjustment Notice:
- Must be delivered or placed in the mail at least 210, but no more than 240, days before the first payment at the adjusted level is due.
- Payment Change Notice:
- Must be delivered or placed in the mail at least 60, but no more than 120, days before the first payment at the adjusted level is due.
47 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
8) Mortgage Servicing Rules (Regulation Z), continued II. Servicing Practices Related to Mortgage Loans Secured by Dwelling (Required for Small Servicers)
- Prompt Crediting of Periodic Payments
- A periodic payment to the consumer’s loan account must be credited as of the date of receipt, unless a delay does not result in any charge to the consumer or in the reporting of negative information to a consumer reporting agency.
- Payoff Statements (Open or Closed-End Credit Secured by Dwelling) - A creditor, assignee, or servicer must provide an accurate statement of the total outstanding
balance that would be required to pay the consumer’s obligation in full as of a specified date. - The statement must be sent within a reasonable time, but in no case more than seven business
days, after receiving a written request from the consumer or any person acting on the consumer’s behalf.
48 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
8) Mortgage Servicing Rules (Regulation Z), continued V. Sections Not Applicable to “Small Servicers”
- Periodic Statements for Residential Mortgage Loans
49 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
9) Mortgage Servicing Rules (RESPA) I. Mortgage Servicing Transfers (Required for Small Servicers)
- Servicing Disclosure Statement:
- Disclosure must be provided within three calendar days after the consumer applies for a first-lien mortgage loan.
- If the application is denied within the three-day period, disclosure is not required.
- Notice of Transfer of Loan Servicing: - The transferor servicer must provide the notice of transfer not less than 15 days before
the effective date of the transfer. - The transferee servicer must provide the notice of transfer not more than 15 days after
the effective date of the transfer.
50 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
9) Mortgage Servicing Rules (RESPA) II. Error Resolution Procedures (Required for Small Servicers)
- Notice of Error:
- A servicer must comply with the requirements of this section when a borrower or an agent of the borrower submits any written notice that asserts an error and includes the name of the borrower, information that enables the servicer to identify the borrower’s mortgage loan account, and the error the borrower believes has occurred (a “qualified written request”).
- Acknowledgement of Receipt of Notice of Error: - The servicer must provide the borrower a written response acknowledging receipt of
the notice of error within five days (excluding legal public holidays, Saturdays and Sundays) of receiving a notice of error from a borrower.
51 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
9) Mortgage Servicing Rules (RESPA) II. Error Resolution Procedures, continued (Required for Small Servicers)
- Reporting of Adverse Information Prohibited:
- A servicer cannot provide to any consumer reporting agency adverse information regarding any payment that is the subject of an asserted error for 60 days after receipt of a notice of error.
- Response to Notice of Error: - A servicer must respond to a notice of error by either:
- Correcting the error or errors identified by the borrower and providing the borrower with a written notification of the correction; or
- Conducting a “reasonable investigation” and providing the borrower with a written notification.
52 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
9) Mortgage Servicing Rules (RESPA)
III. Requests for Information (Required for Small Servicers)
- A servicer must comply with the requirements of this section when a borrower
submits any written request for information that includes the name of the borrower, information that enables the servicer to identify the borrower’s mortgage loan account, and states the information the borrower is requesting with respect to the borrower’s mortgage loan.
- The servicer must provide to the borrower a written response acknowledging receipt of the information request within five days (excluding public holidays, Saturdays and Sundays) of receiving a request for information.
53 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
9) Mortgage Servicing Rules (RESPA) IV. Force-Placed Insurance (Required for Small Servicers)
- A servicer is prohibited from charging a borrower a premium charge or fee for
force-placed insurance coverage unless the servicer has a reasonable basis to believe the borrower has failed to maintain hazard insurance and has delivered or placed in the mail to the consumer the required initial, reminder, and renewal notices.
54 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I. Dodd-Frank Update
9) Mortgage Servicing Rules (RESPA) V. Sections Not Applicable to “Small Servicers” - The prohibition on purchasing force-placed insurance where a servicer could
continue the consumer’s existing hazard insurance coverage by advancing funds to escrow under certain circumstances
- The general servicing policies, procedures, and requirements provisions
- The early intervention provisions
- The continuity of contact provisions
- Some of the loss mitigation provisions
55 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Unfair, Deceptive or Abusive Acts or Practices “UDAAP”
In 2010 the Dodd-Frank Act created specific provisions for banks, prohibiting UDAAP. Rule-making authority was granted to the Consumer Financial Protection Bureau “CFPB” or “Bureau” Defined under the Dodd-Frank Act as unlawful for any provider of consumer financial products or services or a service provider to engage in any unfair, deceptive or abusive act or practice UDAAP is considered to be a supplement to other regulations, it is a general “catch-all”
56 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Definitions
1. Unfair Acts or Practices 1. It causes or is likely to cause substantial injury to
consumers; 2. The injury is not reasonably avoidable by
consumers; and 3. The injury is not outweighed by benefits to
consumers or to competition
57 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Definitions
2. Deceptive Acts or Practices 1. The act or practice misleads or is likely to mislead the
consumer; 2. The consumer’s interpretation is reasonable under the
circumstances; and 3. The misleading act or practice is material – FTC’s “four P’s”
1. Is the statement prominent enough for consumer to notice? 2. Is information presented in an easy-to-understand format that does
not contradict other information in the package and at a time when the consumer’s attention is not distracted elsewhere?
3. Is the placement of the information in a location where consumers can be expected to look or hear?
4. Is the information in close proximity to the claim it qualifies?
58 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Definitions
3. Abusive Acts or Practices 1. Materially interferes with the ability of a consumer to
understand a term or condition of a financial product or service; or
2. Takes unreasonable advantage of a consumer’s: 1. lack of understanding of the material risks, costs, or conditions of the
product or service; 2. inability to protect his or her interests in selecting or using a consumer
financial product or service; or 3. reliance on a covered person to act in his or her interests
59 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Examples of UDAAP Related to Collection of Consumer Debt
- Failing to post payments timely or properly to credit a consumer’s account with payments that the consumer submitted on time and then charging late fees to that consumer
- Revealing the consumer’s debt, without the consumer’s consent, to the consumer’s employer and/or co-workers
- Threatening any action for non-payment that either cannot be taken or is not intended to be taken
- Representing yourself as an attorney, consumer reporting agency or government official
60 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Costs of Non-Compliance
• Enforcement Actions • Monetary Penalties (civil money & restitution) • Litigation • Harm to Reputation • Eventually Additional Regulation
Keep in mind, even if you are in technical compliance, you may still have a UDAAP violation
61 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Consumer Complaints
How Can You Identify a UDAAP Issue from Consumer Complaints? • Have a structured process for compiling customer complaints • Assign someone with compliance knowledge to review all complaints on a
routine basis • Have an escalation plan • Track complaints regarding vendors The goal is to look for and identify any emerging trends indicating the consumer feels misled and address the problem immediately
62 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Recent UDAAP Violations
Higher One, Inc. & Bancorp Bank – August 2012 – FDIC Settlement The Companies were fined in total $282 thousand and had to pay
restitution of $11 million to approximately 60,000 students The Bank had student accounts that were being charged excessive
overdraft fees The Consent Order requires: Higher One to change the manner it imposes NSF fees. Accounts are
now limited to no NSF fees after 60 days of insufficient funds, no more than 3 charges per day, and only 1 fee per transaction over 21 days. Bancorp Bank to increase board oversight, improve compliance
management, enhance audit programs, increase management of third party risk.
63 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Recent UDAAP Violations
Two Subsidiaries of RBS Group – April 2013 - FDIC & OCC Settlement The Companies were fined in total $10 million in civil fines and
had to pay restitution of $3.9 million Allegations of inaccurate or misleading disclosures involving the
Banks’ overdraft protection programs, checking rewards programs, and recurring electronic fund transfers Violations were discovered during regulatory examinations
64 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Recent UDAAP Violations
CashCall Sued by CFPB for Illegal Online Loan Servicing – December 2013 CashCall is an online loan servicer based in California Bureau’s investigation showed that high-cost loans violated either
licensing requirements or interest-rate caps, or both Loans ranged from $850 to $10,000 and typically had upfront fees,
lengthy repayment terms, and annual interest rates from nearly 90% to 343%
The Bureau wants CashCall to refund consumers the money they took when the loans were void or the obligation was otherwise nullified Additional damages and civil penalties are also being sought
65 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Chris Purvis Sara Kollien Email: [email protected] [email protected] Phone: 704.808.5216 704.808.5294 Website: www.elliottdavis.com
Elliott Davis, LLC/PLLC is one of the largest accounting, tax and consulting services firms in the Southeast and ranks among the top 50 CPA firms in the U.S. With offices in SC, NC, GA and VA, the firm provides clients across a wide range of industries with smart, customized solutions and its people with rewarding opportunities. Founded in 1925, Elliott Davis is a member of The Leading Edge Alliance, an international professional association of independently owned accounting firms based in the U.S. and is strategically aligned with LEA Europe and LEA Asia Pacific, a worldwide network of more than 450 offices in 100 countries around the globe. For more information about Elliott Davis and its services, visit http://www.elliottdavis.com.
66 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
COSO 2013: Implementation Strategies for this New Framework
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Jay Brietz, CPA and CIA Senior Manager
Agenda
• COSO Overview • Updated Internal Control-
Integrated Framework • New Areas of Focus • Transition Plan
2 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
COSO Overview
What is COSO? • Committee of Sponsoring Organizations of the Treadway
Commission (formed in 1985) - Sponsoring Organizations include – AICPA, IIA, AAA, FEI and IMA
• Responsible for the development of thought leadership and guidance for:
- Internal Controls - Enterprise Risk Management - Fraud Deterrence
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
3
Updated Internal Control-Integrated Framework
Why the change/update? • 20-year old framework • Business and operating environments have changed
- More technology driven - More complex - More global
• Stakeholders are more engaged and want greater transparency and accountability
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
4
Updated Internal Control-Integrated Framework
Why the change/update? • To better support efforts to design and adapt systems of
internal control - Agility – adapt to increasing complexity and pace of change - Confidence – mitigate risks to achieve important objectives - Clarity – provide reliable information to support sound
decisions
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
5
Updated Internal Control-Integrated Framework
What has changed: The updated framework builds upon the original version.
What has not changed… 1. Definition of internal control 2. Five components of internal
controls 3. The fundamental criteria used to
assess effectiveness of systems of internal control
4. Use of judgment in evaluating the effectiveness of systems of internal control
What has changed… 1. Update to reflect current
conditions in business and operating environments
2. Codify principles that support the five components of internal control
3. Expand financial reporting and non-financial reporting
4. Increase focus on operations, compliance and reporting objectives
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
6 Source: COSO’s May Update of the Internal Control-Integrated Framework
Updated Internal Control-Integrated Framework
What has changed?
Original COSO Cube Revised COSO Cube
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
7
Updated Internal Control-Integrated Framework
Summary of updates:
Source: COSO’s May Update of the Internal Control-Integrated Framework
Control Environment 1. Demonstrates commitment to integrity and ethical values 2. Exercises oversight responsibility 3. Establishes structure, authority and responsibility 4. Demonstrates commitment to competence 5. Enforces accountability
Risk Assessment 6. Specifies relevant objectives 7. Identifies and analyzes risk 8. Assesses fraud risk 9. Identifies and analyzes significant change
Control Activities 10. Selects and develops control activities 11. Selects and develops general controls over technology 12. Deploys through policies and procedures
Information & Communication
13. Uses relevant information 14. Communicates internally 15. Communicates externally
Monitoring Activities 16. Conducts ongoing and/or separate evaluations 17. Evaluates and communicates deficiencies
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
8
Updated Internal Control-Integrated Framework
• Updated framework supersedes the 1992 Internal Control-Integrated Framework and 2006 Guidance on Internal Control Over Financial Reporting-Guidance for Smaller Reporting Companies
• Transition will occur between now and December 15, 2014
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
9
New Areas of Focus
• Fraud Risk Assessments • Outsourced Service Providers (OSPs) • Information Technology • Comprehensive Risk Assessments
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
10
New Areas of Focus
Fraud Risk Assessments • Financial institutions continue to be the most frequent
victims of fraudulent activities • Common fraud schemes and stats for banks • Sample approach:
- Identify fraud risk factors - Identify fraud risks and schemes - Assess and prioritize fraud risks and schemes - Determine controls that mitigate fraud risks and assess
anti-fraud controls
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
11
New Areas of Focus
Outsourced Service Providers (OSPs) • Processes outsourced…not the risk • Greater emphasis on how OSPs are monitored • Vendor management focus by the regulators…not just COSO! • Common pitfalls:
- Management fails to evaluate exceptions noted in SOC reports - Lack of SOC reports obtained and no additional work performed
when a SOC report is not available - Risk assessments (including fraud risk assessments) that do not
consider risks associated with OSPs
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
12
New Areas of Focus
Information Technology • Specific points of focus related IT (see Principle 11) • Focus on process for ensuring the quality of information • Common pitfalls:
- Lack of understanding regarding the source of data and/or validation of data included in reports
- Design gaps in controls addressing the accuracy, completeness and integrity of data included in reports (e.g., spreadsheets)
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
13
New Areas of Focus
Comprehensive Risk Assessments • Risk analysis is a dynamic process that is updated as
new processes are introduced or new risks identified • Historically, there have been separate risk assessments
conducted by various functions within the bank • COSO-2013 suggests that your risk assessment consider
(“include”) the 17 principles
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
14
Transition Plan
Transition Approach (5-Step Plan): 1. Develop awareness, expertise, and alignment 2. Conduct preliminary impact assessment 3. Perform detail review of the new areas of focus 4. Develop and execute COSO transition plan for SOX
compliance, including: - Remediation plans - Updated documentation and test plans
5. Communicate updates to external auditors
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
15
Transition Plan
Transition Timeline: 1. Develop awareness, expertise, and
alignment 2. Conduct preliminary impact assessment 3. Perform detail review of the new areas of
focus 4. Develop and execute COSO transition plan
for SOX compliance, including: - Remediation plans - Updated documentation and test plans
5. Communicate updates to external auditors
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
16
2014
Ongoing
Complete by 6/30
Complete by 6/30
Complete by 9/30
Ongoing
Jay Brietz, CPA and CIA Email: [email protected] Phone: 704.808.5247 Website: www.elliottdavis.com
Elliott Davis, LLC/PLLC is one of the largest accounting, tax and consulting services firms in the Southeast and ranks among the top 50 CPA firms in the U.S. With offices in SC, NC, GA and VA, the firm provides clients across a wide range of industries with smart, customized solutions and its people with rewarding opportunities. Founded in 1925, Elliott Davis is a member of The Leading Edge Alliance, an international professional association of independently owned accounting firms based in the U.S. and is strategically aligned with LEA Europe and LEA Asia Pacific, a worldwide network of more than 450 offices in 100 countries around the globe. For more information about Elliott Davis and its services, visit http://www.elliottdavis.com.
17 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Cybersecurity and Risks Associated with IT
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Jay Brietz, CPA and CIA
Richard Cook, CISA, CISM and CRISC
Agenda
• I’m not an IT Specialist – Where Do I Start? - IT 101: An Introduction to Some Basic IT Concepts
and Suggestions Regarding How to Increase Your IT Comfort Level
• Icebergs Ahead! • Overview of Cyber Terrorism • Common Data Breaches/Threats • Strategies to Mitigate Cyber Terrorism Risks
2 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
I’m not an IT Specialist –
Where Do I Start?
3 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
IT 101
• IT 101: An Introduction to Some Basic IT Concepts and Suggestions Regarding How to Increase Your IT Comfort Level
4 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
IT 101
Key Concepts for this IT introduction: • To assist non-technical (non-IT) management to gain a
better understanding of IT and Security related processes • How to increase your comfort level when interacting with
the IT security Group • Increase your knowledge set of specific IT security topics • Leave the session with several good references to
increase your knowledge and follow new trends in IT/Security that can be understood by non-technical (non-IT) management
5 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
• Ask questions to gain knowledge, thus increasing your comfort level. (Ex. new, Reader’s Digest)
• Try to not be afraid of IT, many people have limited knowledge in this area. As we move forward into the future, IT will become a larger part of our lives and our jobs.
• Individuals that have both IT and functional knowledge are highly prized by their employers. (Ex. Dual resource, junior staff, part of management team)
• Teams that incorporate an integrated approach (business and IT groups working together) have a much higher chance for success when using IT/Security related processes.
• Your IT team will appreciate your efforts to learn their language as well as understand their challenges. (Ex. junior staff, pre-set questions)
• Generally most IT members are more than glad to share their knowledge.
6 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
How can I increase my comfort level when interacting with the IT security Group?
• Join committees with an IT component - IT Steering Committee
• General focus is on application system changes - IT Strategic Planning Committee
• Ensure the enterprise and IT are aligned - Incident response team - Participate in risk assessment projects (provided the project has
an IT component) - Participate in system selection team - Be a part of the Disaster Recovery Planning (DRP) Team – or
Business Continuity Planning (BCP) Team - Show up prepared and be ready to ask questions
7 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
How can I increase my comfort level when interacting with the IT security Group?
• Be curious - When you hear an IT term that you are not familiar
with, write it down and look it up later. - Read IT or security related articles from professional
publications. - Periodically listen to webinars related to IT/Security. - Practice your craft to increase your skill set and
develop your baseline knowledge. - When you go to training – sign up for classes out of
your comfort zone.
8 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
How can I increase my comfort level when interacting with the IT security Group?
What is an Internal Network Vulnerability Assessment?
• The assessment is performed by using an automated tool (app) that “scans a range of IP addresses” and produces as automated report which will show risk rated vulnerabilities that were identified and potential fixes.
• Each device has an IP address and each type of device has known vulnerabilities that are easily accessible on the internet.
- To prevent – all systems must be appropriately patched as vulnerabilities are identified (patch management applies to network, operating system, application and database layers). Patches are provided by the vendors.
9 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Mobile Device Security
• iPads and tablets are difficult to secure. • Remote access to systems should be appropriately restricted and
remote access should be via a secure path, such as VPN (virtual private network).
• Mobile (smart) phones should be required to have passwords and remote wipe capabilities if the mobile device can access email or other systems.
- This still applies even if the device is not owned by the enterprise. BYOD – bring your own device.
• All laptops should have encrypted hard drives and remote wipe capabilities.
- There is free ware available to perform this task.
10 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Basic Security (layers of an onion)
• Most secure should be the center of the onion (database).
11 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
User Security
• If the systems allows – use group or role based security – as opposed to menu based security.
• Apply the concept of “least privilege” for system access rights. • Business users should not be performing the user provisioning
function for systems. This process should be performed by the IT/IS group.
• Privileged user access rights should be limited. • Third party access should be temporary, logged and
monitored. • System access rights for users should be explicitly requested.
We should not use the “copy same as X” system access request process.
12 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Password Security
• Heartbleed – did you change passwords? Often times we use the same passwords in our personal lives that we use at work.
• Be cautious – social media is a mecca for hackers. - Information available via just facebook: name,
birthday, family member names and home towns, pet names, addresses, anniversary dates. Is any of this public information part of your passwords? • Example of email chain with family member names,
birthdays, etc.
13 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
So many passwords – how can I remember them all?
A few tips for creating and remembering passwords • Use a password creation methodology
- Ihbbxxx! ERP (2 letter phrase, 2 letter common theme – this is the part that changes, random number, special character)
- Ihfbxxx! Payroll - Ihswxxx! SharePoint
• Storing passwords (save in benign document – maybe titled recipes – or in a spreadsheet with other data).
- xxbb# ERP - xxfb# Payroll - xxsw# SharePoint
14 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Vendor Management
SOC Report Reviews • User Control Considerations must be validated to ensure the
bank has appropriate controls in place. • If the SOC1 or SOC2 has carveouts, the content and impact of
the carveout should be reviewed to determine if additional procedures need to be performed (could be obtaining an additional SOC report or determining how your third party provider gained comfort over the carveout content).
• Did you know? Often times your third party provider sets up your accounts with minimal password security configurations.
15 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Sample of Observations
• User reviews – using a tracking spreadsheet. All user access reviews should start with a system generated list.
• Most common observations related to user security are because temporary workers and contractors are not paid through the regular payroll process. Often times the provisioning of temps and contractors follow an inconsistent process. Generally contractors have privileged access rights.
• User IDs for online banking – was SSN for 80% of users. You should require that user IDs be alphanumeric.
16 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Sample of Observations
• User had same passwords for 25 years. She was distraught when she realized they would be expiring.
• Controller had the company’s most sensitive passwords on a note pad in top desk drawer (no lock on drawer, no lock on door).
• COO resisted adding an inactivity timeout to the domain because he thought his employees would lose all the work that they were working on. Then he insisted the setting be set to 120 minutes. In the end he relented and we set it at 30 minutes. Rumor had it that he did not know any of his passwords and his EA had to log in for him.
17 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Sample of Observations
• Hall of Fame! - Client three person IT staff assigned passwords that could
not be changed by the users. The IT staff maintained a running list of passwords and user IDs for all users of ALL systems, including financial users. Under this scenario, the company was unable to validate that any single financial transaction was appropriate as there was no individual accountability.
- A C-level executive lost laptop that had all his passwords on a sticky note pasted to the key pad. When a new laptop was issued – he added an new sticky note with his new passwords!
18 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Icebergs Ahead!
• So many risks…so little time - Credit risk - Market risk - Interest rate risk - Liquidity risk - Regulatory risk - Legal risk - Fraud risk - And so on…
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
19
Icebergs Ahead!
• Cyber criminals are targeting all banks • So…don’t forget about cyber risks
- Financial risk - Reputational risk - Regulatory risk - Legal risk
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
20
Overview of Cyber Terrorism
• Cyber Terrorism defined…. Criminal acts using computers and networks as tools or targets
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
21
Overview of Cyber Terrorism
• Quotes from Verizon’s Data Breach Investigations Report:
- “Some organizations will be a target regardless of what they do, but most become a target because of what the do.”
- “87% of all breaches were avoidable through simple or intermediate controls.”
- 37% of all breaches affected financial institutions. - 66% of all breaches took months to discover. - 69% of all breaches were discovered by third parties.
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
22
Overview of Cyber Terrorism
• Regulators will be looking at how banks are addressing cyber risks:
- In a June, 2013 webinar on The Evolving Cyber Landscape: Awareness, Preparedness and Strategy for Community Banks, the Office of the Comptroller of the Currency (OCC) warned that the number of cyber attacks continues to grow and that smaller banks are being targeted.
- SEC’s cyber security disclosure guidelines.
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
23
Overview of Cyber Terrorism
• More from the OCC… - “The cyber threats continue to increase in both
sophistication and volume and require a heightened awareness and appropriate resources to be able to identify and mitigate the associated risks,” said Carolyn DuChene, the OCC’s deputy comptroller of operational risk, in a conference call with reporters. “We continue to implement a broader strategy that involves increased outreach to all of the banks we supervise in an effort to increase their ongoing awareness and preparedness strategies.”
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
24
Overview of Cyber Terrorism
Cyber terrorism video 1
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
25
Common Data Breaches/Threats
The chart below shows the percentage of tactics utilized across all data breaches:
Source: Verizon Data Breach Investigations Report (2013) © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
26
Common Data Breaches/Threats
Hacked in breaches - Leading culprits are:
• Use of stolen credentials • Brute force • Backdoor or C2
- Brute force is particular an issue for small organizations and for financially motivated groups
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
27
Common Data Breaches/Threats
Malware threats - Malware is software designed to infiltrate, damage or
obtain information from a computer system without the owner’s consent (as defined by ISACA)
- The biggest malware culprits: • Spyware/Keylogger – 75% of cases • Backdoor – 66% • Export Data – 62% • Captured Stored Data – 55%
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
28
Common Data Breaches/Threats
Use of physical attacks - Physical threats encompass
deliberate actions that involve proximity, possession, or force.
- Skimmers installed inside ATM’s, POS devices, and gas pump terminals comprise almost all incidents in the physical category.
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
29
Common Data Breaches/Threats
• Speaking of “Skimming” - Been around for a while, but the skimmers keep
getting more sophisticated. - Beginning to leverage 3D printing technology to
improve efficiency and adapt to changes in card reader design.
Pictures: from Krebs on Security © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
30
Common Data Breaches/Threats
• Nordstrom Case - Found 6 skimmers attached to their point-of-sale
computers back in the fall of 2013. - Team of 3 individuals used devices similar to this to
collect/store/transmit credit card data.
Picture: from Google Shopping © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
31
Common Data Breaches/Threats
Social Engineering - Gaining sensitive information or unauthorized access
privileges by building inappropriate trust relationships with insiders.
- Phishing is the most common threat. • Usually accomplished through email or phone call
schemes.
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
32
Common Data Breaches/Threats
Social Engineering • Washington Post announced in August 2013 that its
website was hit by a phishing attack. - Accomplished through an Outlook
Web phishing app. - Resulted in readers being redirected
to site hosted by The Syrian Electronic Army.
- Key aspects of this hack included the use of a third-party application and Twitter.
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
33
Common Data Breaches/Threats
Misuse actions - Top three misuse cases are:
• Embezzlement • use of unapproved hardware • privilege abuse
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
34
Strategies to Mitigate Cyber Terrorism Risks
There are so many risks…where to start?
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
35
Overview of Cyber Terrorism
Cyber terrorism video 2
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
36
Strategies to Mitigate Cyber Terrorism Risks
Core Processor
The Bank
Customers
The Bad Guys © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
37
Strategies to Mitigate Cyber Terrorism Risks
• The three-legged approach to protection - Secure the bank - Secure the core processor - Secure the customer
• Each leg has to work together in order to be successful
• Each leg considers controls around people, process and technology
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
38
Strategies to Mitigate Cyber Terrorism Risks
Securing the Bank • Implementing IT security controls
- Examples: firewalls, patched, physical protections, etc.
• Training, training, training - Examples: IT security issues, social engineering, social
networking, passwords, etc.
• Monitoring - Examples: review of security logs, current
developments in IT security, etc.
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
39
Strategies to Mitigate Cyber Terrorism Risks
Securing the Core Processor • Implementing IT security controls • Review the SOC reports
- User control considerations - Exceptions and suitability of controls
• Communication - Frequent conversations with core processor regarding
IT security measures they are implementing
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
40
Strategies to Mitigate Cyber Terrorism Risks
Securing the Customer • Implementing IT security controls
- Examples: ensuring secured communications, updated patches, password security, etc.
- Wire transfer call back procedures • Customer training
- Examples: IT security issues, social engineering, passwords, etc.
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
41
Strategies to Mitigate Cyber Terrorism Risks
Other strategies to consider • Create a response team to handle issues, often called
a Computer Emergency Response Team (CERT) - Much like a Business Continuity/Disaster Recovery
Plan • Network with local cyber experts to understand
emerging threats
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
42
Summary
• While banks face many different risks, cyber terrorism is quickly becoming a challenge
• The way that banks address the risks of cyber crimes is becoming a focus of the regulators
• While it is important to put IT security controls in place, training and periodic reminders about the threats of cyber terrorism are also very important
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
43
Summary
Did you know? • The biggest violators of IT Security are the senior members
of the IT/IS team – this is the team that is directly responsible for securing the enterprise.
Final thoughts: - How do you know that your enterprise is secure? - Has an independent assessment been performed to
validate the IT controls? Is an appropriate audit trail in place?
- Auditors and examiners will generally conclude that if no audit trail exists the control is not operating effectively.
44 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Questions
45 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Resources
• http://ithandbook.ffiec.gov/ • FFIEC handbook – really nice framework • http://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/downloadab
ledocuments/faqs_service_orgs.pdf • SOC1 and SOC2 information – from American Institute of CPA’s • http://whatis.techtarget.com/ • Reference for IT terms/glossary – in most cases Google will do • https://www.isaca.org/Pages/default.aspx • ISACA (information Systems Audit and Controls Association) - webinars and cpe • https://na.theiia.org/Pages/IIAHome.aspx • Institute of Internal Auditors • http://www.journalofaccountancy.com/ • Journal of Accountancy
46 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
We may need some help!
Some IT and Security related services provided by Elliott Davis • Internal and External Audit Support (ITGCs) • Co-Sourcing • Compliance Reviews (FFIEC, SOX, PCI) • SOC1 and SOC2 reviews – Service Organization Control • HIPAA Reviews • Cyber Security (Internal Network Vulnerability Assessments,
External Penetration Testing, Social Engineering Reviews – physical and remote) Reviews
• SOX/Process Optimization • Pre and Post System Implementation Reviews • System Selection
47 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Jay Brietz, CPA and CIA Richard Cook, CISA, CISM and CRISC Email: [email protected] Email: [email protected] Phone: 704.808.5247 Phone: 704.808.5243 Website: www.elliottdavis.com
Elliott Davis, LLC/PLLC is one of the largest accounting, tax and consulting services firms in the Southeast and ranks among the top 50 CPA firms in the U.S. With offices in SC, NC, GA and VA, the firm provides clients across a wide range of industries with smart, customized solutions and its people with rewarding opportunities. Founded in 1925, Elliott Davis is a member of The Leading Edge Alliance, an international professional association of independently owned accounting firms based in the U.S. and is strategically aligned with LEA Europe and LEA Asia Pacific, a worldwide network of more than 450 offices in 100 countries around the globe. For more information about Elliott Davis and its services, visit http://www.elliottdavis.com.
48 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Interest Rate Risk and Liquidity Risk Management
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Mark F. Rufail Senior Manager
This material was used by Elliott Davis during an oral presentation; it is not a complete record of the discussion. This presentation is for informational purposes and does not contain or convey specific advice. It should not be used or relied upon in regard to any particular situation or circumstances without first consulting the appropriate advisor. No part of the presentation may be circulated, quoted, or reproduced for distribution without prior written approval from Elliott Davis.
2 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Overview
• Interest Rate Risk - What is IRR? - Current Regulatory Focus - Internal Control System - Independent Review and Validation
• Liquidity Risk Management - Internal Control System - Independent Review and Validation
3 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
What is IRR?
• Banks are in the business of managing IRR - Repricing Risk: timing differences between coupon
changes or cash flows of assets and liabilities - Yield Curve Risk: non-parallel changes in yield curve - Option Risk: cash flows change with embedded
options (prepayment/extension, call options, runoff) - Basis Risk: different indices with same maturity move
at different pace
4 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Current Regulatory Focus
• Margin pressure is hindering meaningful earnings recovery
• Increases in long-term asset exposure to support yield coupled with surge in non-maturity deposits
• Fear of substantial deposit runoff (surge deposits and parked funds)
• Examiner focus on assumptions, sensitivity analysis, internal controls/validation
5 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Margin Pressure
6 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Source: FDIC “Interest Rate Risk Overview & Recent Industry Trends” Call Reports & TFRs. Based on median figures of all institutions under $1B in assets
Long-Term Exposure
7 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Share of Banks with Long-term Assets Representing 30% or More of Earning Assets
Source: FDIC “Interest Rate Risk Overview & Recent Industry Trends” Call Reports. Based on consistent sample of active Call Filers as of 4Q12 with assets < $1B. Excludes any former TFR filers
Internal Control System
• Board established system of internal controls - Corporate governance - Compliance with policies and procedures - Comprehensive measurement system
8 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Effective Control Structure
• Roles, responsibilities, and authority • Adequate segregation of duties • Inputs and measurements are accurate and complete • Policy compliance • Independent review and validation • Management response and follow-up • Size, nature, and complexity of institution should be
incorporated in evaluating all aspects
9 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Adequacy and Compliance of Control System
• Review/Test - Lines of authority - Segregation of duties - Corrective actions - Compliance with risk limits
• Ensure staff compliance with procedures
10 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Data Inputs
• Data Integrity - Is data accurate, complete, and useful? - Source of data
• Data Input Controls - Automatic vs. Manual input - Reconciliation and review process
• Test Data Inputs - Balance sheet - Budgets/forecasts - Assumptions
11 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Assumptions
• Reasonableness - Can compare to historical and current data
• Documentation - Understandable format and includes all assumptions
• Sensitivity analysis - Which factors are most important? (Stress Testing)
• Sufficiency of modeled scenarios - Reasonable range of rate changes and models
• Board approval and understanding
12 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Validation
• Internal Models - Significant amount of time required for validation
process. - Includes validation of model mechanics and
mathematics. • External Models
- Vendors normally provide validation results. Management should review and assess at least annually.
13 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Backtesting
• Compare Modeled vs. Actual Results - Static vs. Dynamic modeling for NII sensitivity
• Were assumptions accurate? - If not, has management identified changes for future
modeling? • Identify causes of differences
14 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Reporting
• Perform annually and report to Board/Audit Committee
- Testing details - Findings summary - Key assumptions - Management’s responses
15 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
IRR Guidance
• FIL-52-96 - Joint Agency Policy Statement on Interest Rate Risk - http://www.fdic.gov/news/news/financial/1996/fil9652.html
• FIL-2-2010 - Financial Institution Management of Interest Rate Risk
- http://www.fdic.gov/news/news/financial/2010/fil10002.html
• FIL-2-2012 - Interest Rate Risk Management: Frequently Asked Questions - http://www.fdic.gov/news/news/financial/2012/fil12002.html
• FIL-46-2013 - Managing Sensitivity to Market Risk in a Challenging Interest
Rate Environment - https://www.fdic.gov/news/news/financial/2013/fil13046.html
16 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Liquidity Risk Management
• What is Liquidity Risk? - The risk that an institution's financial condition or
overall safety and soundness is adversely affected by an inability (or perceived inability) to meet its obligations.
17 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Types of Liquidity Risk
• Funding mismatches • Market constraints on the ability to convert assets
into cash or in accessing sources of funds • Contingent liquidity events • Changes in economic conditions • Exposure to credit, market, operation, legal, and
reputation risks
18 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Internal Control System
• Policies and Procedures • Risk Identification • Risk Management • Reporting • Compliance with applicable rules and regulations • Independent Review and Evaluation
19 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Independent Review and Evaluation
• Assess compliance with supervisory guidance and industry practices
- Corporate governance - Policies, procedures, and risk tolerances - Monitoring and reporting - Diversification of funding and sources - Contingency funding plan
20 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Testing
• Compliance with supervisory guidance - Interagency Policy Statement on Funding and Liquidity
Risk Management • http://www.fdic.gov/regulations/laws/rules/5000-5230.html
- FIL-84-2008 – Liquidity Risk Management • http://www.fdic.gov/news/news/financial/2008/fil08084.html
21 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Q & A
22 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Questions?
Mark F. Rufail Email: [email protected] Phone: 803.255.1484 Website: www.elliottdavis.com
Elliott Davis, LLC/PLLC is one of the largest accounting, tax and consulting services firms in the Southeast and ranks among the top 50 CPA firms in the U.S. With offices in SC, NC, GA and VA, the firm provides clients across a wide range of industries with smart, customized solutions and its people with rewarding opportunities. Founded in 1925, Elliott Davis is a member of The Leading Edge Alliance, an international professional association of independently owned accounting firms based in the U.S. and is strategically aligned with LEA Europe and LEA Asia Pacific, a worldwide network of more than 450 offices in 100 countries around the globe. For more information about Elliott Davis and its services, visit http://www.elliottdavis.com.
23 © 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
2014 Internal Audit and Compliance Insights
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Practical Tips for Vendor Management
Karen Louis Atlanta GA
1
May 6 and 8, 2014
REGULATORY GUIDANCE • Office of the Comptroller of the Currency
– Oct 2013: Third-Party Relationships, Risk Management Guidance
• Federal Reserve – Dec 2013: Guidance on Managing Outsourcing Risk
• Consumer Financial Protection Bureau – Apr 2012: Service Providers
• Federal Deposit Insurance Corporation – Jun 2008: Guidance for Managing Third-Party Risk
2
WHO IS A THIRD PARTY? • All entities that have entered into a business relationship with a financial institution ~
FDIC • Third-party relationships include activities that involve outsourced products and
services, use of independent consultants, networking arrangements, merchant payment processing services, services provided by affiliates and subsidiaries, joint ventures, and other business arrangements where the bank has an ongoing relationship or may have responsibility for the associated records…. Third-party relationships generally do not include customer relationships. ~ OCC
• Service providers is broadly defined to include all entities that have entered into a contractual relationship with a financial institution to provide business functions or activities. Entities may be a bank or nonbank, affiliated or non-affiliated, regulated or non-regulated, or domestic or foreign. ~ FRB
• Service provider is generally defined in section 1002(26) of the Dodd-Frank Act as ‘any person that provides a material service to a covered person in connection with the offering or provision by such covered person of a consumer financial product or service.’ (cite omitted) A service provider may or may not be affiliated with the person to which it provides services. ~ CFPB
3
FDIC’s STATEMENT:
An institution’s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships, and identifying and controlling the risks arising from
such relationships, to the same extent as if the activity were handled within the institution.
4
4 CORE ELEMENTS • Planning / Risk Assessment • Due Diligence • Contracting • Performance Monitoring
5
#1: PLAN FOR IDENTIFIED RISKS
• Consistent with Strategic Plan
• Identifying Objectives RFP • Controls to Match the Risk
6
#1: PLAN FOR IDENTIFIED RISKS
7
critical activities • OCC
significant relationships • FDIC
substantial impact • FED
material service
• CFPB
operational compliance reputation strategic & credit
#1: PLAN FOR IDENTIFIED RISKS
8
critical activities • OCC
significant relationships • FDIC
substantial impact • FED
material service
• CFPB
operational compliance reputation strategic & credit
INFORMATION TECHNOLOGY
FORECLOSURE EVICTIONS
THIRD-PARTY PRODUCTS
PAYMENT PROCESSORS
#2: PERFORM YOUR DUE DILIGENCE
9
Vendor Certifications Questionnaires
Professional References
Onsite Visits Audited
Financials
Online Searches Lawsuits Customer
Complaints
#2: PERFORM YOUR DUE DILIGENCE
• Ocwen Complaint
10
#2: PERFORM YOUR DUE DILIGENCE
• How Extensive Is Your Due Diligence – Audited financials – Significance of the contract on vendor’s financial condition – Insurance coverage – Use of subcontractors – Experience of principals – Background checks
• Maintain records
11
#3: GET IT IN WRITING • LICENSING • EXPERIENCE • COMPLIANCE
REPRESENTATIONS
• PERMIT/PROHIBIT • PRIOR APPROVAL/NOTICE
SUBCONTRACTORS
• CUSTOMER NON-PUBLIC INFORMATION • BANK LOGOS & SYSTEM ACCESS • SECURITY BREACH
DATA PRIVACY
• CATASTROPHIC EVENTS • DATA LOSS • LOSS/CHANGE OF SUBCONTRACTORS
CONTINGENCY
12
#3: GET IT IN WRITING • INCORPORATE SLAs, SOWs • OTHER STANDARDS • COMPENSATION
PERFORMANCE
• RIGHT TO AUDIT, 3RD PARTY AUDITS • RECORDKEEPING • REGULATOR ACCESS
AUDIT
• INDEMNIFICATION PROVISION • LIMIT ON BANK’S LIABILITY LIABILITY
• HANDLING • REPORTING COMPLAINTS
13
#4: MEASURE PERFORMANCE
• Oversight Responsibility – “requisite knowledge and skills to critically review all aspects of
the relationship” • Tools to Measure Performance
– Ongoing monitoring – Self-Assessments – Scorecards
• Establish Frequency – Annual – Semi-Annual – Quarterly
14
#4: MEASURE PERFORMANCE
• Performance Benchmarks – Financial condition – Licensing – Significant change in staff or subcontractors – Legal compliance – Data privacy practices/training
• Document Issues / Escalate
15
BONUS: KNOW WHEN TO CALL IT QUITS
• Typical Termination Triggers: – Poor performance results – Negative publicity – Significant decline in financial condition
• Contingency plan • Returning records, terminating system access
16
2014 Internal Audit and Compliance Insights
© 2014 Elliott Davis, PLLC © 2014 Elliott Davis, LLC
Accounting & Auditing Update- Let’s talk about CECL Lee Haynes, Shareholder, Elliott Davis Lee has more than 20 years of combined experience in public accounting and accounting/management positions in publicly held companies. He has participated in the audits of larger entities, including multinational and multistate operations. Lee concentrates his time in the financial services industry serving both publicly traded as well as privately held community banks located in North Carolina, South Carolina and Virginia. In addition to financial services expertise, Lee has extensive experience with preparation of consolidated financial statements, Securities and Exchange Commission (SEC) filings and Sarbanes-Oxley compliance. This experience is complemented by Lee’s experience with engagements involving internal controls within an organization. Lee works on audits of the design and effectiveness of internal controls of service organizations under SSAE 16 (formerly SAS 70) SOC1 Type 1 and Type 2 engagements as well as AT101 SOC2 Type 1 and Type 2 engagements and has also overseen audits of internal control over financial reporting as required by Sarbanes-Oxley and FDICIA for audit clients as well as assisted in the design, documentation and implementation of internal control programs for non-audit clients. Compliance Update Chris Purvis, Senior Manager, Elliott Davis Chris has more than nine years of accounting experience, including eight years in public accounting and one year in corporate accounting with a bank. Chris specializes in providing audit and consulting services for financial institutions. Prior to joining Elliott Davis in August 2009, Chris was employed as the Controller of American Founders Bank, a mid-sized community bank headquartered in Lexington, Kentucky. Chris' prior experience in public accounting was with BKD, LLP in Louisville, Kentucky and Dean, Dorton & Ford PSC in Lexington, Kentucky. Chris' primary focus in public accounting has been in providing services for community banks, including external audit, internal audit, regulatory compliance, external loan reviews, Bank Secrecy Act reviews and Interest Rate Risk testing. Chris leads the firm’s compliance consulting services group. Training relevant to compliance includes the North Carolina Bankers Association's Regulatory Compliance School. COSO 2013: Implementation Strategies for This New Framework Jay Brietz, Senior Manager, Elliott Davis With more than 18 years of experience in finance and accounting, Jay focuses on providing assurance and consulting services to financial institutions including external and internal audits, risk management, SAS 70 and Sarbanes-Oxley compliance. Jay is both a certified public accounting and a certified internal auditor. His experience includes serving as senior compliance manager for a global banking institution and he formerly worked for a Big Four accounting firm as well as another international CPA firm. Jay has written numerous articles on dealing with Sarbanes-Oxley, corporate governance and internal controls. He also was a principal contributor in COSO’s Guidance on Monitoring Internal Control Systems.
Cybersecurity and Risks Associated with IT Richard Cook, Senior Manager, Elliott Davis Richard has 11 years of IT consulting/audit experience as an IT Risk Management professional primarily with Big Four and national firms. His main focus is providing IT related assurance, consulting, advisory and security services. He has an extensive IT services technical background and has executed engagements in the following industries: Financial Institutions (regional, community and De Novo banks) Manufacturing & Distribution, Healthcare, Retail, Agriculture and Grocery; his range of experience includes assessing IT environments of public (accelerated-SOX 404 and non-accelerated filers, including Fortune 500 companies) and private enterprises both large and small from an internal and external perspective. Also, he has significant experience implementing the PCAOB’s AS5 top-down risk-based approach for SEC registrants as well as implementing the updated COSO 2013 framework.
He has executed SOC1 and SOC2 engagements. In addition, Richard’s ERP experience includes: SAP, Oracle, JD Edwards, and PeopleSoft (Financials & HRMS) – operating systems: Unix/Linux, iSeries (AS/400), Windows Server and mainframe – and databases; Oracle, SQL, DB2, and Informix among others. Richard has worked with various frameworks including: COBIT, FFIEC, AICPA, PCAOB, COSO, and FISMA. Interest Rate Risk/Liquidity Risk Mark Rufail, Senior Manager, Elliott Davis Mark has more than four years of public accounting experience, focusing on financial institutions and SEC registrants. He serves as engagement manager on a number of banking clients which range in size from de novo status to $800 million in assets. These services include external audits, internal audits, loan reviews, and various consulting engagements. In addition, Mark is one of the firm’s specialists in performing BSA reviews and Interest Rate Risk reviews. Vendor Management Program Best Practices Karen Neely Louis, Attorney, Bryan Cave Karen Neely Louis' practice concentrates on compliance matters in the financial services industry with a focus on default and vendor management issues. She has served as internal compliance counsel for a national mortgage servicer for matters regarding federal agency directives and compliance program development. Ms. Louis has experience litigating a variety of commercial and financial disputes and has represented financial institutions, construction and transportation companies, and Fortune 500 corporations in a variety of matters, including defense of wrongful foreclosure claims. In the construction industry, she has experience litigating disputes including representation of contractors and subcontractors in contractual disputes arising from nonpayment and defective performance. Internal Audit/Compliance Panel Elaine Crawford, Senior Vice President-Director of Internal Audit, Park Sterling Bank Elaine Crawford is the Senior Vice President and Director of Internal Audit for Park Sterling Bank ($2.2 billion institution) headquartered in Charlotte, NC. Park Sterling Bank has 43 branches in SC, NC and GA, with one loan production office in VA. Elaine is responsible for managing and coordinating Audit activities for the company, including SOX 404 project management duties. She has more than 30 years of banking experience, with 25 of those years in Internal Audit.
Karen McCauley, Internal Auditor, First Community Bank Karen McCauley serves as the General Auditor at First Community Bank headquartered in Lexington, SC. Karen is a graduate of the University of South Carolina with a Bachelors of Science degree in Accounting. Karen has worked in banking since 1980 in various positions and began her career in internal audit in 1997 at a local financial institution. She served as Treasurer for the Palmetto Chapter of the Institute of Internal Auditors and as a member of the Board of Governors. Karen is a Certified Bank Auditor (CBA) and working on the Certified Internal Auditor (CIA) designation. She lives in Irmo with her husband, Ronnie; son, Matt, and their dog, Tucker. Wendy Workman, AVP-Internal Audit Manager, The Palmetto Bank Wendy Workman is the Internal Audit Manager at The Palmetto Bank in Greenville, SC. She has been with the bank for about seven and half years and in her current position over two years. Prior to serving as the Internal Audit Manager, Wendy was the Senior Auditor through December 2011. She led the transition from a full internal audit group to a co-source engagement with business partner Crowe Horwath LLP in 2012.
el l iot td av is . co m © Elliott Davis LLC © Elliott Davis PLLC
200 East Broad Street
Suite 500
Greenville, SC 29601
Direct: 864.552.4763
Office: 864.242.3370
Fax: 864.241.5713
Robert Beckwith, CPA Shareholder
Services: Tax | Industries: Financial Services
Professional Overview
Bob focuses on providing tax consulting services to clients in the financial services
industry. Bob has more than 30 years of bank tax consulting and compliance
experience, including 20 years at a Big Four accounting firm. He assists clients with
financial reporting in accordance with FASB ASC 740 and planning and analysis of C
corporation tax issues including mergers and acquisitions, tax benefit limitations
upon Sec. 382 change-of-control, compensation and golden parachutes, and
accounting methods and periods. Bob has served multi-billion dollar organizations,
filing complex consolidated and multi-state returns. He also possesses expertise in
planning for the election to be an S corporation bank and the resulting compliance
issues.
Education, Credentials and Special Training
Certified Public Accountant
M.S., Accounting, Colorado State University
B.S., Business Administration with emphasis in accounting, University of Nebraska
Professional Affiliations
American Institute of Certified Public Accountants
South Carolina Association of Certified Public Accountants
Thought Leadership
Panelist, Bank Tax Institute Community Banking Panel
Co-instructor, Co-Community Bank Tax Workshop
el l iot td av is . co m © Elliott Davis LLC © Elliott Davis PLLC
1901 Main Street
Suite 900
Columbia, SC 29201
Direct: 803.255.1497
Office: 864.242.3370
Fax: 803.255.0733
William (Bill) J. Bossong, CPA, CBA
Shareholder
Financial Institutions Group Consulting
Services: Consulting | Industries: Financial Services
Professional Overview
Bill has more than eight years of public accounting experience with an emphasis in financial
institutions and SEC registrants. He leads the firm’s Financial Institution Consulting Practice
for merger and acquisition matters. These services include due diligence projects, Day 1
valuations, Day 2 accounting and internal audits over other Day 2 providers. This team has
developed ValuCastTM, a proprietary solution designed to assist banks with Day 2
accounting. In addition, Bill has a significant amount of experience related to the Allowance
for Loan and Lease Losses (ALLL) under ASC 450-20 and ASC 310-10 to include building an
ALLL model for a large regional bank. Bill has served on numerous FDIC-assisted and whole
bank valuation projects – managing the credit review of the loan portfolios being acquired;
gathering data for the loan valuation; and working closely with other members of the
valuation team to develop an expected cash flow model for Day 2 accounting under ASC
310-30.
Bill has also worked closely with the valuation team for various financial service line of
business acquisitions to include leasing companies, mortgage companies, and broker
dealer/investment companies. Bill provides consulting services to numerous clients ranging
in size from $400 million in assets to over $20 billion in assets.
Education, Credentials and Special Training
Certified Public Accountant
Certified Bank Auditor
Master of Accountancy, University of South Carolina
B.S., Accounting, University of South Carolina
SEC Reporting, AICPA
Professional Affiliations
American Institute of Certified Public Accountants
South Carolina Association of Certified Public Accountants
Civic and Community Activities
Walk Team Captain, Juvenile Diabetes Research Foundation
Board of Directors, Midlands March of Dimes
Deacon and Former Member of the Finance Committee, First Baptist
Church of Columbia
el l iot td av is . co m © Elliott Davis LLC © Elliott Davis PLLC
1901 Main Street
Suite 900
Columbia, SC 29201
Direct: 803.255.1203
Office: 803.256.0002
Fax: 803.255.0714
R. Jason Caskey, CPA Shareholder and Financial Services Practice Leader
Services: Assurance | Industries: Financial Services
Professional Overview
As leader of the firm’s Financial Services practice, Jason focuses on serving financial
institutions and SEC registrants. With more than 20 years of experience, he serves
community banking clients in both the private and public sector. Jason has assisted
clients with the formation of holding companies, public stock offerings, mergers and
acquisitions, and has been shareholder on numerous de novo banks. In addition, he
also serves clients with a number of consulting engagements including outsourced
internal audit, external loan reviews, Bank Secrecy Act reviews and Day 1 and Day 2
accounting. Jason recently completed six years as an elected member of the firm’s
Executive Committee. He also serves as the managing shareholder of the firm’s
Columbia office.
Education, Credentials and Special Training
Certified Public Accountant
B.S., Accounting, University of South Carolina
University of Virginia National Banking School
Professional Affiliations
American Institute of Certified Public Accountants
South Carolina and North Carolina Association of Certified Public Accountants
State Bankers Associations in South Carolina, North Carolina, Georgia and Virginia
Independent Bankers Association of South Carolina
Civic and Community Activities
Board of Directors and Audit Committee, United Way of the Midlands
Board of Directors and Audit Committee, Navigating from Good to Great
Board of Directors and Audit Committee, South Carolina Student Loan Corporation
Board of Directors and Audit Committee, Central Carolina Community Foundation
Board of Directors and Audit Committee, SC Economics
Board of Advisors and Audit Committee, USC Business Partnership Foundation
Member, Greater Columbia Chamber of Commerce Finance Committee
Deacon, First Baptist Church of Columbia
Columbia Chamber of Commerce Committee of 100
Former Member Board of Directors, Children’s Trust of South Carolina
Former Member Board of Trustees, Charleston Southern University
Former Member Board of Directors, Juvenile Diabetes Research Foundation
2011 Heart Ball Chair, American Heart Association, Columbia
2008 Distinguished Young Alumnus, USC Moore School of Business
Class of 2006 "20 Under 40,” The State
el l i ot td av is . co m © Elliott Davis LLC © Elliott Davis PLLC
700 East Morehead Street Suite 400 Charlotte, NC 28202 Direct: 704.808.5208 Office: 704.333.8881 Fax: 704.749.7908 [email protected]
Lee E. Haynes, CPA Shareholder Services: Assurance | Industries: Financial Services Professional Overview Lee has more than 20 years of combined experience in public accounting and accounting/management positions in publicly held companies. He has participated in the audits of larger entities, including multinational and multistate operations. Lee concentrates his time in the financial services industry serving both publicly traded as well as privately held community banks located in North Carolina, South Carolina and Virginia. In addition to financial services expertise, Lee has extensive experience with preparation of consolidated financial statements, Securities and Exchange Commission (SEC) filings and Sarbanes-Oxley compliance. This experience is complemented by Lee’s experience with engagements involving internal controls within an organization. Lee works on audits of the design and effectiveness of internal controls of service organizations under SSAE 16 (formerly SAS 70) SOC1 Type 1 and Type 2 engagements as well as AT101 SOC2 Type 1 and Type 2 engagements and has also overseen audits of internal control over financial reporting as required by Sarbanes-Oxley and FDICIA for audit clients as well as assisted in the design, documentation and implementation of internal control programs for non-audit clients. Education, Credentials and Special Training Certified Public Accountant B.A, Accounting, Furman University National Banking School, McIntire School of Commerce at the University of Virginia Professional Affiliations American Institute of Certified Public Accountants North Carolina Association of Certified Public Accountants South Carolina Association of Certified Public Accountants Georgia Society of Certified Public Accountants North Carolina Bankers Association South Carolina Bankers Association Virginia Bankers Association Independent Bankers Association of South Carolina Georgia Bankers Association
el l iot td av is . co m © Elliott Davis LLC © Elliott Davis PLLC
200 East Broad Street
Suite 500
Greenville, SC 29601
Direct: 864.242.2691
Office: 864.242.3370
Fax: 864.241.5798
F. Andrew Mitchell, CPA Shareholder
Services: Assurance, Consulting | Industries: Financial Services, Manufacturing &
Distribution, Professional Services
Professional Overview
Andy focuses on providing clients with corporate strategy, transaction, finance and
auditing services. With more than 35 years of accounting experience, including 20
years with a Big Four accounting firm, his extensive background includes significant
work with public companies and merger and acquisition transactions in the
financial services, professional services, manufacturing and distribution industry
sectors. As an audit partner, Andy served numerous public company clients and
was the partner for more than a dozen initial public offerings. He also presently
serves as an elected member of the firm’s Executive Committee.
Andy also served as chief financial officer for a publicly held company and two
large private companies. In this capacity, he was responsible for all financial areas
including accounting, acquisitions, budgeting, forecasting, credit, cash
management, borrowings, information systems and stock offerings for these
companies. Andy participated in the completion of an initial public offering and a
secondary offering for the public company which owned numerous retail stores,
then negotiated the sale of the company. He also participated in the acquisition of
a large operating subsidiary in the aviation service industry where he was actively
involved in the completion of an $80 million underwritten bond offering and
subsequent registration of those securities. For the third company, he was
responsible for the reorganization and ultimate sale of the company which was
involved in the sale of hardware and software development and integration
services for national retail chains.
Since joining Elliott Davis, Andy has been responsible for the formation and
development of the firm’s transaction services practice. As an assurance
shareholder, he primarily serves financial institution clients, including several
public reporting companies.
Education, Credentials and Special Training
Certified Public Accountant
B.B.A., Accounting, University of Cincinnati
Professional Affiliations
American Institute of Certified Public Accountants
South Carolina Association of Certified Public Accountants
el l iot td av is . co m © Elliott Davis LLC © Elliott Davis PLLC
700 East Morehead Street
Suite 400
Charlotte, NC 28202
Direct: 704.808.5293
Office: 704.333.8881
Fax: 704.749.7993
George Noonan, CPA Shareholder
Services: Tax | Industries: Financial Services
Professional Overview
With more than 18 years of experience in public accounting, George has worked
extensively in the banking and related industries. He provides his clients with a
variety of services including tax planning and research, ASC 740 consultation, FIN
48 analysis, tax return preparation, quarterly estimate preparation, forecasts and
projections. His experience includes tax preparation and consulting of numerous
financial institutions. George has served multi-billion dollar financial institutions
filing complex consolidated and multi-state income tax returns.
Education, Credentials and Special Training
Certified Public Accountant
B.S., Accounting and Finance, Wright State University
Bank Tax Institute, Annually
Professional Affiliations
American Institute of Certified Public Accountants
North Carolina Association of Certified Public Accountants
North Carolina Bankers Association
South Carolina Bankers Association
el l i ot td av is . co m © Elliott Davis LLC © Elliott Davis PLLC
Riverfront Plaza West Tower, Suite 1000 901 E. Byrd Street Richmond, VA 23219 Direct: 804.887.2256 Office: 804.612.4380 Fax: 877.803.0432 [email protected]
Paul M. Pickett, CPA Shareholder Services: Assurance | Industries: Financial Services Professional Overview Paul focuses on providing professional accounting services to the financial services industry, specifically community banks. With more than 20 years of public accounting experience, he has served on audit engagements for more than 40 community banks and bank holding companies in Virginia, West Virginia, North Carolina and South Carolina. Paul has extensive knowledge of GAAP and SEC policies and assists clients with the preparation of consolidated financial statements, quarterly reviews and assistance with SEC filings and reporting, and merger and acquisition reporting. In addition, he serves as an instructor for a number of continuing education courses relating to financial institution accounting and auditing. Education, Credentials and Special Training Certified Public Accountant University of Virginia National Banking School and National Banking Conference,
American Institute of Certified Public Accountants B.B.A., Accounting, Radford University Professional Affiliations American Institute of Certified Public Accountants Virginia Society of Certified Public Accountants North Carolina Bankers Association Virginia Association of Community Banks Virginia Bankers Association West Virginia Bankers Association
el l iot td av is . co m © Elliott Davis LLC © Elliott Davis PLLC
200 East Broad Street
Suite 500
Greenville, SC 29601
Direct: 864.242.2638
Office: 864.242.3370
Fax: 864.241.5819
Garry A. Rank, CPA Shareholder
Services: Assurance | Industries: Financial Services, Manufacturing & Distribution
Professional Overview
Garry focuses on corporate auditing and accounting as well as consultation
regarding governance, financial systems and internal controls. With more than 33
years of experience, his industry concentrations include financial services,
manufacturing and Securities and Exchange Commission (SEC) reporting.
Additional professional experience includes the management of complex
engagements, mergers and acquisitions, projects involving subsidiary companies
and the application of accounting and reporting standards.
Education, Credentials and Special Training
Certified Public Accountant
Graduate, American Bankers Association, Business of Banking School
B.S., Accounting, University of Akron
Professional Affiliations
American Institute of Certified Public Accountants, Center for Audit Quality Small
Firm Task Force
South Carolina Bankers Association
North Carolina Bankers Association
Georgia Bankers Association
Civic and Community Activities
Past President and Past Treasurer, Habitat for Humanity of Greenville County
Alumnus, Leadership Greenville, Greenville Chamber of Commerce
Past President and Past Treasurer, Greenville Breakfast Rotary Club
Thought Leadership
Speaker on audit committee responsibilities
SCBA/FDIC Directors College, 2003-2011
NCBA Bank Directors Assembly, 2004, 2007-2011
Presentations on SEC, corporate governance and new accounting pronouncements
Elliott Davis CFO consortium, 2003-2011
Authored various articles for publication regarding corporate governance,
Sarbanes-Oxley Act of 2002 and ethics
el l iot td av is . co m © Elliott Davis LLC © Elliott Davis PLLC
200 East Broad Street
Suite 500
Greenville, SC 29601
Direct: 864.242.2625
Office: 864.242.3370
Fax: 864.241.5830
Barbara S. Rushing, CPA Shareholder
Services: Assurance | Industries: Financial Services
Professional Overview
Barbara focuses on providing services to SEC clients in the financial services
industry. With more than 20 years of experience, including several years at a Big
Four accounting firm, Barbara has extensive knowledge of GAAP and SEC policies.
She works with SEC registrant clients with complex accounting issues, comment
letters, stock offerings and merger and acquisition reporting. Barbara has serviced
more than 40 public offerings.
Barbara is Vice Chairperson of the Firm’s Assurance & Advisory Committee, a
technical committee that oversees quality control policies and risk management of
the Firm’s attest practice.
Education, Credentials and Special Training
Certified Public Accountant
B.S., Accounting, University of South Carolina
Professional Affiliations
American Institute of Certified Public Accountants
South Carolina Association of Certified Public Accountants
el l iot td av is . co m © Elliott Davis LLC © Elliott Davis PLLC
1901 Main Street Suite 900 Columbia, SC 29201 Direct: 803.255.1214 Office: 803.256.0002 Fax: 864.241.5808 [email protected]
Beverly A. Seier, CPA, CPCU Shareholder
Services: Tax | Industries: Financial Services and Insurance
Professional Overview
With more than 20 years of experience, Bev focuses on serving financial
institutions, insurance companies and SEC registrants. She provides both public
and private clients with a wide range of services, including tax planning and
compliance, ASC 740 and SSAP 101 tax provision consulting, federal and state audit
examinations assistance, mergers and acquisitions tax planning and Sec. 382
change-in-control and 280G golden parachute studies.
Prior to joining Elliott Davis, Bev was a Tax Partner at a Northeast-based
accounting firm.
Education, Credentials and Special Training
Certified Public Accountant
Chartered Property Casualty Underwriter
B.S., Business Administration/Accounting and Mathematics, magna
cum laude, University of Mary Washington
Professional Affiliations
American Institute of Certified Public Accountants
Pennsylvania Institute of Certified Public Accountants
el l iot td av is . co m © Elliott Davis LLC © Elliott Davis PLLC
1901 Main Street
Suite 900
Columbia, SC 29201
Direct: 803.255.1472
Office: 803.256.0002
Fax: 803.255.0730
Stacy S. Stokes, CPA Shareholder
Services: Tax | Industries: Closely-Held Businesses, Personal Financial Services
Professional Overview
With more than 18 years’ experience, Stacy focuses on providing comprehensive
tax services to a diverse client base which includes closely-held businesses, pass-
through entities and high-net worth individuals. He has extensive experience in the
area of wealth management solutions for family owned businesses and high-net
worth individuals.
Education, Credentials and Special Training
Certified Public Accountant
Masters of Taxation, University of South Carolina
B.S., Accounting, University of South Carolina
Professional Affiliations
American Institute of Certified Public Accountants
South Carolina Association of Certified Public Accountants
Civic and Community Activities
President, Habitat for Humanity - Central South Carolina Chapter
Treasurer, Congaree Land Trust
Past Board Member, Family Connection of SC
Past President, University of South Carolina Friends of Accounting
Past Board Member, Juvenile Diabetes Research Foundation
Past Treasurer, Satchel Ford Elementary PTO
Past President, Kiwanis Young Professionals of Columbia
South Carolina Internal Audit and Compliance Insights Tuesday, May 6, 2014
Columbia Metropolitan Convention Center Columbia, South Carolina
Beth Adkins
First Citizens Bank
Senior Auditor
Elizabeth Anders
McNair Law Firm
Attorney
Thomas Anderson
First Palmetto Bank
Controller
Casey Bannister
First Citizens Bank
Senior Auditor
Nancy Batchelder
The Bank of South Carolina
Vice President
Sandy Boozer
Southern First Bank
Senior Vice President Corporate Administration
Lent Bridges
First Palmetto Savings Bank FSB
Chief Financial Officer
Jay Brietz
Elliott Davis
Senior Manager
Jason Caskey
Elliott Davis
Financial Services Practice Chair
Jennifer Champagne
Cornerstone National Bank
Chief Financial Officer
Richard Cook
Elliott Davis
Senior Manager
Elaine Crawford
Park Sterling Bank
Senior Vice President/Director of Internal Audit
Nathan Crowe
Elliott Davis
Manager
Jessica Cummins
Security Federal Bank
Treasurer
Debbie Dandridge
Enterprise Bank of South Carolina
internal auditor
Amanda Diehl
HeritageBank of the South
Assistant Vice President, Internal Audit
Jean Dillard
Cornerstone National Bank
Internal Audit Coordinator
Renee Douglas
First Bank of Georgia
Vice President and Controller
Melissa Downs-High
South Atlantic Bank
Vice President- Controller
David Duncan
VistaBank
Chief Financial Officer/Chief Opperating Officer
Heather Elliott
Anderson Brothers Bank
Senior Accountant
Thomas Flournoy
First Bank of Georgia
Senior Vice President and Chief Financial Officer
Dustin Formo
Anderson Brothers Bank
Internal Auditor
Joyce Frankenfield
First Bank of Georgia
Internal Audit Coordinator
Frances (Frankie) Garber
Kingstree Federal Savings and Loan Association
Accountant
Dean Goewey
Anderson Brothers Bank
Chief Financial Officer
Connie Graham
Horry County State Bank
Internal Auditor
South Carolina Internal Audit and Compliance Insights Tuesday, May 6, 2014
Columbia Metropolitan Convention Center Columbia, South Carolina
Ann Gregorie
The Bank of South Carolina
Vice President
Jeremy Groom
First Reliance Bank
Senior Vice President, Compliance and Risk Management
Kathy Hall
Harbor National Bank
Senior Vice President/Senior Operations Officer
Betsy Harbers
Alliance Bank & Trust
Controller
Kevin Harmon
Elliott Davis
Senior
Lee Haynes
Elliott Davis
Shareholder
Megan Heindl
Elliott Davis
Assurance Quality Contol Manager
Jeremy Helms
Elliott Davis
Staff
Lisa Herring
Four Oaks Bank & Trust Company
Executive Vice President, Chief Risk Officer
Jamin Hujik
CresCom Bank
Executive Vice President
Beverly Jacobs
South Carolina Community Bank
Accounting Manager
Kenya Johnson
Enterprise Bank of South Carolina
Compliance Manager
Paige Kilton
Southern First Bank
Vice President, Financial Analyst
Mike Komar
South Carolina Bank & Trust
General Auditor
Roy Lindburg
Security Federal Bank
Chief Financial Officer
Martha Long
Independence National Bank
Chief Financial Officer
Karen Neely Louis
Bryan Cave
Regulatory Compliance - Consumer Financial Service
Charlie Lovering
Congaree State Bank
Executive Vice President/Chief Financial Officer
Daniel Mauldin
Elliott Davis
Senior Auditor
Karen McCauley
First Community Bank
General Auditor
Morgan McKnight
Harbor National Bank
Vice President/Controller
Matthew Miller
Elliott Davis
Senior
Terry Mobley
First National Bank of SC
Vice President Operations and Deposit Compliance
Rhonda Moore
First National Bank of SC
Vice President
Salena Mulliken
SC Student Loan Corporation
Director of Internal Audit and Risk Management
Diane Nexsen
Bank of Greeleyville
Vice President
James O'Neal
First Palmetto Bank
Internal Auditor
South Carolina Internal Audit and Compliance Insights Tuesday, May 6, 2014
Columbia Metropolitan Convention Center Columbia, South Carolina
Rick Pace
SC Student Loan Corporation
Senior Internal Auditor
Jeff Paolucci
First Reliance Bank
Exectuive Vice President & Chief Financial Officer
Tim Pitts
Oconee Federal Savings and Loan
Risk Management Officer
Chris Purvis
Elliott Davis
Senior Manager
Amber Rabon
Conway National Bank
Senior Auditor
Garry Rank
Elliott Davis
Shareholder
Chad Reingardt
Elliott Davis
Senior Manager
Charlene Richards
First Community Bank
Internal Auditor
Stewart Richardson
Anderson Brothers Bank
Executive Vice President, Chief Credit Administrator
Mark Rufail
Elliott Davis
Senior Manager
Becky Russell
Horry County State Bank
Internal Auditor
H. Allen Salter
Oconee Federal Savings and Loan Association
Chief Financial Officer
Denise Senter
Four Oaks Bank & Trust Company
Senior Vice President, Compliance Officer
Mark Shannon
Harbor National Bank
Compliance Officer
Nathan Skipper
Elliott Davis
Senior Manager
Mark Smith
First Citizens Bank
Senior Auditor
Howie Sohm
Farmers & Merchants Bank of SC
Vice President-Audit & Compliance
Marshall Stein
Elliott Davis
Manager
Robert Stevens
Elliott Davis
Senior Manager
Nixia Tenzin
Elliott Davis
Senior
Allison Timmons
GrandSouth Bank
Compliance Officer
Christine Vroblesky
Elliott Davis
Senior
Gene Walpole
The Bank of South Carolina
Assistant Vice President
Jennifer Walters
Farmers & Merchants Bank of SC
Asst Cashier- Audit & Compliance
Rose Washofsky
Elliott Davis
Business Development Director
Wendy Workman
The Palmetto Bank
Assistant Vice President-Internal Audit Manager