Federal banking agencies issue proposal on cyber risk management standards

Nearly one month after the New York State Department of Financial Services issued a proposal to establish prescriptive cyber requirements for New York-domiciled financial institutions,1 three three federal banking agencies—the Federal Reserve Board (FRB), Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) (collectively, the “agencies”)—issued an advance notice of proposed rulemaking (ANPR) on enhanced cyber risk management and resilience standards for large banking organizations.2

Specifically, the enhanced standards would apply to US bank holding companies, the US operations of foreign banking organizations, and US savings and loan holdings companies with more than $50 billion in total assets, as well as nonbank financial companies and financial market utilities designed for FRB supervision by the Financial Stability Oversight Council (FSOC), among others.

Continue reading “Federal banking agencies issue proposal on cyber risk management standards”

Marketplace transparency and reporting readiness

Posted by Irena Gecas-McCarthy, Advisory Principal, Deloitte & Touche LLP, David Wright, Advisory Managing Director, Deloitte & Touche LLP, Dmitry Gutman, Advisory Managing Director, Deloitte & Touche LLP, Dilip Krishna, Advisory Managing Director, Deloitte & Touche LLP,  Ken Lamar, Independent Senior Advisor to Deloitte & Touche LLP, Richard Rosenthal, Advisory Senior Manager, Deloitte & Touche LLP, Claudio Rodriguez, Advisory Senior Manager, Deloitte & Touche LLP, Pranav Shanghvi, Advisory Senior Manager, Deloitte & Touche LLP,  Mike Thakkar, Advisory Senior Manager, Deloitte & Touche LLP, and Alex LePore, Advisory Senior Consultant, Deloitte & Touche LLP on August 10, 2016

Introduction

Federal Reserve Board (FRB) officials have made clear in communications with the industry that they expect the foreign banking organizations (FBOs) similar to the US bank holding companies to have the capabilities to access and provide high-quality data, including credible internal reporting/MIS and regulatory reporting data from the outset.1  They point out that FBOs have had more than three years to come into compliance with enhanced prudential standards (after the initial rule proposal) and believe that effective internal MIS and regulatory reporting processes should be in place by now.  This expectation—coupled with increased transparency provided by the public disclosure of several regulatory reports—places pressure on FBOs to ensure that their end-to-end data production processes and control frameworks produce accurate and complete reporting.  There are additional regulatory reporting requirements that have been proposed and will be finalized as the industry comment periods end and the FRB processes are finalized.  These include the attestation of the FR Y-14 reports for the FBO Intermediate Holding Companies (IHC).

Building clear process and control documentation, data governance, and quality assurance processes are critical to demonstrating credible MIS and regulatory reporting implementation.  Establishing confidence in reporting will be especially critical to meeting IHC capital planning expectations related to the April 2017 Comprehensive Capital Analysis and Review (CCAR) submissions (the non-public “dry run”). The bar is high.  FBOs face reputational risk as a result of the increased transparency provided by the public disclosure of regulatory reporting filings (most notably the FR Y-9C, which will disclose IHCs’ capital ratios, balance sheet information, and financial performance, among other information, as well as public disclosure of CCAR results).

Continue reading “Marketplace transparency and reporting readiness”

FRB proposes amendments to FR Y-14 reports, CFO attestation requirement for LISCC IHCs

Posted by Dmitriy Gutman, Advisory Managing Director, Deloitte & Touche LLP, Irena Gecas-McCarthy, Advisory Principal, Deloitte & Touche LLP,  Chris Spoth, Advisory Managing Director, Deloitte & Touche LLP, Ken Lamar, Independent Senior Advisor to Deloitte & Touche LLP,  and Alex LePore, Advisory Senior Consultant, Deloitte & Touche LLP on July 29, 2016

Less than a month after large foreign banking organizations (FBOs) established their intermediate holding companies (IHCs), the largest of these firms must now prepare to meet a new requirement: an attestation by their CFOs to the accuracy of their reports for capital assessments and stress testing.

On July 28, 2016, the Federal Reserve Board (FRB) published a proposal1 in the Federal Register that, among other changes, would amend the FR Y-14A/Q/M reports to apply the CFO attestation requirement to IHCs in the FRB’s Large Institution Supervision Coordinating Committee (LISCC) portfolio beginning with the reports as of December 31, 2017 and becoming fully effective with the reports as of December 31, 2018.

Earlier this year, the FRB applied this requirement to US bank holding companies (BHCs) in the LISCC portfolio, reflecting its ongoing concerns with data quality, governance, controls, and accountability over reporting.  The extension of this requirement to IHCs—which have not yet participated in the FRB’s annual Comprehensive Capital Analysis and Review (CCAR) program and related stress tests—is a further indication of increased regulatory expectations on accuracy and control environment for these data.
Continue reading “FRB proposes amendments to FR Y-14 reports, CFO attestation requirement for LISCC IHCs”

Evaluating global booking models after the Brexit

Posted by Irena Gecas-McCarthy, Advisory Principal, Deloitte & Touche LLP, David Wright, Advisory Managing Director, Deloitte & Touche LLP, Monica Lalani, Advisory Principal, Deloitte & Touche LLP, Ken Lamar, Independent Senior Advisor to Deloitte & Touche LLP, Simon Brennan, Director, Deloitte UK, Vishal Vedi, Partner, Deloitte UK, Richard Rosenthal, Advisory Senior Manager, Deloitte & Touche LLP, and Alex LePore, Advisory Senior Consultant, Deloitte & Touche LLP on July 27, 2016

In light of the recent United Kingdom (UK) referendum to leave the European Union (EU), strategic decisions about foreign banking organizations’ (FBOs) business models are as critical as ever. You might be wondering, in a blog series focused on Enhanced Prudential Standards (EPS), why we would lead with a discussion of FBOs’ booking models and the Brexit?  This is important, because underpinning the EPS framework was the construction of an explicit ring-fence through the establishment of an Intermediate Holding Company (IHC).1 The IHC forced large FBOs to locally inject and maintain capital and liquidity resident in the US IHC entity. The consequences of this ring-fencing will only ramp up in intensity as CCAR and stress testing requirements become effective and force FBOs to hold additional capital. The net effect of these changes is substantial. Increased and localized capital requirements force FBOs to rethink what businesses are profitable and can be sustained in the current regulatory and market environment within and outside the US. FBO executives have recognized the significance of these issues.2 The question now becomes: how do they continue to demonstrate progress and adapt to change?

Continue reading “Evaluating global booking models after the Brexit”

Enhanced Prudential Standards for Foreign Banks: What’s after the compliance deadline?

Posted by Irena Gecas-McCarthy, Advisory Principal, Deloitte & Touche LLP, David Wright, Advisory Managing Director, Deloitte & Touche LLP, Richard Rosenthal, Advisory Senior Manager, Deloitte & Touche LLP, and Alex LePore, Advisory Senior Consultant, Deloitte & Touche LLP on July 13, 2016

Introduction

Although the July 1, 2016 compliance deadline for foreign banking organizations (FBOs) to establish Intermediate Holding Companies (IHCs) has passed, the long road to operationalizing run-the-bank (RtB) functions has just begun. Rather than viewing July 1, 2016 as the “finish line,” FBOs and their IHCs should see it as Mile 13 of a marathon.  These large FBOs must demonstrate that they can govern and manage risk for their Combined US Operations (CUSO) on a self-sufficient and sustainable basis. It will come down to how the US Management and the US IHC Board of Directors (BoD) work through key issues and decisions such as budget approvals, capital planning, and crisis management, as well as navigate their shareholders, their parent organizations, and the parameters between global consolidated efficiency and a regional, legal entity focus. Continue reading “Enhanced Prudential Standards for Foreign Banks: What’s after the compliance deadline?”

Agencies propose rule regarding Net Stable Funding Ratio for US banking organizations

House on top of stacked coins

On April 26, 2016, the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC) (the “Agencies”) approved a proposed rule1 to implement the Net Stable Funding Ratio (NSFR)—a quantitative measure of a company’s one-year funding profile—for certain US bank holding companies (BHCs) and savings and loan holding companies (SLHCs).

The Federal Reserve Board (FRB) is scheduled2 to consider the proposal on May 3, 2016.

The proposed rule would become effective on January 1, 2018 and public comments on the proposal are due by August 5, 2016.

Continue reading “Agencies propose rule regarding Net Stable Funding Ratio for US banking organizations”