Comprised of nearly 400 pages and requesting responses to close to 200 questions, the April 29, 2011 Credit Risk Retention proposal is overwhelming. In consideration of the enormity of the request, the American Bankers Association has requested an extension of the comment deadline from June 11 until July 22, 2011. Whether the extension request will or will not be honored is yet to be seen; however, prudence dictates that community bankers begin to analyze the impact on their credit activities of the proposal. Of specific concern is whether or not current product offerings, both consumer and commercial, will fall under the category of “qualified” thereby being exempt from the proposed risk retention requirement.
The proposal includes criteria under which the various types of credit are evaluated for the purpose of being “qualified” and, thus, exempt from the risk retention requirements. The criteria proposed for each of the product types fall into the same broad categories, but differ somewhat based on the specific type of credit and borrower. The proposal also provides specific exemptions from risk retention, in general relating to collateral and/or loan guarantee programs.
The process of evaluating the impact on the institution will begin with an inventory of the credit products offered. Clearly those products that meet the exemption based on collateral or guarantee programs can be excluded from further analysis. Similarly, the institution may exclude credit products that will not be sold from the analysis. The remaining credit products will need to be evaluated under the product-specific criteria of qualified credits. In this preliminary analysis a comparison of the proposed thresholds to the institution’s underwriting criteria should be completed and documented.
This analysis provides two results: first, credit products with underwriting standards in contravention of the proposed standards will be identified; second, the process will help to identify criteria may need to be evaluated on a procedural or a loan-by-loan basis. In the first result, for example, a residential purchase money mortgage program including a junior lien to reduce the down payment will absolutely not meet the proposed qualified standard. Under the second, the analysis will identify those criteria under a low-doc loan program where further analysis is needed.
Early identification of the credit products that may be in jeopardy, all be it under proposed criteria, allows management to explore the balance sheet implications of continuing to offer non-qualified products and, if needed, to identify the availability of alternate products to meet the credit needs of their customers. When the criteria is finalized, any changes from the proposed criteria should prove relatively easy to integrate, allowing you to focus on implementing the new products and/or processes you’ll need to continue to serve the credit needs of your customers.
Tuesday, July 26, 2011
Friday, July 22, 2011
The Proper Care and Feeding of a Risk Assessment
Now that the Board has reviewed and approved the institution’s new or revised risk assessment, it can be shelved until the examiners ask to see it or it’s time for the next annual update, right? Absolutely not! The risk assessment itself provides a snapshot of the institution’s risk profile at a given point in time; but, with proper care and feeding, the risk assessment provides the basis for an ongoing process whereby the institution can monitor its risk profile on an ongoing basis. And, through proper care and feeding, the next annual revision will be a significantly streamlined process.
To increase the power of your risk assessment, begin by implementing a process to update the assessment with the results of your monitoring activities as those results are published. Be sure to incorporate the results of any related audits and regulatory examinations, too. These results, whether validating the effectiveness of existing controls or identifying areas for improvement, impact the institution’s risk profile and provide direction in the effective deployment of scarce resources. If you are using an automated risk assessment tool, this functionality should be available. In a manual process, you’ll need to review and revise the risk and control values associated with those areas covered in the audit, examination, or monitoring reports.
Updating the risk assessment to reflect the impact of new or revised products, services, and regulations is equally important. Establishing a change management process that mirrors your risk assessment process and includes an evaluation of the associated risks and controls allows for easy integration of the results. Feeding these results into your risk assessment increases your ability to manage the institution’s overall risk profile, on a real-time basis. Again, an automated risk assessment tool should include this functionality; in a manual process, the risk and control values associated with the activity will need to be revised as necessary to reflect the change.
In conjunction with these ongoing updates, expanding your risk assessment process to include other key risk indicators enhances your ability to monitor and manage the institution’s level of risk. Risk levels are impacted by various factors, not all of which are associated with a specific change in products, services, or regulations. Defining and monitoring indicators are vital steps to an effective risk management process.
Indicators may be internal, including activities such as training, staffing expertise and sufficiency, effectiveness of management information systems, and customer communications and complaints. Although generally incorporated into the change management process, these indicators should be continually monitored for changes occurring independent of new or revised products, services, or regulations. For example, the departure of key personnel can have a significant impact on risk and will probably occur outside of an event captured by the change management process.
Monitoring external indicators such as economic conditions and industry-wide litigation or enforcement actions will also increase the power of your risk assessment. Re-evaluating risks and controls associated with areas of increased regulatory focus, as identified by an increase in enforcement actions, affords an institution the opportunity to adjust its program to close potential gaps before they pose significant impact.
Clearly, the requirement to implement an effective risk management process is not going away. Institutions devote significant time and effort in performing and documenting their risk assessments. Yet most institutions are not maximizing the value of the risk assessment process. Through proper care and feeding, you can streamline the process and achieve up-to-the minute results from your risk assessment.
To increase the power of your risk assessment, begin by implementing a process to update the assessment with the results of your monitoring activities as those results are published. Be sure to incorporate the results of any related audits and regulatory examinations, too. These results, whether validating the effectiveness of existing controls or identifying areas for improvement, impact the institution’s risk profile and provide direction in the effective deployment of scarce resources. If you are using an automated risk assessment tool, this functionality should be available. In a manual process, you’ll need to review and revise the risk and control values associated with those areas covered in the audit, examination, or monitoring reports.
Updating the risk assessment to reflect the impact of new or revised products, services, and regulations is equally important. Establishing a change management process that mirrors your risk assessment process and includes an evaluation of the associated risks and controls allows for easy integration of the results. Feeding these results into your risk assessment increases your ability to manage the institution’s overall risk profile, on a real-time basis. Again, an automated risk assessment tool should include this functionality; in a manual process, the risk and control values associated with the activity will need to be revised as necessary to reflect the change.
In conjunction with these ongoing updates, expanding your risk assessment process to include other key risk indicators enhances your ability to monitor and manage the institution’s level of risk. Risk levels are impacted by various factors, not all of which are associated with a specific change in products, services, or regulations. Defining and monitoring indicators are vital steps to an effective risk management process.
Indicators may be internal, including activities such as training, staffing expertise and sufficiency, effectiveness of management information systems, and customer communications and complaints. Although generally incorporated into the change management process, these indicators should be continually monitored for changes occurring independent of new or revised products, services, or regulations. For example, the departure of key personnel can have a significant impact on risk and will probably occur outside of an event captured by the change management process.
Monitoring external indicators such as economic conditions and industry-wide litigation or enforcement actions will also increase the power of your risk assessment. Re-evaluating risks and controls associated with areas of increased regulatory focus, as identified by an increase in enforcement actions, affords an institution the opportunity to adjust its program to close potential gaps before they pose significant impact.
Clearly, the requirement to implement an effective risk management process is not going away. Institutions devote significant time and effort in performing and documenting their risk assessments. Yet most institutions are not maximizing the value of the risk assessment process. Through proper care and feeding, you can streamline the process and achieve up-to-the minute results from your risk assessment.
Tuesday, July 19, 2011
Managing the Risk of Change
In his January 7, 2011 testimony before the Committee on the Budget, Federal Reserve Chairman Ben S. Bernanke presented a cautiously optimistic economic outlook, stating that “Overall, the pace of economic recovery seems likely to be moderately stronger in 2011 than it was in 2010.” As reported in the American Banker newspaper, Bernanke also expressed concern about overburdening community banks with regulations targeted at larger institutions. "The intent of both Basel III and the Dodd-Frank Act is to focus on the largest, so-called 'too big to fail' banks and to make them not 'too big to fail,'" Bernanke said, "We want to make sure we do all we can not to increase the regulatory burden that small banks face."
While the intent may have been to focus on the largest banks, the reality is that neither excludes community banks from the requirements. And, waiting for exclusionary amendments is simply not a prudent option. With changes to everything from deposit insurance coverage and the regulatory structure to capital, privacy, anti-money laundering, community reinvestment, and much, much more, compliance officers and risk managers are facing an unprecedented amount of work over the next three years. The key to success – and survival – is an effective change management process!
Although not a new concept, change management, as set forth by the Office of the Comptroller of the Currency in OCC 2004-20 is generally associated with new, expanded, or modified bank products and services. However, the due diligence process defined by the OCC in this bulletin is equally effective when applied to regulatory changes. The three stated goals of an effective risk management system are: 1) performing adequate due diligence prior to introduction, 2) developing and implementing controls and processes to ensure risks are properly measured, monitored, and controlled, and 3) developing and implementing appropriate performance monitoring and review systems.
Developing and maintaining a calendar of expected regulatory amendments is the first step in the process. Once the timelines have been determined, the due diligence process begins. For each amendment, the first step is to identify the existing products, services, and processes that will likely be impacted by the change. Enlist the help of representatives from the relevant functional areas, such as credit, compliance, accounting, audit, risk management, legal, operations, and information technology, to analyze the affect of each amendment, the scope of impact, the timeline and resource needed to complete implementation of the requirements, and any third-party or vendor relationships that may be impacted (existing) or needed to accommodate the change (new). This evaluation will identify the changes to the inherent risks associated with each activity (at a minimum, an increase in inherent risk associated with the regulatory change will be noted) and provides the basis for the next phase.
The internal controls associated with the identified products, services, and processes were evaluated in your initial risk assessment. A preliminary new residual risk level can be calculated using the revised inherent risk values against your initial mitigating controls. This preliminary residual risk should be compared against the institution’s defined risk appetite. The results of this comparison will serve to highlight those changes that have the most significant impact on the institution’s risk profile, thus assisting in effective allocation of limited resources toward enhancing your control environment.
As during your initial risk assessment, each associated control activity will be reviewed to identify enhancements needed to accommodate the regulatory changes. This review will include policies, procedures, personnel, and internal controls. The review provides an identification of the specific action steps needed to implement each regulatory revision within the risk parameters established by the institution.
An evaluation of the existing monitoring and review systems should also be completed to identify changes needed to these systems to support the regulatory revisions. During this phase of the process, you will examine existing systems to verify that risks associated with the new regulations are captured in the ongoing process. This process will include: revisiting the key assumptions, data sources, procedures, and risk indicators currently employed; analyzing accountability and exception monitoring, management information systems reporting, integrating the changes into existing audit and compliance processes; and evaluating the effectiveness and timeliness of reports and other communications to management and the board. And, again, this process provides a road map of revisions needed to maintain the institution’s risk profile.
Of utmost importance throughout this process is the timely and continual flow of information to management and the board. Given management’s and the board’s responsibility to establish and maintain a comprehensive and effective risk management program, a thorough understanding of the risks is vital. Apprising them of proposed amendments, the potential risks associated with each, and the planned enhancements to controls provides them the tools they need to execute their responsibilities. Importantly, it also provides them with a detailed understanding of the challenges you face, and promotes an increased awareness of the level of resource needed to succeed.
While the intent may have been to focus on the largest banks, the reality is that neither excludes community banks from the requirements. And, waiting for exclusionary amendments is simply not a prudent option. With changes to everything from deposit insurance coverage and the regulatory structure to capital, privacy, anti-money laundering, community reinvestment, and much, much more, compliance officers and risk managers are facing an unprecedented amount of work over the next three years. The key to success – and survival – is an effective change management process!
Although not a new concept, change management, as set forth by the Office of the Comptroller of the Currency in OCC 2004-20 is generally associated with new, expanded, or modified bank products and services. However, the due diligence process defined by the OCC in this bulletin is equally effective when applied to regulatory changes. The three stated goals of an effective risk management system are: 1) performing adequate due diligence prior to introduction, 2) developing and implementing controls and processes to ensure risks are properly measured, monitored, and controlled, and 3) developing and implementing appropriate performance monitoring and review systems.
Developing and maintaining a calendar of expected regulatory amendments is the first step in the process. Once the timelines have been determined, the due diligence process begins. For each amendment, the first step is to identify the existing products, services, and processes that will likely be impacted by the change. Enlist the help of representatives from the relevant functional areas, such as credit, compliance, accounting, audit, risk management, legal, operations, and information technology, to analyze the affect of each amendment, the scope of impact, the timeline and resource needed to complete implementation of the requirements, and any third-party or vendor relationships that may be impacted (existing) or needed to accommodate the change (new). This evaluation will identify the changes to the inherent risks associated with each activity (at a minimum, an increase in inherent risk associated with the regulatory change will be noted) and provides the basis for the next phase.
The internal controls associated with the identified products, services, and processes were evaluated in your initial risk assessment. A preliminary new residual risk level can be calculated using the revised inherent risk values against your initial mitigating controls. This preliminary residual risk should be compared against the institution’s defined risk appetite. The results of this comparison will serve to highlight those changes that have the most significant impact on the institution’s risk profile, thus assisting in effective allocation of limited resources toward enhancing your control environment.
As during your initial risk assessment, each associated control activity will be reviewed to identify enhancements needed to accommodate the regulatory changes. This review will include policies, procedures, personnel, and internal controls. The review provides an identification of the specific action steps needed to implement each regulatory revision within the risk parameters established by the institution.
An evaluation of the existing monitoring and review systems should also be completed to identify changes needed to these systems to support the regulatory revisions. During this phase of the process, you will examine existing systems to verify that risks associated with the new regulations are captured in the ongoing process. This process will include: revisiting the key assumptions, data sources, procedures, and risk indicators currently employed; analyzing accountability and exception monitoring, management information systems reporting, integrating the changes into existing audit and compliance processes; and evaluating the effectiveness and timeliness of reports and other communications to management and the board. And, again, this process provides a road map of revisions needed to maintain the institution’s risk profile.
Of utmost importance throughout this process is the timely and continual flow of information to management and the board. Given management’s and the board’s responsibility to establish and maintain a comprehensive and effective risk management program, a thorough understanding of the risks is vital. Apprising them of proposed amendments, the potential risks associated with each, and the planned enhancements to controls provides them the tools they need to execute their responsibilities. Importantly, it also provides them with a detailed understanding of the challenges you face, and promotes an increased awareness of the level of resource needed to succeed.
Friday, July 8, 2011
It's A Wonderful Life!
Ah, the old Building and Loan! The nation’s first thrift, Oxford Provident Building Association, was established in 1831 to provide a means to finance the great American dream – homeownership. By the early 1920s there were more than 12,000 savings institutions (known by various names, including savings and loans, building and loans, thrift and loans, thrifts, savings banks, building associations, thrift associations and savings associations). These institutions were established in response to a significant increase in the demand for housing as rural Americans migrated to urban areas in pursuit of the Dream. The Great Depression of the 1930s and the associated housing market crash prompted Congress to establish the Federal Home Loan Bank System, followed by the creation of the Federal Home Loan Bank Board, the predecessor agency to the Office of Thrift Supervision (OTS), and the establishment of the Federal Savings and Loan Insurance Corporation (FSLIC).
Throughout the next several decades, it truly was a wonderful life. Thrifts originated roughly two-thirds of the nation’s mortgage loans. But with the increasing interest rates, and the resulting federal ban on adjustable rate mortgages in the 1970s, thrifts struggled to remain profitable. Rising interest rates continued through the 1980s; the government deregulated the lending and investment powers of thrifts, but profitability struggles led to many thrifts engaging in aggressive and risky lending and investment strategies. Hundreds of thrifts closed or failed, and Congress responded by merging the FSLIC into the Federal Deposit Insurance Corp. (FDIC) and creating the OTS to supervise, charter and regulate the thrift industry.
Bedford Falls or Pottersville? Responding to the 2008 financial crisis, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act. Title III of the Act abolished the OTS, authorizing the Office of the Comptroller of the Currency (OCC) to assume responsibility for examination, supervision, and regulation of federal savings associations (state savings Associations are transferred to the FDIC, and savings association holding companies are transferred to the Federal Reserve) effective July 21, 2011. “Well, whaddya know about that!!!” said George Bailey.
Well, we know:
Throughout the next several decades, it truly was a wonderful life. Thrifts originated roughly two-thirds of the nation’s mortgage loans. But with the increasing interest rates, and the resulting federal ban on adjustable rate mortgages in the 1970s, thrifts struggled to remain profitable. Rising interest rates continued through the 1980s; the government deregulated the lending and investment powers of thrifts, but profitability struggles led to many thrifts engaging in aggressive and risky lending and investment strategies. Hundreds of thrifts closed or failed, and Congress responded by merging the FSLIC into the Federal Deposit Insurance Corp. (FDIC) and creating the OTS to supervise, charter and regulate the thrift industry.
Bedford Falls or Pottersville? Responding to the 2008 financial crisis, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act. Title III of the Act abolished the OTS, authorizing the Office of the Comptroller of the Currency (OCC) to assume responsibility for examination, supervision, and regulation of federal savings associations (state savings Associations are transferred to the FDIC, and savings association holding companies are transferred to the Federal Reserve) effective July 21, 2011. “Well, whaddya know about that!!!” said George Bailey.
Well, we know:
- Many OTS examiners have transferred onto the OCC examination team. Thrifts can rest assured that upcoming examinations will be jointly staffed with OCC and former OTS examiners, wherever possible.
- The July 31, 2011 Thrift Assessment is deferred to September 30, 2011, and is based on June 30 data. Assessments for September 2011 and March 2012 will be calculated under both the OTS and the OCC schedules and institutions will pay the lesser of the two fees. The September 2012 assessments will be calculated under a single assessment schedule, regardless of charter.
- The Thrift Financial Report (TFR) will be phased out and merged into the FDIC Call Report process beginning with the March 2012 reporting period. In the interim, TFR reporting and data analysts will begin working with the FDIC during the 2011 second quarter reporting period.
- The Uniform Thrift Performance Report (UTPR) will be replaced by the Uniform Bank Performance Report (UBPR) once the Call Report transition is complete.
- The OCC, FDIC, and FRB will identify the OTS regulations that will continue to be enforced and will publish the list in the Federal Register no later than the July 21, 2011 transfer date. Proposed rules and finalized rules not yet in effect will be reviewed and transferred to the appropriate agency, as applicable.
- 2012 examination plans and supervisory strategies for federal savings association will be jointly developed by the OCC and OTS.
- On November 3, 2010, a Deputy Comptroller for Thrift Supervision, reporting to the Senior Deputy Comptroller for Midsize/Community Bank Supervision, was added to the OCC to lead the integration planning, coordinate the network of Senior Thrift Advisors, and act as key advisor to other Deputy Comptrollers on large and problem thrifts.
- The OCC is adding a Senior Advisor for Thrift Supervision in each district officer and in Special Supervision. This position reports to the Deputy Comptroller and serves as a key member of the District’s senior management team.
- Review the OCC’s history, mission, objectives, and strategic plan; familiarize yourself with all that’s available at http://www.occ.treas.gov./
- Become acquainted with the OCC’s current communications publications, including but not limited to: News Releases; Bulletins; Alerts; and Consumer Advisories. Also review historic communications on relevant topics.
- Go through the appropriate Handbooks to gain an understanding of the OCC’s examination philosophy and approach. Invite all departmental managers to review the Handbooks covering their areas of expertise – develop a list of clarifications needed and opportunities for enhancement.
- Once identified, make contact with your institution’s OCC Portfolio Manager. Be sure to inquire about obtaining access to BankNet, the database of resources for National Banks.
- Introduce your Directors and senior management to the resources available (Directors Toolkit and the available workshops) designed to assist them in understanding and executing their roles.
- Network with colleagues from existing National Banks to compare notes.
Friday, July 1, 2011
DODD-FRANK, CREDIT RATING AGENCIES AND YOU
Seen as the most significant financial reform bill since the Great Depression, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 requires massive restructuring of financial regulatory agencies, directs the creation of innumerable new rules, commissions countless studies and reports, and impacts not only U.S. financial institutions, but financial institutions and other commercial companies throughout the world. Aimed at protecting the economy from a repeat of the financial crisis of 2007, the impact of this legislation on the industry is beyond measure. Many believe that large, complex financial institutions will bear the brunt of the impact; however, it appears that community banks will bear more than their fair share. Clearly the expected volume of new banking regulations is staggering; the potential impact of the new Consumer Financial Protection Bureau is daunting; the magnitude of new disclosure and reporting requirements overwhelming; but community bankers should not discount the unexpected consequences of requirements that, at face value, have little to do with traditional community banking. Consider the changes made to the regulation of credit rating agencies set forth in Subtitle C of Title IX of the Act.
Some History on Credit Rating Agencies
Credit rating agencies independently evaluate the credit-worthiness of debt-issuers, including corporations, financial institutions, and governmental entities. Based on this evaluation, the agency assigns a rating which investors use to determine whether or not to invest and the market utilizes to establish the value on the investment given the debt instrument’s interest rate and the credit-worthiness of the issuer. Investors who are risk-averse opt for those obligations with the “best” ratings and are content to earn the lower rate of return associated with these “safer” investments.
While other investment advisors are closely regulated, credit rating agencies have been subject to minimal regulation. Beginning in 1975, the SEC established a process to identify certain credit rating agencies as “nationally recognized statistical ratings organizations” (NRSROs), agencies that issued ratings upon which other SEC-regulated entities could rely to satisfy their own due-diligence requirements. In 2006, the Credit Rating Agency Reform Act (CRARA) was enacted to improve ratings quality for the protection of investors by requiring the SEC to draft and implement rules governing the registration, reporting, and oversight of NRSROs. However, the CRARA specifically prohibited regulation of the credit rating processes and methodologies.
Rationale for this lack of regulation of NRSROs was based on the expectation that market and competitive forces would promote accurate and reliable ratings. Instead, investment banks routinely steered issuers to those agencies most likely to provide favorable ratings, rather than to an agency with a reputation and history of issuing reliable ratings. Not surprisingly, NRSROs altered their rating methodologies to attract future business and increased fees. As the complexity of investments increased, investor due diligence was replaced with investor reliance on NRSRO ratings. The result, seen as one of the primary factors in the current economic crisis, was the downgrade of the triple-A rated subprime mortgage-backed securities to junk status.
Dodd-Frank Changes
Under Dodd-Frank, the SEC will establish a new Office of Credit Ratings with responsibility for exploring the feasibility of standardizing ratings, issuing rules relating to the determination of ratings, and examining and reporting on NRSRO compliance. NRSROs are required to have a board of directors, half of whom are independent, to appoint a compliance officer independent of the rating process or financial performance, to implement and maintain an effective system of internal controls for determining ratings, and to file reports with the SEC attesting to compliance, including changes in compliance controls, code of ethics, and recent employment history of senior officers. NRSROs will also be subject to increased liability for their actions. Additionally, within one year of enactment, federal statutes referencing credit rating agencies and acceptable ratings must be revised to replace these references with defined standards for determining credit-worthiness.
These new requirements will have a clear and significant impact on the NRSROs and other credit rating agencies, as well as on investment banks and large financial conglomerates that participate in securities underwriting and offerings. But how and to what extent will they impact community banks?
The agencies have already published an advanced notice of proposed rulemaking (ANPR) aimed at eliminating the dependence on credit ratings in the risk-based capital standards and Basel. While the standardized approach under the Basel Accord relies extensively on credit ratings to risk weight exposures, operational criteria requiring institutions to independently analyze the credit-worthiness of securitization exposures were subsequently published. These criteria require a bank to have a comprehensive understanding of the risk characteristics of its individual securitization exposure, be able to access performance information on the underlying pools on an on-going basis in a timely manner, and have a thorough understanding of all structural features of a securitization transaction. Although one of the objectives of the agencies’ evaluation of alternative credit-worthiness standards is to “be reasonably simple to implement and not add undue burden on banking organizations” the ANPR acknowledges that the goal may be “achievable only at the expense of greater implementation burden.”
The OCC published an ANPR relating to other regulations that currently rely on credit ratings, including regulations regarding permissible investment securities, securities offerings, and international activities. The regulations surrounding investment securities use credit ratings as a factor for determining the credit quality, liquidity/marketability, and appropriate concentration levels of securities purchased and held by national banks. While the ANPR stresses the fact that institutions should be investing consistent with safe and sound banking practices, the reality is that many institutions were relying primarily on the ratings established by NRSROs in evaluating investments. The ANPR sets forth three alternatives going forward: Credit Quality Based Standard; Investment Quality Based Standard; and Reliance on internal risk ratings. The common theme within these alternatives is the requirement that banks document their credit assessment and analysis of the investment.
These ANPRs clearly indicate that banks will, as a result of Dodd-Frank, devote more resources to activities surrounding capital and investments; resources that are already scarce in community banks. But wait, could there be more …..
The market for mortgage-backed securities is all but extinct; and while securitized credit card receivables continue to be viable, there still remain the underlying risks stemming from the lack of transparency in the credit rating process. How does this risk impact a funding channel utilized by many institutions to regenerate lending capacity? The answer is yet to be seen.
The introduction of regulation to a previously unregulated industry segment will increase the cost of, and most likely extend the timeline for, issuing securities. The amount of information required in underwriting by the agencies will undoubtedly increase, as will the staff required to analyze this information. Rating agencies will increase fees to cover increased administration costs.
The courts are evaluating the issue of reliance on credit rating agencies, and some have ruled in favor of investors. Liability is being assigned to banks that invested client money without performing their own due-diligence based on a breach of fiduciary duty. And, credit rating agency liability is a key component of the Act. Rating agencies will increase fees to cover these costs, too.
Moreover, banks aren’t the only financial intermediaries who have historically relied on credit agency ratings. Investors have enjoyed an increase in the range of available investments; broker-dealers, money funds, pensions, insurance companies, and governments relied on the ratings to reduce the cost of managing their investment portfolios. These market efficiencies favorably impacted the cost and availability of funding for all borrowers. These benefits will likely diminish in the future.
The introduction of higher costs, both from increased administrative expenses and potential liabilities of rating agencies, coupled with increased litigation risks and the regulatory expectation that entities evaluate and demonstrate the appropriateness of their investments, either directly or through the utilization of a third party, will significantly influence the cost and availability of investments and funding. Accordingly, the combined ramifications of Dodd-Frank related to credit ratings agencies will have far reaching effects on a community bank’s business model, encompassing everything from the bank’s own capital, investments, and employee benefit plans, to client activities including lending, trust, insurance, and investments.
Some History on Credit Rating Agencies
Credit rating agencies independently evaluate the credit-worthiness of debt-issuers, including corporations, financial institutions, and governmental entities. Based on this evaluation, the agency assigns a rating which investors use to determine whether or not to invest and the market utilizes to establish the value on the investment given the debt instrument’s interest rate and the credit-worthiness of the issuer. Investors who are risk-averse opt for those obligations with the “best” ratings and are content to earn the lower rate of return associated with these “safer” investments.
While other investment advisors are closely regulated, credit rating agencies have been subject to minimal regulation. Beginning in 1975, the SEC established a process to identify certain credit rating agencies as “nationally recognized statistical ratings organizations” (NRSROs), agencies that issued ratings upon which other SEC-regulated entities could rely to satisfy their own due-diligence requirements. In 2006, the Credit Rating Agency Reform Act (CRARA) was enacted to improve ratings quality for the protection of investors by requiring the SEC to draft and implement rules governing the registration, reporting, and oversight of NRSROs. However, the CRARA specifically prohibited regulation of the credit rating processes and methodologies.
Rationale for this lack of regulation of NRSROs was based on the expectation that market and competitive forces would promote accurate and reliable ratings. Instead, investment banks routinely steered issuers to those agencies most likely to provide favorable ratings, rather than to an agency with a reputation and history of issuing reliable ratings. Not surprisingly, NRSROs altered their rating methodologies to attract future business and increased fees. As the complexity of investments increased, investor due diligence was replaced with investor reliance on NRSRO ratings. The result, seen as one of the primary factors in the current economic crisis, was the downgrade of the triple-A rated subprime mortgage-backed securities to junk status.
Dodd-Frank Changes
Under Dodd-Frank, the SEC will establish a new Office of Credit Ratings with responsibility for exploring the feasibility of standardizing ratings, issuing rules relating to the determination of ratings, and examining and reporting on NRSRO compliance. NRSROs are required to have a board of directors, half of whom are independent, to appoint a compliance officer independent of the rating process or financial performance, to implement and maintain an effective system of internal controls for determining ratings, and to file reports with the SEC attesting to compliance, including changes in compliance controls, code of ethics, and recent employment history of senior officers. NRSROs will also be subject to increased liability for their actions. Additionally, within one year of enactment, federal statutes referencing credit rating agencies and acceptable ratings must be revised to replace these references with defined standards for determining credit-worthiness.
These new requirements will have a clear and significant impact on the NRSROs and other credit rating agencies, as well as on investment banks and large financial conglomerates that participate in securities underwriting and offerings. But how and to what extent will they impact community banks?
The agencies have already published an advanced notice of proposed rulemaking (ANPR) aimed at eliminating the dependence on credit ratings in the risk-based capital standards and Basel. While the standardized approach under the Basel Accord relies extensively on credit ratings to risk weight exposures, operational criteria requiring institutions to independently analyze the credit-worthiness of securitization exposures were subsequently published. These criteria require a bank to have a comprehensive understanding of the risk characteristics of its individual securitization exposure, be able to access performance information on the underlying pools on an on-going basis in a timely manner, and have a thorough understanding of all structural features of a securitization transaction. Although one of the objectives of the agencies’ evaluation of alternative credit-worthiness standards is to “be reasonably simple to implement and not add undue burden on banking organizations” the ANPR acknowledges that the goal may be “achievable only at the expense of greater implementation burden.”
The OCC published an ANPR relating to other regulations that currently rely on credit ratings, including regulations regarding permissible investment securities, securities offerings, and international activities. The regulations surrounding investment securities use credit ratings as a factor for determining the credit quality, liquidity/marketability, and appropriate concentration levels of securities purchased and held by national banks. While the ANPR stresses the fact that institutions should be investing consistent with safe and sound banking practices, the reality is that many institutions were relying primarily on the ratings established by NRSROs in evaluating investments. The ANPR sets forth three alternatives going forward: Credit Quality Based Standard; Investment Quality Based Standard; and Reliance on internal risk ratings. The common theme within these alternatives is the requirement that banks document their credit assessment and analysis of the investment.
These ANPRs clearly indicate that banks will, as a result of Dodd-Frank, devote more resources to activities surrounding capital and investments; resources that are already scarce in community banks. But wait, could there be more …..
The market for mortgage-backed securities is all but extinct; and while securitized credit card receivables continue to be viable, there still remain the underlying risks stemming from the lack of transparency in the credit rating process. How does this risk impact a funding channel utilized by many institutions to regenerate lending capacity? The answer is yet to be seen.
The introduction of regulation to a previously unregulated industry segment will increase the cost of, and most likely extend the timeline for, issuing securities. The amount of information required in underwriting by the agencies will undoubtedly increase, as will the staff required to analyze this information. Rating agencies will increase fees to cover increased administration costs.
The courts are evaluating the issue of reliance on credit rating agencies, and some have ruled in favor of investors. Liability is being assigned to banks that invested client money without performing their own due-diligence based on a breach of fiduciary duty. And, credit rating agency liability is a key component of the Act. Rating agencies will increase fees to cover these costs, too.
Moreover, banks aren’t the only financial intermediaries who have historically relied on credit agency ratings. Investors have enjoyed an increase in the range of available investments; broker-dealers, money funds, pensions, insurance companies, and governments relied on the ratings to reduce the cost of managing their investment portfolios. These market efficiencies favorably impacted the cost and availability of funding for all borrowers. These benefits will likely diminish in the future.
The introduction of higher costs, both from increased administrative expenses and potential liabilities of rating agencies, coupled with increased litigation risks and the regulatory expectation that entities evaluate and demonstrate the appropriateness of their investments, either directly or through the utilization of a third party, will significantly influence the cost and availability of investments and funding. Accordingly, the combined ramifications of Dodd-Frank related to credit ratings agencies will have far reaching effects on a community bank’s business model, encompassing everything from the bank’s own capital, investments, and employee benefit plans, to client activities including lending, trust, insurance, and investments.
Subscribe to:
Posts (Atom)