Perspectives on financial reform Issue 3 First look A practical guide to the Federal Reserve s newly announced enhanced prudential standards Produced by the Deloitte Center for Financial Services
1 Foreword 2 Capital requirements and debt-to-equity limit 4 Liquidity requirements 6 Single-counterparty credit limit requirements 8 Risk management requirements 10 Stress testing requirements 12 Early remediation requirements 14 What s next? First look A practical guide to the Federal Reserve s newly announced enhanced prudential standards i
Foreword Faced with the prospect of combing through 173 pages of new, enhanced prudential standards and early remediation requirements recently announced by the Federal Reserve, you may find yourself wondering what s really important to your business today. In this document, we ve attempted to streamline that process for you, dissecting each section to identify and explain what we believe are the most significant rules and some of their implications. Overall, we believe that the new enhanced proposed standards represent a codification of the changes that the Federal Reserve has been pursuing through guidance and other means as a preventive measure to help avoid another financial crisis. Much of the guidance that the Federal Reserve has made over the past few years is now on its way to becoming law. And that will rightly bring a new level of scrutiny to how large and midsize U.S. banks, foreign banks with large U.S. operations, and certain nonbank entities, such as insurance companies and hedge funds, bring themselves into compliance. While different financial organizations will likely be affected by these rules in different ways, one thing is certain: These proposed rules mark a new era in financial regulation, based on lessons learned over the course of the past few years. These rules will likely become law soon. Consequently, leaders at financial organizations should become well versed in them. That s the spirit in which this document was created not as a replacement for thorough review of the rules themselves, but as a primer for understanding them. Bob Contri Vice Chairman U.S. Financial Services Leader Deloitte LLP Kevin McGovern U.S. Managing Partner Governance, Regulatory & Risk Strategies Deloitte & Touche LLP First look A practical guide to the Federal Reserve s newly announced enhanced prudential standards 1
Capital requirements and debt-to-equity limit The proposed set of capital rules is the initial step towards more stringency, intended to put pressure on institutions to increase capital and maintain a higher level of capital quality so that they may be better prepared to absorb potential losses. The proposed capital ratios and annual capital plan requirements necessitate that financial companies establish forwardlooking capabilities in their capital adequacy planning and receive annual capital-plan approval from the Federal Reserve a condition for making capital distributions. This applies not only to bank holding companies with $50 billion or more in assets based on the average of the four most recent regulatory report filings with the Federal Reserve, but also to other nonbank financial companies 1 that the Financial Stability Oversight Council (FSOC) deems systemically important. The next set of capital rules, due to be released in the coming months, is expected to include a quantitative risk-based capital surcharge for covered companies, or a subset of covered companies, based on Basel III guidance issued by the Basel Committee for Banking Supervision (BCBS) for the most globally active and interconnected banking companies. Basel III introduces incremental capital requirements in the form of capital conservation and countercyclical buffers, while also raising minimum capital requirements. We can expect to see additional capital thresholds added to global systemically important banks (G-SIBs 2 ) in line with Basel III guidance, to be phased in between 2016 and 2019. In addition to the capital rules, a 15-to-1 debt-to-equity ratio limit is applied to some companies that the FSOC thinks may pose a threat to the financial stability of the U.S., and is designed to help address the systemic risk created by these entities. Here s a closer look. Highlighted rules Enhanced risk-based capital and leverage requirements All covered companies to hold capital commensurate with the Federal Reserve s rules relating to capital plans, stress tests, and the Capital Plans Final Rule, including requirements to: Submit a board-approved annual capital plan that demonstrates the ability to maintain minimum riskbased capital ratios under both baseline and stressed conditions over a minimum nine-quarter, forwardlooking planning horizon. Hold tier 1 common capital ratio of at least 5 percent over the same planning horizon. Meet capital plan requirements prior to making any capital distributions. New requirements for nonbank financial companies: Nonbank financial companies would also be required to comply with the Federal Reserve s current risk-based capital standards that apply to bank holding companies, including quarterly reporting of risk-based capital and leverage ratios. Debt-to-equity limitations Designated companies would be required to meet a debt-to-equity ratio of no more than 15-to-1 total liabilities to total equity ratio. 1 A nonbank financial company is subject to enhanced supervision if material financial distress at the company, or its nature, scope, size, scale, concentration, interconnectedness or mix of these activities potentially poses a threat to the financial stability of the U.S. economy. This concept is known as systemically important. As of this writing, the FSOC has not yet designated any nonbank financial company as a systemically important financial institution (SIFI). 2 In line with recently issued framework by the BCBS. 2
Capital requirements and debt-to-equity limit Possible implications Institutions affected by the new requirements The proposed rules for risk-based capital requirements apply to: 1) any bank holding company (other than a foreign banking organization, for which the rules are delayed until 2015) with $50 billion or more in total consolidated assets based on the average of the four most recent regulatory report filings, FR Y-9C, with the Federal Reserve; and 2) nonbank financial companies that are predominantly engaged in financial activities, as designated by the FSOC. For the debt-to-equity ratio requirements, covered companies are those identified by the FSOC that pose a grave threat to the financial stability of the U.S., and where the debt-to-equity ratio can mitigate systemic risks. Potential implications of risk-based capital requirements Capital planning will likely become a more central activity to demonstrate to regulators the ability to maintain sufficient capital and continue to serve as a credit intermediary, especially among larger, interconnected, and complex companies that the FSOC may deem systemically important. As part of this effort, companies will likely need to restructure internally and make available on a regular basis an increasing amount of qualitative and quantitative information to regulators and the market. A broader set of companies are likely to face greater pressure to raise capital, divest noncore businesses, and hold a better quality of capital due to the proposed minimum leverage ratio of 4 percent, tier 1 common capital ratio of 5 percent, and expected supplementary capital surcharge for G-SIBs. The ability to make capital distributions now depends on receiving the Federal Reserve s approval of the annual capital plan rule and in certain cases prior approval may be necessary before making capital distributions. To support capital planning processes, companies will probably have to establish new organizational structures to support a board-approved capital plan. For nonbank financial companies, it will likely take a considerable amount of effort to organize and establish an infrastructure that complies with the proposed and existing risk-based capital rules. Nonbank financial companies are likely to face data challenges resulting from quarterly calculation and reporting requirements, including the need to source and categorize data according to Federal Reserve definitions. Potential implications of debt-to-equity ratio requirements Companies will need to monitor their debt-to-equity ratio and take appropriate steps to develop contingency plans for meeting compliance with the 15-to-1 debtto-equity ratio requirement, especially systemically important and highly leveraged companies. Systemically important and highly leveraged companies will need to factor in the debt-to-equity ratio constraint for their future capital funding activities. Many large U.S. bank holding companies have already increased their capital levels in anticipation of these rules. Nonbank financial companies that don t meet the new ratios are likely to face a steeper climb to raise sufficient capital, with the added regulatory burden of complying with the Federal Reserve s existing risk-based capital and leverage standards. First look A practical guide to the Federal Reserve s newly announced enhanced prudential standards 3
Liquidity requirements It s official: Regulators are raising the profile of liquidity risk management and the role of boards for large banks and publicly traded holding companies (other than foreign bank holding companies). The proposed guidelines build on recent enforcement actions and other insights gleaned from the experiences of the past few years that emphasize the central importance of the board being more engaged in liquidity risk management and oversight. Here s a closer look. Highlighted rules The board would be required to establish the covered company s liquidity risk tolerance at least annually. Further, a covered company s board is required to review information provided by senior management at least semi-annually to determine whether liquidity risk is being managed within accepted tolerances. Finally, the board would review and approve the contingency funding plan at least annually, along with any material revisions. A risk committee or delegate committee would be required to conduct the following activities quarterly: a review of cash flow projections to determine that the company s liquidity risk is within established parameters; a review and approval of liquidity stress testing methodology; and a review of stress testing results, liquidity risk limits, liquidity risk management, and approval of the size and composition of any liquidity buffer. Further, the committee would be required to review and approve significant new business lines or products from a liquidity risk perspective. The covered company would be required to establish and maintain an independent review function to evaluate its liquidity risk management. The review would be conducted at least annually to evaluate the adequacy and effectiveness of liquidity risk management processes, as well as compliance with regulatory requirements, and report statutory and regulatory noncompliance and other material issues in writing to the board for corrective action. The proposed rule would require the covered company to regularly stress test its cash flow projections by identifying liquidity stress scenarios and assessing the effects on the covered company s cash flow and liquidity. Stress testing would cover exposures, activities, and risks both on and off the balance sheet. The proposed rule would require a covered company to establish and maintain a contingency funding plan (CFP). Under the proposed rule, the CFP would be commensurate with the covered company s capital structure, risk profile, complexity, activities, size, and other applicable risk-related factors, including liquidity risk tolerance. Under the proposed rule, the CFP includes four components: 1) a quantitative assessment, 2) an event management process, 3) monitoring requirements, and 4) testing requirements. The proposed rule would require a covered company to monitor liquidity risk related to collateral positions (encumbered/unencumbered), liquidity risks across the enterprise, and intraday liquidity positions. Consistent with the effort to develop a comprehensive liquidity framework, the proposed rule requires a covered company to continuously maintain a liquidity buffer of unencumbered, highly liquid assets sufficient to meet projected net cash outflows and projected loss or impairment of existing funding sources for 30 days. Extensive projections of a covered company s cash flows will likely be a critical tool for managing liquidity risk. Projections must include cash flows arising from contractual maturities, cash flows from new business, funding renewals, customer options, and other potential events that may impact liquidity. 4
Liquidity requirements Possible implications These proposed rules affect domestic, publicly traded covered companies and bank holding companies with more than $10 billion in assets. There are enhanced standards for banks and bank holding companies with more than $50 billion in assets. Guidance for foreign bank holding companies is expected to follow. Organizations may expect the liquidity requirements to significantly impact their structure, process, technology, and even talent. The biggest impact will likely be on the governance of the organization, with boards assuming responsibility for liquidity risk. That is likely to be a big change for many organizations as liquidity risk management is typically not the domain of the board or risk committee. Processes and technology may be significantly impacted by the new requirements. Sufficient monitoring capabilities may require new investments and reengineered processes and reporting architectures in areas such as intraday reporting, daily reporting, and ad hoc stress testing, to name a few. Data quality is also likely to be an issue for many organizations. Adhering to the new proposed liquidity requirements may require a different talent mix. At many financial organizations, existing talent is already stretched thin, forcing leaders to consider whether they can afford to hire the right additional support staff or if they need to continue to lean on current talent resources. Senior management will likely be required to make difficult decisions to bring the company into compliance with these requirements. Decisions regarding new business opportunities, compliance-related costs, strategy, liquidity positions, and stress testing may be on the way. First look A practical guide to the Federal Reserve s newly announced enhanced prudential standards 5
Single-counterparty credit limit requirements The proposed rules for single-counterparty credit limit requirements introduce a range of new issues and concerns for banking organizations. For starters, concentration risk has taken on new importance. Banking organizations will be required to have enterprise-wide processes in place to identify, measure, monitor, and control concentrated risk exposures at both the legal entity and enterprise levels. Banks likely will have to account for collateral concentrations in their risk analyses, including both risk concentrations with a single counterparty and those associated with portfolios of counterparties. Under the proposed rules, credit limits would be mitigated in a number of ways, including collateral, netting, guarantees, and credit derivative hedges. The proposed rules describe the types of collateral, guarantees, and derivative hedges that are eligible under them, providing valuation rules for each that reflect credit risk mitigants. It s also worth noting that the proposal would establish a general limit prohibiting covered companies from having an aggregate net credit exposure to any single unaffiliated counterparty in excess of 25 percent of the company s regulatory capital. It would also establish a more stringent net credit exposure limit between a major covered company and any major counterparty. A major covered company would be defined as any bank holding company with total consolidated assets of $500 billion or more. Major counterparties are defined as any major covered company, as well as any foreign banking organization that is treated as a bank holding company, with total consolidated assets of $500 billion or more. Here s a closer look. Highlighted rules The proposal directs the establishment of singlecounterparty credit concentration limits for covered companies in order to limit the risks that the failure of any individual company could pose to a covered company, such as direct exposure to certain types of transactions, exceeding risk tolerances, or not being aware of deterioration of the counterparty. In the notice for proposed rulemaking, the Federal Reserve has prescribed regulations that prohibit covered companies from having an aggregated net credit exposure to any unaffiliated company that exceeds 25 percent of the regulatory capital of the covered company. Aggregated net exposure is defined in the proposed rule to be a measure that recognizes certain credit risk mitigants, including netting agreements for certain types of transactions, some forms of collateral with a haircut, and guarantees and other forms of credit protection. The Federal Reserve also has authority to lower the 25 percent threshold, if necessary, to mitigate the risks to the financial stability of the U.S. Credit exposure is defined in section 165(e) of the Dodd-Frank Act to mean all extensions of credit to the company, including loans, lines of credit, all repurchase agreements, reverse repurchase agreements, securities borrowing, and lending transactions with the company. Exposure to special purpose vehicles and money market mutual funds is not required at this time, but may need to be monitored. The proposed rule would also establish a more stringent net credit exposure limit between a major covered company and any major counterparty. This limit would be 10 percent of the regulatory capital of the major covered company and apply to the aggregate net credit exposure between the covered company and the counterparty, or between major covered companies and major counterparties. The proposal includes sovereign entities in the definition of counterparty because credit exposures of a covered company to such governmental entities create risks to the covered company similar to those created by large exposures to other types of entities. 6
Single-counterparty credit limit requirements Possible implications The proposed rules regulating single-counterparty credit limits apply to all bank holding companies with assets of $50 billion or more, as well as nonbank financial companies designated as systemically important by the FSOC. The proposed rule suggests that a more stringent single-counterparty credit limit be applied to the largest covered companies. This would require banking organizations to have appropriate systems, tools, and reports to adequately capture, monitor, and report exposure and limits to individual counterparties. Because the single-counterparty credit limits also apply to sovereign entities, there will likely be a need to calculate, monitor, and manage exposure to the sovereign entities to which a company is directly exposed. That means it will likely be important to understand the number, size, and type of trades with each sovereign counterparty. There may be more information forthcoming on how to treat sovereign entities. It remains to be seen whether the proposed rule will, in the end, impose the more conservative limits it suggests now for covered companies with a larger systemic footprint. Size may not be the only factor for determining the systemic footprint of a company. For instance, scope, scale, nature, concentration, marketplace connections, leverage, and off-balancesheet exposures are factors that may be considered in this determination. Because the proposed rule requires credit exposure to be calculated on an aggregated net basis, a bank holding company may want to monitor limits through gross credit exposure as well as net. Today, not all companies manage limits using both of these measures. The proposed rule contains two separate limits. The general limit provides that no covered company may have aggregate net credit exposure to any unaffiliated counterparty that exceeds 25 percent of the regulatory capital of the covered company. There is also a second, more stringent, limit for aggregate net credit exposure between major covered companies and major counterparties. No major covered company may have aggregate net credit exposure to any unaffiliated major counterparty that exceeds 10 percent of the regulatory capital of the major covered company, which may call for more granular reporting, data, and metrics and put additional strain on counterparty credit risk systems and data governance processes. First look A practical guide to the Federal Reserve s newly announced enhanced prudential standards 7
Risk management requirements The proposed rules offer new risk governance requirements, including the establishment of a risk committee of the board and related responsibilities. But that s not all. Additional requirements reflect the view that boards should be more engaged and involved in risk management and oversight. Systemically important financial institutions (SIFIs) and bank holding companies with more than $50 billion in assets (collectively, covered companies) and publicly traded bank holding companies with more than $10 billion in assets must establish a risk committee of the board (RC) that will be responsible for overseeing enterprise-wide risk management practices and follow certain procedural responsibilities. For covered companies, an RC must be a freestanding committee that reports directly to the board of directors. The RC should be supported by a formal, written charter approved by the board, articulating its responsibilities, composition, and member qualification requirements. It is required to include at least one independent director, who will be the chair, and at least one risk management expert. The Federal Reserve indicated that it expects all members of the RC to have an understanding of risk management principles and practices commensurate with the business and risk profile of the company. Under the proposed rules, the RC will have specific responsibilities that include, but are not limited to, oversight and approval of the enterprise-wide risk management framework commensurate with the complexity of the company. They include: Business line risk limits; Appropriate governance, policies, and practices for controlling and monitoring new and emerging risks and reporting deficiencies in risk management; Overseeing compliance with the established risk management policies, controls, and practices; Effective remediation of any noncompliance; Specifying the reporting lines to provide independence of the risk management function; and Integration of risk management objectives into the compensation structure. Here s a closer look. Highlighted rules For covered companies and public bank holding companies with more than $10 billion in assets: A company is required to have an RC with at least one independent director, who is the chair, and at least one risk management expert. The Federal Reserve expects that all RC members have an understanding of risk management practices and policies. Regulators expect these members to have experience in developing and applying risk management practices and procedures, measuring and identifying risks, and monitoring and testing risk controls with respect to banking organizations or nonbank financial companies. A company must also have an enterprise-wide risk management framework including: Risk limitations appropriate to each business line of the company. Appropriate policies and procedures relating to risk management governance, risk management practices, and risk control infrastructure for the enterprise as a whole. Processes and systems for identifying and reporting risks and risk-management deficiencies, including emerging risks, on an enterprise-wide basis. Monitoring compliance with the company s risk limit structure and policies and procedures relating to risk management governance, practices, and risk controls across the enterprise. Effective and timely implementation of corrective actions to address risk management deficiencies. Specification of management and employees authority and independence to carry out risk management responsibilities. Integration of risk management and control objectives in management goals and the company s compensation structure. Companies will be required to have a written, documented RC charter that is approved by the board, specifying the committee s responsibilities for oversight of enterprise-wide risk management practices, its composition, and qualifications requirements. 8
Risk management requirements RC meetings are required to occur regularly. The RC is required to fully document and maintain records of proceedings and risk management decisions. For U.S. bank holding companies with more than $50 billion in assets and non-bank financial companies designated as systemically important: Covered companies will be required to comply with several enhanced risk management standards proportionate to their importance to the financial markets. They will be required to appoint a chief risk officer (CRO), who should have adequate expertise and be sufficiently independent. This CRO should have a high position within an organization to establish independence and also report directly to the RC and chief executive officer (CEO). The role of the CRO will be required to be clearly defined. At minimum, the CRO s role should include: implementing appropriate enterprise-wide risk management practices; directly overseeing the allocation of risk limits; monitoring compliance with risk limits; establishing policies and processes to identify, assess, monitor, address, and report both existing and emerging risks; managing and testing risk controls; and confirming that they are effectively resolved in a timely manner. The CRO will be required to have appropriate expertise given the organization s capital structure, risk profile, complexity, activities, and size; appropriate stature within the organization; and a direct reporting line both to the RC and CEO. The RC must be a free-standing committee, report directly to the board, and receive and review regular reporting from the CRO. Possible implications The proposed rules for enhanced risk management will affect companies at both the board and executive management levels as they relate to broad risk governance issues in certain areas, such as risk committee composition and procedural requirements and requirements related to the establishment, expertise, and reporting lines of the CRO. If companies already have an RC and a CRO, they should consider assessing the qualifications, stature, and positioning of the CRO and the risk management function. The proposed rules require that the CRO has appropriate qualifications, reports directly to the RC and CEO, and has a sufficiently high stature in the organization to be adequately independent. A far-reaching impact of the new rules is the requirement to implement an enterprise-wide risk management framework. The proposed rules will likely have a much wider and deeper impact on those that do not currently have such a framework, including the corporate and business unit risk management functions and the business units themselves. In this case, the CRO and the risk management function should consider driving the design, development, and implementation of the risk management framework. The individual business units will have to comply with the risk limit allocation rules established by the CRO and the risk management function. Companies may need to re-evaluate their management s compensation structures in order to keep those arrangements in line with any changes resulting from the implementation of the proposed rules. A company s data availability and system infrastructure will likely need to be upgraded to meet the demands of an enterprise-wide and integrated risk analysis and automated risk limit compliance monitoring. Some companies and boards may supplement their risk management framework self-assessments with an independent assessment by a qualified third party to provide a level of objectivity and in-depth knowledge that can be difficult to obtain in a pure selfassessment. External parties can be particularly useful in benchmarking management s practices against those of the industry, and in updating the board and the RC on current practices as well as recent regulatory moves and other developments. First look A practical guide to the Federal Reserve s newly announced enhanced prudential standards 9
Stress testing requirements The proposed stress testing rules are intended to augment the Federal Reserve s increased monitoring of companies that began with the Supervisory Capital Assessment Program (SCAP) and the Comprehensive Capital Analysis and Review (CCAR) activities. Stress tests are designed to examine the adequacy of a company s capital and liquidity positions under three distinct scenarios baseline, adverse, and extremely adverse. These scenarios are supposed to determine a company s ability to remain viable under various economic conditions. Each year U.S. bank holding companies with total consolidated assets of more than $10 billion and certain nonbank financial companies must provide their capital plan and stress testing information as of September 30 to the Federal Reserve by January 5 of the following year. The Federal Reserve will evaluate the submissions to determine if a company s current and projected capital and liquidity positions are sufficient to support operations and planned actions such as mergers, acquisitions, changes in level and composition of debt and equity, or related dividends. Here s a closer look. Highlighted rules The proposed rules apply to any bank holding company, savings and loan company, or state member bank with more than $10 billion in total consolidated assets, which is regulated by a primary federal financial regulatory agency. However, foreign banks with large U.S. operations and $50 billion or more in global consolidated assets are not subject to the proposed regulations at this time. The Federal Reserve will issue separate rules for them at a later date. The proposed stress testing process involves applying three Federal Reserve scenarios baseline, adverse, and severely adverse. The proposed stress testing requirements apply to capital and liquidity planning activities as part of the capital and contingency funding plans. Stress test results and compilation of the capital and contingency funding plans must be submitted to the Federal Reserve by January 5 annually. The Federal Reserve likely will evaluate a company s capital plan, contingency funding plan, and stress testing information. From there, it may object to the capital plan, contingency funding plan, and any proposed capital or business actions. The Federal Reserve will publish the results of its assessment of the capital plan and stress testing submissions. 10
Stress testing requirements Possible implications The level of effort required to fulfill the requirements of the standards could be significant and, as a result, companies should consider dedicating specific resources to perform the proposed stress tests. These employees should understand their company s business model and specific activities, the core concepts of stress testing, and the capital and liquidity implications of stress testing. The proposed stress testing process is designed to provide information on a company s capital and liquidity adequacy. Stress testing cannot be conducted in isolation nor can it be viewed as a segmented process. Consideration should be given to including it as a part of a periodic management process to evaluate a company s capital and liquidity position. The proposed rules require additional regulatory reports, including the FR Y-14A, filed annually, and FR Y-14C, filed on a quarterly basis. For these additional reporting requirements, combined with submission of capital and contingency funding plans and the FR Y-9C, companies should assess their current personnel and systems to support these additional activities. These reports provide information on the stress testing scenarios, including the variables used in the stress tests along with its results. Companies should evaluate their information technology and data management systems to determine whether they can support stress tests, the required information compilation for the capital and contingency funding plans, and regulatory reporting mandates. Part of this evaluation is determining how accurate the data is and identifying potential differences in credit and accounting reporting requirements. The proposed rules incorporate a capital plan, contingency funding plan, and stress testing elements that will likely require the development of processes, policies, and procedures to facilitate the timely completion of these requirements. In addition, the elements may require significant data and personnel resources to support the new reporting. Companies should consider the amount of resources required to support this effort, particularly given the short reporting timetables. The proposed stress testing process may require cooperation among employees from various business units and departments, who will likely be expected to commit a significant amount of their time to support the process, capital, and contingency funding plans. Not only should they be briefed on standards, scenarios, and requirements, but they should also be aware of how regulatory reporting, stress testing, and capital and contingency funding planning are connected. Companies should develop policies, procedures, and processes regarding governance and control. They should consider integrating a project management process to help fulfill submission requirements in a timely manner. The areas of focus may include: performance of stress testing; regulatory reporting, including FR Y-9C, FR Y-14A, and FR Y-14C, which will be a source of historical information; liquidity, capital planning, and management; and data validation for the integrity and accuracy of information used in the stress testing process and incorporated in the capital and contingency funding plans. First look A practical guide to the Federal Reserve s newly announced enhanced prudential standards 11
Early remediation requirements The proposed early remediation rules impose a set of standards upon bank holding companies with $50 billion or more in assets and nonbank financial companies deemed systemically important to promptly address financial weaknesses. It s essentially an early-warning system to flag those companies that might be under financial stress, so that any problems may be eased before they grow larger. Under the proposed rules, both the Federal Reserve and covered companies have particular duties, obligations, and actions to perform if certain events or financial thresholds are triggered. The framework increases the number of triggering events that should be considered. For example, capital distributions may have been limited or restricted in the past based on a bank s risk-based capital ratios. The proposed rules give the Federal Reserve the authority to restrict capital distributions for the consolidated company based on regulatory capital ratios, liquidity measures, and measures of financial condition. It also takes into consideration qualitative factors such as supervisory stress testing, market indicators, and weaknesses in enterprise-wide risk management and liquidity risk management. It s worth noting that the market indicator category provides a third-party assessment of the covered company s financial condition, which is new to the Federal Reserve. The proposed rules are also very clear about the corrective actions that the Federal Reserve will take after an event is triggered actions that are more restrictive than in the past. For example, restrictions on growth and capital distributions would occur once a covered company s capital levels fell below the well capitalized threshold. In contrast, similar actions do not occur under the PCA (prompt corrective action) regime until a depository institution falls below the adequately capitalized level. Here s a closer look. Highlighted rules The proposed rules create a framework with four levels of remediation requirements and several triggers, in areas such as capital ratios and liquidity, that measure financial stability. This framework is designed to identify potential or emerging issues before problems become significant within a company. The four levels are: Heightened supervisory review (Level 1). The Federal Reserve conducts a targeted review of the covered company to determine if it should be moved to the next level of remediation. Initial remediation (Level 2). A covered company is subject to restrictions on growth and capital distributions. Recovery (Level 3). Covered companies are subject to restrictions on growth and capital distributions, limits on executive compensation, requirements to raise additional capital, and other demands on a case-by-case basis. Recommended resolution (Level 4). The Federal Reserve considers whether to make a recommendation to the Treasury Department and the Federal Deposit Insurance Corporation that the organization be resolved under the orderly liquidation authority provided in Title II of the Dodd-Frank Act. 12
Early remediation requirements Possible implications Covered companies should develop an understanding of the triggers that signal certain weaknesses. They should also consider that the actions the Federal Reserve is required to take are prescribed in law it is not discretionary. Companies will likely need a technology and reporting infrastructure to comply with the proposed rules and help the board and company management monitor criteria that signal whether a company has tripped an early remediation trigger or is on the path to set one off. The board and management should consider the differences between the quantitative and qualitative triggers. Qualitative triggers focus on how well a company executes its processes in areas such as capital planning, liquidity, or risk management. Companies will likely need to actively monitor these triggers by performing risk management or liquidity management assessments. Quantitative triggers may limit distributions and growth opportunities. Companies may need to develop additional technology, reporting, and processes to meet the requirements described in the proposed rule. However, many of these requirements could be met through compliance with the other enhanced prudential supervision rules. If the Federal Reserve determines that a covered company requires Level 2 supervision or higher, the company may face restrictions on growth and capital distributions. Level 3 supervision may warrant the removal of some management executives. First look A practical guide to the Federal Reserve s newly announced enhanced prudential standards 13
What s next? The Federal Reserve is seeking feedback on the proposed rules from bank holding companies and nonbank financial companies regarding how the potential application of these proposed rules will affect them. There is a 90-day period to answer embedded questions. The Federal Reserve has also indicated that it will release rules on foreign banks with U.S. operations at a later, unspecified date. Here are two considerations for companies determining next steps. This is proposed law. In many instances, what the Federal Reserve previously outlined as guidance is now proposed as law. When the rules are finalized they will be implemented as law, and violations can come with steep civil money penalties. Some of these new provisions also carry a daily compliance requirement, which will likely require an enhanced compliance framework to avoid violations. Compliance depends on when these rules are finalized. The Federal Reserve said it would give industry until March 31, 2012, to comment on the new rules. As determined by the Dodd-Frank Act, industry is required to comply with the rules on the first day of the fifth quarter after they are finalized. So the (approximately) one-year compliance clock will begin ticking after the rules are finalized, although a precise date for finalization has not yet been identified. 14
Contacts Bob Contri Vice Chairman U.S. Financial Services Leader Deloitte LLP +1 212 436 2043 bcontri@deloitte.com Kevin McGovern U.S. Managing Partner Governance, Regulatory & Risk Strategies Deloitte & Touche LLP +1 617 437 2371 kmcgovern@deloitte.com Capital Bala Balachander Director Deloitte & Touche LLP +1 212 436 5340 lbalachander@deloitte.com Alok Sinha Principal Deloitte & Touche LLP +1 415 783 5203 asinha@deloitte.com Liquidity Robert Maxant Partner Deloitte & Touche LLP +1 212 436 7046 rmaxant@deloitte.com Single-counterparty exposure and stress testing Sabeth Siddique Director Deloitte & Touche LLP +1 202 378 5289 ssiddique@deloitte.com Risk management Scott Baret Partner Deloitte & Touche LLP +1 212 436 5456 sbaret@deloitte.com Ed Hida Partner Deloitte & Touche LLP +1 212 436 4854 ehida@deloitte.com Remediation Deborah Bailey Director Deloitte & Touche LLP +1 212 436 4279 dbailey@deloitte.com
Insights. Research. Connections. Headquartered in New York City, the Deloitte Center for Financial Services provides insight and research to help improve the business performance of banks, private equity, hedge funds, mutual funds, insurance, and real estate organizations operating globally. The Center helps financial institutions understand and address emerging opportunities in risk and information technology, regulatory compliance, growth, and cost management. To learn more about the Center, its projects and events, please visit us at www.deloitte.com/us/cfs. About Deloitte As used in this document, Deloitte means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. This document contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this document, rendering business, financial, investment, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this presentation. Copyright 2011 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited