Categories
News

LRM Advisory: Q1 2018

AuditOne LLC Advisory

From Bud Genovese, Chairman

Kruskal Hewitt, a Senior Associate based in our New York City office, has written an article below that summarizes how financial institutions are monitoring and controlling their exposure to liquidity risk. Funds management is always a critical component of financial risk management but especially so in the current macroenvironment and in view of regulatory concerns over “surge deposit” risk.

Mr. Hewitt tracked this data from the numerous Liquidity Risk audits we perform each year. We’ve compiled (anonymously) into a very useful database the data gathered in those audits. Please feel free to forward this informative column to any appropriate people in your financial institution.  For the best viewing experience, please go to our website.  Thank you.  – Bud

AUDITONE LLC’S ANALYSIS OF LIQUIDITY LIMITS 2015 – 2017

AuditOne LLC is a leading provider of outsourced internal audits for community banks and other small/mid-sized financial institutions. Please refer to our website https://www.auditonellc.com for further information about AuditOne. Among AuditOne’s practice areas is liquidity risk management (LRM). US financial institutions are expected to have regular internal audits of their monitoring and control of LRM, which requires a variety of tools.

AuditOne has compiled (anonymously) data from 76 of our LRM clients on liquidity limits. These are institutions where we have used data from the most recent AuditOne LRM audit, no further back than 2015. AuditOne believes this database is relevant to AuditOne clients because it covers a relatively narrow range of asset size, geography and business lines. AuditOne will update this analysis annually.

WHICH LIMITS

Regulators have not created rules or detailed guidance on how liquidity should be modeled, measured or limited. As a result, there is a broad proliferation of measurements (and limits), differing widely across institutions. There is no single measure that is used by more than two thirds of our clients and only seven that are used by more than a third. As an illustration of the diversity, we have clients that have only one liquidity measurement subject to a limit while there are some with more than 15.

However, these figures can be a bit misleading. For example, a metric targeting a particular aspect of liquidity risk may show up in a number of different forms and definitions. Another example, some banks monitor against a limit while others may monitor and report the same metric but without imposing a (maximum or minimum) limit. We believe that most of our clients are satisfactorily monitoring their liquidity position, and that the common points of liquidity risk exposure across institutions generally get appropriate attention.

Please note: the difference between “less than” and “less than or equal to” (or “greater than” and “greater than or equal to,”), is minimal (in ratio terms). In the following presentation we have made no distinction between the two. For ease of notation, only “less than” (<) and “greater than” (>) are used.

DEFINITIONS

Brokered Deposit / Total Deposit: In the numerator, all brokered deposits (per regulatory definition) + all deposits > $250,000, unless the institution has specifically designated a core depositor.

FHLB Advances / Total Assets: In the numerator, all collateralized borrowings for the FHLB.

Liquid Assets / Total Assets: In the numerator, all assets that mature within one year + Available for Sale securities.

Net Loans & Leases / Total Deposits & Borrowings:

Net Non-Core Funding Dependence: This ratio is noncore liabilities less short-term investments divided by long term assets. Noncore liabilities are total time deposits > $250,000 + other borrowed money + foreign office deposits + securities sold under agreements to repurchase + Federal Funds purchased + insured brokered deposits. Long term assets are net loans and leases + securities – debt securities with a remaining maturity of one year or less + other real estate owned (non-investment).

Total Liquidity/ Total Assets: The numerator is short term assets – short term liabilities + off-balance sheet liquid resources.

Wholesale Funding / Total Assets: The numerator is brokered deposits (including CDARS) + listing service deposits + security repurchase agreements + net Fed Funds purchased.

2017 DATABASE ANALYSIS

This is our first analysis and presentation of this data. It presents results across our entire database of 76 institutions. However, we would be happy to recalculate any of the results for subsets of institutions based on asset size, primary regulator, and/or a specific limit that is not listed below. Please contact either Jeremy Taylor or Kevin Watson at 562-802-3581.
Note that “<%” implies a limit expressed as a maximum (i.e., the highest that ratio can go), and vice versa. This is in contrast, in the tables below, with “Maximum” which indicates the highest limit amount across our database and “Minimum”, the lowest limit amount, whether the limit itself represents the highest or lowest the ratio in question is allowed to go.

Net Non-Core Funding Dependence: <%

ClientsAverageMedianMinimumMaximum
5027%25%10%60%

Net Loans & Leases / Total Deposits & Borrowings: <%

ClientsAverageMedianMinimumMaximum
45101%95%75%135%

Total Liquidity/ Total Assets: >%

ClientsAverageMedianMinimumMaximum
3917%15%5%50%

Brokered Deposit / Total Deposit: <%

ClientsAverageMedianMinimumMaximum
3214%10%5%45%

Liquid Assets / Total Assets: >%

ClientsAverageMedianMinimumMaximum
3111%10%5%20%

FHLB Advances / Total Assets: <%

ClientsAverageMedianMinimumMaximum
2823%25%10%40%

Wholesale Funding / Total Assets: <%

ClientsAverageMedianMinimumMaximum
2335%30%10%120%

DATABASE MIX SUMMARY

The following tables describe the 76 institutions in the database.  All dollar figures are in millions.

Database mix by asset size:

CountMaxAverageMedianMin
76$8,603$656$330$24

Database mix by primary regulator:

CountMaxAverageMedianMin 
57$8,603$721$292$60FDIC
9$927$557$525$276FBR
9$993$345$245$24OCC
0nanananaNCUA

Kruskal has been a Senior Associate with AuditOne since 2014, specializing in ALM (asset/liability management) audit and consulting work. He has considerable experience in the treasury and trading areas, including derivatives, investments and foreign exchange, in addition to interest rate and liquidity risk. Prior to AuditOne, he was with a Japanese utility, managing market and credit risk. Before that his background included market risk management with a large US regional bank and with multinational banks in the US, Asia and Europe. Kruskal holds a BA in Mathematics and an MBA from Northeastern University. His certifications include PRM (Professional Risk Manager), FRM (Financial Risk Manager), and CALMS (Certified ALM Specialist).


AuditOne LLC – Company Overview

AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at: Contact Us or Kevin Watson, Co-CEO at: Contact Us and for information about all of our audit services see AuditOneLLC.com

Categories
News

AuditOne Compliance Advisory: 2018 Q1

AuditOne LLC Advisory

From Bud Genovese, Chairman

The Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) are at the forefront of sweeping changes.  In this edition, we cover recent updates to FinCEN BSA guidance, the launch of FinCEN Exchange, Marijuana Related Business impacts, Cryptocurrency, BSA Examination Trends and more.  Additionally, the Senate has recently stepped up efforts on bipartisan legislation designed to roll back changes made to the lending landscape by the Dodd-Frank Act.  Finally, we will share some information on recent Compliance developments and enforcement actions.  This has been prepared by Celeste Burton, Compliance Practice Director, AuditOne LLC.  We hope you enjoy! – Bud

Economic Growth, Regulatory Relief, and Consumer Protection Act

Earlier this morning, the Senate passed the Economic Growth, Regulatory Relief, and Consumer Protection Act (“the Bill”), a bipartisan bill that effectively amends and relaxes certain acts and requirements to increase access to capital for home purchases.  As stated, the Bill accomplishes the following:

  • Amends the Truth in Lending Act to allow institutions with less than $10 billion in assets to waive “Ability-To-Pay” requirements for certain residential mortgage loans. Other mortgage-lending provisions related to appraisals, mortgage data, employment of loan originators, manufactured homes, and transaction waiting periods are also modified.
  • Amends the United States Housing Act of 1937 to reduce inspection requirements and environmental-review requirements for certain smaller, rural public-housing agencies.
  • Amends the Bank Holding Company Act of 1956 to exempt banks with assets valued at less than $10 billion from the “Volcker Rule,” which prohibits banking agencies from engaging in proprietary trading or entering certain relationships with hedge funds and private-equity funds.
  • Modifies provisions relating to enhanced prudential regulation for financial institutions, including those related to stress testing, leverage requirements, and the use of municipal bonds for purposes of meeting liquidity requirements.  Certain banks are also exempted by the Bill from specified capital and leverage ratios, with federal banking agencies directed to promulgate new requirements.
  • Requires credit reporting agencies to provide credit-freeze alerts and includes consumer-credit provisions related to senior citizens, minors, and veterans.

Relaxed rules are intended to increase lenders’ appetite for consumer lending.  The potential downside is that relaxed standards might create an economic environment equivalent to what we experienced in 2008, a time that had not been seen since the Great Depression of the 1930’s.   The potential upside, however, is that while the same historical alphabet soup of consumer regulations will remain, the modified consumer disclosure rules implemented as a result of Dodd-Frank could be trimmed or removed, thereby cutting costs and potentially making borrowing more accessible and less expensive.  There will likely be changes in the House before the bill becomes law.  Stay tuned.

https://www.congress.gov/bill/115th-congress/senate-bill/2155

EconBank Secrecy Act (BSA)/Anti-Money Laundering (AML)

RECENT DEVELOPMENTS

Marijuana Related Businesses (MRBs)

The Department of Justice (DOJ) recently issued a memorandum that encouraged all U.S. Attorneys to prosecute for marijuana-related activities. The memo also addressed the return of the Controlled Substance Act, which prohibits the cultivation, distribution and possession of marijuana, all of which are activities that can lead to charges related to money laundering and BSA. Although the Cole Memo has been rescinded, there has been no further guidance from FinCEN addressing the impact on an institution’s SAR filings or the banking of a MRB. Without further guidance from FinCEN, we encourage financial institutions to continue to file SARs as normal on MRBs and to make sure your Five Pillars are ironclad should you decide to venture into this arena.

Launch of FinCEN EXCHANGE

On December 4, 2017, FinCEN announced the launch of a new program to enhance information sharing with financial institutions. Participation in FinCEN Exchange is voluntary. However, it is encouraged as it helps Treasury meet their objective to strengthen the anti-money laundering framework. FinCEN Exchange will include regularly scheduled briefings across the nation with law enforcement to obtain information related to illicit finance and national security threats. If the briefings conclude that an institution may have relevant information that law enforcement wants to obtain, 314a and 314b will likely facilitate the information exchange.

FinCEN BSA FAQ Update

  • Removal of requirement for depository institutions to file a Designation of Exempt Person form with respect to the transfer of currency to or from any of the 12 Federal Reserve Banks (in accordance with amended 31 CFR 1020.315);
  • Updated guidelines for filing the Designation of Exempt Person form; and,
  • New guidance concerning the types of identifying information financial institutions should obtain when a federal, state or local government official engages in a transaction over a certain amount in an official capacity.

See: https://www.fincen.gov/answers-frequently-asked-bank-secrecy-act-bsa-questions

E-Filing

FinCEN changed the type of file format that will be accepted through the e-filing system. By May 2018, all Currency Transaction Reports (CTR)s for batch filers must be uploaded in an XML based file. The format change for Suspicious Activity Reports (SAR)s will take effect in June 2018.

Cryptocurrency
Cryptocurrency is a relatively new concept in the world of banking, best described as a payment technology method that has a direct impact on money laundering efforts.  Two Acts created a path for civil and criminal regulation of cryptocurrency exchanges:

  • The Money Laundering Suppression Act of 1994, which requires Money Service Businesses (MSBs) to register with FinCEN on a biennialbasis.
  • The USA PATRIOT Act (2001), which made it a federal crime to operate a money transmitter business without a money transmitter license in any state that required such a license.

Moreover, the invention of Bitcoin in 2009 and introduction of other virtual currencies have served to increase regulatory concern for illegal behavior.  As a result, FinCEN issued interpretive guidance for virtual currency exchanges “to clarify the applicability of the regulations implementing the BSA to persons creating, obtaining, distributing, exchanging, accepting, or transmitting virtual currencies”. Virtual Currency is defined broadly in the Guidance to include all manner of items used as a medium of exchange … and any currency that “either has an equivalent value in real currency or acts as a substitute
for real currency.”  The guidance also clarified the following:

  • BSA requirements for MSBs apply equally to any cryptocurrency exchange that does business in the United States or with U.S. persons, regardless of the nationality of its ownership or its physical location.
  • Exchangers and administrators are considered money transmitters that must register as MSBs, thereby making them subject to BSA requirements to develop robust anti-money laundering compliance programs.
  • A user of virtual currency is not an MSB under FinCEN’s regulations and therefore is not subject to MSB registration, reporting, and recordkeeping regulations.
  • Money transmitters must comply with the obligations that the BSA and FinCEN place on those types of businesses.
  • For financial institutions with broker dealer subsidiaries, the SEC is responsible for enforcement of current registration, disclosure, and antifraud requirements of the securities laws applicable to those who issue or deal in cryptocurrencies.

Since 2015, there has been an increasing number of criminal complaints regarding the operation of unlicensed MSBs related to cryptocurrencies.  Three notable cases involved the following companies: E-gold, a digital gold currency and alternative payment system that was processing more than $2 billion worth of transactions per year; BTC-e, an Eastern European cryptocurrency exchange that conducted around $300 million in transactions of Bitcoin; and Ripple Labs, a company that builds products utilizing the decentralized cryptocurrency known as XRP, with sales of XRP currency totaling over $1.3 million.   Refer to Enforcement Actions Section of this Advisory for details.

The culmination of guidance on Cryptocurrency points to three primary obligations of money transmitters that we recommend be considered by lending institutions as part of Know Your Customer (KYC) programs:

  • Registered with FinCEN?
  • Have a risk-based AML and KYC program?
  • Filing suspicious activity reports (i.e., for purposefully obscured and anonymized transactions or for individuals associated with the transaction that are “widely reported as associated with criminal or civil violations of U.S. law”)?

Beneficial Ownership

Beginning May 11, 2018, financial institutions will be required to collect CIP on 25% owners of legal entity customers as well as at least one “controlling” person, requiring a drill down through multiple LLC layers as applicable.  FinCEN has not yet issued clarifying guidance on areas addressed in the new rule that suggest procedures should be “risk-based.” FinCEN did, however, recently indicate that they recognized the need for clarification by stating that they may be issuing additional guidance with a release of updated FAQs on the new rule. In addition, the regulators are updating the FFIEC BSA Examination Manual to address the new rule.

BSA/AML EXAMINATION TRENDS

Always helpful to pause and take stock of how well your institution fares when it comes to BSA examination “hot topics” and trends.  Some best practices that we recommend follow:

  • BSA Policy
    • Ensure written procedures address all customers and products.
  • Suspicious Activity Monitoring
    • Continually ensure software settings and rules address the Bank’s specific BSA/AML risk profile, making adjustments as warranted.
  • Risk Assessment (RA)
    • Provide meaningful historical data to support management’s analysis, including risk trends, mitigating controls, and residual risk for each product, service and customer.
    • Update the RA to include information on countries with which the Bank conducts international transactions, to provide a more accurate assessment of the inherent risk in those transactions.
    • Incorporate level and trend analysis on SARs and CTRs filed, including exempt customers to assess the risk changes within the Bank’s customer base from year to year.
  • Customer Identification Program/Customer Due Diligence/Enhanced Due Diligence
    • Ensure CIP forms contain complete information on primary identification, including a written description of the Bank’s primary method of positive identification such as government-issued driver’s license, ID Card, or passport.  Clearly evidence date of birth and OFAC checks conducted.
    • Perform enhanced due diligence on high-risk customers, including politically exposed persons, non-resident aliens, cash-intensive businesses, non-government organizations, charities, and money transmitters. Those with complex cash flows are potentially more susceptible to money laundering and terrorist financing.

Other Compliance Developments

HMDA

The FFIEC issued the 2018 HMDA Getting It Right Guide.  This edition reflects changes to Regulation C taking effect January 1, 2018. While the Guide serves as a valuable resource for HMDA reporting requirements, please note that it does not include guidelines about the HMDA e-filing process.  This information is separately maintained on the FFIEC website and can be found at www. consumerfinance.gov/data-research/hmda/for-filers and www.ffiec.gov/hmda/.

Flood

With the federal government shutdown on January 19, 2018, the authority of the Federal Emergency Management Agency (FEMA) to issue flood insurance policies under the National Flood Insurance Program (NFIP) lapsed.  Subsequently, on January 22, 2018, the NFIP was reauthorized (by legislation passed by Congress and signed by the President) to February 8, 2018.  After a brief government shutdown, Congress passed a $400 billion budget deal that was signed into law by the President that extended the NFIP to March 23, 2018.


FEMA guidance related to lapses can be found at https://nfip-iservice.com/Stakeholder/pdf/bulletin/w-17069.pdf.  Moreover, guidance issued by the banking agencies, during the 2010 lapse, may also be useful and can be found on each agency’s website at:

Automated Clearing House (ACH) Rules

ACH Rules go into effect four times per year.  NACHA has adopted a Rule to provide a new capability for moving virtually any ACH payment faster.  The rules were implemented in three phases, commencing in September 2016.  The third and last phase will become effective March 16, 2018.  Ensure that your institution is prepared to comply, with a focus on key topics such as:

  • Origination obligations
  • Receipt posting and availability
  • Credits vs. debits
  • Implementation

Notable Enforcement Actions

  • Regulators assessed the following civil money penalties (CMP) against US Bancorp for failure to maintain satisfactory risk management and oversight of the corporation’s and its subsidiary bank’s BSA/ anti-money laundering (AML) program:
  • The  OCC imposed a $50 million CMP against Rabobank, NA (Roseville, CA) for deficiencies in its BSA/AML program. https://www.occ.gov/news-issuances/news-releases/2018/nr-occ-2018-15.html
  • Flood enforcement actions have continued.  The financial institutions recently impacted are:
    • Hantz Bank (Southfield, MI), FDIC, $14,000
    • Bank of Lake Mills (Lake Mills, WI), FDIC, $5,000
    • Goldman Sachs Bank USA (New York, NY), FRB, $90,000
    • Clear Mountain Bank (Bruceton Mills, WV), FRB, $14,000
  • The Department of Justice brought a 21-count indictment against BTC-e and a Russian National international money laundering scheme, for laundering funds from the hacking of another cryptocurrency exchange.  FinCEN also assessed a $110 million CMP against BTC-e for willfully violating AML laws, and the head of Operations and Finance was individually assessed a $12 million penalty for his role in the violations.  Initially reported in July 2017, the case has current relevance as a baseline for future enforcement activity.

AuditOne LLC – Company Overview

AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at: Contact Us or Kevin Watson, Co-CEO at: Contact Us and for information about all of our audit services see AuditOneLLC.com