More punitive regulatory approach raises financial statement audit scrutiny

In the aftermath of the Great Recession, regulators have turned dramatically to a far more punitive approach in dealing with actual and alleged instances of noncompliance with laws and regulations by financial institutions. The increased presence of significant financial consequences, mostly in the form of penalties and required consumer remediation, brings into greater light a financial statement auditing standard, AU-C Section 250 Consideration of Laws and Regulations in an Audit of Financial Statements, that previously had infrequent application and limited effect on the financial condition and results of reporting companies’ operations.

Auditor responsibility and scrutiny is heightened

AU-C Section 250 requires the auditor to assess the effect of known instances of noncompliance with laws and regulations on a company’s financial statements. Whereas the standard does not require the auditor to conduct definitive procedures to determine whether such instances of noncompliance exist, in those instances in which available evidence indicates there has been, or may have been, material instances of noncompliance, the auditor is obligated to evaluate the financial statement consequences, if any.

Accordingly, because of the more punitive regulatory approach that has recently emerged, auditors of financial institutions will be more closely evaluating the current actions of regulatory agencies toward their clients, including the status of regulatory examinations in progress, and the adequacy of the company’s ability to assess and conclude any material instances of noncompliance. Financial institutions that are aware of such instances, even if not yet identified by, or discussed with, regulators, will be asked to clearly demonstrate their assessment of the potential effect of noncompliance with laws and regulations on their financial statements.

Consumer-oriented activities bring increased risks

With the emergence of the Consumer Financial Protection Bureau (CFPB) and continuing efforts to reform housing finance and other consumer lending industries, the most critical focus by regulators is on consumer-oriented banking activities, mostly related to deposit accounts and lending. The following are among the most common areas in which financial institutions have found themselves subject to material penalties and requirements for consumer remediation:

Bank Secrecy Act/Anti-Money Laundering

Regulators expect banks to go beyond flagging large deposits and to look at aggregate behavior. Although the reporting threshold is $10,000, banks are expected to flag an account that reflects multiple deposits within a short period of time that may in aggregate exceed this level. Banks must know their customers, and know whether a pattern of deposit activity is an attempt to evade reporting or other requirements. If a bank’s client engages in “money changing” activities, the bank may be as liable as that client for demonstrating compliance with the applicable laws and regulations.

Fair Lending Act

Regulators check to determine if lenders are consistently applying underwriting standards to all protected classes, and collecting the consistent information regardless of protected class or geography. Every lending activity must be fully documented to show that consistent, compliant procedures were followed for each applicant. Documentation requirements in this area are extremely rigorous and deficiencies in such documentation have led to significant regulatory actions.

Default servicing

Before any unfavorable action is taken against a borrower, servicers must ensure they have internal controls that meet all standards. From the time the loan is delinquent to the day the servicer modifies the loan or forecloses on the property, servicers need to document every activity and communication, ensuring that timeframes were strictly followed. A seemingly casual, accommodating comment by a customer service representative can start the clock ticking on a specific activity, such as making a decision, even if the servicer didn’t formally intend to start that process. Servicers are also responsible for any third-party services. If foreclosure filings and bankruptcy issues, for example, are handled by an outside law firm, the servicer has an obligation to subject that firm to thorough due diligence, oversight, and review. The responsibility for compliance never leaves the servicer.

Deposit account service fees

More commonly known as overdraft fees, a number of banks have taken an aggressive approach to charging fees and have suffered compliance issues because of it.  Clearing checks daily in descending amount, for instance, will likely cause an overdraft sooner and may raise a red flag with regulators.

Mandate compliance, be informed, and be prepared

Certainly, the most effective defense against instances of noncompliance of laws and regulations, and the potential for measureable financial statement consequences is establishing an operating environment in which compliance to the fullest extent possible is expected throughout the organization. However, because full compliance is rarely achieved, financial institution management and board of directors must be fully informed of any situations that have occurred, or may occur, that could attract the form of penalties and other punitive actions present in today’s regulatory environment.

Finally, financial institutions must be prepared to fully respond to findings, observations, and allegations involving noncompliance. In addition to addressing the concerns of regulators on such matters, companies need to be prepared to address the auditor’s inquiries as to how such matters affect their financial condition, results of operations, and financial statement disclosures.

The following are some primary characteristics that should be in place to address these concerns:

  • Senior commitment: First, the entire organization, from the board and senior management on down, has to make compliance a priority. Although absolute compliance is rarely achieved, tolerance of noncompliance should be set at aggressively low levels and adhered to throughout the organization.
  • Expert review: Every fundamental business activity should be reviewed by an internal or external compliance expert who understands what the regulations require, and understands the regulatory perspectives at the most finite levels of the applicable laws and regulations.
  • Monitoring and documentation: A compliance officer, compliance department, or third-party expert should monitor and document all operations and ensure they conform to a set of compliant policies and procedures.
  • Internal audits: Finally, the compliance department, or ideally a knowledgeable independent third party, should conduct periodic audits and reviews. A number of transactions—such as mortgages, where the bank and third parties had multiple consumer contacts—should be followed from beginning to end. Was the process followed correctly?  Was every action documented?  Was each action completed within regulatory deadlines?

Baker Tilly insights

The current approach by financial institution regulators has clearly heightened the sensitivities of financial statement auditors. Experienced professionals can help financial institutions proactively establish a framework in which they are able to achieve a high level of compliance, be informed as to the existing risks of noncompliance, and prepare to respond to instances of noncompliance should they arise. Further, these professionals can assist in understanding how to address the auditor’s responsibilities concerning the effect on the company’s financial statements and related disclosures.

For more information on this topic, or to learn how Baker Tilly banking specialists can help, contact our team.

Next up

ACA’s employer mandate poses unique issues for higher education