CECL Accounting: The good, the bad, and the complex
**Please check our most recent blog post regarding the latest changes to the FASB deadlines.**
Financial institutions have complexity on their minds as they confront the transition to the new Current Expected Credit Loss (CECL) accounting standard for loan-loss estimates. Indeed, a recent survey found that nearly nine out of ten financial professionals cited increasing complexity as one of their biggest challenges in the move to CECL.
Garry Rank, an authority on CECL accounting, has spent more than three decades as an auditor and public accountant. In this in-depth Q&A, he outlines the nature of the complexities the financial sector will encounter as CECL becomes the new accounting standard.
Garry will discuss:
- The most prominent complexities financial institutions will face
- Why auditing becomes much more complex under CECL
- How financial institutions will have to deal with the strain on resources — financial and personnel — as they implement the new standard
- The issues banks and credit unions must confront now to prevent problems from cascading through the remaining transition
- What a CECL steering committee should do to deal with these intricacies
- The advantages of automation vs. manual processes like spreadsheets under CECL
- Why companies need to confront the risks of data silos
- The crucial steps institution leaders should take today to deal with CECL
On to the questions and Garry’s answers:
Q: A recent survey of financial professionals found that 84.5% expect increased complexity for compliance in their move to CECL. So, what are some of the most prominent examples of complexities under CECL that banks didn’t confront under current ALLL?
A: I would start with the need for data. There was a need for data under the incurred-loss model, but I think they’re finding that, with the new life-of-the-loan concept, there’s a longer period of time over which the data is needed.
People are getting more concerned about data — its completeness and its accuracy. And on a going-forward basis, as they better understand their data, they’re going to need to retain more. So, data is probably one of the big starting points for most of the analysis.
The reasonable-and-supportable forecast is the second complexity. Under the current incurred-loss model, you basically start today and look backward. Under CECL, you’ll be required to project losses over what you determine is the life of the loan. As part of the “reasonable and supportable forecast,” you’re going to have to begin to identify and utilize national, regional, and local economic information to support your CECL implementation conclusions and positions.
How robust is the local, regional and national economic data? Is it truly reliable?
I think if anything, there’s probably too much economic data in the marketplace, but there are some really reliable sources — in particular, from the regulatory agencies like the Federal Reserve. And we’re also talking about very basic data like unemployment, gross domestic product, etc., at the national level. So, the more I hear about data in terms of CECL forecasting and implementation, the more comfortable I get about its availability, accuracy and relevance to the CECL calculation.
Why does auditing become so much more complex under CECL?
Under the CECL model, auditing is ongoing rather than the annual basis most financial institutions are familiar with.
Here’s the big shift: In general, 80% of incurred-loss models are very similar and 20% are unique to a specific institution. I think under CECL, that’s going to flip: you’ll have 20% that are common to most CECL models, and 80% that are unique.
Regulators and financial auditors are, in essence, going to have to reinvent the wheel at each institution they audit, which puts more pressure on institutions to document their CECL methodology in a higher-quality fashion.
Financial institutions are worried about increasing the drain on resources under CECL, including personnel. Do you think this will bear out and how, or will they be able to outsource?
Again, I’ll use my 80-20 rule. There’s no scientific evidence to this, but I think 20% of those required to implement CECL will not have a shortage of labor because they will have less complex adoption issues, and they may have the quality of staff who have the necessary experience to get it done without straining their existing resources.
Then there’s the 80% that’s probably going to have a challenge. We hear frequently that the individuals who likely are going to be deeply involved in the implementation of CECL already have demanding positions inside the institution — they already have full calendars.
Their implementation of the accounting standard is going to be more complex; therefore, they’re going to need more resources. And as we get closer to 2019 and 2020, the outside resources are going to get stretched as well. I liken this to the strain on resources when Sarbanes-Oxley was put into effect.
Most banks are at the early planning stages of transitioning to CECL accounting. What are some of the issues that they have to nail down now to prevent problems from cascading throughout the remaining transition?
First of all, most have suggested that you start with a steering committee or, depending on how large your environment is, at least a champion to take charge and oversee the implementation of the new standard.
That to me is challenge number one: Who are you going to put in charge of the project?
Obviously, at inception, whether that’s a single individual or a committee, you’ve got to come up to speed on understanding the technical issues required under the new standard. There have been seminars dedicated to this for at least the last four years. Some people have been slow to get on that educational trail, but that’s happening faster now.
Another challenge is looking at your current risk pools in your loan portfolio. It is likely that the current pools that you’re using are consistent with the data needed to file your call reports. I think you’re going to wind up revising those pools — or at least creating another set of pools for CECL.
Then you’ve obviously got the complexity of the reasonable-and-supportable forecast processes that you’re going to need to put in place, which includes identifying external economic data to support positions you take in CECL.
That’s a good transition to the recent update of a white paper that recommends appointing a CECL steering committee. What can the steering committee do to specifically address the challenges you just mentioned?
The first thing is they need to start early. I think in general we’ve seen a slowness relative to that. On the other hand, it’s one of those issues where if you can afford to not be a pioneer in this, then it is preferable to wait and see what others do.
If you’re an SEC registrant, you’re rapidly running out of time — you roughly have a year and a half as we sit here today.
So, start early. I would go back to getting educated on getting up to speed on the technical aspects. There are some softer ways to do that. Most institutions have a peer group that they meet with, or at least have conference calls on a periodic basis to help them with the ongoing increased complexity and compliance issues in the industry in general.
So, discuss with your peers what they’re doing and what they’re aware of that others are doing — what kind of successes and failures are they having?
Also, stay in contact with your financial auditor. They should be well up to speed on how they’re going to approach auditing and accounting under CECL.
Financial regulators are a source of information, but they’re probably not up to speed yet. They still have their hands full auditing the incurred-loss model. I’m sure they have teams within each regulatory agency that are staying abreast of this, but they will be one of the last ones to show their hand as to what their expectations are relative to that.
Automation via third party providers has been called crucial to handling intricacies of CECL. What are some of the advantages of going the software solution route and what are some of the disadvantages of trying to maintain manual processes like spreadsheets?
First of all, you’ve got to make sure that the entity from which you’re considering to purchase the software has appropriate qualifications and the right amount of expertise.
- They have an industry-specific concentration
- They’ve been in business for multiple years
- They have a series of current customers who can give references on their pleasure or displeasure with them
- They have a commitment to the industry itself, and the longer they’ve had that commitment, the better
You obviously want to be familiar with a system’s architecture, because the vendor will be suggesting to you that their system’s architecture has what you need to comply with CECL. Typically, someone like this is going to have implementation experience and expertise — which is going to help you shortcut some of the complexity challenges we’ve already talked about.
There are serious things you need to confirm. You want to understand how they protect confidentiality of data. You want to understand how they do information backup and record retention. Help desk support is extremely important.
Financial institutions have got to spend quite a bit of time qualifying and monitoring their core vendors — typically software vendors meet that definition.
What about the manual systems — like spreadsheets and such?
The manual systems are kind of the opposite of the software. A lot of times with manual systems inside institutions, you have one person who has expertise but you put yourself at risk when you have turnover and perhaps you lose the person who owned the spreadsheets. I was in public accounting and was a financial auditor for 36 years and that was a common risk.
A lot of times there are inefficiencies in internal systems — they require a lot more manual input versus integration with other software packages that automatically transfer information from one application to another.
As a financial auditor (and I would say the same with the regulatory examiners), if you have excessive internally generated software that you’re using — or spreadsheets — you’re going to have to expand some of your auditing procedures because of the concerns about consistency and error rates.
Also, it’s likely that manual systems are not going to be able to handle some of the complexities of CECL accounting, and therefore are not likely to be as popular of an alternative on an ongoing basis.
Any more thoughts on outsourcing for CECL?
One of popular sayings on outsourcing is, “You can outsource the service but not the responsibility for the service being done accurately as intended.” So, there’s got to be internal policy and procedure adjustments as you outsource. And you need robust ongoing monitoring of your critical vendors, which includes software vendors in particular because you have to the protect customer data.
Companies are being cautioned against having a siloed approach to data. What are some of the risks of data silos in the transition to CECL accounting?
The number one risk of silos is inaccurate information. Typically if you’ve got a silo, it’s controlled by one individual or department and focused strictly on their needs — which may not be the same as other departments that need access to that information.
You’ve also got a cost issue: If you’re running multiples silos of data, you’re duplicating certain costs and therefore risk relative to that data. If you got five different silos in a particular financial institution, you’ve probably got five sets of the procedures and policies they use relative to the completeness and accuracy of that data.
If a bank executive asked you, “What are two or three things I can do today to make sure I’m dealing with all these complexities properly,” what would you recommend?
The first thing is, everybody really needs to know who owns the process. Is it a single individual or is it at the committee level? Relative to that, where are they in their process? What kind of conclusions have they reached? What kind of decisions have they actually made?
At this stage of the game — particularly for SEC registrants — there should be updates on the progress of the CECL implementation group a minimum of every other week, if not on a weekly basis.
Second, I recommend ongoing education. What are your peers doing? Usually at the executive officer level, there’s quite a bit of interaction with peer banks. And what do your financial auditors have to say? What do your primary regulators have to say?
Some people have called CECL the most significant accounting change for financial institutions in their entire history. I’ve been saying 50 years, but I think we are both making the same point — you need to sweat the details.
What is or isn’t the quality of data we have? If we’re on the “isn’t” side, what are we doing to fix that? What kind of strategies are they using relative to their pooling decisions about various types of risks in their loan portfolio. What types of decision are they making relative to the computational methodology that they’re going to use?
The standard does not dictate a singular calculation methodology. What kind of decisions are we making on software — are we going to do this with the self-engineered software or are we going to purchase from the outside?
If we currently have software for the incurred-loss model, can that software be made CECL compliant? Are we meeting timelines?
As decisions get made and we actually start to run numbers, what range of numbers are being produced? What creates differences in those ranges? That starts to become a critical factor you probably need to pay closer attention to.
Lastly, there’s overall governance direction — not only over the implementation of CECL, but also the ongoing monitoring. This methodology is going to require quite a bit more ongoing monitoring and adjusting to circumstances specific to your bank and specific to the economy that your bank or financial institution operates in.
How would you respond to financial institutions that are saying things like “well, we just don’t have the data for these CECL projections?”
As advisors and auditors, we do get pushback that “we don’t have that information” or that “well, we’ll just have to wing it.”
People have had plenty of warning about the change. And there is always peer information available. You might need to go back to manual documents and microfiche and you might need to extract the data — which would be a time-consuming, expensive process. You’re going to have to come up with the data, whether it’s peer data or something you get from some data mining you’ve done.
Suggesting you can’t comply with the standard because of a lack of data is not going to fly.