CECL: Banking agencies offer regulatory capital relief
The federal bank regulatory agencies recently finalized a rule that offers banks relief from the regulatory capital impact of the new Current Expected Credit Loss (CECL) standard. CECL discards the traditional incurred-loss model for recognizing credit losses in favor of a forward-looking approach. That is, banks will recognize an immediate allowance for all expected losses over the life of loans and other financial assets covered by the standard.
For some banks, adoption of CECL will negatively affect regulatory capital. Although the actual impact depends on a bank’s particular circumstances, many banks will experience an increase in allowance levels and a reduction in the retained earnings component of equity. This combination will lower their common equity tier 1 capital.
The final rule gives banks the option to phase in the day-one adverse regulatory capital effects of implementing CECL over a three-year period.
A BYOD policy protects banks
These days, the vast majority of your employees have smartphones. Use of these devices to send and receive work-related emails and other communications, and to access the bank’s files and other network resources, can boost productivity. But the ensuing security concerns have led some banks to prohibit employees from using their own devices for bank business. Although an outright ban can be hard to enforce, setting a bring-your-own-device (BYOD) policy enabling the bank to control these devices and manage the risk may be a better approach.
A BYOD policy should, among other things:
- Provide for management approval and registration of all mobile devices that will access the bank’s servers,
- Require employees to maintain up-to-date virus protection, authentication and encryption software on mobile devices,
- Require employees to use strong passwords and other security controls to access mobile devices and the bank’s servers,
- Specify what type of information can be stored on or transmitted by mobile devices,
- Allow the bank to remotely wipe a device clean if it’s lost or stolen, and
- Require employees to provide written consent to comply with the written security procedures before using the device for bank business.
Consider using mobile device management (MDM) software to manage employees’ devices and implement controls to protect the bank’s information.
Regulators approve lengthened examination cycle
On January 17, the federal bank regulatory agencies finalized a rule expanding the availability of an 18-month, on-site examination cycle for qualifying banks with less than $3 billion in total assets (up from $1 billion). The agencies reserved the right to impose more frequent examinations if deemed “necessary or appropriate.”