Financial Services Alert - May 22, 2012 May 22, 2012
In This Issue

Federal Banking Regulators Issue Final Guidance on Bank Stress Testing Framework for Large Banks

The FRB, FDIC and the OCC (collectively, the “Agencies”) released final guidance (the “Final Guidance”) on stress testing for banking organizations with more than $10 billion in assets.  The Final Guidance is substantially similar to the proposed version of the guidance circulated for comment by the Agencies in June 2011 (see the June 14, 2011 Financial Services Alert).  The Agencies state that the Final Guidance builds upon the Agencies’ previously issued supervisory guidance covering the uses and merits of stress testing in specific areas of risk management.  The Final Guidance clarifies particular aspects of the proposed version of this guidance based on the comments received by the Agencies and fully adopts the principles in the proposed version of the guidance with only “minor additional refinements.”  For example, the Agencies noted that the Final Guidance clarifies that portions of the guidance may not apply, or may apply differently, to foreign banking organizations with U.S. branches and emphasizes the importance of reverse stress testing.

The Agencies state that the Final Guidance does not implement the stress testing requirements required under the Dodd-Frank Act.  Rulemaking that will set forth stress test requirements imposed under the Dodd-Frank Act will be provided in the future by each of the Agencies.

The Final Guidance reiterates the four general principles to be applied by banks in implementing an effective stress testing framework and adds a fifth principle:

(1) An effective stress testing framework should have activities and exercises tailored to, and that sufficiently capture, the bank’s exposure, activities and risks;

(2) An effective stress testing framework should employ multiple conceptually sound stress testing activities;

(3) An effective stress testing framework should be forward-looking and flexible;

(4) Stress testing results should be clear, actionable, well supported and inform decision-making; and

(5) An effective stress testing framework should include strong governance and effective internal controls.

The Agencies provide clarification in the Final Guidance concerning the approaches and applications to be used in a bank’s stress testing framework, which may include: scenarios analysis, sensitivity analysis, enterprise-wide testing, and reverse stress testing.  The Final Guidance provides that the stress testing framework should be designed to address the adequacy of capital and liquidity.  In particular, the Agencies state, the framework should include an evaluation of the interaction between capital and liquidity and the potential for simultaneous impairment.

Finally, the Final Guidance elaborates on the fifth principle, strong internal governance and controls. According to the Final Guidance, strong governance and effective internal controls is key to an effective stress testing framework. Such internal controls and governance should include monitoring third party vendors for appropriate controls, and overseeing stress test development and implementation.  Further, the Final Guidance provides that a bank should “establish a comprehensive, integrated and effective stress testing framework that fits into the broader risk management of the banking organization.”  For example, senior management and the board should objectively review stress testing activities and results with a “critical eye” and the results should be taken into consideration for capital and liquidity adequacy planning.

Federal Banking Agencies Clarify Supervisory Expectations for Stress Testing by Community Banks

The FRB, FDIC and OCC (collectively, the “Agencies”) issued a Joint Statement (the “Statement”) providing guidance as to their supervisory expectations regarding stress testing by Community Banks, which they defined for purposes of the Statement as banks, savings associations, bank holding companies and savings and loan holding companies with $10 billion or less in total assets.  For a discussion of the Agencies’ final guidance with regard to stress testing at larger financial institutions please see the related article in this edition.  The Agencies declare in the Statement that Community Banks are not required to implement the types of stress testing required of larger organizations, but Community Banks are expected to consider and address potential adverse outcomes as part of their implementation of sound risk management practices.  In particular, the Agencies note in the Statement that Community Banks are expected to continue to meet the requirements of the Agencies’ existing risk management guidance on such issues as interest rate risk management, commercial real estate concentrations, and funding and liquidity risk management.

CFTC Proposes Further Extension of Implementation of Certain Swap Regulations

The CFTC issued a proposal that would amend, for the second time, its order delaying the effective date for certain regulations applicable to swaps that refer to terms that have not yet been defined by CFTC regulation.  The proposed second amendment would further delay the latest effective date to December 31, 2012 (or, depending on the nature of the relief, such other compliance date as may be determined by the Commission).  It also removes the entity definition terms (such as “swap dealer,” “major swap participant,” and “eligible contract participant”) from the original order, as such terms have now been defined by the CFTC and SEC.  Key terms still to be defined include “swap,” “security-based swap,” and “security-based swap agreement.”

The original order, which became effective on July 14, 2011, granted temporary exemptive relief from certain provisions of the Commodity Exchange Act (as amended by the Dodd-Frank Act) until the earlier of (1) the effective date of the rule further defining the relevant term referenced in the provision and (2) December 31, 2011.  The first amendment to that order delayed the potential latest effective date from December 31, 2011 to July 16, 2012.

The proposal was approved unanimously by the CFTC’s five commissioners.  Comments on the proposal are due by May 30, 2012.

Comptroller Curry Warns of Increased Operational Risk at Banks

Comptroller of the Currency Thomas J. Curry presented a speech at the Exchequer Club in Washington, D.C. in which he stated that the OCC is perceiving increased operational risk at national banks and that, for what may be the first time in many years, operational risk is eclipsing credit risk as a safety and soundness concern for banks.  Comptroller Curry stated that management of operational risk, which he defined as “the risk of loss due to failures of people, processes, systems and external events,” requires, among other things, that banks validate “the reports, assumptions and algorithms in their risk models,” and avoid relying on a single approach in risk models.  Comptroller Curry noted that a bank must make the necessary investments in systems and controls to allow the bank to effectively manage its risks and that banks should recognize that the controls adequate in today’s economic climate “may prove inadequate for tomorrow’s risks and threats.”  Comptroller Curry also stressed that banks must carefully monitor the risks associated with use of third party vendors in connection with the bank’s delivery of financial products.  Finally, Comptroller Curry discussed the operational and other risks to banks in meeting their anti-money laundering (“AML”) compliance responsibilities.  Among AML compliance deficiencies that the OCC has detected at community banks are violations related to ineffective account monitoring, inadequate tracking of high-risk customers, and failure to monitor effectively various forms of suspicious activity.  The Comptroller noted the difficulties that banks face in managing AML compliance operational risks because “the risks are constantly mutating, as criminal and terrorist elements alter their tactics to avoid detection…and move from one base of operations to another….”

OCIE Director Discusses Examination Approach and Highlights Compliance and Risk Management Issues for Newly-Registered Private Fund Advisers

The Director of the SEC’s Office of Compliance Inspections and Examinations, Carlo V. di Florio, spoke at the May 2012 Private Equity International Private Fund Compliance Forum. His speech examined issues relating to plans for OCIE’s National Exam Program (“NEP”) to conduct risk-based examinations of newly-registered private fund investment advisers. Mr. di Florio discussed various topics of interest to newly-registered advisers, including (1) NEP’s examination strategy, (2) compliance obligations, (3) conflicts of interest, (4) risk management and (5) the internal audit function. This articles provides an overview of Mr. di Florio’s remarks on those topics.

Examination Strategy.  Mr. di Florio discussed NEP’s preparation for the additional examination burdens associated with the arrival of investment advisers to private funds that were required to register with the SEC in light of changes to the investment adviser registration requirements made by the Dodd-Frank Act. He outlined “a three-fold strategy” involving an initial phase of industry outreach and education, in which NEP would share its expectations and perceptions of the highest-risk areas, followed by “coordinated examinations of a significant percentage of new registrants, focusing on highest risk areas of their business.” The plan would culminate in the publication of “a series of ‘after-action’ reports on the broad issues, risks and themes identified.”

Mr. di Florio outlined the following areas of likely inquiry in an NEP examination of a private equity fund adviser:

  • Tone at the Top - What is the overall attitude of management towards the examination process, its compliance obligations, and towards risk management generally, compared to its peers? Mr. di Florio emphasized that, as part of NEP’s exam process, the examination staff intends to engage in an active dialogue with senior management personnel in part to assess whether a firm’s chief compliance officer enjoys sufficient authority and support within the firm.
  • Product Line - Does the firm have a complicated set of diverse products? If so, how does the firm resolve inter-product conflicts, such as when products may invest in different parts of a portfolio company’s capital structure or compete with each other for deal allocation?
  • Fund Strategies and Portfolio Company Relationships - What strategies do the firm’s funds pursue? Do the funds control their portfolio companies or hold only minority positions? Do fund strategies entail investing with other firms or on their own? Do fund strategies make general sense? Are fund investments in easily understandable companies?
  • Stages of the Fund Life Cycle - Where are funds in their life cycle? For a fund approaching the end of its life, in the case of an adviser looking to raise additional capital, the focus will be on claims about a fund’s track record and valuation, while in the case of an adviser who is unlikely to raise additional capital, the focus may be on risks related to fees, expenses and liquidity. For a fund at the beginning of its life cycle, deal allocations between investment vehicles, or other types of possible favoritism may receive greater attention.
  • Compliance Program Elements - How sophisticated and reliable are a fund’s compliance processes? Is the valuation process robust, fair and transparent? Are there strong processes for compliance with the fund’s agreements and formation documents? Are compliance and other key risk management and back office functions sufficiently staffed? What is the quality of investor communications? What is the quality of processes to ensure conflict resolution in disputes with or among investors?
  • Disclosures - How clear are investor disclosures around ancillary fees (particularly those charged to portfolio companies), management fee offsets and allocation of expenses? Are the processes to ensure compliance with those disclosures robust?

Mr. di Florio observed that OCIE’s prior experience has been that private fund advisers were slightly more likely to have significant findings, be cited for a deficiency, or have findings referred to the SEC’s Enforcement Division than registered advisers without private fund clients. He speculated that this trend may have been, in part, attributable to the fact that many of the private fund advisers examined in the past, like many of the private fund advisers who registered following the enactment of the Dodd-Frank Act, might not have the same level of compliance systems and controls as advisers with longer experience as regulated entities.

Compliance Obligations. Mr. di Florio highlighted certain of the specific compliance obligations of registered advisers. First, he explained that the “compliance rule” (Rule 206(4)-7) under the Investment Advisers Act (the “IAA”) requires that registered investment advisers adopt and implement written policies and procedures, conduct an annual review of the adequacy of such policies and procedures and designate a chief compliance officer who is responsible for implementing the policies and procedures. He also discussed certain requirements as to maintaining books and records, updating Form ADV, maintaining a code of ethics and complying with the IAA’s advertising requirements. With respect to the “advertising rule” (Rule 206(4)-1 under the IAA), he explained that the “SEC staff has also indicated its view that, if you advertise performance data, the firm should disclose all material facts necessary to avoid any unwarranted inferences.” Mr. di Florio emphasized that “[a] firm should clearly disclose to clients the fees that it is earning in connection with managing investments as well as expense allocations between a firm and its client fund.” In this regard, he highlighted that a private fund adviser’s disclosure policies and procedures should include a provision addressing the allocation of fees and expenses.

Conflicts of Interest. Mr. di Florio discussed the importance of identifying and addressing any conflicts of interests and provided an approach for analyzing “conflicts in the context of the lifecycle of a private equity fund: The Fund-Raising Stage, the Investment Stage, the Management Stage and the Exit Stage.” He described the various circumstances and arrangements that may give rise to conflicts of interest at each stage, as follows:

  • Fund-Raising Stage: the use of third-party consultants such as placement agents, preferential terms in side-letters, and fund marketing, particularly where marketing materials make representations about returns on previous investments.
  • Investment Stage: acquisition of inside information, allocation of investment opportunities, and allocation of fees and expenses.

  • Management Stage: reporting to current or prospective investors on fund performance (in terms of the mention of successful portfolio companies relative to those that underperform). • Exit Stage: fund extensions, timing of liquidity events and valuation.

  • Mr. di Florio also discussed the importance of evaluating and managing any conflicts as a result of (1) a fund professional’s co-investment with firm clients and (2) a fund professional’s role at a fund portfolio company. He noted that while “there is nothing inherently wrong with either of these activities… [they] increase the risk of other conflicts that need to be managed.”

Mr. di Florio also cited a number of deficiencies related to conflicts of interest specifically identified by OCIE staff during recent examinations of private equity firms, as follows:

  • Allocation of expenses to its funds that should have been paid by the adviser; • Negotiating more favorable discounts on the adviser’s behalf than for its fund;
  • Favoritism to side-by-side funds and preferred separate accounts by shifting certain expenses to less favored funds;
  • Placing one or more of the funds into both the equity and debt of a company;
  • Failing to provide sufficiently robust disclosures regarding the ability of a portfolio company to hire a related party of the adviser to perform consulting or investment banking services;
  • Weak or nonexistent controls where the public and private sides of an adviser’s business hold meetings or telephone conversations regarding an issuer about which the private side has confidential information; and
  • Poor physical security during business hours over an adviser’s office space such that employees of unrelated financial firms that have offices in the same building could gain access to the adviser’s offices.

Risk Management. In addition to managing conflicts of interest, Mr. di Florio emphasized that firms should evaluate their risk management structures and processes by asking themselves the following types of questions:

  • Do the business units manage risks effectively at the fund levels in accordance with the tolerances and appetites set by the principals and by senior management of the organization?
  • Are the key control, compliance and risk management functions effectively integrated into the structure of the organization while still having the necessary independence, standing and authority to effectively identify, manage and mitigate risk?
  • Does the firm have an independent assurance process, whether through an internal audit department or a third party performing a comparable function by independently verifying the effectiveness of the firm’s compliance, control and risk management functions?
  • Do senior managers effectively exercise oversight of enterprise risk management?
  • Does the organization have the proper staffing and structure to adequately set its risk parameters, foster a culture of effective risk management, and oversee risk-based compensations systems and the risk profiles of the firm?

Mr. di Florio explained that another reason NEP engages with senior management in adviser examinations is to gauge the support and involvement of senior management in risk management. Mr. di Florio reviewed what he believes are the three critical lines of defense in an effective risk management program:

(1) The business is the first line of defense responsible for taking, managing and supervising risk effectively and in accordance with laws, regulations and the risk appetite set by the board and senior management.

(2) Key support functions, such as compliance and ethics or risk management, are the second line of defense, which need to have adequate resources, independence, standing and authority to implement effective programs and objectively monitor and escalate risk issues.

(3) Internal audit is the third line of defense, which provides independent verification and assurance that controls are in place and operating effectively.

Internal Audit Function. Mr. di Florio observed “that private equity firms have not traditionally had internal audit functions” and expressed hope that firms would further develop the internal audit function. Importantly, he added that “at firms that lack a robust internal audit function the NEP will place even greater weight on assurance that senior management and the firm’s principals are supporting each of the other two levels by reinforcing the tone at the top, driving a culture of compliance and ethics and ensuring effective implementation of risk management in key business processes, including strategic planning, capital allocation, performance management and compensation incentives.”