First lookA practical guide to the Federal Reserve’s newly announced enhanced prudential standards

Perspectives on financial reform Issue 3

Produced by the Deloitte Center for Financial Services

First look A practical guide to the Federal Reserve’s newly announced enhanced prudential standards i

1 Foreword

2 Capital requirements and debt-to-equity limit

4 Liquidity requirements

6 Single-counterparty credit limit requirements

8 Risk management requirements

10 Stress testing requirements

12 Early remediation requirements

14 What’s next?

Foreword

Faced with the prospect of combing through 173 pages of new, enhanced prudential standards and early remediation requirements recently announced by the Federal Reserve, you may find yourself wondering what’s really important to your business today. In this document, we’ve attempted to streamline that process for you, dissecting each section to identify and explain what we believe are the most significant rules and some of their implications.

Overall, we believe that the new enhanced proposed standards represent a codification of the changes that the Federal Reserve has been pursuing through guidance and other means as a preventive measure to help avoid another financial crisis. Much of the guidance that the Federal Reserve has made over the past few years is now on its way to becoming law. And that will rightly bring a new level of scrutiny to how large and midsize U.S. banks, foreign banks with large U.S. operations, and certain nonbank entities, such as insurance companies and hedge funds, bring themselves into compliance.

While different financial organizations will likely be affected by these rules in different ways, one thing is certain: These proposed rules mark a new era in financial regulation, based on lessons learned over the course of the past few years. These rules will likely become law soon. Consequently, leaders at financial organizations should become well versed in them. That’s the spirit in which this document was created—not as a replacement for thorough review of the rules themselves, but as a primer for understanding them.

Bob Contri Kevin McGovernVice Chairman U.S. Managing PartnerU.S. Financial Services Leader Governance, Regulatory & Risk StrategiesDeloitte LLP Deloitte & Touche LLP

First look A practical guide to the Federal Reserve’s newly announced enhanced prudential standards 1

Highlighted rulesEnhanced risk-based capital and leverage requirements •Allcoveredcompaniestoholdcapitalcommensurate

with the Federal Reserve’s rules relating to capital plans, stress tests, and the Capital Plans Final Rule, including requirements to:

– Submit a board-approved annual capital plan that demonstrates the ability to maintain minimum risk-based capital ratios under both baseline and stressed conditions over a minimum nine-quarter, forward-looking planning horizon.

– Hold tier 1 common capital ratio of at least 5 percent over the same planning horizon.

– Meet capital plan requirements prior to making any capital distributions.

•Newrequirementsfornonbankfinancialcompanies: –Nonbankfinancialcompanieswouldalsobe

required to comply with the Federal Reserve’s current risk-based capital standards that apply to bank holding companies, including quarterly reporting of risk-based capital and leverage ratios.

Debt-to-equity limitations •Designatedcompanieswouldberequiredtomeeta

debt-to-equity ratio of no more than 15-to-1 “total liabilities” to “total equity” ratio.

Capital requirements and debt-to-equity limit

2

1 A nonbank financial company is subject to enhanced supervision if material financial distress at the company, or its nature, scope, size, scale, concentration, interconnectedness—or mix of these activities—potentially poses a threat to the financial stability of the U.S. economy. This concept is known as systemically important. As of this writing, the FSOC has not yet designated any nonbank financial company as a systemically important financial institution (SIFI).

2 In line with recently issued framework by the BCBS.

The proposed set of capital rules is the initial step towards more stringency, intended to put pressure on institutions to increase capital and maintain a higher level of capital quality so that they may be better prepared to absorb potential losses. The proposed capital ratios and annual capital plan requirements necessitate that financial companies establish forward-looking capabilities in their capital adequacy planning and receive annual capital-plan approval from the Federal Reserve— a condition for making capital distributions. This applies not only to bank holding companies with $50 billion or more in assets based on the average of the four most recent regulatory report filings with the Federal Reserve, but also to other nonbank financial companies1 that the Financial Stability Oversight Council (FSOC) deems systemically important.

The next set of capital rules, due to be released in the coming months, is expected to include a quantitative risk-based capital surcharge for covered companies, or a subset of covered companies, based on Basel III guidance issued by the Basel Committee for Banking Supervision (BCBS) for the most globally active and interconnected banking companies. Basel III introduces incremental capital requirements in the form of capital conservation and countercyclical buffers, while also raising minimum capital requirements. We can expect to see additional capital thresholds added to global systemically important banks (G-SIBs2) in line with Basel III guidance, to be phased in between 2016 and 2019.

In addition to the capital rules, a 15-to-1 debt-to-equity ratio limit is applied to some companies that the FSOC thinks may pose a threat to the financial stability of the U.S., and is designed to help address the systemic risk created by these entities.

Here’s a closer look.

Capital requirements and debt-to-equity limit

Possible implicationsInstitutions affected by the new requirementsThe proposed rules for risk-based capital requirements apply to: 1) any bank holding company (other than a foreign banking organization, for which the rules are delayed until 2015) with $50 billion or more in total consolidated assets based on the average of the four most recent regulatory report filings, FR Y-9C, with the Federal Reserve; and 2) nonbank financial companies that are predominantly engaged in financial activities, as designated by the FSOC.

For the debt-to-equity ratio requirements, covered companies are those identified by the FSOC that pose a grave threat to the financial stability of the U.S., and where the debt-to-equity ratio can mitigate systemic risks.

Potential implications of risk-based capital requirements•Capitalplanningwilllikelybecomeamorecentral

activity to demonstrate to regulators the ability to maintain sufficient capital and continue to serve as a credit intermediary, especially among larger, interconnected, and complex companies that the FSOC may deem systemically important. As part of this effort, companies will likely need to restructure internally and make available on a regular basis an increasing amount of qualitative and quantitative information to regulators and the market.

•Abroadersetofcompaniesarelikelytofacegreaterpressure to raise capital, divest noncore businesses, and hold a better quality of capital due to the proposed minimum leverage ratio of 4 percent, tier 1 common capital ratio of 5 percent, and expected supplementary capital surcharge for G-SIBs.

•ManylargeU.S.bankholdingcompanieshavealreadyincreased their capital levels in anticipation of these rules.Nonbankfinancialcompaniesthatdon’tmeetthe new ratios are likely to face a steeper climb to raise sufficient capital, with the added regulatory burden of complying with the Federal Reserve’s existing risk-based capital and leverage standards.

•Theabilitytomakecapitaldistributionsnowdependsonreceiving the Federal Reserve’s approval of the annual capital plan rule—and in certain cases prior approval may be necessary before making capital distributions.

•Tosupportcapitalplanningprocesses,companieswillprobably have to establish new organizational structures to support a board-approved capital plan.

•Fornonbankfinancialcompanies,itwilllikelytakeaconsiderable amount of effort to organize and establish an infrastructure that complies with the proposed and existing risk-based capital rules.

•Nonbankfinancialcompaniesarelikelytofacedatachallenges resulting from quarterly calculation and reporting requirements, including the need to source and categorize data according to Federal Reserve definitions.

Potential implications of debt-to-equity ratio requirements•Companieswillneedtomonitortheirdebt-to-equity

ratio and take appropriate steps to develop contingency plans for meeting compliance with the 15-to-1 debt-to-equity ratio requirement, especially systemically important and highly leveraged companies.

•Systemicallyimportantandhighlyleveragedcompanieswill need to factor in the debt-to-equity ratio constraint for their future capital funding activities.

First look A practical guide to the Federal Reserve’s newly announced enhanced prudential standards 3

It’s official: Regulators are raising the profile of liquidity risk management and the role of boards for large banks and publicly traded holding companies (other than foreign bank holding companies). The proposed guidelines build on recent enforcement actions and other insights gleaned from the experiences of the past few years that emphasize the central importance of the board being more engaged in liquidity risk management and oversight.

Here’s a closer look.

4

Liquidity requirements

Highlighted rules•Theboardwouldberequiredtoestablishthecovered

company’s liquidity risk tolerance at least annually. Further, a covered company’s board is required to review information provided by senior management at least semi-annually to determine whether liquidity risk is being managed within accepted tolerances. Finally, the board would review and approve the contingency funding plan at least annually, along with any material revisions.

•Ariskcommitteeordelegatecommitteewouldberequired to conduct the following activities quarterly: a review of cash flow projections to determine that the company’s liquidity risk is within established parameters; a review and approval of liquidity stress testing methodology; and a review of stress testing results, liquidity risk limits, liquidity risk management, and approval of the size and composition of any liquidity buffer. Further, the committee would be required to review and approve significant new business lines or products from a liquidity risk perspective.

•Thecoveredcompanywouldberequiredtoestablishand maintain an independent review function to evaluate its liquidity risk management. The review would be conducted at least annually to evaluate the adequacy and effectiveness of liquidity risk management processes, as well as compliance with regulatory requirements, and report statutory and regulatory noncompliance and other material issues in writing to the board for corrective action.

•Extensiveprojectionsofacoveredcompany’scashflows will likely be a critical tool for managing liquidity risk. Projections must include cash flows arising from contractual maturities, cash flows from new business, funding renewals, customer options, and other potential events that may impact liquidity.

•Theproposedrulewouldrequirethecoveredcompanyto regularly stress test its cash flow projections by identifying liquidity stress scenarios and assessing the effects on the covered company’s cash flow and liquidity. Stress testing would cover exposures, activities, and risks both on and off the balance sheet.

•Theproposedrulewouldrequireacoveredcompanyto establish and maintain a contingency funding plan (CFP). Under the proposed rule, the CFP would be commensurate with the covered company’s capital structure, risk profile, complexity, activities, size, and other applicable risk-related factors, including liquidity risk tolerance. Under the proposed rule, the CFP includes four components: 1) a quantitative assessment, 2) an event management process, 3) monitoring requirements, and 4) testing requirements.

•Theproposedrulewouldrequireacoveredcompanyto monitor liquidity risk related to collateral positions (encumbered/unencumbered), liquidity risks across the enterprise, and intraday liquidity positions.

•Consistentwiththeefforttodevelopacomprehensiveliquidity framework, the proposed rule requires a covered company to continuously maintain a liquidity buffer of unencumbered, highly liquid assets sufficient to meet projected net cash outflows and projected loss or impairment of existing funding sources for 30 days.

Possible implicationsThese proposed rules affect domestic, publicly traded covered companies and bank holding companies with more than $10 billion in assets. There are enhanced standards for banks and bank holding companies with more than $50 billion in assets. Guidance for foreign bank holding companies is expected to follow. Organizations may expect the liquidity requirements to significantly impact their structure, process, technology, and even talent.

•Thebiggestimpactwilllikelybeonthegovernanceofthe organization, with boards assuming responsibility for liquidity risk. That is likely to be a big change for many organizations as liquidity risk management is typically not the domain of the board or risk committee.

•Seniormanagementwilllikelyberequiredtomakedifficult decisions to bring the company into compliance with these requirements. Decisions regarding new business opportunities, compliance-related costs, strategy, liquidity positions, and stress testing may be on the way.

•Processesandtechnologymaybesignificantlyimpactedby the new requirements. Sufficient monitoring capabilities may require new investments and reengineered processes and reporting architectures in areas such as intraday reporting, daily reporting, and ad hoc stress testing, to name a few. Data quality is also likely to be an issue for many organizations.

•Adheringtothenewproposedliquidityrequirementsmay require a different talent mix. At many financial organizations, existing talent is already stretched thin, forcing leaders to consider whether they can afford to hire the right additional support staff or if they need to continue to lean on current talent resources.

Liquidity requirements

First look A practical guide to the Federal Reserve’s newly announced enhanced prudential standards 5

The proposed rules for single-counterparty credit limit requirements introduce a range of new issues and concerns for banking organizations. For starters, concentration risk has taken on new importance. Banking organizations will be required to have enterprise-wide processes in place to identify, measure, monitor, and control concentrated risk exposures at both the legal entity and enterprise levels. Banks likely will have to account for collateral concentrations in their risk analyses, including both risk concentrations with a single counterparty and those associated with portfolios of counterparties.

Under the proposed rules, credit limits would be mitigated in a number of ways, including collateral, netting, guarantees, and credit derivative hedges. The proposed rules describe the types of collateral, guarantees, and derivative hedges that are eligible under them, providing valuation rules for each that reflect credit risk mitigants.

It’s also worth noting that the proposal would establish a general limit prohibiting covered companies from having an aggregate net credit exposure to any single unaffiliated counterparty in excess of 25 percent of the company’s regulatory capital. It would also establish a more stringent net credit exposure limit between a major covered company and any major counterparty. A major covered company would be defined as any bank holding company with total consolidated assets of $500 billion or more. Major counterparties are defined as any major covered company, as well as any foreign banking organization that is treated as a bank holding company, with total consolidated assets of $500 billion or more.

Here’s a closer look.

Highlighted rules•Theproposaldirectstheestablishmentofsingle-

counterparty credit concentration limits for covered companies in order to limit the risks that the failure of any individual company could pose to a covered company, such as direct exposure to certain types of transactions, exceeding risk tolerances, or not being aware of deterioration of the counterparty.

•Inthenoticeforproposedrulemaking,theFederalReservehas prescribed regulations that prohibit covered companies from having an aggregated net credit exposure to any unaffiliated company that exceeds 25 percent of the regulatory capital of the covered company.

•Aggregatednetexposureisdefinedintheproposedrule to be a measure that recognizes certain credit risk mitigants, including netting agreements for certain types of transactions, some forms of collateral with a haircut, and guarantees and other forms of credit protection.

•TheFederalReservealsohasauthoritytolowerthe 25 percent threshold, if necessary, to mitigate the risks to the financial stability of the U.S.

•Creditexposureisdefinedinsection165(e)oftheDodd-Frank Act to mean all extensions of credit to the company, including loans, lines of credit, all repurchase agreements, reverse repurchase agreements, securities borrowing, and lending transactions with the company. Exposuretospecialpurposevehiclesandmoneymarketmutual funds is not required at this time, but may need to be monitored.

•Theproposedrulewouldalsoestablishamorestringentnet credit exposure limit between a major covered company and any major counterparty. This limit would be 10 percent of the regulatory capital of the major covered company and apply to the aggregate net credit exposure between the covered company and the counterparty, or between major covered companies and major counterparties.

•Theproposalincludessovereignentitiesinthedefinitionof counterparty because credit exposures of a covered company to such governmental entities create risks to the covered company similar to those created by large exposures to other types of entities.

6

Single-counterparty credit limit requirements

Possible implicationsThe proposed rules regulating single-counterparty credit limits apply to all bank holding companies with assets of $50 billion or more, as well as nonbank financial companies designated as systemically important by the FSOC.

•Theproposedrulesuggeststhatamorestringentsingle-counterparty credit limit be applied to the largest covered companies. This would require banking organizations to have appropriate systems, tools, and reports to adequately capture, monitor, and report exposure and limits to individual counterparties.

•Becausethesingle-counterpartycreditlimitsalsoapplytosovereign entities, there will likely be a need to calculate, monitor, and manage exposure to the sovereign entities to which a company is directly exposed. That means it will likely be important to understand the number, size, and type of trades with each sovereign counterparty. There may be more information forthcoming on how to treat sovereign entities.

•Theproposedrulecontainstwoseparatelimits.Thegeneral limit provides that no covered company may have aggregate net credit exposure to any unaffiliated counterparty that exceeds 25 percent of the regulatory capital of the covered company. There is also a second, more stringent, limit for aggregate net credit exposure between major covered companies and major counterparties.Nomajorcoveredcompanymayhaveaggregate net credit exposure to any unaffiliated major counterparty that exceeds 10 percent of the regulatory capital of the major covered company, which may call for more granular reporting, data, and metrics and put additional strain on counterparty credit risk systems and data governance processes.

•Itremainstobeseenwhethertheproposedrulewill,in the end, impose the more conservative limits it suggests now for covered companies with a larger systemic footprint. Size may not be the only factor for determining the systemic footprint of a company. For instance, scope, scale, nature, concentration, marketplace connections, leverage, and off-balance-sheet exposures are factors that may be considered in this determination.

•Becausetheproposedrulerequirescreditexposuretobecalculated on an aggregated net basis, a bank holding company may want to monitor limits through gross credit exposure as well as net. Today, not all companies manage limits using both of these measures.

Single-counterparty credit limit requirements

First look A practical guide to the Federal Reserve’s newly announced enhanced prudential standards 7

Highlighted rulesFor covered companies and public bank holding companies with more than $10 billion in assets:•AcompanyisrequiredtohaveanRCwithatleastone

independent director, who is the chair, and at least one risk management expert.

•TheFederalReserveexpectsthatallRCmembershaveanunderstanding of risk management practices and policies. Regulators expect these members to have experience in developing and applying risk management practices and procedures, measuring and identifying risks, and monitoring and testing risk controls with respect to banking organizations or nonbank financial companies.

•Acompanymustalsohaveanenterprise-wideriskmanagement framework including:

– Risk limitations appropriate to each business line of the company.

– Appropriate policies and procedures relating to risk management governance, risk management practices, and risk control infrastructure for the enterprise as a whole.

– Processes and systems for identifying and reporting risks and risk-management deficiencies, including emerging risks, on an enterprise-wide basis.

– Monitoring compliance with the company’s risk limit structure and policies and procedures relating to risk management governance, practices, and risk controls across the enterprise.

–Effectiveandtimelyimplementationofcorrectiveactions to address risk management deficiencies.

– Specification of management and employees’ authority and independence to carry out risk management responsibilities.

– Integration of risk management and control objectives in management goals and the company’s compensation structure.

•Companieswillberequiredtohaveawritten,documented RC charter that is approved by the board, specifying the committee’s responsibilities for oversight of enterprise-wide risk management practices, its composition, and qualifications requirements.

8

Risk management requirements

The proposed rules offer new risk governance requirements, including the establishment of a risk committee of the board and related responsibilities. But that’s not all. Additional requirements reflect the view that boards should be more engaged and involved in risk management and oversight.

Systemically important financial institutions (SIFIs) and bank holding companies with more than $50 billion in assets (collectively, covered companies) and publicly traded bank holding companies with more than $10 billion in assets must establish a “risk committee of the board” (RC) that will be responsible for overseeing enterprise-wide risk management practices and follow certain procedural responsibilities. For covered companies, an RC must be a free-standing committee that reports directly to the board of directors. The RC should be supported by a formal, written charter approved by the board, articulating its responsibilities, composition, and member qualification requirements. It is required to include at least one independent director, who will be the chair, and at least one risk management expert. The Federal Reserve indicated that it expects all members of the RC to have an understanding of risk management principles and practices commensurate with the business and risk profile of the company.

Under the proposed rules, the RC will have specific responsibilities that include, but are not limited to, oversight and approval of the enterprise-wide risk management framework commensurate with the complexity of the company. They include:•Businesslinerisklimits;•Appropriategovernance,policies,andpracticesforcontrollingandmonitoringnewandemergingrisksandreporting

deficiencies in risk management; •Overseeingcompliancewiththeestablishedriskmanagementpolicies,controls,andpractices;•Effectiveremediationofanynoncompliance;•Specifyingthereportinglinestoprovideindependenceoftheriskmanagementfunction;and•Integrationofriskmanagementobjectivesintothecompensationstructure.

Here’s a closer look.

•RCmeetingsarerequiredtooccurregularly.

•TheRCisrequiredtofullydocumentandmaintainrecords of proceedings and risk management decisions.

For U.S. bank holding companies with more than $50 billion in assets and non-bank financial companies designated as systemically important:•Coveredcompanieswillberequiredtocomply

with several enhanced risk management standards proportionate to their importance to the financial markets. They will be required to appoint a chief risk officer (CRO), who should have adequate expertise and be sufficiently independent. This CRO should have a high position within an organization to establish independence and also report directly to the RC and chiefexecutiveofficer(CEO).

•TheroleoftheCROwillberequiredtobeclearlydefined. At minimum, the CRO’s role should include: implementing appropriate enterprise-wide risk management practices; directly overseeing the allocation of risk limits; monitoring compliance with risk limits; establishing policies and processes to identify, assess, monitor, address, and report both existing and emerging risks; managing and testing risk controls; and confirming that they are effectively resolved in a timely manner.

•TheCROwillberequiredtohaveappropriateexpertisegiven the organization’s capital structure, risk profile, complexity, activities, and size; appropriate stature within the organization; and a direct reporting line both totheRCandCEO.

•TheRCmustbeafree-standingcommittee,reportdirectly to the board, and receive and review regular reporting from the CRO.

Possible implications•Theproposedrulesforenhancedriskmanagement

will affect companies at both the board and executive management levels as they relate to broad risk governance issues in certain areas, such as risk committee composition and procedural requirements and requirements related to the establishment, expertise, and reporting lines of the CRO.

•IfcompaniesalreadyhaveanRCandaCRO,theyshould consider assessing the qualifications, stature, and positioning of the CRO and the risk management function. The proposed rules require that the CRO has appropriate qualifications, reports directly to the RCandCEO,andhasasufficientlyhighstatureintheorganization to be adequately independent.

•Afar-reachingimpactofthenewrulesistherequirement to implement an enterprise-wide risk management framework. The proposed rules will likely have a much wider and deeper impact on those that do not currently have such a framework, including the corporate and business unit risk management functions and the business units themselves. In this case, the CRO and the risk management function should consider driving the design, development, and implementation of the risk management framework. The individual business units will have to comply with the risk limit allocation rules established by the CRO and the risk management function.

•Companiesmayneedtore-evaluatetheirmanagement’scompensation structures in order to keep those arrangements in line with any changes resulting from the implementation of the proposed rules.

•Acompany’sdataavailabilityandsysteminfrastructurewill likely need to be upgraded to meet the demands of an enterprise-wide and integrated risk analysis and automated risk limit compliance monitoring.

•Somecompaniesandboardsmaysupplementtheirrisk management framework self-assessments with an independent assessment by a qualified third party to provide a level of objectivity and in-depth knowledge that can be difficult to obtain in a pure self-assessment.Externalpartiescanbeparticularlyusefulinbenchmarking management’s practices against those of the industry, and in updating the board and the RC on current practices as well as recent regulatory moves and other developments.

Risk management requirements

First look A practical guide to the Federal Reserve’s newly announced enhanced prudential standards 9

The proposed stress testing rules are intended to augment the Federal Reserve’s increased monitoring of companies that began with the Supervisory Capital Assessment Program (SCAP) and the Comprehensive Capital Analysis and Review (CCAR) activities. Stress tests are designed to examine the adequacy of a company’s capital and liquidity positions under three distinct scenarios—baseline, adverse, and extremely adverse. These scenarios are supposed to determine a company’s ability to remain viable under various economic conditions.

EachyearU.S.bankholdingcompanieswithtotalconsolidatedassetsofmorethan$10billionandcertainnonbankfinancial companies must provide their capital plan and stress testing information as of September 30 to the Federal Reserve by January 5 of the following year. The Federal Reserve will evaluate the submissions to determine if a company’s current and projected capital and liquidity positions are sufficient to support operations and planned actions such as mergers, acquisitions, changes in level and composition of debt and equity, or related dividends.

Here’s a closer look.

Highlighted rulesThe proposed rules apply to any bank holding company, savings and loan company, or state member bank with more than $10 billion in total consolidated assets, which is regulated by a primary federal financial regulatory agency. However, foreign banks with large U.S. operations and $50 billion or more in global consolidated assets are not subject to the proposed regulations at this time. The Federal Reserve will issue separate rules for them at a later date.

•Theproposedstresstestingprocessinvolvesapplyingthree Federal Reserve scenarios—baseline, adverse, and severely adverse.

•Theproposedstresstestingrequirementsapplytocapital and liquidity planning activities as part of the capital and contingency funding plans.

•Stresstestresultsandcompilationofthecapitalandcontingency funding plans must be submitted to the Federal Reserve by January 5 annually.

•TheFederalReservelikelywillevaluateacompany’scapital plan, contingency funding plan, and stress testing information. From there, it may object to the capital plan, contingency funding plan, and any proposed capital or business actions.

•TheFederalReservewillpublishtheresultsof its assessment of the capital plan and stress testing submissions.

10

Stress testing requirements

Possible implications•Thelevelofeffortrequiredtofulfilltherequirements

of the standards could be significant and, as a result, companies should consider dedicating specific resources to perform the proposed stress tests. These employees should understand their company’s business model and specific activities, the core concepts of stress testing, and the capital and liquidity implications of stress testing.

•Theproposedstresstestingprocessisdesignedtoprovide information on a company’s capital and liquidity adequacy. Stress testing cannot be conducted in isolation nor can it be viewed as a segmented process. Consideration should be given to including it as a part of a periodic management process to evaluate a company’s capital and liquidity position.

•Theproposedrulesrequireadditionalregulatoryreports,including the FR Y-14A, filed annually, and FR Y-14C, filed on a quarterly basis. For these additional reporting requirements, combined with submission of capital and contingency funding plans and the FR Y-9C, companies should assess their current personnel and systems to support these additional activities. These reports provide information on the stress testing scenarios, including the variables used in the stress tests along with its results.

•Companiesshouldevaluatetheirinformationtechnologyand data management systems to determine whether they can support stress tests, the required information compilation for the capital and contingency funding plans, and regulatory reporting mandates. Part of this evaluation is determining how accurate the data is and identifying potential differences in credit and accounting reporting requirements.

•Theproposedrulesincorporateacapitalplan,contingencyfunding plan, and stress testing elements that will likely require the development of processes, policies, and procedures to facilitate the timely completion of these requirements. In addition, the elements may require significant data and personnel resources to support the new reporting. Companies should consider the amount of resources required to support this effort, particularly given the short reporting timetables.

•Theproposedstresstestingprocessmayrequirecooperation among employees from various business units and departments, who will likely be expected to commit a significant amount of their time to support the process, capital, and contingency funding plans. Notonlyshouldtheybebriefedonstandards,scenarios,and requirements, but they should also be aware of how regulatory reporting, stress testing, and capital and contingency funding planning are connected.

•Companiesshoulddeveloppolicies,procedures,andprocesses regarding governance and control. They should consider integrating a project management process to help fulfill submission requirements in a timely manner. The areas of focus may include: performance of stress testing; regulatory reporting, including FR Y-9C, FR Y-14A, and FR Y-14C, which will be a source of historical information; liquidity, capital planning, and management; and data validation for the integrity and accuracy of information used in the stress testing process and incorporated in the capital and contingency funding plans.

Stress testing requirements

First look A practical guide to the Federal Reserve’s newly announced enhanced prudential standards 11

Highlighted rulesThe proposed rules create a framework with four levels of remediation requirements and several triggers, in areas such as capital ratios and liquidity, that measure financial stability. This framework is designed to identify potential or emerging issues before problems become significant within a company. The four levels are:• Heightened supervisory review (Level 1). The Federal

Reserve conducts a targeted review of the covered company to determine if it should be moved to the next level of remediation.

• Initial remediation (Level 2). A covered company is subject to restrictions on growth and capital distributions.

•Recovery (Level 3). Covered companies are subject to restrictions on growth and capital distributions, limits on executive compensation, requirements to raise additional capital, and other demands on a case-by-case basis.

• Recommended resolution (Level 4). The Federal Reserve considers whether to make a recommendation to the Treasury Department and the Federal Deposit Insurance Corporation that the organization be resolved under the orderly liquidation authority provided in Title II of the Dodd-Frank Act.

12

Early remediation requirements

The proposed early remediation rules impose a set of standards upon bank holding companies with $50 billion or more in assets and nonbank financial companies deemed systemically important to promptly address financial weaknesses. It’s essentially an early-warning system to flag those companies that might be under financial stress, so that any problems may be eased before they grow larger. Under the proposed rules, both the Federal Reserve and covered companies have particular duties, obligations, and actions to perform if certain events or financial thresholds are triggered.

The framework increases the number of triggering events that should be considered. For example, capital distributions may have been limited or restricted in the past based on a bank’s risk-based capital ratios. The proposed rules give the Federal Reserve the authority to restrict capital distributions for the consolidated company based on regulatory capital ratios, liquidity measures, and measures of financial condition. It also takes into consideration qualitative factors such as supervisory stress testing, market indicators, and weaknesses in enterprise-wide risk management and liquidity risk management. It’s worth noting that the market indicator category provides a third-party assessment of the covered company’s financial condition, which is new to the Federal Reserve.

The proposed rules are also very clear about the corrective actions that the Federal Reserve will take after an event is triggered—actions that are more restrictive than in the past. For example, restrictions on growth and capital distributions would occur once a covered company’s capital levels fell below the “well capitalized” threshold. In contrast, similar actions do not occur under the PCA (prompt corrective action) regime until a depository institution falls below the “adequately capitalized” level.

Here’s a closer look.

Possible implications•Coveredcompaniesshoulddevelopanunderstanding

of the triggers that signal certain weaknesses. They should also consider that the actions the Federal Reserve is required to take are prescribed in law—it is not discretionary. Companies will likely need a technology and reporting infrastructure to comply with the proposed rules and help the board and company management monitor criteria that signal whether a company has “tripped” an early remediation trigger or is on the path to set one off.

•Theboardandmanagementshouldconsiderthedifferences between the quantitative and qualitative triggers. Qualitative triggers focus on how well a company executes its processes in areas such as capital planning, liquidity, or risk management. Companies will likely need to actively monitor these triggers by performing risk management or liquidity management assessments. Quantitative triggers may limit distributions and growth opportunities.

•Companiesmayneedtodevelopadditionaltechnology,reporting, and processes to meet the requirements described in the proposed rule. However, many of these requirements could be met through compliance with the other enhanced prudential supervision rules.

•IftheFederalReservedeterminesthatacoveredcompany requires Level 2 supervision or higher, the company may face restrictions on growth and capital distributions. Level 3 supervision may warrant the removal of some management executives.

Early remediation requirements

First look A practical guide to the Federal Reserve’s newly announced enhanced prudential standards 13

14

This is proposed law.In many instances, what the Federal Reserve previously outlined as guidance is now proposed as law. When the rules are finalized they will be implemented as law, and violations can come with steep civil money penalties. Some of these new provisions also carry a daily compliance requirement, which will likely require an enhanced compliance framework to avoid violations.

Compliance depends on when these rules are finalized.The Federal Reserve said it would give industry until March 31, 2012, to comment on the new rules. As determined by the Dodd-Frank Act, industry is required to comply with the rules on the first day of the fifth quarter after they are finalized. So the (approximately) one-year compliance clock will begin ticking after the rules are finalized, although a precise date for finalization has not yet been identified.

What’s next?

The Federal Reserve is seeking feedback on the proposed rules from bank holding companies and nonbank financial companies regarding how the potential application of these proposed rules will affect them. There is a 90-day period to answer embedded questions. The Federal Reserve has also indicated that it will release rules on foreign banks with U.S. operations at a later, unspecified date. Here are two considerations for companies determining next steps.

Contacts

Bob ContriVice ChairmanU.S. Financial Services Leader Deloitte LLP+1 212 436 2043bcontri@deloitte.com

Kevin McGovernU.S. Managing PartnerGovernance, Regulatory & Risk StrategiesDeloitte & Touche LLP+1 617 437 2371kmcgovern@deloitte.com

CapitalBala BalachanderDirectorDeloitte & Touche LLP+1 212 436 5340lbalachander@deloitte.com

Alok SinhaPrincipalDeloitte & Touche LLP+1 415 783 5203asinha@deloitte.com

LiquidityRobert MaxantPartnerDeloitte & Touche LLP+1 212 436 7046rmaxant@deloitte.com

Single-counterparty exposure and stress testingSabeth SiddiqueDirectorDeloitte & Touche LLP+1 202 378 5289ssiddique@deloitte.com

Risk managementScott BaretPartnerDeloitte & Touche LLP+1 212 436 5456sbaret@deloitte.com

Ed HidaPartnerDeloitte & Touche LLP+1 212 436 4854ehida@deloitte.com

RemediationDeborah BaileyDirectorDeloitte & Touche LLP+1 212 436 4279dbailey@deloitte.com

Insights. Research. Connections.

HeadquarteredinNewYorkCity,theDeloitteCenterforFinancialServicesprovidesinsightandresearch to help improve the business performance of banks, private equity, hedge funds, mutual funds, insurance, and real estate organizations operating globally. The Center helps financial institutions understand and address emerging opportunities in risk and information technology, regulatory compliance, growth, and cost management.

To learn more about the Center, its projects and events, please visit us at www.deloitte.com/us/cfs.

About DeloitteAs used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

This document contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this document, rendering business, financial, investment, or other professional advice or services. This document is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this presentation.

Copyright © 2011 Deloitte Development LLC. All rights reserved.Member of Deloitte Touche Tohmatsu Limited