Revisiting the CECL Landscape: Key Considerations for Financial Institutions

As financial institutions continue to navigate the adoption of Current Expected Credit Losses (CECL), it’s important to address the challenges and adjustments that come with this transition.

2023, the year most financial institutions adopted CECL, has come and gone. It has been a pivotal period in the transition as institutions nationwide navigated the complexities of the Accounting Standards Update (ASU). Throughout our financial statement audits, we’ve observed various approaches to adopting the standard and identified several pitfalls that could undermine the intended benefits of CECL.

Issues related to internal controls, vendor due diligence, and documentation of policies, procedures, and qualitative factors have highlighted the complexities and unintended consequences of one of the most significant changes in financial reporting in recent history.

Strengthening Policies & Procedures for Compliance

Institutions should update their policies and procedures to reflect key changes that arose with the adoption of the ASU. Below are several critical areas institutions often overlook:

• The concept of “impaired loans” no longer applies and loans that are evaluated individually are now classified as “individually evaluated.” In the past, primarily non-performing loans were assessed for a specific reserve. Under the ASU, individually evaluated loans are defined as any loan with risk characteristics that differ from those in the collectively evaluated loan pool.

For example, your institution may choose to individually evaluate a loan that poses a higher credit risk to your institution, even if it is performing. Each institution must determine which loans in their portfolio have distinct risk characteristics and should therefore be individually evaluated for a reserve. Institutions should clearly document the criteria for selecting individually evaluated loans in their updated policy.

• Under the ASU, the troubled debt restructuring (TDR) classification on modified loans was eliminated. The Financial Accounting Standards Board (FASB) concluded that allowance for credit loss models encompass a reserve for credit losses on modified loans.

It was determined that the TDR designation created complexity without adding tangible value to financial statement readers. Under the CECL methodology, institutions must assess whether loan modifications are made for borrowers facing financial difficulties. Additionally, it’s important to determine whether a loan modification extends the current loan or creates a new loan entirely. Policies and procedures should be updated to reflect this change in guidance.

• In relation to available-for-sale investment securities, the concept of other than temporary impairment (OTTI) is no longer relevant. In a previous article, we discuss how credit impairment can still be recognized despite the removal of the OTTI language.

Clarifying Qualitative Adjustments

Another important area to address is the documentation of qualitative factors. It’s crucial to provide as much detail as possible when analyzing these factors. This includes several key considerations that may have been overlooked during the initial adoption process:

• Whether the factors used are deemed appropriate given the nature of the institution. Documentation should explain why each factor is considered and outline the specific data or factors included in the analysis. This also applies to decisions to change or not to change any qualitative factors during a reporting period.
• Justification for the number of basis points applied to each factor – a common method is using a matrix. For example, an institution can categorize risk levels as “low,” “medium,” or “high” based on the factor’s relevance. The qualitative adjustment would then be determined by a formula that combines the assigned risk level, corresponding risk weightings, maximum observed historical losses, and other relevant factors.
• When using data from a third-party vendor, be careful of over-reliance. For any data, such as complex forecasts and assumptions, provided by your CECL model vendor, ensure you thoroughly review it to understand its source. Be confident that the data fits in with your institution. It’s also a good practice to document this analysis.

Evaluating Unfunded Commitments

Off-balance sheet commitments must also be evaluated for a reserve. To avoid common pitfalls in CECL model validation, institutions need to determine which commitments require evaluation for a reserve. A common method for calculating a reserve for unfunded commitments is to apply a utilization rate (based on the historical funding rate for each commitment type) along with a reserve rate.

Reserve factors for off-balance sheet commitment pools can be the same as those for on-balance sheet collectively evaluated pools, as long as they are segmented using the same characteristics (e.g., commitments to grant HELOC loans would use the same basis points reserve as collectively evaluated HELOC loans).

It’s essential that the utilization rate used to calculate the reserve for unfunded commitments is backed by historical data specific to your institution. A common pitfall of selecting a utilization rate for off-balance sheet commitment pools is using a standard utilization rate that may be suggested by the service provider. If your institution chooses to use utilization rates recommended by a third-party provider, it should be able to demonstrate that these rates accurately reflect the historical data of your lending portfolio.

Building Robust Internal Controls

A strong internal control structure is vital to the financial reporting process, particularly with the CECL model. During the adoption year, much of the focus may have been on selecting and developing the model and determining the institution’s direction. However, it’s equally important to update your internal control structure to reflect any new or changed processes from the incurred loss method. This ensures that your current model and the resulting financial reporting are accurate and reliable.

For example, it’s important to have multiple people review everything, including the assumptions used in the model, the model’s calculation results, the determination of individually evaluated loans, and qualitative factor selection (and/or changes during the reporting period).

A common control to verify nothing is overlooked is using a checklist. Many third-party vendors offer checklist templates that cover all aspects of the model calculation process, including levels of preparation and review. Alternatively, management and those involved in the model can create a custom checklist if preferred over a third-party template.

To establish and maintain strong internal controls, you’ll want to ensure you have adequate resources that can carry out these control processes effectively and timely.

Conducting Vendor & CECL Model Due Diligence

As with any third-party vendor, conducting due diligence is a crucial part of the CECL process. While this should have been done before adoption, it’s important to regularly review your vendor—at least annually—to identify any issues that could affect your model.

Vendors typically provide an annual SOC report, where the SOC auditor evaluates the effectiveness of the design, implementation, and, in most cases, the operating effectiveness of the vendor’s internal controls. Reviewing this report annually ensures that the vendor’s controls remain effective, as any breakdowns could directly impact the reliability of your model.

Most SOC reports include Complimentary User Entity Controls (CUECs), which are controls recommended by the third-party service provider for implementation at the user institution. These controls help the service organization provide their services as effectively as possible. These CUEC’s should be formally reviewed and put in place where applicable. It is also a best practice to document this review and refer to the corresponding controls in place.

Additionally, regular due diligence on your CECL model is essential. One effective approach is to conduct a model validation specific to your institution. For more information, refer to Wolf’s insight on common CECL model validation pitfalls.

As part of our CECL model validation services, we provide comprehensive procedures to assess your CECL model, including reviewing related controls, evaluating policies and procedures, aligning with regulatory guidance, and more.

If you’re looking for a trusted partner to help navigate these challenges and avoid common pitfalls, reach out to our team of experienced experts today.