United States: "Let’s Form A Committee"— Issues Facing Financial Institutions In Implementing The Latest Guidance On Complex Structured Finance Transactions

On January 5, the four federal depository institution supervisors and the Securities and Exchange Commission published their Interagency Statement on Sound Practices Concerning Elevated Risk Complex Structured Finance Activities ("Interagency Statement"). A hyperlink to the Interagency Statement appears at the end of this advisory.

The stated intent of the agencies in issuing the Interagency Statement is to help financial institutions in identifying complex structured finance transactions ("CSFTs") that may pose heightened legal or reputational risks to the institution ("elevated risk CSFTs") and in evaluating, managing and addressing those risks within the institutions’ internal control frameworks. The agencies cite as examples of elevated risk CSFTs those in which the customer’s regulatory, tax, or accounting treatment for the CSFT, or disclosures to investors concerning the CSFT in the customer’s public filings or financial statements, do not comply with applicable laws, regulations, or accounting principles. The agencies also note that, in some instances, CSFTs have been used to misrepresent a customer’s financial condition to investors, regulatory authorities, and others, and that in these situations investors have been harmed and financial institutions have incurred significant legal and reputational exposure.

For an organization that does not have policies and procedures in place similar to those set out in the Interagency Statement, the organization will have an opportunity to create a mechanism that could prevent, or lessen the potential for, a costly error. The establishment of such policies and procedures also can serve as an information tool allowing management of different profit centers or products to learn of cutting-edge developments planned by their colleagues. It should also allow directors to have a better overview of these developments. Establishing policies and procedures that conform to the Interagency Statement will not be a simple task for some institutions. For others, it may require a retooling of policies and procedures already in place.

The Interagency Statement is not a regulation. The Interagency Statement is guidance on the part of the federal depository institution supervisors and a policy statement by the SEC. The federal agencies state that the Interagency Statement does not establish any legally enforceable requirements or obligations. "Violation" of a statement would not necessarily carry the same implication as violation of an agency regulation. A statement can be regarded as setting out safe and sound practices for a financial institution. Through the use of a statement an agency is, in effect, communicating to the directors and senior management of a financial institution the agency’s views on good practice. The failure of an organization to follow the guidance of the Interagency Statement or weaknesses in an organization’s implementation of the Interagency Statement could, however, lead to formal remedial action, including a cease-and-desist action for engaging in an unsafe or unsound banking practice.

The federal agencies also state that the Interagency Statement is not intended to create any private rights of action or alter or expand the legal duties and obligations that a financial institution may have to a customer, its shareholders, or other third parties under applicable law. Nonetheless, the Interagency Statement’s requirements could provide fodder for a litigation opponent. The Interagency Statement’s recordkeeping requirements could also provide a road map for opposing counsel.

All federally-insured or federally-chartered banks and thrifts are covered by the Interagency Statement. All bank and thrift holding companies (other than foreign banking organizations) are covered. All SEC-registered broker-dealers and investment advisors are covered. Interestingly, the SEC did not seek to apply the Interagency Statement to broker-dealer holding companies.¹ United States branches and agencies of foreign banks are covered. The application of the Interagency Statement to foreign banks is discussed in more detail below.

Our complex financial system, with its variety of supervisors and regulators, could present some interesting challenges for a financial institution seeking to implement the guidance of the Interagency Statement. A bank holding company could have national bank, state member bank, savings association, SEC registered brokerdealer, and SEC-registered investment advisor subsidiaries. While a foreign bank is not subject to the Interagency Statement, its SEC-registered broker-dealer and investment advisor would be. Some unitary thrift holding companies have substantial non-financial operations; no guidance is given in the Interagency Statement on the scope of the Statement for those organizations.

The Interagency Statement does not require a financial institution to establish a new committee to review CSFTs in order to ascertain which CSFTs present heightened legal and reputational risk. However, it is difficult to perceive how the risk-management principles of the Interagency Statement can be implemented without a committee of some sort. This could be an existing committee or a new one. Large and complex financial institutions will need to consider whether to establish "mini-committees" to review CSFTs. More problematic elevated risk CSFTs can be referred to a high-level group. While the Interagency Statement does not require a financial institution to have its most senior management review elevated risk CSFTs, the Interagency Statement leans in that direction. For example, we would counsel against having the chief executive officer participating in the CSFT review process. On the other hand, the CEO should be kept abreast of CSFT developments.

The financial institution will have to implement policies and procedures for the identification of CSFTs. Those policies and procedures could set out those transactions that are not elevated risk CSFTs and those elevated risk CSFTs that are "typical" transactions for the organization and therefore not requiring review. This would depend on the scope of the organization’s business. The purpose would be to ensure that problematic transactions are reviewed without requiring profit-center, product, and other senior management to devote substantial amounts of time to reviewing elevated risk CSFTs. For those organizations that have a fulltime examiner on premises, it might be desirable to discuss the proposed policies and procedures with the examiner. Others might meet with examinations staff to go over the proposed program. Several organizations already have CSFT committees in place; it might be desirable to meet with staff of those organizations to gain insight into their experiences.

As noted above, the Interagency Statement applies to CSFTs that pose heightened legal or reputational risk to the institution – i.e., elevated risk CSFTs. The term "complex structured finance transaction" is not defined by the agencies. Instead, the Interagency Statement provides that the hallmarks of a non-complex transaction are a well-established track record and familiarity to participants in the financial markets. The agencies note in this regard that certain "plain vanilla" transactions would "typically" not be considered CSFTs. These include standard mortgage-backed securities transactions, public securitizations of retail credit cards, assetbacked commercial paper conduit transactions, and hedging transactions involving "plain vanilla" derivatives or collateralized loan obligations.

The agencies state that the Interagency Statement would not affect or apply to the vast majority of financial institutions. A financial institution that engages in very few elevated risk CSFTs still might want to consider establishing policies and procedures, if it has not already done so, to address other transactions with heightened legal or reputational risk. Those policies and procedures would not have to adhere closely to the Interagency Statement, but there may well be portions of those risk-management principles that would be beneficial to such an institution.

The Interagency Statement applies globally to financial institutions, other than foreign banking organizations. The agencies do, however, recognize that a financial institution may need to tailor its policies and procedures to comply with applicable laws, regulations, and standards of foreign jurisdictions.

Obviously, the focus should be on those transactions that present heightened legal or reputational risk. In bank supervisory terms, these are risks that would be reviewed by depository institution examiners under Pillar Two of the Basle II revised capital adequacy framework.² The Interagency Statement cites as examples of transactions that may warrant scrutiny as elevated risk CSFTs those that (either individually or collectively) appear to the financial institution during the ordinary course of its transaction approval or new product approval process to:

• Lack economic substance or business purpose;

• Be designed or used primarily for questionable accounting, regulatory, or tax objectives, particularly when the transactions are executed at year-end or at the end of a reporting period for the customer;

• Raise concerns that the client will report or disclose the transaction in its public filings or financial statements in a manner that is materially misleading or inconsistent with the substance of the transaction or applicable regulatory or accounting requirements;

• Involve circular transfers of risk (either between the financial institution and the customer or between the customer and other related parties) that lack economic substance or business purpose;

• Involve oral or undocumented agreements that, when taken into account, would have a material impact on the regulatory, tax, or accounting treatment of the related transaction, or the client’s disclosure obligations;

• Have material economic terms that are inconsistent with market norms (e.g., deep "in the money" options or historic rate rollovers); or

• Provide the financial institution with compensation that appears substantially disproportionate to the services provided or investment made by the financial institution or to the credit, market, or operational risk assumed by the institution.

As noted above, there will be a need to prepare written policies and procedures for defining CSFTs and elevated risk CSFTs. An organization should consider whether the policies and procedures should additionally include other transactions that are not CSFTs that present elevated legal and reputational risk to the organization. Of the two, reputational risk goes to the heart of a financial institution’s purpose -- serving the needs of its customers and counterparties. It goes without saying that the institution should be in compliance with applicable laws, regulations, and accounting principles.

A financial institution must implement policies and procedures not only to identify elevated risk CSFTs, but also to provide for the conduct of a heightened level of due diligence for these transactions. The purpose of these policies and procedures should not be to prevent the financial institution from entering into elevated risk CSFTs. Instead, the purpose should be to better ensure that these transactions are identified and managed and, to the extent necessary, modified to bring risk within the institution’s appetite.

The Interagency Statement provides that a financial institution should design due diligence policies and procedures to allow personnel at an appropriate level to understand and evaluate the potential legal or reputational risks presented by the transaction to the institution and to manage and address any heightened legal or reputational risks ultimately found to exist with the transaction. The Interagency Statement emphasizes that a financial institution should conduct the level and amount of due diligence for an elevated risk CSFT that is commensurate with the level of risks identified. The agencies note in this regard that a financial institution that structures or markets an elevated risk CSFT to a customer, or that acts as an advisor to a customer or investors concerning an elevated risk CSFT, may have additional responsibilities under the federal securities laws, the Internal Revenue Code, state fiduciary laws, or other laws or regulations and consequently may have greater legal and reputational risk exposure than a financial institution that acts only as a counterparty for the transaction.

With regard to the conduct of due diligence for an elevated risk CSFT, the agencies caution financial institutions to independently analyze the potential risks to the institution from both the transaction and the institution’s overall relationship with the customer, and also not to conclude that a transaction identified as an elevated risk CSFT involves minimal or manageable risks solely because another financial institution will participate in it or because of the size or sophistication of the customer or counterparty. Financial institutions are also reminded to consider carefully whether it is appropriate to rely on opinions or analyses prepared by or for the customer concerning any significant accounting, tax, or legal issues associated with an elevated risk CSFT.

As noted earlier, a financial institution’s policies and procedures will need to be documented and will likely be reviewed by examiners. The Interagency Statement does not require documentation regarding the determination of whether a specific transaction is a CSFT or an elevated risk CSFT. If the financial institution has such procedures, then the Interagency Statement provides that the institution should maintain sufficient documentation to verify that the institution’s policies and procedures for elevated risk CSFTs are being followed.

This documentation with respect to an elevated risk CSFT should be sufficient to allow the institution to (i) document the material terms of the transaction, (ii) enforce the material obligations of the counterparties, (iii) confirm that the institution has provided the customer any required disclosures, and (iv) verify that the institution’s policies and procedures are being followed.

The Interagency Statement addresses when and the extent to which decisions on elevated risk CSFTs should be documented. These decisional documentation requirements apply only to those elevated risk CSFTs potentially involving the greatest degree of risk, not those dealt with by "junior" personnel. Actions by senior management are subject to documentation requirements. The factors considered and conditions imposed by senior management in acting need to be documented. Minutes must be kept.

Efforts regarding documentation should focus on the extent to which that documentation could be used in litigation against the financial institution. For a deal gone sour, it will provide a roadmap to opposing counsel. It is important for counsel to have an active role in establishing policies and procedures and reviewing the documentation relating to a particular CSFT, especially one to be reviewed by senior management.

The approval process for elevated risk CSFTs should include representatives from the business lines and/or client management as well as a control area independent of the business area involved. The individuals involved should have sufficient expertise and stature within the organization to evaluate legal and reputational risks. The agencies additionally state that these individuals must also have that same degree of expertise and stature to be able to evaluate credit, market, and operational risk to the organization. This in effect requires a CSFT committee to be a broad-based risk management mechanism. If a financial institution already has a senior management credit committee, a market risk committee, and a new product committee, the institution will have to see how elevated risk CSFTs fit into their existing structure. This may be simple or may require much effort. If committees are consolidated, then all of the Interagency Statement requirements might become applicable to that committee’s operation.

It is clear that the agencies expect senior management to review those elevated risk CSFTs with higher degrees of potential risk.

One of the concerns raised by the earlier agency proposals on CSFTs was the extent to which the agencies might be requiring a financial institution to become a police officer vis-à-vis its counterparties. This seems to have been addressed in the Interagency Statement. It arises in the context of actions that might need to be taken to ameliorate risk in an elevated risk CSFT. The agencies set this out in an illustration.

"Such actions may include … conditioning its participation upon the receipt of representations or assurances from the customer that reasonably address the heightened legal or representational risks presented by the transaction. Any representation provided by a customer should be obtained before a transaction is executed and be received from, or approved by, an appropriate level of the customer’s management."

This should go a long way to addressing those concerns.

The Interagency Statement does not apply to foreign banking organizations – that is, a foreign bank that has a branch, agency, or commercial lending company subsidiary in the United States or that controls a bank or an Edge corporation in the United States, or a parent company of such a foreign bank. While the extraterritorial scope of the Interagency Statement is thus limited with respect to foreign banking organizations, U.S. branches and agencies of foreign banks are subject to the Interagency Statement. The Statement provides that a foreign bank branch’s or agency’s policies, including management review and approval requirements, "should" be coordinated with the foreign bank’s group-wide policies developed under its home-country supervisory rules and "should" be consistent with the foreign bank’s overall corporate and management structure and framework for risk management and internal controls. A foreign bank branch or agency should be prepared to demonstrate that it is acting consistent with these expectations. In this regard, how will a U.S. bank regulatory agency determine whether a foreign bank is complying with home-country requirements?

The Interagency Statement provides that a financial institution’s CSFT program should provide for periodic independent reviews of its CSFT activities to verify and monitor that its policies and controls relating to elevated risk CSFTs are being implemented effectively and that elevated risk CSFTs are accurately identified and received proper approvals. These independent reviews can be performed by appropriately qualified audit, compliance or other personnel in a manner consistent with the institution’s overall framework for compliance monitoring, with due regard for issues such as the independence of reviewing personnel from the business line.

The agencies also expect that a financial institution’s internal audit department will regularly audit the financial institution’s adherence to its own control procedures relating to elevated risk CSFTs. In addition, the financial institution’s internal audit function should assess the adequacy of the institution’s CSFT policies and procedures, and periodically validate that business lines and individual employees are complying with the financial institution’s standards for elevated risk CSFTs and appropriately identifying any exceptions. This raises a question as to whether any member of the internal audit staff ought to be part of the CSFT review process.

We believe that financial institutions should regard the Interagency Statement as a positive development. The agencies have moved from a more prescriptive approach in the earlier proposals to a more principles-based approach. All financial institutions, whether or not they engage in CSFT activities, should examine the Interagency Statement with a view to seeing what policies and procedures might be adopted.

Interagency Statement