Fair Value Accounting: What Lawyers Need to Know

securitiesdocket

Bruce Carton of Securities Docket put together a great panel of securities and accounting experts to discuss the evolution of fair value accounting regulations and the impact of the guidelines in accounting and legal contexts.

Presenters

These are my notes from the webcast.

Fair value accounting records the estimated market value of many assets and liabilities on balance sheets. Although sometimes called “mark-to-market” but that is a misnomer. You need to estimate the value if there is no market for the asset. Fair value estimation methods were standardized by SFAS 157 (ASC Topic 820 –Fair Value Measurements and Disclosures) issued by FASB in 2007.

The standard came out just in time for the financial meltdown.

There are three types of measurement:

Level 1: Based on quoted prices in active markets for identical instruments.

  • Listed stocks, actively traded bonds.

Level 2: Based on observable (auditable) inputs used to estimate an exit value.

  • Two similarly situated buildings in a downtown real estate market.
  • OTC interest-rate swap, fair valued based on observable data such as the contract terms and the current LIBOR forward rate curve.
  • Contracts with option-like features, fair valued based on contract terms, observed volatility, interest rates.

Level 3: Based only on unobservable inputs and assumptions used by the company to estimate an exit value (i.e., where markets don’t exist or are illiquid).

  • CDOs, many financial derivatives, stock in unlisted companies.
  • Level 3 fair value estimates usually employ the company’s own models, notably variants of Discounted Cash Flow (Present Value) models.

Huge losses reported by financial firms on subprime assets led to a debate over the implementation of SFAS 157 when markets become illiquid and price inputs aren’t readily available. During the crisis, banks and investment banks were required to reduce the book value of mortgage-backed securities to reflect their current prices.Those prices declined severely with the collapse of credit markets as mortgage defaults escalated. Banks were forced to raise capital and quickly jettison some of thee securities to raise capital, further providing downward pressure on the values. So, banks and politicians have blamed fair value accounting for contributing to the crisis.

On the other side, fair value accounting gave a more realistic view of the financial health of an institution. One of the factors in the financial crisis was that parties did not trust the credit-worthiness of their counterparties. Fair value provides important information about the values of financial assets and liabilities, as compared to their historical costs (original price). There should be greater transparency allowed for better informed decisions. It also limits the ability to manipulate earnings by timing the sale of assets.

But there are downsides to fair value accounting. When markets are illiquid, fair value is a hypothetical transaction price that cannot be measured reliably. When fair values are provided by sources other than liquid markets, they are unverifiable and allow firms to engage in discretionary income management. By recognizing unrealized gains and losses, fair value accounting creates volatility in a company’s equity. This is particularly important for financial institutions because it affects their regulatory capital.

There is also the quirk of the fair value accounting for one’s own liabilities. Some banks reported gains because of a decline in quality of their debt. They recorded an income gain because they were more likely to default on their debt.

One of the issues in the financial crisis is that mortgage-back securities moved from Level 1 valuations to Level 3 valuations very quickly. Models were not established for valuations of these assets when they went toxic and cash flows dried up.

References:

Ways Webinars Fail

After my webinar with Bruce Carton on Tuesday (Web 2.0: Leveraging new media to Maximize Your Securities and Compliance Practice), I ran across a three part series on Why Webinars Fail from Larry Kilbourne: Content Failures, Format Failures and,  Process Failures.  I hope we did not make too many of these mistakes:

  • Cramming too much into one slide. The unmoving PowerPoint slide becomes like wallpaper on the monitor. (Larry recommends a slide or two per minute.)
  • A presenter simply reading the bullet points. (“Bullet points, if used properly, are the basis for commentary, not the commentary itself.”)
  • Animations and streaming video. (Audience members may not have the internet connection bandwidth to handle them.)
  • Delivering a monologue. (Use a “Charlie Rose” format.)
  • Using the webinar as a sales pitch. (Webinar registrants are prepared to get pitched, but they expect in return to receive information, data, or research that will benefit them.)
  • Live product demos. (Inevitably the product crashes – in real time, in front of an audience.)
  • Lack of preparation. (Unrehearsed webinars generally look unrehearsed.)

Thanks to Stewart Mader for pointing out these articles: Why Webinars Fail To Sustain Attention & How to Fix Them.

Today’s “Web 2.0″ Webcast Materials

If you plan on joining us for today’s webcast, I wanted to make some more information available.

Twitter:

twitter_logoWe will  be monitoring Twitter before, during and after the webcast for questions and comments using the #SecuritiesD hashtag.

Slides:

You can also download the slides at:

Instructional Videos from CommonCraft:

Sites shown on the slides:

To attend this webcast scheduled for February 17, at 2 pm Eastern, please sign up on the Securities Docket website.

Re-Post – Web 2.0: Leveraging New Media to Maximize Your Securities & Compliance Practice

On February 17, 2009, Securities Docket is sponsoring a webcast that will look at the numerous ways that securities and compliance counsel and professionals can now use web 2.0 to promote, market, and network themselves, their practices and their firms as never before.

Please join Bruce Carton, Editor of Securities Docket, and me for a webcast that will discuss the best new tools and strategies available to securities and compliance counsel and professionals.

twitter_logoWe will also be monitoring Twitter before, during and after the webcast for questions and comments using the #SecuritiesD hashtag.

To attend this webcast scheduled for February 17, at 2 pm Eastern, please sign up on the Securities Docket website.

The Corporate Risk Management Library

Here are my notes from this webinar from Compliance Week, sponsored by CA, Inc.: Enhancing the Risk Profile of Your Organization: The Corporate Risk Management Library

Speakers:
Tom McHale, Vice President of Product Management, CA
Christopher Fox, Principal Consultant, Governance Compliance and Risk Group, CA

We are seeing a movement from executive autonomy to executive accountability and corporate secrecy to corporate transparency.

We are seeing an evolution in risk management. We need to identify the strategic risks. We also need to figure out how to get ourselves assured that we are addressing all risks. We are in a changing and diverse environment with government investments, stimulus packages, new regulations and new issues.

A “risk library” is comprehensive set of risks for specific categories, with a representation of the scope of risks for an organization, used by enterprise risk management processes. One key is to have an agreed upon classification (or taxonomy) across the organization.

In searching for a risk library where can you start? These are some references:

  • Federal Sentencing Guidelines
  • OCEG Redbook
  • COSO
  • Federal Reserve Guidance
  • CobIT 4.1
  • Federal Reserve URSIT
  • ISO 27002
  • EPA Legislations
  • Basel II
  • SEC  listing requirements
  • Australian Standard 4360

The requirements of a risk library should have a holistic view. Financial risk is only one dimension. You want to also include strategic and tactical risk.

They moved onto examples of a risk library structure.

They set level 1 as internal risk and external risk. Level 2 was broken down into governance, operations, technology, compliance, financial, reporting, environment, international, market and social trends. Then they showed a third level of risk below the level 2 risk of governance. then they show a level 4 of various market conditions  such as demographics, employment, labor relations and exchange rates.

Once you have the corporate risk management library, you decide which risks you can manage. After selecting those to manage you need to report on the risks, set up a compliance program, create policies and procedures, assess the risks and create an action program.

A Unified Approach to GRC

A participated in a webinar by Carole Stern Switzer of OCEG and Sumner Blount of CA, Inc. on Unified Governance, Risk and Compliance.

Governance – the culture, policies, processes, laws and institutions the define the structure by which companies are directed and managed.

Risk – the effect of uncertainty on business objectives.

Compliance – The act of adhering to and demonstrating adherence to the external regulations and standards as well as corporate policies.

GRC is the coordination of these three areas to increase efficiency and produce more complete information for better decisions-making.

After all, bad information leads to bad decision-making.

The evolution to GRC came from one-off controls and testing as each new regulation came into place. The start was generally because of Sarbanes-Oxley. In the early days the internal audit and the general counsel operated separately from the operations group. The operations are run through the internal IT systems. As more compliance groups grew, they sent more and more audit and information requests to the operation groups. The goal is to unify and simplify the risk and compliance.

The siloed information makes it hard to determine the status of compliance and difficult to map controls to regulations. Sumner proposes a global repository of audits, risks, test and test results, cross referenced to unite the silos of information. A single source of truth for compliance, risk and governance.

The unified approach should result in giving you visibility into the state of operations and risks. This could allow you to remediate problems before they become critical.

The policy lifecycle starts with (1) identifying the requirements, (2) setting polices to meet requirements, (3) creating controls to enforce policies and then (4) monitoring and remediating the controls. This lifecycle should have feedback loops so that policies and controls stay up date and functional.

Sumner sees five management tools: regulatory content, risk management, policy management, controls management and project management.

For policy management you need support for the creation, review, self-assessment and update of policy documents. You need a workflow to track approvals. You need track people having attested that they have read, comply and will comply with the policy.

With regulatory content is difficult to develop the expertise, keep the information up-to date and translated into the control objectives.  It is also great to harmonize the controls across regulations. That way you are not created redundant or even conflicting controls.

For controls management you want a centralized repository of controls mapped to the associated policies, regulations, risks and resources. You also want to store test results and assignment of actions to be done.

For project management, you want to track project status, support for an audit trail and support for reporting.

The key is to reduce costs, reduce disruptions, improve risk management, use it to drive operational improvement to gain competitive advantage.