Skip to Main Content

Blog

Gain perspectivesOur blog

LIBOR is leaving—is your financial institution ready to make the most of it?

In July 2017, the UK’s Financial Conduct Authority announced the phasing out of the London Interbank Offered Rate, commonly known as LIBOR, by the end of 20211. With less than two years to go, US federal regulators are urging financial institutions to start assessing their LIBOR exposure and planning their transition. Here we offer some general impacts of the phasing out, some specific actions your institution can take to prepare, and finally, background on how we got here.

How will the phase out impact financial institutions?

The Federal Reserve estimates roughly $200 trillion in LIBOR-indexed notional value transactions in the cash and derivatives market4. LIBOR is used to help price a variety of financial services products,  including $3.4 trillion in business loans and $1.3 trillion in consumer loans, as well as derivatives, swaps, and other credit instruments. Even excluding loans and financial instruments set to mature before 2021—estimated by the FDIC at 82% of the above $200 trillion—LIBOR exposure is still significant3.

A financial institution’s ability to lend money is largely dependent on the relative stability of its capital position, or lack thereof. For institutions with a significant amount of LIBOR-indexed assets and liabilities, that means less certainty in expected future cash flows and a less-stable capital position, which could prompt institutions to deny loans they might otherwise have approved. A change in expected cash flows could also have several indirect consequences. Criticized assets, assessed for impairment based on their expected future cash flows, could require a specific reserve due to lower present value of expected future cash flows.

The importance of fallback language in loan agreements

Fallback language in loan agreements plays a pivotal role in financial institutions’ ability to manage their LIBOR-related financial results. Most loan agreements include language that provides guidance for determining an alternate reference rate to “fall back” on in the event the loan’s original reference rate is discontinued. However, if this language is non-existent, contains fallbacks that are no longer adequate, or lacks certain key provisions, it can create unexpected issues when it comes time for financial institutions to reprice their LIBOR loans. Here are some examples:

  • Non-existent or inadequate fallbacks
    According to the Alternative Reference Rates Committee, a group of private-market participants convened by the Federal Reserve to help ensure a successful LIBOR transition, …most contracts referencing LIBOR do not appear to have envisioned a permanent or indefinite cessation of LIBOR and have fallbacks that would not be economically appropriate.

    For instance, industry regulators have warned that without updated fallback language, the discontinuation of LIBOR could prompt some variable-rate loans to become fixed-rate4, causing unanticipated changes in interest rate risk for financial institutions. In a declining rate environment, this may prove beneficial as loans at variable rates become fixed. But in a rising rate environment, the resulting shrink in net interest margins would have a direct and adverse impact on the bottom line.
  • No spread adjustment
    Once LIBOR is discontinued, LIBOR-indexed loans will need to be repriced at a new reference rate, which could be well above or below LIBOR. If loan agreements don’t provide for an adjustment of the spread between LIBOR and the new rate, that could prompt unexpected changes in the financial position of both borrowers and lenders3. Take, for instance, a loan made at the Secured Overnight Financing Rate (SOFR), generally considered the likely replacement for USD LIBOR. Since SOFR tends to be lower than three-month LIBOR, a loan agreement using it that does not allow for a spread adjustment would generate lower loan payments for the borrower, which means less interest income for the lender.

    Not allowing for a spread adjustment on reference rates lower than LIBOR could also cause a change in expected prepayments—say, for instance, if borrowers with fixed-rate loans decide to refinance at adjustable rates—which would impact post-CECL allowance calculations like the weighted-average remaining maturity (WARM) method, which uses estimated prepayments as an input.

What can your financial institution do to prepare?

The Federal Reserve and the SEC have urged financial institutions to immediately evaluate their LIBOR exposure and expedite their transition. Though the FDIC has expressed no intent to examine financial institutions for the status of LIBOR planning or critique loans based on use of LIBOR3, Federal Reserve supervisory teams have been including LIBOR transitions in their regular monitoring of large financial institutions5. The SEC has also encouraged companies to provide investors with robust disclosures regarding their LIBOR transition, which may include a notional value of LIBOR exposure4.

Financial institutions should start by analyzing their LIBOR exposure beyond 2021. If you don’t expect significant exposure, further analysis may be unnecessary. However, if you do expect significant future LIBOR exposure, your institution should conduct stress testing using LIBOR as an isolated variable by running hypothetical transition scenarios and assessing the potential financial impact.

Closely examine and assess fallback language in loan agreements. For existing loan agreements, you may need to make amendments, which could require consent from counterparties4. For new loan agreements maturing beyond 2021, lenders should consider selecting an alternate reference rate. New contract language for financial instruments and residential mortgages is currently being drafted by the International Securities Dealers Association and the Federal Housing Finance Authority, respectively3—both of which may prove helpful in updating loan agreements.

Lenders should also consider their underwriting policies. Loan underwriters will need to adjust the spread on new loans to accurately reflect the price of risk, because volatility and market tendencies of alternate loan reference rates may not mirror LIBOR’s. What’s more, SOFR lacks abundant historical data for use in analyzing volatility and market tendencies, making accurate loan pricing more difficult.

Conclusion

The cessation of LIBOR brings challenges and opportunities that will require in-depth analysis and making difficult decisions. Financial institutions and consumers should heed the advice of regulators and start assessing their LIBOR risk now. Those that do will not only be better prepared―but also better positioned―to capitalize on the opportunities it presents.

Need help assessing your LIBOR risk and preparing to transition? Contact BerryDunn’s financial services specialists.

1 https://www.washingtonpost.com/business/2017/07/27/acdd411c-72bc-11e7-8c17-533c52b2f014_story.html?utm_term=.856137e72385
2 https://www.investopedia.com/terms/l/libor.asp
3 https://www.fdic.gov/regulations/examinations/supervisory/insights/siwin18/si-winter-2018.pdf
4 Thomson Reuters Checkpoint Newsstand April 10, 2019
5 https://www.reuters.com/article/us-usa-fed-libor/fed-urges-u-s-financial-industry-to-accelerate-libor-transition-idUSKCN1RM25T

Blog
When one loan rate closes, another opens

Who has the time or resources to keep tabs on everything that everyone in an organization does? No one. Therefore, you naturally need to trust (at least on a certain level) the actions and motives of various personnel. At the top of your “trust level” are privileged users—such as system and network administrators and developers—who keep vital systems, applications, and hardware up and running. Yet, according to the 2019 Centrify Privileged Access Management in the Modern Threatscape survey, 74% of data breaches occurred using privileged accounts. The survey also revealed that of the organizations responding:

  • 52% do not use password vaulting—password vaulting can help privileged users keep track of long, complex passwords for multiple accounts in an encrypted storage vault.
  • 65% still share the use of root and other privileged access—when the use of root accounts is required, users should invoke commands to inherent the privileges of the account (SUDO) without actually using the account. This ensures “who” used the account can be tracked.
  • Only 21% have implemented multi-factor authentication—the obvious benefit of multi-factor authentication is to enhance the security of authenticating users, but also in many sectors it is becoming a compliance requirement.
  • Only 47% have implemented complete auditing and monitoring—thorough auditing and monitoring is vital to securing privileged accounts.

So how does one even begin to trust privileged accounts in today’s environment? 

1. Start with an inventory

To best manage and monitor your privileged accounts, start by finding and cataloguing all assets (servers, applications, databases, network devices, etc.) within the organization. This will be beneficial in all areas of information security such as asset management, change control and software inventory tracking. Next, inventory all users of each asset and ensure that privileged user accounts:

  • Require privileges granted be based on roles and responsibilities
  • Require strong and complex passwords (exceeding those of normal users)
  • Have passwords that expire often (30 days recommended)
  • Implement multi-factor authentication
  • Are not shared with others and are not used for normal activity (the user of the privileged account should have a separate account for non-privileged or non-administrative activities)

If the account is only required for a service or application, disable the account’s ability to login from the server console and from across the network

2. Monitor—then monitor some more

The next step is to monitor the use of the identified privileged accounts. Enable event logging on all systems and aggregate to a log monitoring system or a Security Information and Event Management (SIEM) system that alerts in real time when privileged accounts are active. Configure the system to alert you when privileged accounts access sensitive data or alter database structure. Report any changes to device configurations, file structure, code, and executable programs. If these changes do not correlate to an approved change request, treat them as incidents and investigate.  

Consider software that analyzes user behavior and identifies deviations from normal activity. Privileged accounts that are accessing data or systems not part of their normal routine could be the indication of malicious activity or a database attack from a compromised privileged account. 

3. Secure the event logs

Finally, ensure that none of your privileged accounts have access to the logs being used for monitoring, nor have the ability to alter or delete those logs. In addition to real time monitoring and alerting, the log management system should have the ability to produce reports for periodic review by information security staff. The reports should also be archived for forensic purposes in the event of a breach or compromise.

Gain further assistance (and peace of mind) 

BerryDunn understands how privileged accounts should be monitored and audited. We can help your organization assess your current event management process and make recommendations if improvements are needed. Contact our team.

Blog
Trusting privileged accounts in the age of data breaches

In a closely held business, ownership always means far more than business value. Valuing your business will put a dollar figure on your business (and with any luck, it might even be accurate!). However, ownership of a business is about much more than the “number.” To many of our clients, ownership is about identity, personal fulfillment, developing a legacy, funding their lifestyle, and much more. 

We explored the topic of what business ownership means on Wednesday, May 8th, in the final presentation of our value acceleration series, exploring how to increase business value and liquidity. In this final installment, we discussed the decision of whether to grow your business or exit, and which liquidity options are available for each path. 

While it may seem counterintuitive, we find that it is best to delay the decision to grow or exit until the very end of the value acceleration process. After identifying and implementing business improvement and de-risking projects in the discover stage and the prepare stage (see below), people may find themselves more open to the idea of keeping their business and using that business to build liquidity while they explore other options. 

Once people have completed the discover and prepare stages and are ready to decide whether to exit or grow their business, we frame the conversation around personal and business readiness. Many personal readiness factors relate to what ownership means to each client. In this process, clients ask themselves the following questions:

  • Am I ready to not be in charge?
  • Am I ready to not be identified as the business?
  • Do I have a plan for what comes next?
  • Do I have the resources to fund what’s next? 
  • Have I communicated my plan?

On the business end, readiness topics include the following:

  • Is the team in place to carry on without me?
  • Do all employees know their role?
  • Does the team know the strategic plan?
  • Have we minimized risk? 
  • Have I communicated my plan?

Whether you choose to grow your business or exit it, you have various liquidity options to choose from. Liquidity options if you keep your business include 401(k) profit sharing, distributions, bonuses, and dividend recapitalization. Alternatively, liquidity options if you choose to exit your business include selling to strategic buyers, ESOPs, private equity firms, management, or family. 

In our discussion about liquidity, we addressed several other topics that audience members were curious about. One of these topics was the use of earn-outs in the sale of a business. In an earn-out, a portion of the price of the business is suspended, contingent on business performance. The “short and sweet” on this topic is that we typically find them to be most effective over a two- to three-year time period. When selecting a metric to base the earn-out on (such as revenue, profit, or customer retention), consider what is in your control. Will the new owner change the capital structure or cost structure in a way that reduces income? Further, if the planned liquidity event involves merging your company into another company, specify how costs will be allocated for earn-out purposes. 

We also discussed rollover equity (receiving equity in the acquiring company as part of the deal structure) and the use of warrants/synthetic equity (incentives tied to increases in stock price). Here are some of the key points from this discussion:

  • Make sure you know how you will turn your rollover equity into cash.
  • Understand potential dilution of your rollover equity if the acquiring company continues to acquire other targets. 
  • Make sure the percentage of equity relative to total deal consideration is reasonable.
  • Seller financing typically has lower interest rates and favorable terms, so warrants are often attached to compensate the seller. 
  • Warrants are subject to capital gains tax while synthetic equity is typically ordinary income. As a result, warrants often have lower tax consequences.
  • Synthetic equity may work well for long-term incentive plans and for management buyouts. 

We enjoyed talking with business owners, management, and their advisors during this five-session series. We have found that through the value acceleration process, clients are able to increase business value and liquidity, giving them control over how they spend their time and resources.

If you are interested in learning more about value acceleration, please contact me. I would be happy to meet with you, answer any questions you may have, and provide you with information on upcoming value acceleration presentations. 

Blog
Decide: Value acceleration series part five (of five)

Law enforcement, courts, prosecutors, and corrections personnel provide many complex, seemingly limitless services. Seemingly is the key word here, for in reality these personnel provide a set number of incredibly important services.

Therefore, it should surprise no one that justice and public safety (J&PS) IT departments should also provide a well-defined set of services. However, these departments are often viewed as parking lots for all technical problems. The disconnect between IT and other J&PS business units often stems from differences in organizational culture and structure, and differing department objectives and goals. As a result, J&PS organizations often experience misperception between business units and IT. The solution to this disconnect and misperception? Defining IT department services.

The benefits of defined IT services

  1. Increased business customer satisfaction. Once IT services align with customer needs, and expectations are established (e.g., service costs and service level agreements), customers can expect to receive the services they agreed to, and the IT department can align staff and skill levels to successfully meet those needs.
  2. Improved IT personnel morale. With clear definition of the services they provide to their customers, including clearly defined processes for customers to request those services, IT personnel will no longer be subject to “rogue” questions or requests, and customers won’t be inclined to circumvent the process. This decreases IT staff stress and enables them to focus on their roles in providing the defined services. 
  3. Better alignment of IT services to organizational needs. Through collaboration between the business and IT organizations, the business is able to clearly articulate the IT services that are, and aren’t, required. IT can help define realistic service levels and associated services costs, and can align IT staff and skills to the agreed-upon services. This results in increased IT effectiveness and reduced confusion regarding what services the business can expect from IT.
  4. More collaboration between IT and the organization. The collaboration between the IT and business units in defining services results in an enhanced relationship between these organizations, increasing trust and clarifying expectations. This collaborative model continues as the services required by the business evolve, and IT evolves to support them.
  5. Reduced costs. J&PS organizations that fail to strategically align IT and business strategy face increasing financial costs, as the organization is unable to invest IT dollars wisely. When a business doesn’t see IT as an enabler of business strategy, IT is no longer the provider of choice—and ultimately risks IT services being outsourced to a third-party vendor.

Next Steps

Once a J&PS IT department defines its services to support business needs, it then can align the IT staffing model (i.e., numbers of staff, skill sets, roles and responsibilities), and continue to collaborate with the business to identify evolving services, as well as remove services that are no longer relevant. Contact us for help with this next step and other J&PS IT strategies and tactics.

Blog
The definition of success: J&PS IT departments must define services

This blog is the first in a series to help employee benefit plan fiduciaries better understand their responsibilities and manage the risks of non-compliance with ERISA requirements.

On Labor Day, 1974, President Gerald Ford signed the Employee Retirement Income Security Act, commonly known as ERISA, into law. Prior to ERISA, employee pensions had scant protections under the law, a problem made clear when the Studebaker automobile company closed its South Bend, Indiana production plant in 1963. Upon the plant’s closing, some 4,000 employees—whose average age was 52 and average length of service with the company was 23 years—received approximately 15 cents for each dollar of benefit they were owed. Nearly 3,000 additional employees, all of whom had less than 10 years of service with the company, received nothing.

A decade later, ERISA established statutory requirements to preserve and protect the rights of employees to their pensions upon retirement. Among other things, ERISA defines what a plan fiduciary is and sets standards for their conduct.

Who is—and who isn’t—a plan fiduciary?

ERISA defines a fiduciary as a person who:

  1. Exercises discretionary authority or control over the management of an employee benefit plan or the disposition of its assets,
  2. Gives investment advice about plan funds or property for a fee or compensation or has the authority to do so,
  3. Has discretionary authority or responsibility in plan administration, or
  4. Is designated by a named fiduciary to carry out fiduciary responsibility. (ERISA requires the naming of one or more fiduciaries to be responsible for managing the plan's administration, usually a plan administrator or administrative committee, though the plan administrator may engage others to perform some administrative duties).

If you’re still unsure about exactly who is and isn’t a plan fiduciary, don’t worry, you’re not alone. Disagreements over whether or not a person acting in a certain capacity and in a specific situation is a fiduciary have sometimes required legal proceedings to resolve them. Here are some real-world examples.

Employers who maintain employee benefit plans are typically considered fiduciaries by virtue of being named fiduciaries or by acting as a functional fiduciary. Accordingly, employer decisions on how to execute the intent of the plan are subject to ERISA’s fiduciary standards.

Similarly, based on case law, lawyers and consultants who effectually manage an employee benefit plan are also generally considered fiduciaries.

A person or company that performs purely administrative duties within the framework, rules, and procedures established by others is not a fiduciary. Examples of such duties include collecting contributions, maintaining participants' service and employment records, calculating benefits, processing claims, and preparing government reports and employee communications.

What are a fiduciary’s responsibilities?

ERISA requires fiduciaries to discharge their duties solely in the interest of plan participants and beneficiaries, and for the exclusive purpose of providing benefits for them and defraying reasonable plan administrative expenses. Specifically, fiduciaries must perform their duties as follows:

  1. With the care, skill, prudence, and diligence of a prudent person under the circumstances;
  2. In accordance with plan documents and instruments, insofar as they are consistent with the provisions of ERISA; and
  3. By diversifying plan investments so as to minimize risk of loss under the circumstances, unless it is clearly prudent not to do so.

A fiduciary is personally liable to the plan for losses resulting from a breach of their fiduciary responsibility, and must restore to the plan any profits realized on misuse of plan assets. Not only is a fiduciary liable for their own breaches, but also if they have knowledge of another fiduciary's breach and either conceals it or does not make reasonable efforts to remedy it.

ERISA provides for a mandatory civil penalty against a fiduciary who breaches a fiduciary responsibility under ERISA or commits a violation, or against any other person who knowingly participates in such breach or violation. That penalty is equal to 20 percent of the "applicable recovery amount" paid pursuant to any settlement agreement with ERISA or ordered by a court to be paid in a judicial proceeding instituted by ERISA.

ERISA also permits a civil action to be brought by a participant, beneficiary, or other fiduciary against a fiduciary for a breach of duty. ERISA allows participants to bring suit to recover losses from fiduciary breaches that impair the value of the plan assets held in their individual accounts, even if the financial solvency of the entire plan is not threatened by the alleged fiduciary breach. Courts may require other appropriate relief, including removal of the fiduciary.

Over the coming months, we’ll share a series of blogs for employee benefit plan fiduciaries, covering everything from common terminology to best practices for plan documentation, suggestions for navigating fiduciary risks, and more.

Blog
What's in a name? A lot, if you manage a benefit plan.

This site uses cookies to provide you with an improved user experience. By using this site you consent to the use of cookies. Please read our Privacy Policy for more information on the cookies we use and how you can manage them.