This is the July 5, 2015 update to the “Roadmap to Financial and Housing Market Stabilization Plans” document. This update includes the following:
• FHFA released its annual g-fee report. The report tracks adjustments from 2009 through 2014 and shows that guarantee fees have increased over this period. Overall, the average level of g-fees has increased since 2009. The g-fees are currently two-and-a-half times their previous level; from 2009 to 2014, average fees increased from 22 basis points to 58 basis points. From 2013 to 2014, average fees increased from 51 basis points to 58 basis points. In 2014, primarily because of changes in the models the GSEs use to estimate the capital necessary to support their mortgage guarantee business, gaps on 30-year fixed rate loans were more negative and gaps on 15-year loans were more positive than in 2013. A gap is the difference between actual g-fees charged and the expected cost of providing the guarantee. While the gap on 30-year fixed rate loans was negative relative to targeted return on capital, the returns on capital were positive. The percentage of loans that the GSEs purchased from small lenders grew substantially in 2014, while pricing differences between small sellers and large sellers remained small.
• The FFIEC released a cybersecurity assessment tool to help institutions identify their risks and assess their cybersecurity preparedness. There are two parts to the assessment: an inherent risk profile and cybersecurity maturity. The inherent risk profile identifies the amount of risk posed to an institution by the types, volume, and complexity of the institution’s technologies and connections, delivery channels, products and services, organizational characteristics, and external threats, notwithstanding risk-mitigating controls. The cybersecurity maturity includes domains, assessment factors, components, and individual declarative statements across five maturity levels to identify specific controls and practices that are in place. While management can determine the institution’s maturity level in each domain, the assessment is not designed to identify an overall cybersecurity maturity level.
• GAO released a cybersecurity report entitled, Bank and Other Depository Regulators Need Better Data Analytics and Depository Institutions Want More Usable Threat Information. The report states:
o The largest institutions were generally examined by IT experts, while medium and smaller institutions were sometimes reviewed by examiners with little or no IT training. Each regulator had efforts under way to increase the number of their staff with IT expertise.
o Regulators generally focused on IT systems at individual institutions but most lacked readily available information on deficiencies across the banking system. Regulators were not routinely collecting IT security incident reports and examination deficiencies and classifying them by category of deficiency. Bank regulators directly address the risks posed to their regulated institutions from third-party technology service providers, but the NCUA lacks this authority. Bank regulators routinely conduct examinations of service providers’ information security.
o Depository institutions obtain cyber threat information from multiple sources, including federal entities such as the Treasury. Representatives from more than 50 financial institutions told GAO that obtaining adequate information on cyber threats from federal sources was challenging. Treasury has various efforts under way to obtain and confidentially share information with other institutions.
o GAO recommends that Congress consider granting NCUA authority to examine third-party technology service providers, and that regulators explore ways to better collect and analyze data on trends in IT examination findings across institutions.
• The Federal Reserve announced its first determination of the aggregate consolidated liabilities of all financial companies. Section 622 of the Dodd-Frank Act prohibits any financial company combination if the resulting company's liabilities exceed 10 percent of this amount. As of December 31, 2014, the amount was $21,632,232,035,000.