Historically, credit has often been the number one risk banks faced. But with an increasing amount of regulation and new technology opening up the gateway of attacks on bank infrastructure, other sorts of risks are gaining increasing attention these days. In advance of Bank Director’s seventh annual Bank Audit Committee Conference in Chicago June 6 through June 7, we asked speakers to describe the risk concerns of their clients. We asked:
“What risks do you see financial institutions most concerned about: Operational, regulatory or credit?”
Operational and regulatory risks are more inter-related than ever before. Banks still seem extremely mindful of credit risk, but management teams have “gotten used to” those risks, and have been living with the new reality for many years. Now we are seeing a lot of activity relating to regulatory changes and how those changes affect operations. Over the next few years, it will be critical for management teams to stay on top of the regulatory changes and make sure that they are comfortable that their entity’s operations are able to respond to the ongoing regulatory changes. This includes conducting a thorough internal review of internal and external compliance function to ensure that it is appropriately staffed and receiving adequate guidance.
Operational. Since the vast majority of bank management today has operated in the gradually declining interest rate environment since the early 1980s, operating their institutions in a future that virtually guarantees rising interest rates presents a new challenge. Managing earnings without exposing their banks to the same interest rate risk pressures that nearly destroyed the thrift industry in the decade of the 80s will require dedication to sound asset-liability management processes.
Credit Risk. The credit crisis magnified credit risks distinguishing good lenders from poor ones, and banks that survived strengthened internal controls to avoid a repeat scenario. While many banks have cleaned up their loan portfolios, credit risks will remain at the forefront of bankers’ minds across the country for many years to come.
— Steve Hovde, president & chief executive officer, Hovde Financial Inc.
Regulatory. A strong enterprise risk management program covering all aspects of the risk spectrum is essential to managing regulatory risk today. Risk must be managed from the top -down with all members of the board of directors and enior management agreeing on the risk appetite of the organization, what level of tolerance they are willing to accept and what metrics will be utilized to monitor the risks.
— Brian Blaha, partner, Wipfli LLP
Whether one looks at the lost or disrupted business caused by recent cyber-attacks, or the massive regulatory settlements in divers areas involving Libor rigging, AML (anti-money laundering) non-compliance, or failure to supervise third party vendors offering misleading credit products, it becomes clear that financial institutions need to take operational and regulatory risks at least as seriously as they take credit risk.
Risk and compliance managers need to be more creative about uncovering the next problem rather than just establishing controls to prevent the last problem from recurring.
I believe the biggest risk to financial institutions today is in the regulatory arena. It seems there is something new every day with which banks must comply. It can make your head spin! Having a solid regulatory monitoring function is critical to managing this risk.
— Kendra Decker, partner, National Professional Standards Group, Grant Thornton LLP
Regulatory risks are the primary concern; however, it’s not unusual for there to be elements of operational risk and/or credit risk within the regulatory risk as well.
Risks continue to evolve and the regulatory environment is very dynamic. The program that effectively managed regulatory risk last year needs to continue to evolve to be effective going forward. Regulatory risk that is managed within business as usual processes is generally more effective than processes that are added simply to assist in complying with evolving regulatory requirements.
— Mike Percy, partner, Crowe Horwath LLP
Operational. There are two fronts. Given margin compression, banks are looking at cost containment. This includes reviewing the process for efficiencies and re-evaluating their delivery network. We are seeing banks take a hard look at their branch network. The second item relates to technology—both from a standpoint of delivery and risk mitigation. If we really understood the regulatory burden in our future, then it would be worth the concern. At this point, it is too nebulous which makes it impossible to address.
— Sal Inserra, partner, Crowe Horwath LLP
In today’s banking environment, where these types of risks are so very interrelated, it seems more difficult than ever to untie operational, credit and regulatory risk from one another and identify one as being more critical than another. From an audit committee standpoint as it relates to BOLI (Bank-Owned Life Insurance), the justification for the asset purchase, the product structure and the ongoing review of the credit of various carriers creates regulatory and credit risk challenges. Add to that additional challenges from BASEL III and Dodd-Frank, along with a tepid economic recovery coming out of the great recession, and a complete, more thorough understanding of the BOLI asset will be critical in the future.
— Becky A. Pressgrove, senior vice president and chief operating officer, Equias Alliance LLC