Risk is always a prominent factor for banks. Their ability to strategically navigate change proved to be crucial in a year of unprecedented challenges caused by the Covid-19 pandemic.

Moss Adams partnered with Bank Director to conduct the 2021 Risk Survey that explored key risks facing the industry – and forecast how banks will emerge from the pandemic. Below is a summary of top insights from the survey, as well as considerations that bank leadership should keep front of mind as they go into the second half of the year.

Rising Credit Risk Concerns

Unsurprisingly, concerns around credit risk increased in 2020.

Two-thirds of bank respondents worry about concentrations in their loan portfolio, particularly around industries significantly strained during the pandemic, including commercial real estate and hospitality. Almost all respondents modified loans in second and third quarters of 2020 to aid their customers during the initial wave; some of these modifications extended into the fourth quarter.

Evaluation Metrics and Portfolio Concerns

Two separate metrics are now in play for regulators’ evaluations. As a result, it’s important to remember that just because your bank’s loan portfolio doesn’t receive a favorable rating doesn’t mean your bank or management won’t be evaluated favorably.

Regulators might downgrade a portfolio rating as some credits went into deferrals due to business shutdowns and borrowers being unable to make payments. However, bank management could receive a strong rating because of actions they took to keep the bank running and support customers.

While modifications reflect current realities, they don’t diminish the fact that portfolios are degrading from a stability standpoint. Forty-three percent of respondents tightened underwriting standards during the pandemic, while roughly half are unsure if they’ll adjust standards in 2021 and 2022.

Banks that have good governance will loosen their underwriting standards and will be strategic about to whom they lend money. In addition, they will assess which loans they’ll permit to be in delinquent status without taking action, and which they’ll defer.

Increases in Stress Testing

While annual stress tests are common for banks, 60% of respondents expanded the quantity or depth of economic scenarios in response to the pandemic. This is despite regulators’ previous increase of the asset cap threshold for required testing.

Most institutions focus not just on interest rate stress testing – they test the whole portfolio. This is driving more stress testing on the viability of collateral for loans and liquidity. Institutions know they’ll face increased allowance provisions and write-offs, so they’re stress testing the capital resiliency of their organization and see how they would shoulder that burden.

Looking forward, banks may want to focus on concentrated risks within the portfolio. They may also want to apply different, more specific stress testing criteria to various segments such as multifamily real estate, hospitality and mortgages, knowing certain areas may pose greater risk.

Improved Plans for Continuity and Disaster Recovery

The pandemic placed a renewed focus on continuity and disaster recovery. While most organizations had a pandemic provision in their plans following guidance from the Federal Financial Institutions Examination Council (FFIEC), they had been considered only hypothetical exercises. When an actual pandemic hit, many organizations had to react quickly, focus and learn how to adapt during the experience. Most banks will enhance their business continuity plans as a result of the pandemic: 84% of respondents say they’ve made or plan to make changes to their plans.

Key improvement areas include plans to:

  • Formalize remote work procedures.
  • Educate and train employees.
  • Provide the right tools to staff.
  • Ensure the bank’s IT infrastructure can adapt in a crisis.

Cybersecurity and Remote Work Setups

Three-quarters of respondents plan for at least some employees to work remotely after the pandemic abates. This makes cybersecurity a significant concern that boards need to further explore and implement additional precautions around.

Previously, with employees working in one space, there was only one entry point of attack for cybercriminals. Suddenly, with employees working from potentially hundreds of different locations, hundreds of entry points could exist.

Factoring in employees’ mental states is also a crucial vulnerability. It’s easier for cybercriminals to take advantage of or deceive employees that are navigating the difficulties of working from home and the general stresses of the pandemic. Increased staff training, as well as technology improvements, can help better detect and deter cyberthreats and intrusions.

Looking Forward

Though many respondents noted the resilience of the industry, it’s important to not get complacent. Banks certainly weathered the hard times, but the biggest impacts of the past year likely won’t be fully visible until the pandemic subsides.

Once that occurs, some businesses will reopen but may need more capital. Others may still close permanently, leaving banks to determine which loans won’t get repaid, engage bankruptcy courts, take cents on the dollars for the loan and charge write-offs.

So while this past year has been a major learning experience, the lesson likely won’t be concluded until early 2022.

 

Assurance, tax, and consulting offered through Moss Adams LLP. Investment advisory services offered through Moss Adams Wealth Advisors LLC.

WRITTEN BY

Craig Sanders

Partner

Craig Sanders is a partner at Moss Adams LLP. He has provided audit and IT security services since 1999. He works with clients in the financial services industry to implement core business systems, internet banking and cash management platforms, business continuity and disaster recovery planning and programs, GLBA compliance and telecommunications and security systems.