As banks continue to become more reliant on technology, the risks and concerns around cybersecurity and compliance continue to grow. Bank Director’s 2019 Risk Survey, sponsored by Moss Adams LLP, compiled the views of 180 bank leaders, representing banks ranging from $250 million to $50 billion in assets, about the current risk landscape. Respondents identified cybersecurity as the greatest concern, continuing the trend from the previous five versions of this report and indicating an industry-wide struggle to fully manage this risk.

Other top trends included the use of technology to enhance compliance and the potential effect of rising interest rates. Here’s what banks need to know as they assess the risks they’ll face in the coming year.

Cybersecurity
Regulatory oversight and scrutiny around cybersecurity for banks seems to be increasing. Agencies including the Securities and Exchange Commission are focused on the cybersecurity reporting practices of publicly traded institutions, as well as their ability to detect intruders. The Colorado legislature recently passed a law requiring credit unions to report data breaches within 30 days. It’s no surprise that 83 percent of respondents said their concerns about cybersecurity had increased over the past year.

Most of the cybersecurity risk for banks comes from application security. The more banks rely on technology, the greater the chance they face of a security breach. Adding to this, hackers continue to refine their techniques and skills, so banks need to continually update and improve their cybersecurity skills. This expectation falls to the bank board, but the way boards oversee cybersecurity continues to vary: Twenty-seven percent opt for a risk committee; 25 percent, a technology committee and 19 percent, the audit committee. Only 8 percent of respondents reported their board has a board-level cybersecurity committee; 20 percent address cybersecurity as a full board rather than delegating it to a committee.

Compliance & Regtech
Utilizing technological tools to meet compliance standards—known as regtech—was another prevalent theme in this year’s survey. This is a big stress area for banks due to continually changing requirements. The previous report indicated that survey respondents saw increased expenses around regtech. This year, when asked which barriers they encountered around regtech, 47 percent responded they were unable to identify the right solutions for their organizations. Executives looking to decrease costs may want to consider whether deploying technology could allow for fewer personnel. When this technology is properly used, manual work decreases through increased automation.

Other compliance concerns for this year’s report included rules around the Bank Secrecy Act and anti-money laundering. Seventy-one percent of respondents indicated they implemented or plan to implement more innovative technology in 2019 to better comply with BSA/AML rules.

Compliance with the current expected credit loss standard was another area of concern. Forty-two percent of respondents indicated their bank was prepared to comply with the CECL standard, and 56 percent replied they would be prepared when the standard took place for their bank.

Interest Rate & Credit Risk
The potential for additional interest rate increases made this a new key issue for the 2019 report. When asked how an interest rate increase of more than 100 basis points, or 1 percent, would affect their banks’ ability to attract and retain deposits, 47 percent of respondents indicated they would lose some deposits, but their bank wouldn’t be significantly affected. Thirty percent indicated an increase would have no impact on their ability to compete for deposits.

However, 55 percent believed a severe economic downturn would have a moderate impact on their banks’ capital. In the event of such a downturn, deposits and lending would slow, and banks could incur more charge-offs, which would impact capital. This fluctuation can be easy to dismiss, but careful planning may help reduce this risk.

Assurance, tax, and consulting offered through Moss Adams LLP. Investment advisory services offered through Moss Adams Wealth Advisors LLC. Investment banking offered through Moss Adams Capital LLC.

WRITTEN BY

Craig Sanders

Partner

Craig Sanders is a partner at Moss Adams LLP. He has provided audit and IT security services since 1999. He works with clients in the financial services industry to implement core business systems, internet banking and cash management platforms, business continuity and disaster recovery planning and programs, GLBA compliance and telecommunications and security systems.