What’s Changed When It Comes to Audit & Risk?


cybersecurity-6-12-17.pngIt’s not surprising that in the wake of the financial crisis, risk has become a much more important topic on bank boards. What’s more surprising is that it is still front and center, even as credit and economic conditions have remarkably improved.

As Bank Director hosts its Bank Audit & Risk Committees Conference in Chicago this week, risk still is top of mind for attendees and speakers. There are a few notable changes, though, during the past few years.

Five or six years ago, much of the talk for community bank boards was about starting an enterprise risk management system. Regulators were talking about it. Bank officers were talking about it. Boards were trying to figure out how to manage the bank’s various risks in a more integrated, comprehensive manner.

Now, enterprise risk management has plateaued at many banks, says Tim Kosiek, a certified public accountant and partner at Baker Tilly, an accounting and advisory firm. Fewer people are talking about it, or starting new programs. Many banks have already established ERM programs, especially those above $1 billion in assets.

“Bankers are not finding this showing up in the regulatory exams to the degree it was five or six years ago,” says Kosiek, mostly because credit conditions have improved.

ERM still has no set framework. There are no set guidelines from regulators that will tell you exactly how to set one up, or what the perfect ERM program looks like.

But as part of it, compared to four or five years ago, many more banks do have a risk appetite statement, and boards are discussing their risk tolerances for various types of risk, such as credit and compliance.

Challenges still remain. For example, it’s still tough for banks to ensure that their various divisions are sticking to the risk tolerances that have been established, Kosiek says. Also, not all banks have a comprehensive enterprise risk management program in place. The people in charge of risk in the organization don’t necessarily have their compensation clearly tied to their performance as risk officers, for example.

Still, despite those challenges, there are some areas where banks have made significant progress as a whole. In general, bank boards are much more likely to discuss cybersecurity risk. They want to learn about it, they want regular updates from bank management and they want to ensure their organizations have good defenses.

In Bank Director’s 2014 Risk Practices Survey, 51 percent of bank directors said cybersecurity was a top concern. In 2017, 85 percent did.

It’s no secret why they are worried. The reality that pretty much every bank is vulnerable has set in. Twenty-six percent of respondents to Bank Director’s 2017 Risk Practices Survey said their bank has experienced a data breach in the last two years.

It’s not just the risk but the difficulty getting a handle on the risk that is so vexing. Cyberattacks, with their constantly changing bad actors and tactics, are difficult to prepare for.

“[Bankers] have spent so much time on credit risk, which they can have an influence on,’’ Kosiek says. “In the cyber side, they just don’t have all the information.”

The topic is so high up on the board’s agenda, Bank Director digital magazine devoted an entire issue to cybersecurity.

While bank boards fretted over cybersecurity concerns during the last few years, they also had to get ready for one of the biggest accounting changes in decades, CECL, which stands for current expected credit loss standard. Basically, banks must start estimating losses for loans and other assets as soon as they acquire them for the life of the asset. CECL goes into effect for public banks’ fiscal years after Dec. 15, 2019 and for nonpublic banks a year later. Audit committees are overseeing the process.

For more information on preparing your bank for the standard, see The Audit & Risk issue.

All these changes are one reason the job of serving on an audit or risk committee is certainly one of the toughest on a bank board. Even as banks have watched their profitability and credit metrics improve in the last few years, the focus on risk coming out the financial crisis has not gone away. It has only shifted.

Facing Up to the Financial Technology Challenge


technology-5-18-17.pngOf all the most difficult issues that bank boards must deal with, technology may be at the top of the list. Banks have long been reliant on technology (think IBM mainframes and ATMs) to run their operations, but in recent years technology has become a primary driver of retail and small business banking strategy. This change can be tied to the growing ubiquity of digital commerce, the integration of the mobile phone into the fabric of our everyday lives, the birth of social media and its adoption as an important business and commercial channel, and the ascendency of the millennial cohort as a major factor in our economy. Technology is everywhere, it’s in everything, and that trend is only going to become more pronounced in the future.

Why do bank directors as a group struggle so much with technology? Are they just a bunch of Luddites? In all fairness, most directors are not career technologists and therefore bring only limited professional knowledge of technology to the task of board governance. But demographics are clearly a factor as well. The average age for most bank boards ranges between the early 60s to the mid-70s, and baby boomers often find themselves overwhelmed by all of the technology-driven changes they see occurring around them. And while there may be an understandable tendency to resist adapting to new technologies in their personal lives, bank directors simply must understand how technology is changing their industry, and how it is impacting their institutions.

Christa Steele is the former president and CEO of Mechanics Bank, a $3.4 billion asset bank in Richmond, California, and more recently the founder and CEO of Boardroom Consulting LLC in San Francisco, where she works closely with bank CEOs and their boards. Steele doesn’t mince words—directors must educate themselves about the changes in financial technology that are transforming their industry—and she offers some suggestions about how this can be done. The following interview has been edited for length and clarity.

BD: Why do most directors at community banks struggle so much with the topic of technology?
Scope of knowledge and lack of diversity in the boardroom. This diversity does not stop at gender, age and ethnicity. Typically, community bank boardrooms are filled with childhood friends and family. This served a purpose early on, especially when those banks were formed. However, as a bank grows and evolves, it’s important to bring in new perspectives. It’s no secret that the majority of community bank revenue models are derived from the net interest margin. Fee revenue is virtually obsolete relative to the overall operating income for most of these institutions.

So how does a bank make up for this shortfall of diversified revenue streams? Management teams and their bank boards need to take a serious look at their digital strategy and internal infrastructure. If they do not assimilate to the changes occurring in what I call this vortex of technology, they’re going to get left behind.

Fixing this starts with succession planning for the institution. We have a lot of community banks where the management teams are close to or at retirement age. Many of these leaders do not want to make necessary changes because of the threat of internal disruption, time commitment, costs and maintaining a short-term horizon. Boards are similar. Most bank boards are tired. I feel boards in general have done an exceptional job getting their arms around compliance and safety and soundness issues in the last 10 years. However, they’ve taken their eye off of the ball when it comes to marketing, digital strategy and technology initiatives. I remember hearing about a Bank Director survey a few years ago in which board members were polled and asked how many of them used their cell phones to transact. It was staggering to learn that nearly half of the respondents didn’t use their bank’s mobile channel. How are these board members supposed to understand technology trends and its impact on the financial sector and their own banks?

BD: What can directors do to become more comfortable with technology?
Get educated beyond compliance training. Attend Bank Director conferences, ask questions, talk to folks involved in financial technology, follow automation. Pay attention to what’s trending. Get connected to social media. Join LinkedIn and gain perspective on what’s going on in the United States and abroad pertaining to technology in the financial sector. See what other people are doing outside of your own market.

Change up the boardroom. Board appointment should be strategic in nature and no longer be about bringing your childhood friend or local jeweler down the street on your board. Bring in a fresh perspective. Evaluate board terms and board limits. A board that is a strategic asset to its bank should consist of expertise in marketing, cybersecurity, digital/e-commerce, financial and risk. Each of these appointments should be from outside your institution. Do not be opposed to bringing in someone younger in their 30s or 40s. By bringing in somebody younger, you bring in someone who is engaged in social media. Social media is where it’s at. We have banks that are interacting and partnering with Facebook. Bank of America just started letting customers transact through a universal login with Facebook where their customers can pay their mortgage payments, they can transfer money between accounts, they can do a variety of things through Facebook. The remainder of your director appointments should be former or current CEOs who provide a macro-level mindset to the ongoing challenges facing the institution.

BD: What are some of the barriers to innovation, particularly in the community bank space, around financial technology?
Lack of understanding the competitive landscape (it’s no longer just the community bank down the street), time, cost and willingness to embark upon a digital transformation. It’s a lot of heavy lifting for management, and oftentimes the board does not understand the complexities and costs associated with this endeavor. Many banks do not fully understand the technology contracts they have in place with their core providers and other technology vendors. Those contracts have them locked in for a duration of time, typically three to seven years. That is the number one barrier to making any changes. It is costly to exit existing contracts.

Many community banks are under utilizing the capability of their existing vendors. At Mechanics Bank, we went through and evaluated every vendor contract. We cut $3.5 million dollars out of our budget in a single calendar year through renegotiating, exiting and forming new relationships with vendors. We found we were paying for services we did not need and paying for services we weren’t using but should be using. This is the first step in embarking upon a new digital strategy.

I highly encourage bank boards to have a refresher course on how a bank operates using a bank simulation model. Each board member picks a role of CEO, CFO, senior credit officer, etc. and has to manage a bank’s funding, pricing, growth, capital requirements, loan loss provisions and so on. This is not only a great team-building exercise and will provide for a greater appreciation of the day-to-day management team of the bank, it will also set a solid foundation for discussing what is needed in the way of technology innovation to run the bank going forward.

Evaluate what you have, get educated on what’s trending, then decide what you need. Do not be the retailer that gets eaten alive by Amazon Prime. Be proactive instead of reactive to the changing needs of your customer base.

BD: Are the major cores an impediment to innovation?
I wouldn’t say impediment. There is no doubt that the big three core technology providers have a stronghold. But they are looking to innovate as well. Their biggest attribute is size and scale. Their biggest downfall is they are a slow-moving ship coming in and out of port. The long and the short of it is, you’re not going to get rid of your core provider. I feel it’s become increasingly important to be better partners with your core. When banks push for some kind of innovation, the cores typically say they’re planning on doing that two years from now. That is when the banks get irritated and push for needing it now but do not want to have to pay for a custom project. That is the frustrating part for the bankers, but the bankers need to help the core understand their needs. I am a firm believer in more outsourcing and in banks becoming nimble. This takes time but is achievable and necessary in this day and age.

BD: When we think about the technology challenges that banks face today and how the board should engage in finding solutions, does it really boil down to a people issue?
Yes, it is that simple. There are a lot of community banks that just refuse to think that financial technology innovation is impacting them. CEOs and directors need to have an open mind and be willing to learn something new. If you understand your digital strategy, you understand your technology strategy and you understand what’s going on around you—guess what, all of the sudden your board is engaged, and it’s going to make your company perform better.

Unit 20: Trends Affecting Today’s Operating Environment



Regulatory swings. Economic ebbs and flows. Rapidly evolving consumer demands. Technological innovation. Changes which have impacted the industry over the past several decades appear to be accelerating and broadening. How will these trends influence bank strategy for 2017 and beyond? In this video, Steve Kent of Piper Jaffray explains the developments impacting the industry, and how executives and boards can face these challenges.

Topics include:

  • Regulatory & Market Trends
  • How These Trends Impact Bank Strategy
  • Considerations for Bank Boards

A glossary of banking terms is included with each video unit.

About the Presenter:

Steve Kent is a managing director and vice chairman of Piper Jaffray & Co.’s financial institutions investment banking group. Mr. Kent joined Piper Jaffray in October 2015 from River Branch Holdings LLC (RBH), where he served as president of River Branch Capital LLC, overseeing client relationships and the execution of multiple private capital financing and merger and acquisition advisory engagements. He was also a member of RBH’s board of directors and investment committee.

Are Directors Tone Deaf on Cybersecurity?


cybersecurity-3-27-17.pngAre the boards of directors at U.S. banks taking the cybersecurity threat seriously enough?

In Bank Director’s 2017 Risk Practices Survey, 85 percent of the 167 respondents—a group that includes bank directors, CEOs, chief risk officers, and chief information and chief technology officers—identify cybersecurity as the risk category they are the most concerned about. And that heightened level of concern is evident across all sizes of institutions in the survey, from banks under $1 billion in assets to those greater than $10 billion.

After all of the high profile, highly successful and highly publicized cyberattacks that have occurred over the last several years, surely every bank director understands the serious nature of cyber risk today. Hackers are incredibly creative and persistent in their efforts to penetrate bank security systems and steal sensitive customer data, money—or both. A successful intrusion can be costly to the bank, damage its reputation with customers, and become an issue with regulators if they believe the bank has a weak cybersecurity program.

Twenty-six percent of the respondents say their bank has experienced a data breach or some other type of cyberattack since 2015, and another 4 percent were the victims of a breach prior to 2015. In other words, nearly one-third of the respondents have already experienced a breach—an incident rate that should get all directors’ attention regardless of whether their banks have been victmized or not.

So, what is being done about this? Over the past two years, the survey participants’ banks have made a number of improvements to their cybersecurity programs, including:

  • Eighty-two percent have invested in technology to better detect and deter cyber threats and intrusions.
  • Eighty-one percent have improved training for staff.
  • Eighty percent have increased their focus on cybersecurity at the board level.
  • Seventy-five percent have improved their internal controls related to cybersecurity.
  • Seventy-five percent have improved and tested their bank’s cyber-incident management and response plan.

But there is still more that can be done to protect against hackers. According to the survey, 38 percent of the respondents still don’t employ a full-time chief information security officer (CISO). As one might expect, this deficiency is most evident at banks under $1 billion is assets, even though they are still likely targets for a cyberattack. The benefit of having a CISO, rather than giving this responsibility to the chief risk officer or chief information officer, is that cybersecurity has become so specialized that it should be handled full-time by one individual with experience in the field. Fifty-one percent of the survey participants say their bank won’t be hiring a CISO in 2017, and 43 percent say they are unsure. Banks under $1 billion are already less likely to employ a CISO, and the survey data suggests that they’re unlikely to hire one this year.

Most surprising of all is that only 17 percent of the respondents say cybersecurity is discussed at every board meeting. Thirty-six percent say the board reviews the issue quarterly, 19 percent say they discuss it semi-annually and 10 percent talk about cybersecurity just once a year. If cybersecurity is truly the most pressing risk management issue facing bank boards today, then why isn’t it being discussed at every board meeting, at every bank?

If it’s the board’s responsibility to set the tone at the top when it comes to risk governance throughout the bank, then it would seem that a lot of boards are tone-deaf when it comes to cybersecurity.

Getting Women Back Into Leadership Roles


executives-3-10-17.pngIt’s a common problem across the U.S.: Working women, who even today are disproportionately responsible for caring for children and elderly family members, take time away from work in the peak of their careers. Can companies increase the diversity of executive staff and boards by offering a way for these women to reenter the workforce? Through its Career Comeback program, Zurich, Switzerland-based UBS AG is recruiting professionals who are now ready to come back to work.

UBS, which has its U.S. headquarters in New York, sees diversity as a “competitive strength,” says Dana Ritzcovan, managing director and head of human resources for the Americas region. “Diverse teams better understand and relate to the needs of our clients, and an inclusive work environment attracts high quality people and helps engage them over the long term.”

In 2015, the consulting firm McKinsey & Co. found that companies with a greater level of gender diversity on the board and management team are 15 percent more likely to outperform less diverse companies. Yet U.S. companies struggle to include women in executive leadership roles, leading to a dearth of women filling seats in the boardroom. Women comprise 14 percent of board seats at banks above $1 billion in assets, according to Bank Director’s data on both public and private companies, despite making up roughly half of the total U.S. workforce.

Creating a mentorship program with the full support of senior management is one way to hire qualified, diverse talent. UBS uses the program to fill high-level roles across its organization—positions that Ritzcovan compares to a vice president or senior vice president position at a regional or community bank.

The program is selective: Candidates must have a minimum of five years of experience in the financial services industry, and seek to reenter the workforce after a minimum 2-year break in their career. “So many people just don’t know how to get back into the workplace,” says Ritzcovan. She says that the candidates’ backgrounds were impressive, but they lacked confidence “because they had been out of the workplace, and they didn’t know how to get it back.” The program is not limited to women, but the vast majority are female.

To give these women their groove back, UBS combines traditional classroom training—understanding the bank’s mission and strategy, as well as refreshing each candidate’s skills in their respective area of expertise—with a support system, providing networking opportunities for the group and assigning a senior-level mentor to each candidate.

Mentors can have a big impact. Women are less likely to drop out of the workforce or seek an opportunity with another company if they see opportunities further up the corporate ladder, says Nancy Sheppard, the CEO and founder of Women2Boards, a consulting firm that connects women with companies that need board members. The glass ceiling looks real when women see an all-male executive team.

Companies most often lose female workers six to 12 years out of college, which is a critical stage for employee growth, says Paula Loop, the leader for PwC’s Governance Insights Center.

As a result of the program, UBS has gained loyal, hard-working employees who bring valuable skills to the company, says Ritzcovan. In 2017, UBS plans to accept 12 individuals in the U.S., up to 15 in the United Kingdom and as many as 20 in Switzerland. Last year, UBS accepted 27 candidates globally, and all but two have stayed with the company. Candidates in Switzerland are hired directly. In the U.S. candidates complete a five month paid internship, and in 2016, ten accepted permanent or contract positions at UBS.

The success of any diversity initiative, including the UBS mentorship program, requires buy-in at the top levels of the organization, which then should carry through culturally. “You need strong senior management that values this kind of a program in order to make it successful,” says Ritzcovan.

Sheppard recommends that banks make it a point to create goals to offer more opportunities for women. For example, one or two women should be considered when filling key positions, she says.

Hiring and promoting more women at the executive level could impact the percentage of women serving on boards. “When companies and boards are looking for new board members, they do focus a lot on their own networks,” says Loop. “Current directors may not know a lot of women in their networks.” Getting more women into executive roles could bridge that gap. “The more women that we can get into these executive roles, then those women can go onto boards—women will be able to see that the opportunities are endless,” says Loop.

To Dine or Not to Dine: Should You Socialize With Fellow Directors?


governance-12-30-16.pngI know a number of bank boards where the directors have a big dinner the night before the board meeting. I guess the idea is that the group will work better together if they get to know each other. Maybe it’s an offshoot of the sports concept of building team chemistry.

A bank’s board of directors, though, is not a sports team, and I just don’t think any of the sports clichés about everyone rowing in the same direction apply. Yes, everyone on the board should be in agreement on the strategic plan, but I think good corporate governance might require some of the tension and push and pull that you don’t want on a sports team.

My feeling is that camaraderie among board members can actually be a bad thing, and too much socializing might hurt the directors’ ability to be impartial in their oversight duties. No one wants a troublemaker on the board, but there are times when someone needs to point out that an emperor has no clothes. And you might be less inclined to point this out if you just had dinner with an emperor or member of his court, shared a bottle of wine, and talked about your kids and your favorite sports teams. Perhaps sharing a meal together as part of a rather long board meeting or retreat is no big deal. But we have to consider the possible impact of too much camaraderie.

When you look back at the banks that got into trouble over subprime mortgage lending, it’s hard not to wonder about the boardroom dynamics when decisions were made about taking on this new level of risk. My guess is that there wasn’t a whole lot of discussion and even less challenging of management on it. Maybe the directors had become too friendly with each other. Maybe they didn’t want to rock the boat and cause dissension with people that had become friends.

Small group dynamics are interesting, and my own observation is that many people in small groups simply don’t want to stand out. I’ve been on four bank boards, and I saw this with one board many years ago. Aside from not wanting to stand out, there’s also the fear of sounding stupid. This can be particularly true when the discussion turns to some arcane accounting matter if you’re not an accountant. Same thing for IT matters for those of us who aren’t technology experts.

What does any of this have to do with board dinners? A fair amount, I think. As for fear of standing out or sounding stupid, it’s only human nature to care more about what our friends think of us than what complete strangers think. And the more directors socialize, the more they probably care what the other directors think of them.

If directors have been to even a handful of board dinners, they’re probably aware of whatever image the other directors have of them. Most people will want to come across as intelligent, thoughtful, and knowledgeable about banking. Why risk ruining that image and that reputation by asking something that might be perceived as being out of line, stupid or even disloyal? It’s easier to simply keep quiet. If, on the other hand, you’ve never really gotten to know your fellow directors on a personal level, wouldn’t it be easier to ask tougher questions, to risk damaging that team chemistry?

Oakland Athletics’ Billy Beane (who was the subject of Michael Lewis’ 2003 best seller “Moneyball”), once told me team chemistry was all nonsense. Teams think of themselves as having good chemistry when they win, and bad chemistry when they lose. “Show me a winning team, and I’ll show you a team with great chemistry,” he told me. “And show me a losing team, and I’ll guarantee you that people will say they have bad team chemistry.”

Success might lead to good team chemistry, but Billy’s point was that good team chemistry doesn’t lead to success. If you’re not a baseball fan, let’s put it this way: Show me a bank with a bad CAMELS rating, a consent order, and ongoing losses, and I’ll almost guarantee you an unhappy board that doesn’t get along.

The point is, chemistry may be all in our heads, but performance is not. Are board dinners a good thing, a bad thing, or are they just dinners? I think they can be a bad thing, but in the end, each board should decide for itself. Billy Beane just might agree with me.

Onboard New Directors to Help Speed Up the Learning Curve


bank-board-12-15-16.pngMost outside directors of a commercial bank or thrift come to the role knowing little about the industry, which for someone who is expected to protect the interests of shareholders and make sure the institution is abiding by the law is a distinct disadvantage. Banking is a complex and heavily regulated industry and it will take time for any new director who doesn’t have a banking background to learn enough to be an effective board member. Still, it helps to know in advance what some of the more difficult challenges are for new directors, and how to handle them.

The length of time it takes to become comfortable and confident in this new role can vary, although it will probably take at least a year to reach that point. As with many things in life, experience can be the best teacher. “In my opinion, there is no bright line on how long it takes,” says David Porteous, the lead director at Columbus, Ohio-based Huntington Bancshares, and partner at the McCurdy Wotila & Porteous law firm in Reed City, Michigan. “It is very dependent on the individual. Have they sat on a bank board before? If they have, that accelerates their knowledge base. If they haven’t served on a bank board before, but maybe they’ve served on a board in another industry that has similar characteristics to the bank, that helps.”

Becoming a fully contributing bank director is a two- to three-year process, says Peter Crist, chairman at Wintrust Financial Corp. in Rosemont, Illinois, and chairman of Crist Kolder Associates, an executive recruiting firm in Downers Grove, Illinois. “It takes, minimally, a full year. You have to go through an entire cycle, from annual meeting through the four to five board meetings you have, through a budget system, a budget cycle. You’ve got to go through a full year to even understand what the cadence is. It’s when you’re in year two and three that the light bulbs start to go on because suddenly you’re now for the second time and third time seeing the same information that’s helping you think through the enterprise model.”

Crist says the same logic applies to whatever committee the new director is assigned to. “If you follow the cadence of a compensation committee, the early part of the year is the executive development and succession management activity. By the end of the year you’re [making] decisions about compensation. There’s a cadence at each committee, and I think you need at least a full cycle, maybe two, to get your head around what’s happening.”

The Three Challenges
For Crist, the first challenge new directors face is learning how to listen. “A new board member needs to be able to go into a boardroom, ego in check, and be a sponge,” he says. “In the first 12 months of engagement, listening is really important. Listen and absorb. Pay attention to what the chairman is saying and where the conversation is flowing. I think in the early days one has to be very sensitive to the balance of listening and speaking.”

New directors often find the amount of information they are expected to absorb prior to a board or committee meeting daunting, so they also need to learn how to prepare themselves. “You cannot do enough homework early on as a bank board member because the subject matter is deep and wide and you really have to spend time doing it,” Crist says. “You have to get ready. You cannot come into a board meeting unprepared. It will show.”

The third challenge is to learn about the bank’s various businesses and operations. “To be an effective board member I believe one really has to get a great understanding of the enterprise,” Crist says. “That takes more than reading material. That means site visits and really understanding where the enterprise is heading, and how you can contribute given whatever skill you might have, whether it’s a functional skill, an industry skill or something that you developed over time that has made you what you are—a CEO, CFO, head of marketing or whatever.”

For Don Musso, president and CEO at FinPro, a bank consulting firm in Gladstone, New Jersey, the challenges facing new bank directors begin with getting their arms around the industry’s regulatory system. “Most directors don’t come from heavily regulated industries so for almost all of them, it’s a little bit of a shock how we’ve got the Federal Deposit Insurance Corp., the Comptroller of the Currency and the states promulgating the volume of rules that they do,” says Musso, who has served on a several bank boards including, currently, Millington Bank in Millington, New Jersey.

Musso says that new directors are also surprised by the competitive landscape that banks operate in today. “It’s not just competition from other banks, it’s from credit unions, it’s from fintech companies like Lending Tree,” he says. “Even on the deposit side we’re seeing some major pushes from some of the insurance carriers and pension funds.

Try an Onboarding Program
A new director’s progression up the learning curve can be accelerated by an onboarding program that gives them an introduction to the bank and tries to prepare them for what to expect. “Wintrust added three board members in an 18-month period and our general counsel had this wonderful roadmap laid out with the meetings they’d have, the people they’d meet internally, the sessions they would sit in on,” Crist says. The educational sessions were on a variety of topics, including the bank’s balance sheet, risk and asset/liability management, and they were run by Wintrust personnel who could help the new directors get up to speed about the bank. “They’re all smart people,” Crist says of the incoming directors, “so you’re going to match them up with other really smart people and make sure that in each session, they are given a pretty deep dive into the elements of that particular discipline.”

Crist offers another suggestion that might not be for the faint of heart, but would hasten the learning process considerably: Serving on the audit committee, which is generally considered to be the most difficult committee assignment. “There’s so much about the enterprise and its various elements that you get if you’re on the audit committee or the risk committee,” he says. “[In terms of information, audit committees] really force you to drink from a fire hose.”

Providing a thorough onboard program is probably the single most effective way that bank boards can shorten the learning process for new directors. “If you don’t have an onboarding process, then l think that [the learning process] may take a long time because many times what happens is they may be reluctant to ask some basic questions,” says Porteous. “Many times, you ask the question and people around the room are going, ‘Gee, I’ve been wanting to ask that too.’”

Raising the Bar: Top Challenges Facing Bank Boards


Regulators are expecting more and more from bank management teams and boards. In this video, Lynn McKenzie, a partner at KPMG, offers solutions to help address the top challenges facing the industry.

  • Legal and Regulatory Compliance
  • Cybersecurity
  • Financial and Regulatory Reporting
  • Vendor Risk Management

Succession Planning for the Board: What to Consider


succession-7-6-16.pngBenjamin Franklin is quoted as saying “If you fail to plan, you are planning to fail.” And that old quote couldn’t be more applicable to bank board succession planning, especially nowadays when the industry is undergoing so many significant changes.

Boards today need to be planning for even more technology reliance, new fee-based income generators, tougher regulations, and fewer professionals interested in banking as a career. The days when a bank could rely solely on investors and well-connected business people to guide its direction are almost gone. Instead, tomorrow’s banks will need leadership with expertise in the crucial areas that aren’t directly adding to the bottom line, such as technology, risk, compliance and audits.

There are a lot of moving parts in a bank board succession plan. That’s why we’ve highlighted seven areas to consider that have surfaced from our experiences working with banks and their board succession plans.

Optimize Your Composition: Boards need to find the right people to reflect the strategic priorities of the shareholders. Banks today have moved to finding niche lending areas in addition to traditional banking services to meet growth objectives. It is imperative to build a board that aligns with and is complementary to the bank’s strategic plan. For example, if a bank is transitioning from a branch-focused model to a branchless model, it’s important to incorporate expertise on the board who can guide that transition. Perhaps reducing the number of directors will increase the productivity of the board.

Anticipate What’s Coming: It’s important to understand the changing bank market, including technology and regulatory shifts that are expected in the next three to five years. Understanding this gives banks an opportunity to move out of reactionary situations and become proactive. Having board members with the right experience and forward-thinking approach can help define new potential business lines while adhering to shifting compliance and regulatory demands.

Identify Necessary Skills: Once you have identified coming shifts in the business, it’s important to determine the skills needed to meet those challenges. Beyond driving business, boards should include members who bring a skill set that advances the bank toward its strategic priorities, whether technology, cyber-security, audit, risk and/or compliance. As a bank grows, it should consider bringing on directors who understand more complex banking models. If a bank wants to move into a niche, bringing a board member in with specific experience can help guide the bank in that area.

Consider Investor Expectations: It’s important to keep in mind the fiduciary role the board plays. Investors want to see a committed board qualified to serve, while remaining devoted to the short and long-term success of the bank. Investors today are actively monitoring the governance of banks.

Get a Technology Expert on the Board: It’s time to consider adjusting the board’s composition to complement the capabilities of the next generation of leadership. One big switch between today’s leaders and tomorrow’s will likely be reliance on technology. Technology has been a missing piece on a lot of boards, and as the next generation of leadership takes the helm to steer banks toward more technology-driven services, it will be essential to have a technology expert on the board. This person should not only understand technology, but also understand how to leverage it to connect with customers.

Self-Assess: Directors are increasingly using self-assessments to look for gaps in expertise and skills, some of which could be addressed with training or further development. Assessments can help drive consistent refreshment of the business over time by adding needed skills as the complexity of banking continues.

When it comes to who will lead succession planning for the board, it is typically the governance committee’s responsibility but in privately held banks, the chairman often runs the show on succession planning. As regulators are increasingly asking about director succession, the ownership of the plan will increasingly shift to the independent directors of the governance committee. Knowing when and how often to develop and refresh a succession plan depends on where a bank is in its development. A newer bank will likely review the succession plan for the board more frequently than a more established bank.

Getting Called Out on Cybersecurity


cybersecurity-6-15-16.pngSeventy-seven percent of respondents to Bank Director’s 2016 Risk Practices Survey identified cybersecurity as their number one risk concern—and yet the great majority of them discuss cybersecurity only infrequently during board meetings. This surprising result was confirmed during a presentation at Bank Director’s Bank Audit and Risk Committees Conference, when only 23 percent of the attendees said they discuss cybersecurity at every board meeting during an audience response survey.

The majority of boards still do not review cybersecurity at every board meeting and only a minority do,” said Sai Huda, senior vice president and general manager risk, information security and compliance solutions at FIS Global. “The majority of boards do not review their cybersecurity plan on a regular basis.”

The audit and risk conference was held June 14-15 in Chicago and attracted over 300 bank directors and risk management professionals.

Huda also questioned whether the attendees were spending enough money on cybersecurity. Over 29 percent of the audience said their bank had increased the cybersecurity budget from 10 percent to 25 percent, and roughly 15 percent had increased the cybersecurity budget more than 25 percent. But nearly 56 percent of the respondents had either increased their cybersecurity budgets by less than 10 percent, had made no increase at all or didn’t know what their budgeting practices were in this area.

The nature of cybersecurity spending is expected to change significantly over the next five years, according to Huda. Until recently most of the money has been spent on building secure defenses against intruders, and yet by Huda’s estimate more than 90 percent of all U.S. companies have been successfully penetrated. “A breach is going to happen,” he said. “It’s a questions of when, not if.” Going forward more of the cybersecurity budget will be spent on reacting to intrusions than preventing them. “Timely detection and response are the keys to success,” he said.

When asked during the audience survey which threats they thought their bank was the least prepared for, 40 percent said they were ill prepared to detect malicious insider activity, 21 percent felt they were not receiving the latest intelligence on cyber threats, 19 percent said they were ill prepared to detect anomalous or abnormal activity, 12 percent worried about their ability to block denial of service attacks and roughly 8 percent thought that detecting malware was a deficiency of their bank.

The nature of cyber security attacks has also changed in recent years, according to Huda. Today, the attacks are stealthier, more targeted in that the hackers are after something very specific, and persistent in that the hackers keep at it until they have broken through a bank’s defenses. Today’s threats also tend to be multi-pronged, in that hackers will attack bank systems at a variety of access points simultaneously, and the hackers themselves have evolved over time. Where once they were often individuals acting on their own, “today they tend to be well funded crime syndicates and nation states,” he said. “The whole cybersecurity ballgame has changed.”