Cybersecurity Should Keep Bank Leaders Up at Night


cybersecurity-6-11-18.pngTwo years in a row, Mike Morris and his team at the consulting firm Porter Keadle Moore dinged a client bank for what the firm saw as a potential security threat by allowing access to personal email accounts while using company equipment.

Then about a month ago, on a Friday afternoon, Morris, a partner and cybersecurity expert at PKM, got a call. The bank they had written up two straight years for the same potential security lapse had, in fact, been breached by someone using personal email on company equipment, exactly what they had identified as the possible threat.

Such cybersecurity threats are among the most serious for any institution for a multitude of reasons, from fiduciary responsibilities to reputation and beyond. Cybersecurity will be a common topic at the Bank Director’s 2018 Bank Audit & Risk Committees Conference, held June 12-13 in Chicago.

Morris has multiple stories about hacks and phishing scams that have in some way compromised personal data or a customer’s own money.

Another recent case: A customer fell victim to a phishing scam, and the source in China managed to wire $150,000 through another bank before they “got lazy” and tried to draw another $150,000 directly from the customer’s bank. The second transaction, thankfully, was caught by the bank’s compliance team in review.

“That’s happening on a regular basis, and it’s not a new trend, but yeah, it’s happening all the time,” Morris says.

Some of the financial services industry’s most experienced experts paint a dark picture about how prepared—or not—banks generally are for cyberattacks, or perhaps more generally, just threats to customer information that could ultimately pose a risk to the bank.

It’s not a new challenge for the industry. Banks have had training along with regulator attention and oversight for at least a decade on this topic, but with an increasingly vast digital footprint, troves of data and relationships outside the walls of the bank with vendors, the potential threats grow in parity.

“Firms that successfully introduce cutting-edge technologies need to infuse cybersecurity risk management practices throughout the entire development life cycle to identify and mitigate new risks as they emerge,” said Bob Sydow, a principal at Ernst & Young, in testifying before the Senate Banking Committee in late May. “This shift in mindset from thinking about cybersecurity as a cost of doing business to seeing it as a growth enabler is not easy, but it is the only viable path forward.”

The data about cyber threats—not to mention what seems like weekly headlines about data breaches—doesn’t help dissuade any worry that bank leaders or risk officers might have. The 2017-18 Global Information Security Survey by Ernst & Young found nearly 90 percent of some 1,200 bankers around the world said their cybersecurity function doesn’t fully meet their organization’s need. More than a third said their data protection policies were ad hoc or nonexistent, Sydow told senators, just weeks after Facebook CEO Mark Zuckerberg was on Capitol Hill testifying about Cambridge Analytica’s use of the social network’s user data.

“As banks and other financial services firms define their digital strategies, their operations are becoming ever more integrated into an evolving and, at times, poorly understood cyber ecosystem,” Sydow said.

That integration Sydow talked about is an area where there’s considerable risk, Morris says, that should be reviewed and understood by audit committees, risk committees, boards and other bank leaders. Financial institutions are working with an increasing number of third-party vendors for specific services or products, some of which require that vendor to access the data of the bank’s customers. That itself presents a risk, and boards should be especially careful when negotiating contracts that in early draft stages tend to favor the interests of the vendor but are often revised through the negotiation process.

Morris says it should be a top priority for banks to have a right-to-audit clause or confidentiality clause in those agreements, which gives the bank some authority to ensure the data to which they are allowing access is treated properly and kept secure. Boards should also take the opportunity to update or revise long-standing contractual agreements, like those with core system providers, when they come up for renewal.

Many institutions have lengthy contracts with their core technology providers, and with data security a preeminent concern, those renewals should be taken seriously.

“You have that moment of power when you haven’t signed an updated agreement that you can get some of these clauses put in there,” Morris says.

Fed Raises Red Flag in Wells Action


governance-4-17-18.pngIn February of this year, in response to widespread consumer abuses and breakdowns in compliance, the Board of Governors of the Federal Reserve System issued an unprecedented enforcement order against Wells Fargo & Co. that, among other things, requires Wells to submit to the Federal Reserve a written plan to enhance the effectiveness of its board of directors in carrying out its oversight and governance responsibilities, and further restricts Wells’ growth—an action that is typically only imposed on troubled institutions.

In the consent order, Wells agreed to fully cooperate with the Fed in further investigations as to whether separate enforcement actions should be taken against individuals involved in the conduct cited in the order. In connection with entering into the consent order, Wells agreed to replace four directors, three by April and the other by the end of 2018. In addition, on the same date, the Fed publicly released letters of reprimand that it issued to the board of directors of Wells as well as to the company’s past lead director and chairman. These types of supervisory letters usually remain confidential.

While the Federal Reserve’s action was clearly intended to address an egregious situation that involved a breakdown of Wells’ risk management system and resulted in widespread consumer abuses, bank board members and executive management should take note of its statements in the letters of reprimand as they relate to the responsibilities of a board and its leadership, particularly when they become aware of serious matters at the bank, whether related to misconduct, compliance, operations or other areas.

Here are the key governance and oversight considerations noted by the Federal Reserve.

Responsibility of the Board
In its letter of reprimand to the Wells board, the Fed noted that it was incumbent upon the board to “carefully evaluate” the company’s risk management capacity and “to oversee” the implementation by management of an adequate risk management framework for the entire company. The Federal Reserve found that the Wells board failed to take sufficient steps to ensure that the bank’s executive management team had established and was maintaining an effective risk management structure. It also found that reporting by management to the board lacked sufficient detail and failed to include concrete plans to address the serious consumer compliance issues Wells was facing.

The Federal Reserve also emphasized that it was the board’s responsibility to ensure that the company’s performance management and compensation programs were consistent with sound risk management objectives and complied with laws and regulations. The letter stated that the lack of effective oversight and control of compliance and operational risks were material factors in the substantial harm suffered by Wells customers.

Responsibility of the Board Chair
The letter of reprimand to former Chairman and CEO John Stumpf stated that it was the responsibility of the chairman “to ensure that business strategies approved by the board were consistent with the risk management capabilities” of Wells. It further noted that it was incumbent on the chairman to ensure that the full board had sufficient information to fulfill its responsibilities. The Federal Reserve found that Stumpf failed to take appropriate and timely action to address the compliance issues and improper conduct by Wells employees. Also noted were his actions in continuing to support those senior executives most responsible for the failures and in resisting attempts by other directors to hold the executives accountable.

Responsibility of the Lead Director
For financial institutions that have lead directors, the Fed’s letter of reprimand is insightful as to its view of the lead director’s role. The letter stated that former lead director Stephen Sanger “had a responsibility to lead other non-executive directors in forming and providing an independent view of the state of the firm and its management.” The letter noted the failure of the lead director to initiate any serious, robust investigation into the widespread consumer compliance issues that were raised as well as the failure to press management for more information or action after being made aware of the seriousness of the issues. The Fed also noted that Sanger did not perform in a manner consistent with the duties and responsibilities of the lead director that were set forth in Wells’ corporate governance guidelines.

Digitization Inside and Out of the Boardroom


digitization-4-16-18.pngAs global businesses and markets are caught in a seemingly perpetual cycle of disruption and adjustment, company leadership and directors are tasked with finding new, innovative ways of communicating and working with shareholders in an increasingly complex and fragmented landscape. This is even more important given the massive technological advancements within the last decade, which have not only shifted the ways in which companies operate, but the means in which businesses and investors convey and share information.

Recent advancements in technology have transformed everyday business processes through digitization, which, in turn, has made cybersecurity a top priority. Moreover, they have made the world a much more connected place, facilitating business at a faster pace than ever before. To help company leadership adjust, new technologies have been developed to help directors and leadership teams improve collaboration and workflow.

Digitization
Today’s boards are going paperless, and the reality has become indisputable: directors are turning away from printed documents in favor of digital information that is easy to share and accessible on mobile platforms, like board portals.

Through digitization, directors are now accustomed to heightened levels of speed and efficiency across all business processes. With board portals, corporate secretaries and meeting managers are able to streamline board book creation and tighten information security. The benefits to this technology are clear: easy access to digital meeting information with user-friendly tools for assigning tasks, approvals, consent votes and secure messaging.

We have also observed a growing trend driving increased global demand for board portal solutions: the need to collaborate and share confidential information and documents across internal and external teams in a highly secured environment. The C-suite executives who already use our board portal tools for director-level collaboration are now expanding that capability across their organizations, all through a single sign-on service.

Cybersecurity
As businesses shift to digital platforms, data security plays a much bigger role. Companies must closely scrutinize how sensitive information is handled due to the risk of breaches. Cyberattacks are common and can result in significant financial and reputational damage; cybercrime damage costs are expected to total $6 trillion annually by 2021, according to CSO. This makes it especially important for boards and company leadership to take a strategic approach to data protection. Information is being shared in more rapid and innovative formats, and the methods in which boards communicate with shareholders will need to prioritize safety along with accessibility.

Protecting sensitive information should be at the top of a company’s concerns. This is why solutions should comply with strict encryption standards, multi-factor authentication and a completely cloud-less data storage system. Companies can also leverage machine learning and artificial intelligence (AI) to navigate and secure large volumes of data. These technologies can monitor and detect network anomalies that signal potential attacks and prevent further access before data is compromised.

Globalization
Due to the digitization of communication channels, we are now able to connect and do business in seconds with people halfway across the world. As technology brings us closer together, it breaks barriers to information accessibility. This ease of information exchange has impacted investing by virtually removing any impediments that once stood in the way of certain markets.

Increased ease of access to information around the world means companies, and particularly company leadership, should ensure key information is digestible for all stakeholders. That’s why being equipped with full translation services for common languages can be advantageous.

Moreover, as globalization continues to facilitate business and investing opportunities, shareholder bases are broader and more diverse than ever before. With the rise of passive investing, companies lack a level of transparency that allows them to know who their stakeholders are. For this reason, it is necessary to take advantage of tools and technologies that provide actionable insights into passive investment data and provide a more comprehensive picture of shareholders.

Looking Ahead
As technology continues to augment the ways in which companies operate, boards need to keep pace, ensuring they are communicating with their shareholders in the most efficient and preferred methods possible.

Does Your Bank Have a Deposit Strategy?


strategy-1-22-18.pngMany banks lack a clear, written deposit strategy and funding plan. For the last several years, that’s been somewhat understandable. After all, deposits flowed into banks and have now reached historic highs, even though banks on average pay little or nothing in interest on the vast majority of those deposits.

Now that’s changing. Deposits are an increasingly important topic for bank boards. We are on the front end of an environment bankers have not seen in almost a decade. The Federal Reserve raised the fed funds target rate by 75 basis points last year, and three more rate increases are expected this year.

Banks already are seeing deposit competition heat up. Close to 64 percent of bankers said that deposit competition had increased in the last year, and 77 percent expected it to increase during the subsequent 12 months, according to Promontory Interfinancial Network’s Bank Executive Business Outlook Survey in the third quarter of 2017. Although in the past banks have had to compete in rising rate environments, we’ve never seen a point in history quite like this one, and it would be wise to assume rising rates will impact deposits, as well as your bank’s funding mix and profit margins.

There are a couple of reasons why the environment has changed. Historically, big banks ignored the rate wars for deposits, a game that was left to community banks. But this time, the new liquidity coverage ratio requirement that came out of the Basel III accords could encourage big banks to get more competitive on deposit rates. The ratio, finalized in the U.S. in 2014, requires banks with more than $250 billion in assets to keep a ratio of 100 percent high-quality liquid assets, such as Treasury bonds, relative to potentially volatile funds. Banks that move toward more retail deposits will have a lower expected level of volatile funds.

Also, banks have a majority of their deposits in liquid accounts while term deposits, such as CDs, are at historic lows. There’s no hard-and-fast rule to know how much of those non-term deposits will leave your bank as rates rise.

As the economy has improved, surging loan growth has put more pressure on the need to grow deposits. Loan-to-deposit ratios are rising, and as banks need to fund further growth, demand for deposits will rise. What this will do to competition for deposits and, therefore, deposit rates, is unclear. We have found that many banks aren’t raising rates on their loans, and the best borrowers can easily shop around to get the best rates. This will put pressure on margins if banks don’t raise rates on loans as interest rates rise.

Still another factor is that people have had a decade since the financial crisis to get comfortable with the benefits of online and mobile banking. Online banks, not incurring costs associated with physical branches, often offer higher interest rates on deposits than traditional banks.

One of the best ways to prepare for the changing environment is to make sure your bank has a written, well-prepared deposit strategy. We’re not talking about a 100-page document. In fact, the asset/liability committee (ALCO) of the bank may need a five- to 10-page report highlighting the rate environment, the bank’s deposit strategy, and alternative funding plans and projections. The bank’s full board may just need a three- to four-page summary of the bank’s deposit strategy, making sure that management is able to address key questions:

  1. Who are your bank’s top 10 competitors, and what are they doing with rates? What new products are they offering?
  2. How will the Federal Reserve’s expected moves in the coming year impact our rates, our margins and our annual net income?
  3. What is our bank’s strategy for contacting our largest depositors and determining their needs?
  4. What new deposit products do we plan to offer, and how will we offer them only to our best customers? Not all customers or deposits have equal value to the bank.
  5. What is our funding plan? In other words, what are our alternatives if we need deposits to grow, and what will they cost? This is perhaps the most difficult question to answer.

While it’s important not to be caught off guard in a rising-rate environment, rising rates can be a good thing for a bank with a solid deposit strategy in place. For the first time in a long time, the wind will be in the sails of bankers. They just need a plan for navigating the changing environment ahead.

How Can the Board Assess Corporate Culture



With several of the largest banks experiencing ethical scandals in recent years, Bank Director digital magazine set out to interview Terry Strange, the audit and compliance committee chair at BBVA Compass Bancshares, the $86.7 billion institution based in Houston. As a former vice chair and managing partner of the U.S. audit practice to KPMG, LLP, he is uniquely qualified to talk about how bank board members can assess the culture of their organization and look for red flags.

He discusses with Naomi Snyder, editor of Bank Director digital magazine:

  • The importance of integrity.
  • Red flags that you have an ethical problem.
  • What he would have asked Wells Fargo & Co. management.
This video first appeared in the Bank Director digital magazine.

The Three Critical Areas of Succession Planning


succession-9-4-17.pngLeaving is an inevitable part of life. Everybody ages and, whether by choice or by circumstance, we won’t forever be doing what we are doing today. This law is true for your bank as much as it is for yourself. It is essential to take steps now to prevent the inevitable transitions that are in the future. As individuals, we are constantly questioning whether we are prepared for the next stage of life. “Have I saved enough for retirement?” “Is my estate in order?” As directors, we need to be making similar plans for our bank’s future.

Succession planning can be broken down into three areas: management succession, board succession and ownership succession.

Management Succession
When succession planning is first addressed by a bank, typically management succession is what comes to mind. This naturally includes the chief executive officer’s position, but should also include other vital roles in the bank such as chief financial officer, chief operating officer and your bank’s senior lending officers.

Some banks are challenged when trying to start a formal succession plan: “Who should you include and how should you start?” Banks should start with the most predictable event possible, the eventual retirement of current executives. Not all current executives will necessarily know the exact date they plan to retire, but an age range of 65 to 67 is a good start. As far as whom to include in the plan, it is important to remember that it is not necessary to name a successor now. Identifying a small pool of potential successors is often sufficient. But what banks need to remember is that part of a successful succession plan is ensuring that the people in your plan are still at the bank when you need them. Many banks are incorporating executive benefit/BOLI plans that have golden handcuffs in order to retain all potential successors in the succession plan.

Knowing what you should plan for is always beneficial, but when designing a formal succession plan, banks need to address other contingencies besides the eventual retirement of the current management team. Death, disability and other unexpected events may create a critical situation for those banks that don’t have an emergency succession plan in addition to their long-term succession plan. Depending on the readiness of those involved, the person who takes over running the bank in case of an emergency may very well not be the same person who is the identified successor in the long-term plan.

Board Succession
One of the most challenging aspects of succession planning is board succession. Many banks have mandatory retirement ages typically ranging from age 70 to 75. If your bank does not currently have a mandatory retirement age, you can use nonqualified benefit plans to provide a benefit to those who you may require to retire at a specific age. This can facilitate their retirement from the board in a respectful and dignified way. You may also consider grandfathering the existing board members from a new policy you wish to implement. If that step is taken, the bank still needs to recruit young directors in preparation for the succession of the aging board. In the current regulatory environment, the role of the director is much more involved than in previous years. Often, the most successful banks have diversity on their boards, including various ages and backgrounds, to bring different perspectives regarding the strategic direction of the bank. One concept that seems to be successful for many of our clients is creating an advisory board made up of younger, successful, local business men and women to assist the bank in spreading its marketing footprint. They also typically provide great insight into the needs of the younger generation of bank customers. And many of them bring potentially profitable customers to the bank. As directors reach the mandatory retirement age, the board may recruit full-time directors from the advisory board, which makes for a much smoother transition.

Ownership Succession
Though many owners do not share their ownership succession plan with the rest of the board or key members of management, it is helpful to know how to plan for the succession of the bank. Utilizing nonqualified benefit plans for key management is beneficial in keeping the management team in place during the ownership succession of the bank.
Open communication is a key factor when considering all forms of succession planning. The more people are aware of the planning that banks are doing, the more comfortable both employees and customers will be during any portion of a transition of succession.

How a Board Can Become a Strategic Asset



Issues like cybersecurity, digital transformation and future business models now require the attention of not just management teams, but also bank boards. As directors engage more deeply in these issues, Bill Fisher of Diligent explains how they can enhance the effectiveness of the board to be a true strategic asset to the bank.

  • The Board’s Role as a Strategic Asset
  • Enhancing Board Effectiveness
  • Addressing Board Skills

Filling Fraud Detection Gaps



Investment in fraud detection can be a competitive advantage, especially as real-time payments initiatives create new opportunities—and threats—for financial institutions. Luis Rojas of Bottomline Technologies explains where and how to address gaps in fraud detection, and how bank boards should examine the true costs of fraud.

Outlooks for Payments Fraud

  • How Banks Should Address Fraud Gaps
  • Dealing with Legacy Systems
  • What Boards Need to Understand

When It Comes to Core Conversions, Look Before You Leap


core-conversion-7-13-17.pngChanging your bank’s core technology provider is one of the most important decisions that a bank board and management team can make, and even when things go smoothly it can be the source of great disruption. The undertaking can be particularly challenging for small banks that are already resource constrained since the conversion requires that all of the bank’s data be transferred from one vendor’s system to another’s, and even for a small institution that can add up to a lot of bits and bytes. Also, changing to another vendor’s core technology platform typically means adopting several of its ancillary products like branch teller and online and mobile banking systems, which further complicates the conversion process.

“It isn’t something to be taken lightly,” Quintin Sykes, a managing director at Scottsdale, Arizona-based consulting firm Cornerstone Advisors, says of the decision to switch core providers. “It is not something that should be driven by a single executive or the IT team or the operations team. Everybody has got to be on board as to why that change is occurring and what the benefits are…”

The Bank of Bennington, a $400 million asset mutual bank located in Bennington, Vermont, recently switched its core technology platform from Fiserv to Fidelity National Information Services, or FIS. President and Chief Executive Officer James Brown says that even successful conversions put an enormous strain on a bank’s staff.

“It’s not fun,” says Brown. “I have the advantage of having gone through two previous conversions in my career, one that was horrendous and one that was just horrible. [The core providers have] gotten better at it, but there’s no way to avoid the pain. There are going to be hiccups, things that no matter how you prepare are going to impact customers. There’s this turmoil, if you will, once you flip the switch, where everybody is trying to figure out how to do things and put out fires, but I will say [the conversation to FIS], in terms of how bad it could have been, was not bad at all.”

But even that conversion, while it went more smoothly than Brown’s previous experiences, put a lot of stress on the bank’s 60 employees. “There was a lot of overtime and a lot of management working different jobs to make sure our customers were taken care of,” he says.

Banks typically change their core providers for a couple of different reasons. If the bank has been executing an aggressive growth strategy, either organically or through an acquisition plan, it may simply have outgrown its current system. A lot of core providers can handle growth, particularly in the retail side of the bank, so that’s not usually the problem, Sykes says. Instead, the growth issue often comes down to the breadth of the bank’s product line and whether staying with its current core provider will allow it to expand its product set. When banks embark on a growth strategy, they don’t always consider whether their core data system can expand accordingly. “Usually they’re unable or just haven’t looked far enough ahead to realize they need it before they do,” Sykes explains. “The pain has set in by the time they reach a decision that they need to explore [switching to a new] core.”

Banks will also switch their core providers over price, especially of they have been with the same vendor through consecutive contracts and didn’t negotiate a lower price at renewal. “If any banker says price doesn’t have an impact on their decision, they’re not being honest,” says Stephen Heckard, a senior consultant at Louisville, Kentucky-based ProBank Austin.

Although the major core providers would no doubt argue differently, Heckard—who sold core systems for Fiserv for 12 years before becoming a consultant—says that each vendor has a platform that should meet any institution’s needs, and the deciding factor can be the difference in their respective cultures. And this speaks to a third common reason why banks will leave their core provider: unresolved service issues that leave the bank’s management team frustrated, angry and wanting to make a change.

“The smaller the bank, the more important the relationship is,” says Heckard. “When I talk about relationships, I’m also talking about emotions. They get played up in this. For a community bank of $500 million in assets, quite often if the vendor has stopped performing, there’s an emotional impact on the staff. And if the vendor is not servicing the customer’s needs in a holistic manner, and the relationship begins to degrade, then I do feel that eventually the technology that’s in place, while it may be solid, begins to break.”

Heckard says that core providers should understand their clients’ strategic objectives and business plans and be able to provide them with a roadmap on how their products and services can support their needs. “I don’t see that happening near enough,” he says. And if the service issues go unresolved long enough, the client may begin pulling back from the provider, almost like a disillusioned spouse in a failing marriage. “They may not be as actively attending user groups, national conferences and so forth,” Heckard says. “They don’t take advantage of all the training that’s available, so they become part of the problem too.”

Brown says that when Bank of Bennington’s service contract was coming up on its expiration date, his management team started working with Heckard to evaluate possible alternatives. “We needed to implement some technology upgrades,” he says. “We felt we were behind the curve. Something as simple as mobile banking, we didn’t have yet.” The management team ultimately chose FIS, with Brown citing customer service and cybersecurity as principal factors in the decision. The decision was less clear cut when it came to the actual technology, since each of the systems under consideration had their strengths and weaknesses. “I’m sure [the vendors] wouldn’t like to hear this but in a lot of ways a core is a core,” Brown says.

Heckard, who managed the request for proposal (RFP) process for Bennington, says that bank management teams should ask themselves three questions when choosing a new core provider. “The first one would be, have you exhausted every opportunity to remain with the present vendor?” he says. As a general rule, Heckard always includes the incumbent provider in the RFP process, and sometimes having the contract put out to bid can help resolve long-standing customer service issues. The second question would be, why was the new vendor selected? And the third question would be, how will the conversion restrict our activities over the next 18 months? For example, if the bank is considering an acquisition, or is pursuing an organic growth strategy, to what extent will the conversion interfere with those initiatives?

Heckard also covers the conversion process in every RFP “so that by the time the bank’s selection committee reads that document they know what’s ahead of them, they know the training requirements…they understand the impact on the bank.”

And sometimes a bank will decide at the 11th hour that a core conversion would place too much stain on its staff, and it ends up staying with its incumbent provider. Heckard recalls one bank that he worked with recently decided at the last moment not to switch, even though another vendor had put a very attractive financial offer on the table. “The president of the holding company told me, ‘Steve, we can’t do it. It’s just too much of an impact on our bank. We’ve got a main office remodel going on,’ and he went through about four other items,” Heckard says. “I thought, all of these were present before you started this. But sometimes they don’t realize that until they get involved in the process and understand the impact on their staff.”

Derivatives Education for Boards: Weighing the Whys Along With the Why Nots


swaps-7-12-17.pngWell-documented stories of speculators using derivative structures to gamble and lose their firms’ capital, along with Warren Buffett tagging them as “financial weapons of mass destruction” have made interest rate swaps a non-starter for many community banks. It seems that the preponderance of evidence against derivatives has led many community bank boards to view the issue as an open and shut case, rather than carefully considering all of the facts before passing judgment on these instruments. But questioning the four most common objections to swaps uncovers some overlooked truths that may motivate your board to take a fresh look at derivatives.

1. I know someone who lost money on a swap…but why?
Putting aside situations where derivatives were sold inappropriately, the claim, “I know a customer who got burned using a swap,’’ is simply the banker stating that the borrower utilized an interest rate swap to lock in borrowing costs. A borrower who chose the certainty offered by a swap over uncertain variable interest payments ultimately paid more because interest rates went down instead of up, and then stayed low. In reality, the borrower was burned by the falling rate environment while the interest rate swap performed exactly as advertised, providing known debt service, albeit higher than the prevailing rates. It looked like a bad deal only with 20-20 hindsight.

With the Federal Reserve now moving short-term rates higher while market yields remain close to historic lows, the odds begin to favor the borrower who uses a swap to hedge against rising rates. Whether or not the swap pays off, the certainty that it delivers becomes more attractive as rates become volatile and their future path remains uncertain.Federal-Funds-Rate.png

2. Regulators don’t want community banks using swaps…or do they?
When looking at the topic of interest rate risk, regulators began sounding alarm bells for banks in the years following the crisis on the premise that there was nowhere to go but up for rates. In a 2013 letter to constituents, the Federal Deposit Insurance Corp. (FDIC) re-emphasized the importance of prudent interest rate risk oversight and issued this warning:

“Boards of directors and management are strongly encouraged to analyze exposure to interest rate volatility and take action as necessary to mitigate potential financial risk.”

When it came to outlining mitigation strategies in this letter, rather than banning derivatives as intrinsically risky, the FDIC specifically mentioned hedging as a viable option. They did, however, sound a note of caution:

“…institutions should not undertake derivative-based hedging unless the board of directors and senior management fully understand these instruments and their potential risks [emphasis our own].”

Compared with other risk management tactics, derivatives offer superior agility and capital efficiency along with new avenues to reduce funding costs. Accordingly, it may behoove banks to heed the FDIC’s exhortation and implement derivatives education for directors and senior management.

3. My peers don’t use swaps…why should I?Swaps.PNG

If you are not hedging with swaps and your total assets are between $500 million and $1 billion then you are in good company; seven out of eight banks your size have also avoided their use. But if your growth plans anticipate crossing the $1 billion asset level, more than one in four of your new peers will be using swaps. Once you cross the $2 billion mark more than half of your peers will be managing interest rate risk with derivatives, while institutions not using swaps become a shrinking minority. For the many institutions serving small communities and not expecting to cross the $500 million asset level in the foreseeable future, derivatives are not typically a viable solution. But if your growth will soon push you into a new group of peers with more than $2 billion in assets on the balance sheet, then having interest rate swaps in the risk management tool kit will become the norm among your competitors.

4. Our board doesn’t need derivatives education…or do we?
After digging below the surface we learn that most of the instances where derivatives left a bad aftertaste were caused by an unexpected drop in rates rather than a product flaw. We also learn that in urging banks to take action to mitigate interest rate risk, the regulators are not anti-derivative per se; they simply lay out the reasonable expectation that the board and senior management must fully understand the strategy before executing. Taking the time to educate your board on the true risks as well as the many benefits provided by interest rate hedging products may help to distinguish them as powerful tools rather than dangerous weapons.