The “But” in the Conversation Among Bank Boards, CEOs


strategy-9-13-18.pngJamie Dimon, CEO of JPMorgan Chase & Co., has now been infamously linked to his declaration that the “golden age of banking” is upon us, though bankers and directors often follow that celebratory tone with a caveat, whether they’re speaking about technology, growth or governance topics.

This dynamic became clear at Bank Director’s 2018 Bank Board Training Forum, held Sept. 10-11 at the Four Seasons Hotel Chicago, where nearly 200 directors, chairmen, lead directors and chief executives discussed how the favorable economy has also added pressure and challenge in a range of areas on the priority lists for bank boards, including governance, technology, risk and, of course, growth.

It is clear that a strong economy has kicked earnings into high gear, which draws headlines when buybacks or 30-percent growth in earnings per share is announced on quarterly earnings calls. But at the same time, transition and new challenges are presenting themselves in front of bank leaders regardless of size, location or whether the company is public or private. The industry is shifting, and so does the conversation when bankers and directors discuss anything from growth strategies to technology.

Banks must embrace and leverage the capability of technological advancements, but…
The cost and risk associated with such integrations are, and will remain, a challenge.

In a closing panel of three successful chief executive officers, Scott Dueser, CEO of First Financial Bankshares in Abilene, Texas, Dorothy Savarese, CEO of The Cape Cod Five Cents Savings Bank in Southeastern Massachusetts, and Dave Mansfield, CEO of The Provident Bank in Amesbury, Massachusetts, all said cybersecurity and technological improvements are top-of-mind for their companies, but finding a balance between convenience and value are challenging.

“We’re using technology to enhance—take away the menial tasks. We have to deliver value. We’re not going to do that with just technology,” Mansfield says.

Fintech disruption will continue, but…
“This is not a time to be scared,” says Ed Kelley, vice president of sales for TransCard Payments, LLC, who, along with Ahron Oddman, area vice president at nCino, Inc., billed themselves as “the face of fintech” to the audience.

Payments and small-business lending, which Oddman discussed, highlight two areas where the agility of fintechs enables them to attract more business. Kelley noted that while a challenge, “there’s also a good bit of opportunity” to partner with fintechs to be competitive.

“In order to be competitive, you have to spend money. And in order to spend money, you have to be competitive,” Kelley says, noting the paradox.

Competition among community banks is intense, but…
It’s not seen as coming from the major financial institutions despite their ability to attract low-cost deposits.

Most bankers suggest their competition remains other community banks, credit unions and fintechs, not the largest institutions. Joe Bower, CEO of CNB Bank, a $3 billion bank based in Clearfield, Pennsylvania, says those large institutions “are actually really good for us,” because they often have little interest in the tier of commercial customers a bank similar to his would have, and instead are interested in large-scale commercial real estate clients.

Regulations are beginning to relax, but…
The pressure on sound governance is increasing, both in oversight of bank management and internal governance.

Board refreshment is drawing greater scrutiny as the average age of directors is increasing, according to Alan Kaplan, founder and CEO of Kaplan Partners, a sign that refreshment and diversity remain tough topics for many boards.

A show of hands among attendees indicated that while evaluation is consistent, peer evaluation is less common, though proxy advisory firms like ISS and Glass Lewis are ramping up pressure on boards to evaluate their performance with greater frequency.

Regulators are also placing greater scrutiny on board oversight, highlighted by “direct finger pointing” at the board of Wells Fargo & Co. by the Federal Reserve and legal actions against loan committees in the wake of the financial crisis.

M&A is increasing in number and “red hot,” but…
Traditionally hot metropolitan markets are becoming scarcer in terms of potential targets, and some banks are considering alternatives to traditional deals.

Jonathan Hightower, an M&A attorney in Atlanta with Bryan Cave, points to WSFS Financial Corp.’s $1.5-billion deal to acquire Beneficial Bancorp Inc., which will result in the new $13 billion bank pouring investments into technology.

Despite an active market, Hightower says boards should carefully vet any potential deal, because “if it doesn’t offer opportunity for growth, what’s the point.” Hightower also notes that banks should consider alternative growth strategies, like an initial public offering, that can provide a different path to raise large amounts of capital.

The financial crisis is firmly in the rearview mirror, and the industry is the healthiest it has been in almost a generation by many metrics. But that should not stop banks from planning for the next downturn, or how they can maintain a competitive advantage against their peers.

“This is the way we compete, we think about these things futuristically,” said Jennifer Burke, a partner with Crowe LLC.

What Your Bank Needs to Know About Data


board-9-12-18.pngBanks executives and directors of all sizes are or should be continually discussing and crafting strategic initiatives for the future of the institution. Today’s competitive ecosystem that’s rooted in continually evolving technological developments and uses of data has made it essential for bank leaders to continually adapt.

From the top of the company to the most basic product and talent level, banks are building strategies to maintain competitive positions using these different kinds of data assets. But with any new or developing strategy, there is a potential for added cost and risk that could negatively affect the bank.


efficiency-7-18-18-tb.pngThinking Beyond The Efficiency Ratio
The ratio of operating expenses to operating revenue has long been a metric by which banks track performance. But there’s much more to accurately and effectively evaluating the performance of your bank and improving efficiency, and management should be exploring further to truly assess opportunities to improve.

agenda-9-12-18-tb.pngWhy Data Should Be On Your Board’s Agenda
More and more executives have come to realize that data management needs to be a priority and not a back-office function for a select group within the organization. Almost everything in the company can be tracked or monitored with data, and it can lead to long term efficiencies.

strategy-9-12-18-tb.pngFive Steps to a Data-Driven Competitive Strategy
There’s no mistaking that leveraging the right data the right way should be a key component of any bank’s strategic planning. Assessing and evaluating your bank’s practices with data can enable you to deliver improvements and advantages for both the bank and its customers.

survey-9-12-18-tb.png2018 Branch Benchmarking Survey
As traffic in branches continues to decrease and as possible changes to the Community Reinvestment Act are discussed by regulators, bankers are continually trying to craft optimal branch strategies. In Crowe’s latest research, we review data from 457 branches around the country to find trends in branch operations and performance.

consumer-9-12-18-tb.pngFive Ways to Measure Success in Consumer Channels
Amazon is able to not only monitor consumer preferences, but deliver aligned products to deepen and extend the relationship with those consumers. If retailers like Amazon can achieve that with its data, banks should be able to deliver a similar experience for consumers as well. Banks must take an objective look at performance across their consumer channels to prepare to compete.

2018 Technology Survey: Enhancing Board Know-How


tech-survey-8-27-18.pngTechnology and strategy are inextricably linked in today’s evolving digital economy. Unfortunately, bank boards—tasked with the oversight of the bank, including its long-term performance in a changing competitive environment—continue to struggle to wrap their hands around technological change and its implications. Seventy-nine percent of directors and executives say their board needs to enhance its level of technological expertise, according to the 2018 Technology Survey, sponsored by CDW.

Sixty-three percent indicate the board should better understand how to tie technology to bank strategy, and 60 percent say the board should better understand how the bank should invest in technology—a key concern, given rising budgets and an increasing number of technology vendors working with banks.

But the survey also indicates that directors have made strides in their focus on technology, both personally and as a board. Half say the board focuses on technology at every board meeting, up from 42 percent two years ago.

And the directors and executives participating in the survey indicate that they’re better users of their bank’s technology. More than three-quarters say they personally use their bank’s mobile and online channels, compared to 51 percent three years ago. With the onus on banks to enhance customers’ digital experience in the age of Amazon, a better understanding of digital through personal experience can only serve to improve these banks’ strategic direction.

The 2018 Technology Survey is comprised of the responses of 161 directors, chief executive officers, high-level technology executives and other senior executives at banks above $250 million in assets.

Additional Findings:

  • Sixty-five percent believe their bank has the products, services and delivery methods to meet the needs and demands of today’s customers.
  • Eighty-three percent say improving the user experience on digital channels is a goal for their bank over the next two years, followed by improving account onboarding (73 percent) and adding more features to the bank’s mobile app (71 percent).
  • Despite the buzz around Amazon’s Alexa, just 21 percent say integrating with that or a similar external platform is a near-term goal.
  • Forty-five percent say they plan to add more branches that will be smaller in size. Thirty-seven percent plan no changes to their bank’s branch footprint. More than half plan to update technology used in branches over the next two years, and 47 percent plan to add more technology in the branch. One-third plan to upgrade ATMs.
  • At least half of respondents indicate a need for significant improvement in their bank’s use of data analytics and business process automation.
  • Sixty percent indicate their bank has been increasing the number of staff focused on technology and innovation, and 55 percent have a high-level executive focused on innovation.
  • Sixty percent say their management team and board are open to working with newer technology startups. The typical bank, according to the survey, works with a median of seven technology vendors, including its core processor.
  • Sixty-one percent say their board has brought in relevant bank staff to better educate itself about technology. Twenty-nine percent have a board-level technology committee that regularly presents to the board.
  • Cybersecurity remains the top issue focused on by the board, at 93 percent.

To view the full results to the survey, click here.

The Three C’s of Compliance



Compliance doesn’t have to be the department of ‘no:’ It can be a benefit, rather than a burden. Barbara Boccia of Wolters Kluwer explains the three C’s that drive a culture of compliance and describes how to integrate these factors within the organization.

  • Turning Compliance Into a Competitive Advantage
  • Key Factors That Drive Compliance Culture
  • Elevating Compliance as a Strategic Asset

Considering Fintech Partnerships? Don’t Forget the Fundamentals


fintech-4-30-18.pngAs the benefits of partnerships between banks and financial technology (fintech) organizations have become more evident, bankers’ fears of being displaced by the wave of fintech startups have cooled.

Increasingly, bankers see that taking on a fintech partner can enable them to offer new products and services, develop new delivery models, and enhance the efficiency and effectiveness of back-office functions.

And yet, despite the growing awareness of the value of these partnerships, dispositional mismatches between banks and fintech companies have caused banks to struggle to make these partnerships work.

One of the most common sources of discord is in the area of risk management. Bank risk and compliance professionals are wired to mitigate risk rather than to manage it. The urge to shelter banks from risk through traditional risk and compliance practices, however, can dampen the innovation that is at the core of fintech’s appeal.

Banks aiming to get more out of these partnerships should review and hone their operations, aligning business goals and risk management goals across strategy, culture and information sharing.

Strategy Trumps Granular Problem-solving
Fintech companies and banks entering into partnership agreements often fail to effectively think through and communicate about their individual corporate strategies and how the partnership fits in.

Banks might approach a partnership with a problem they would like the fintech company to solve, without clearly defining how the partnership fits into their overall business strategy.

An important first step for banks is to think of a fintech engagement as a true partnership, rather than a vendor relationship.

The two organizations should sit down together to collectively identify the objectives and goals of each organization and how the partnership can advance those goals.

Going further, both organizations should establish boundaries around what they are willing to do to achieve their objectives, what resources will be made available to deal with challenges, and what will trigger the escalation of an issue to executives’ attention.

Ultimately, the purpose of the partnership must be clearly tied to the broader strategy of each organization, and at the outset, the partners should establish a process to ensure that purpose and strategy will remain aligned.

Meet at Cultural Crossroads
Fintech companies and banks often experience a culture clash at the outset of a partnership. The more traditional culture of a bank can seem starkly different from that of an innovative and fast-moving fintech company, particularly in the area of risk tolerance. While banks often view any loss adversely, fintech companies are much more comfortable with the idea of taking a small loss in the spirit of innovation and learning.

This question of culture fit rarely is considered in the traditional vendor management process. But finding a way to align the two, often disparate, cultures is critical in forging a successful partnership.

Both parties should evaluate prospective partners’ values at the outset. Once a partnership is formed, the parties should establish a set of principles that define practices and policies that are deemed acceptable on both sides. This set of principles should be viewed not as rules per se, but as broad guidelines.

Another important aspect of culture is how both organizations treat failure. Rather than taking a punitive approach to all failures, banks should be open to the idea that some failures can be positive if they advance innovation.

Information Sharing
Fintech companies sometimes are hesitant to share their data, either because they consider it proprietary or because they simply do not know what data banks want. On the other hand, banks, particularly in light of privacy regulations, might be hesitant to share information that does not directly affect the partner relationship.

Both parties should work to overcome barriers to information sharing, as the degree of transparency in a partnership is directly related to its success. With more data, partners can better assess performance and identify unforeseen compliance risks that emerge.

As in the case of strategy and culture considerations, expectations defining the process and extent of data sharing should be set up front. Banks should consider what information they can provide to fintech partners that might not be directly related to the product – but which might help grow the strategy or solution.

Competitive Advantage Through Thoughtful Partnerships
By establishing some basic principles around strategy, culture, and information sharing, bank executives can make better decisions as they enter into partnerships with fintech companies. Poor execution on fundamentals should not be allowed to hamper the successful execution and growth of these partnerships.

Does Your Bank Have a Deposit Strategy?


strategy-1-22-18.pngMany banks lack a clear, written deposit strategy and funding plan. For the last several years, that’s been somewhat understandable. After all, deposits flowed into banks and have now reached historic highs, even though banks on average pay little or nothing in interest on the vast majority of those deposits.

Now that’s changing. Deposits are an increasingly important topic for bank boards. We are on the front end of an environment bankers have not seen in almost a decade. The Federal Reserve raised the fed funds target rate by 75 basis points last year, and three more rate increases are expected this year.

Banks already are seeing deposit competition heat up. Close to 64 percent of bankers said that deposit competition had increased in the last year, and 77 percent expected it to increase during the subsequent 12 months, according to Promontory Interfinancial Network’s Bank Executive Business Outlook Survey in the third quarter of 2017. Although in the past banks have had to compete in rising rate environments, we’ve never seen a point in history quite like this one, and it would be wise to assume rising rates will impact deposits, as well as your bank’s funding mix and profit margins.

There are a couple of reasons why the environment has changed. Historically, big banks ignored the rate wars for deposits, a game that was left to community banks. But this time, the new liquidity coverage ratio requirement that came out of the Basel III accords could encourage big banks to get more competitive on deposit rates. The ratio, finalized in the U.S. in 2014, requires banks with more than $250 billion in assets to keep a ratio of 100 percent high-quality liquid assets, such as Treasury bonds, relative to potentially volatile funds. Banks that move toward more retail deposits will have a lower expected level of volatile funds.

Also, banks have a majority of their deposits in liquid accounts while term deposits, such as CDs, are at historic lows. There’s no hard-and-fast rule to know how much of those non-term deposits will leave your bank as rates rise.

As the economy has improved, surging loan growth has put more pressure on the need to grow deposits. Loan-to-deposit ratios are rising, and as banks need to fund further growth, demand for deposits will rise. What this will do to competition for deposits and, therefore, deposit rates, is unclear. We have found that many banks aren’t raising rates on their loans, and the best borrowers can easily shop around to get the best rates. This will put pressure on margins if banks don’t raise rates on loans as interest rates rise.

Still another factor is that people have had a decade since the financial crisis to get comfortable with the benefits of online and mobile banking. Online banks, not incurring costs associated with physical branches, often offer higher interest rates on deposits than traditional banks.

One of the best ways to prepare for the changing environment is to make sure your bank has a written, well-prepared deposit strategy. We’re not talking about a 100-page document. In fact, the asset/liability committee (ALCO) of the bank may need a five- to 10-page report highlighting the rate environment, the bank’s deposit strategy, and alternative funding plans and projections. The bank’s full board may just need a three- to four-page summary of the bank’s deposit strategy, making sure that management is able to address key questions:

  1. Who are your bank’s top 10 competitors, and what are they doing with rates? What new products are they offering?
  2. How will the Federal Reserve’s expected moves in the coming year impact our rates, our margins and our annual net income?
  3. What is our bank’s strategy for contacting our largest depositors and determining their needs?
  4. What new deposit products do we plan to offer, and how will we offer them only to our best customers? Not all customers or deposits have equal value to the bank.
  5. What is our funding plan? In other words, what are our alternatives if we need deposits to grow, and what will they cost? This is perhaps the most difficult question to answer.

While it’s important not to be caught off guard in a rising-rate environment, rising rates can be a good thing for a bank with a solid deposit strategy in place. For the first time in a long time, the wind will be in the sails of bankers. They just need a plan for navigating the changing environment ahead.

Seven Secrets of Succession Success


succession-1-19-18.pngOne of a bank board’s most vital responsibilities is overseeing the plan of succession for the CEO. Whether driven by a looming retirement or change in the incumbent’s personal timeline, a well-orchestrated plan of succession and leadership continuity reassures employees, investors and communities. Unfortunately, too many bank boards still take a passive approach to CEO succession, rather than acknowledging that as directors, they are responsible for the selection and ongoing evaluation of CEO performance.

Good succession planning for any executive role starts with understanding the potential succession timeline and the bank’s strategy. These seven steps will help to guide the board and incumbent CEO in developing a solid succession plan.

  1. Understand the succession timeline. What is the intended horizon for the incumbent leader to remain at the helm? This timeline is often fluid, which can create a challenge for the board. It is natural for many healthy CEOs to struggle with stepping out of a role that has been so closely tied to their personal identity. Yet, boards must insist on some understanding of the timing in order to maximize the development of potential internal contenders and to avoid frustrating executives who are waiting in the wings.
  2. Strategy informs profile. One of the most critical elements of planning for CEO succession is the bank’s strategic plan. The direction of the bank going forward should help to clarify the skills and attributes required in the bank’s next leader. Given the massive transformation of the industry over the past decade, the old maxim—what got you here may not get you there—may truly apply. Directors need to align around the bank’s strategy to develop a profile for the bank’s next CEO.
  3. Identify key skills. There are countless technical and industry skills needed in a bank leader today—so many, in fact, that it is virtually impossible to find an executive with all of the ideal requisite experiences. So, prioritize the specific banking skills that the bank must have versus those the board would like to have. Key experiences such as commercial credit skills, regulatory experience, balance sheet management, board experience and risk management are often considered critical to success as a bank CEO today.
  4. Determine critical attributes. What are the most important elements of a potential leader’s personal style and leadership philosophy that are necessary at this time for the institution? For example, most community banks see a CEO’s community presence and visibility as critical for success, as well as creating and achieving a strategic vision. Strong communication skills, cultural agility and the ability to attract top talent also rank high these days.
  5. Develop a process. Successful succession at the CEO and other executive levels involves a robust and thoughtful process, not just putting together a list of who the board knows or who the incumbent leader suggests. Boards today not only need to select a superior executive as their next leader, but are often called upon to defend their decision—and how they made it—to investors, customers and their communities. This does not mean that an external or formal search is always warranted, but it does mean that there needs to be a genuine effort to source, screen, assess and validate serious contenders, which ultimately adds credibility to the board and the selected leader.
  6. Make your bank attractive to star talent. Despite the declining number of banks in the country today, the crop of qualified bankers available to fill the growing ranks of retiring CEOs is not deep enough. Thus, the market is competitive for top bankers, and relocating someone to a new and potentially smaller market remains a challenge. Star bankers will ask tough questions of the board and will want to understand the bank’s strategy, as well as the level of support, engagement and strategic value they can expect from the bank’s directors.
  7. Prepare for an emergency. As most boards know, the bank should plan for the best and prepare for the worst. Reviewing and updating the bank’s emergency succession plan on a regular basis is a must for good governance and regulatory satisfaction. There have been too many instances where this backup plan has been called into action. Having a scenario ready to keep the train on the tracks during an unexpected situation is critical to keeping the institution moving forward.

There is no greater responsibility for a bank’s board of directors than ensuring that the organization has the right leader in place. While there are many important elements to successful CEO succession, the most important point is to maintain the topic of leadership succession as a regular and ongoing board-level discussion.

Improving Governance By Using Board Portals


board-portal-12-11-17.pngIf you counted the minutes in a day that you save because of technology, it would add up to quite a bit. With so many issues confronting financial boards, adequate time for strategic planning is a valuable commodity, so time is exactly what busy board members of financial institutions need.

Changes in the economy and the financial markets have complicated matters for boards of all sizes. Larger banks and conglomerates are finding it difficult to adapt to increasing regulations. Community banks are finding it harder to compete with larger banks. At the same time, financial institutions are finding it difficult to provide the level of technology that their customers want and need, in addition to other significant strategic issues.

Board portals help directors focus more of their time on strategic decisions. These portals have all of the features that directors need, and ensure that the information they need is available to them wherever they are, while also remaining secure.

Preparing board handbooks manually with paper copies and binders places a huge burden on the board secretary. Every time a board meeting approaches, the secretary spends countless hours copying and collating documents, and filing them into the proper sections of the handbook. Updating a board portal requires some work on the part of board secretaries, but they only have to upload a document one time. And secretaries can limit access to certain documents only to the people who need to view them.

In addition to the time savings, board portals provide material and environmental savings. Financial institutions save the cost of reams of copy paper, other office supplies and the labor to assemble board books. The savings can net banks upwards of $1,100 per board meeting. Board portals are environmentally friendly as well. Banks and credit unions contribute less paper to the landfills, and they expend less electricity to produce it. According to a recent analysis by Diligent, boards of banks and credit unions can save up to $10,000 a year by using a board portal.

Board Portals Provide Mobility and Improve Security
There’s nothing worse than the panic that a director of a bank feels in learning that an important piece of paper is missing from the board book. This could happen easily enough with busy board members who travel often for business and pleasure as they juggle suitcases and briefcases in cars and on airplanes. Board portals let busy directors access their board documents with ease on any electronic device, including laptops, tablets and phones. Directors no longer need to lug heavy board books through busy airports and risk valuable information getting into the wrong hands. Most board portals have a double authentication process with a user ID, password and scrambled PIN code, so even if an electronic device gets lost or stolen, sensitive board information remains safe and secure.

Choosing a Board Portal
While board portals are generally intuitive and user-friendly, some directors who are not adept at technology may find that they have a learning curve. But most board directors adapt quickly with a little training and experimentation.
Board portals for banks are a single tool that stores meeting materials, communications, bylaws, archived documents and more in neatly arranged files. Many of the features that board portals provide are of great use to directors, particularly board rosters, board biographies, electronic surveys, voting history and shared notations. Many portals also have a built-in time tracker, so directors know how much time they are spending on board business. This feature can help boards evaluate whether directors are dedicating enough time to board service to comply with proper governance principles. Once they get used to the tool, board members appreciate the ease of posting news items, linking documents, sharing agenda items and calendars, and using the chat and email features. Premium products may also include offline capability, which is an important feature for many bank board directors.

Look for a board portal product that is easy to use and that has knowledgeable customer service support that is available around the clock. As with most products that consumers buy, less expensive board portals aren’t necessarily the best value. Board directors will spend a significant amount of time on the portal, so it’s best to conduct a thorough review of the features, usability, speed and functionality before investing in a portal. The right board portal will do all that you need it to do and more.

When Disaster Strikes, You Better Have a Plan


strategy-9-14-17.png

Hurricanes Harvey and Irma, which struck different locations on the U.S. coastline in August and September, were a tragic reminder that we live in an uncertain world, and natural disasters can cause widespread devastation. The individuals who have been directly affected will always be the first concern, but it’s equally important that businesses and government agencies be able to rebound quickly after a widespread disaster because their ability to function effectively is vital to the recovery of the communities they serve.

Every bank needs a business continuity management plan that the senior executive team and board of directors can activate in the event of a disaster like Harvey or Irma. The plan should be reviewed and tested annually, and updated as needed, suggests Christopher Wilkinson, a principal in Crowe Horwath’s Technology Risk Consulting Group who oversees business continuity planning and penetration assessments for the firm’s cybersecurity team. A common mistake that many organizations make is to see business continuity planning as purely an IT issue, when in fact it is much broader than that. “It’s important to make sure that you focus, first and foremost, on business continuity as a business issue and not just as an IT issue,” he says. In an interview with Bank Director Editor in Chief Jack Milligan, Wilkinson talks about the basic elements of a sound business continuity management program.

BD: What are the primary elements of a good plan?
Wilkinson: When you take a look at business continuity management (BCM) programs, there are four key components. The first component starts with a business impact analysis (BIA). Organizations used to look at business continuity as an IT problem when in fact it really is a business issue. IT is a big component of restoring business operations, but business continuity as a whole is not just an IT problem. A lot of organizations have made the shift to say, “When an event happens, I don’t necessarily want to restore [just] my payroll application. I want to make sure that the process of paying my individuals is restored in full.” And the BIA builds the requirements for each one of the organization’s critical business processes.

One of the biggest components, or variables, that is set during the business impact analysis is the recovery time objective, or RTO. This tells an organization how long a specific business process like HR or payroll can be placed on the back burner before it significantly impacts the organization.

You can look at the impact from a variety of different perspectives. The obvious one would be the financial impact to the organization, but there are others, like the ability to attract new customers or the impact on servicing existing customers. There are a variety of factors that you want to measure the impact of for each business process to determine the overall impact on the organization.

The second important variable in BCM is the recovery point objective, or RPO. This one is a little bit more difficult, but what this variable tells us is, if I had to go to a snapshot of data in the past for some of the systems associated with a business process, how far back could I go? Depending on how dynamic the data is, are we talking minutes, hours or days?

Disaster recovery is an IT issue, and basically what it tells the organization is, “How do I strategically prepare my critical applications to meet the RTO and RPO expectations from the process owners?”

For example, when you talk about RTO, do I have a system designed in such a way with data backups and system redundancy, and the ability to recover that system within the required recovery time objective that the business has given me? So in essence, it’s giving you a service-level agreement, or an SLA, for each and every one of your applications. It tells the IT department, “Here’s how long I can go without this system. Now it’s your job to make sure that system is positioned strategically to meet expectations.”

The third component of a BCM program is the business continuity plan. This is, once again, a business issue. When we document business continuity plans for organizations, one of the things that we’re doing is making sure that certain processes can still be performed in the event of a disaster. If it’s payroll, for example, what can I prepare beforehand to ensure that I can pay employees given the absence of either the systems, the people, or the resources and facilities that are available?

The fourth component of BCM is testing. Are we doing our tabletop testing? Are we getting the right people in a room and walking through disaster scenarios on an annual basis? Are we testing the business side and the business continuity plan? Are we testing the disaster recovery plan, and the ability for IT to recover both the systems and the data that support the business function?

BD: What mistakes do companies, including banks, typically make in their business continuity planning?
Wilkinson: That is a great question. I think one of the more common mistakes that I mentioned earlier is looking at business continuity as an IT issue, instead of as a business issue.

If we’re dealing with payroll and HR as an example, I very likely could recover the payroll application. But there may be other dependencies within the payroll process that aren’t up and running that aren’t IT related.

So it’s important to make sure that you focus, first and foremost, on business continuity as a business issue and not just as an IT issue.

Another mistake is that some of the smaller banks under $10 billion in assets haven’t done a business continuity risk assessment, where you’re prioritizing your threat based upon the company profile. That could be geographic location, which is probably one of the largest factors for banks. As you can imagine, if I’m a bank in the Florida Keys, I’ll have much different concerns with regards to the types of events or threats that may impact me than a bank in the Midwest.

So I need to make sure that I take a look at those threats, and then take a look at the controls that are in place from a business continuity perspective. Look at the most effective controls that are required for each one of those types of events, and then put those in place, and make sure that they’re effective.

BD: Do banks have any special issues when it comes to business continuity?
Wilkinson: Banks are probably a little less challenging than other kinds of organizations. If you think about manufacturing and distribution, you have to worry about supply chain management. The Japanese tsunami in 2011 was a great example of that; it disrupted the supply chain for folks in many industries. It became quite a challenge to be able to find some of the parts and raw materials that companies needed, especially if they were coming from Japan.

Probably the most challenging aspect within the banking world is the number of branches they have and their geographic distribution. Banks need to review their facilities and understand where the critical business processes lie within each one of those facilities, and then strategically design a business continuity plan for each one of those facilities, based upon their geographic footprint. That is probably the most challenging thing that bankers face that other industries may not.

BD: Are there other risks that banks need to worry about from a business continuity standpoint that don’t necessarily relate directly to some kind of natural disaster?
Wilkinson: There absolutely is. And that’s why when we talk about more mature organizations and their business continuity management program, what we’re starting to see is the convergence of the business continuity management program and the crisis management plan.

Having a crisis management playbook and a communication strategy for things like an active shooter scenario are starting to converge with business continuity management. The primary area where we see overlap is the management structure that’s going to be leading that organization through one of those events. They are very different situations if you think about a tornado versus an active shooter. But the overall management structure, and who’s leading the organization and making key decisions and putting out public communication—that’s where the primary overlap is for those two different kinds of events. In the past, we’ve looked at them as two different programs. More mature organizations are starting to converge those two into one larger program that speaks to business resiliency.

BD: Any last points you want to make before we close this out?
Wilkinson: Today we are a very mobile workforce. How am I to use that mobility strategically to assist my business continuity program?

One of the ways that organizations can take advantage of this mobility is if they have a laptop refresh program. Let’s assume that a certain number of bank employees carry laptops, and those laptops get refreshed on an annual, biannual or every-three-year basis. If you’re not leasing those laptops and you own them, it’s a good opportunity to take those laptops, put them in a secure location and leverage them in case something does happen. It’s a lot easier to pull out 15- or 20-year-old laptops that already have a lot of the software and systems I need loaded on them than it is for me to create new systems from scratch.

Number two, when we see banks or organizations connecting their business continuity programs, in the unfortunate case where there is an event, communication is key. There are a lot of different systems out there that allow me to communicate with my employees and my customers. Pricing varies between the different products that are available, but the ability to send text messages—especially because typically that’s one of the last things that ultimately will go down from an infrastructure perspective in terms of the amount of data that’s used across networks—is changing the way that we as practitioners implement our plans.

How a Board Can Become a Strategic Asset



Issues like cybersecurity, digital transformation and future business models now require the attention of not just management teams, but also bank boards. As directors engage more deeply in these issues, Bill Fisher of Diligent explains how they can enhance the effectiveness of the board to be a true strategic asset to the bank.

  • The Board’s Role as a Strategic Asset
  • Enhancing Board Effectiveness
  • Addressing Board Skills