Improving Workflow Saves Time and Money


workflow.png

Progressive banks add new features and functionalities on a regular basis. Most can attest to a long technology wish list, but bankers and their technology partners must be careful not to lose sight of what’s most important: the employee and customer experience. The multitude of disparate departments, systems and protocols that drive banks can be intricately interwoven and inherently inefficient. Standard workflows can involve the shuffling of paper and manual data entry, passing responsibility back and forth between numerous divisions with a general lack of ownership that creates longer turnaround and service times.

In an environment where bankers are regularly challenged to do more with less, improving workflows can be a goldmine for process efficiencies, regaining resources and creating an optimal user experience. Too often, banks just continue to hire staff to run redundant, menial processes, which only serves to put a band aid on the problem while still absorbing an inordinate amount of time and resources. The problem compounds as banks grow larger in size and are faced with scaling and combining already burdensome procedures.

Banks and vendors alike must consider new approaches to how they’ve done things in the past and address these inefficiencies. Most procedures that involve multiple steps, departments and systems can be streamlined into a simpler, expedited process. Think about the implications here: streamlining and automating the viewing, refiling, printing and indexing of documents for a bank with approximately 40,000 actions each month would save employees dozens of work hours a month, translating into tens of thousands of dollars in annual cost savings.

There are many practices banks can easily adapt for efficiency gains. The first step is to evaluate current processes with a careful eye for redundancies and bottlenecks. You can’t fix what you don’t know is broken, so begin by identifying the problems and determining their cause. During this step, it’s important to consult employees from all areas of the bank to gain sight of the bigger picture.

Next, prioritize where to focus first. Starting with a few targeted projects will give you a firm understanding of how to create and implement proper workflows, straightening out any kinks and asking any questions before tackling larger and more numerous projects. Workflows can be applied to nearly every area of banking, so it’s important to have a strategy in place or it may become overwhelming.

The Bank of Missouri, headquartered in Perryville, Missouri, recently teamed with Jack Henry Banking, its core technology provider, to transform its internal processes with a workflow solution. The bank recently surpassed $1.3 billion in assets in just six years through both acquisitions and organic growth. Its branch infrastructure also increased from 13 to 23 (soon to be 26) locations. This growth and merger of cultures came with some inevitable growing pains, most notably the need to standardize processes and optimize efficiency.

The Bank of Missouri worked closely with Jack Henry to automate arduous multi-step processes, both internal and customer facing. Its goal was to significantly improve its efficiency ratio and make a positive contribution to the bottom line by creating consistent, cost effective processes that reduce operational risk and unnecessary expense.

After taking the time to learn how to identify problem areas and create appropriate workflow solutions, The Bank of Missouri now has 17 workflows in production, enabling it to eliminate redundant data entry, boost visibility and streamline processes across several areas of the institution, including HR, IT, deposit operations, loans, retail and more.

An example of the bank’s success is how it transformed the deposit fee refund process. Front office staff had to print, manually fill out and scan documents before the reversal process was performed by back office staff who also imaged and indexed the document, consuming a large amount of time and manual effort. With its workflow solution, multiple steps and searches are now automated and approved. This workflow alone is currently saving the bank approximately 54 hours and $1,000 per month, yielding an annual savings of $12,000.

In addition to creating unrealized efficiencies, leveraging a workflow solution can also allow banks to channel resources that were previously spent on burdensome tasks into more strategic and customer facing activities. When bank employees are empowered to add and cultivate skillsets, they’re more likely to feel valued and stay with their institution longer. Returns such as this can prove to be indispensable for any well run financial institution.

Dedicating just a small portion of resources to improving the back office can make a monumental impact. If the only reason for your processes is history, they may be outdated. Revamping workflows to streamline procedures and optimize efficiency is an integral component of any modern and progressive bank.

Chris Congiardo, systems analyst manager for The Bank of Missouri, is theco-author of this piece.

Handling Today’s Top Risk Challenges



Cybersecurity and compliance are the top two areas of concern for the bank executives and directors responding to Bank Director’s 2017 Risk Practices Survey, sponsored by FIS. What are the best practices that boards should implement to mitigate these risks? In this video, Sai Huda of FIS highlights the survey results and details how boards can stay proactive.

  • Cybersecurity and Compliance Gaps
  • Five Cybersecurity Best Practices
  • Three Ways to Strengthen Internal Controls

Cybersecurity Governance: How to Protect the Bank


cybersecurity-12-23-16.pngModern banking increasingly relies upon technology and the internet to manage and streamline business operations. With increased dependence on technology comes an increased risk of security threats. Kaspersky Lab reported it had detected 323,000 malware files per day using its software in 2016. This number is 4 percent higher than in 2015.

The impact of a successful cyberattack is often quite damaging: legal liabilities, brand reputation, lack of trust from customers and partners, and ultimately, revenue. The average cost of a data breach is now up to $4 million, according to a 2016 Ponemon study.

Banks are responsible for more data than ever and as data use continues to grow, banks face the challenge of properly creating strategies, frameworks and policies for keeping sensitive data secure. Meanwhile, criminals develop new and sophisticated tactics to target valuable data.

Security is, and should be, a concern for all employees. However, leadership must be responsible for establishing and maintaining a framework for information security governance. Information security governance is defined as a subset of enterprise governance that provides strategic direction, ensures objectives are achieved, and manages risks while monitoring the success or failure of the IT security program.

Whether it is the board of directors, executive management or a steering committee that is involved—or all of these—information security governance requires strategic planning and decision-making.

Best Practices
Despite the threats of cyberattacks and data breaches, banks can take proactive steps to better position themselves for successful security governance. What follows are five strategic best practices for information security governance:

1. Take a holistic approach.
Security strategy is about aligning and connecting with business and IT objectives. A holistic approach can provide leadership with more levels of control and visibility.

What data needs to be protected? Where are the risks? Take a unified view of how information security impacts your organization and how employees view security. Get early buy-in from key stakeholders, such as those in the IT, sales, marketing, operations and legal departments. Scope out what data needs to be protected and how that fits into the larger picture.

2. Increase awareness and training.
Although developed by leadership, information security governance speaks to all employees within the organization and requires continued level of awareness. Governance creates policies and assigns accountabilities, but each member is responsible for following the security standards.

Constant training and education on security best practices is vital. The cyberthreat landscape is rapidly changing and employees, and company training, must keep up. This way, if new threats emerge, you will be prepared.

3. Monitor and measure.
Information security governance should never have a “set it, then forget it” approach. It’s about ongoing assessment and measuring. Monitoring ensures that objectives are being achieved and resources are appropriately managed. What security governance policies are working? Which policies are not?

Conduct mock data breach scenarios to test the efficacy of corporate teams and company incident response plans. Test results can reveal strong and weak links—what the bank needs to concentrate on, and what security governance policies work well under pressure.

4. Foster open communication.
Stakeholders should feel they can openly communicate directly with leadership, even when sharing bad news. Open communication promotes trust and brings a higher level of visibility throughout. Engagement is key. Consider creating a steering committee comprised of executive management and key team leads (IT, marketing, finance, PR, legal, operations, etc.) to review and assess current security risks.

5. Promote agility and adaptability.
Gone are the days of monolithic, cumbersome governance; banks need to adapt quickly to meet the changing tide of security threats. IT management, which is typically concerned with making tactical decisions to mitigate security risks, might have some hands-on experience and opinions about the effectiveness of a particular security policy, but their recommendations can only go so far without C-suite support. Leadership must quickly determine how to implement suggested changes throughout the bank. And if a security governance policy is ineffective, leadership must be willing to jettison the policy.

Overall, successful information security governance involves a continuous process of learning, revising and adapting. Banks need to be proactive and strategic with their security posture. Threats and incidents are inevitable, but moving strategic security governance to the forefront of your organization can help protect valuable information.

Download the full Diligent white paper: Five Best Practices for Information Security Governance.

Bank Boards Should Focus on Commercial Real Estate Concentrations


risk-management-10-10-16.pngBank boards should make sure they are reviewing their policies and practices related to commercial real estate (CRE) lending. Regulators have made clear that CRE concentration risk management will be a focus at exam time.
While many banks are approaching the CRE limits that trigger regulatory scrutiny, they are often not following best practices for managing concentration risk, particularly in stress testing, Comptroller of the Currency Thomas J. Curry warned recently in a speech.

As a result, the Office of the Comptroller of the Currency elevated CRE concentration risk management to “an area of emphasis” in its latest Semi-Annual Risk Perspective. The Federal Deposit Insurance Corp. also reports that CRE-related informal enforcement actions known as Matters Requiring Board Attention are increasing.

The OCC says that CRE portfolios have seen rapid growth, “particularly among small banks.” The decision to emphasize CRE concentration risk management follows a statement from all three prudential regulators late last year that they would “pay special attention to potential risks associated with CRE lending” in 2016. Regulators said they could ask banks to raise additional capital or curtail lending to mitigate the risks associated with CRE strategies or exposures.

At the same time we are seeing this high growth, our exams found looser underwriting standards with less-restrictive covenants, extended maturities, longer interest-only periods, limited guarantor requirements, and deficient-stress testing practices,” Curry said in announcing the new emphasis.

Proper stress testing is crucial to managing CRE concentrations—but stress testing is the right tool for the job, it’s not the job itself. Too many banks think they can solve the CRE problem with stress testing alone. Here’s how they are doing it wrong:

  1. Only the CRE loan portfolio is being stress tested, which does a disservice to parts of the bank that are strong.
  2. Data gathering for stress testing each loan is a nightmare. Most banks don’t have it centralized. This will be an issue for banks when the Financial Accounting Standard Board’s new Current Expected Credit Loss standard (CECL) is implemented as well.
  3. Banks are treating the stress tests as a check-the-box exercise, without including top management to guide the process or use the results to position the bank for success.
  4. Management doesn’t understand the results, so they are not in a position to have effective conversations with examiners about why the tests are important.
  5. Most banks are not applying the stress test results toward strategic and capital planning.

Banks should use a combination of top-down and bottom-up stress testing to demonstrate to examiners that they can be trusted with elevated levels of CRE concentration. Key to that analysis is using loan-level data to analyze performance of the portfolio by vintage—e.g. the risk factors affecting loans change depending on the economic and market conditions on the date of origination—another lesson that will be important for banks when they implement CECL.

CRE concentration risk management best practices also include global cash flow analyses, an understanding of lifetime repayment capacities, proper appraisal reviews and ongoing monitoring of supply and demand. Banks must ensure that they have the right policies, underwriting standards and risk management policies to allow the board to monitor the concentration risk and understand the CRE limits. Appropriate lending, capital and allowance for loan and lease losses (ALLL) strategies are crucial.

Many banks are making the same mistakes when it comes to CRE concentration risk management, the FDIC reported in a recent teleconference. Besides insufficient stress testing, common weaknesses include:

  • Outdated market analyses that conflict with the bank’s strategic plans, either because the market data is wrong or not unique to the bank
  • Excessive limits
  • Poor concentration reporting and board documentation
  • Lax underwriting and insufficient loan policy exception programs
  • Appraisal review programs without sufficient expertise or independence
  • No CRE contingency plans
  • ALLL analyses that fail to consider CRE risks
  • No CRE internal loan review
  • Limited construction loan oversight

M&A can be an attractive solution to CRE issues for some community banks. Acquisitive banks, however, need to take special notice of the CRE concentration regulatory warning. Many potential acquisitions will result in concentrations that trigger special regulatory scrutiny, especially if they are cash-heavy transactions and are dilutive to tangible book value. Acquiring banks must be prepared to demonstrate that they have the capital management infrastructure to manage concentration risk.

The Four Habits of Successful Bank Compensation Committees


compensation-committee-6-17-16.pngCompensation committees are responsible for setting the foundation of a bank’s compensation program, subsequently impacting the bank’s underlying culture. The banking industry is more competitive than ever, so attracting and retaining top talent should be the number one priority. With a compensation committee that is educated on industry trends and modern-day compensation best practices, your bank will be on its way to developing programs that attract and retain top talent. Here are the top four best practices a bank’s compensation committee should consider.

1. Committee Members Should Take Steps to Stay Educated
Your committee members are responsible for staying aware of compensation trends. They need to always be in-the-know of complications, IRS penalties, and other factors with unintended consequences or expenses that can impact both the bank and the executives. Committee members should regularly review market trends in executive compensation; staying aware of banking trends as well as trends in other industries will better position the bank for success in recruiting, rewarding, and retaining talent. Your board should also be educated by the committee regarding your compensation philosophy and how the committee functions.

A few areas the compensation committee has direction over include equity grants, incentive structure, benefits, qualified plans, board compensation and other aspects of compensation. The directors should have a full understanding of structuring compensation plans, and if not, the committee should consult an adviser.

2. Establish the Duties and Responsibilities of Each Committee Member
In addition to staying educated, members of the compensation committee must have a framework for their efforts. This involves establishing the duties and responsibilities of each member, but before you begin, you’ll need to develop a compensation philosophy if you don’t already have one. Without an established compensation philosophy, your compensation committee will lack direction, clarity, and consistency regarding compensation practices. In addition to putting your philosophy in print, you should ensure that everyone on your committee understands it and is able to relay its message. The philosophy should be comprehensive as well as consistent with the culture of your bank, the interests of your shareholders and market trends.

3. Review the Committee’s Performance Quarterly
Quarterly, you should hold a meeting to assess the success of your committee. Check on what’s working and what isn’t with regards to committee function, meeting processes and other aspects. It’s important to look at whether you’re hitting benchmarks—and whether you’re attracting and retaining the talent you need to hit those benchmarks. There’s always room for improvement, so discuss what the committee may need to change in order for your bank to be more successful with recruiting and retention.

4. Engage Expert Consultants When Necessary
There’s a delicate balance that must be struck with compensation; it needs to be competitive enough to retain executives but as efficient as possible to drive shareholder value. With the increasing competition for talent and the rising costs of benefits like health care plans, many banks have been pre-funding benefits through plans such as bank-owned life insurance (BOLI). Choosing the best insurance carriers and structuring pre-funding plans is something that requires outside help from qualified consultants.

Professionals can help you determine competitive compensation packages and discern what investments will bring you the greatest return for the lowest risk.

If you don’t feel your compensation committee is hitting the mark, it’s time for something to change. Rewarding talent and funding those rewards is a complicated topic, so outside help from a compensation consultant who specializes in banking may be helpful to bring direction to your committee. If your committee follows these four best practices, you’ll be on a path to success applying your finest approach to compensation and benefits plans.

How Regulators Could Foster the Fintech Sector


fintech-innovation-3-30-16.pngRegulators can’t afford to wait any longer in developing a framework for their oversight of the fast-rising fintech sector. The number of fintech companies, and the amount of investment in them, is growing too rapidly for regulators to hope that they can supervise the sector by applying existing regulations for banks to fintech companies on an ad-hoc basis. That will only create gaps in regulators’ monitoring of the sector, and confusion among fintech companies trying to grasp the complexities of financial regulation in the U.S. Such gaps and confusion are already evident: Many fintech companies are failing to implement best practices in securing customer data, and many of them are also unaware of how existing regulations apply to them.

I addressed the security issue in a previous article, but regulators should be just as concerned with clearing up the confusion in the market. That’s because the government has a legitimate interest in encouraging fintech growth, which would be boosted by a clear regulatory framework. Some fintech companies serve customers that have been ignored by banks in recent years, bringing them into the financial system. For instance, companies like OnDeck Capital, Kabbage, Lendio, Square, and others are filling the credit needs of small businesses that banks have been hesitant to lend to ever since the Great Recession. Regulators should be careful about imposing standards that gash this new source of credit for underserved small businesses. Also, some new technologies that fintech startups are working on, like the blockchain, can improve regulation and compliance throughout the financial services industry.

Build Relationships Early
How can regulators help foster innovation without sacrificing security and integrity in the financial system? For one, they should start their interactions with fintech companies as early as possible to encourage innovation while also safeguarding customers. This means providing guidance to companies while they are still developing and experimenting with their solutions, so companies can incorporate compliance into their products early on. If regulators wait to offer guidance until after products have already been developed or released on to the market, then regulators will become an unnecessary obstacle to innovation.

U.K. regulators are taking steps to develop relationships with fintech startups early on to offer guidance on their solutions. At the end of 2014, the U.K.’s Financial Conduct Authority (FCA) announced it would launch a regulatory “sandbox” where fintech companies could test new solutions. When companies use the sandbox, the authority waives some of the compliance requirements normally applied to pilot tests for new products. Banks can also use the sandbox, and the authority guarantees that it won’t take enforcement action at a later date regarding any tests that the banks run. The sandbox experiment will go live later this year, and U.S. regulators should watch it carefully and explore similar initiatives.

Eliminating Confusion
Regulators also need to give fintech companies a hand in navigating the complexity of the U.S. financial regulatory system. There are so many different regulations and so many different agencies enforcing them, it creates a landscape that can easily overwhelm a small startup. Banks can sympathize with this issue; but fintech companies don’t have the compliance budget, knowledge and experience that banks do.

One way to eliminate all of this confusion would be to create a separate regulatory agency for fintech companies, but there are such a wide variety of fintech companies now offering solutions in almost every category of financial services, one agency couldn’t deliver effective oversight with such a broad scope of coverage.

Instead, existing regulators need to be more proactive in their outreach with fintech companies. Engaging with new startups as early in their development as possible will help with this. Regulators could further eliminate some of the confusion in the market by creating a central registry for newly formed fintech companies before they launch their products. The registry would collect some information about the company and its work. That information could then be used to determine which regulatory agencies it should report to, and provide some guidance on which requirements it must be mindful of.

Some fintech companies will certainly be averse to more regulatory oversight. However, a more refined regulatory framework that ensures security and eliminates confusion will be a blessing for the fintech sector. Right now fintech regulation is a big question mark, and a critical risk for fintech investors. Removing that risk will improve investors’ confidence in the fintech sector, helping fintech companies gain the venture capital they need to get off the ground.

How Regulators Could Foster the Fintech Sector


Fintech-innovation.png

Regulators can’t afford to wait any longer in developing a framework for their oversight of the fast-rising fintech sector. The number of fintech companies, and the amount of investment in them, is growing too rapidly for regulators to hope that they can supervise the sector by applying existing regulations for banks to fintech companies on an ad-hoc basis. That will only create gaps in regulators’ monitoring of the sector, and confusion among fintech companies trying to grasp the complexities of financial regulation in the U.S. Such gaps and confusion are already evident: Many fintech companies are failing to implement best practices in securing customer data, and many of them are also unaware of how existing regulations apply to them.

I addressed the security issue in a previous article, but regulators should be just as concerned with clearing up the confusion in the market. That’s because the government has a legitimate interest in encouraging fintech growth, which would be boosted by a clear regulatory framework. Some fintech companies serve customers that have been ignored by banks in recent years, bringing them into the financial system. For instance, companies like OnDeck Capital, Kabbage, Lendio, Square, and others are filling the credit needs of small businesses that banks have been hesitant to lend to ever since the Great Recession. Regulators should be careful about imposing standards that gash this new source of credit for underserved small businesses. Also, some new technologies that fintech startups are working on, like the blockchain, can improve regulation and compliance throughout the financial services industry.

Build Relationships Early
How can regulators help foster innovation without sacrificing security and integrity in the financial system? For one, they should start their interactions with fintech companies as early as possible to encourage innovation while also safeguarding customers. This means providing guidance to companies while they are still developing and experimenting with their solutions, so companies can incorporate compliance into their products early on. If regulators wait to offer guidance until after products have already been developed or released on to the market, then regulators will become an unnecessary obstacle to innovation.

U.K. regulators are taking steps to develop relationships with fintech startups early on to offer guidance on their solutions. At the end of 2014, the U.K.’s Financial Conduct Authority (FCA) announced it would launch a regulatory “sandbox” where fintech companies could test new solutions. When companies use the sandbox, the authority waives some of the compliance requirements normally applied to pilot tests for new products. Banks can also use the sandbox, and the authority guarantees that it won’t take enforcement action at a later date regarding any tests that the banks run. The sandbox experiment will go live later this year, and U.S. regulators should watch it carefully and explore similar initiatives.

Eliminating Confusion
Regulators also need to give fintech companies a hand in navigating the complexity of the U.S. financial regulatory system. There are so many different regulations and so many different agencies enforcing them, it creates a landscape that can easily overwhelm a small startup. Banks can sympathize with this issue; but fintech companies don’t have the compliance budget, knowledge and experience that banks do.

One way to eliminate all of this confusion would be to create a separate regulatory agency for fintech companies, but there are such a wide variety of fintech companies now offering solutions in almost every category of financial services, one agency couldn’t deliver effective oversight with such a broad scope of coverage.

Instead, existing regulators need to be more proactive in their outreach with fintech companies. Engaging with new startups as early in their development as possible will help with this. Regulators could further eliminate some of the confusion in the market by creating a central registry for newly formed fintech companies before they launch their products. The registry would collect some information about the company and its work. That information could then be used to determine which regulatory agencies it should report to, and provide some guidance on which requirements it must be mindful of.

Some fintech companies will certainly be averse to more regulatory oversight. However, a more refined regulatory framework that ensures security and eliminates confusion will be a blessing for the fintech sector. Right now fintech regulation is a big question mark, and a critical risk for fintech investors. Removing that risk will improve investors’ confidence in the fintech sector, helping fintech companies gain the venture capital they need to get off the ground.

Keeping Your Compensation Committee On Track During the Busy Winter Season


executive-compensation-11-11-15.pngThe Dodd-Frank Act, regulatory guidelines on compensation risk and shareholder advisory votes on executive compensation have all contributed to an increase in the compensation committee’s responsibilities and time requirements. That pressure is compounded this time of year as committees enter their “busy season.” The fourth quarter is the start of many critical and often scrutinized committee activities: reviewing performance, approving 2015 incentive awards and developing 2016 performance incentive plans.  This article provides a sample full year committee calendar and a checklist of activities and actions compensation committees should be focusing on during Q4 2015 and Q1 2016.

It is best practice for compensation committees to define and schedule their annual activities for the year in advance. A well-defined calendar helps members better plan and prepare for the critical, and often timely, decisions that are required. There are three key cycles to the annual calendar: Assessment, Program Design and Pay Decisions.

Assessment occurs during the more “quiet” months following the prior year’s performance cycle where pay decisions are made, but before the start of the next performance cycle when a new program starts. For companies whose fiscal year follows the calendar year, this typically occurs between June and October (following most public company annual meetings). While there may be less pressure to approve and take action during this time, the analysis conducted during this phase will be critical for decisions made later in the year. Compensation committees should use this time to reflect on the pay program and decisions of the prior year and assess peer, market and regulatory trends that might influence programs in the coming year. This is a perfect time to conduct robust tally sheets, assess the pay and performance of your company relative to peers, conduct peer/competitive benchmarking, and if you are a public company, review say-on-pay results and conduct shareholder outreach. Information reviewed during this phase provides the foundational knowledge needed for the upcoming design and decision cycles.

Program Design typically occurs in the late fall and early winter (e.g. November–January), when compensation committees review the assessment phase results and begin defining total pay opportunities and programs for the upcoming year (i.e. base salary, annual and long-term incentive opportunities and performance goals). Compensation committees should pay careful attention to performance metric selection and goal setting to ensure proper pay-performance alignment. It is also critical to ensure the incentive plans support sound risk management practices. Many banks will complete their annual incentive risk review at this time. This is also an opportune time to consider implementing or revising compensation policies or practices, perhaps in light of shareholder feedback.

Pay Decisions occur in the late winter (e.g. January–April). During this phase, performance evaluations are conducted and decisions are made related to incentive payouts. Pay opportunities for the new year are also set, including annual incentive opportunities and long-term incentive grants. All banks should have conducted their risk assessment review by this time as well. Once Section 956 of the Dodd-Frank Act is finalized, banks will be required to provide documentation of their risk review to regulators. For companies whose fiscal year ends at the end of the year, this will occur during the same timeframe, in the late winter or early spring. This is also a very busy time for public companies that are required to document the prior year’s pay decisions in the proxy in preparation for shareholder review. Many committees spend several meetings discussing these issues.

Periodic activities include, but are not limited to: executive and board succession planning, incentive risk assessment, board and committee evaluations, consultant evaluations, benefit plan review, employment agreement/severance arrangement review and shareholder engagement.

Ongoing updates throughout the year include incentive payout projections and regulatory updates.

Below is an illustration of a typical compensation committee annual cycle with a check list of key activities for Q4 and Q1:

Today’s environment of increased scrutiny on executive compensation and governance requires compensation committees to spend more time fulfilling their responsibilities. Having a well-planned calendar, with a heightened focus on the “off season” assessment activities, can help committees be better prepared for the many critical year-end decisions.

*Section 162(m) of the Internal Revenue Code allows public companies to deduct performance-based compensation above $1 million if it meets specific requirements.

Buyer Beware: How Banks Can Avoid a Transaction Disaster


acquisition-10-26-15.pngMergers and acquisitions are exciting: they make the news, they show a position of strength to competitors, and most deals promise benefits for customers, employees and shareholders. Transactions have the same kind of excitement one might experience when buying a car. And like buying the car, that new car smell, or in this case, the allure of growth and synergies, can wear off quickly once you realize all of the work required to successfully integrate two institutions. Worse still is the feeling you have bought a lemon. There are, however, strategies that banks can employ before an integration to make sure they are getting a good deal.

Ensure You Have the Right, Experienced Resources
There is a reason that most professional services firms have an M&A practice: mergers and acquisitions are hard. In the middle market, it is even more important to look at current staff or partners that can support integration and bring the much needed experience to the table. No other industry is as complex as banking in terms of converting systems and processes. Banks require a unique set of skills to navigate the complexities of core systems, online banking, debit/credit cards, treasury management and lending.

Conduct an Operational and Technical Assessment of Your Target
Looking at the operational and technical complexities before a deal is made will improve the chances of a successful integration. Assess the scalability and interoperability of your technology and process landscape (as well as the target’s landscape) so that you can identify risks to the integration early and put together a mitigation plan quickly. All too often, middle market transactions focus only on diligence conducted by bankers, lawyers and accountants. Operational and technology diligence are de-prioritized.

Knowing how much car you can afford before even thinking about a deal puts you ahead of other bidders in terms of understanding how a target will fit into your garage. An operational and technical assessment provides the opportunity to understand and potentially implement systems, processes and products that will create a scalable and flexible operating model.

Evaluate Third Party Relationships
Understanding how your service providers can flex (or not) is critical to understanding the level of effort and cost of integration, along with the risks that need to be mitigated. Do your vendors have dedicated conversion teams? Are you the largest client of your core provider? Is there information available from your peers on the pros and cons of particular solutions in terms of integration? What are the service areas that could be improved through an acquisition?

Know Your Customer
Don’t forget the customer. Most transactions are driven by the desire to grow an institution’s customer base. But, in the frenzy of bringing two institutions together, customers often take a backseat to other integration priorities. Reacting to problems once customers start to leave is too late—the damage is already done. You will continue to hemorrhage customers while you course correct. Consider how well you know your customers before a deal is on the table. Do you have a way to make sure the customer’s voice is heard? Mapping the customer impact during diligence will prepare you to monitor (and hopefully improve) customer experience through the integration.

During integration, avoid focusing solely on cost synergies at the expense of customer experiences that could undermine revenue objectives. Whatever the changes, make sure communications to customers are clear, regular and transparent. You can never over communicate change to customers. Lastly, don’t assume that postponing changes is always best for customers. In many cases, making changes early and communicating them effectively will offer the most seamless customer experience across all channels (branches, digital, etc.).

Never Underestimate the Importance of Culture
It’s easy to sweep culture under the rug and consider it too soft and fuzzy for due diligence and integration. Many find it hard to put concrete metrics and plans around culture. Generational changes continue to change the way companies recruit, retain and operate—and that’s forcing companies to rethink their priorities in order to avoid costly turnover.

Having tools in place to implement change management is a best practice. This starts with knowing what your own cultural identity and management style is and what that means in terms of potential deals. If you’re into sports cars, don’t look at SUVs. By having your own cultural assessment up front, you can start analyzing cultural differences earlier in the process.

Assess Your M&A Readiness Before You Buy
If you want to successfully retain customers and key employees while achieving financial synergies, take the time to kick your own tires before looking at a new deal. An internal M&A readiness assessment is not only valuable if you are a buyer, but as a potential seller as well. An assessment will identify both deficiencies and differentiators in your operating model that a potential buyer will notice during due diligence. This knowledge gives you better negotiating power and can put you in the driver’s seat.

Five Key Strategies for Bank Boards to Improve Cybersecurity Defense and Awareness


cyber-attack-9-17-15.pngThe United States continues to experience an increase in the number and severity of high-profile cyberattacks, a trend that shows no signs of easing. From large financial institutions and brokerages to blue-chip retailers, hackers are gaining traction and notoriety as they breach systems with greater impact and severity—many of them stealing private customer data. The reality is that every organization—big and small—is susceptible to these attacks.

Banks, in particular, are challenged to protect proprietary information, client data and in many cases, shareholder value. Bank directors and board members equipped with the proper tools and information about cybersecurity are more prepared to keep their organization safe in the event of a cybersecurity breach. In order to ensure an organization is fully equipped to mitigate risks associated with hacks and other cyberattacks, there must be a clear understanding among all levels of the financial institution’s management team about who is responsible for managing this issue. When the senior management and the board ensure that cyber policies are up to date, understood by all and frequently tested, companies decrease their chance of exposure. For directors at financial institutions, here are five key strategies to improve cybersecurity defenses and awareness:

  • Secure communication: Companies must provide board members with a secure way to share and communicate critically sensitive information. This information should never be sent over email.
  • Collaboration is key: When directors have a clear understanding of cyber security and the associated risks, they are more equipped to work together to manage issues related to cybersecurity.
  • Have a strategy: Determine, in advance of a data breach or other cyber attack, who is responsible for managing cybersecurity, whether it be an audit committee, another committee, the organization’s IT department or the chief information officer.
  • Understand the cloud: Understand what cloud services your bank and your bank’s vendors are using, public or private, for file sharing or downloading sensitive information. While cloud solutions can offer easy uploading and downloading of files as well as security features like encryption and authentication, many have been successfully hacked, compromising private files and email addresses.
  • Education and preparation: Ensure board members educate themselves on cybersecurity to understand the risks and be prepared for whatever comes their way; this is where many vulnerabilities surface, not because a board lacks the appetite, but because directors are not provided with the proper tools and information.

Cybersecurity should be a topic on all bank directors’ radar, and they should continue to embrace new strategies as they grapple with ways to confront, manage and control issues around cybersecurity. Additionally, adopting technologies in order to ensure secure, fast and accessible communication is vital. This is especially true for a company’s board of directors, which is privy to sensitive, confidential and market-moving information. Throughout history, financial institutions have constantly evolved to reflect changes both in society and in the market. Cybersecurity presents a complicated challenge, but it is one that can be confronted successfully with the correct management strategy and tools.