Embracing a Challenging Environment to Evolve

New York University economist Paul Romer once said, “A crisis is a terrible thing to waste.”

With a nod to Dr. Romer, we believe banks have an extraordinary opportunity to embrace the challenging environment created by the Covid-19 pandemic to enhance critical housekeeping matters. Here are five areas where banks may find opportunities to declutter or reengineer policies, procedures and best practices.

Culture
One of the most obvious opportunities for banks is to focus on culture. Employees working from home has eliminated the ability to have typical office parties, barbeques and other events to build comradery. Remote and semi-remote working environments are challenging employees in many difficult ways. Fortunately, banks are finding simple, yet creative, ways to stay in contact with their employees and build culture through additional correspondence and feedback — electronic happy hours, car parades, and socially distant visits, for example. Creatively maintaining high engagement in challenging times will serve to improve communication and culture over the long term. As management consultant Peter Drucker once said, “Culture eats strategy for breakfast.”

Cybersecurity
Cybersecurity risk continues to be top of mind for bankers and regulators given the remote work brought on by Covid. Certainly, most banks’ cybersecurity risk management planning did not contemplate the immediate scale of remote work, but the extreme experience is an opportunity to drill down on underlying policies and procedures. Banking agencies have provided the general blueprint on sound risk management for cybersecurity.

This heightened risk environment provides executives with a perfect opportunity to note where their vulnerabilities may exist or be discovered, where cyberattacks focus and what works—or doesn’t —for your bank. Use the guidance provided to assess your bank’s response and resilience capabilities. Consider the overall map and configuration of your cyber architecture. Consider authentication requirements and permissions to protect against unauthorized access. Take the time to work with information technology experts to clean up access controls and response plans. This is an active situation that provides bankers the unique opportunity to learn and adapt in real time.

Compliance
Banks also face enhanced compliance originating from federal programs aimed at keeping businesses afloat. A worthy endeavor to be sure, but the rollout of some federal programs such as the Small Business Administration’s Paycheck Protection Program has far outpaced the guidance for banks tasked with implementation. The trickle of (often inconsistent) guidance on the documentation, eligibility and certification adds compliance challenges in reporting under the Bank Secrecy Act, fair lending under the Equal Credit Opportunity Act and unfair or deceptive acts and practices under the Federal Trade Commission Act, for example.

Compliance teams have an opportunity to shine at something they are already extraordinarily good at: documentation. They should document the processes and practices they deploy to demonstrate compliance, despite the uncertainty and pace at which they are expected to operate. This documentation can support real-time decision-making that may come up with regulators in the future, and can serve as a basis for improvement on future best practices and training. Compliance teams will discover new questions to ask, novel scenarios to address and gaps to fill.

Operational Planning
The best time to consider the impacts of Covid on your bank’s operations is while events and memories are fresh. Banks all over the country are experiencing what a handful of institutions may go through in the wake of a natural disaster: devastation, uncertainty and a need for banking support. This is the time to review your bank’s disaster recovery and business continuity plans, specifically including pandemic planning, to assess the plans against reality.  

To help, the Federal Financial Institutions Examination Council released an updated statement on pandemic planning suggesting actions that banks can take to potentially minimize a pandemic’s adverse effects. This is an chance to improve business continuity planning for similar future events, understanding that they may not be as deep or prolonged as the coronavirus. Exercising the plans in real time, compared to a scheduled test, can reveal helpful improvements that will only strengthen the bank.

Customer Experience
Coping with remote work and providing banking services outside of a branch provides the opportunity for banks to consider strategies around technology and financial technology partnerships. Customers have been rerouted to electronic avenues, and many seem to have embraced technology to deposit checks, access accounts online and transact business.

This evolution offers banks the opportunity to adapt and recognize the use of financial technologies. Many customers will understandably return to branches to conduct some of their business when they reopen, but may require them less. Banks may want to consider how they can satisfy future customer demand and improve the customer experience more broadly. These are just five areas where we see opportunities for banks of all levels and complexity to enhance their policies, procedures and best practices as they prepare to move forward.

Turning Compliance From an Exercise Into a Partnership

The Greek philosopher Heraclitus once observed that no one can ever step into the same river twice. If these philosophers tried to define how the financial industry works today, they might say that no bank can ever step into the same technology stream twice.

Twenty-first century innovations, evolving standards and new business requirements keep the landscape fluid — and that’s without factoring in the perpetual challenge of regulatory changes. As you evaluate your institution’s digital strategic plan, consider opportunities to address both technology and compliance transformations with the same solution.

The investments your bank makes in compliance technology will set the stage for how you operate today and in the future. Are you working with a compliance partner who offers the same solution that they did two, five or even 10 years ago? Consider the turnover in consumer electronics in that same period.

Your compliance partner’s reaction time is your bank’s reaction time. If your compliance partner is not integrated with cloud-based systems, does not offer solutions tailored for online banking and does not support an integrated data workflow, then it isn’t likely they can position you for the next technology development, either. If your institution is looking to change core providers, platform providers or extend solutions through application programming interfaces, or APIs, the limitations of a dated compliance solution will pose a multiplying effect on the time and costs associated with these projects.

A compliance partner must also safeguard a bank’s data integrity. Digital data is the backbone of digital banking. You need a compliance partner who doesn’t store personally identifiable information or otherwise expose your institution to risks associated with data breaches. Your compliance data management solution needs to offer secured access tiers while supporting a single system of record.

The best partners know that service is a two-sided coin: providing the support you need while minimizing the support required for their solution. Your compliance partner must understand your business challenges and offering a service model that connects bank staff with legal and technology expertise to address implementation questions. Leading compliance partners also understand that service isn’t just about having seasoned professionals ready to answer questions. It’s also about offering a solution that’s designed to deliver an efficient user experience, is easy to set up and provides training resources that reach across teams and business footprints — minimizing the need to make a support call. Intuitive technology interfaces and asynchronous education delivery can serve as silent accelerators for strategic goals related to digitize lending and deposit operations.

Compliance partners should value and respect a bank’s content control and incorporate configurability into their culture. Your products and terms belong to you. It’s the responsibility of a compliance partner to make sure that your transactions support the configurability needed to service customers. Banks can’t afford a compliance technology approach that restricts their ability to innovate products or permanently chains them to standard products, language or workarounds to achieve the output necessary to serve the customer. Executives can be confident that their banks can competitively adapt today and in the future when configurability is an essential component of their compliance solution.

A compliance partner’s ability to meet a bank’s needs depends on an active feedback loop. Partners never approach their relationship with firms as a once-and-done conversation because they understand that their solution will need to adjust as business demands evolve. Look for partners that cultivate opportunities to learn how they can grow their solution to meet your bank’s challenges.

Compliance solutions shouldn’t be thought of as siloed add-ons to a bank’s digital operations. The right compliance partner aligns their solution with a bank’s overall objectives and helps extend its business reach. Make sure that your compliance technology investment positions your bank for long-term return on investment.

Artificial Intelligence: Exploring What’s Possible

Banks are exploring artificial intelligence to bolster regulatory compliance processes and better understand customers. This technology promises to expand over the next several years, says Sultan Meghji, CEO of Neocova. As AI emerges, it’s vital that bank leaders explore its possibilities. He shares how banks should consider and move forward with these solutions. 

  • Common Uses of AI Today
  • Near-Term Perspective
  • Evaluating & Implementing Solutions

 

The Strategic Side of Cybersecurity Governance


cybersecurity-8-7-19.pngWithout a comprehensive cyber risk governance strategy, banks risk playing Whac-A-Mole with their cybersecurity.

Most financial institutions’ cybersecurity programs are tactical or project-oriented, addressing one-off situations and putting out fires as they arise. This piecemeal approach to cybersecurity is inefficient and increasingly risky, given the growing number of new compliance requirements and privacy and security laws. Institutions are recognizing that everyone in the C-suite should be thinking about the need for a cyber risk governance strategy.

There are three key advantages to having a cyber risk governance strategy:

  • Effectively managing the audit and security budget: Organizations that address current risks can more effectively prepare for cybersecurity threats, while meeting and achieving consistent audit results. A thorough risk assessment can highlight real threats and identify controls to evaluate on an ongoing basis through regular review or testing.
  • Reducing legal exposure: Companies and their officers can reduce the potential for civil and criminal liability by getting in front of cybersecurity and demonstrating how the institution is managing its risk effectively.
  • Getting in front of cybersecurity at an organizational level: Strategic planning is an important shift of responsibility for management teams. It proactively undertakes initiatives because it’s the right thing to do, versus an auditor instructing a company to do them.

So what’s required to set up a cyber risk governance strategy? Most organizations have talented individuals, but not necessarily personnel that is focused on security. Compounding the industry shortage of cybersecurity professionals, banks may also lack the resources necessary to do a risk assessment and ensure security practices are aligned to the cyber risk governance. As a result, banks frequently bring in vendors to help. If that’s the case, they should undertake a cyber risk strategy assessment with the help of their vendor.

Bank boards can perform a cyber risk governance strategy assessment in three phases:

  1. An assessment of the current cyber risk governance strategy. In phase one, a vendor’s team will review a bank’s current organizational and governance structure for managing information security risk. They’ll also review the information technology strategic plan and cybersecurity program to understand how the bank implements information security policies, standards and procedures. This provides a baseline of the people and processes surrounding the organization’s cyber risk governance and information security risk tolerance.
  2. Understand the institution’s cyber risk footprint. Here, a vendor will review the technology footprint of customers, employees and vendors. They’ll look at internal and external data sources, the egress and ingress flow of data, the data flow mapping, the technology supporting data transport and the technology used for servicing clients, employees, and the third parties who support strategic initiatives.
  3. Align information security resources to cyber governance goals. In phase three, a vendor will help the bank’s board and executives understand how its people, process and technology are aligned to achieve the company’s institution’s cyber governance goals. They’ll review the bank’s core operations and document the roles, processes and technology surrounding information security. They’ll also review the alignment of operational activities that support the bank’s information security strategic goals, and document effective and ineffective operational activities supporting the board’s cyber governance goals.

Once the assessment is complete, a bank will have the foundation needed to follow up with an operational analysis, tactical plan and strategic roadmap. With the roadmap in place, a bank can craft a cyber risk strategy that aligns with its policies, as well as an information security program that addresses the actual risks that the organization faces. Instead of just checking the boxes of required audits, bank boards can approach the assessments strategically, dictating the schedule while feeling confident that its cyber risks are being addressed.

Addressing the Top Three Risk Trends for Banks in 2019



As banks continue to become more reliant on technology, the risks and concerns around cybersecurity and compliance continue to grow. Bank Director’s 2019 Risk Survey, sponsored by Moss Adams LLP, compiled the views of 180 bank leaders, representing banks ranging from $250 million to $50 billion in assets, about the current risk landscape. Respondents identified cybersecurity as the greatest concern, continuing the trend from the previous five versions of this report and indicating an industry-wide struggle to fully manage this risk.

Other top trends included the use of technology to enhance compliance and the potential effect of rising interest rates. Here’s what banks need to know as they assess the risks they’ll face in the coming year.

Cybersecurity
Regulatory oversight and scrutiny around cybersecurity for banks seems to be increasing. Agencies including the Securities and Exchange Commission are focused on the cybersecurity reporting practices of publicly traded institutions, as well as their ability to detect intruders. The Colorado legislature recently passed a law requiring credit unions to report data breaches within 30 days. It’s no surprise that 83 percent of respondents said their concerns about cybersecurity had increased over the past year.

Most of the cybersecurity risk for banks comes from application security. The more banks rely on technology, the greater the chance they face of a security breach. Adding to this, hackers continue to refine their techniques and skills, so banks need to continually update and improve their cybersecurity skills. This expectation falls to the bank board, but the way boards oversee cybersecurity continues to vary: Twenty-seven percent opt for a risk committee; 25 percent, a technology committee and 19 percent, the audit committee. Only 8 percent of respondents reported their board has a board-level cybersecurity committee; 20 percent address cybersecurity as a full board rather than delegating it to a committee.

Compliance & Regtech
Utilizing technological tools to meet compliance standards—known as regtech—was another prevalent theme in this year’s survey. This is a big stress area for banks due to continually changing requirements. The previous report indicated that survey respondents saw increased expenses around regtech. This year, when asked which barriers they encountered around regtech, 47 percent responded they were unable to identify the right solutions for their organizations. Executives looking to decrease costs may want to consider whether deploying technology could allow for fewer personnel. When this technology is properly used, manual work decreases through increased automation.

Other compliance concerns for this year’s report included rules around the Bank Secrecy Act and anti-money laundering. Seventy-one percent of respondents indicated they implemented or plan to implement more innovative technology in 2019 to better comply with BSA/AML rules.

Compliance with the current expected credit loss standard was another area of concern. Forty-two percent of respondents indicated their bank was prepared to comply with the CECL standard, and 56 percent replied they would be prepared when the standard took place for their bank.

Interest Rate & Credit Risk
The potential for additional interest rate increases made this a new key issue for the 2019 report. When asked how an interest rate increase of more than 100 basis points, or 1 percent, would affect their banks’ ability to attract and retain deposits, 47 percent of respondents indicated they would lose some deposits, but their bank wouldn’t be significantly affected. Thirty percent indicated an increase would have no impact on their ability to compete for deposits.

However, 55 percent believed a severe economic downturn would have a moderate impact on their banks’ capital. In the event of such a downturn, deposits and lending would slow, and banks could incur more charge-offs, which would impact capital. This fluctuation can be easy to dismiss, but careful planning may help reduce this risk.

Assurance, tax, and consulting offered through Moss Adams LLP. Investment advisory services offered through Moss Adams Wealth Advisors LLC. Investment banking offered through Moss Adams Capital LLC.

How Innovative Banks Keep Up With Compliance Changes


compliance-6-5-19.pngBankers and directors are increasingly worried about compliance risk.

More than half of executives and directors at banks with more than $10 billion in assets said their concerns about compliance risk increased in 2018, according to Bank Director’s 2019 Risk Survey. At banks of all sizes, 39 percent of respondents expressed increasing concern about their ability to comply with changing regulations.

They’re right to be worried. In 2018, U.S. banks saw the largest amount of rule changes since 2012, according to Pamela Perdue, chief regulatory officer for Continuity. This may have surprised bankers who assumed that deregulation would translate to less work.

“The reality is that that is not the case,” she says. “[I]t takes just as much operational effort to unwind a regulatory implementation as it does to ramp it up in the first place.”

Many banks still rely on compliance officers manually monitoring websites and using Google alerts to stay abreast of law and policy changes. That “hunt-and-peck” approach to compliance may not be sufficiently broad enough; Perdue said bankers risk missing or misinterpreting regulatory updates.

This potential liability could also mean missed opportunities for new business as rules change. To handle these challenges, some banks use regulatory change management (RCM) technology to aggregate law and policy changes and stay ahead of the curve.

RCM technology offerings are evolving. Current offerings are often included in broader governance risk and compliance solutions, though these tools often use the same manual methods for collecting and processing content that banks use.

Some versions of RCM technology link into data feeds from regulatory bodies and use scripts to crawl the web to capture information. This is less likely to miss a change but creates a mountain of alerts for a bank to sort through. Some providers pair this offering with expert analysis, and make recommendations for whether and how banks should respond.

But some of the most innovative banks are leveraging artificial intelligence (AI) to manage regulatory change. Bank Director’s 2019 Risk Survey revealed that 29 percent of bank respondents are exploring AI, and another 8 percent are already using it to enhance the compliance function. Companies like San Francisco-based Compliance.ai use AI to extract regulatory changes, classify them and summarize their key holdings in minutes.

While AI works exponentially faster than human compliance officers, there are concerns about its accuracy and reliability.

“I think organizations need to be pragmatic about this,” says Compliance.ai chief executive officer and co-founder Kayvan Alikhani. “[T]here has to exist a healthy level of skepticism about solutions that use artificial intelligence and machine learning to replace what a $700 to $800 an hour lawyer was doing before this solution was used.”

Compliance.ai uses an “Expert in The Loop” system to verify that the classifications and summaries the AI produced are accurate. This nuanced version of supervised learning helps train the model, which only confirms a finding if it has higher than 95 percent confidence in the decision.

Bankers may find it challenging to test their regulatory technology systems for accuracy and validity, according to Jo Ann Barefoot, chief executive officer of Washington-based Barefoot Innovation Group and Hummingbird Regtech.

“A lot of a lot of banks are running simultaneously on the new software and the old process, and trying to see whether they get the same results or even better results with the new technology,” she says.

Alikhani encourages banks to do proofs of concept and test new solutions alongside their current methodologies, comparing the results over time.

Trust and reliability don’t seem to be key factors in bankers’ pursuit of AI-based compliance technology. In Bank Director’s 2019 Risk Survey, only 11 percent of banks said their bank leadership teams’ hesitation was a barrier to adoption. Instead, 47 percent cited the inability to identify the right solution and 37 percent cited a lack of viable solutions in the marketplace as the biggest deterrents.

Bankers who are adopting RCM are motivated by expense savings, creating a more robust compliance program and even finding a competitive edge, according to Barefoot.

“If your competitors are using these kinds of tools and you’re not that’s going to hurt you,” she says.

Potential Technology Partners

Continuity

Combines regulatory data feeds with consultative advice about how to implement changes.

Compliance.ai

Pairs an “Expert in the Loop” system to verify the accuracy of AI summaries and categorization

OneSumX Regulatory Change Management from Wolters Kluwer

Includes workflows and tasks that help banks manage the implementation of new rules and changes

BWise

Provides impact ratings that show which parts of the bank will be impacted by a rule and the degree of impact

Predict360 from 360factors

Governance risk and compliance solution that provides banks with access to the Code of Federal Regulations and administrative codes for each state

Learn more about each of the technology providers in this piece by accessing their profiles in Bank Director’s FinXTech Connect platform.

Five Reasons Behind Mortgage Subservicing’s Continued Popularity


mortgage-6-3-19.pngMortgage subservicing has made significant in-roads among banks, as more institutions decide to outsource the function to strategic partners.

In 1990, virtually no financial institution outsourced their residential mortgage servicing.

By the end of 2018, the Federal Reserve said that $2.47 trillion of the $10.337 trillion, or 24%, of mortgage loans and mortgage servicing rights were subserviced. Less than three decades have passed, but the work required to service a mortgage effectively has completely changed. Five trends have been at work pushing an increasing number of banks to shift to a strategic partner for mortgage subservicing.

  1. Gain strategic flexibility. Servicing operations carry high fixed costs that are cannot adapt quickly when market conditions change. Partnering with a subservicer allows lenders to scale their mortgage portfolio, expand their geographies, add product types and sell to multiple investors as needed. A partnership gives bank management teams the ability to react faster to changing conditions and manage their operations more strategically.
  2. Prioritizes strong compliance. The increasing complexity of the regulatory environment puts tremendous strain on management and servicing teams. This can mean that mortgage businesses are sometimes unable to make strategic adjustments because the bank lacks the regulatory expertise needed. But subservicers can leverage their scale to hire the necessary talent to ensure compliance with all federal, state, municipal and government sponsored entity and agency requirements.
  3. Increased efficiency, yielding better results with better data. Mortgage servicing is a data-intensive endeavor, with information often residing in outdated and siloed systems. Mortgage subservicers can provide a bank management team with all the information they would need to operate their business as effectively and efficiently as possible.
  4. Give borrowers the experience they want. Today’s borrowers expect their mortgage lender to offer comparable experiences across digital channels like mobile, web, virtual and video. But it often does not make sense for banks to build these mortgage-specific technologies themselves, given high costs, a lack of expertise and gaps in standard core banking platforms for specific mortgage functions. Partnering with a mortgage subservicer allows banks to offer modern and relevant digital servicing applications.
  5. Reduced cost. Calculating the cost to service a loan can be a challenging undertaking for a bank due to multiple business units sharing services, misallocated overhead charges and hybrid roles in many servicing operations. These costs can be difficult to calculate, and the expense varies widely based on the type of loans, size of portfolio and the credit quality. A subservicer can help solidify a predictable expense for a bank that is generally more cost efficient compared to operating a full mortgage servicing unit.

The broader economic trends underpinning the growing popularity of mortgage subservicing look to be strengthening, which will only accelerate this trend. Once an operational cost save, mortgage subservicing has transformed into a strategic choice for many banks.

Avoiding Unnecessary Unclaimed Property Forfeitures and Keeping Customers


risk-5-27-19.pngUnclaimed property issues are complex, but there are steps banks can take to help their customers maintain claims to their assets and keep their funds within the institution.

“Escheatment” is the legal term for the transfer of abandoned property to the state. Once a customer’s property is considered “abandoned” after a specific waiting period, state laws require that the bank turn over the asset to the state treasury department for safekeeping. Dormancy periods can be as short as one year, but vary by state or jurisdiction.

Banks can take four key actions that can reduce the risk that unnecessary escheatment could have on their customers’ accounts, and keep assets and deposits within the institution.

Institutions need to design processes and systems that can prevent unnecessary escheatment. Many banks lack the internal processes and technology solutions that would help minimize the risk of escheatment and often do not formalize their approach until faced with an audit, compounding an already-stressful situation.

Banks can create a culture of compliance by having policies and procedures for this process in place. They can also use technology to mitigate escheatment risk, lower the cost of the process and increase the efficiency of mitigation efforts.

However, many financial organizations lack robust systems to aid this process. For example, banks might allow certificates of deposit to be escheated because of inactivity, even though the CD owner has actively made deposits in or withdrawals from another account type. Linking customer accounts together allows the bank to assess contact activity across all holdings.

Banks can also educate their customers on the importance of maintaining accurate contact information and regular activity, which could prevent accounts from becoming dormant. Effective ways to help clients accomplish this include:

  • Providing customers with educational information when they open an account—one of the best times to educate them.
  • Adding messages on customer communications.
  • Establishing online alerts if mail has been returned as undeliverable, prompting customers to update their address when they log into their accounts.
  • Training bank employees about the risks of unnecessary escheatment so they are well-versed about unclaimed property compliance and can guide customers appropriately.

Banks should also proactively identify their customers who might be at risk for escheatment. All jurisdictions, except for Puerto Rico, have basic due diligence requirements that require banks to make a final attempt to contact owners of dormant accounts and uncashed checks towards the end of the dormancy period. But there are several steps that banks can take to identify customers at risk of escheatment ahead of the dormancy period:

  • Monitor which accounts have been inactive for 12 to 18 months and note the relationship with these customers.
  • Begin outreach campaigns early and allow sufficient time for communication, rather than waiting for the mandated due diligence process.
  • Identify deceased customer accounts that appear to be inactive, which can happen when family members are not aware that the account needs to be transferred or overlook paperwork when settling an estate.

Banks should communicate early, often and effectively with at-risk customers well in advance of the due diligence escheatment process. This process generally occurs late in the dormancy period: accounts have often been dormant for three to five years, making it difficult to find and communicate with their owners.

The process typically involves a single mailing sent to the last address of the dormant account’s owner, in hopes that they will respond. Most jurisdictions do not require due diligence mailings if the address on the account has been deemed inaccurate.

Owners that do receive and open the due diligence mailing may miss the window to reactivate their account if they do not act immediately. Customers may also think these letters are potential scams because they do not perceive themselves to be inactive or lost.

Effective ways to communicate with at-risk customers include:

  • Calling customers directly and explaining the situation before incurring the expense of a due diligence mailing
  • Using colored envelopes and company logos in customer communications.
  • Using direct mailings when time, budget, resources or the volume of accounts prevent telephone efforts.

Varying the communication techniques, changing the appearance of each mailing and customizing the specific details of the communication to the customer’s unique situation may also accelerate and increase the response rate. Proper documentation is critical–banks should retain all correspondence for control and audit purposes.

The key to preventing unnecessary escheatment is being proactive long before the state dormancy periods begin. These methods will help banks reduce the cost of compliance and retain assets and customers.

How Spreadsheets Add Risk to Construction Lending


lending-4-11-19.pngMillennials are entering the housing market with a force, yet low inventory across the country is stalling their dreams of homeownership. Now is the time for lenders to either begin or ramp up their construction loan programs. These niche loan products are a great addition to any book of business, but to be successful you have to be able to manage and service the loan after it closes.

Post close actions have traditionally been done with spreadsheets. This method, while fairly understood, is actually limiting and prone to formula errors. Additionally, spreadsheets naturally reach a tipping point in a team’s ability to scale and share reportable data with management and others in the organization. This puts loan completion in jeopardy and creates more risk to the lender.

The Limits of Spreadsheets to Manage Construction Lending
Spreadsheets can only do what they are designed to do—no more and no less. As your program grows, you are bound to reach the point where a spreadsheet is no longer functionally efficient and becomes a risky way to manage your pipeline.

  • Limited Visibility Into the Life of the Loan: Each loan has many different data points and touches over time, and housing them in a spreadsheet is basically burying important and vital information every time the loan is touched. It’s nearly impossible to see history, anticipate the future—and most importantly, clearly see problems before they arise. Spreadsheets force a reactive instead of a proactive method, which means a lender who is using spreadsheets is always playing catch-up.
  • No Reporting: Can you open up the spreadsheet right now and easily and accurately report on the pipeline, draw reports or consultant reports? The answer is probably no. And what do you do when you need to produce 1098 or 1099 reports? How do spreadsheets support these requirements? Getting your 1098s or 1099s from spreadsheets is a tedious, manual process prone to error. If you have a good quantity of construction loans, this is a large undertaking, and is difficult to scale. As you consider spreadsheets, consider the additional work that those spreadsheets will cost you over time.
  • A Finite Number Of Loans One Person Can Manage: Spreadsheets require a lot of time to properly manage one loan, and we have found that dedicated and experienced construction loan administrators can typically manage 35 to 50 loans using spreadsheets at one time. Any more than this usually adds to poor customer service.
  • Drains In-house Resources: If your program is doing well and your origination volume is growing, team members are limited in scale before a new hire must be acquired to take on more loans. Throwing bodies at the problem is not the best solution.
  • Location, Location, Location: Spreadsheets, no matter if they are stored on the cloud or on desktops, are still accessed by individual devices. You are now limited to these single failure points. What are the implications of losing this data, or the individual that knows how it works?
  • No Tracking: A spreadsheet does not offer tracking, task automation, complaint management, event monitoring, risk analysis and draw validations to ensure that the loan is meeting all of its milestones and risk requirements. As a workaround, lenders turn to the sticky note to help them keep track of important dates and actions. We all know the ineffective nature of this system, especially as key factors such as deadlines for draws, inspections, liens or permit expirations often get lost in the sticky note shuffle.
  • No Compliance Monitoring: Spreadsheets cannot keep you in compliance with government regulations, state statutes, loan program requirements, internal compliance, in-house policies/procedures or industry best practices. In order to maintain strict compliance, spreadsheets require constant vigilance. This may be their biggest limitation.

If Not Spreadsheets, Then What?
Spreadsheets just don’t cut it for construction loan management. Lenders who want to increase revenue while adding fewer additional resources need a digital construction loan management solution. Digital solutions reduce risk, improve efficiencies, allow scale and provide a better customer experience. Not to mention it keeps track of every small, yet critical, part of the construction loan. Never again will you be questioning if you are over-dispersing funds. Digital solutions, especially those that are cloud-based, can alleviate all the limitations of spreadsheets and the tipping point will be a thing of the past. Once you are running on this new level, you can bring more revenue and smart growth to your organization.

Applying the 1-10-100 Rule to Loan Management


data-4-2-19.pngImplementing new software may seem like an expensive and time-consuming challenge, so many financial institutions make do with legacy systems and workflows rather than investing in robust, modern technology solutions aimed at reducing operating expenses and increasing revenue. Unfortunately, banks stand to lose much more in both time and resources by continuing to use outdated systems, and the resultant data entry errors put institutions at risk.

The Scary Truth about Data Entry Errors
You might be surprised by the error rates associated with manual data entry. The National Center for Biotechnology Information evaluated over 20,000 individual pieces of data to examine the number of errors generated from manually entering data into a spreadsheet. The study, published in 2008, revealed that the error rates reached upwards of 650 errors out of 10,000 entries—a 6.5 percent error rate.

Calculating 6.5 percent of a total loan portfolio—$65,000 of $1 million, for example—produces an arbitrary number. To truly understand the potential risk of human data entry error, one must be able to estimate the true cost of each error. Solely quantifying data entry error rates is meaningless without assigning a value to each error.

The 1-10-100 Rule is one way to determine the true value of these errors.

The rule is outlined in the book “Making Quality Work: A Leadership Guide for the Results-Driven Manager,” by George Labovitz, Y.S. Chang and Victor Rosansky. They posit that the cost of every single data entry error increases exponentially at subsequent stages of a business’s process.

For example, if a worker at a communications company incorrectly enters a potential customer’s address, the initial error might cost only one dollar in postage for a wrongly-addressed mailer. If that error is not corrected at the next stage—when the customer signs up for services—the 1-10-100 Rule would predict a loss of $10. If the address remains uncorrected in the third step—the first billing cycle, perhaps—the 1-10-100 Rule would predict a loss of $100. After the next step in this progression, the company would lose another $1,000 due to the initial data entry error.

This example considers only one error in data entry, not the multitude that doubtlessly occur each day in companies that rely heavily on humans to enter data into systems.

In lending, data entry goes far beyond typos in customers’ contact information and can include potentially serious mistakes in vital customer profile information. Data points such as social security numbers and dates of birth are necessary to document identity verification to comply with the Bank Secrecy Act. Data entry errors also lead to mistakes in loan amounts. A $10,000 loan, for example, has different implications with respect to compliance reporting, documentation, and pricing than a $100,000 loan. Even if the loan is funded correctly, a single zero incorrectly entered in a bank’s loan management system can lead to costly oversights.

Four Ways Data Entry Errors Hurt the Bottom Line
Data entry errors can be especially troublesome and costly in industries in which businesses rely heavily on data for daily operations, strategic planning, risk mitigation and decision making. In finance, determining the safety and soundness of an institution, its ability to achieve regulatory compliance, and its budget planning depend on the accuracy of data entry in its loan portfolios, account documentation, and customer information profiles. Data entry errors can harm a financial institution in several ways.

  1. Time Management. When legacy systems cannot integrate, data ends up housed in different silos, which require duplicative data entry. Siloed systems and layers of manual processes expose an institution to various opportunities for human error. The true cost of these errors on an employee’s time—in terms of wages, benefits, training, etc.—add up, making multiple data entry a hefty and unnecessary expense.
  2. Uncertain Risk Management. No matter how many stress tests you perform, it is impossible to manage the risk of a loan portfolio comprised of inaccurate data. In addition, entry errors can lead to incorrectly filed security instruments, leaving a portfolio exposed to the risk of insufficient collateral.
  3. Inaccurate Reporting. Data entry errors create unreliable loan reports, leading to missed maturities, overlooked stale-dates, canceled insurance and other potentially costly oversights.
  4. Mismanaged Compliance. Data entry errors are a major compliance risk. Whether due to inaccurately entered loan amounts, file exceptions, insurance lapses or inaccurate reporting, the penalties can be extremely costly—not only in terms of dollars but also with respect to an institution’s reputation.

Reduce Opportunities for Human Error
An institution’s risk management plan should include steps intended to mitigate the inevitable occurrence of human error. In addition to establishing systems of dual control and checks and balances, you should also implement modern technologies, tools, and procedures that eliminate redundancies within data entry processes. By doing so, you will be able to prevent mistakes from happening, rather than relying solely on a system of double-checking.