2018 Risk Survey: Technology’s Impact on Compliance

Written by


regtech-3-19-18.pngIn addition to better meeting the needs of consumers, technology’s promise often revolves around efficiency. Banks are clamoring to make the compliance function—a significant burden on the business that doesn’t directly drive revenue—less expensive. But the jury’s out on whether financial institutions are seeing greater profitability as a result of regtech solutions.

In Bank Director’s 2018 Risk Survey, 55 percent of directors, chief executive officers, chief risk officers and other senior executives of U.S. banks above $250 million in assets say that the introduction of technology to improve the compliance function has increased the bank’s compliance costs, forcing them to budget for higher expenses. Just 5 percent say that technology has decreased the compliance budget.

Regtech solutions to comply with the Bank Secrecy Act, vendor management and Know Your Customer rules are widely used, according to survey respondents.

Accounting and consulting firm Moss Adams LLP sponsored the 2018 Risk Survey, which was conducted in January 2018 and completed by 224 executives and board members. The survey examines the risk landscape for the banking industry, including cybersecurity, credit risk and the impact of rising interest rates.

Fifty-eight percent say that the fiscal year 2018 budget increased by less than 10 percent from the previous year, and 26 percent say the budget increased between 10 and 25 percent. Respondents report a median compliance budget in FY 2018 of $350,000.

Additional Findings

  • Cybersecurity remains a top risk concern, for 84 percent of executives and directors, followed by compliance risk (49 percent) and strategic risk (38 percent).
  • Respondents report that banks budgeted a median of $200,000 for cybersecurity expenses, including personnel and technology.
  • Seventy-one percent say their bank employs a full-time chief information security officer.
  • Sixty-nine percent say the bank has an adequate level of in-house expertise to address cybersecurity.
  • All respondents say that their bank has an incident response plan in place to address a cyber incident, but 37 percent are unsure if that plan is effective. Sixty-nine percent say the bank conducted a table top exercise—essentially, a simulated cyberattack—in 2017.
  • If the Federal Reserve’s Federal Open Market Committee raises interest rates significantly—defined in the survey as a rise of 1 to 3 points—45 percent expect to lose some deposits, but don’t believe this will significantly affect the bank.
  • If rates rise significantly, 45 percent say their bank will be able to reprice between 25 and 50 percent of the loan portfolio. Twenty-eight percent indicate that the bank will be able to reprice less than 25 percent of its loan portfolio.
  • One-quarter of respondents are concerned that the bank’s loan portfolio is overly concentrated in certain types of loans, with 71 percent of those respondents concerned about commercial real estate concentrations.

To view the full results to the survey, click here.

Avoiding Hot Water: Complying with Regulation O

Written by


regulation-3-14-18.pngIf a director wants to get into hot water—and their financial institution as well—violating Regulation O is a good place to start. It’s “one of the three things that makes bank examiners see red,” says Sanford Brown, a partner at the law firm Alston & Bird (the other two being the violation of lending limits and noncompliance with Regulation W, which governs transactions between a member bank and its affiliates). Designed to prevent insider abuse and ensure the safety and soundness of the bank through good lending practices, it’s a violation that examiners have zero tolerance for, and often results in a civil money penalty, adds Brown. It’s no wonder that bank directors often err on the side of caution when it comes to compliance with the rule.

Regulation O “governs any extension of credit made by a member bank to an executive officer, director or principal shareholder of the member bank, of any company of which the member bank is a subsidiary, and of any other subsidiary of that company.” Loans made to covered individuals, or businesses that these individuals have an interest in, must be made on par with what any other bank customer would receive, with the same terms and underwriting standards. The covered loans are subject to the bank’s legal lending limits, and the aggregate credit for all covered parties cannot exceed the bank’s unimpaired capital and unimpaired surplus. The extension of credit must be approved by the majority of the board, with the affected person abstaining from the discussion. Executive officers are limited further and may only receive credit to finance their child’s education, and to purchase or refinance a primary residence.

Essentially, Regulation O ensures that directors, officers and principal shareholders aren’t treating the institution like their own personal piggy bank. But directors also want to drive business to their bank. “Most directors want to know where [the] line is and stay away from it, but some believe that their job is to drive all the business they can to the bank, and that’s one of the things that great directors do,” says Brown. “But do it right.” Here are a few things to keep in mind to avoid compliance gaps in Regulation O.

Know Who All Are Affected
“With all the various corporate structures that banks can have, having a strong process for the identification of covered individuals is the No. 1 thing a bank can do to help the compliance process,” says Asaad Faquir, a director at RSK Compliance Solutions, a regulatory compliance consultant.

Under Regulation O, “executive officers” are defined as bank employees that participate, or are authorized to participate, in major policymaking functions—regardless of that person’s title within the organization. This generally includes the president, chairman of the board, cashier, secretary, treasurer and vice presidents. There can be some grey area as to which officers are covered under Regulation O, and some banks provide a broader definition than the rule requires to ensure compliance.

Principal shareholders are defined as those that own more than 10 percent of the organization. The definition of director, as a general rule, doesn’t include advisory directors.

An ill-defined population for Regulation O can raise the risk of noncompliance with the rule, says Tim Kosiek, a partner with the accounting and advisory firm Baker Tilly. The law is relatively black-and-white, as legislation goes, but the holdings of bank directors and principal shareholders can be complex, which heightens the compliance challenge. Banks should not only identify the officers, directors and principal shareholders covered by the law, but also family and business interests. The bank’s governing policy should define that process, and indicate how often it will be reviewed, he says.

Covered individuals are required to prepare an annual statement of related interests, and Brown says this is an area where a well-meaning director can easily trip up. “Full disclosure of every business relationship that the director has is critical. And it’s a pain—some of these people really do have their fingers in lots of pies,” he says. These interests should be communicated throughout the organization, to ensure that a loan officer doesn’t unintentionally conduct business as usual with a company that has a relationship with a covered individual.

If the terms of a covered loan are modified, the modification should go back through the bank’s Regulation O process, says Kosiek. And if a director acquires an interest in a company with a preexisting credit relationship with the bank, that should also be reviewed due to the director’s involvement.

Document Everything
A director, officer or principal shareholder must ensure that he or she is seen as having no influence on the process for the approval of a loan in which the covered individual has any interest. It’s a good practice for the affected director to just leave the boardroom before the related loan is discussed, says Faquir. “It protects the directors themselves, it protects the institution, and it’s a cleaner process.” He provides one example where a director explained to the board his own involvement in a loan, and then recused himself—with the good intention of being transparent about the process. From the point of view of the bank’s regulator, however, this was perceived as influencing the board in the loan’s approval. It’s best for the recusal to be immediate, so the regulators, upon reviewing the documentation, find no cause to believe that there was undue influence.

The law requires that each bank maintain records that identify covered parties, and document all extensions of credit to directors, principal shareholders and executive officers, to prove that the bank followed the letter of the law. “If you are to demonstrate compliance with the regulation, you have to make sure that your minutes reflect, No. 1, that the individual did not participate in the discussion” and that the rate and terms offered are the same as what would be offered to any other bank customer, says Scott Coleman, a partner at the law firm Ballard Spahr. Document the credit analysis to ensure the loan received the appropriate terms and underwriting standards. The board should also deliberate annually on who is covered by Regulation O, particularly which officers are involved in policymaking. Recordkeeping in this case can help address questions that come up in an exam, says Coleman.

Handle Violations Proactively
Mistakes can happen, so pay attention to quarterly loan reports. A director may find that a business she is involved in but doesn’t run daily received a loan from the bank. Own the error and make it right by disposing of the loan. Assuming it’s a good loan—which it should be—pay it off in full, at no loss to the bank, and move it to another (unconnected) bank. “That’s the easiest way to remedy it, and to show that there were systems in place to prevent these sorts of things from happening, [and] it just was an honest mistake,” says Brown.

Coleman recommends that banks self-report inadvertent infractions, as the penalties are likely to be less severe. “Contact [the regulator], indicate what was discovered, how the error was made, how the error was corrected and what the bank intends to do in the future to monitor Reg O,” he says.

More serious Regulation O violations can suggest to regulators that other abuses are occurring, and they may go looking for larger problems, adds Coleman. And a violation will almost certainly result in civil money penalties, for the covered individual as well as the board that approved the loan or the loan officer responsible for underwriting the loan. In extreme cases where a violation was seen as intentional, there can be criminal implications in addition to the fine, says Coleman, and regulators could seek the removal of that officer.

Brown believes that regulators under the current administration will focus more on safety and soundness and less on social issues, like consumer risk. “I think the current policymakers are going to focus on where banks make money and where banks lose money, and the real risk in the balance sheet is the loan portfolio,” he says. Banks tend to fail due to bad loans or fraud, so that could mean a heightened focus on Regulation O.

Protecting Elderly Customers from Financial Abuse

Written by


regulation-2-28-18.pngRegulators across the financial services industry remain keenly focused on protecting the interests of an aging population, especially where there may be signs of diminished cognitive capacity. Banks should consider various operational and compliance measures to guard against elder financial exploitation. While bank staff are on the front lines in protecting elderly customers, bank directors play a pivotal, top-down role in emphasizing a culture of vigilance, and in defining policy and strategy to combat elder financial fraud.

Be Aware of the Problem
Frontline personnel in branches and call centers are the first and last lines of defense to prevent elder financial exploitation. These personnel are the most likely to interact with elderly clients, many of whom are more inclined to conduct their financial transactions in a branch or over the phone, rather than electronically. Conducting periodic training that highlights real-world scenarios will help personnel recognize the signs of elder financial exploitation. An additional training element that may prove beneficial, but that often goes overlooked, is educating personnel on the psychological and emotional aspects of elder fraud. A customer’s diminished cognitive capacity or potential confusion, fear or embarrassment may be central to a perpetrator’s ability to prey on an elderly client.

Empower Employees to Speak Up
Identifying signs of potential financial exploitation of elderly clients is a great start. However, it is critical that personnel escalate suspicious activity through the proper channels within the bank. Personnel may be reluctant to follow through with escalating an event that is not blatantly fraudulent, perhaps out of fear of delaying a transaction or potentially embarrassing or even angering a client. However, speaking up is prudent, even when in doubt.

Develop the Three Ps
Banks should develop policies, processes and procedures that are easy to understand and follow.

Policies: Clearly define your organization’s views, guidelines and stated mission with regard to elder financial fraud.

Processes: Identify the mechanisms in place to effectively carry out the bank’s stated policies. This may include pre-set withdrawal limits (either daily or monthly), disbursement waiting periods or communications with external sources, such as a trusted contact person for the client, local adult protective services (APS) or law enforcement.

Procedures: Describe the precise steps that personnel should follow to execute the identified processes. What must a teller do in the event that a withdrawal request exceeds an established limit? Who does a call center representative contact in the event of suspicious activity, and what information should be provided? What information should personnel provide to a trusted contact person? What reports must be filed with authorities?

Report Suspected Exploitation
Banks are subject to various reporting requirements at the state and federal levels that relate to suspected elder financial fraud. National banks, state banks insured by the Federal Deposit Insurance Corp. and other financial institutions must file a suspicious activity report (SAR) with the Financial Crimes Enforcement Network (FinCEN) upon detection of a known or suspected crime involving a transaction. FinCEN has provided related guidance, and the electronic SAR form includes an “elder financial exploitation” category of suspicious activity. Several states’ laws and regulations also require that banks report suspected elder abuse to APS or law enforcement.

Banks may consider permitting clients to identify a “trusted contact person” that the bank may contact upon reasonable suspicion of potential exploitation. This is consistent with a March 2016 advisory from the Consumer Financial Protection Bureau (CFPB). Privacy concerns exist when disclosing customer information to a third party. However, the Gramm-Leach-Bliley Act (GLBA) permits disclosure of nonpublic personal information with customer consent. Regulation P under GLBA also grants an exception to the notice and opt-out requirements to protect against fraud or unauthorized transactions, or to comply with federal, state or local laws, rules and other applicable legal requirements. Additionally, 2013 Interagency Guidance “clarifies that reporting suspected financial abuse of older adults to appropriate local, state or federal agencies does not, in general, violate the privacy provisions of the GLBA or its implementing regulations.” A safe harbor from liability also exists for a bank that voluntarily discloses a possible violation of law or suspicious activity by filing a SAR. Bank personnel are also protected from liability in this situation.

Regulators at all levels of, and sectors within, the financial services industry continue to prioritize the interests of elderly customers, especially where there may be signs of diminished cognitive capacity. The banking community has gone to great lengths to support these efforts, and bank directors will continue to play an important role in defining internal policies and emphasizing the importance of vigilance in this area.

Nine Vendor Risk Management Tips for the Board

Written by


risk-management-7-19-17.png2017 is already proving to be a very difficult year for bank boards. While being on a board can be a rewarding experience, increasing regulatory pressures certainly don’t make the position and its corresponding responsibilities any easier.

One particular area of intense focus by the regulators is third-party risk management. Ultimately, the regulators have stated that it is your responsibility to ensure that you have a third-party risk program in place that addresses your vendors and the level of risk they pose.

Aside from potential enforcement actions and fines from the regulators, an inadequate third-party risk program can leave your institution ill-prepared or vulnerable to a host of issues. Worsening vendor financial performance could be an indicator of woes to come, such as poor customer service, bugs and issues with its system. Banks that auto-renew vendor contracts could miss a chance to re-negotiate old contracts.

Poor due diligence could mean partnering with a vendor that is damaging to your institution’s reputation. For example, if you don’t understand where customer complaints are coming from and why, regulators could question your ability to properly oversee and monitor your vendor’s performance and manage the corresponding impact on your customers.

While there will always be unforeseen issues you cannot avoid, having an effective third-party risk policy and program in place can ensure your full compliance with the guidance and help steer you to partnerships that will benefit your institution.

And, even when those unforeseen issues do occur, and they will, you’re better prepared to react in an effective and organized manner. To help, here are nine tips to keep you on the right path.

Nine Vendor Risk Management Tips for the Board

1. Read and understand the guidance from your primary regulator as it pertains to third-party risk management. There are key expectations clearly identified in the guidance and they should give you ample fodder for asking your institution’s senior management team pertinent questions.

2. Set expectations and tone from the top. Make sure that from senior management all the way to the front-line customer service representatives, everyone understands his or her responsibilities when it comes to compliance with the rules, as well as how your organization wants to handle vendor-risk management.

3. Have your vendor risk management program thoroughly reviewed for any possible deficiencies and focus on areas that are often overlooked, such as fourth-party risk management or reviewing third parties’ procedures for complaint management.

4. Automate your third-party risk program. Most institutions have already taken the steps away from Excel and other spreadsheet programs in favor of ones that help to manage a complicated network of vendors and regulatory expectations.

5. Involve your internal audit department, compliance team and counsel in evaluating the effectiveness of the vendor management program.

6. Strongly consider making vendor management directly accountable to the board or the most senior risk committee at your institution. Firmly establish its independence from the various lines of business and ensure the needs of vendor management do not fall on deaf ears. Ensure that any issues raised, whether in the course of normal business or during examinations, are promptly and thoroughly addressed.

7. Invite the head of your vendor management program to report regularly at board meetings. A standard set of reports is adequate, but make sure that any concerns or significant issues are clearly called out and reflected in the minutes of the meetings.

8. Ensure those involved in vendor management have adequate resources, such as staffing and a high enough budget, as well as ample training and experience to do the job well. Seek outside independent expertise or outsource tasks where needed, particularly for highly technical items such as business continuity plan reviews for SSAE 18 analysis, attestation standards issued by the American Institute of CPAs.

9. Ask pertinent questions and drill down when anything seems amiss. Use industry news, new regulations and enforcement actions as opportunities to view your own vendor management program through that lens and see if there are areas of concern that should be addressed.

The world of vendor management isn’t easy and your job as a director is incredibly complex and overwhelming at times. Fortunately, done well, vendor risk management can also be a significant strategic advantage, allowing you to do business with well-managed companies in a compliant and cost-efficient manner.

Resources
Venminder Library
CFPB guidance 2016-02
FDIC FIL 44 2008
OCC Bulletin 2013 29
OCC Bulletin 2017 21
FFIEC Appendix J

Filling Fraud Detection Gaps

Written by



Investment in fraud detection can be a competitive advantage, especially as real-time payments initiatives create new opportunities—and threats—for financial institutions. Luis Rojas of Bottomline Technologies explains where and how to address gaps in fraud detection, and how bank boards should examine the true costs of fraud.

Outlooks for Payments Fraud

  • How Banks Should Address Fraud Gaps
  • Dealing with Legacy Systems
  • What Boards Need to Understand

Facing Up to the Financial Technology Challenge

Written by


technology-5-18-17.pngOf all the most difficult issues that bank boards must deal with, technology may be at the top of the list. Banks have long been reliant on technology (think IBM mainframes and ATMs) to run their operations, but in recent years technology has become a primary driver of retail and small business banking strategy. This change can be tied to the growing ubiquity of digital commerce, the integration of the mobile phone into the fabric of our everyday lives, the birth of social media and its adoption as an important business and commercial channel, and the ascendency of the millennial cohort as a major factor in our economy. Technology is everywhere, it’s in everything, and that trend is only going to become more pronounced in the future.

Why do bank directors as a group struggle so much with technology? Are they just a bunch of Luddites? In all fairness, most directors are not career technologists and therefore bring only limited professional knowledge of technology to the task of board governance. But demographics are clearly a factor as well. The average age for most bank boards ranges between the early 60s to the mid-70s, and baby boomers often find themselves overwhelmed by all of the technology-driven changes they see occurring around them. And while there may be an understandable tendency to resist adapting to new technologies in their personal lives, bank directors simply must understand how technology is changing their industry, and how it is impacting their institutions.

Christa Steele is the former president and CEO of Mechanics Bank, a $3.4 billion asset bank in Richmond, California, and more recently the founder and CEO of Boardroom Consulting LLC in San Francisco, where she works closely with bank CEOs and their boards. Steele doesn’t mince words—directors must educate themselves about the changes in financial technology that are transforming their industry—and she offers some suggestions about how this can be done. The following interview has been edited for length and clarity.

BD: Why do most directors at community banks struggle so much with the topic of technology?
Scope of knowledge and lack of diversity in the boardroom. This diversity does not stop at gender, age and ethnicity. Typically, community bank boardrooms are filled with childhood friends and family. This served a purpose early on, especially when those banks were formed. However, as a bank grows and evolves, it’s important to bring in new perspectives. It’s no secret that the majority of community bank revenue models are derived from the net interest margin. Fee revenue is virtually obsolete relative to the overall operating income for most of these institutions.

So how does a bank make up for this shortfall of diversified revenue streams? Management teams and their bank boards need to take a serious look at their digital strategy and internal infrastructure. If they do not assimilate to the changes occurring in what I call this vortex of technology, they’re going to get left behind.

Fixing this starts with succession planning for the institution. We have a lot of community banks where the management teams are close to or at retirement age. Many of these leaders do not want to make necessary changes because of the threat of internal disruption, time commitment, costs and maintaining a short-term horizon. Boards are similar. Most bank boards are tired. I feel boards in general have done an exceptional job getting their arms around compliance and safety and soundness issues in the last 10 years. However, they’ve taken their eye off of the ball when it comes to marketing, digital strategy and technology initiatives. I remember hearing about a Bank Director survey a few years ago in which board members were polled and asked how many of them used their cell phones to transact. It was staggering to learn that nearly half of the respondents didn’t use their bank’s mobile channel. How are these board members supposed to understand technology trends and its impact on the financial sector and their own banks?

BD: What can directors do to become more comfortable with technology?
Get educated beyond compliance training. Attend Bank Director conferences, ask questions, talk to folks involved in financial technology, follow automation. Pay attention to what’s trending. Get connected to social media. Join LinkedIn and gain perspective on what’s going on in the United States and abroad pertaining to technology in the financial sector. See what other people are doing outside of your own market.

Change up the boardroom. Board appointment should be strategic in nature and no longer be about bringing your childhood friend or local jeweler down the street on your board. Bring in a fresh perspective. Evaluate board terms and board limits. A board that is a strategic asset to its bank should consist of expertise in marketing, cybersecurity, digital/e-commerce, financial and risk. Each of these appointments should be from outside your institution. Do not be opposed to bringing in someone younger in their 30s or 40s. By bringing in somebody younger, you bring in someone who is engaged in social media. Social media is where it’s at. We have banks that are interacting and partnering with Facebook. Bank of America just started letting customers transact through a universal login with Facebook where their customers can pay their mortgage payments, they can transfer money between accounts, they can do a variety of things through Facebook. The remainder of your director appointments should be former or current CEOs who provide a macro-level mindset to the ongoing challenges facing the institution.

BD: What are some of the barriers to innovation, particularly in the community bank space, around financial technology?
Lack of understanding the competitive landscape (it’s no longer just the community bank down the street), time, cost and willingness to embark upon a digital transformation. It’s a lot of heavy lifting for management, and oftentimes the board does not understand the complexities and costs associated with this endeavor. Many banks do not fully understand the technology contracts they have in place with their core providers and other technology vendors. Those contracts have them locked in for a duration of time, typically three to seven years. That is the number one barrier to making any changes. It is costly to exit existing contracts.

Many community banks are under utilizing the capability of their existing vendors. At Mechanics Bank, we went through and evaluated every vendor contract. We cut $3.5 million dollars out of our budget in a single calendar year through renegotiating, exiting and forming new relationships with vendors. We found we were paying for services we did not need and paying for services we weren’t using but should be using. This is the first step in embarking upon a new digital strategy.

I highly encourage bank boards to have a refresher course on how a bank operates using a bank simulation model. Each board member picks a role of CEO, CFO, senior credit officer, etc. and has to manage a bank’s funding, pricing, growth, capital requirements, loan loss provisions and so on. This is not only a great team-building exercise and will provide for a greater appreciation of the day-to-day management team of the bank, it will also set a solid foundation for discussing what is needed in the way of technology innovation to run the bank going forward.

Evaluate what you have, get educated on what’s trending, then decide what you need. Do not be the retailer that gets eaten alive by Amazon Prime. Be proactive instead of reactive to the changing needs of your customer base.

BD: Are the major cores an impediment to innovation?
I wouldn’t say impediment. There is no doubt that the big three core technology providers have a stronghold. But they are looking to innovate as well. Their biggest attribute is size and scale. Their biggest downfall is they are a slow-moving ship coming in and out of port. The long and the short of it is, you’re not going to get rid of your core provider. I feel it’s become increasingly important to be better partners with your core. When banks push for some kind of innovation, the cores typically say they’re planning on doing that two years from now. That is when the banks get irritated and push for needing it now but do not want to have to pay for a custom project. That is the frustrating part for the bankers, but the bankers need to help the core understand their needs. I am a firm believer in more outsourcing and in banks becoming nimble. This takes time but is achievable and necessary in this day and age.

BD: When we think about the technology challenges that banks face today and how the board should engage in finding solutions, does it really boil down to a people issue?
Yes, it is that simple. There are a lot of community banks that just refuse to think that financial technology innovation is impacting them. CEOs and directors need to have an open mind and be willing to learn something new. If you understand your digital strategy, you understand your technology strategy and you understand what’s going on around you—guess what, all of the sudden your board is engaged, and it’s going to make your company perform better.

M&A Readiness: Making Sure Your Bank Can Do Acquisitions

Written by


acquisitions-5-10-17.pngWith many financial institutions benefiting from increased stock values and renewed optimism following the November election, merger activity for community banks is on the uptick. Successful acquirers must remain in a state of readiness to take advantage of opportunities as they present themselves.

Whether a prolonged courtship or a pitch book from an investment banker, deals hardly, if ever, show up when it is most convenient for a buyer to execute on them. As a result, buyers need to develop a plan as to what they want, where they want it and what they are willing to pay for it, long before the “it” becomes available. M&A readiness equates to the board of directors working with management to have a well-defined M&A process that includes the internal and external resources ready to jump in to conduct due diligence, structure a transaction and map out integration. Also, M&A readiness requires that buyers have their house in order, meaning that their technology is scalable, they have no compliance issues and the capital is on hand or readily available to support an acquisition.

Technology. In assessing the scalability of an institution’s technology for acquisitions, a buyer should review its existing technology contracts to see if it has the ability to mitigate or even eliminate termination fees for targets that utilize the same core provider. Without this feature, some deals cannot happen due to the costs of terminating the target’s data processing contracts. Cybersecurity is another key element of readiness. As an institution grows, its cybersecurity needs to advance in accordance with its size. Buyers need to understand targets’ cybersecurity procedures and providers in order to ensure that their own systems overlap and don’t create gaps of coverage, increasing risk. Additionally, buyers should understand existing cybersecurity insurance coverage and the impact of a transaction on such policies.

Compliance. Compliance readiness, or lack thereof, are the rocks against which even the best acquisition plans can crash and sink. Ensure that your Bank Secrecy Act/anti-money laundering programs are above reproach and operating effectively, and that your fair lending and Community Reinvestment Act policies, procedures and practices are effective. Running into compliance issues will cause missed opportunities as the regulators prohibit any expansion activities until any issues are resolved.

Conducting a thorough review of compliance programs of a target is critical to an efficient regulatory and integration process. A challenge to overcome is the regulators’ prohibition on buyers reviewing confidential supervisory information (CSI), including exam reports as part of due diligence. While the sharing of this information has always been prohibited, the regulatory agencies have become more diligent on enforcement of this prohibition. Although it is possible to request permission from the applicable regulatory agency to review CSI, the presumption is that the regulators will reject the request or it will not be answered until the request is stale. As such, buyers should enhance their discussions with target’s management to elicit the same type of information without causing the target to disclose CSI. A simple starting point is for the buyer to ask how many pages were in the last exam report.

While stress testing may officially apply to banks with $10 billion or more in assets, regulators are expecting smaller banks to prevent concentrations of risk from building up in their portfolios. The expectation is for banks to conduct annual stress tests, particularly among their commercial real estate (CRE) loans. Because of these expectations, buyers need to know the interagency guidance governing CRE concentrations and how they will be viewed on a combined basis. Reviewing different stress-test approaches can help banks better understand the alternatives that are available to meet their unique requirements.

Capital. An effective capital plan includes triggers to notify the institution’s board when additional capital will be needed and contemplates how it will obtain that capital. Ideally, the buyer’s capital plan works in tandem with its strategic plan as it relates to growth through acquisitions. Recently the public capital markets have become much more receptive to sales of community bank stock, but this has not always been the case. In evaluating an acquisition, the regulators will expect to see significant capital to absorb the target as well as continue to implement the buyer’s strategic plan.

The increase in financial institution stock prices has increased acquisition opportunities and M&A activity since the election. Opportunistic financial institutions have plans in place and solid understandings of their own technology needs and agreements, regulatory compliance issues and capital sources. Although it sounds simple, a developed acquisition strategy will aid buyers in taking advantage of opportunities and minimizing risk in the current environment.

Handling Today’s Top Risk Challenges

Written by



Cybersecurity and compliance are the top two areas of concern for the bank executives and directors responding to Bank Director’s 2017 Risk Practices Survey, sponsored by FIS. What are the best practices that boards should implement to mitigate these risks? In this video, Sai Huda of FIS highlights the survey results and details how boards can stay proactive.

  • Cybersecurity and Compliance Gaps
  • Five Cybersecurity Best Practices
  • Three Ways to Strengthen Internal Controls

What Does 2017 Hold for the Alternative Investment Industry?

Written by


alternative-investment.png

Last year was an exciting one in the alternative investment industry, and all indications point to another great year in 2017. Here are five predictions that will dominate the industry in 2017.

1. Capital invested in private equity funds will continue to increase amidst a further decline in hedge funds
Growth in alternative investments will continue to be explosive in 2017. According to a report from Cerulli & Associates, the mean allocation of alternative investments is still less than 5 percent of overall assets. Depending on the industry source, the general guidance is that the ideal allocation should be in the 15 percent to 25 percent range, signaling that there is a lot more room to grow.

Nowhere has that growth been more evident than in private equity funds, which have increased dramatically over the past few years. Assets have risen from $30 billion in 1995 to around $4 trillion in 2015. This growth will continue, as 64 percent of limited partners plan to increase their allocation to private equity funds, which is up from 26 percent just five years ago.

Hedge funds, on the other hand, have struggled as poor performance compounded by high fees resulted in large outflows in 2016.

2. Regulatory and compliance pressures will continue to increase even under a Trump administration
Regulatory and compliance pressures have been a dominant factor in the alternative Investment industry (and especially among hedge funds) for several years now. While some industry leaders are optimistic that a loosening of regulations will occur under the new Trump administration, the trend toward more transparency will continue to grow.

Study after study shows the impact of mounting regulatory and compliance pressures. Here are two reports that paint a clear picture:

  • In a Longitude Research study last year more than 50 percent of fund administrators predicted that the need to keep up with regulation would have the greatest impact on their activities over the following three years.
  • A report from Linedata showed regulatory and compliance being the chief concern facing fund administrators and fund managers alike.

3. Technological capabilities will become as important for fund administrators as accounting capabilities
Fund administrators are traditionally thought of as providers of accounting services. Technology was mostly thought of as internal plumbing, and the decisions made about the use of technology were often left in the hands of an IT department, with little senior-level involvement.

It’s safe to say that those days are over. This year we will see the further emergence of technology as an integral capability for any fund administrator—on par with the importance of their accounting capabilities.

Fund administrators rely on technology to give them the data, reporting and understanding needed to satisfy the evolving needs of their clients and investors. In fact, nine out of 10 fund administrators plan to invest in technology in the next three years.

4. Consolidation will continue to increase in the fund administration business
Competition in the fund administration industry is intense. This is being driven by the explosion in capital being invested, the increasing demands for regulatory transparency, and the economies of scale needed to effectively compete in a low-margin business. No metric shows this better than the one reported by Preqin that 28 percent of fund administrators have been fired by their clients in the past 12 months.

The trend toward consolidation has escalated significantly in the past two years. While this can be good news for the largest of funds that can afford the services of the largest of fund administrators, this consolidation is likely bad news for both mid-market fund managers and mid-market fund administrators.

5. Fund administrators will become a bigger force in private equity and real estate funds, as well as with family offices
The use of fund administrators is pretty much a requirement for hedge funds, as evidenced by the outsourcing to fund administrators increasing from 50 percent in 2006 to 81 percent in 2013. This dynamic really started taking shape in the wake of the Bernie Madoff scandal, which showed the perils of a lack of validation and supervision within the industry.

In comparison, fund administrators are under-penetrated in private equity and real estate funds, with estimates showing fund administrator penetration at around 30 percent of assets under management today. However, this is expected to increase 45 percent by 2018.

The same conditions that drove the shift to fund administrators in the hedge fund space affect private equity and real estate funds as well. Just as happened with investors in hedge funds, investors in private equity and real estate funds are demanding third-party validation of assets and performance. Regulatory pressures are already having an impact on general partners of private equity and real estate funds.

Although occurring more slowly, the need to turn to fund administrators is also happening in the single and multi-family office space thanks to an increasing rate of wealth and investments in ever more complicated asset types.

Why a Compliance Mindset Is Hurting Community Banks

Written by


risk-management-1-20-17.pngCommunity banks are wasting money on compliance. They are spending more than ever, hiring additional risk officers, internal auditors, compliance officers, vendors and consultants. They are checking every box and fulfilling every mandate. And they are doing it all wrong.

A recent study by the supervision division at the Federal Reserve Bank of St. Louis found that spending more on compliance isn’t leading to higher regulatory ratings for the smallest community banks. It isn’t elevating the bank’s regulatory management scores, or positioning banks for success.

That’s because having a compliance mindset is a recipe for mediocrity, no matter the size of the bank. The banks that will earn the most leeway with regulators—and maximize value for shareholders—will naturally implement and utilize the tools and processes that are a prerequisite for compliance as a critical function of their strategic and capital planning processes.

When that happens, compliance becomes a mere afterthought; something that is more icing on a cake that doesn’t need icing to begin with. This type of approach is actually easy to execute. You don’t need expensive, overrated and highly misleading black-box models and software. You don’t need an entire department dedicated toward enterprise risk management.

What you do need is a cultural mindset, which starts with the CEO and the board of directors. They must change the outlook in the bank so that risk management tools are used to play offense, not defense. These proactive and forward-looking tools enable the team to see problems before they materialize. The CEO can then position the bank to gain a competitive edge, while its competitors (from both an operational and capital markets perspective) get blindsided.

I participated in a recent regulatory panel with the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. The topic was how best to manage commercial real estate concentrations. Part of the discussion revolved around the role of stress testing, which can be critical to showing examiners that a bank has enough capital to handle a risky portfolio.

Stress testing is a great tool for the job, but it’s a tool, not the job. Banks that simply submit stress tests to regulators as evidence that they can manage a loan portfolio aren’t going to get what they want.

Instead of viewing stress tests as an end game, bank CEOs need to think of them as tools to provide insights. Reports must be discussed at the board level and understood by the highest levels of management. And then the bank must adjust its strategy if the tests show a potential problem. This lesson applies to much more than concentrations. The results of adequate stress testing offer a strategic guide to capital planning, M&A and more.

The trick to compliance is to not treat it as a compliance exercise. It must be an integral part of strategic planning. A CEO cannot give a stress test to the chief risk officer and say, “Make the problem go away.” CEOs must look at the results, understand them and use them to adjust their strategic thinking. If organic growth is not working, the proper analytics can guide the executive team’s strategic course toward a merger or acquisition.

A funny thing happened when I began talking about this compliance mindset on the recent regulatory panel. The regulators nodded their heads in agreement.