Tackling Credit Risk Uncertainty Head On

I’ve spoken to many bankers lately who know, intuitively, that “the other credit-quality shoe” will inevitably drop.

Despite federal stimulus initiatives, including the latest round of Paycheck Protection Program loans from the Small Business Administration, temporary regulatory relief and the advent of coronavirus vaccines and therapies, bankers realize that so-called credit tails always extend longer than the economic shocks that precipitate changing credit cycles. Although the Wall Street rebound has dominated U.S. business news, commercial bank credit lives on Main Street — and Main Street is in a recession.

During the Great Recession, the damaging impact on bank portfolios was largely focused on one sector of the housing industry: one-to-four family mortgages. Unlike that scenario, coronavirus’ most vexing legacy to bankers might be its effect throughout multiple, disparate businesses in loan portfolios. Bankers must now emphasize dealing with borrowers’ survivability than on growing their investment potential. Government actions during the pandemic averted an economic calamity. But they’ve also masked the true nature of credit quality within our portfolios. These moves created unmatched uncertainty among bank stakeholders — anathema to anyone managing credit risk.

Even amid the industry’s talk of renewed merger and acquisition activity this year, seasoned investment bankers bemoan this level of ambiguity. The temptation to use 2020’s defense that “it’s beyond our control” likely won’t cut it in 2021. All stakeholders — particularly regulators — will expect and demand that banks write their own credible narrative quantifying its unique credit risk profile. They expect bankers to be captain of their ships.

Effectively reducing uncertainty — if not eliminating it — will be priority one this year in response to those expectations. The key to accomplishing this goal will lie largely with your bank’s idiosyncratic, non-public loan data. Only you are privy to this internal information; external stakeholders and peers see your bank through the lens of public data such as call reports. In order to address this concern, I advise bankers to take five steps.

Recognize the trap of focusing on the credit metrics of the portfolio in its entirety.
While tempting, an overall credit perspective can miss the divergent economic forces at work within subsets of the portfolio. For every reassurance indicating that your bank’s credit is  performing well on the whole, there’s the caveat of focusing on the forest while the trees may show patches of trouble.

Create portfolio subsets to identify, isolate credit hotspots.
Employ practical and affordable tools that allow your credit team to identify potential credit hotspots with the same analytical representations you’d use in evaluating the total portfolio. For instance, where do bankers see the most problematic migrations within pass-rated risk grades? What danger signs are emerging in particular industries? Concentrated assessments of portfolio subsets are far more informative and predictive compared to the bluntness of the regulatory guidance on commercial real estate lending.

Drill down into suspect or troubled borrowers.
Any tool or analysis that provides aggregated trends, even within portfolio subsets, should produce an inventory of loans that make up those trends. Instantly peeling the onion down to the borrowers of most potential concern connects the quantitative data to qualitative issues that may need urgent attention and management.

Adopt an alternative servicing process for targeted loans.
These are not ordinary times. Redirecting credit servicing strategies to risk hotspots will prove beneficial. Regulators rightfully hold banks accountable for their policies; I recommend nuanced and enhanced servicing, stress testing and loan review protocols. And accordingly, banks should consider appropriate adjustments to their written procedures, as needed.

Write your own script for all of the above — the good and bad.
All outside stakeholders, especially regulators, must perceive banks as the experts on their credit risk profile. The above steps should enable banks, credibly, to write these scripts.

There is a proven correlation between the early detection of credit problems and two desired outcomes: reduced levels of loss and nonperformance, and greater flexibility to manage the problems out of the bank. Time is of the essence when ferreting out stressed credits. The magnitude of today’s credit uncertainties adds to the challenge of realizing this maxim — but they can be overcome.

IntelliCredit will present as part of Bank Director’s Inspired By Acquired or Be Acquired, an online board-level intelligence package for members of the board or C-suite. This live session is titled “How Best To Deal With 2021 Credit Uncertainties” and is February 9 at 2:00pm EDT. Click here to review program description.

New Pandemic Safety and Soundness Standards for Banks

In June, financial regulators jointly issued “Interagency Examiner Guidance for Assessing Safety and Soundness Considering the Effect of the COVID-19 Pandemic on Institutions.” In addition to existing rating systems such as CAMELS, examiners will also assess management’s responsiveness to Covid-19 stresses. With this in mind, CLA is offering financial institutions our interpretation of, and key takeaways from, the guidance.

Asset quality
Asset quality will be a primary focus for all examiners. Safety and soundness exam standards have not changed despite the impacts of Covid-19. Assess and document the changing risk in your loan portfolio and appropriately respond with necessary changes to policies, procedures and programs that help customers, borrowers and communities.

Credit classification and credit risk review
The rise in credit risk due to the pandemic is widespread; no community or financial institution is untouched. As such, the June guidance emphasizes that you should reevaluate assigned credit ratings on the regulatory credit risk rating scale to assess if a change is necessary due to coronavirus-related challenges.

An objective credit risk review will help validate assigned ratings and eliminate “surprises” that could occur during your regulatory examination. In May, regulators released the “Interagency Guidance on Credit Risk Review Systems” and re-emphasized the fundamental concept of an independent credit risk review, which echoes the significance of the process at a critical time.

Credit modifications
Regulators continue to emphasize their support for banks working prudently with borrowers through the pandemic. In August, the Federal Financial Institutions Examination Council explored the need for additional accommodations for certain borrowers via loan modifications. While working with borrowers, banks should obtain current financial information to assess the viability of additional accommodations. Establishing and documenting a systematic approach to loan modifications is prudent and shows what, if any, considerations are being made to the credit risk rating as multiple modifications continue.

Earnings
Despite strong earnings in recent years, the guidance clearly communicates a distinct possibility that bank core earnings could be reduced by the pandemic. Analyze the pandemic’s impact on your current year earnings, how it will detract or enhance your earnings potential, and document accordingly.

Capital
Strong capital and a well-developed plan lead to enhanced viability. Loan growth, deposit growth, and inflows from government stimulus have happened quickly, without an opportunity to fully assess the capital impact. Regulators have even encouraged the use of capital buffers to promote lending activities. Given the pandemic-related changes, updating your capital plan and previously established limits and triggers is essential. Additionally, a current assessment of your overall risk profile and forecasted risks allows you to develop relevant strategies that address risk in your capital.

Liquidity
Most financial institutions have been liquid since the last recession, with less dependency on third parties for funding. Also, as happened during the last recession, there has been an inflow of funds from consumer savings due to economic uncertainty. The guidance readily admits liquidity profiles for financial institutions remain uncertain due to the coronavirus; yet, amid the uncertainty, expectations to employ smart strategies remain — which only places greater emphasis on your overall funding strategy and contingency plans.

Sensitivity to market risk
Earnings and capital evaluations require an assessment of sensitivity to market risk, primarily in the form of interest rate risk. Reassess your asset liability management (ALM) policies and related models to address changes that have occurred to your interest rate risk profile. Decipher between risks that are temporary and risks that will have longer-term effects.

These points will impact assumptions and data incorporated in ALM models, including the impact of loan modifications, payment timing and deposit growth. Additionally, stress testing models are important tools during the pandemic. Incorporate stress scenarios such as fluctuations in unemployment and the impact of possible future shutdowns to manage your risk. Like credit review, banks should strongly consider engaging independent verification of these models to confirm integrity, accuracy and reasonableness.

Management
Management should serve as the driving navigational force during this time of uncertainty. The guidance specifically states examiners will evaluate management’s actions in response to the pandemic. Management can demonstrate responsiveness by fostering open lines of internal communication on a day-to-day basis, and by engaging with the board of directors to obtain a different perspective that could enhance your risk assessment process. Prioritize documentation, which includes an assessment of what policies, procedures and risk assessments need to be revised based on decisions made in response to the pandemic.

Beware Third-Quarter Credit Risk

Could credit quality finally crack in the third quarter?

Banks spent the summer and fall risk-rating loans that had been impacted by the coronavirus pandemic and recession at the same time they tightened credit and financial standards for second-round deferral requests. The result could be that second-round deferrals substantially fall just as nonaccruals and criticized assets begin increasing.

Bankers must stay vigilant to navigate these two diametric forces.

“We’re in a much better spot now, versus where we were when this thing first hit,” says Corey Goldblum, a principal in Deloitte’s risk and financial advisory practice. “But we tell our clients to continue proactively monitoring risk, making sure that they’re identifying any issues, concerns and exposures, thinking about what obligors will make it through and what happens if there’s another outbreak and shutdown.”

Eight months into the pandemic, the suspension of troubled loan reporting rules and widespread forbearance has made it difficult to ascertain the true state of credit quality. Noncurrent loan and net charge-off volumes stayed “relatively low” in the second quarter, even as provisions skyrocketed, the Federal Deposit Insurance Corp. noted in its quarterly banking profile.

The third quarter may finally reveal that nonperforming assets and net charge-offs are trending higher, after two quarters of proactive reserve builds, John Rodis, director of banks and thrifts at Janney Montgomery Scott, wrote in an Oct. 6 report. He added that the industry will be closely watching for continued updates on loan modifications.

Banks should continue performing “vulnerability assessments,” both across their loan portfolios and in particular subsets that may be more vulnerable, says James Watkins, senior managing director at the Isaac-Milstein Group. Watkins served at the FDIC for nearly 40 years as the senior deputy director of supervisory examinations, overseeing the agency’s risk management examination program.

“Banks need to ensure that they are actively having those conversations with their customers,” he says. “In areas that have some vulnerability, they need to take a look at fresh forecasts.”

Both Watkins and Goldblum recommend that banks conduct granular, loan-level credit reviews with the most current information, when possible. Goldblum says this is an area where institutions can leverage analytics, data and technology to increase the efficiency and effectiveness of these reviews.

Going forward, banks should use the experiences gained from navigating the credit uncertainty in the first and second quarter to prepare for any surprise subsequent weakening in credit. They should assess whether their concentrations are manageable, their monitoring programs are strong and their loan rating systems are responsive and realistic. They also should keep a watchful eye on currently performing loans where borrower financials may be under pressure.

It is paramount that banks continue to monitor the movement of these risks — and connect them to other variables within the bank. Should a bank defer a loan or foreclose? Is persistent excess liquidity a sign of customer surplus, or a warning sign that they’re holding onto cash? Is loan demand a sign of borrower strength or stress? The pandemic-induced recession is now eight months old and yet the industry still lacks clarity into its credit risk.

“All these things could mean anything,” Watkins says. “That’s why [banks need] strong monitoring and controls, to make sure that you’re really looking behind these trends and are prepared for that. We’re in uncertain and unprecedented times, and there will be important lessons that’ll come out of this crisis.”

Is Your Bank Ready for Loan Review 2.0?

Lending institutions face unique challenges in 2020.

Leading up to 2020, regulators and industry professionals voiced growing concerns related to the easing of underwriting, prolonged increasing of commercial real estate values, risk tolerance complacency, and how much longer the good times could continue — which the ongoing public health crisis answered.

Covid-19 propelled businesses and borrowers into a liquidity crisis like most have never experienced. Economists already have identified the start of a recession, but many lending institutions find themselves determining if — or when — the liquidity crisis has transitioned to a credit crisis

The third and fourth quarters of 2020 will be most telling. Never has a bank’s loan review function been more important.

On May 8, interagency guidance was released on credit risk review systems. The guidance was well-timed given the pandemic but wasn’t impulsive, as the regulatory agencies began their review process in October 2019. The guidance focused on two key pieces of the puzzle needed for effective credit risk systems: a solid credit administration function and independent credit review.

The guidance highlighted the importance of a loan review policy and how it should incorporate the following areas:

  • Qualifications of credit risk review personnel.
  • Independence of credit risk review personnel.
  • Frequency of reviews.
  • Scope of reviews.
  • Depth of reviews.
  • Review of findings.
  • Communication and distribution of results.

These policy areas are highlighted to help drive a successful function that provides the right level of independent challenge to the organization on issue identification, risk rating accuracy/timeliness, policy adherence, policy depth, trends, and management effectiveness. Independently reporting these observations to the board and all stakeholders provides an in-depth independent assessment to help verify the strength of internal controls and the timeliness of grading. It also provides assurance that management’s reporting and allowance levels are reasonable.

Fast forward one month to June 2020, and loan review was top of mind for these same regulatory agencies, which released “Examiner Guidance for Assessing Safety and Soundness Considering the Effect of the COVID-19 Pandemic on Financial Institutions” (FDIC PR-72-2020). This guidance looked to address the unique challenges to consider when conducting safety and soundness assessments in these unprecedented times.

The guidance memorialized how examiners will consider the unique, evolving, and potentially long-term nature of the issues confronting institutions and exercise appropriate flexibility in their supervisory response. It speaks specifically to credit risk review (loan review) by stating the following:

Credit risk review. Examiners will recognize that the rapidly changing environment and limited operational capacity might temporarily affect an institution’s ability to meet normal expectations of loan review (such as a schedule or scope of reviews). Examiners will assess the institution’s support for any delays or reductions in scope of credit risk reviews and consider management’s plan to complete appropriate reviews within a reasonable amount of time.

Classification of credits. The assessment of each loan should be based on the fundamental characteristics affecting the collectability of that particular credit, while acknowledging that supporting documentation might be limited and cash flow projections might be highly uncertain.

Loan portfolios are a lending institution’s lifeblood. Portfolios drive earnings but also can be the largest threat to an institution’s ongoing viability. In this rapidly moving environment, it is key to have a loan review function that is up to the challenge.

Operating an effective loan review function
Large- and medium-sized financial institutions often opt to maintain an in-house loan review department. While this decision makes sense for some institutions, establishing and maintaining an effective and credible internal loan review operation can present significant challenges.

Credit department responsibilities have grown increasingly complex in recent years, not only due to regulatory demands but also because of a rapidly changing credit environment and new types of credit products. With these heightened expectations, loan review functions are being pressured by regulators and external auditors to raise the bar. Is it time to step back and assess whether your loan review function has adjusted to the changing environment and the products you offer?

Answer these questions to help take a step back and determine if your institution has a robust loan review function that not only meets the demands of the regulatory guidance but is built to meet the demands of the future as well.

Approaching Credit Management, Risk Ratings Today

As a credit risk consulting firm that supports community and regional banks, Ardmore Banking Advisors has assembled some credit risk management best practices when it comes to how executives should look at their bank’s portfolio during the coronavirus-induced economic crisis.

It is clear that the expectation of regulators is that credit risk management programs (including identification, measurement, monitoring, control and reporting) should be enhanced and adapted to the current economic challenges. Credit risk management programs require proactive actions from the first line of defense (borrower contact by loan officers), the second line of defense (credit oversight) and the third line of defense (independent review and validation of actions and risk ratings).

Boards will have to enhance their oversight of asset quality. Regulators and CPAs will be focusing on process and control, and challenge the banks on what they have done to mitigate risk. Going concern opinions on borrowers by CPAs may become widely used, which will put pressure on banks to be conservative in risk ratings.

New regulatory guidance and best practices indicate that more forward-looking, leading indicators of credit must be employed. We expect greater emphasis on borrower contact and information on liquidity and projections. These concepts are also embodied in the new credit loss and loan loss reserve model that went into effect at larger banks in the first quarter.

Many banks have used Covid-19 as an opportunity to increase their loan loss provisions, reviewing their portfolios for weaknesses in borrowers that may never recover. This evaluation will be expected by regulators during examinations; it is a good indication of forward-thinking proactive oversight by a bank’s officers and directors.

Risk Rating Approaches in the Current Climate
When it comes to risk ratings, it is not advisable for banks to automatically downgrade entire business segments. Instead, executives should scrutinize the most vulnerable segments of the portfolio that include highly stressed industries and types of loans.

Banks do not have to downgrade modifications or extensions solely because they provided relief related to Covid-19; however, the basis for extensions or modifications should be evaluated relative to the ultimate ability of the borrower to repay their loans going forward, after the short-term disruption concludes or the deferral matures.

We have observed that regulators are focusing on second deferrals and asking whether a risk rating change or troubled debt restructuring are warranted. Banks should be reviewing information on further deferrals to determine if there could be an underlying problem indicating that payment is ultimately unlikely.

Paycheck Protection Program loans do not require a downgrade; however, banks may want an independent review of PPP loans to identify any operational or reputational risk. We also recommend that current customers who received PPP loans should be evaluated for their ability to repay other loans once the short-term disruption concludes.

Credit review, the third line of defense, is typically a backward-looking exercise, after loans are already made and funded. It is predicated primarily on an independent review of the analysis of borrowers by loan officers during the first line of defense, and credit officers in the second line of defense. For over 10 years, the industry has experienced relatively good economic times. The current environment requires a more insightful assessment of the bank’s actions and the borrower’s emerging risk profile and outlook, with less reliance on past performance.

The bank should evaluate historical and recent financial information from the borrower as a predicate for evaluating the borrower’s ability to withstand current economic challenges. Executives should review any new information reported by the bank’s officers on the current condition, extensions or modifications provided and the current status of the borrower’s operations to determine if a risk rating change is necessary.

Importance of Credit Review for Banks
Banks must look carefully at risk ratings to confirm that all lines of defense have properly reviewed the borrowers, with a realistic assessment of their ultimate ability to repay the loan after any short-term deferrals, modifications or extensions due to the Covid-19 disruption. This includes an assessment of whether the action requires formal valuation of troubled debt restructuring status. The banks can then follow the current regulatory guidance that an extension or modification does not in itself require a designation as a TDR.

We believe based on our years in banking that the bank regulators will test the bankers’ response and process in the current economic downturn. They, and the CPAs certifying annual financial statements, will expect realistic credit risk evaluations and controls as confirmed by independent and credible loan reviews. Bank boards and executive management teams will be well-served by accurate loan and borrower credit risk assessment during regulatory exams and the annual financial CPA audits for 2020.

Four Questions for Three CEOs

The coronavirus pandemic has thrown the banking industry into an environment that is both rapidly changing and a prolonged grind.

The recession induced as a result of public and private response to Covid-19 has lowered the revenue outlook and increased credit risk for institutions across the country. Bankers must navigate an extraordinarily uncertain operating environment and make tough decisions. To that end, Bank Director created the AOBA Summer Series — a free, on-demand compilation of pragmatic information, honest conversations and real-world insight.  

The series goes live on Aug. 12. As a preview, we sat down (virtually) with three executives featured in the series — Chuck Sulerzyski, Jill Castilla and John Asbury — for a glimpse into where they see challenges, opportunities and inspiration. Sulerzyski is CEO of Peoples Bancorp in Marietta, Ohio, which has $5 billion in assets; Castilla is chairman and CEO of Citizens Bancshares, which has $317 million in assets and is based in Edmond, Oklahoma; and John Asbury is CEO of Richmond, Virginia-based Atlantic Union Bankshares Corp., which has $19.8 billion in assets. These conversations were conducted independently, and have been lightly edited for length and clarity.

BD: What is the biggest challenge you see for your bank?

JC: I think about businesses that aren’t able to recover as quickly and making sure that you have the tools available to get to the other side. These are unprecedented times and these businesses are struggling — not due to something they caused; it was something inflicted upon them. I think it’s going to be difficult moving through that.

JA: Navigating the credit risk implications of the Covid-19-induced recession. We remain confident in our overall asset quality, credit loss reserves, capital position and preparedness for this event. However, the duration of Covid-19 will largely determine just how great a challenge this will be. Time will tell.

CS: Maybe not in the next three months, but in the upcoming quarters, I think credit is going to be the biggest challenge, and helping our customers get through all of this. We feel good about our portfolio and its diversification. The places where we feel the most stress is in the hotel portfolio. Obviously, businesspeople aren’t traveling, and consumers are starting to travel a little more but way below normal levels. It’s very difficult for hotel operators to [meet] cash flow.

BD: What is the biggest opportunity for your bank?

JC: The biggest opportunity is continuing to be a leader and advocate, and restoring trust in financial services — both nationally as well as locally —  and being seen as a trusted advisor and a trusted advocate.

JA: The bank has demonstrated resilience, agility, courage and innovation in its response to Covid-19. We developed and launched an online portal and automated workflow system to take Paycheck Protection Program loan applications in five days because we remained agile and knew the stakes were high as our customers were counting on us. We were also quick to make difficult decisions to align our expense structure to the expected lower-for-longer rate environment, beginning in March, to ensure we emerge on the other side of Covid-19 positioned for success. Permanently ingraining these characteristics into our culture will result in an even better, stronger and more capable company.

CS: Peoples really crushed it on the PPP program. We were open for new customers and brought them in with the understanding they would become full-service customers. The biggest opportunity over the next three to six months is taking in these relatively new people and cross-selling them loans, deposits, insurance and investments. Already, we bought in over $40 million dollars of loans and deposits, and over $150,000 in fee income. 

BD: Where are you getting inspiration right now?

JC: So many places. I’m fortunate to be in a city that has diverse leadership. Whether it’s in our underrepresented and underserved communities, those leaders that have fought the odds for decades and are striving for their communities to reach higher levels and pull more out of me to be a better person, a better leader and a better businessperson, and provide access to capital and liquidity and things that. That’s been extraordinary. Seeing our leaders make hard decisions for the welfare of their communities or for the business community as well — that courage, whether I agree with the actions or not — seeing the willingness to take a stand and to stand up for something has been inspirational.

JA: Our teammates! They amaze me with their determination, resourcefulness, effort and caring for our customers and each other. Their efforts on PPP in particular were heroic.

CS: There’s much going on in the world. The healthcare workers, I’ve been touched by everything that they have done. One of my kids is a doctor, one is a nurse, and another is working on a Ph.D. in public health. All of what’s going on with healthcare workers and first responders has been very motivational. 

I know we’ve gone through a lot of social unrest, but I find inspiration in [Senator] John Lewis’ passing and everything that he stood for. I was eight years old when the Voting Rights Act was passed. It’s mind-numbing that folks of color didn’t have the opportunity to vote, and here we are, 50 years later, fighting similar fights and hopefully making progress.

BD: What has been the best thing you’ve read or watched since the pandemic began?

JC: Maybe because it’s on my mind, but the timeliness of the release of “Hamilton” [on the Disney+ streaming service]. I got to see it live in Oklahoma City a year ago; I had tickets and had waited forever to go see it. And then I got hit by a truck walking across my street two days before the show.

We ended up [seeing] the last performance before it left Oklahoma City. I’ve been really excited to see it coming back in my life a year later and in this time. The boldness of the vision to create a musical that uses a diverse cast and a difficult topic, the timeliness of the messaging and then making something accessible to everyone.

It’s the last thing I’ve seen that’s blown me away. But there’s been so many instances where someone has blown me away with something they’ve written online, an article I’ve read or a podcast I’ve listened to. This crisis is so bad, but again, you get to see this beauty of leadership, this boldness of action and constant inspiration of people stepping up and doing wonderful work.

JA: Despite having never worked longer or harder for such a sustained period of time, since Covid-19 hit I’ve read books extensively. The most impactful is “How to Be an Antiracist” by Ibram X. Kendi. It has given me a perspective on social injustice and systemic racism that I did not have before, as well as a better understanding of its root causes and what can be done about it.

CS: I’m a Yankees fan; Aaron Judge had two home runs [in the Aug. 2 game against the Boston Red Sox], and I liked that a great deal. I also think John Lewis’ obituary goodbye letter in The New York Times was the best thing that I’ve read. We shared that so that our employees could read it.

The $700 Billion Credit Question for Banks

It’s the $700 billion question: How bad could it get for banks?

That’s the maximum amount of losses that the Federal Reserve modeled in a special sensitivity analysis in June for the nation’s 34 largest banks over nine quarters as part of its annual stress testing exercise.

Proportional losses could be devastating for community banks, which also tend to lack the sophisticated stress testing models of their bigger peers and employ a more straight-forward approach to risk management. Experts say that community banks should draw inspiration from the Fed’s analysis and broad stress-testing practices to address potential balance sheet risk, even if they don’t undergo a full stress analysis.

“It’s always good to understand your downsides,” says Steve Turner, managing director at Empyrean Solutions, an asset and liability tool for financial institutions. “Economic environments do two things: They tend to trend and then they tend to change abruptly. Most people are really good at predicting trends, very few are good at forecasting the abrupt changes. Stress testing provides you with insight into what could be the abrupt changes.”

For the most part, stress testing, an exercise that subjects existing and historical balance sheet data to a variety of adverse macroeconomic outlooks to create a range of potential outcomes, has been the domain of the largest banks. But considering worst-case scenarios and working backward to mitigate those outcomes — one of the main takeaways and advantages of stress testing — is “unequivocally” part of prudent risk and profitability management for banks, says Ed Young, senior director and capital planning strategist at Moody’s Analytics.

Capital & Liquidity
The results of the Fed’s sensitivity analysis underpinned the regulator’s decision to alter planned capital actions at large banks, capping dividend levels and ceasing most stock repurchase activity. Young says bank boards should look at the analysis and conclusion before revisiting their comfort levels with “how much capital you’re letting exit from your firm today” through planned distributions.

Share repurchases are relatively easy to turn on and off; pausing or cutting a dividend could have more significant consequences. Boards should also revisit the strategic plan and assess the capital intensity of certain planned projects. They may need to pause anticipated acquisitions, business line additions and branch expansions that could expend valuable capital. They also need to be realistic about the likelihood of raising new capital — what form and at what cost — should they need to bolster their ratios.

Boards need to frequently assess their liquidity position too, Young says. Exercises that demonstrate the bank can maintain adequate capital for 12 months mean little if sufficient liquidity runs out after six months.

Credit
When it comes to credit, community banks may want to start by comparing the distribution of the loan portfolios of the banks involved in the exercise to their own. These players are active lenders in many of the same areas that community banks are, with sizable commercial and industrial, commercial real estate and mortgage portfolios.

“You can essentially take those results and translate them, to a certain degree, into your bank’s size and risk profile,” says Frank Manahan, a managing director in KPMG’s financial services practice. “It’s not going to be highly mathematical or highly quantitative, but it is a data point to show you how severe these other institutions expect it to be for them. Then, on a pro-rated basis, you can extract information down to your size.”

Turner says many community banks could “reverse stress test” their loan portfolios to produce useful insights and potential ways to proceed as well as identify emerging weaknesses or risks.

They should try to calculate their loss-absorbing capacity if credit takes a nosedive, or use a tiered approach to imagine if something “bad, really bad and cataclysmic” happens in their market. Credit and loan teams can leverage their knowledge of customers to come up with potential worst-case scenarios for individual borrowers or groups, as well as what it would mean for the bank.

“Rather than say, ‘I project that a worst-case scenarios is X,’ turn it around and say, ‘If I get this level of losses in my owner-occupied commercial real estate portfolio, then I have a capital problem,’” Turner says. “I’ll have a sense of what actions I need to take after that stress test process.”

A key driver of credit problems in the past has been the unemployment rate, Manahan says. Unemployment is at record highs, but banks can still leverage their historical experience of credit performance when unemployment hit 9.5% in June 2009.

“If you’ve done scenarios that show you that an increase in unemployment from 10% to 15% will have this dollar impact on the balance sheet — that is a hugely useful data point,” he says. “That’s essentially a sensitivity analysis, to say that a 1 basis point increase in unemployment translates into … an increase in losses or a decrease in revenue perspective to the balance sheet.”

After identifying the worst-case scenarios, banks should then tackle changing or refining the data or information that will serve as early-warning indicators. That could be a drawdown of deposit accounts, additional requests for deferrals or changes in customer cash flow — anything that may indicate eventual erosion of credit quality. They should then look for those indicators in the borrowers or asset classes that could create the biggest problems for the bank and act accordingly.

Additional insights

  • Experts and executives report that banks are having stress testing conversations monthly, given the heightened risk environment. In normal times, Turner says they can happen semi-annual.
  • Sophisticated models are useful but have their limits, including a lack of historical data for a pandemic. Young points out that the Fed’s sensitivity analysis discussed how big banks are incorporating detailed management judgement on top of their loss models.
  • Vendors exist to help firms do one-time or sporadic stress tests of loan portfolios against a range of potential economic forecasts and can use publicly available information or internal data. This could be an option for firms that want a formal analysis but don’t have the time or money to implement a system internally.
  • Experts recommend taking advantage of opportunities, like the pandemic, to enhance risk management and the processes and procedures around it.

Risk, Business Continuity Planning: Trends and Lessons from Covid-19

The Covid-19 pandemic has introduced unprecedented strains to the economy, enhancing concerns about credit risk and pressuring lenders’ ability to serve their borrowers.

Cybersecurity and other risk environments have also evolved, following government-mandated work from home models. These shifts are prompting bank leaders to evaluate their business continuity plans and pandemic planning initiatives to ensure they’re putting safety and efficiency first.

Bank Director’s 2020 Risk Survey, sponsored by Moss Adams, was conducted in January before the U.S. economy felt the full effect of the coronavirus. Yet, insights derived from this annual survey of bank executives and board members help paint a picture of how the industry will move forward in a challenging operating environment.

Credit Risk
Most community banks have issued loans through the Paycheck Protection Program (PPP), the Small Business Administration’s loan created under the Coronavirus Aid, Relief and Economic Security (CARES) Act passed in late March. These loans, which may be forgiven if borrowers meet specified conditions, allowed small businesses to retain staff, pay rent and cover identified operating expenses.

However, it’s likely that businesses will seek additional credit sources as the economy restarts. The lapse in business revenue generation will pose significant underwriting challenges for banks.

More than half of respondents in the 2020 Risk Survey revealed enhanced concerns around credit risk over the past year, while 67% believed that competing banks and credit unions had eased underwriting standards.

While there’s no way to determine what the future holds, near-term lending decisions will likely occur amid an uncertain economic recovery. There are some important questions institutions should consider when determining their lending approach:

  • How will our organization evaluate lending to businesses that have been closed due to the coronavirus?
  • Should a pandemic-related operational gap be treated as an anomaly, or should lenders consider this as they underwrite commercial loans?
  • What other factors should be considered in the current environment?
  • How much bank capital are we willing to put at risk?

Cybersecurity
Directors and executives who responded to the survey consistently indicate that cybersecurity is a key risk concern. In this year’s survey, 77% revealed their bank had placed significant emphasis on increasing cybersecurity and data privacy in the wake of cyberattacks targeting financial institutions, such as Capital One Financial Corp.

With more bank staff working remotely, cyber risks are even greater now. Employees are also emotionally taxed with concerns about their health, family and jobs, increasing the risk for errors and oversights. Unfortunately, the COVID-19 pandemic presents cybercriminals with a ripe opportunity to prey on individuals.

Business Continuity
In the survey, respondents whose bank had weathered a natural disaster within the last two years were asked if they were satisfied with their institution’s business continuity plan. The majority, or 79%, indicated they were.

However, the Covid-19 pandemic isn’t a typical natural disaster. Although buildings haven’t been destroyed, companies are still experiencing significant disruption to their normal operations — if they’re able to operate at all.

These circumstances, coupled with expanding technology and banks operations increasingly moving to the cloud, will likely lead to further changes in business continuity planning.

Remain Flexible
In an interagency statement released a week before the World Health Organization declared that the Covid-19 outbreak a pandemic, federal regulators reminded depository institutions of their duty to “periodically review related risk management plans, including continuity plans, to ensure their ability to continue to deliver their products and services in a wide range of scenarios and with minimal disruption.”

The Federal Financial Institutions Examination Council also updated its pandemic guidance, noting the need for a preventative program and documented strategy to continue critical operations throughout a pandemic.

Since that time, banks have encouraged customers to broadly adopt digital platforms and, when necessary, serve customers in person through drive-through lines or by appointment to reduce face-to-face contact. Bank employees wear masks and gloves, branches are cleaned frequently and, where possible, staff work remotely.

Gain Insights
The pandemic is a real-world tabletop exercise that can provide important takeaways about the effectiveness of an organization’s business continuity plan. It’s important for organizations to take advantage of this opportunity.

For example, there could be another wave of Covid-19 later this year; alternately, it could be years before we see an event similar to what we’re experiencing. Either way, your bank must to consider the potential consequences of each outcome and have a plan ready. Reviewing your organization’s business continuity plans and initiatives can help reveal opportunities to move forward with confidence, despite challenging operating environments.

Directors’ Defense Against the Pandemic Impact on Credit

Bank directors and management teams must prepare themselves and their institution for the potential for an economic crisis due to the COVID-19 outbreak.

This preparation process is different than how they would manage credit issues in more traditional economic downturns; traditional credit risk management tools and techniques may not apply or be as effective. Directors and others in bank management may need to consider new alternatives and act quickly and deliberately if they are going to be successful during this very difficult time.

The traditional three lines of defense against quickly elevating credit risk may not work to prevent the credit impact of the new coronavirus and its consequences. The “horse is out of the barn” and no existing, normal risk management system can prevent some level of losses. This pandemic is the proverbial black swan.

The real questions now are how can banks prepare to deal with the related issues and problems?

Some institutions are likely to be better prepared, including those with:

  • A strong capital base.
  • Good, conservative allowance reserve levels.
  • Realistic credit risk assessments and portfolio ratings prior to the pandemic.
  • Are poised to take part in a potential acquisition.
  • A good strategic approach that is not materially swayed by quarterly earning pressures.
  • A management and board that “tells it like it is” and is realistic.
  • Good relationship with regulators, CPA firms, professionals and investors.

What are a bank’s options when trying to assess and manage the pandemic’s impact?

  • Deny the problem and kick the can down the road.
  • Wait for the government and regulators to provide solutions or a playbook for the problems.
  • Sell the bank — most likely at a big discount if at all.
  • Liquidate the bank, likely only after expending capital, with assistance from the Federal Deposit Insurance Corp.
  • Be proactive and put in place processes to deal with the problem and consequences.

There are some steps a bank can take to be proactive:

  • Identify emerging and potential problems and the options to handle them, and then create a plan that is strategic, operational and provides the best financial result.
  • Commit to doing what’s right for the bank, its employees, customers and community.
  • Enhance or replace the current credit risk management system with a robust identification, measurement, monitoring, control and reporting program.
  • Adopt an “all hands-on deck” to improve focus and deal with material issues in a priority order, deferring things that do not move the needle.
  • Assess internal resources and consider moving qualified personnel into areas that require more focus.
  • Seek outside professional assistance, if needed, such as loan workout or portfolio analysis and planning.
  • Perform targeted reviews of portfolio segments that are or may become challenged because of the pandemic and potential fallout, along with others may have had weaker risk profiles before the pandemic.
  • Communicate the issues such as the magnitude of the financial challenge to employees, the market, regulators, CPAs and other professionals who provide risk management services to your bank.
  • Deal with problems head-on and decisively to maintain credibility and respect from various constituencies while achieving a superior result.

It is best for everyone in the bank to work together and act quickly, thoughtfully, honestly and strategically. There will, of course, be some expected and understood need in the short term for increases in allowance provisioning. If planning and actions are executed well, the long-term results will improve the bank’s performance and enhance its credibility with the market, regulators and all other professionals. Just as valuable as an outcome is that your bank’s reputation will be enhanced with your employees, who will be proud to have been part of the effort during these difficult times.

An Effective Way to Combat Cyber Breaches

Banks have always been in the business of risk management, but the risks they face aren’t stagnant; they migrate with time.

Traditionally, banks have faced two types of risk: interest rate and credit risk. Today, however, given the growth of digital banking and transactions, these two risks have been supplanted by another: cybersecurity.

The biggest challenge when it comes to cybersecurity risk is that it constantly evolves, as the threats, actors and attacks increase in sophistication. Banks that prepare for one method of intrusion may find themselves the victim of a different strategy.

Earlier this year, H. Rodgin Cohen, a partner at Sullivan & Cromwell and one of the industry’s most trusted advisors, commented on this change.

“I think the biggest risk in the [financial] system today is a successful cyberattack,” Cohen said. “That is a very serious risk, but I think the more likely [danger] is that a single bank — or a group of banks — are hit with a massive denial of service for a period of time, or a massive scrambling of records.”

Banks of all sizes feel pressure to keep their systems secure from intruders, according to Bank Director’s 2019 Risk Survey, which found that cybersecurity concerns among bankers have increased over the previous year.

Twenty percent of survey respondents say they address cybersecurity as a full board rather than delegating it to a committee, and slightly more than a third say at least one director is a cybersecurity expert.

The concern is ever present, and for some banks, very real: 18% of respondents, excluding chief lending officers and chief credit officers, reported that their bank experienced a data breach or other cyberattack within the last two years.

Concerns like these are why Bank Director created the “Best Solution for Protecting the Bank” category for its 2019 Best of FinXTech Awards. Judges selected winners from the most innovative solutions found in the FinXTech Connect platform.

The finalists for this year’s award were Rippleshot, which helps banks to identify credit and debit card fraud; IDEMIA, which  works to prevent card-not-present fraud; and Illusive Networks, which helps banks detect when their networks have been infiltrated.

This year’s winner was Illusive Networks, based in part on its work to secure the network of Israel Discount Bank, the third biggest bank in Israel.

Illusive approaches cybersecurity from a hackers’ point of view in order to beat them at their own game. Its strategy isn’t to stop an intrusion per se — a feat that seems increasingly impossible with the number of entry points into a system and the scores of malicious actors.

Rather, it detects and remediates an attack once it has happened. Intruders breaking into a bank’s system must persistently monitor the network for bits of information or credentials that will help them move from machine to machine and gradually close in on the data they want. Illusive plants false information across the bank’s network so that, when attackers act on it, the bank can catch them red-handed.

Illusive calls this “endpoint-focused deception.” The deceptive information is only visible to malicious actors and triggers an alert within Illusive. The technology then captures details about the bad actor directly from the machine they were using, which the bank then uses to track and stop the attack.

One of the main selling points of Illusive’s solution is the short implementation period. In Israel Discount Bank’s case, it took a matter of weeks to implement the solution. The net result is that, not only is the solution harder to detect for potential cyber criminals, but it’s also fast and easy to implement.