Coming to Grips with Operational Risk

Fraud. Bad loans. Almost anything can put your bank at serious risk. In this video presentation, William Beale, CEO of Union First Market Bankshares of Richmond, Virginia, discusses what directors need to know when analyzing operational risk.

Highlights include:

  • How to measure operational risk
  • Who should be included in an operational risk committee
  • Limiting losses from fraud

Click on the arrow to start the video.

How To Build A High Performance Risk Management Program

Each bank board faces unique challenges, but every bank board today is faced with the universal challenges of operating in a safe and sound manner, finding profitability in tough economic times, and implementing an effective enterprise risk management program. In this short video presentation, Fidelity National Information Services, Inc.’s Sai Huda addresses these challenges and offers five key steps to success.

Highlights include:

  • Implementing a high performance risk management model
  • Finding the sweet spot between risk and reward
  • Developing a risk dashboard to manage emerging risks

The Cheesecake Factory and Banking: What a Successful Restaurant Knows About Risk Management

menu.jpgWhen eating out at a chain restaurant, food consistency is important. Restaurant patrons know what their favorite meal tastes like and expect a consistent product.

But, have you ever taken a moment to think about all of the processes and procedures a chain restaurant must have in place that enables them to deliver the exact same meal to the table no matter what the geographical location? In an August 13, 2012 article in The New Yorker, Dr. Atul Gawande, a professor of public health at Harvard, examined how the Cheesecake Factory consistently and efficiently implemented an updated menu twice per year in all of its restaurant chains across the country without sacrificing quality or disrupting service.

Impressed with the Cheesecake Factory’s ability to quickly and effectively distribute information to its geographically dispersed restaurants, enabling each chain to follow exactly the same protocols to deliver the same quality product, Dr. Gawande wondered if a similar business model might successfully be applied to the health care industry. Using the Cheesecake Factory’s model for information distribution and quality control, could the medical industry operate more efficiently and provide better service while simultaneously offering higher-quality care?

For the financial services industry, things are growing more complex everyday. However, like the Cheesecake Factory, the financial institutions that are successful are those that have implemented consistent processes and standards across the entire organization, and then effectively communicated this information throughout all levels. 

Key Steps in the Enterprise Risk Management Process: A Recipe for Success

To address unknown risks, financial institutions must adopt a systematic approach to emerging risk identification, assessment, monitoring and reporting. Following a consistent approach to managing risk can prevent unexpected and detrimental events from occurring and enable financial institutions to pinpoint areas of opportunity.

Step 1: Risk Identification

Financial institutions can better protect themselves and even further their business strategies and objectives by approaching risk management in a much more disciplined way. At every Cheesecake Factory restaurant, the kitchen manager inspects every dish before it leaves the kitchen to identify whether the dish meets the restaurant’s standards or needs to be redone. Much like the kitchen manager, a financial institution’s risk manager should identify potential risks not only for each business line, but also at a very high level throughout the organization as a whole.

Step 2: Risk Assessment

At each restaurant, the kitchen manager rates the food on the line using a scale of one-to-ten.

Similarly, while it is common for financial institutions to face a variety of risks, it is important to gather a manageable list of what are collectively seen as the most significant risks. Once the risks are identified, they can be scored or rated, and then prioritized based on their significance.

Step 3: Risk Monitoring

The fact each dish is inspected before it reaches the customer at the Cheesecake Factory, kitchen managers can coach their staff to aim for a score of 10 and provide customers with a consistent product.

Financial institutions should also be coaching their business line managers on how to understand and monitor their risk profiles. Risk monitoring protocols should be scheduled on a regular basis, so that risks can be reviewed, re-prioritized and controls can be tested and tweaked.

Step 4: Risk Reporting

Efficient communication is a key factor in the Cheesecake Factory’s ability to implement new menu items quickly and consistently. Most ERM programs should also have a robust reporting/communication component in place.

With all of the information at hand, knowing the full range of risks the financial institution faces as well as the controls at its disposal, the organization can use the risk data to implement practical business decisions.

Lessons Learned

For financial institutions, the end result is a strong risk management culture that will encourage innovation in business lines without exposing an organization to the kinds of risks that contributed to the financial crisis. Giving more thought as to how information is actually managed and distributed throughout an organization will only lead to more intelligent risk-taking that is more effectively communicated across the financial institution.

With the New Focus on the Consumer, the Buck Stops (And Starts) with the Board

stop-start.jpgForward-thinking financial institutions are future-proofing their risk and compliance programs. They are detecting tracking and understanding not only emerging issues, trends and regulatory requirements, but also the next big areas of potential vulnerability. We are hearing from our bank clients that regulatory risk is at the top of the list. While bank directors do not need to be technical compliance experts, they do need to actively oversee compliance management and have an understanding of the changes coming.

Board members can play a central role in the process of re-focusing compliance on what’s important to regulators, and a key trend is a new focus on “fairness” or “impact” to the consumer.  This concept is being led by the Consumer Financial Protection Bureau (CFPB), but quickly accepted by the other agencies. On September 25th the Federal Deposit Insurance Corp. (FDIC) released FIL-41-2012 which “reorients” the consumer examination score to be “based primarily on the impact to consumers.” During regulatory examinations, regulators will evaluate the board’s involvement (or lack thereof) in ensuring that programs are properly articulated and followed.

The Role of the CFPB

The Consumer Financial Protection Bureau has tremendous supervisory and enforcement authority and is already changing the mindset for what compliance means. The CFPB, which examines banks above $10 billion in assets, wants institutions to develop a “culture of compliance,” that focuses more on the risk to the consumer than the potential fines or violations a bank may receive if a violation is found. With the changes in the Dodd-Frank Act to the definition of Unfair, Deceptive, or Abusive Practices (UDAAP), which is now under the domain of the CFPB and applies to all banks and thrifts, it isn’t enough for financial institutions to simply meet regulatory requirements. Now, the way banks relate to customers is important. This dramatically changes the role and responsibilities of not just the compliance department, but of everyone within the bank. In addition, although CFPB is leading this effort, the new FDIC change highlights the need for institutions of all sizes to pay attention to this shift.

There is hope, however, for banks willing to be proactive in addressing the consumer-centric approach.

Culture Change

To be successful, the board needs to embrace an integrated approach to compliance risk management that reflects a consumer-centric viewpoint. This consumer centric approach should be so woven into your business that your employees do not think of it as compliance—instead they look at it as fundamental to their jobs.  This culture needs to promote proactive and forward thinking. In a culture of compliance, the consumer is not the province of a single department, but rather the responsibility of the entire organization.

Compliance Management System

Expect Change. Your compliance program needs to adjust to address the four interdependent parts of the CFPB’s compliance management system, including board and management oversight, compliance program, compliance audit and the enterprise approach to responding and analyzing consumer complaints. The complaint management system may need to be revamped to ensure that management is utilizing the consumer complaint data to understand how products and services impact consumers. In addition to the standard complaint resolution process, your institution will need to ensure they are capturing both written and verbal complaints at all consumer touch points, feeding them into a system that allows for trending analysis, and ultimately changes in processes, supports, controls, and or products.  Don’t forget that your program needs to hold your partners and vendors to the same standards that you hold your own business to.

Consumer Risk Assessments

The first thing the CFPB will do is conduct a compliance risk assessment that evaluates the risks to consumers arising from products, polices, procedures and practices. In preparation, your enterprise risk management and/or compliance risk program needs to be able to identify and respond to risks to the consumer. This risk assessment will likely illuminate risk areas not previously a focus of compliance, raise questions about activities that may currently be considered standard in the industry, and accordingly require changes in operations that staff may resist.

Your systems need to be able to identify risks to both the bank AND to the consumer.  In order to accomplish this, compliance can no longer operate in isolation. Business lines must not only be included, but also assume it is their job to understand the risks to their operations, and have accountability to make the necessary changes within their operations to reduce these risks.

Staff members in different business lines must not only be included, but also assume it is their job to understand the risks to their operations, and have accountability to make the necessary changes within their operations to reduce these risks. To support a change in culture, compliance or risk management cannot be the only areas that the board holds accountable. 

So how do you achieve a culture of compliance, where all employees are held accountable for risk?

The compliance program must change from focusing on past errors and the latest hot topics to evaluating and managing the potential risk to the organization—and to the consumer—generated by both internal and external sources. A forward-thinking organization can identify the next hot issue by proactively evaluating potential risks and adapting compliance programs to mitigate the risks to both the bank and the consumer. The proactive risk-based approach will put you ahead of the new consumer-centric examination approach and ensure the new hot issue doesn’t impact you or your customers.

Should the $10 Billion Threshold For Risk Committees Be Lowered?

Dodd-Frank requires banks and thrifts with more than $10 billion in assets to have a separate risk committee. But what about smaller institutions? There is talk now that having a separate risk committee is a best practice for smaller banks, or will become a regulatory requirement in the future. But should it? Most of a panel of Bank Director legal experts agreed that one-size does not fit all in the rule-making world, and according to many, it is not the asset size of the bank that matters, but rather the complexity.  

Should the Federal Reserve lower the threshold for banks that are required to have a standing risk committee of the board below the current floor of $10 billion? If yes, what should the new threshold be and why? If no, why is the current threshold adequate?

Lee-Meyerson.jpgNo.  The operations of smaller banking organizations and community banks with less than $10 billion in assets did not contribute to the financial crisis and were not the focus of reform under Dodd-Frank.  Congress was, quite rightly, concerned that such institutions not be treated in the same manner as their larger, more complex cousins.  In a number of areas, such as the Durbin Amendment, the authority of the Consumer Financial Protection Bureau, stress testing and Federal Deposit Insurance Corp.  deposit insurance reforms, Congress sought to avoid burdening smaller banks with unnecessary additional compliance costs.  Accordingly, the decision whether to form a standing risk committee for a smaller bank should continue to be made by each institution based on its own particular situation, complexity and governance structure.

 —Lee Meyerson, Simpson Thacher & Bartlett

Peter-Weinstock.jpgFor most financial institutions, including those at asset totals approaching or even exceeding $10 billion in assets, a specialized risk committee is redundant to the board’s role.  After all, job one for every board is oversee management and see that plans are in place to address risk to the financial institution.  The nine categories of risk described by the Office of the Comptroller of the Currency is a good place to start. Simply put, directors should be hypersensitive to the institution’s risk profile and sources of risk.

—Peter Weinstock, Hunton Williams

G-Rozansky.jpgThe current rule—coupled with the existing authority of the U.S. bank supervisors to make suggestions and/or require that changes be made on a case-by-case basis—should be adequate. Institutions with less than $10 billion in assets, however, should be accorded appropriate latitude in determining whether or not a standing risk committee of the board is the best means to achieve this imperative. Institutions in this category typically offer less complex products (lending, deposit, foreign exchange) and do not generally pose the same types of systemic risks as large, complex institutions.

—Gregg Rozansky, Shearman Sterling

Horn_Charles.jpgTo some extent this is a moot question because the statutory threshold for publicly-traded Bank Holding Companies is $10 Billion.   Every bank should have at least a subcommittee of directors that is responsible for enterprise risk management issues and activities, since managing risk is a basic bank director obligation.  The charter and mandate of this subcommittee will vary widely according to bank size and complexity; for small banks, the tasks of this subcommittee won’t be onerous. The threshold for a formal standing risk committee otherwise is an arbitrary — and secondary — decision in the risk management process; there really is no threshold that absolutely makes sense.

– Charles Horn, Morrison Foerster

Douglas-McClintock.jpgStanding risk committees are an important and a useful tool to identify risks, but a regulatory mandate at the $10 billion level seems more than sufficient.  Such committees are part of the board of directors, which board is ultimately responsible for the bank’s risk portfolio, and the banks themselves have better knowledge as to when such a standing committee should be required.   The asset size of the bank is less important than the degree of complexity of the bank’s business practices.  Smaller banks can, and many probably should, establish standing risk committees depending upon their business practices, lending portfolios, loan-to-value characteristics, capital levels, complex investments, credit extensions and hedging activities.

—Doug McClintock, Alston + Bird

John-ReVeal.jpgTo the extent that a smaller bank’s activities are such that a standing risk committee might be appropriate, this can best be decided by the bank’s board or by the bank examiner with direct knowledge of the institution. Requiring all banks to maintain the same risk management systems will only add unnecessary financial burdens on smaller banks and lead to more bank failures.  This is not the way to minimize the systemic failures that standing risk committees are intended to avoid.  It is important that bank regulators ensure that every bank maintains appropriate risk management systems for its size and business model and otherwise operates in a safe and sound manner.  It is not necessary, however, to apply a one-size-fits-all standard from on high.

—John ReVeal, Bryan Cave

Regulatory Guidance on Stress Testing: What Every Board Must Know and Should Do

frayed-rope.jpgThe banking agencies (the Federal Reserve, the Federal Deposit Insurance Corp. and the Office of the Comptroller of the Currency) recently issued the Supervisory Guidance on Stress Testing (the “guidance”).  This guidance becomes effective July 23, 2012 and applies to banking organizations with more than $10 billion in total consolidated assets. 

However, all banks regardless of size should pay close attention and follow the principles outlined in the guidance in order to implement an optimal risk management program at the bank. 

This article highlights what every bank board must know about the guidance and should do, regardless of the bank’s size. 

What the Guidance Says

The guidance says that a banking organization with more than $10 billion in total consolidated assets should implement stress testing as a key component of its risk management program. The main purpose is to enable the organization to fully understand its risk exposures and impact from stressful events and circumstances and better equip the organization to handle a wide range of adverse outcomes in the future.  

The guidance says banking organizations should incorporate five principles into a stress testing framework so that:

  • It is tailored and captures the organization’s enterprise risks
  • It employs multiple stress testing approaches
  • It is forward looking and flexible
  • It produces stress test results that are clear, actionable and support informed decision making
  • It includes strong governance and effective internal controls

The stress testing framework should cover all risks such as credit, market, operational, interest-rate, liquidity, country and strategic risk.

A banking organization’s senior management needs to design and implement the stress testing, while the board should approve the framework and policies.  The board should then monitor compliance.  The board also needs to use the results from stress testing to assess the impact to the risk profile, risk appetite and strategic plan. There should also be an independent review and validation of the framework used in the stress tests.

What the Board Must Know

Failing to follow the guidance and implement a stress testing framework commensurate with the banking organization’s size and risk profile will be deemed an unsafe and unsound banking practice. Bank examiners will closely evaluate the board’s role and ultimately hold it accountable.

Ultimately, the board is responsible for ensuring the banking organization has an effective enterprise risk management program that includes an appropriate stress testing framework.  The board should make sure senior management covers all risks and utilizes stress testing techniques such as scenario and sensitivity analysis and reverse stress testing.  Stress testing should provide the board with critical intelligence that ultimately can result in optimal risk management performance.  The board should also ensure that the stress testing framework’s adequacy and effectiveness is evaluated and validated independently.  

What Community Banks Should Do

While banking organizations with $10 billion or less in consolidated assets are exempt from the guidance, it would be prudent for the boards at these organizations to closely review the guidance and consider implementing a stress testing framework commensurate for their size and complexity, as a best practice. 

For example, a community bank could incorporate reverse stress testing as described in the guidance as a tool.  Reverse stress testing means the banking organization identifies “break the bank” type adverse outcomes, such as suffering material credit losses that result in severe undercapitalization, an employee committing a large fraud that results in a material loss, the bank being used for money laundering that results in criminal penalties or the bank being accused of lending discrimination and prosecuted by the Department of Justice (DOJ). The bank should then deduce the types of events that could lead to such an outcome.  This can reveal potential blind spots or previously unknown sources of risk that can then be mitigated through enhanced risk management.  Community banks in particular, due to their size, limited resources and less diversification in geographic location and product mix, may be more vulnerable to “break the bank” type of adverse events and may not be able to withstand such surprises unless they have planned for such an outcome. 

Ultimately, stress testing provides critical forward looking risk management intelligence that the board should use to guide the banking organization to attain optimal risk management performance and maximize shareholder value, regardless of the size of the organization.

Focusing on What’s Important to the Audit Committee: Three Things That Should Be on Everyone’s Mind

magnifying.jpgAfter the passage of the Sarbanes-Oxley Act, audit committee members experienced an increase in the intensity of the spotlight the public and regulators placed on them—and the focus didn’t just affect public companies. The current financial crisis again has put a spotlight on the responsibilities that all boards and audit committee members face. Although audit committees are actively engaged with their management teams and internal and external auditors, it can be difficult to know what should be the focus of those ongoing discussions.

So what are the things that audit committees should be thinking about today? Highlighted here are three of the critical risk areas that audit committees should have on their minds.

1. Earnings and Growth Plans: Early Assessments of the Risks

The credit challenges and related complications of the financial crisis are improving for many banks. Management teams are focused on returning to sustainable profits. Lending groups are actively looking to build their portfolios, and management teams are considering new products and services and expanding existing programs.

Audit committees need to be aware of the strategies their organizations are considering and of the associated risks. Internal audit should be auditing those risks. Whether a bank is considering resurrecting an old lending strategy or launching a new product or service, early action by the audit committee and internal audit will safeguard the organization. Audit committees and internal audit should work to understand their organization’s initiatives, limits and controls, and understand the risk monitoring that exists at their institutions.

2. Compliance: Effective, Efficient, and Critical for Survival

Compliance doesn’t always seem like the most strategic topic, but a lack of compliance can have consequences that quickly become strategic. Consumer regulations have changed significantly over the past few years, and more changes are on the horizon as the regulatory focus on consumer compliance has increased noticeably.

Audit committees should understand not just the details of compliance for individual regulations, but the compliance program itself. Having a robust system in place to identify changes, assess the enterprise-wide effects, and respond effectively is the only way that ongoing compliance can be achieved. Internal audit cannot just rely on management monitoring systems; it must perform independent testing of the compliance program and of compliance risks. Audit committees should understand the risk assessment process and internal audit’s coverage approach with respect to consumer compliance, and they should be comfortable that the compliance program will produce consistent and efficient results across all regulations and lines of business.

3. Enterprise Risk Management: Present, Comprehensive, and Insightful

Enterprise risk management (ERM) has been a topic of conversation for many years, but the level of discussion within banks and regulatory examinations is greater today in light of the financial crisis. Companies need an ERM process that is designed to address all risks across an organization and that provides meaningful information to executive management and the board. In addition, in response to the Dodd-Frank Wall Street Reform and Consumer Protection Act, which requires a board-level risk committee for firms with more than $10 billion in consolidated assets, examiners sometimes are asking much smaller organizations to put programs in place that include board-level oversight.

Audit committees should understand their bank’s ERM program, and internal audit should evaluate its effectiveness. Questions to consider include: Does a program already exist, and, if so, who owns the program? Are the right people involved? Do the results prompt the right discussions (are the company’s biggest risks part of the conversation)? Do the board and executive management support the process and the outcomes?

The goal of ERM is not to simply to comply with a regulatory mandate, but to establish a disciplined process whereby the most significant risks are summarized for insightful discussion and response. As it does with all critical areas of its bank, an audit committee must make sure that the ERM function exists and that it is operating as intended.

Having confidence in the quality and scope of the internal audit function should be a priority for any bank’s audit committee. Though the three critical areas discussed above are not exhaustive, they represent some of the larger issues facing banks today. Ongoing changes are inevitable. Adding specific consideration of changing risks—and potential changes to audit plans—could be a useful topic for audit committees to add to their agendas.

Bank Directors and Chief Risk Officers: Odd Couple or Ideal Match?

same-difference.jpgIn the aftermath of the 2008 global financial crisis, bank boards are taking on a much more active role in overseeing enterprise risk management (ERM). Bank directors face greater liability from shareholders and regulators in the form of lawsuits and professional liability claims from the Federal Deposit Insurance Corp., more stringent regulatory and disclosure requirements and higher expectations from key stakeholders. An effective relationship between the chief risk officer and the board is more important than ever.

How should bank directors support the chief risk officer (CRO) and improve the effectiveness of their relationship? Consider these five steps:

  1. Understand the role of the board in ERM. Bank directors recognize the regulatory requirements and business uncertainties that they face. Recent surveys indicate that risk management has emerged as a top board concern. What is the role of the board in ERM? There are three key responsibilities: (a) establishing an effective governance structure to oversee ERM, (b) approving an ERM policy that includes a risk appetite statement, and (c) establishing assurance and reporting processes to monitor risk management effectiveness. Bank directors who understand their role in ERM can provide effective risk oversight without encroaching on the role of management.
  2. Appoint more risk professionals on bank boards. Section 165 of the Dodd-Frank Act established new requirements for publically traded banks with assets over $10 billion, including the establishment of a risk committee of the board that includes at least one risk management expert. The Federal Reserve Board may also begin requiring a risk committee at smaller publically-traded banks. James Lam & Associates reviewed the professional biographies of over 1,200 bank directors at U.S. banks with over $10 billion in assets, and found that only 5 percent have a risk background. We expect that number to more than double in the next few years.
  3. Ensure an effective risk committee of the board. While appointing risk professionals to their ranks will enhance the board’s capabilities to oversee ERM, there are other best practices for an effective risk committee. These requirements include (a) a well-developed charter that defines the risk oversight responsibilities of the risk committee relative to the full board, the audit committee and other board committees, (b) a set of integrated dashboard reports designed specifically for the board that will highlight major risk exposures and key decision points and (c) a periodic assessment of the effectiveness of the risk committee based on both subjective and objective criteria.
  4. Enhance the independence of the risk function. What is the reporting relationship between the CRO and the risk committee of the board? If there is a dotted line relationship, what does that dotted line really mean in terms of direct communication, CRO hiring/firing decisions and CRO performance evaluation? Moreover, what is the expectation of the board with respect to the responsibilities of the CRO? Importantly, is the CRO sufficiently independent and able to raise critical risk issues to the board without concern about job security or compensation? These are some of the key questions that should be addressed.
  5. Integrate board oversight of strategy and ERM. Monitoring strategy development and execution has long been the purview of boards. As boards become more active in ERM, the integration of strategy and risk oversight is a logical and desirable outcome. Independent research studies from Deloitte Research, The Corporate Executive Board and James Lam & Associates have found that when publicly-traded firms suffer a significant decline in market value, approximately 60 percent of the loss events were caused by strategic risks, 30 percent from operational risks and 10 percent from financial risks. While integrated strategy and risk oversight is arguably a key role for the board, this process is still in its early stage of development. 

In the current business and regulatory environment, establishing an effective partnership between the board and the CRO is more important than ever. Given that the CRO is responsible for implementing the ERM program, and the board is responsible for overseeing its effectiveness, the partnership between the two should be an ideal match.

10 Ways Banks Can Grow in 2012

water-grass.jpgIt’s old news that banks are operating with fewer avenues for growth than in years past,  and it’s no surprise that bankers are scrambling for new ways to make up for this lost growth. In doing so, however, bankers need a smart and focused strategy to make the most out of the opportunities available. In a recent report,  “Top 10 Ways Banks Can Grow in 2012,” Grant Thornton LLP comes up with a priority list for growth in the current financial environment.

1. Focus Strategic Plan on Growth

Strategic plans should not be viewed as simply a regulatory requirement, but as a valuable instrument in the assessment, and often continual reassessment, of goals. Grant Thornton writes, “Now that many companies are shifting from survival mode to seizing opportunities in an improving economy, banks should develop and modify their 2012 strategic plans with a renewed focus on growth objectives.” This includes examining whether you are properly incentivizing your growth goals with employees, taking a new look at where you should and shouldn’t be cutting expenditures in your marketing, and rethinking previous decisions about which products are most relevant to today’s market.

2. Examine an Acquisition

While there are many current roadblocks to a successful M&A transaction, ranging from new regulations to uncertainty about future pricing, M&A is still considered a popular avenue for growth. Before incorporating an acquisition into the growth plan, however, banks need to consider post-acquisition issues.

 Aside from preparing for the complex accounting and financial aspects of an acquisition, directors need to be prepared for potential cultural conflicts. “Communication and leadership are probably the most important prerequisites for a successful integration. It’s critical that there be transparent communication between the acquirer and the acquired entity, so that important cultural issues, such the composition of the combined institution’s senior leadership team, are handled in a timely manner,” says Grant Thornton.

3. Implement Smart Tax Strategies and Structures

Banks need to ensure their tax strategies are taking advantage of all new federal benefits, as well as being up-to-date with state and local rules that cover their operating area. “Incentive credits that apply to banks should be implemented in all applicable jurisdictions. Federal benefits from credits (e.g. new market tax credits, energy credits, low-income housing tax credits) and bonus depreciation should be analyzed,” says Grant Thornton.

4. Develop New Service Offerings

Banks should consider adding new services to their existing line-up, as well as maximizing the potential of the services they already have. In terms of maximizing current potential, bankers should increase cross-selling to their established clients and determine which services need a renewed focus after being pushed aside during the downturn. 

For new areas of growth, bankers should consider teaming up with other entities that can help them expand services such as brokerage and financial planning. At the same time, they should consider participating in quality loans that are recently becoming available through other institutions trying to increase capital ratios.

5. Make Technology Work for You and Your Customers

Putting money into new technology expenditures may be hard to stomach for banks during a downturn, but it also may be necessary if their competitors are making those same investments. Grant Thornton suggests supplying tablets or iPads to your field staff which can be used to personalize customer marketing materials and complete loan applications remotely.  Grant Thornton also recommends considering a switch to cloud computing services—after first evaluating the inherent risks—if you haven’t already. “Cloud computing offers a number of distinct advantages over its predecessors, including a more efficient and cost effective use of internal resources, greater speed to deployment, lower operating and capital costs, and higher performance,” says the report. 

6. Send the Right Message with Social Media

Larger financial institutions, and even many smaller ones, are interacting with their customers in new and creative ways across a wide spectrum of social media platforms. Whether it is to bolster public image or to spread information about new products and services, social media offers an inexpensive way to communicate directly with clients.

“Social media provides the opportunity for banks to demonstrate their commitment to corporate social responsibility and help regain confidence from their customers and the public after being largely maligned during the recession,” says Grant Thornton. 

Banks should be cautious, however, as such open communication is a two-way street, and it can be difficult to control negative feedback. In addition, social media provides an avenue for both fraud and privacy breaches, and this risk should be examined as part of any social media plan. 

7. Ready Your Bank for Risk

All banks prepare for risk, but banks should take the extra step of incorporating an enterprise risk management (ERM) approach that fits each organization’s individual needs and objectives. “(ERM) is an approach to assessing and addressing the full risk profile of the bank, including strategic risks such as operational, financial, regulatory, credit and market risks. The assessment process allows all parties to fully understand the impact of major new initiatives across the bank, and enables clear, strategic decision-making,” says Grant Thornton.

8. Understand Regulations

Keeping up and complying with new regulations can be a difficult task given the recent influx of rules stemming from the Dodd-Frank Act and the formation of the Consumer Financial Protection Bureau, but no bank wants to find themselves in noncompliance. Fortunately, as long as the bank’s overall risk management approach is sound and the most potentially costly regulations are given special attention (i.e. the Fair Lending Act, the Unfair or Deceptive Acts or Practices program, and the Bank Secrecy Act) then banks can still see growth while staying compliant. 

9. Plan for the Worst-Case Scenario: Stress Testing

While recently made mandatory for some of the nation’s top banks, stress testing can be a valuable tool to any bank wanting to fully understand potential risks and prepare its growth plans accordingly. “Continual stress testing should be relevant to the bank’s specific portfolios, balance sheet and customer base. Stress testing should cover: asset concentration and credit quality; contagion risk, such as exposure to European debt; and capital structure and availability,” says Grant Thornton. By understanding possible future risks and building contingency plans, banks can more confidently and strategically take advantage of growth opportunities.  

10. Build a Stronger Foundation for Mortgage Lending

Despite potential roadblocks stemming from recent mortgage reform, banks should still consider growing mortgage banking efforts in areas where there is still a large or expanding market. 

“The recent improvement in housing starts and sales of existing homes indicate that there is still a large market for home mortgages.  If properly managed, a new or expanded mortgage banking effort could be very profitable,” says the report.  

Aside from home mortgages, banks should also take a look at new growth sectors in commercial real estate such as apartments, which look promising due to a high number of rental customers and a relatively low number of new apartments being built in the past few years. 

The full article can be accessed on Grant Thornton’s web site.

Experts: Risk will be key issue in 2012

In preparation for the upcoming audit committee conference in Chicago in June, Bank Director asked bank attorneys and accounting experts speaking at the conference to name the top issue facing bank audit committees in 2012-2013.  Most thought audit committees will have to wrestle with risk issues, whether it’s the risk created by certain types of compensation or the risk of running into problems complying with all the new rules resulting from the Dodd-Frank Act.

Pat-Cole.jpgIf not number one, compensation risk will certainly be one of the top issues facing audit committees over the next 18 months. And a key question audit committees need to ask themselves is: Are our pay practices defensible? Whether the compensation review involves peer group composition, external benchmarking, internal equity and incentive plan risk assessments, or true pay-for-performance, investors and regulators alike will want evidence that all of the reward components are fair. Going forward, simple assurances won’t be enough to satisfy them.”

—Patrick J. Cole, human resources senior consultant, Crowe Horwath LLP

Ronald-Janis.jpgThe top issue facing audit committees this year is how to handle forward-looking risk management, including consumer compliance, regulator exam and balance sheet risk.

—Ronald H. Janis, partner, Day Pitney LLP


Bill-Knibloe.jpgThe accounting issues are complex, and the bank regulators are taking a very conservative approach to interpreting them, which may or may not be in accordance with past accounting practice (historical GAAP). Their conclusions on the time frame for the implementation of related adjustments can also be problematic.”

—Bill Knibloe, partner, Crowe Horwath LLP

Michael-Rave.jpgThe top issue for bank audit committee members is how can the audit committee improve its risk management program and focus on key risks?  Do management and the board have a clear, concise response program in case of a crisis?”

—Michael T. Rave, attorney, Day Pitney LLP

Wynne-Baker.jpg“Audit committee members should continue to increase their knowledge and education on banking because the banking model will demand more from directors.”

— Wynne E. Baker, member-in-charge, KraftCPAs PLLC