Tips for Banks to Navigate Top Risks in 2022

Banks continue to meet unprecedented challenges of the Covid-19 pandemic, geopolitical cyberthreats and increasing public awareness of environment, social and governance (ESG) issues.

With the current landscape posing ever-evolving risks for banks, Moss Adams collaborated with Bank Director to conduct the 2022 Risk Survey and explore what areas are front of mind for bank industry leaders. Top insights from Bank Director’s 2022 Risk Survey include that the vast majority of survey respondents reported that cybersecurity and interest rate risks pose increasing concerns, and they expect these challenges to persist in the second half of the year, due to turbulent economic and geopolitical conditions. The survey also identified that banks increasingly focus on issues related to compliance and regulatory risks.

Cybersecurity Oversight
Concerns about cybersecurity topped the survey responses: 93% of respondents stated that a need for increased cybersecurity grew significantly or somewhat. Bank executives and board members submitted survey responses in January, prior to heightened federal government warnings of increased Russian cyberattacks. Banks’ concerns will likely continue to increase as a result.

Data Breach Rates and Precautions
While only 5% of respondents reported experiencing a data breach or ransomware attack at their own institution in the years 2020 and 2021, 65% reported data breaches at their bank’s vendors. In response, 60% stated they updated their institution’s third-party vendor management policies, processes, or risk oversight.

As a critical U.S. industry, banks follow stringent regulatory requirements for data security. The Federal Financial Institutions Examination Council (FFIEC) cybersecurity assessment tool provides a maturity model for banks to assess their cybersecurity maturity as baseline, evolving, intermediate, advanced or innovative. Ninety percent of respondents completed a cybersecurity assessment over the past 12 months; 61% used the FFIEC’s tool in combination with other methodologies, and another 19% only used the FFIEC’s tool. And 83% of respondents said that the maturity of their bank’s cybersecurity program increased in 2021, compared to previous assessments.

Room for Improvement
Banks noted several areas of improvement for their cybersecurity programs, including training for bank staff (83%), technology to better detect and deter cyberthreats and intrusions (64%) and internal controls (43%). Thirty-nine percent believe they need to better attract and retain quality cybersecurity personnel. Banks’ investments in cybersecurity programs remained flat compared to the 2021 survey, with a median budget of $200,000.

As cybersecurity risks increase, banks should focus on researching and making appropriate investments, as well as implementing comprehensive planning for staff training, technology and governance. At the board level, respondents noted several activities as part of that body’s oversight of the cybersecurity risk management program. Key among these is board-level training (79%), ensuring continual improvements by management of their cybersecurity programs (75%) and being aware of any deficiencies in the bank’s cybersecurity program (71%).

Interest Rate Risk Concerns
The prospect of rising interest rates fueled anxiety for our respondents: 71% noted increased concern. As the Federal Open Market Committee combats higher inflation by hiking interest rates, 74% reported hoping that they wouldn’t raise rates by more than one percentage point by the end of 2022 — which is currently below what’s projected.

Faced with likely rate hikes, banks are looking to their own business models to navigate a potential decrease in overall lending volume and potential pressure on profit margins. Respondents also noted that they were increased their focus in sectors such as commercial and industrial, commercial real estate and construction, or with the Small Business Administration or obtaining other small business loans.

ESG Initiatives
Banks are under increasing pressure to adopt ESG initiatives. More than half of respondents don’t yet focus on ESG issues in a comprehensive manner, and regulators have yet to impose ESG requirements for banks. However, more than half of survey respondents say they have set goals and objectives in a variety of ESG-related areas, primarily in the social and governance verticals — employee development and community needs in particular topped the list.

Only 6% said that investors or other company stakeholders currently look for more disclosure around ESG initiatives, with diversity, equity and inclusion topping the list at 88%. Banks that haven’t established ESG strategies could first identify their top priority areas. These priorities may vary for each organization and will need to consider the values of investors, customers and local community.

Research Report: Fortifying Boards for the Future

Good corporate governance requires, among many other things, a strong sense of balance.

How do you bring in new perspectives while also sticking to your core values? How does the board balance responsibilities among committees? What’s the right balance between discussion about the fundamentals of banking, versus key trends and emerging issues?

There’s an inherent tension between the introduction of new ideas or practices and standard operating procedures. We explore these challenges in Bank Director’s 2022 Governance Best Practices Survey, sponsored by Bryan Cave Leighton Paisner LLP. But tension isn’t necessarily a bad thing.

The survey polled 234 directors, chairs and chief executives at U.S. banks with less than $100 billion in assets during February and March 2022. Half of respondents hailed from banks with $1 billion to $10 billion of assets. Just 9% represent a bank above the $10 billion mark. Half were independent directors.

We divide the analysis into five modules in this report: board culture, evaluating performance, building knowledge, committee structure and environmental, social and governance oversight in the boardroom. Jim McAlpin, a partner at the Bryan Cave law firm in Atlanta and leader of the firm’s banking governance practice, advised us on the survey questions and shared his expertise in examining the results.

We also sought the insights of three independent bank directors: Samuel Combs III, a director and chair of the board’s governance committee at $2.8 billion First Fidelity Bancorp in Oklahoma City; Sally Steele, lead director with $15.6 billion Community Bank System in DeWitt, New York; and Maryann Goebel, the compensation and governance chair at $11 billion Seacoast Banking Corp. of Florida, which is based in Stuart, Florida. They weighed in on a range of governance practices and ideas, from the division of audit and risk responsibilities to board performance assessments.

The proportion of survey respondents representing boards that conduct an annual performance assessment rose slightly from the previous year’s survey, to 47%. Their responses indicate that many boards leverage evaluations as an opportunity to give and receive valuable feedback — rather than as an excuse to handle a problem director.

Forty-seven percent of respondents describe their board’s culture as strong, while another 45% rank it as “generally good,” so the 30% whose board doesn’t conduct performance assessments may believe that their board’s culture and practices are solid. Or in other words, why fix something that isn’t broken? However, there’s always room for improvement.

Combs and Steele both attest that performance evaluations, when conducted by a third party to minimize bias and ensure anonymity, can be a useful tool for measuring the board’s engagement.

Training and assessment practices vary from board to board, but directors also identify some consistent knowledge gaps in this year’s results. Survey respondents view cybersecurity, digital banking and e-commerce, and technology as the primary areas where their boards need more training and education. And respondents are equally split on whether their board would benefit from a technology committee, if it doesn’t already have one.

And while directors certainly do not want to be mandated into diversifying their ranks, in anonymous comments some respondents express a desire to get new blood into the boardroom and detail the obstacles to recruiting new talent.

“Our community bank wants local community leaders to serve on our board who reflect our community,” writes one respondent. “Most local for[-] profit and not-for-profit boards are working to increase their board diversity, and there are limited numbers of qualified candidates to serve.”

To read more about these critical board issues, read the white paper.

To view the results of the survey, click here.

A Look Inside Fifth Third’s ESG Journey

Mike Faillo was recently promoted to the new role of chief sustainability officer at Fifth Third Bancorp, with a team focused on the Cincinnati-based regional bank’s environmental, social and governance (ESG) program, including its climate strategy and social and governance reporting. Faillo started his career in public accounting at PwC in 2008, just in time for the collapse of Lehman Brothers and the onset of the financial crisis. He spent the next several years auditing a trillion dollar bank, and then working on Comprehensive Capital Analysis and Review (CCAR) stress tests and developing resolution plans.

Faillo says those experiences informed his journey to lead ESG at $211.5 billion Fifth Third. 

When he joined the bank’s investor relations team in 2019, he dug into Fifth Third’s ESG profile and learned that the organization wasn’t effectively telling its story. So with support from the bank’s executive leadership team, including Chairman and CEO Greg Carmichael, Faillo transformed Fifth Third’s corporate social responsibility report into a broader, data-driven report in 2020 that tells the bank’s complete ESG story. Faillo jokes that he went from writing about the death of a bank through living wills to the life of it in the ESG report.

In this edition of the Slant podcast, Faillo also discusses the need for agility and teamwork on ESG, and how he works across the organization to uncover opportunities for the bank. He also digs into the complexities of measuring carbon emissions, and why it’s a great opportunity to work with business clients to help them on their own journeys to net zero. And he addresses what’s easiest — and hardest — for banks to get right on ESG. The interview was conducted in advance of Bank Director’s Bank Audit & Risk Committees Conference, where Faillo appears as part of a panel discussion, “How Banks Are Stepping Up Their ESG Plans.”

What New Climate Disclosure Means for Banks

Climate risk assessment is still in its infancy, but recent pronouncements by federal regulators should have bank directors and executives considering its implications for their own organizations.   

Under a new rule proposed by the Securities and Exchange Commission, publicly traded companies would be required to report on certain climate-related risks in regular public filings. 

Though the SEC’s proposal only applies to publicly traded companies, some industry observers say it’s only a matter of time before more financial institutions are expected to grapple with climate-related risks. Not long after the SEC issued its proposal, the Federal Deposit Insurance Corp. issued its own draft principles for managing climate risk. While the principles focus on banks with over $100 billion of assets, Acting Chair Martin Gruenberg commented further that “all financial institutions, regardless of size, complexity, or business model, are subject to climate-related financial risks.” 

The practice of assessing climate risk has gained momentum in recent years, but many boards aren’t regularly talking about these issues. Just 16% of the directors and officers responding to Bank Director’s 2022 Risk Survey say their board discusses climate change annually.

To understand what this means for their own organizations, boards need to develop the baseline knowledge so directors can ask management smarter questions. They should also establish organizational ownership of the issue and think about the incremental steps they might take in response to those risk assessments. 

“Climate risk is like every other risk,” says Ivan Frishberg, chief sustainability officer at $7 billion Amalgamated Financial Corp. in New York. “It needs the same systems for managing it inside a bank that any other kind of risk does. It’s going to require data, it’s going to require risk assessments, it’s going to require strategy. All of those things are very traditional frameworks.” 

The SEC’s proposed rule intends to address a major challenge with sizing up climate risk: the lack of uniform disclosures of companies’ greenhouse gas emissions and environmental efforts. The agency also wants to know how banks and other firms are incorporating climate risks into their risk management and overall business strategies. That includes both physical risk, or the risk of financial losses from serious weather events, and transition risk, arising from the shift to a low-carbon economy.  

Bank Director’s Risk Survey finds that many boards need to start by getting up to speed on the issue. Though 60% of survey respondents say that their board and senior leadership have a good understanding of physical risks, just 43% say the same about transition risk. Directors should also get a basic grasp of what’s meant by Scope 1, Scope 2 and Scope 3 emissions to better gauge the impact on their own institutions.  

Understanding Carbon Emissions

Scope 1: Emissions from sources directly owned or controlled by the bank, such as company vehicles.

Scope 2: Indirect emissions associated with the energy a bank buys, such as electricity for its facilities. 

Scope 3: Indirect emissions resulting from purchased goods and services (business travel, for example) and other business activities, such as lending and investments.

 

The SEC’s proposal would not require scenario analysis. However, directors and executives should understand how their loan portfolios could be affected under a variety of scenarios. 

Talking with other banks engaged in similar efforts could help institutions benchmark their progress, says Steven Rothstein, managing director of the Ceres Accelerator for Sustainable Capital Markets, a nonprofit that works with financial institutions on corporate sustainability. Boards could also look to trade associations and recent comments by federal regulators. In a November 2021 speech, Acting Comptroller of the Currency Michael Hsu outlined five basic questions that bank boards should ask about climate risk. The Risk Management Association recently established a climate risk consortium for regional banks. 

Assessing climate risk involves pulling together large amounts of data from across the entire organization. Banks that undertake an assessment of their climate-related risks should appoint somebody to coordinate that project and keep the board apprised.  

Banks might also benefit from conducting a peer review, looking at competing institutions as well as banks with similar investor profiles, says Lorene Boudreau, co-leader of the environment, social and governance  working group at Ballard Spahr. “What are the other components of your investors’ profile? And what are they doing? Use that information to figure out where there’s a [gap], perhaps, between what they’re doing and what your company is doing,” she says.

Finally, boards should think about the shorter term, incremental goals their bank could set as a result of a climate risk assessment. That could look like smaller, sector-specific goals for reducing financed emissions or finding opportunities to finance projects that address climate-related challenges, such as storm hardening or energy efficiency upgrades. 

A number of big banks have made splashy pledges to reduce their greenhouse gas emissions to net zero by 2050, but fewer have gotten specific about their goals for 2030 or 2040, Boudreau says. “It doesn’t have a lot of credibility without those interim steps.” 

While many smaller financial institutions will likely escape regulatory requirements for the near term, they can still benefit from adopting some basic best practices so they aren’t caught off guard in a worst-case scenario. 

“Climate risk is financial risk,” says Rothstein. “If you’re a bank director thinking about the safety and soundness of a bank, part of your job has to be to look at climate risk. Just as if someone said, ‘Is the bank looking at cyber risk? Or pandemic risk or crypto risk?’ All of those are risks that directors, through their management team, have to be aware of.” 

Focusing on ESG

In this episode of Looking Ahead, Crowe LLP Partner Mandi Simpson talks with Al Dominick about what’s driving greater focus on environmental, social and governance (ESG) issues, and explores some of the fundamentals that boards should understand. She also sheds light on how boards can consider shareholder return and balance long-term ESG strategy with a short-term view on profitability, and provides tips on how boards can better focus on this important issue.

Bank Director Releases 2022 Risk Survey Results

BRENTWOOD, TENN., Mar. 29, 2022 – Bank Director, the leading information resource for directors and officers of financial institutions nationwide, today released its 2022 Risk Survey, sponsored by Moss Adams LLP. The findings reveal a high level of anxiety about interest rate risk as well as a lack of awareness in the environmental, social and governance (ESG) space.

The 2022 Risk Survey finds that the majority of responding directors, CEOs, chief risk officers and other senior bank executives are more concerned about interest rate risk compared to the previous year. Why? While interest rate increases — kicked off with a quarter-point hike announced by the Federal Reserve earlier this month — would ease pressures on bank net interest margins, they could also dampen loan demand and slow economic growth. When asked about the ideal scenario for their institution, almost three-quarters of survey respondents say they’d like to see a moderate rise in rates in 2022, by no more than one point. That’s significantly less than the 1.9% expected from the Fed by the end of the year.

“Finding the balance between an increase in rates without a decrease in the volume of lending can be an art form,” says Craig Sanders, partner at Moss Adams. “Banks with more diverse loan portfolios and those that made the right bets regarding loan terms will be better positioned to adapt to the new, ever-changing environment.”

Findings also reveal that more than half of the respondents’ banks don’t yet focus on ESG issues in a comprehensive manner, and just 6% describe their ESG program as mature enough to publish a disclosure of their progress. 

“While we see a handful of primarily larger, public banks focused on ESG, it’s a broad issue that touches on several areas important to community banking, including community and employee engagement, risk management and data privacy, and corporate governance,” says Emily McCormick, vice president of research at Bank Director. “The survey finds banks setting goals in these distinct spheres when it comes to ESG, despite a lack of formal programs or initiatives.”

Key Findings Also Include: 

Top Risks
Respondents also reveal increased anxiety about cybersecurity, with 93% saying that their concerns have increased somewhat or significantly over the past year. Along with interest rate risk, regulatory risk (72%) and compliance (65%) round out the top risks. One responding CRO expresses specific concern about “heightened regulatory expectations” around overdraft fees, fair lending and redlining, as well as rulemaking from the Consumer Financial Protection Bureau around the collection of small business lending data. 

Enhancing Cybersecurity Oversight
Most indicate that their bank conducted a cybersecurity assessment over the past year, with 61% using the Cybersecurity Assessment Tool offered by the Federal Financial Institutions Examination Council (FFIEC) in combination with other methodologies. While 83% report that their program is more mature compared to their previous assessment, there’s still room to improve, particularly in training bank staff (83%) and using technology to better detect and/or deter cyber threats and intrusions (64%). Respondents report a median budget of $200,000 for cybersecurity expenses in fiscal year 2022, matching last year’s survey.

Setting ESG Goals
While most banks lack a comprehensive ESG program, more than half say their bank set goals and objectives in several discrete areas: employee development (68%), community needs, investment and/or volunteerism (63%), risk management processes and risk governance (61%), employee engagement (59%), and data privacy and information security (56%).

Protecting Staff
More than 80% of respondents say at least some employees work remotely for at least a portion of their work week, an indicator of how business continuity plans have evolved: 44% identify formalizing remote work procedures and policies as a gap in their business continuity planning, down significantly compared to last year’s survey (77%). Further, banks continue to take a carrot approach to vaccinations and boosters, with most encouraging rather than requiring their use. Thirty-nine percent require, and 31% encourage, employees to disclose their vaccination status.

Climate Change Gaps
Sixteen percent say their board discusses climate change annually — a subtle increase compared to last year’s survey. While 60% indicate that their board and senior leadership team understand the physical risks to their bank as a result of more frequent severe weather events, less than half understand the transition risks tied to shifts in preferences or reduced demand for products and services as the economy adapts.

The survey includes the views of 222 directors, CEOs, chief risk officers and other senior executives of U.S. banks below $100 billion in assets. Full survey results are now available online at BankDirector.com.

About Bank Director
Bank Director reaches the leaders of the institutions that comprise America’s banking industry. Since 1991, Bank Director has provided board-level research, peer-insights and in-depth executive and board services. Built for banks, Bank Director extends into and beyond the boardroom by providing timely and relevant information through Bank Director magazine, board training services and the financial industry’s premier event, Acquire or Be Acquired. For more information, please visit BankDirector.com.

About Moss Adams LLP
With more than 3,800 professionals across 30-plus locations, Moss Adams provides the world’s most innovative companies with specialized accounting, tax, and consulting services to help them embrace emerging opportunity. We serve over 400 banks and other financial institutions in all stages of the growth cycle helping our clients navigate an evolving regulatory environment, maintain profitability, and manage risk throughout each phase of their business’s growth. Discover how Moss Adams is bringing more West to business. For more information visit www.mossadams.com/fs.

Source:
For more information, please contact Bank Director’s Director of Marketing, Deahna Welcher, at dwelcher@bankdirector.com.

2022 Risk Survey: Complete Results

What’s keeping board members, CEOs, risk officers and other key executives up at night? 

With a number of evolving risks facing the industry, bank leaders have a lot on their plate. They weigh in on these key risks — from cybersecurity to rising interest rates and more — in Bank Director’s 2022 Risk Survey, sponsored by Moss Adams LLP. While it’s not surprising to find respondents almost universally more worried about cybersecurity — a perennial point of anxiety in the survey — they also reveal increased concerns in a number of areas. 

Almost three-quarters say they’re more worried about regulatory risk, with one respondent citing specific concerns about overdraft fees, fair lending and redlining, and rulemaking from the Consumer Financial Protection Bureau.  

Given expected rate hikes from the Federal Reserve, 71% say they’re worried about interest rate risk. Three-quarters hope to see a moderate rise in rates by the end of the year, though uncertainty around inflationary pressures, exacerbated by the conflict in Ukraine, could yield surprises.  

Members of the Bank Services program now have exclusive access to the full results of the survey, including breakouts by asset category. Click here to view the report.

Findings also include:

  • Most bank executives and board members report that their cybersecurity programs have matured, but respondents still identify key gaps in their programs, particularly in training bank staff (83%) and using technology to better detect and/or deter cyber threats and intrusions (64%). Respondents also reveal how the board oversees this critical threat.
  • In an indicator of how business continuity plans have evolved through the pandemic, more than 80% say at least some employees work remotely for at least a portion of their work week. When it comes to vaccinations, banks continue to take a carrot approach to vaccinations, with most encouraging rather than requiring Covid-19 vaccinations and boosters. Thirty-nine percent require, and 31% encourage, employees to disclose their vaccination status.
  • Environmental, social and governance disclosures may be getting a lot of buzz, but more than half of the survey participants don’t yet focus on environmental, social and governance issues in a comprehensive manner, but the majority set goals in several discrete areas related to ESG.
  • Sixteen percent say their board discusses climate change annually — a subtle increase compared to last year’s survey. 

Bank Director’s 2022 Risk Survey, sponsored by Moss Adams, surveyed 222 independent directors, chief executive officers, chief risk officers and other senior executives of U.S. banks below $100 billion in assets to gauge their concerns and explore several key risk areas, including credit risk, cybersecurity and emerging issues such as ESG. The survey was conducted in January 2022.

2022 Risk Survey Results: Walking a Tightrope

Despite geopolitical turmoil following Russia’s invasion of Ukraine, the Federal Reserve opted to raise interest rates 25 basis points in March — its first increase in more than three years — in an attempt to fight off a high rate of inflation that saw consumer prices rising by 7.9% over the preceding year, according to the Bureau of Labor Statistics.

“Inflation remains elevated, reflecting supply and demand imbalances related to the pandemic, higher energy prices, and broader price pressures,” the central bank said in a statement. The Federal Open Market Committee (FOMC) is the policymaking body within the Fed that sets rates, and Fed Chairman Jerome Powell remarked further that the FOMC will continue to act to restore price stability.

“We are attentive to the risks of further upward pressure on inflation and inflation expectations,” Powell said, adding that the FOMC anticipates a median inflation rate of 4.3% for 2022. He believes a recession is unlikely, however. “The U.S. economy is very strong and well-positioned to handle tighter monetary policy.”

Six more rate hikes are expected in 2022, which overshoots the aspirations of the directors, CEOs, chief risk officers and other senior executives responding to Bank Director’s 2022 Risk Survey, conducted in January. Respondents reveal a high level of anxiety about interest rate risk, with 71% indicating increased concern. When asked about the ideal scenario for their institution, almost three-quarters say they’d like to see a moderate rise in rates in 2022, by no more than one point — significantly less than the 1.9% anticipated by the end of the year.

Moss Adams LLP sponsors Bank Director’s annual Risk Survey, which also focuses on cybersecurity, credit risk, business continuity and emerging issues, including banks’ progress on environmental, social and governance (ESG) programs. More than half of the respondents say their bank doesn’t yet focus on ESG issues in a comprehensive manner, and just 6% describe their ESG program as mature enough to publish a disclosure of their progress.

Developments in this area could be important to watch: The term ESG covers a number of key risks, including climate change, cybersecurity, regulatory compliance with laws such as the Community Reinvestment Act and operational risks like talent.

“Finding employees is becoming much harder and has us [looking] at outsourcing (increased risk) or remote workers (increased risk),” writes one survey respondent. Workers want to work for ethical companies that care about their employees and communities, according to research from Gallup. Could a focus on ESG become a competitive strength in such an environment?

Key Findings

Top Risks
Respondents also reveal increased anxiety about cybersecurity, with 93% saying that their concerns have increased somewhat or significantly over the past year. Along with interest rate risk, regulatory risk (72%) and compliance (65%) round out the top risks. One respondent, the CRO of a Southeastern bank between $1 billion and $5 billion in assets, expresses specific concern about “heightened regulatory expectations” around overdraft fees, fair lending and redlining, as well as rulemaking from the Consumer Financial Protection Bureau around the collection of small business lending data.

Enhancing Cybersecurity Oversight
Most indicate that their bank conducted a cybersecurity assessment over the past year, with 61% using the Cybersecurity Assessment Tool offered by the Federal Financial Institutions Examination Council (FFIEC) in combination with other methodologies. While 83% report that their program is more mature compared to their previous assessment, there’s still room to improve, particularly in training bank staff (83%) and using technology to better detect and/or deter cyber threats and intrusions (64%). Respondents report a median budget of $200,000 for cybersecurity expenses in fiscal year 2022, matching last year’s survey.

Setting ESG Goals
While most banks lack a comprehensive ESG program, more than half say their bank set goals and objectives in several discrete areas: employee development (68%), community needs, investment and/or volunteerism (63%), risk management processes and risk governance (61%), employee engagement (59%), and data privacy and information security (56%).

Protecting Staff
More than 80% of respondents say at least some employees work remotely for at least a portion of their work week, an indicator of how business continuity plans have evolved: 44% identify formalizing remote work procedures and policies as a gap in their business continuity planning, down significantly compared to last year’s survey (77%). Further, banks continue to take a carrot approach to vaccinations and boosters, with most encouraging rather than requiring their use. Thirty-nine percent require, and 31% encourage, employees to disclose their vaccination status.

Climate Change Gaps
Sixteen percent say their board discusses climate change annually — a subtle increase compared to last year’s survey. While 60% indicate that their board and senior leadership team understand the physical risks to their bank as a result of more frequent severe weather events, less than half understand the transition risks tied to shifts in preferences or reduced demand for products and services as the economy adapts.

To view the high-level findings, click here.

Bank Services members can access a deeper exploration of the survey results. Members can click here to view the complete results, broken out by asset category and other relevant attributes. If you want to find out how your bank can gain access to this exclusive report, contact bankservices@bankdirector.com.

3 Steps to Planning for Climate Risk

Last year, President Joe Biden’s Executive Order on Climate-Related Financial Risk and the resulting report from the Financial Stability Oversight Council identified climate change as an emerging and increasing threat to U.S. financial stability.

A number of financial regulatory and agency heads have also spoken about climate risk and bank vulnerability.

Now the question is: What should banks be doing about it now? Here are three steps you can take to get started:

1. Conduct a Risk Assessment
Assessing a financial institution’s exposure to climate risk poses an interesting set of challenges. There is the short-term assessment for both internal operations and business exposures: what is happening today, next month or next year. Then there are long-term projections, for which modeling is still being developed.

So where to begin?
Analyzing the potential impacts of physical risk and transition risk begins with the basic question, “What if?” What if extreme weather events continue, how does that impact or alter your operational and investment risks? What if carbon neutral climate regulations take hold and emissions rapidly fall? Widen your scope from credit risk to include market, liquidity and reputational risk, which is taking on new meaning. Bank executives may make reasonable decisions to stabilize their balance sheet, but those decisions could backfire when banks are seen as not supporting their customers in their transition.

Regional and smaller financial institutions will need more granular data to assess the risk in their portfolios, and they may need to assemble local experts who are more familiar with climate change’s impact on local companies.

2. Level Up the Board of Directors
Climate change has long been treated as part of corporate social responsibility rather than a financial risk, but creating a climate risk plan without executive support or effective oversight is a fool’s errand. It’s time to bring it into the boardroom.

Banks should conduct a board-effectiveness review to identify any knowledge gaps that need to be filled. How those gaps are filled depends on each organization, but climate change expertise is needed at some level — whether that be a board member, a member of the C-suite or an external advisor.

The next step is incorporating climate change into the board’s agenda. This may already be in place at larger institutions or ones located in traditionally vulnerable areas. However, recent events have made it clear that climate risk touches everything the financial sector does. Integrating climate risk into board discussions may look different for each financial institution, but it needs to start happening soon.

3. Develop a Climate-Aware Strategy
Once banks approach climate risk as a financial risk instead of simply social responsibility, it’s time to position themselves for the future. Financial institutions are in a unique position when formulating a climate risk management strategy. Not only are they managing their own exposure — they hold a leadership role in the response to carbon neutral policies and regulation.

It can be challenging, but necessary, to develop a data strategy with a holistic view across an organization and portfolio to reveal where the biggest risks and opportunities lie.

Keeping capital flowing toward clients in emission industries or vulnerable areas may seem like a high risk. But disinvestment may be more detrimental for those companies truly engaged in decarbonization activities or transition practices, such as power generation, real estate, manufacturing, automotive and agriculture. These exposures may be offset by financing green initiatives, which have the potential to mitigate transition risk across a portfolio, increase profit and, better yet, stabilize balance sheets as the economy evolves into a carbon neutral world.

Banks Enter a New Era of Corporate Morality

Are we entering a new era of morality in banking?

Heavily regulated at the state and federal level, banks have always been subjected to greater scrutiny than most other companies and are expected to pursue fair and ethical business practices — mandates that have been codified in laws such as the Community Reinvestment Act and various fair lending statutes.

The industry has always had a more expansive stakeholder perspective where shareholders are just one member of a broad constituency that also includes customers and communities.

Now a growing number of banks are taking ethical behavior one step further through voluntary adoption of formal environmental, social and governance (ESG) programs that target objectives well beyond simply making money for their owners. Issues that typically fall within an ESG framework include climate change, waste and pollution, employee relations, racial equity, executive compensation and board diversity.

“It’s a holistic approach that asks, ‘What is it that our stakeholders are looking for and how can we – through the values of our organization – deliver on that,” says Brandon Koeser, a financial services senior analyst at the consulting firm RSM.

Koeser spoke to Bank Director Editor-at-Large Jack Milligan in advance of a Sunday breakout session at Bank Director’s Acquire or Be Acquired Conference. The conference runs Jan. 30 to Feb. 1, 2022, at the JW Marriott Desert Ridge Resort and Spa in Phoenix.

The pressure to focus more intently on various ESG issues is coming from various quarters. Some institutional investors have already put pressure on very large banks to adopt formal programs and to document their activities. Koeser says many younger employees “want to see a lot more alignment with their beliefs and interests.” And consumers and even borrowers are “beginning to ask questions … of their banking partners [about] what they’re doing to promote social responsibility or healthy environmental practices,” he says.

Koeser recalls having a conversation last year with the senior executives of a $1 billion privately held bank who said one of their large borrowers “came to them and asked what they were doing to promote sustainable business practices. This organization was all about sustainability and being environmentally conscious and it wanted to make sure that its key partners shared those same values.”

Although the federal banking regulators have yet to weigh in with a specific set of ESG requirements, that could change under the more socially progressive administration of President Joe Biden. “One thing the regulators are trying to figure out is when a [bank] takes an ESG strategy and publicizes it, how do they ensure that there’s comparability so that investors and other stakeholders are able to make the appropriate decision based on what they’re reading,” he says.

There are currently several key vacancies at the bank regulatory agencies. Biden has the opportunity to appoint a new Comptroller of the Currency, a new chairman at Federal Deposit Insurance Corp. and a new vice chair for supervision at the Federal Reserve Board. “There’s a unique opportunity for some new [ESG] policy to be set,” says Koeser. “I wouldn’t be surprised if we see in the next two to three years, some formality around that.”

Koeser says he does sometimes encounter resistance to an ESG agenda from some banks that don’t see the value, particularly the environmental piece. “A lot of banks will just kind of say, ‘Well, I’m not a consumer products company. I don’t have a manufacturing division. I’m not in the transportation business. What is the environmental component to me?’” he says. But in his discussions with senior executive and directors, Koeser tries to focus on the broad theme of ESG and not just one letter in the acronym. “That brings down the level of skepticism and allows the opportunity to engage in discussions around the totality of this shift to an ESG focus,” he says. “I haven’t been run out of a boardroom talking about ESG.”

Koeser believes there is a systemic process that banks can use to get started on an ESG program. The first step is to identify a champion who will lead the effort. Next, it’s important to research what is happening in the banking industry and with your banking peers and competitors. Public company filings, media organizations such as Bank Director magazine and company websites are all good places to look. “There’s a wealth of information out there to start researching and understanding what’s happening around us,” Koeser says.

A third step in the formation process is education. “The [program] champion should start presenting to the board on what they’re finding,” Koeser says. Then comes a self-assessment where the leadership team and board compare the bank’s current state in regards to ESG to the industry and other institutions it competes with. The final step is to begin formulating an ESG strategy and building out a program.

Koeser believes that many banks are probably closer to having the building blocks of an effective ESG program than they think. “It’s really just a matter of time before ESG will become something that you’ll need to focus on,” he says. “And if you’re already promoting a lot of really good things on your website, like donating to local charities, volunteering and supporting your communities, there’s a way to formalize that and begin this process sooner rather than later.”