Methods to Create Effective Customer Journeys for Your Bank

In recent years, there has been an increase in the number of job positions for chief customer experience officers across financial institutions (FI) of all sizes. Those roles were created to help an FI focus outwardly and represent the customers’ points of view. Stated differently, people filling those roles ask the “why” question while most FIs tend to focus only on the “how.”

Marrying the How and the Why
A recent example of an unrealized opportunity to rewrite the customer journey involved branch-initiated loan applications. The process required a customer to come into a branch, sign a piece of paper which was then scanned and sent to the back office for processing. After processing, it was stamped “complete” and sent along for further scanning and indexing.

The staff was asked to improve the process, and they recommended switching the ink used to stamp “complete” from oil-based ink to water-based. By doing so, the ink did not bleed through the document, which was causing it to be scanned as two images. While the process was indeed improved incrementally, the FI did not go far enough, missing an opportunity to fundamentally improve the whole customer journey and realize more benefits for both customers and employees.

Customer journey maps marry the “how” and the “why” into one document. The how is expressed as a simple workflow document, showing the touchpoints of any process. Once the current process is documented, the why questions begin. Why do FIs need a wet signature on this document? Why do the customers need to scan their drivers’ licenses? Why should a customer have to stop into a branch to complete the application?

While having a CCEO is a great start, the most successful FIs focus on creating multiple customer experience advocates, all of whom use customer journey maps to document the hows and ask the whys. FIs that position multiple customer experience advocates across the institution have more desirable outcomes than those that have one person. The trick is getting started.

While there are many tools available to assist in generating customer journey maps, PRI suggests that FIs can be quite effective with a simple white board and some post-it notes.

Don’t become burdened with unfamiliar tools until you’ve built a few maps. Involve staff from all areas, especially those areas that are customer-facing. Create a dashboard or a scorecard and keep track of the improvements. And celebrate successes as you go.

Creating a journey map places the customer at the beginning of the process and requires the FI to think like a customer. For example, customers often find it unacceptable to wait 10 days for their debit card to arrive in the mail after opening a new account. Rather than justifying the process by explaining it, the FI can create a journey map with a goal in mind that helps them reach the next level of service. Asking why at every step along the journey is far more critical than asking how.

How to get started:

  • Choose a process known to create customer frustration.
  • Establish a goal for the customer journey map exercise.
  • Put on the “customer hat” or even experience the journey as a customer yourself.
  • Document all touchpoints.
  • Review each touchpoint and ask why it works the way it does.
  • Research best practice models.
  • Attack the touchpoints, seeking to remove friction and working toward the goal of better customer service.

Customer journey mapping has been proven to be highly beneficial to financial institutions and their bottom line. FIs should teach customer experience advocates to create effective customer journey maps for all significant touchpoints.

The process does not have to be formal. It can be simple. Marrying the how and the why will allow the FI to take advantage of the many benefits and opportunities inherent in customer journey mapping.

The Intersection of Paying and Playing in Online Video Gaming

Video gaming is a vast, fast-growing global industry touching various sectors, including payments.

The global revenue for 2021 was estimated at $175.8 billion, which, represents a compound annual growth rate of 8.7% between 2020 and 2024, according to a Boston Consulting Group analysis. This is a clear opportunity for banks to take advantage of growing card usage and enhance consumer engagement in online video gaming.

The global community of online gamers is set to exceed 3 billion people in 2022, nearly a third of the world’s population, according to the 2021 Global Games Market Report. That’s a lot of goals scored, hazards avoided and quests completed. This community now includes consumers from nearly all demographic segments; with that comes a closer correlation between paying and playing in the online universe.

Visa Consulting & Analytics has outlined the key characteristics of the online video gaming market, including its customer base, revenue models, integration of payments, pain points and opportunities for today’s payments businesses.

Understanding the Value Chain, Revenue Models
In online gaming, there are generally four primary stakeholders and four broad gamer segments, shown below.

There are multiple revenue models in online gaming — all of which can be lucrative for stakeholders. One such revenue model is in-game micro-transactions, which has become a core driver of transaction volume across platforms. Although there is overlap among them, gaming revenue models can generally be codified as follows:

  • Buy-to-play: The gamer buys the game and can play indefinitely. However, the game continues to be supported by the developer or publisher (such as providing downloadable content), which the gamer may need to pay to access.
  • Free-to-play: The gamer does not need to purchase the title to play, but access to some features and content may require a subscription or micro-transactions.
  • Freemium games: These are free to start but are limited in terms of how far the gamer can progress before they must purchase the game.
  • Subscription: The game is typically free to play to entice new gamers, but they must pay a regular subscription to maintain access to all parts of a game.
  • Ad-supported games: These are typically free to play, with the developer or publisher earning revenue from advertisements that the gamer needs to watch periodically to continue playing.
  • Play-to-earn games: These typically incorporate blockchain elements such as non-fungible tokens, or NFTs. Gamers are incentivized to use NFTs to improve their value or to create new NFTs. Gamers may need to pay an upfront fee to participate, but are paid for their contribution to new and/or upgraded NFTs.

How Payments Fit Into Gaming
With the appearance of new revenue models, the gaming ecosystem has become increasingly more complex, with many parties and a myriad of payment flows. There’s business-to-business (B2B) and consumer-to-business (C2B); with the emergence of play-to-earn gaming, there’s also the potential for business-to-consumer (B2C) and consumer-to-consumer (C2C).

The predominance of digital delivery and the rapid growth of freemium models and in-game purchases means there is considerable potential for publishers and marketplaces to influence “top-of-wallet” payment behaviors. This is due to the closed-loop nature of the marketing channels on the platforms, which limits a financial institution’s ability to influence payment behaviors.

Maximizing Profitability Potential Via Push Notifications

Implementing digital fintech solutions is critical for banks seeking to grow their customer base and maximize profitability in today’s increasingly competitive industry.

To engage account holders, banks must explore digital-first communication strategies and mobile-friendly fintech products. Push notifications are an often overlooked, yet powerful, tool that enables financial institutions to proactively deliver important messages to account holders that earn higher engagement rates than traditional communication methods.

Push notifications are delivered directly through a banking app and sent to account holders’ mobile devices and can provide timely alerts from a financial provider. While push notifications can act as a marketing tool, they can also convey critical security alerts via a trusted communication channel — as opposed to mediums that are vulnerable to hacks or spoofing, such as email or SMS texts. Push notifications can be used for personalized promotional offers or reminders about other financial services, such as bill pay or remote check deposit, transaction and application status updates, financial education and support messaging, local branch and community updates and more.

Banks can also segment push notifications using geo-location technology, as long as customers get permission, to alert account holders at a time, place and setting that is best suited to their needs. Banks can customize these notifications to ensure account holders receive messages notifying them of services that are most relevant to their financial needs.

When leveraged effectively, push notifications are more than simple mobile alerts; they’re crucial tools that can significantly increase account holder engagement by nearly 90%. Push notifications can be more effective in reaching account holders compared to traditional marketing methods like email or phone calls and receive engagement rates that are seven times higher.

Boosting customer engagement can ultimately have a significant impact on a bank’s profitability. Studies show that fully engaged retail banking customers bring in 37% more annual revenue to their bank than disengaged customers. Enhancing ease of use while offering greater on-demand banking services that consumers want, banks can leverage push notifications to encourage the use of their banking apps. Enabling push notifications can result in a 61% app retention rate, as opposed to a rate of 28% when financial providers do not leverage push notifications.

Bank push notifications come at a time when consumer expectations for streamlined access to digital banking services have greatly accelerated. In a study, mobile and online access to bank accounts was cited by more than 95% of respondents as a prioritized banking feature.

This focus forces financial institutions to explore fintech solutions that will elevate their customers’ digital experience. Traditional institutions that fail to innovate risk a loss of market or wallet share as customers migrate to technologically savvy competitors. U.S. account holders at digital-only neobanks is expected to surge, from a current 29.8 million to 53.7 million by 2025.

Banks should consider adding effective mobile fintech tools to drive brand loyalty and reduce the threat of lost business. Push notifications are a unique opportunity for banks to connect with their audience at the right moments through relevant messaging that meets individual account holder needs.

Real-time and place push notifications can also be a way for banks to strengthen their cross-selling strategies with account holders. They can be personalized in a predictive way for account holders so that they only offer applicable products and services that fit within a specific audience’s needs. This customization strategy can drive revenue while fostering account holder trust.

To gain insight on account holders’ financial habits and goals, institutions can track user-level data and use third-party services to tailor push notifications about available banking services for each account holder. Institutions can maximize the engagement potential of each offer they send by distributing contextually relevant messaging on services or products that are pertinent to account holder’s financial needs and interests.

Push notifications are one way banks are moving toward digital-first communication strategies. Not only do push notifications offer a proactive way to connect with account holders, they also provide financial institutions with a compelling strategic differentiator within the banking market. Forward-looking financial institutions can use mobile alerts to strengthen account holder relationships, effectively compete, grow their customer base and, ultimately, maximize profitability.

How Engagement, Not Experience, Unlocks Customer Loyalty

In casual conversations, “customer engagement” and “customer experience” are often used interchangeably. But from a customer relationship perspective, they are absolutely not synonymous and it’s critical to understand the differences. Here’s how we define them:

Customer experience (CX) is the perception of an individual interaction, or set of interactions, delivered across various touch points via different channels. The customer interprets the experience as a “moment in time” feeling, based on the channel and that specific, or set of specific, interactions. A visit to an ATM is a customer experience, as is the wait time in a branch lobby on a Saturday morning or the experience of signing up for online banking.

Customer engagement, on the other hand, is the sum of all interactions that a customer has throughout their financial lifecycle: direct, indirect, online and offline interactions, face-to-face meetings, online account opening and financial consulting. Engagement with a customer over time and repeatedly through dozens of interactions should ideally build trust, loyalty and confidence. It should ultimately lead to a greater investment of the customers’ money in the bank’s product and service offerings.

Why the Difference Matters
As customers demanded and used self-service and digital banking capabilities, bank executives focused on the user experience (UX); however, that is merely a subset of CX and a poor substitute for actual customer engagement. Moreover, the promise of digital-first often doesn’t meet adoption and usage goals, worsening the customer experiences while underutilizing the technology. The addition of digital-first channels can also cause confusion, frustration and dead-ends — resulting in an even worse CX than before.

Take for example the experience of using an ATM. If the ATM is not operational, this singular transaction — occurring at one specific point in time — is unsatisfactory. The customer is unable to fulfill their transaction. However, it is doubtful that after this one experience the customer will move their accounts to another institution. But if these negative experiences compound — if the customer encounters multiple instances in which they are unable to complete their desired transactions, cannot reach the appropriate representative when additional assistance and expertise is needed or is not provided with the most up-to-date information to quickly resolve the issue — they are going to be more willing to move to a competitor.

When banks focus on experience, they tend to only look at point interactions in a customer’s journey and make channel-specific investments — missing the big picture of customer engagement. This myopic focus can produce negative outcomes for the institution. Consider the addition of a new loan origination system that produces unsustainable abandonment rates. Or introducing live chat, only to turn it off because the contact center cannot support the additional chat volume and its subsequent doubling of handle times. These are prime examples of how an investment in a one channel, and not the entire engagement experience, can backfire.

While banks often look at point interactions, or a customer’s experiences, to assess operational performance, bank customers themselves judge their bank based on the entire engagement. Engagement spans all customer interactions and touch points, from self-service to the employee-assisted and hyper personalized. Now is the time for bankers to consider things from the customers’ perspectives.

Instead, banks should prioritize engagement as being critical to their long-term success with customers. Great things happen when banks engage with their customers. Engagement strengthens emotional, ongoing banking relationships and fosters better individual customer experiences over account holders’ full financial lifecycle.

Engagement enables revenue growth, as new customers open accounts and existing consumers expand their relationship. Banks can also experience increased productivity and efficiency as each interaction yields better results. Improving customer engagement will naturally increase the satisfaction of individual customer experiences as well.

The distinction between customer engagement and customer experience is central to the concept of relationship banking. Rather than providing services that aim to simply fulfill customer needs, banks must consider a more holistic customer engagement strategy that connects individual experiences into a larger partnership — one that delights account holders and inspires long-term loyalty with each interaction.

Risk Practices For Today’s Economy

Organizations’ ability to strategically navigate change proved crucial during the Covid-19 pandemic, which required financial institutions to respond to a health and economic crisis. The resiliency of bank teams proved to be a silver lining in 2020, but banks can’t take their eye off the ball just yet.

Bank Director’s 2021 Risk Survey, sponsored by Moss Adams LLP,  focuses on the key risks facing banks today and how the industry will emerge from the pandemic environment. In this video, Craig Sanders, a partner in the financial services practice at Moss Adams, shares his perspective and expertise on these issues.

  • Managing Credit Uncertainty
  • More Eyes on Business Continuity
  • Cybersecurity Today

Highlights From CECL Adoption

On Jan. 1, 2020, approximately 100 SEC financial institutions with less than $50 billion in assets across the country adopted Accounting Standards Update 2016-13, Financial Instruments—Credit Losses (Topic 326) Measurement of Credit Losses on Financial Statements.

More commonly referred to as “CECL,” the standard requires banks to estimate the credit losses for the estimated life of its loans — essentially estimating lifetime losses for loans at origination. Not all banks adopted the standard, however. While calendar-year SEC filers that are not considered to be smaller reporting companies or emerging growth companies were set to implement the standard at the start of 2020, the Coronavirus Aid, Relief, and Economic Security Act and subsequent Consolidated Appropriations Act, 2021, allowed them to delay CECL implementation through the first day of the fiscal year following the termination of the Covid-19 national emergency or Jan. 1, 2022. Of the publicly traded institutions below $50 billion in assets that were previously required to adopt the standard, approximately 25% elected to delay.

Highlights from the banks that adopted the standard could prove very useful to other community banks, as many work toward their January 2023 effective date. A few of the relevant highlights include:

  • Unfunded commitments had significant effects. It is important that your institution understands the potential effect of unfunded commitments when it adopts CECL. The new standard has caused significant increases in reserves recorded for these commitments. At institutions that have already adopted the standard, approximately 20% had a more significant effect from unfunded commitments than they did from funded loans.
  • Certain loan types were correlated with higher reserves. When comparing the reserves to loan concentrations at CECL adopters with less than $50 billion in assets, institutions with high levels of commercial and commercial real estate/multifamily loans experienced larger increases in reserves as a percentage of total loans for the period ended March 31, 2020.
  • Certain models were more prevalent in banks with less than $50 billion in assets. Approximately 60% of the banks with less than $50 billion in assets indicated they used the probability of default/loss given default model in some way. Other commonly used models were the discounted cash flow model and loss rate models. Less than 10% of adopters so far have disclosed using the weighted-average remaining maturity (WARM) model.
  • One to 2 years were the most commonly used forecast periods. The new standard requires banks to use a reasonable and supportable economic forecast to guage loss potential, which demands a significant amount of judgment and estimation from management. Of the banks that adopted, more than half used 1 year, and approximately a quarter used 2 years.
  • Acquisitions impacted the additional reserves recorded at adoption. Of the 10 CECL adopters with the most significant increases in reserves as a percentage of loans, nine had completed an acquisition in the previous year. This is due to the significant changes in the accounting around acquisitions as a part of the CECL standard. The new standard requires reserves to be recorded on purchased loans at acquisition; the old standard largely did not.
  • Reserves increased. Focusing on banks that adopted CECL in the first quarter that have less than $5 billion in assets (21 institutions), all but one experienced an increase in reserves as a percentage of loans. Approximately 70% of those institutions had an increase of between 30% and 100%.

The CECL standard allows management teams to customize the calculation method they use, even among different types of loans within the portfolio. Because of that and because each bank’s asset pool will look a little different, there will be variations in the CECL effects at each institution. However, the general themes seen in these first adopters can provide useful insight to help community banks make strides toward implementation.

This article is for general information purposes only and is not to be considered as legal advice. This information was written by qualified, experienced BKD professionals, but applying this information to your particular situation requires careful consideration of your specific facts and circumstances. Consult your BKD advisor or legal counsel before acting on any matter covered in this update.

What’s a Bank? History Offers a Guide

For as long as there have been banks, there has been competition from nonbanks that provide some of the same services.

In the early 1980s, E. Gerald Corrigan, a former president of both the Federal Reserve banks in Minneapolis and New York and a managing director at Goldman Sachs & Co., articulated the essential problem in his well-known essay “Are Banks Special?”

Corrigan published his essay in part due to the encroachment of thrift companies, money market mutual funds and insurance companies that wanted to compete with some aspect of commercial banking. The question he posed became more pertinent by the end of the millennium, as the Gramm-Leach-Bliley Act tore down the walls dividing investment banks, securities companies, insurers and commercial banks. That lead to the development of the moneycenter banks and other global financial institutions we know today. But the question of what qualifies as a bank is particularly important as financial technology companies encroach on the space normally reserved for commercial banks and thrifts.

Corrigan attributed the specialness of banks to three distinct characteristics:

  1. Banks offer transaction accounts.
  2. Banks are the backup source of liquidity for all other institutions.
  3. Banks are the transmission belt for monetary policy.

Merely lending, he wrote, did not make a company a bank.

“[T]here is nothing unique or special about the asset side of a banks’ balance sheet,” Corrigan wrote. “Concerns about the nature and risk characteristics of bank assets arise in the context of the unique nature of bank liabilities, the need to preserve the integrity of the deposit-taking function, and the special trusteeship growing out of that function.”

These characteristics do give banks “special and unique functions,” he wrote — in short, that banks are special. The specialness of banks means it does matter which companies get to hold bank charters and the privileges and regulations that entails.

The questions reverberate two decades later, as financial technology companies make in-roads into the financial services space through charter applications and by buying bank charters. It underpinned interviews I conducted for my second-quarter 2021 story in Bank Director magazine. I believe the industry will continue grappling with these questions as more companies eye bank charters: What is a bank, and are banks special?

Below are the answers I gleaned from several financial technology companies that now have bank charters and from Thomas Curry, the former Comptroller of the Currency, who played an instrumental role in laying the groundwork for fintech bank charters. Their answers have been edited for clarity and length.

What’s a bank?

Banking is evolutionary. You don’t want to define banking in a way that doesn’t allow it to expand or adapt to technology. That was the theory behind the OCC’s responsible innovation whitepapers, that banking needs to adapt. That was part of the thinking of why we should provide an opportunity for fintechs to enter into the bank space.
former Comptroller of the Currency Thomas Curry, a partner at Nutter McClennen & Fish.

A bank used to be a noun — it was a physical place with columns and very ornate lobbies. Now it’s a verb. It’s no longer a physical location as much as a thing you do.

LendingClub is absolutely a bank. But we’re a new type of bank; the business model brings together the benefits of a bank with the benefits of the marketplace’s asset generating capability. In the same way that Airbnb didn’t replicate hotels, they created something new, using the technology as the launch pad to put a whole new spin on the industry.
Anuj Nayar, chief communications officer for LendingClub Corp., which bought Radius Bancorp and acquired its bank charter

I think the bank of the future should be [a place] where your money really is, you know it is there and it never fails. This is how the public thinks about it: The money is at the bank and the bank is safe. The word “bank” usually implies storage, like a vault. Jiko is a company that offers exactly that: the reality of what people think a bank is.
— Stephane Lintner, CEO and co-founder of Jiko Group, which doesn’t lend and acquired a bank charter in its acquisition of Mid-Central National Bank

Varo is new type of bank, in the sense that our focus is on our purpose: helping the consumer and not trying to make money by charging a lot of fees. So many traditional banks have not focused on the consumer segments that [Varo is] trying to help. Not only are we providing financial services, but we’re doing it in a way that we think supports the dignity and the opportunity of the consumer.
— Maria Gracias, general counsel at Varo Money, which received OCC approval for a de novo bank charter

An Easy Way to Lose Sight of Critical Risks


audit-6-7-19.pngLet me ask you a question…

How does the executive team at your biggest competitor think about their future? Are they fixated on asset growth or loan quality? Gathering low-cost deposits? Improving their technology to accelerate the digital delivery of new products? Finding and training new talent?

The answers don’t need to be immediate or precise. But we tend to fixate on the issues in front of us and ignore what’s happening right outside our door, even if the latter issues are just as important.

Yet, any leader worth their weight in stock certificates will say that taking the time to dig into and learn about other businesses, even those in unrelated industries, is time well spent.

Regular readers of Bank Director know that executives and experienced outside directors prize efficiency, prudence and smart capital allocation in their bank’s dealings.

But here’s the thing: Your biggest—and most formidable—competitors strive for the same objectives.

So when we talk about trending topics at this year’s Bank Audit and Risk Committees Conference, hosted by Bank Director in Chicago from June 10-12, we do so with an eye not just to the internal challenges faced by your institution but on the external pressures as well.

As we prepare to host 317 women and men from banks across the country, let me state the obvious: Risk is no stranger to a bank’s officers or directors. Indeed, the core business of banking revolves around risk management—interest rate risk, credit risk, operational risk.

Given this, few would dispute the importance of the audit committee to appraise a bank’s business practices, or of the risk committee to identify potential hazards that could imperil an institution.

Banks must stay vigilant, even as they struggle to respond to the demands of the digital revolution and heightened customer expectations. I can’t overstate the importance of audit and risk committees keeping pace with the disruptive technological transformation of the industry.

That transformation is creating an emergent banking model, according to Frank Rotman, a founding partner of venture capital firm QED Investors. This new model focuses banks on increasing engagement, collecting data and offering precisely targeted solutions to their customers.

If that’s the case—given the current state of innovation, digital transformation and the re-imagination of business processes—is it any wonder that boards are struggling to focus on risk management and the bank’s internal control environment?

When was the last time the audit committee at your bank revisited the list of items that appeared on the meeting agenda or evaluated how the committee spends its time? From my vantage point, now might be an ideal time for audit committees to sharpen the focus of their institutions on the cultures they prize, the ethics they value and the processes they need to ensure compliance.

And for risk committee members, national economic uncertainty—given the political rhetoric from Washington and trade tensions with U.S. global economic partners, especially China—has to be on your radar. Many economists expect an economic recession by June 2020. Is your bank prepared for that?

Bank leadership teams must monitor technological advances, cybersecurity concerns and an ever-evolving set of customer and investor expectations. But other issues can’t be ignored either.

At our upcoming event in Chicago, the Bank Audit and Risk Committees Conference, I encourage everyone to remember that minds are like parachutes. In the immortal words of musician Frank Zappa: “It doesn’t work if it is not open.”

What You Need to Know About the OCC’s Fintech Charter


OCC-10-17-18.pngOn July 31, 2018, the Office of the Comptroller of the Currency said it will begin accepting applications for a special purpose national bank charter designed specifically for fintech companies. The news came hours after the Treasury Department issued a parallel report preemptively supporting the move.

In connection with its announcement, the OCC issued a supplement to its Comptroller’s Licensing Manual as well as a Policy Statement addressing charter applications from fintech companies. Both are worth reviewing by anyone thinking about submitting an application.

The Application Process
To apply for a fintech charter, a company must engage in either or both of the core banking activities of paying checks or lending money. Generally, this would include businesses involved in payment processing or marketplace lending.

The fintech charter is not available for companies that want to take deposits, nor is it an option for companies seeking federal deposit insurance. Such companies would have to apply instead for a full-service national bank charter and federal deposit insurance.

The application process for a fintech charter is similar to that for a de novo bank charter, with each application reviewed on its own unique facts and circumstances.

The four stages of the application process are:

  1. The pre-filing phase, involving preliminary meetings with the OCC to discuss the business plan, proposed board and management, underlying marketing analysis to support the plan, capital and liquidity needs and the applicant’s commitment to providing fair access to its financial services
  2. The filing phase, involving the submission of a completed application
  3. The review phase, during which the OCC conducts a detailed review and analysis of the application
  4. The decision phase, during which the OCC determines whether to approve the application

The process from beginning to end can take up to a year or longer.

Living with a fintech charter
Fintech banks will be supervised in a similar manner to national banks. They will be subject to minimum capital and liquidity requirements that could vary depending on the applicant’s business model, financial inclusion commitments, and safety and soundness examinations, among other things.

Additionally, to receive final approval to open a fintech bank, an applicant must adopt and receive OCC approval of a contingency plan addressing steps the bank will take in the event of severe financial stress. Such options would include a sale, merger or liquidation. The applicant must also develop policies and procedures to implement its financial inclusion commitment to treat customers fairly and provide fair access to its financial services.
Similar to a traditional de novo bank, a fintech bank will be subject to enhanced supervision during at least its first three years of operation.

Pre-application considerations
A company thinking about applying should consider:

  1. The advantages of operating under a single, national set of standards, particularly for companies operating in multiple states
  2. The ability to meet minimum capital and liquidity requirements
  3. The time and expense of obtaining a charter
  4. Whether a partnership with an existing bank is a superior alternative
  5. The potential for delays in the regulatory process for obtaining a charter, including delays resulting from the OCC application process or legal challenges to that process

There is one complicating factor in all of this. Following the OCC’s initial proposal to issue fintech charters in 2017, two lawsuits were filed challenging the OCC’s authority to do so—one by the Conference of State Bank Supervisors and one by the New York State Department of Financial Services. Both were dismissed, because the OCC had yet to reach a final decision. But now that the OCC has issued formal guidance and stated its intent to accept applications, one or both lawsuits may be refiled.

Whether this happens remains to be seen. But either way, the OCC’s decision to accept applications for fintech charters speaks to its commitment to clear the way for further innovation in the financial services industry.

How Risk Culture Drives a Sound Third-Party Risk Management Program


risk-10-1-18.pngRisk culture plays a role in every conversation and decision within a financial institution, and it is the key determinant as to whether a bank performs in a manner consistent with its mission and core values. Risk culture is a set of encouraged, acceptable behaviors, discussions, decisions and attitudes toward taking and managing risk.

Third-party risk management (TPRM) is a fairly new discipline that has evolved over the past few years from legacy processes of vendor or supplier management functions previously used by companies to manage processes or functions outsourced to third parties. A “third-party” now refers to any business arrangement between two organizations.

The interagency regulatory guidance (The Federal Reserve Board, OCC, FFIEC and CFPB) says a bank cannot outsource the responsibility for managing risk to a third-party especially when additional risks are created. These risks may relate to executing the process or managing the relationship.

The recent Center for Financial Professionals (CFP) Third Party Risk Management survey “Third Party Risk: A Journey Towards Maturity” underpinned the issue around risk culture given the resourcing dilemma that most organizations face. Getting top-down support and buy-in was an issue posed by respondents in the survey. One respondent stated, “The greatest challenge ahead is to incorporate third party risk management goals into the goals of the first line of defense.” Another respondent stated, “Challenges will be to embed this into the organization, including [the] establishment of roles and responsibilities.” In particular, TPRM teams found it challenging to get buy-in from the first line of defense for the management of cyber risk and concentration risk.

Effective TPRM can only be achieved when there is a risk-centric tone, at the top, middle and bottom, across all layers of the company. Clear lines of authority within a three-lines-of-defense model are critical to achieving the appropriate level of embeddedness, where accountabilities and preferred risk management behaviors are clearly defined and reinforced.

Root cause analyses on third-party incidents and risk events (inclusive of near-misses) should be better used by organizations to reinforce training and lessons learned as it relates to duties performed by the third party. Risk event reporting and root cause analysis allows leadership to identify and understand why a third party incident occurred, identifies trends with non-performance of service-level agreements with the third party, and ensures appropriate action is taken to prevent repeat occurrences as it relates to training, education or communication deficiencies.

Risk culture is paramount to achieving benefits from the value proposition of an effective and sustainable TPRM program, and also satisfies regulators’ use test benchmarks.

Roles and responsibilities must be clearly defined and integrated within a “hub and spoke” model for the second-line TPRM function, the first line third-party relationship managers and its risk partners. Clearly, there is a need for financial institutions to (1) implement a robust training and communication plan to socialize TPRM program standards, and (2) ensure first-line relationships and business owners have been provided training.

Risk culture mechanisms that facilitate clear, concise communication are fundamental components for a successful TPRM program – empowering all parties to fulfill responsibilities in an efficient, effective fashion. The challenge of managing cultural and personnel change components cannot be underestimated. As a result, the involvement of human resources, as a risk partner, is critical to a successful resource model. With respect to cultural change, a bank should observe and assess behaviors with current third-party arrangements. The levels of professionalism and responsibility exhibited by key stakeholders in existing third-party arrangements may indicate how much TPRM orientation or realignment is required.

Key success factors to build a robust risk culture across TPRM include:

  • Clear roles and responsibilities across the three lines of defense and risk partners within the “hub and spoke” model for risk oversight.
  • Greater consistency of practices with regards to treatment of third parties. Eliminate silos.
  • Increase understanding of TPRM activities and policy requirements across the relationship owners and risk partners.

Indicators of a sound TPRM culture and program include:

  • Tone from the top, middle and bottom – the board and senior management set the core values and expectations for the company around effective TPRM processes from the top down; and front-line business relationship manager behavior is consistent from the bottom-up with those values and expectations. 
  • Accountability and ownership – all stakeholders know and understand core values and expectations, as well as enforcement implications for misconduct. 
  • Credible and effective challenge – logic check for overall TPRM framework elements, whereby (1) decision-makers consider a range of views, (2) practices are tested and (3) open discussion is encouraged.
  • Incentives – rewarding behaviors that support the core values and expectations.

Setting a proper risk culture across the company is indeed the foundation to building a sound TPRM program. In other words, you need to walk before you can run.