Regtech: Reaping the Rewards

regtech-4-24-18.pngAs it evolves, regtech is uniquely poised to save banks time and money in their compliance efforts, and has become a common topic for many in the banking industry. If you’re ready to realize the promise of regtech at your institution, here are a few key steps to take before you start parsing through providers or sending out requests for proposals.

Consider changes to your organizational structure that would place oversight of both legal and compliance transformations under one department. In Burnmark’s RegTech 2.0 report, Chee Kin Lam, the group head of legal, compliance and secretariat for DBS Bank, pointed to his authority over both legal and compliance functions and budgets as a key to the Singapore-based bank’s ability to work with regtech companies.

At first blush, a change to your bank’s internal structure seems like an extreme measure for a precursor to a technology pilot, but that perception misses the big-picture implications of implementing a new regtech solution. If a bank intends to engage meaningfully with regtech, Lam pointed out, there’s a need for an overarching framework for onboarding new technologies to make sure they “speak to each other at a legal/compliance level instead of at an individual function level—e.g. control room, trade surveillance, AML surveillance and so on.”

What’s more, legal and compliance functions are already tied closely together, and any regtech solution would likely impact both areas of the bank. Central management of these two functions can help ensure efficient regtech implementation.

Create a solid, detailed problem statement before you ever look for a solution. Lam suggests identifying the top legal and compliance risks your bank is facing, and working from there to identify pain points for your employees and customers when they interact with that risk area. One way to go about this process is to utilize design thinking, which looks at products and experiences from the point of view of the customers and employees who utilize them.

By seeking out pain points and working through the design-thinking process to find their root cause, bank leadership can identify specific, actionable areas for improvement. As tempting as it can be for an institution to attempt a total overhaul of its regulatory processes, banks should pursue modular regtech solutions to solve specific, defined problem statements instead. As Peter Lancos, CEO and co-founder of Exate Technology, points out in RegTech 2.0, “[f]ragmentation makes a regulatory strategy impossible—especially due to geographic spread and banks having separate teams set up to deal with individual regulations.”

Leverage outside expertise. The risks of implementing regtech can be daunting, so bank leaders need to use every tool in their arsenal to get deployment right. Banks should involve regulators in the conversation early on in the process of working with a regtech company. According to Jonathan Frieder of Accenture in The Growing Need for RegTech, “[r]egulators globally have continued to accept and, ultimately, to embrace regtech” making 2018 “a pivotal year.”

In addition to getting regulators on board, banks should consider enlisting outside assistance from consultants or other regulatory experts. Such experts provide assistance with assessing problem statements or potential regtech vendors. Lancos states that he feels “it is essential for banks to have regulatory expertise support to actually write the rules that go into the rules engine of regtech solutions.”

Regtech implementation is a lot more involved than an average plug-and-play fintech product. However, when a bank considers the cost efficiencies, improved compliance record and decreased customer and employee frustration, the upside of regtech can be well worth the planning it requires.

Rewards of Board Service

2017-Compensation-White-Paper-cover.pngAre bank boards becoming savvier?

In 2007, the life of a bank board member was less stressful. That was before Lehman Brothers Holdings filed for bankruptcy, before the full impact of the financial crisis was felt by the nation’s banks and almost three years before the Dodd-Frank Act was passed. By contrast, Bank Director’s 2012 Compensation Survey found bank boards “Overworked, Underpaid and Unappreciated.”

However, directors may be breathing a little easier or at least have adjusted to their enhanced responsibilities, according to our findings in the 2017 Compensation Survey, sponsored by Compensation Advisors, a member of Meyer-Chatfield Group. This white paper looks at the evolving trends both in composition and compensation that have occurred over the past ten years.

Today, most directors—73 percent—believe that their compensation is competitive enough to attract new board members. Just seven percent of the independent directors and chairmen responding to this year’s survey cite additional income as the greatest reward for board service—meaning that attracting top talent to the board doesn’t boil down to money. “Compensation is not a primary driver in choosing to serve on a board,” says Flynt Gallagher, president of Compensation Advisors. “You’ll never pay them for the actual value of the time spent.”

As the oversight responsibilities of bank boards expand, fueled not just by the regulatory environment but also an evolving marketplace, the composition of bank boards are gradually shifting to meet these new demands. Sixty percent of survey respondents say their board has a plan in place to identify prospective directors, and 51 percent say their board will actively seek to become more diverse in the next two years.

But will today’s banks be able to find and attract the board members needed to take the organization into the future?

For more on these considerations, read the white paper.

To view the full results to the survey, click here.

How a Board Can Credibly Challenge Management on Risk

3-16-15-KPMG.pngIf you were asked, as a community bank director, how well your board challenges your executive team about the effectiveness of its risk management program (an area of increasing regulatory focus), how would you grade your board? Would it be closer to a C than an A? Worse? Better?

It is a situation that begs a few questions: What steps can, and should, a director take to assess management’s risk and compliance management capabilities? How can a board implement processes that enhance its risk oversight capabilities and how will those processes evolve and mature as the bank grows and the strategic and competitive landscape changes? Does the board need a separate risk committee? If the board is not required by regulation to have a risk committee, how well is the board discharging its risk oversight responsibilities (possibly delegated to the audit committee)?

Our experience with community banks indicates that, with the risk environment quickly evolving, directors can benefit from risk management training focused on the board’s role in ensuring the adequacy and effectiveness of the bank’s risk management functions and activities. We say that not as criticism but instead as an indication of the difficulty in keeping up with the pace of industry change.

What may be most important, though, is the recognition at banks that risk management is not just a program, but rather, is an ongoing process that must become embedded in the way management runs the bank and the board conducts its stewardship and oversight responsibilities.

With those observations as a backdrop, community bank board members may want to consider the following to identify potential improvement opportunities in board governance, oversight and risk management capabilities:

  • If the bank has less than $10 billion in assets, and thus is not required by The Dodd-Frank Act to establish a separate risk committee, is risk management afforded the appropriate degree of focus and attention?
  • What is the complexity of the bank’s operating model and the pace of change within the organization, the  markets it serves, the types of credit offered, liquidity risks, interest-rate exposure, and its ability to respond to technological changes and cybersecurity threats?
  • Is the management of risks being overseen by the full board, spread across various committees, or delegated to the audit committee?  Have roles and responsibilities for risk oversight been clearly defined and communicated, including among the various board members and committees?  If the audit committee is responsible, do the members have the capacity, and skills, to provide effective oversight of the variety of risks facing the bank, or should a dedicated risk committee be established?

Regardless of whether or not a separate risk committee exists, the full board is ultimately responsible for understanding the bank’s key risks and credibly challenging management’s assessment and response to those risks.  Here are several considerations for boards as they evaluate their risk oversight. Keep in mind the issue of scalability. As the bank grows, the processes and reporting associated with each risk oversight activity will become more robust and formalized:

  1. Do our board members (particularly directors on audit or risk committees) know our bank’s top enterprise risks—those that threaten our bank’s strategy, business model, or existence? 
  2. Does our bank have a formal risk management process? Do directors know how management identifies and manages risks, both existing and emerging, and if there is a process of accountability? Does the board have comfort that management has the proper talent to manage today’s risks?
  3. Does the bank have a formal risk appetite statement? If not, how does the board oversee that management is not taking risks outside of the bank’s stated risk tolerance? Is there a protocol to escalate a risk issue directly to the board? Is there evidence that management recognizes the critical need to timely communicate risk issues to board members? Is there a process for the board to evaluate the impact of compensation on management’s risk-taking?
  4. As the bank takes on new initiatives or offers new products and services, does the board understand the process to evaluate the risks prior to decisions being made? Is there a clear threshold for when items need to be brought to the board before finalizing a decision?
  5. In examining management’s reporting process, are directors concerned whether they are getting relevant data? Are they getting so much detail that it cannot be absorbed? Are they getting data at such a high level that it’s impossible to evaluate risk?
  6. Does the board recognize that risk management done well adds competitive advantage and value by addressing gaps in operations? Viewing risk management solely as a compliance function increases the chances of wasting time and money.
  7. Is the board ensuring that, in dealing with the regulators, the bank is “getting credit’’ for the risk management activities it is doing well by being able to describe the programs that have been instituted—or actions taken—that will enable the bank to “harvest value” from its enterprise risk management process?
  8. Finally, given the importance of “tone at the top,’’ are directors satisfied that the proper culture of “doing the right thing’’ exists across the organization?

Audit Committee 101: Back to Basics

Duty of care, loyalty and good faith are the basic foundations for every board member as they strive to increase revenue and shareholder value for their institutions. As the regulatory requirements continue to expand, the role of the audit committee is quickly following suit, leaving many bank audit committee members concerned about their effectiveness.

At Bank Director’s Bank Audit Committee conference in Chicago on June 14-15th, Robert Fleetwood, partner for Chicago-based law firm Barack Ferrazzanno’s financial institutions group and Todd Sprang, partner at the certified public accounting firm Clifton Gunderson, took a crowded room of audit committee members back to basics during their Audit Committee 101 session.


Cautioning that these are not one-size-fits-all requirements, Fleetwood and Sprang outlined a list of fundamentals and best practices for today’s audit committee members.

1.       Understand your duties. Sprang suggested if you are unsure of your role or responsibilities, seek a tutorial from outside counsel to ensure that every member is comfortable with their duties.

2.      Recognize the reputational risk to the organization and you as an individual. At the end of the day, you want to do the right thing by all parties. It’s never a good situation when a director has to admit that he/she didn’t read the materials or didn’t know what was going on at their institution.

3.      Oversight. The primary role of the audit committee is to evaluate the audit process, oversee financial reporting, and assess the risk and control environment. To do this effectively, committee members should be asking lots of questions, requesting feedback and regularly discussing concerns.

4.      Committee composition. Most boards typically look to local CPAs to fill their audit committee seats, yet having members with a wide range of expertise provides additional perspective and beneficial feedback.

5.      Yes, you need a committee charter. Not only should the charter be reviewed on a regular basis to ensure that the board is complying, but it happens to be a great tool for setting agendas.            

6.      To rotate or not to rotate? Fleetwood recommended that if you do implement a rotation requirement, that it take place after an extended period of time. The audit committee has a steep learning curve and rotating frequently creates the risk of losing members before they had a chance to peak.

7.     Build a relationship with the external auditors. Communication is the key.  Review your reports and materials ahead of time, and use the review session to ask them questions, get their perspectives on market trends, and request recommendations.

8.   Internal audit reviews. Whether your institution uses in-house resources or outsources this process, a major red flag is a report with no findings. Ask why. You should always be finding ways to improve, rather than just going through the motions.                

9.      Setting the agenda. The agenda should follow the committee charter as well as include an annual checklist to work through regularly. Delegate the legwork to your experts and include them on the agenda periodically.

10. Attend the meetings. Distribute materials ahead of time, whether in print or through board portals, and include only what is necessary to review. Read the materials beforehand and attend in person at least quarterly.