Is the FDIC’s IT Exam Effective?

Community banks may be in for a surprise the next time their information technology and cybersecurity systems are examined by the Federal Deposit Insurance Corp.

The agency is undertaking a number of changes to the exam it uses to assess IT systems and controls at supervised banks, after a report from the agency’s Office of the Inspector General in January found weaknesses that could miss or underestimate risk at examined institutions. Advisors and the OIG have warned that FDIC-examined banks might need better protections beyond what the FDIC’s IT exam requires. 

“Until the FDIC addresses these weaknesses, there is a risk that IT and cyber risks at banks will not be identified or adequately mitigated or addressed. As a result, financial institutions may be more susceptible to [cyberattacks] and threats,” the OIG wrote.

FDIC’s IT exam, called the IT Risk Examination or InTREx, was implemented in 2016 and updated in 2019. The ratings a bank receives on this exam feed into the management component of the CAMELS rating, which stands for capital, asset quality, management, earnings, liquidity and sensitivity to market risk. The CAMELS rating carries a number of implications for banks, including determining their deposit insurance assessment.

The FDIC’s OIG found that the InTREx program is outdated: It doesn’t reflect current or updated federal guidance and frameworks in three of the exam’s four core modules. For example, InTREx was developed using a cybersecurity framework from the National Institute of Standards and Technology (NIST) that came out in 2014. That framework was updated in 2018, but those changes aren’t reflected in the program, according to the OIG. 

“The evolving nature of IT and cyber risks underscores the need for timely updates to examination procedures for the InTREx program. Without an effective process to update the InTREx program, the FDIC cannot ensure that its examiners are applying current IT guidance to assess all significant risks,” the OIG wrote. “The lack of an effective process also increases the potential that banks may be operating in IT environments with unidentified and unmanaged risks.”

The OIG also audited a sample of exam findings and found instances where examiners didn’t complete the InTREx exam procedures and decision factors required to support their findings and subsequent ratings. The office wrote that these shortcomings indicate that examiners may not be making accurate assessments of bank IT risks, or that banks may not be receiving accurate or fully documented exam findings or composite ratings. 

Small banks that use their exam findings to direct IT investments may be surprised if the FDIC updates the exam. They can’t rely on the exam to be the only “trustworthy rudder” that guides their programs, says Joshua Sitta, CIO and founder of cybersecurity firm Sittadel. And an updated InTREx program could lead to examiner findings that could adversely impact a bank’s management score in their CAMELS rating.

“If you feel like your bank is operating within your risk appetite and you’re using the InTREX score to evaluate that, you’re running a bank [with risk] that is much higher than your risk appetite,” he says.  

The OIG audit contains 19 recommendations for the FDIC, including updating the program, ensuring examiners follow the procedures as intended and reviewing and applying new threat information regularly. The FDIC concurred with the majority of the OIG’s recommendations and proposed corrective action that should be completed by the end of the year. However, the OIG determined that on five recommendations, the FDIC’s proposed actions didn’t satisfy the recommendations. The FDIC didn’t return requests for comment for this article. 

The OIG’s report led audit and consulting firm Plante Moran to issue guidance this spring that encouraged banks to be proactive in testing for cybersecurity threats and to keep up with the changing IT landscape.

But that can even create challenges during InTREx exams. Colin Taggert, a principal at Plante Moran who provides cybersecurity consulting and authored the spring client notice, has heard of “pain points” from bank clients with systems that are more robust, modern or updated in certain areas beyond the scope of InTREx, but receive feedback based on the older exam materials. 

That tension also came up in banker feedback to the FDIC’s ombudsman, according to the 2022 annual report: “Some bankers reported that examiners did not sufficiently understand the processes, risks, and controls related to their bank’s technology programs. In the bankers’ opinions, this led to unwarranted criticisms and inappropriate supervisory recommendations,” the ombudsman wrote.

Cybersecurity is a perennial focus of risks for banks, with 83% of respondents to Bank Director’s 2023 Risk Survey saying their cybersecurity risk concerns increased somewhat or significantly year-over-year. Almost 90% say their bank had conducted a cybersecurity assessment in the past 12 months; the median budget for cybersecurity in 2023 was $250,000. 

This focus on cybersecurity underlines that banks are responsible for making sure they have safe and sound practices. Taggart and Sitta both recommend that FDIC-examined banks work with third parties to assess their IT frameworks and cybersecurity. Taggart recommends banks pay special attention to systems that have undergone changes in the last 5 to 7 years, including digital channels, wireless networks and policies around employees using personal devices for work, among others. 

Banks should also consider incorporating guidance from organizations like the Federal Financial Institutions Examination Council and NIST that has been updated in the years since InTREX was created. Several resources that the OIG, Taggart and Sitta reference include:

A Regulator Looks Back

Julie Stackhouse has witnessed a lot of turmoil in the industry since she started her career in 1980 at the Federal Reserve Bank of Kansas City.

An oil-fueled recession made for an interesting start to what became a four-decade career, lastly as executive vice president handling supervision of banks. In the early 1980s, she spent a lot of time in Oklahoma at a bank that failed as a result of the excesses of the time, Penn Square Bank. The Oklahoma City-based bank made a lot of bad energy loans, selling loan participations to big banks like Chase Manhattan Bank, later JPMorgan Chase & Co., and Chicago’s Continental Illinois National Bank & Trust Co. — which failed as a result in 1984, the largest bank to fail at that time.

Banks were overloaded with deposits; Penn Square had to put that money to work somewhere. Shoddy underwriting got deals done faster, and the bank grew rapidly before a run on deposits in the summer of 1982 resulted in its insolvency. Sound familiar?

“There [were] some real cowboys in Oklahoma back in those days,” she recalls. “And you pretty much had to figure out when you were being told what was happening with candor, and maybe when it was just a little bit embellished. And so I learned a lot from that.”

She’s learned a lot through the series of crises that hit the industry and retired on the cusp of another one, the Covid pandemic that hit the U.S. in early 2020. So, she swore she’d never join a bank board — until George Makris Jr. of Simmons First National Corp. persuaded her to join his. Makris, now executive chairman of the $28 billion, Pine Bluff, Arkansas-based bank, served as CEO until his retirement last year. She kept saying ‘no,’ she says. “I will give George credit. He is persistent when he has something in mind.”

But as much as she’s learned from a career regulating banks, it’s the five years she spent as an active stay-at-home mom — where she became deeply involved in improving her local community — that taught her about engagement and leadership.

“Just because I was not getting paid doesn’t mean I was choosing to do nothing,” she recalls. She joined the planning commission in Egan, Minnesota, and volunteered locally. She worked with great leaders, learning lessons she says she never would have learned at the Fed. “To be a great leader, you have to not only have a vision of what you want to accomplish, you have to have the energy and commitment to carry that vision along.”

She takes the same active approach to retirement as she took to motherhood, serving on the planning commission in Fort Collins, Colorado. Stackhouse shares lessons learned from her career as a regulator and weighs in on the industry’s current challenges in this edition of The Slant podcast.

This episode, and all past episodes of The Slant Podcast, are available on Bank, Spotify and Apple Podcasts. Governance issues like these will be covered during Bank Director’s Bank Board Training Forum in Nashville Sept. 11-12, 2023.

Preparing for the New Small Business Data Collection Rule

It’s taken more than ten years for the Consumer Financial Protection Bureau to issue a regulation to implement Section 1071 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. Now that it is here, financial institutions are weighing the potential impacts of compliance on their business and operations.

Section 1071 amended the Equal Credit Opportunity Act (ECOA) to require covered financial institutions to collect and report data regarding covered credit applications made by women-owned, minority-owned and small businesses, including but not limited to: the purpose of the loan, amount applied for and approved, actions taken and the race, sex and ethnicity of the business owners. Section 1071 has two statutory purposes: to facilitate enforcement of fair lending laws, and to enable the identification of business and community development needs and opportunities for women-owned, minority-owned and small businesses.

There was no action by the CFPB to issue a regulation to implement Section 1071 until 2019, when a lawsuit filed by a California community group alleged the CFPB unlawfully withheld and unreasonably delayed agency action by failing to implement Section 1071. That action ultimately led to the CFPB issuing the Small Business Data Collection Rule (“final rule”) on March 30, 2023.

The final rule provides detail on the specific data points that must be collected and how to report those to the CFPB. It clarifies which financial institutions are covered financial institutions and key definitions for a covered application, credit transaction and small business.

Financial institutions can determine whether they are a covered financial institution annually by counting their number of covered originations, and need to begin complying with the final rule according to the following timeline:

  • 2,500 or more in both 2022 and 2023 must comply by October 1, 2024
  • At least 500 in 2022 and 2023 and at least 100 in 2024 must comply by April 1, 2025
  • At least 100 in both 2024 and 2025 must comply by January 1, 2026

The final rule also introduces several new disclosure requirements, a sample safe-harbor data collection form for certain demographic data, and a firewall requirement on covered financial institutions to prevent certain employees involved in the application decision making from having access to applicant demographic data.

An executive summary of the final rule can be found here.

Failure to comply with the new data collection and reporting requirements of the final rule could result in penalties or fines by the CFPB. So it is essential that financial institutions take steps now to determine whether they are covered, and if so, to ensure they have processes in place to collect and report the required small business loan application data before their compliance start date.

Larger financial institutions and those already subject to Home Mortgage Disclosure Act and Community Reinvestment Act data collection requirements may be better positioned to absorb the compliance burdens that come with the final rule. But smaller financial institutions that have historically been exempt from this type of data collection and reporting requirements will need to act quickly to set up new operational processes and partnerships with their financial technology providers to ensure compliance. Financial institutions may also want to consider developing employee training programs to ensure application data is collected properly.

In terms of preparation, financial institutions need to consider both business and operational impacts. The change is far more than a compliance program problem or a data management problem. For some financial institutions, compliance with the final rule will require widespread organizational changes.

Financial institutions should connect with their loan origination providers now to ensure that they have a system in place to comply with the final rule. While some industry providers have already started making enhancements to their systems based on the proposed rule, others have opted to wait for the issuance of the final rule to begin implementing changes based upon customer feedback.

This article has been prepared for general information purposes only and is not legal advice. The information in this article is not intended to create, and receipt of it does not constitute, an attorney-client relationship.

Advancing Toward Operational Excellence Faster

In a perfect world, every banking organization would achieve operational excellence.

Unfortunately, the time-consuming realities of day-to-day operations can get in the way of working toward long-term goals. Pushing through those perceived boundaries will position your company to face whatever challenges arise in the form of competition, regulation changes or market pressures.

The industry-wide desire to attain operational excellence doesn’t yet matching the effort needed to get there. An overwhelming majority of banking CEOs — 74% — reported that continuing to quickly drive digital transformation is critical to staying ahead of the competition, according to a 2022 survey by KPMG. But 46% say they have paused or reduced this vital undertaking. This presents an opportunity for those who resolve to prioritize digitization to actually lead in their space.

Operational excellence isn’t merely a goal that banks reach and check off the to-do list. It’s a mindset that requires dedication to continuous improvement to meet key objectives:

  • A consistently excellent customer experience.
  • Positioning for agility in response to market conditions.
  • A culture that emphasizes employee confidence and job satisfaction.
  • Financial stability and growth.

Assuming the occupants of the C-suite are on board and have identified and agreed on the key performance indicators of success, the logical question is: Now what?

  1. Empower employees to share their experiences and best practices for their jobs. Ask them to identify silos, point out where staff is putting in the most effort for the least amount of return, and isolate pain points that emerge as they respond to customer inquiries.
  2. Develop or augment the organization’s knowledge management (KM) system. Employee input is helpful at this stage to reveal and deal with duplications and omissions.
  3. Translate the information to an all-in-one, cloud-based KM software solution. Undoubtedly, the KM software experts have seen it all before and are more than happy to lead a collaboration with a bank on this essential step.
  4. Implement the software. Once live, it’s an ongoing process; commit to making necessary revisions and updates.

Bank executives often cite budget concerns as a barrier to improvement. But the price tag for not moving toward operational excellence is much higher: loss of market share due to flagging competitiveness, more customer churn and a higher rate of staff attrition. For banks, tolerating the status quo here is like continuing to dust the furniture while the roof leaks water in every room.

Time spent on training also chews up precious staff hours; the best KM software solution can help with that. It can double as a scenario-based training program that helps reduce onboarding time and brings employees to proficiency faster, using real, on-the-job situations.

You might also want to consider adding an element of intelligent automation, or IA, you’re your internal processes. Often confused with artificial intelligence, or AI, IA helps by assuming responsibility for predictable, routine tasks — making employees available to accomplish more high-value work.

AI isn’t likely to replace all human agents, but various apps are already capable of handling duties, including streamlining processes and dealing with what might otherwise become piles of paperwork. Advancing toward operational excellence is simply paramount for a banking organization so it can position itself for the long run in the competitive industry. Happy clients stick around, as do cheerful employees — all of which contribute to a bigger bottom line. Aiming for perfection ultimately saves time and effort, by working smarter, not harder, in this imperfect world.

Will Regulators’ Actions Stem Deposit Runs, Banking Crisis?

Bank regulators rolled out several tools from their tool kit to try to stem a financial crisis this week, but problems remain. 

The joint announcements followed the Friday closure of Silicon Valley Bank and the surprise Sunday evening closure of Signature Bank. 

Santa Clara, California-based Silicon Valley Bank had $209 billion in assets and $175 billion in deposits at the end of 2022 and went into FDIC receivership on March 10; New York-based Signature Bank had $110 billion in assets and $88.6 billion in deposits at the end of 2022 and went into receivership on March 12. Both banks failed without an acquiring institution and the FDIC has set up bridge banks to facilitate their wind downs.

Bank regulators determined both closures qualified for “systemic risk exemptions” that allowed the Federal Deposit Insurance Corp. to cover all the deposits for the failed banks. Currently, deposit insurance covers up to $250,000; both banks focused mainly on businesses, which carry sizable account balances. About 94% of Silicon Valley’s deposits were uninsured, and 90% of Signature’s deposits were over that threshold, according to a March 14 article from S&P Global Market Intelligence.

The systemic risk exemption means regulators can act without Congressional approval in limited situations to provide insurance to the entire account balance, says Ed Mills, managing director of Washington policy at the investment bank Raymond James

The bank regulators also announced a special funding facility, which would help banks ensure they have access to adequate liquidity to meet the demands of their depositors. The facility, called the Bank Term Funding Program or BTFP, will offer wholesale funding loans with a duration of up to one year to eligible depository institutions that can pledge U.S. Treasuries, agency debt and mortgage-backed securities and other qualifying assets as collateral. The combined measures attempt to stymie further deposit runs and solve for the issue that felled Silicon Valley and Signature: a liquidity crunch. 

In a normal operating environment, banks would sell bonds from their available-for-sale securities portfolio to keep up with liquidity demands, whether that’s deposit outflows or additional lending opportunities. Rising rates over the last five quarters means that aggregate unrealized losses in securities portfolios grew to $620 billion at the end of 2022losses many banks want to avoid recording. In the case of Silicon Valley, depositors began to pull their money after the bank announced on March 8 it would restructure its $21 billion available-for-sale securities portfolio, booking a $1.8 billion loss and requiring a $2 billion capital raise. 

“The BTFP will be an additional source of liquidity [borrowed] against high-quality securities, eliminating an institution’s need to quickly sell those securities in times of stress,” the Federal Reserve said in its release on the facility. Importantly, the pledged collateral, such as U.S. Treasurys, will be valued at par. That is the “most beneficial portion” of the program and eliminates the discount many of these securities carry given their lower yields, Mills says. 

The hope is that banks pledge their underwater bonds to increase their liquidity should deposits begin to leave their institution. One concern, then, is that banks hesitate to use it as a sign of weakness, Mills says. But he says, “conversations about impacts to earnings and impacts to reputation are secondary to solvency.”

Former Comptroller of the Currency Gene Ludwig tells Bank Director that he appreciates the steps the regulators took, and of President Joe Biden’s messaging that accompanied Sunday’s actions. 

“I realized that for the regulators, because of the speed and the need to react quickly and over a weekend, there was a lot of wood to chop,” he says. “ It takes time, but I think they reacted with vigor.”

Although he wasn’t at the FDIC, Ludwig’s career touches on the importance of deposit coverage. In addition to serving as comptroller in the 1990s, he founded and later sold IntraFi, a reciprocal deposit network. He encourages banks to at least establish lines to the BTFP, since the application and transfers can take time.

It remains to be seen whether regulator actions will be enough to assuage depositors and the broader public. Banks have reportedly borrowed $11.9 billion from the new facility and another $152.8 billion from the discount window, according to a Bloomberg article published the afternoon of March 16. However, the facilities don’t fully address the problem that most banks are carrying substantial unrealized losses in their bond books — which may only continue to grow if the Federal Open Market Committee continues increasing rates.

“This announcement was about stemming the immediate systemic concerns, but it absolutely did not solve all of the banks’ woes,” Mills says.

It’s also possible that those tailored actions may be insufficient for certain institutions that resemble Silicon Valley Bank or Signature Bank. Clifford Stanford, an Atlanta-based partner of law firm Alston & Bird and a former assistant general counsel at the Federal Reserve Bank of Atlanta, remembers how bank failures and weakness would come in waves of activity during the Great Recession and afterward. 

“There’s a lot of unknowns about who’s got what holes in their balance sheet and who’s sitting on what problems,” he says. “Every board of every bank should be asking their management right now: Do we have this problem? If we do have a risk, how are we hedging it? What sort of options do we have to backstop liquidity? What’s our plan?”

How to Keep the SBA Loan Guarantee

Financial institutions that participate in Small Business Administration (SBA) lending know that the program provides added opportunities to expand their lending activity, generate additional revenue and potentially meet their Community Reinvestment Act (CRA) objectives. It’s exciting when an SBA loan gets to the finish line, closes and funds.

The SBA’s guarantee covering 75% or more of the loan is a big benefit to banks; it significantly reduces the risk and the guaranteed portion doesn’t count against the bank’s legal lending limit. Banks that sell the guaranteed portion of the loan into the secondary market can book the gain on sale as additional income immediately.

But it’s important for bankers to keep in mind that just because the loan secured an SBA guarantee at the time of origination doesn’t mean that it will be there if you need it — that is, if the borrower defaults on the loan for any unfortunate reason. If your institution requests the SBA to honor the guarantee, SBA will review the loan file to make sure the bank properly closed, documented, funded and serviced the loan according to the bank’s approved credit memo and the SBA Loan Authorization. They will review it with a higher level of scrutiny when it is considered an early default, or a loan that defaults within the first 18 months. If the loan file is not documented properly or the bank failed to meet any of the requirements, SBA will issues a repair — or worse, a full denial of the guarantee. For that reason, it is important that your bank has proper procedures in place which include a pre- and post-closing review process to ensure lenders don’t miss or overlook items.

As a lender service provider that provides loan file review services for SBA lenders nationwide, I can tell you that lenders are often surprised about the types of documentation deficiencies that we uncover during a review. The deficiencies typically come from a lack of proper procedures and checklists, lack of training, misinterpretation of the program rules and requirements, or just lacking the appropriate staff to properly conduct pre- and post-closing reviews and monitor important post-close items.

The top five material deficiencies leading to a repair or denial of SBA guarantees are:

  • Lien and collateral deficiencies.
  • Ineligible or unauthorized use of proceeds.
  • Debt refinance eligibility or documentation deficiencies related to debt refinance.
  • Not properly documenting the equity injection or source of equity funds.
  • Not properly documenting disbursement of loan proceeds.

The SBA will also review the loan file for any post-close servicing actions that may have occurred during the life of the loan. These include loan payment deferments, changes to the maturity date, assumption requests, release or exchange of collateral, changes to the ownership structure or release of a guarantor. The SBA expects your institution follow prudent lending standards and SBA program requirements when negotiating a feasible workout structure, considering an offer in compromise or liquidating an SBA loan.

It is imperative for institutions to properly document all service actions, conduct site visits as required and submit a written liquidation plan when appropriate. This is where lenders often seem to fall short and are taken off guard when the SBA comes back with a repair or denial of the SBA guarantee because of such documentation deficiencies.

The key takeaway is that it’s always important, but especially more so now in this economic environment, to properly monitor your institution’s existing SBA portfolio. Make sure your bank has properly trained staff, well thought-out procedures and checklists for all functions and proper staffing in each area. Engaging a third party that has a high level of SBA experience to occasionally review your bank’s files and provide feedback on how well processes are working is a good practice. A highly skilled SBA reviewer can help banks identify potential deficiencies and provide recommendations for best practices that will help them keep those loan guarantees.

The Return of the Credit Cycle

It has been like waiting for the second shoe to fall.

The first shoe was the Covid-19 pandemic, which forced the U.S. economy into lockdown mode in March 2020. Many banks prepared for an expected credit apocalypse by setting up big reserves for future loan losses — and those anticipated losses were the second shoe. Sure enough, the economy shrank 31.4% in the second quarter of 2020 as the lockdown took hold, but the expected loan losses never materialized. The economy quickly rebounded the following quarter – growing an astonishing 38% — and the feared economic apocalypse never occurred.

In fact, two and a half years later, that second shoe still hasn’t dropped. To this day, the industry’s credit performance since the beginning of the pandemic has been uncommonly good. According to data from S&P Global Market Intelligence, net charge-offs (which is the difference between gross charge-offs and any subsequent recoveries) for the entire industry were an average of 23 basis points for 2021. Through the first six months of 2022, net charge-offs were just 10 basis points.

Surprisingly, the industry’s credit quality has remained strong even though U.S. economic growth was slightly negative in the first and second quarters of 2022. The Bureau of Economic Analysis, which tracks changes in the country’s gross domestic product, had yet to release a preliminary third quarter number when this article published. However, using its own proprietary model, the Federal Reserve Bank of Atlanta estimated in early October that U.S. GDP in the third quarter would come in at 2.9%.

This would suggest that the industry’s strong credit performance will continue for the foreseeable future. But an increasing number of economists are anticipating that the U.S. economy will enter a recession in 2023 as a series of aggressive rate increases this year by the Federal Reserve to lower inflation will eventually lead to an economic downturn. And this could render a significant change in the industry’s credit outlook, leading to what many analysts refer to as a “normalization of credit.”

So why has bank loan quality remained so good for so long, despite a bumpy economy in 2022? And when it finally comes, what would the normalization of credit look like?

Answering the first question is easy. The federal government responded to the pandemic with two major stimulus programs – the $2.2 trillion CARES Act during President Donald Trump’s administration, which included the Paycheck Protection Program, and the $1.9 trillion American Rescue Plan Act during President Joe Biden’s administration — both which pumped a massive amount of liquidity into the U.S. economy.

At the same time, the Federal Reserve’s Federal Open Market Committee cut the federal funds rate from 1.58% in February 2020 to 0.05% in April, and also launched its quantitative easing policy, which injected even more liquidity into the economy through an enormous bond buying program. Combined, these measures left both households and businesses in excellent shape when the U.S. economy rebounded strongly in the third quarter of 2020.

“You had on one hand, just a spectacularly strong policy response that flooded the economy with money,” says R. Scott Siefers, a managing director and senior research analyst at the investment bank Piper Sandler & Co. “But No. 2, the economy really evolved very quickly on its own, such that businesses and individuals were able to adapt and change to circumstances [with the pandemic] very quickly. When you combine those two factors together, not only did we not see the kind of losses that one might expect when you take the economy offline for some period of time, we actually created these massive cushions of savings and liquidity for both individuals and businesses.”

The second question — what would a normalized credit environment look like? — is harder to answer. Ebrahim Poonawala, who heads up North American bank research at Bank of America Securities, says the bank’s economists are forecasting that the U.S. economy will enter a relatively mild recession in 2023 from the cumulative effects of four rate increases by the Federal Reserve — including three successive hikes of 75 basis points each, bringing the target rate in September to 3.25%. The federal funds rate could hit 4.4% by year-end if inflation remains high, and 4.6% by the end of 2023, based on internal projections by the Federal Reserve.

“There’s obviously a lot of debate around the [likelihood of a] recession today, but generally our view is that we will gradually start seeing [a] normalization and higher credit losses next year, even if it were not for an outright recession,” Poonawala says. While a normalized loss rate would vary from bank to bank depending on the composition of its loan portfolio, Poonawala says a reasonable expectation for the industry’s annualized net charge-off rate would be somewhere between 40 and 50 basis points.

That would be in line with the six-year period from 2014 through 2020, when annual net charge-offs for the industry never rose above 49 basis points. And while loan quality has been exceptional coming out of the pandemic, that six-year stretch was also remarkably good — and remarkably stable. And it’s no coincidence that it coincides with a period when interest rates were at historically low levels. For example, the federal funds rate in January 2014 was just 7 basis points, according to the Federal Reserve Bank of St. Louis’ FRED online database. The rate would eventually peak at 2.4% in July 2019 before dropping back to 1.55% in December of that year when the Federal Reserve began cutting rates to juice a sagging economy. And yet by historical standards, a federal funds rate of even 2.4% is low.

Did this sustained low interest rate environment help keep loan losses low during that six-year run? Siefers believes so. “I don’t think there’s any question that cheap borrowing costs were, and have been, a major factor,” he says.

If interest rates do approach 4.6% in 2023 — which would raise the debt service costs for many commercial borrowers — and if the economy does tip into a mild recession, the industry’s loan losses could well exceed the recent high point of 49 basis points.

“There is a case to be made that a recession could look a bit more like the 2001-02 [downturn] in the aftermath of the dot-com bubble [bursting],” says Poonawala. “You saw losses, but it was an earnings hit for the banks. It wasn’t a capital event.”

That recession lasted just eight months and the decline in GDP from peak to trough was just 0.3%, according to the National Bureau of Economic Research. The industry’s net charge-off ratio rose to an average of 107 basis points in 2002 before dropping to 86 basis points in 2003, 59 basis points in 2004 and bottoming out at 39 basis points in 2006.

This same cyclical pattern repeated itself in 2008 — the first year of the financial crisis – when the average net charge-off rate was 1.30%. The rate would peak at 2.67% in 2010 before declining to 68 basis points in 2013 as the economy gradually recovered.

When we talk about the normalization of credit, what we’re really talking about is the return of the normal credit cycle, where loan losses rise and fall with the cyclical contraction and expansion of the economy. Banks have experienced something akin to a credit nirvana since 2014, but it looks like the credit cycle will reappear in 2023 — aided and abetted by higher interest rates and an economic downturn.

CECL Model Validation Benefits Beyond Compliance

The current expected credit loss (CECL) adoption deadline of Jan. 1, 2023 has many financial institutions evaluating various models and assumptions. Many financial institutions haven’t had sufficient time to evaluate their CECL model performance under various stress scenarios that could provide a more forward-looking view, taking the model beyond just a compliance or accounting exercise.

One critical element of CECL adoption is model validation. The process of validating a model is not only an expectation of bank regulators as part of the CECL process — it can also yield advantages for institutions by providing crucial insights into how their credit risk profile would be impacted by uncertain conditions.

In the current economic environment, financial institutions need to thoroughly understand what an economic downturn, no matter how mild or severe, could do to their organization. While these outcomes really depend on what assumptions they are using, modeling out different scenarios using more severe assumptions will help these institutions see how prepared they may or may not be.

Often vendors have hundreds of clients and use general economic assumptions on them. Validation gives management a deeper dive into assumptions specific to their institution, creating an opportunity to assess their relevance to their facts and circumstances. When doing a validation, there are three main pillars: data and assumptions, modeling and stress testing.

Data and assumptions: Using your own clean and correct data is a fundamental part of CECL. Bank-specific data is key, as opposed to using industry data that might not be applicable to your bank. Validation allows for back-testing of what assumptions the bank is using for its specific data in order to confirm that those assumptions are accurate or identify other data fields or sources that may be better applied.

Modeling (black box): When you put data into a model, it does some evaluating and gives you an answer. That evaluation period is often referred to as the “black box.” Data and assumptions go into the model and returns a CECL estimate as the output. These models are becoming more sophisticated and complex, requiring many years of historical data and future economic projections to determine the CECL estimate. As a result of these complexities, we believe that financial institutions should perform a full replication of their CECL model. Leveraging this best practice when conducting a validation will assure the management team and the board that the model the bank has chosen is estimating its CECL estimate accurately and also providing further insight into its credit risk profile. By stripping the model and its assumptions down and rebuilding them, we can uncover potential risks and model limitations that may otherwise be unknown to the user.

Validations should give financial institutions confidence in how their model works and what is happening. Being familiar with the annual validation process for CECL compliance will better prepare an institution to answer all types of questions from regulators, auditors and other parties. Furthermore, it’s a valuable tool for management to be able to predict future information that will help them plan for how their institution will react to stressful situations, while also aiding them in future capital and budgeting discussions.

Stress testing: In the current climate of huge capital market swings, dislocations and interest rate increases, stress testing is vital. No one knows exactly where the economy is going. Once the model has been validated, the next step is for banks to understand how the model will behave in a worst-case scenario. It is important to run a severe stress test to uncover where the institution will be affected by those assumptions most. Management can use the information from this exercise to see the connections between changes and the expected impact to the bank, and how the bank could react. From here, management can gain a clearer picture of how changes in the major assumptions impact its CECL estimate, so there are no surprises in the future.

How High Inflation, High Rates Will Impact Banking

In the latest episode of The Slant Podcast, former Comptroller of the Currency Gene Ludwig believes the combination of high inflation and rising interest rates present unique risks to the banking industry. Ludwig expects that higher interest rates will lead to more expensive borrowing for many businesses while also increasing their operating costs. This could ultimately result in “real credit risk problems that we haven’t seen for some time.”

While the banking industry is well capitalized and asset quality levels are still high, Ludwig says the combination of high inflation and rising interest rates will be a challenge for younger bankers who have never experienced an environment like this before.

Ludwig knows a lot about banking, but his journey after leaving the Comptroller of the Currency’s office has been an interesting one. After completing his five-year term as comptroller in 1998, Ludwig could have returned to his old law firm of Covington & Burling LLP and resumed his legal practice. Looking back on it, he says he was motivated by two things. One was to put “food on the table” for his family because he left the comptroller’s office “with negative net worth – [and] it was negative by a lot.”

His other motivation was to find ways of fixing people’s problems from a broader perspective than the law sometimes allows. “I love the practice of law,’’ he says. “It’s intellectually satisfying.” But from his perspective, the law is just one way to solve a problem. Ludwig says he was looking for a way to “solve problems more broadly and bring in lawyers when they’re needed.” This led to a prolonged burst of entrepreneurial activity in which Ludwig established several firms in the financial services space. His best known venture is probably the Promontory Financial Group, a regulatory consulting firm that he eventually sold to IBM.

Ludwig’s most recent initiative is the Ludwig Institute for Shared Economic Prosperity, which he started in 2019. Ludwig believes the American dream has vanished for many median- and low-income families, and the institute has developed a new metric which makes a more accurate assessment of how inflation is hurting those families than traditional measurements such as the Consumer Price Index — which he says drastically understates the impact.

Ludwig hopes the Institute’s work gives policymakers in Washington, D.C., a clearer sense of how desperate the situation is for millions of American families and leads to positive action.

This episode, and all past episodes of The Slant Podcast, are available on Bank DirectorSpotify and Apple Music.

Bank Compensation Survey Results: Findings Released

NASHVILLE, TENN., June 21, 2022 – Bank Director, the leading information resource for directors and officers of financial institutions nationwide, today released the results of its 2022 Compensation Survey, sponsored by Newcleus Compensation Advisors. The findings confirm that intensifying competition for talent is forcing banks to pay up for both new hires and existing employees.

The 2022 Compensation Survey finds that 78% of responding directors, human resources officers, CEOs and other senior executives of U.S. banks say that it was harder in 2021 to attract and keep talent compared to past years. In response to this increased pressure, 98% say their organization raised non-executive pay in 2021, and 85% increased executive compensation. Overall, compensation increased by a median 5%, according to participants.

“Banks are challenged to find specialized talent like commercial lenders and technology personnel, but they’re also struggling to hire branch staff and fill entry-level roles,” says Emily McCormick, Bank Director’s vice president of research. “In this quest for talent, community banks are competing with big banks like Bank of America Corp., which recently raised its minimum wage to $22 an hour. But community banks are also competing against other industries that have been raising pay. How can financial institutions stand out as employers of choice in their markets?”

Asked about specific challenges in attracting talent, respondents cite an insufficient number of qualified applicants (76%) and unwillingness among candidates to commute for at least some of their schedule (28%), in addition to rising wages. Three-quarters indicate that remote or hybrid work options are offered to at least some staff.

“It is obvious from the survey results that talent is the primary focus for community banks,” says Flynt Gallagher, president of Newcleus Compensation Advisors. “Recruiting and retaining talent has become a key focus for most community banks, surpassing other concerns that occupied the top spot in prior surveys — namely tying compensation to performance. It is paramount for community banks to step up their game when it comes to understanding what their employees value and improving their reputation and presence on social media. Otherwise, financial institutions will continue to struggle finding and keeping the people they need to succeed.”

Key Findings Also Include:

Banks Pay Up
Banks almost universally report increased pay for employees and executives. Of these, almost half believe that increased compensation expense has had an overall positive effect on their company’s profitability and performance. Forty-three percent say the impact has been neutral.

Commercial Bankers in Demand
Seventy-one percent expect to add commercial bankers in 2022. Over half of respondents say their bank did not adjust its incentive plan for commercial lenders in 2022, but 34% have adjusted it in anticipation of more demand.

Additional Talent Needs
Banks also plan to add technology talent (39%), risk and compliance personnel (29%) and branch staff (25%) in 2022. Respondents also indicate that commercial lenders, branch and entry-level staff, and technology professionals were the most difficult positions to fill in 2020-21.

Strengthening Reputations as Employers
Forty percent of respondents say their organization monitors its reputation on job-posting platforms such as Indeed or Glassdoor. Further, 59% say they promote their company and brand across social media to build a reputation as an employer of choice, while just 20% use Glassdoor, Indeed or similar platforms in this manner. Banks are more likely to let dollars build their reputation: Almost three-quarters have raised starting pay for entry-level roles.

Low Concerns About CEO Turnover
Sixty-one percent of respondents indicate that they’re not worried about their CEO leaving for a competing financial institution, while a third report low to moderate levels of concern. More than half say their CEO is under the age of 60. Respondents report a median total compensation spend for the CEO at just over $600,000.

Remote Work Persists
Three quarters of respondents say they continue to offer remote work options for at least some of their staff, and the same percentage also believe that remote work options help to retain employees. Thirty-eight percent of respondents believe that remote work hasn’t changed their company’s culture, while 31% each say it has had either a positive or negative impact.

The survey includes the views of 307 independent directors, CEOs, HROs and other senior executives of U.S. banks below $100 billion in assets. Compensation data for directors, non-executive chairs and CEOs was also collected from the proxy statements of 96 publicly traded banks. Full survey results are now available online at

About Bank Director
Bank Director reaches the leaders of the institutions that comprise America’s banking industry. Since 1991, Bank Director has provided board-level research, peer-insights and in-depth executive and board services. Built for banks, Bank Director extends into and beyond the boardroom by providing timely and relevant information through Bank Director magazine, board training services and the financial industry’s premier event, Acquire or Be Acquired. For more information, please visit

About Newcleus
Newcleus powers organizations as the leading designer and administrator of compensation, benefit, investment and finance strategies. The personalized product selections, carrier solutions and talent retention programs are curated to optimize benefits and improve ROI.

For more information, please contact Bank Director’s Director of Marketing, Deahna Welcher, at [email protected].