Managing Credit Risk Without Overburdening Resources

Increased labor costs and related challenges such as talent acquisition have affected all industries, including banks. Additionally, banks are facing potential deteriorating credit quality, growth challenges amid tightening credit standards and increased scrutiny from regulators and auditors.

Loan origination, portfolio management and credit quality reviews are key areas to successfully managing increasing credit risk. It’s critical that banks understand their risk appetite and credit risk profile prior to making any changes in these areas. You should also discuss any material changes you plan to implement with your regulatory agencies and board, to ensure these changes don’t create undue risks.

Lending
Originating new loans doesn’t have to be cumbersome and complex for both the bank and the client. The risk and rewards are a delicate balancing act. And not all loans require the same level of due diligence or documentation.

Banks might want to consider establishing minimum loan documentation requirements and underwriting parameters based on loan amounts. This can put them at a competitive advantage compared to financial institutions requiring more documentation that can increase the loan processing time.

Centralizing the loan origination process for less complex and smaller loan amounts can streamline the workflow, potentially helping with consistency and efficiency and allow less-experienced staff to process loans.

Automation may be useful if your bank has a high volume of loan origination requests. The board should consider conducting, or hiring a consultant to complete, a cost-benefit analysis that could consider automating various aspects of the underwriting process. You may find automation is not only cost effective but might reduce human errors and improve consistency in credit decisions.

Portfolio Management
Ongoing management of the loan portfolio also doesn’t have to be time consuming. Not all loans are created equal or create equal risk for the bank; ongoing management should correspond to the risk of the loan portfolio. Consider evaluating the frequency of the internal loan reviews based on various risk attributes, including risk ratings, loan amounts and other financial and non-financial factors.

Internal Credit Reviews
An annual internal credit review might be all that’s necessary for loans that have lower risk attributes, such as small-dollar loans, loans secured by readily liquid collateral and loans with strong risk ratings. Banks should instead conduct more-frequent internal reviews on larger loans, loans in higher-risk industries, highly leveraged loans, marginal performing loans and adversely risk rated loans.

When completing frequent reviews, focus on key ratios relevant to the borrower and monitor and identify financial trends. An internal review doesn’t necessarily require the same level of analysis as an annual review or effort performed at loan origination.

Payment performance or bulk risk rating could be an alternative for banks that have a high volume of small-dollar loans. These types of loans are low risk, monitored through frequent reporting that uses payment performance and require minimal oversight.

Finally, centralizing the portfolio management might be appropriate choice for a bank and can create efficiencies, consistencies in evaluation and reduce overhead expenses.

Credit Quality Reviews
From small borrowers to national corporate clients, there are many creative ways that banks can achieve loan coverage in credit quality reviews while retaining the ability to identify systemic risks.

Banks can accomplish this through a risk-based sampling methodology. Rather than selecting a single risk attribute or a random sample within the loan population, you may be able to get the same portfolio coverage and identify risks with the following selection process. Focus on selecting credits that have multiple risk attributes, such as:

  • Borrowers with large loan commitments, high line usage, unsecured or high loan-to-value, adversely risk rated and high-risk industries.
  • Select credits with a mix of newly originated and existing loans, new underwriters and relationship managers, various loan commitment sizes and property types and collateral.

Consider credits within the Pass range that may have marginal debt service coverage ratios — typically the most common multiple risk attributes for identifying risk rating discrepancies — or are highly leveraged, unsecured or lack guarantor support.

Targeted Review
More targeted reviews can offer banks additional portfolio coverage. These types of reviews require less time to complete, giving institutions the ability to also identify systemic trends. Below are some things to consider when selecting a targeted review.

  • Select a sample of loans with multiple risk attributes and confirm the risk ratings by reviewing the credit write-up for supporting evidence and analysis.
  • Complete a targeted review of issues identified in the previous risk-based sampling reviews.

Finally, for banks that have recently acquired a loan portfolio, review the two banks’ credit policies and procedures and determine where the are differences. Select loans that are outliers or don’t meet the acquirer’s loan risk appetite.

How Banks Can Speed Up Month-End Close

In accounting, time is of the essence.

Faster financial reporting means executives have more immediate insight into their business, allowing them to act quicker. Unfortunately for many businesses, an understaffed or overburdened back-office accounting team means the month-end close can drag on for days or weeks. Here are four effective strategies that help banks save time on month-end activities.

1. Staying Organized is the First Step to Making Sure Your Close Stays on Track
Think of your files as a library does. While you don’t necessarily need to have a Dewey Decimal System in place, try to keep some semblance of order. Group documentation and reconciliations in a way that makes sense for your team. It’s important every person who touches the close knows where to find any information they might need and puts it back in its place when they’re done.

Having a system of organization is also helpful for auditors. Digitizing your files can help enormously with staying organized: It’s much easier to search a cloud than physical documents, with the added benefit of needing less storage space.

2. Standardization is a Surefire Way to Close Faster
Some accounting teams don’t follow a close checklist every month; these situations make it more likely to accidentally miss a step. It’s much easier to finance and accounting teams to complete a close when they have a checklist with clearly defined steps, duties and the order in which they must be done.

Balance sheet reconciliations and any additional analysis also benefits from standardization. Allowing each member of the team to compile these files using their own specific processes can yield too much variety, leading to potential confusion down the line and the need to redo work. Implementing standard forms eliminates any guesswork in how your team should approach reconciliations and places accountability where it should be.

3. Keep Communication Clear and Timely
Timely and clear communication is essential when it comes to the smooth running of any process; the month-end close is no exception. With the back-and-forth nature between the reviewer and preparer, it’s paramount that teams can keep track of the status of each task. Notes can get lost if you’re still using binders and spreadsheets. Digitizing can alleviate some of this. It’s crucial that teams understand management’s expectations, and management needs to be aware of the team’s bandwidth. Open communication about any holdups allows the team to accomplish a more seamless month-end close.

4. Automate Areas That Can be Automated
The No. 1 way banks can save time during month-end by automating the areas that can be automated. Repetitive tasks should be done by a computer so high-value work, like analysis, can be done by employees. While the cost of such automation can be an initial barrier, research shows automation software pays for itself in a matter of months. Businesses that invest in technology to increase the efficiency of the month-end close create the conditions for a happier team that enjoys more challenging and fulfilling work.

Though month-end close with a lack of resources can be a daunting process, there are ways banks can to improve efficiency in the activities and keep everything on a shorter timeline. Think of this list of tips as a jumping off point for streamlining your institution’s close. Each business has unique needs; the best way to improve your close is by evaluating any weaknesses and creating a road map to fix them. Next time the close comes around, take note of any speed bumps. There are many different solutions out there: all it takes is a bit of research and a willingness to try something new.

Growth Milestone Comes With Crucial FDICIA Requirements

Mergers or strong internal growth can quickly send a small financial institution’s assets soaring past the $1 billion mark. But that milestone comes with additional requirements from the Federal Deposit Insurance Corp. that, if not tackled early, can become arduous and time-consuming.

When a bank reaches that benchmark, as measured at the start of its fiscal year, the FDIC requires an annual report that must include:

  • Audited comparative annual financial statements.
  • The independent public accountant’s report on the audited financial statements.
  • A management report that contains:
    • A statement of certain management responsibilities.
    • An assessment of the institution’s compliance with laws pertaining to insider loans and dividend restrictions during the year.
    • An assessment on the effectiveness of the institution’s internal control structure over financial reporting, as of the end of the fiscal year.
    • The independent public accountant’s attestation report concerning the effectiveness of the institution’s internal control structure over financial reporting.

Management Assessment of Internal Controls
Complying with Internal Controls over Financial Reporting (ICFR) requirements can be exhaustive, but a few early steps can help:

  • Identify key business processes around financial reporting/systems in scope.
  • Conduct business process walk-throughs of the key business processes.
  • For each in-scope business process/system, identify related IT general control (ITGC) elements.
  • Create a risk control matrix (RCM) with the key controls and identity gaps in controls.

To assess internal controls and procedures for financial reporting, start with control criteria as a baseline. The Committee of Sponsoring Organizations (COSO) of the Treadway Commission provides criteria with a fairly broad outline of internal control components that banks should evaluate at the entity level and activity or process level.

Implementation Phases, Schedule and Events
A FDICIA implementation approach generally includes a four-phase program designed with the understanding that a bank’s external auditors will be required to attest to and report on management’s internal control assessment.

Phase One: Business Risk Assessment and COSO Evaluation
Perform a high-level business risk assessment COSO evaluation of the bank. This evaluation is a top-down approach that allows the bank to effectively identify and address the five major components of COSO. This review includes describing policies and procedures in place, as well as identifying areas of weakness and actions needed to ensure that the bank’s policies and procedures are operating with effective controls.

Phase One action steps are:

  • Educate senior management and audit committee/board of directors on reporting requirements.
  • Establish a task force internally, evaluate resources and communicate.
  • Identify and delegate action steps, including timeline.
  • Identify criteria to be used (COSO).
  • Determine which processes and controls are significant.
  • Determine which locations or business units should be included.
  • Coordinate with external auditor when applicable.
  • Consider adoption of a technology tool to provide data collection, analysis and graphical reporting.

Phase Two: Documenting the Bank’s Control Environment
Once management approves the COSO evaluation and has identified the high-risk business lines and support functions of the bank, it should document the internal control environment and perform a detailed process review of high-risk areas. The primary goals of this phase are intended to identify and document which controls are significant, evaluate their design effectiveness and determine what enhancements, if any, they must make.

Phase Three: Testing and Reporting of the Control Environment
The bank’s internal auditor validates the key internal controls by performing an assessment of the operating effectiveness to determine if they are functioning as designed, intended and expected.  The internal auditor should help management determine which control deficiencies, if any, constitute a significant deficiency or material control weakness. Management and the internal auditor should consult with the external auditor to determine if they have performed any of the tests and if their testing can be leveraged for FDICIA reporting purposes.

Phase Four: Ongoing Monitoring
A primary component of an effective system of internal control is an ongoing monitoring process. The ongoing evaluation process of the system of internal controls will occasionally require modification as the business adjusts. Certain systems may require control enhancements to respond to new products or emerging risks. In other areas, the evaluation may point out redundant controls or other procedures that are no longer necessary. It’s useful to discuss the evaluation process and ongoing monitoring when making such improvement determinations.

What New Climate Disclosure Means for Banks

Climate risk assessment is still in its infancy, but recent pronouncements by federal regulators should have bank directors and executives considering its implications for their own organizations.   

Under a new rule proposed by the Securities and Exchange Commission, publicly traded companies would be required to report on certain climate-related risks in regular public filings. 

Though the SEC’s proposal only applies to publicly traded companies, some industry observers say it’s only a matter of time before more financial institutions are expected to grapple with climate-related risks. Not long after the SEC issued its proposal, the Federal Deposit Insurance Corp. issued its own draft principles for managing climate risk. While the principles focus on banks with over $100 billion of assets, Acting Chair Martin Gruenberg commented further that “all financial institutions, regardless of size, complexity, or business model, are subject to climate-related financial risks.” 

The practice of assessing climate risk has gained momentum in recent years, but many boards aren’t regularly talking about these issues. Just 16% of the directors and officers responding to Bank Director’s 2022 Risk Survey say their board discusses climate change annually.

To understand what this means for their own organizations, boards need to develop the baseline knowledge so directors can ask management smarter questions. They should also establish organizational ownership of the issue and think about the incremental steps they might take in response to those risk assessments. 

“Climate risk is like every other risk,” says Ivan Frishberg, chief sustainability officer at $7 billion Amalgamated Financial Corp. in New York. “It needs the same systems for managing it inside a bank that any other kind of risk does. It’s going to require data, it’s going to require risk assessments, it’s going to require strategy. All of those things are very traditional frameworks.” 

The SEC’s proposed rule intends to address a major challenge with sizing up climate risk: the lack of uniform disclosures of companies’ greenhouse gas emissions and environmental efforts. The agency also wants to know how banks and other firms are incorporating climate risks into their risk management and overall business strategies. That includes both physical risk, or the risk of financial losses from serious weather events, and transition risk, arising from the shift to a low-carbon economy.  

Bank Director’s Risk Survey finds that many boards need to start by getting up to speed on the issue. Though 60% of survey respondents say that their board and senior leadership have a good understanding of physical risks, just 43% say the same about transition risk. Directors should also get a basic grasp of what’s meant by Scope 1, Scope 2 and Scope 3 emissions to better gauge the impact on their own institutions.  

Understanding Carbon Emissions

Scope 1: Emissions from sources directly owned or controlled by the bank, such as company vehicles.

Scope 2: Indirect emissions associated with the energy a bank buys, such as electricity for its facilities. 

Scope 3: Indirect emissions resulting from purchased goods and services (business travel, for example) and other business activities, such as lending and investments.

 

The SEC’s proposal would not require scenario analysis. However, directors and executives should understand how their loan portfolios could be affected under a variety of scenarios. 

Talking with other banks engaged in similar efforts could help institutions benchmark their progress, says Steven Rothstein, managing director of the Ceres Accelerator for Sustainable Capital Markets, a nonprofit that works with financial institutions on corporate sustainability. Boards could also look to trade associations and recent comments by federal regulators. In a November 2021 speech, Acting Comptroller of the Currency Michael Hsu outlined five basic questions that bank boards should ask about climate risk. The Risk Management Association recently established a climate risk consortium for regional banks. 

Assessing climate risk involves pulling together large amounts of data from across the entire organization. Banks that undertake an assessment of their climate-related risks should appoint somebody to coordinate that project and keep the board apprised.  

Banks might also benefit from conducting a peer review, looking at competing institutions as well as banks with similar investor profiles, says Lorene Boudreau, co-leader of the environment, social and governance  working group at Ballard Spahr. “What are the other components of your investors’ profile? And what are they doing? Use that information to figure out where there’s a [gap], perhaps, between what they’re doing and what your company is doing,” she says.

Finally, boards should think about the shorter term, incremental goals their bank could set as a result of a climate risk assessment. That could look like smaller, sector-specific goals for reducing financed emissions or finding opportunities to finance projects that address climate-related challenges, such as storm hardening or energy efficiency upgrades. 

A number of big banks have made splashy pledges to reduce their greenhouse gas emissions to net zero by 2050, but fewer have gotten specific about their goals for 2030 or 2040, Boudreau says. “It doesn’t have a lot of credibility without those interim steps.” 

While many smaller financial institutions will likely escape regulatory requirements for the near term, they can still benefit from adopting some basic best practices so they aren’t caught off guard in a worst-case scenario. 

“Climate risk is financial risk,” says Rothstein. “If you’re a bank director thinking about the safety and soundness of a bank, part of your job has to be to look at climate risk. Just as if someone said, ‘Is the bank looking at cyber risk? Or pandemic risk or crypto risk?’ All of those are risks that directors, through their management team, have to be aware of.” 

3 Steps to Planning for Climate Risk

Last year, President Joe Biden’s Executive Order on Climate-Related Financial Risk and the resulting report from the Financial Stability Oversight Council identified climate change as an emerging and increasing threat to U.S. financial stability.

A number of financial regulatory and agency heads have also spoken about climate risk and bank vulnerability.

Now the question is: What should banks be doing about it now? Here are three steps you can take to get started:

1. Conduct a Risk Assessment
Assessing a financial institution’s exposure to climate risk poses an interesting set of challenges. There is the short-term assessment for both internal operations and business exposures: what is happening today, next month or next year. Then there are long-term projections, for which modeling is still being developed.

So where to begin?
Analyzing the potential impacts of physical risk and transition risk begins with the basic question, “What if?” What if extreme weather events continue, how does that impact or alter your operational and investment risks? What if carbon neutral climate regulations take hold and emissions rapidly fall? Widen your scope from credit risk to include market, liquidity and reputational risk, which is taking on new meaning. Bank executives may make reasonable decisions to stabilize their balance sheet, but those decisions could backfire when banks are seen as not supporting their customers in their transition.

Regional and smaller financial institutions will need more granular data to assess the risk in their portfolios, and they may need to assemble local experts who are more familiar with climate change’s impact on local companies.

2. Level Up the Board of Directors
Climate change has long been treated as part of corporate social responsibility rather than a financial risk, but creating a climate risk plan without executive support or effective oversight is a fool’s errand. It’s time to bring it into the boardroom.

Banks should conduct a board-effectiveness review to identify any knowledge gaps that need to be filled. How those gaps are filled depends on each organization, but climate change expertise is needed at some level — whether that be a board member, a member of the C-suite or an external advisor.

The next step is incorporating climate change into the board’s agenda. This may already be in place at larger institutions or ones located in traditionally vulnerable areas. However, recent events have made it clear that climate risk touches everything the financial sector does. Integrating climate risk into board discussions may look different for each financial institution, but it needs to start happening soon.

3. Develop a Climate-Aware Strategy
Once banks approach climate risk as a financial risk instead of simply social responsibility, it’s time to position themselves for the future. Financial institutions are in a unique position when formulating a climate risk management strategy. Not only are they managing their own exposure — they hold a leadership role in the response to carbon neutral policies and regulation.

It can be challenging, but necessary, to develop a data strategy with a holistic view across an organization and portfolio to reveal where the biggest risks and opportunities lie.

Keeping capital flowing toward clients in emission industries or vulnerable areas may seem like a high risk. But disinvestment may be more detrimental for those companies truly engaged in decarbonization activities or transition practices, such as power generation, real estate, manufacturing, automotive and agriculture. These exposures may be offset by financing green initiatives, which have the potential to mitigate transition risk across a portfolio, increase profit and, better yet, stabilize balance sheets as the economy evolves into a carbon neutral world.

An Audit Expert Explains What’s Changed

An audit committee seat can one of the biggest challenges — and one of the greatest responsibilities — for a bank director, even without a global pandemic and economic recession. The audit committee sets the tone at the top for the bank. How does its role change in a pandemic? It’s an increasingly important responsibility, says Jon Tomberlin, managing partner in Dixon Hughes Goodman LLP’s financial services practice, participating in a panel discussion focusing on audit matters at Bank Director’s BankBEYOND 2020 experience. “There’s a lot of risk and difficulty in being on the audit committee,” he says. “They are one of the most important elements of the bank.” The audit committee creates and maintains an conditions and expectations that support the integrity of the bank’s financial controls — an environment that may have altered or become strained under the pandemic’s forceful impact or the severe economic fallout. Tomberlin says he sees many roles for audit committee in this turbulent environment, overseeing and challenging the appropriateness of internal controls and management’s risk assessment. Joining Tomberlin in this conversation with Bank Director’s Editor-At-Large Jack Milligan were Michael Ososki, a partner at BKD LLP, and Mandi Simpson, a partner at Crowe LLP. You can access all of the BankBEYOND 2020 sessions by registering here.

Balance Sheet Opportunities Create Path to Outperformance

How important is net interest margin (NIM) to your institution?

In 2019, banks nationally were 87% dependent on net interest income. With the lion’s share of earnings coming from NIM, implementing a disciplined approach around margin management will mean the difference between underperforming institutions and outperforming ones. (To see how your institution ranks versus national and in-state peers, click here.)

Anticipating the next steps a bank should take to protect or improve its profitability will become increasingly difficult as they manage balance sheet risks and margin pressure. Cash positions are growing with record deposit inflows, pricing on meager loan demand is ultra-competitive and many institutions are experiencing accelerated cash flows from investment portfolios.

It is also important to remember that stress testing the balance sheet is no longer an academic exercise. Beyond the risk management, stressing the durability of capital and resiliency of liquidity can give your institution the confidence necessary to execute on strategies to improve performance and to stay ahead of peers. It is of heightened importance to maintain focus on the four major balance sheet position discussed below.

Capital Assessment, Position
Capital serves as the cornerstone for all balance sheets, supporting growth, absorbing losses and providing resources to seize opportunities. Most importantly, capital serves as a last line of defense, protecting against risk of the known and the unknown.

The rapid changes occurring within the economy are not wholly cyclical in nature; rather, structural shifts will develop as consumer behavior evolves and business operations adjust to the ‘next normal.’ Knowing the breaking points for your capital base — in terms of growth, credit deterioration and a combination of these factors — will serve your institution well.

Liquidity Assessment, Position
Asset quality deterioration leads to capital erosion, which leads to liquidity evaporation. With institutions reporting record deposit growth and swelling cash balances, understanding how access to a variety of funding sources can change, given asset quality deterioration or capital pressure, is critical to evaluating the adequacy of your comprehensive liquidity position.

Interest Rate Risk Assessment, Position
In today’s ultra-low rate environment, pressure on earning asset yields is compounded by funding costs already nearing historically low levels. Excess cash is expensive; significant asset sensitivity represents an opportunity cost as the central bank forecasts a low-rate environment for the foreseeable future. Focus on adjusting your asset mix — not only to improve your earnings today, but to sustain it with higher, stable-earning asset yields over time.

Additionally, revisit critical model assumptions to ensure that your assumptions are reflective of actual pricing behaviors, including new volume rate floors and deposit betas, as they may be too high for certain categories.

Investment Assessment, Position
Strategies for investment portfolios including cash can make a meaningful contribution to your institution’s overall interest income. Some key considerations to help guide the investment process in today’s challenging environment include:

  • Cost of carrying excess cash has increased: Most institutions are now earning 0.1% or less on their overnight funds, but there are alternatives to increasing income on short-term liquidity.
  • Consider pre-investing: Many institutions have been very busy with Paycheck Protection Program loans, and we anticipate this will have a short-term impact on liquidity and resources. Currently, spreads are still attractive in select sectors of the market.

Taylor Advisors’ Take:
Moving into 2021, liquidity and capital are taking center stage in most community banks’ asset-liability committee discussions. Moving away from regulatory appeasement and towards proactive planning and decision-making are of paramount importance. This can start with upgrading your bank’s tools and policies, improving your ability to interpret and communicate the results and implementing actionable strategies.

Truly understanding your balance sheet positions is critical before implementing balance sheet management strategies. You must know where you are to know where you want to go. Start by studying your latest quarterly data. Dissect your NIM and understand why your earning asset yields are above or below peer. Balance sheet management is about driving unique strategies and tailored risk management practices to outperform; anything less will lead to sub-optimal results.

Steering a De Novo Through a Crisis and Beyond

New York-based Piermont Bank opened its doors in July 2019. Just eight months later — on March 1 — a New York woman returning home from Iran became the city’s first Covid-19 case. By March 20, with cases in the state rapidly climbing, Gov. Andrew Cuomo mandated that non-essential businesses close. One hundred days after reporting its first case, New York began reopening — but as of Nov. 19, restrictions remained in place, and New York City public schools recently returned to virtual learning to combat a resurgence of Covid-19 cases.

What a time to run a bank — especially a new one.

It sounds counterintuitive at first blush, but Wendy Cai-Lee, the bank’s founder and chief executive, believes Piermont is well positioned to serve customers. The $117 million bank focuses heavily on commercial real estate loans; it also makes commercial and industrial (C&I) loans.

She points out that as a de novo, the bank’s balance sheet is clean; her team didn’t have to devote attention to working with troubled borrowers. Piermont also has a lot of capital on hand, with a leverage ratio of 32.82% as of June 30.

But Cai-Lee recognizes the broader, longer-term impact the pandemic could have on the New York market. “We have seen appraisal values essentially drop anywhere between 10% to 35%,” she says. Her team has a risk assessment meeting every Monday; when we spoke in October, they were evaluating the potential fallout from the end of unemployment benefits through the CARES Act, set to expire at the end of the year. “That’s going to impact people’s ability to pay their rent, and I do think that’s going to bring some impact to multi-family that we haven’t seen so far,” she says.

Serving customers during the pandemic had some banks scrambling to adopt new technology to serve customers; in contrast, Piermont was already positioning itself as a “tech-enabled” bank. “When it comes to innovation, I’m a big believer that it’s not only technology that we need to focus on, but also process,” says Cai-Lee. She aims to create an end-to-end digitized process without sacrificing on risk controls.

“I use technology to digitize everything that the client doesn’t see so that I can move all those resources to allow my bankers to spend the time with the client to find specific pain points” and identify the right solution, she explains. “This allows my bankers to engage the client very differently.” Piermont can close commercial loans in three days, she says, rather than a couple of weeks. And innovation isn’t limited to technology; Piermont offers subscription pricing for its services, for example, and recently announced a banking-as-a-service platform it’s offering through a partnership with Treasury Prime.

I spoke with Cai-Lee before that announcement. “We’re actually not going to be that anonymous bank behind these fintechs,” she says. “We’re actually going to market front and center along with the API partner so that we can actually focus on creating the right product for them.”

Piermont Bank also seeks to serve women- and minority-owned businesses, which have been particularly devastated by the pandemic and have historically lacked access to credit and investor capital. A lot of banks say they want to serve women and minority entrepreneurs, yet these groups remain underserved. When I ask how Cai-Lee’s plans differ from other institutions’ efforts, she credits Piermont’s diverse team.

Cai-Lee is Asian American; before founding Piermont, she led the commercial real estate, commercial lending, and consumer and business banking divisions at $50 billion, Pasadena, California-based East West Bancorp, which serves markets in the U.S. and China. Before that, she spent almost a decade at Deloitte, where she was literally the poster child for diversity. “They had a [life-size] cutout of me made and had it in the lobby of every Deloitte domestic office,” she recalls.

When she founded Piermont Bank, she prioritized adding a diverse array of voices and backgrounds when she assembled her team. She believes it’s a strength for the bank. “The reason why [women and minorities are] underserved is — no different from serving any industry or any demographic out there — unless you understand their pain points, it’s hard to come up with the right product and service to serve them,” says Cai-Lee. “If you don’t have enough representation of women, of minorities on your board and senior management [team], how do you foster an environment where [you can] address that demographic?”

How Subchapter S Issues Could Snag a Sale


acquisitions-5-2-19.pngNearly 2,000 banks in the U.S. have elected Subchapter S tax treatment as a way of enhancing shareholder value since 1997, the first year they were permitted to make the election. Consequently, many banks have more than 20 years of operating history as an S corporation.

However, this history is presenting increasingly frequent challenges during acquisition due diligence. Acquirers of S corporations are placing greater emphasis on due diligence to ensure that the target made a valid initial Subchapter S election and continuously maintained eligibility since the election. Common issues arising during due diligence typically fall into two categories:

  • Failure to maintain stock transfer and shareholder records with sufficient specificity to demonstrate continuous eligibility as an S corporation.
  • Failure by certain trust shareholders to timely make required Qualified Subchapter S Trust (QSST) or Electing Small Business Trust (ESBT) elections.

A target’s inability to affirmatively demonstrate its initial or continuing eligibility as an S corporation creates a risk for the acquirer. The target’s S election could be disregarded after the deal closes, subjecting the acquirer to corporate-level tax liability with respect to the target for all prior periods that are within the statute of limitations. This risk assessment may impact the purchase price or the willingness of the buyer to proceed with the transaction. In addition, the target could become exposed to corporate tax liability, depending on the extent of the compliance issues revealed during due diligence, unless remediated.

Accordingly, it is important for S corporation banks to ensure that their elections are continuously maintained and that they retain appropriate documentation to demonstrate compliance. An S corporation bank should retain all records associated with the initial election, including all shareholder consents and IRS election forms. S corporation banks should also maintain detailed stock transfer records to enable the substantiation of continuous shareholder eligibility.

Prior to registering a stock transfer to a trust, S corporation banks should request and retain copies of all governing trust instruments, as well as any required IRS elections.

It is also advisable to have the bank’s legal counsel review these trust instruments to confirm eligibility status and any required elections. Banks that are relying on the family aggregation rules to stay below the 100 shareholder limitation should also keep records supporting the family aggregation analysis.

While S corporation banks have realized significant economic benefits through the elimination of double taxation of corporate earnings, maintaining strong recordkeeping practices is a critical element in protecting and maximizing franchise value, especially during an acquisition. Any S corporation bank that is contemplating selling in the foreseeable future should consider conducting a preemptive review of its Subchapter S compliance and take any steps necessary to remediate adverse findings or secure missing documentation prior to exploring a sale.

One Tool To Get a Better Grasp on Cybersecurity Risk Oversight


cybersecurity-11-26-18.pngAs new types of risk – and new regulatory requirements – are introduced, bank directors play an instrumental role in making sure the executive team is properly addressing cybersecurity risks.

This can be an especially challenging responsibility as it is rare for board members to have the technical background or expertise to appropriately assess an entity’s cybersecurity risk management program without external resources. In many instances, directors find themselves in the uncomfortable position of relying primarily on management reports or the advice of third-party providers to meet their oversight responsibilities.

Annual scorecards from management and vulnerability assessments from third-party providers have value, but can make it difficult to compare and assess risk management programs with confidence.

To address this challenge, boards can consult new guides that offer ways to explore and dig into potential cyber risk management issues and other technical matters.

The Center for Audit Quality (CAQ), recently released a new publication, “Cybersecurity Risk Management Oversight: A Tool for Board Members.” The tool, like other emerging frameworks, is designed to help board members probe more deeply, challenge management assertions from a position of knowledge and understanding, and make more informed use of independent auditors.

Asking the right questions
In addition to offering board members a high-level overview of cybersecurity risk management issues and board responsibilities, the tool offers a series of probing questions board members can use as they engage in discussions about cybersecurity risks and disclosures with management and with independent financial auditors.

The questions are organized into four groups:

  1. Understanding how the financial statement auditor considers cybersecurity risk. These questions help board members understand the auditor’s approach to cybersecurity-related risks, and how such risks get addressed in the audit process.
  2. Understanding the role of management and responsibilities of the financial statement auditor related to cybersecurity disclosures. These questions help board members explore compliance with current SEC guidance, as well as other regulatory and disclosure requirements.
  3. Understanding management’s approach to cybersecurity risk management. These questions look beyond financial reporting and compliance, and begin to probe broader cybersecurity-related issues, including the governing framework, policies, processes, and controls the bank has in place to manage and mitigate cybersecurity risk.
  4. Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management. These questions help board members learn about additional offerings CPA firms can provide to assist them, and what factors to consider when engaging outside auditors to perform readiness assessments and examinations.

Starting the conversation
The CAQ says the cybersecurity oversight tool is not intended to be a comprehensive, all-inclusive list of questions for board members to ask. It also cautions against using the questions as a checklist for board members to use.

Rather, board members should look at the questions as conversation starters, examples of the types of issues they should raise with management and financial statement auditors. The purpose of the questions is to spark a dialogue to clarify responsibilities and generate a conversation and help board members develop a better understanding of how the company is managing its cybersecurity risks.

Expanding CPAs’ capabilities
As noted, one group of questions is designed to help board members learn more about other cybersecurity assurance services offered by CPA firms. One example of such services is the new System and Organization Controls (SOC) for Cybersecurity examination developed by the AICPA.

The information within the report provides management, directors or clients a description of the organization’s cybersecurity risk management program and an independent opinion on the effectiveness of the controls in place.

As concerns over cybersecurity risks in banking continue to intensify, directors will find it increasingly necessary to be capable of effectively challenging executive management and financial auditors. This tool is one guide alongside other evolving frameworks and services, that can help boards fulfill their responsibilities while also adding significant value to the bank and its shareholders.