ESG Disclosure on the Horizon for Financial Institutions

Over the last several years, investors, regulators and other stakeholders have sought an increase of environmental, social and governance (ESG) disclosures by public companies.

The U.S. Securities and Exchange Commission (SEC) has taken a cautious approach to developing uniform ESG disclosure requirements, but made a series of public statements and took preliminary steps this year indicating that it may soon enhance its climate-related disclosure requirements for all public companies, including financial institutions. To that end, the SEC’s spring 2021 agenda included four ESG-related rulemakings in the proposed rule stage, noting October 2021 for a climate-related disclosure proposed rule. The SEC is also sifting through an array of comments on its March 15 solicitation of input on how the Commission should fashion new climate disclosure requirements.

Recent speeches by Chair Gary Gensler and Commissioners Allison Herren Lee and Elad Roisman highlight some of the key elements of disclosure likely under consideration by the staff, as well as their personal priorities in this area. Commissioner Lee has asserted that the SEC has full rulemaking authority to require any disclosures in the public interest and for the protection of investors. She noted that an issue also having a social or political concern or component does not foreclose its materiality. Commissioner Lee has also commented on the disclosure of gender and diversity data and on boards’ roles in considering ESG matters.

Commissioner Roisman has noted that standardized ESG disclosures are very difficult to craft and that some ESG data is inherently imprecise, relies on continually evolving assumptions and can be calculated in multiple different ways. Commissioner Roisman has advocated for the SEC to tailor disclosure requirements, and phase in and extend the implementation period for ESG disclosures. Meanwhile, Chair Gensler has also asked the SEC staff to look at potential requirements for registrants that have made forward-looking climate commitments, the factors that should underlie the claims of funds marketing themselves as “sustainable, green, or ‘ESG’” and fund-naming conventions, and enhancements to transparency to improve diversity and inclusion practices within the asset management industry.

Significance for Financial Institutions
In the financial services industry, the risks associated with climate change encompass more than merely operational risk. They can include physical risk, transition risk, enterprise risk, regulatory risk, internal control risk and valuation risk. Financial institutions will need to consider how their climate risk disclosures harmonize with their enterprise risk management, internal controls and valuation methodologies. Further, they will need to have internal controls around the gathering of such valuation inputs, data and assumptions. Financial institutions therefore should consider how changes to the ESG disclosure requirements affect, and are consistent with, other aspects of their overall corporate governance.

Likewise, financial institutions should also consider how human capital disclosures align with enterprise risk management. Registrants will not only need to ensure that the collection of quantitative diversity data results in accurate disclosure, but also how diversity disclosures might affect reputational risk and whether any corporate governance changes may be needed to mitigate those concerns.

We recommend that financial institutions consider the following:

  • Expect to include a risk factor addressing climate change risks, and for the robustness and scope of that risk factor to increase.
  • Consider disclosing how to achieve goals set by public pledges, as well as whether the mechanisms to measure progress against such goals are in place.
  • Expect ESG disclosure requirements to become more prescriptive and for quantitative ESG disclosures to become more sophisticated. Prepare to identify the appropriate sources of information in a manner subject to customary internal controls.
  • Establish a strong corporate governance framework to evaluate ESG risks throughout your organization, including how your board will engage with such risks.
  • Incorporate ESG disclosures into disclosure controls and procedures.
  • Consider whether and how to align executive compensation with relevant ESG metrics and other strategic goals.

An M&A Checklist for BOLI, Compensation Programs

As bank M&A activity continues to pick up, it is crucial that buyers and sellers understand the implications of any transaction on bank-owned life insurance portfolios, as well as any associated nonqualified deferred compensation (NQDC) programs, to mitigate potential negative tax consequences.

Identify and Review Target Bank’s BOLI Holdings
The first step is for buyers to identify the total cash surrender value of sellers’ BOLI portfolio and its percentage of regulatory capital. The buyer should identify the types of products held and the amount held in each of the three common BOLI product types:

  • General account
  • Hybrid separate account
  • Separate account (registered or private placement)

In addition to evaluating historical and current policy performance, the buyer should also obtain and evaluate carrier financial and credit rating information for all products, as well as underlying investment fund information for any separate account products.

Accounting and Tax Considerations
From an accounting standpoint, the buyer should ensure that the BOLI has been both properly accounted for in accordance with GAAP (ASC 325-30) and reported in the call reports, with related disclosures of product types and risk weighting. Further, if the policies are associated with a post-retirement split-dollar or survivor income plan, the buyer should ensure that the liabilities have been properly accrued for.

The structure of the transaction as a stock sale or asset sale is critical when assessing the tax implications. In general, with a stock sale, there is no taxable transaction with regard to BOLI — assets and liabilities “carry over” to the buyer. With an asset sale (or a stock sale with election to treat as asset sale), the seller will recognize the accumulated gain in the policies and the buyer will assume the policies with a stepped-up basis.

Regardless of the type of transaction, the buyer needs to evaluate and address the Transfer for Value (TFV) and Reportable Policy Sale (RPS) issues. Policies deemed “transferred for value” or a “reportable policy sale” will result in taxable death benefits. Prior to the Tax Cuts and Jobs Act, the transfer for value analysis was fairly simple: In a stock transaction, the “carryover basis” exception applies to all policies, whether or not the insured individual remained actively employed. In an asset sale, policies on insureds who will be officers or shareholders of the acquiring bank will meet an exception.

The Jobs Act enacted the notion of “reportable policy sales,” which complicated the tax analysis, especially for stock-based transactions now requiring much more detailed analysis of the type of transaction and entity types (C Corp vs S Corp). It is important to note that the RPS rules are in addition to the TFV rule.

Review Risk Management of BOLI
The Interagency Statement on the Purchase and Risk Management of BOLI (OCC 2004-56) establishes requirements for banks to properly document both their pre-purchase due diligence, as well as an annual review of their BOLI programs. The buyer will want to ensure this documentation is in good order. Significant risk considerations include carrier credit quality, policy performance, employment status of insureds, 1035 exchange restrictions or fees and the tax impact of any policy surrenders. Banks should pay particular attention to ensuring that policies are performing efficiently as well as the availability of opportunities to improve policy performance.

Identify and Review NQDC plans
Nonqualified deferred compensation plans can take several forms, including:

  • Voluntary deferred compensation programs
  • Defined benefit plans
  • Defined contributions plans
  • Director deferral or retirement plans
  • Split dollar
  • Other

All plans should be formally documented via plan documents and agreements. Buyers should ascertain that the plans comply with the requirements of Internal Revenue Code Section 409A and that the appropriate “top hat” filings have been made with the U.S. Department of Labor.

General Accounting and Tax Considerations
Liabilities associated with NQDC programs should be accounted for properly on the balance sheet. In evaluating the liabilities, banks should give consideration to the accounting method and the discount rates.

Reviewing historical payroll tax reporting related to the NQDC plans is critical to ensuring there are no hidden liabilities in the plan. Remediating improperly reported payroll taxes for NQDC plans can be both time consuming and expensive. Seek to resolve any reporting issues prior to the deal closure.

Change in Control Accounting and Tax Considerations
More often than not, NQDC plans provide for benefit acceleration in the event of a change in control (CIC), including benefit vesting and/or payments CIC. The trigger may be the CIC itself or a secondary “trigger,” such as termination of employment within a certain time period following a CIC. It is imperative that the buyer understand the financial statement impact of the CIC provisions within the programs.

In addition to the financial statement impact, C corps must also contend with what can be complicated taxation issues under Internal Revenue Code Section 280G, as well as any plan provisions addressing the tax issues of Section 280G. S corps are not subject to the provisions of Section 280G. For additional insight into the impacts of mergers on NQDC programs, see How Mergers Can Impact Deferred Compensation Plans Part I and How Mergers Can Impact Deferred Compensation Plans Part II. 

Insurance services provided through NFP Executive Benefits, LLC. (NFP EB), a subsidiary of NFP Corp. (NFP). Doing business in California as NFP Executive Benefits & Insurance Agency, LLC. (License #OH86767). Securities offered through Kestra Investment Services, LLC, member FINRA/SIPC. Kestra Investment Services, LLC is not affiliated with NFP or NFP EB.
Investor Disclosures: https://bit.ly/KF-Disclosures

Why a Solid Risk Management Framework Helps Manage Change

Who owns risk management at your bank?

If your bank limits that function to the teams that report to the chief risk officer, it’s fumbling on two fronts: It’s failing to drive accountability across every corner of the enterprise, and it’s conceding its edge in a marketplace that’s never been more competitive.

Recognizing that every employee owns a piece of this responsibility make risk management an equal offensive and defensive pose for your organization. This empowers your employees to move nimbly, strategically and decisively when the bank encounters change, whether it’s an external regulatory pressure or an internal opportunity to launch a new product or service. In either case, your team navigates through change by building on best operational practices, which, in the end, work to your advantage.

Getting the bank into that position doesn’t happen overnight; the vision starts with the actions of your senior leaders. They set the tone and establish expectations, but everyone plays a hands-on role. When management prioritizes an environment where people can work collaboratively and have transparency into related roles, they foster consistency across your change management process that minimizes risk.

The need for a risk-aware culture aligns precisely with the signals coming out of Washington, D.C., that the stakes are getting higher. The Consumer Financial Protection Bureau hinted early at increased regulatory scrutiny, advising that it would tighten the regulatory standards it had relaxed to allow banks to quickly respond to customers’ financial hardship in 2020.

In response to the competitive and regulatory environment, your bank’s risk management framework should incorporate four key elements:

  • Start with setting the ground rules for how the bank will govern its risk. Define its risk strategy, the role the board and management will play and the committees that compose that governance structure — and don’t forget to detail their decision-making authority, approval and escalation process across those bodies. This upfront work also should introduce robust systems for ongoing monitoring and risk reporting, establish standard parameters on how the bank identifies issues and create a basic roadmap to remediate issues when they come along.
  • Operating Model. Distinguish the roles and responsibilities for every associate, with a key focus on how they manage risk generated by the core activities in that business. By taking the time to ensure all individuals, in every line of defense, understand their expected contributions, your bank will be ahead of the game because your people can act quicker and efficiently when a change needs to happen.
  • Standard Framework, Definitions and Taxonomies. In basic terms, everyone across the enterprise needs to speak the same language and assign risk ratings the same way. Calibrating these elements at the onset builds confidence that your bank gives thoughtful attention to categorize risks into the right buckets. Standardization should include assessment scales and definitions of different risks and risk events, leading to easier risk aggregation and risk reporting that enables a holistic view of risk across the enterprise.
  • Risk Appetite. Nothing is more important than establishing how much risk your organization is willing to take on in its daily business. Missing the mark can impact your customers, bottom line and reputation. Optimally, bank leaders will reestablish this risk appetite annually, but black swan events such as the pandemic should prompt more timely reviews.

Too often, banks reinvent the wheel every time a change or demand comes along. As the industry eyes increasing regulatory pressure in the year ahead, driving and promoting a robust risk management culture is no longer a “nice to have” within your organization; it’s a “need to have.”

When you reset the role and ownership of risk management as a strategic pillar in your bank’s future growth and direction you minimize your bank’s risk and actually propel your company forward.

Banks looking to check out best practices and a strategic framework for creating their enterprise risk framework should check out my latest whitepaper, Turning a Solid Risk Framework Into a Competitive Advantage.

The Three C’s of Indirect Swaps

Twenty years ago, there were 8,000+ banks; today there are less than 5,000, but competition hasn’t slowed.

Not only are banks competing with other banks for loans, they are also competing for investor dollars. There’s pressure to grow and to do so profitably. It is more important than ever that banks compete for, and win, loans.

Competing for the most profitable relationships requires banks to meet borrower demand for long-term, fixed-rate debt. But that structure and term invites interest rate risk. What can banks do? What are their competitors doing?

Banks commonly use derivatives to meet customer demand for fixed-rate loans, but opt for different approaches. The majority of banks choose a traditional solution of offering swaps directly to borrowers; however, some community banks choose to work with correspondent banks that offer indirect swaps to their borrowers.

With indirect swaps, the correspondent bank enters an interest rate swap with the borrower — sometimes called a rate protection agreement. The borrower is party to a derivative transaction with the correspondent bank; the community bank is not a direct party to the swap.

Indirect swaps are presented as a simple solution for meeting customer demand for long-term fixed-rates, but community bankers should consider the three C’s of indirect swaps before using this type of product: credit, cost and customer.

Credit
A swap is a credit instrument that can be an asset or liability to the borrower, which means the correspondent bank requires security. The correspondent bank accomplishes this by requiring a senior position in the loan credit. In a borrower default, the correspondent bank has the first lien on the loan collateral.

In practice, the community bank makes the correspondent bank whole for the borrower’s swap liability. This means the community bank has an unrecognized contingent liability for each indirect swap.

Additionally, due to the credit nature of swaps, the correspondent bank must agree to the amount of proceeds, or the loan-to-value at which the bank lends. This has real-world implications for banks as they compete for loans.

Cost
While there are no out-of-pocket costs associated with putting the borrower into a swap with a correspondent bank, there are costs embedded in the swap rate that drives up the cost for the borrower and could potentially make the bank uncompetitive. These costs are often opaque — and can be significant.

Customer
A colleague of mine refers to indirect swaps as “swaps on a blind date.” It’s a funny but apt way of putting it. The borrower enters into a derivative with a correspondent bank that they have no relationship. And the borrower is accepting unsecured exposure as well: if the correspondent bank defaults and owes the borrower on the swap, they have no recourse except as an unsecured creditor.

A common theme of the three C’s is control. With indirect swaps, the community bank cedes control of the credit, they cede control of the cost of the swap and they cede control of the relationship with their customer. That’s why the majority of banks choose to offer swaps directly to their customers. Doing so allows them to manage the credit, including loan proceeds, and doesn’t subordinate the bank’s credit to a third party in the case of a workout. It allows the bank to own the pricing decision and control the cost of the swap to the borrower, making the bank’s loan pricing more competitive. It allows the bank to keep all aspects of the customer relationship within the institution.

Offering swaps to borrowers also opens the door for banks to use swaps as a balance sheet risk management tool. In this context, derivatives are an additional tool for the bank to manage interest rate risk holistically.

But what about the complexity of derivatives? How does an executive with little or no experience in derivatives educate the board and equip his/her team? How will swaps be managed? The majority of banks choose to partner with an independent third party to do the heavy lifting of educating, equipping, and managing a customer swaps program. A good partner will serve as an advisor and advocate, ensuring that the bank is fully compliant and utilizing best practices.

Indirect swaps may be simple — but a traditional solution of offering swaps directly to borrowers is a better way to meet customer demand for long-term fixed-rate loans.

Developing a Digital-First Approach to Risk Management

The world has leaned further and further into the digital realm, largely thanks to a younger, more tech-dependent generation.

The Covid-19 pandemic accelerated a years-long push toward online and mobile banking use. Does your institution have a true digital banking strategy to deliver simple and secure digital banking services to your customers? As the primary channel through which customers conduct nearly all their banking activities, digital is your bank now.

But as more consumers turn to digital channels, cybercriminals are following suit — as demonstrated by increasing incidents of fraud and unauthorized account access. To mitigate cybersecurity threats and protect your customers, your bank’s risk management strategy now requires a digital-first approach.

Risk Management in Digital Banking
Even though customers demand digital transformation, delivering frictionless experiences comes with certain inherent challenges and risks. Once you identify these hurdles, you can mitigate them so that your institution can move forward.

The most pressing digital banking risk management issues fall into two categories: overcoming organizational challenges and mitigating regulatory risks. Each of them has several considerations and variables your institution should consider.

Overcoming Organizational Challenges

Outdated corporate culture: Entrenched processes and perspectives can stall your digital transformation. Promoting a more forward-thinking culture must start at the top and flow down in order for the entire institution to embrace change. Confirm your bank’s risk management personnel are onboard, and involve them from the beginning to ensure a secure and safe transformation.

Refocusing of key positions: Some of your bank’s key positions may change in response to digital transformation. Digitization may shift the focus of some, but these positions are still critical to the institution’s success. For example, instead of manually performing tasks, employees working in an operations department may begin focusing on automating processes for the institution.

Resistance to change: Many institutions have executives that will champion progress, while others are resistant to the changes required to adopt a digital-first approach. Identify the champions at your institution and empower them to lead your digital transformation.

Lack of innovative thought leadership: It will take true out-of-the-box thinking to digitally compete with the big banks and emerging fintech companies. Encourage that kind of modern thinking within your institution.

Misguided beliefs: Quash any notions that a mobile banking app is the only component of a digital strategy, or that a digital-first approach means that personalization is no longer needed. Back-end operations and internal processes must fully support a digital environment that effectively identifies and fulfills individual customer needs based on their actions and behaviors — without adding friction to the customer experience.

Mitigating Regulatory Risks

Digital compliance and cybersecurity: Banks operating in a digital environment must still comply with all applicable laws and regulations. This includes paying attention to uniquely digital processes that are covered under specific rules, such as electronically signing documents per the E-Sign Act. To mitigate risk, institutions should invest in technology designed to ensure compliance and strengthen cybersecurity.

Third-party risk management: Many banks are outsourcing all or part of their digital strategy to fintechs and other third-party vendors out of necessity. But institutions are still ultimately responsible for all functions, whether they are performed internally or externally. A robust vendor management program is key to avoiding unqualified third-party providers. A provider must understand applicable regulatory requirements, be able to adhere to them and guarantee compliance.

Fraud and identity theft: The increase in banking without face-to-face interaction can increase the risk of synthetic identity fraud, traditional identity theft and account takeovers. Your bank should meet these challenges by reviewing and strengthening your Bank Secrecy Act/anti-money laundering (BSA/AML), know your customer (KYC), customer due diligence (CDD), cybersecurity and other relevant compliance programs. Digitizing internal processes will result in more available data as well as the ability to use AI to monitor customer behaviors and efficiently identify potential fraud.

While digitization can increase certain risks for banks that undertake such a transformation, enabling enhanced digital banking risk management to secure digital channels, mitigate risk and deliver a frictionless customer experience is worth the effort.

Enhancing Risk & Compliance

Financial institutions increasingly seek to use technology to efficiently and effectively mitigate risk and comply with regulations. Bank leaders will need the right solutions to meet these objectives, given the amount of data to make sense of as organizations include risk as part of their decision-making process. Microsoft’s Sandeep Mangaraj explains how banks should explore these issues with Emily McCormick, Bank Director’s vice president of research. They discuss:

  • How Risk Management is Evolving
  • Adopting AI Solutions
  • Planning for the Future

Beware Third-Quarter Credit Risk

Could credit quality finally crack in the third quarter?

Banks spent the summer and fall risk-rating loans that had been impacted by the coronavirus pandemic and recession at the same time they tightened credit and financial standards for second-round deferral requests. The result could be that second-round deferrals substantially fall just as nonaccruals and criticized assets begin increasing.

Bankers must stay vigilant to navigate these two diametric forces.

“We’re in a much better spot now, versus where we were when this thing first hit,” says Corey Goldblum, a principal in Deloitte’s risk and financial advisory practice. “But we tell our clients to continue proactively monitoring risk, making sure that they’re identifying any issues, concerns and exposures, thinking about what obligors will make it through and what happens if there’s another outbreak and shutdown.”

Eight months into the pandemic, the suspension of troubled loan reporting rules and widespread forbearance has made it difficult to ascertain the true state of credit quality. Noncurrent loan and net charge-off volumes stayed “relatively low” in the second quarter, even as provisions skyrocketed, the Federal Deposit Insurance Corp. noted in its quarterly banking profile.

The third quarter may finally reveal that nonperforming assets and net charge-offs are trending higher, after two quarters of proactive reserve builds, John Rodis, director of banks and thrifts at Janney Montgomery Scott, wrote in an Oct. 6 report. He added that the industry will be closely watching for continued updates on loan modifications.

Banks should continue performing “vulnerability assessments,” both across their loan portfolios and in particular subsets that may be more vulnerable, says James Watkins, senior managing director at the Isaac-Milstein Group. Watkins served at the FDIC for nearly 40 years as the senior deputy director of supervisory examinations, overseeing the agency’s risk management examination program.

“Banks need to ensure that they are actively having those conversations with their customers,” he says. “In areas that have some vulnerability, they need to take a look at fresh forecasts.”

Both Watkins and Goldblum recommend that banks conduct granular, loan-level credit reviews with the most current information, when possible. Goldblum says this is an area where institutions can leverage analytics, data and technology to increase the efficiency and effectiveness of these reviews.

Going forward, banks should use the experiences gained from navigating the credit uncertainty in the first and second quarter to prepare for any surprise subsequent weakening in credit. They should assess whether their concentrations are manageable, their monitoring programs are strong and their loan rating systems are responsive and realistic. They also should keep a watchful eye on currently performing loans where borrower financials may be under pressure.

It is paramount that banks continue to monitor the movement of these risks — and connect them to other variables within the bank. Should a bank defer a loan or foreclose? Is persistent excess liquidity a sign of customer surplus, or a warning sign that they’re holding onto cash? Is loan demand a sign of borrower strength or stress? The pandemic-induced recession is now eight months old and yet the industry still lacks clarity into its credit risk.

“All these things could mean anything,” Watkins says. “That’s why [banks need] strong monitoring and controls, to make sure that you’re really looking behind these trends and are prepared for that. We’re in uncertain and unprecedented times, and there will be important lessons that’ll come out of this crisis.”

Approaching Credit Management, Risk Ratings Today

As a credit risk consulting firm that supports community and regional banks, Ardmore Banking Advisors has assembled some credit risk management best practices when it comes to how executives should look at their bank’s portfolio during the coronavirus-induced economic crisis.

It is clear that the expectation of regulators is that credit risk management programs (including identification, measurement, monitoring, control and reporting) should be enhanced and adapted to the current economic challenges. Credit risk management programs require proactive actions from the first line of defense (borrower contact by loan officers), the second line of defense (credit oversight) and the third line of defense (independent review and validation of actions and risk ratings).

Boards will have to enhance their oversight of asset quality. Regulators and CPAs will be focusing on process and control, and challenge the banks on what they have done to mitigate risk. Going concern opinions on borrowers by CPAs may become widely used, which will put pressure on banks to be conservative in risk ratings.

New regulatory guidance and best practices indicate that more forward-looking, leading indicators of credit must be employed. We expect greater emphasis on borrower contact and information on liquidity and projections. These concepts are also embodied in the new credit loss and loan loss reserve model that went into effect at larger banks in the first quarter.

Many banks have used Covid-19 as an opportunity to increase their loan loss provisions, reviewing their portfolios for weaknesses in borrowers that may never recover. This evaluation will be expected by regulators during examinations; it is a good indication of forward-thinking proactive oversight by a bank’s officers and directors.

Risk Rating Approaches in the Current Climate
When it comes to risk ratings, it is not advisable for banks to automatically downgrade entire business segments. Instead, executives should scrutinize the most vulnerable segments of the portfolio that include highly stressed industries and types of loans.

Banks do not have to downgrade modifications or extensions solely because they provided relief related to Covid-19; however, the basis for extensions or modifications should be evaluated relative to the ultimate ability of the borrower to repay their loans going forward, after the short-term disruption concludes or the deferral matures.

We have observed that regulators are focusing on second deferrals and asking whether a risk rating change or troubled debt restructuring are warranted. Banks should be reviewing information on further deferrals to determine if there could be an underlying problem indicating that payment is ultimately unlikely.

Paycheck Protection Program loans do not require a downgrade; however, banks may want an independent review of PPP loans to identify any operational or reputational risk. We also recommend that current customers who received PPP loans should be evaluated for their ability to repay other loans once the short-term disruption concludes.

Credit review, the third line of defense, is typically a backward-looking exercise, after loans are already made and funded. It is predicated primarily on an independent review of the analysis of borrowers by loan officers during the first line of defense, and credit officers in the second line of defense. For over 10 years, the industry has experienced relatively good economic times. The current environment requires a more insightful assessment of the bank’s actions and the borrower’s emerging risk profile and outlook, with less reliance on past performance.

The bank should evaluate historical and recent financial information from the borrower as a predicate for evaluating the borrower’s ability to withstand current economic challenges. Executives should review any new information reported by the bank’s officers on the current condition, extensions or modifications provided and the current status of the borrower’s operations to determine if a risk rating change is necessary.

Importance of Credit Review for Banks
Banks must look carefully at risk ratings to confirm that all lines of defense have properly reviewed the borrowers, with a realistic assessment of their ultimate ability to repay the loan after any short-term deferrals, modifications or extensions due to the Covid-19 disruption. This includes an assessment of whether the action requires formal valuation of troubled debt restructuring status. The banks can then follow the current regulatory guidance that an extension or modification does not in itself require a designation as a TDR.

We believe based on our years in banking that the bank regulators will test the bankers’ response and process in the current economic downturn. They, and the CPAs certifying annual financial statements, will expect realistic credit risk evaluations and controls as confirmed by independent and credible loan reviews. Bank boards and executive management teams will be well-served by accurate loan and borrower credit risk assessment during regulatory exams and the annual financial CPA audits for 2020.

Recalibrating Bank Stress Tests to a New Reality

Any bank that stress tested its loan portfolios prior to the Covid-19 pandemic probably used a worst-case scenario that wasn’t nearly as bad as the economic reality of the last five months.

Stress tests are an analysis of a bank’s loans or revenue stream against a variety of adverse computer-generated scenarios. The results help management teams and their boards of directors gauge whether the bank has adequate reserves and capital to withstand loan losses of various magnitudes. One challenge for banks today that incorporate stress tests into their risk management approach is the lack of relevant historical data. There is little modern precedent for what has befallen the U.S. economy since March, when most of the country went into lockdown to try to flatten the pandemic’s infection rate. The shutdowns tipped the U.S. economy into its steepest decline since the Great Depression.

Does stress testing still have value as a risk management tool, given that we’re navigating in uncharted economic waters?

“I would argue absolutely,” says Jay Gallagher, deputy comptroller for systemic risk identification support and specialty supervision at the Office of the Comptroller of the Currency. “It is not meant to be an exercise in perfection. It’s meant to say within the realm of possibility, these are the scenarios or variables we want to test against. Could we live with what the outcome is?”

The Dodd-Frank Act required banks with assets of $10 billion or greater to run annual stress tests, known as DFAST tests, and report the results to their primary federal regulator. The requirement threshold was raised to $100 billion in 2018, although Gallagher believes that most nationally chartered banks supervised by the OCC still do some form of stress testing.

They see value in the exercise and not having the regulatory framework around it makes it even more nimble for them to focus on what’s really important to them as opposed to checking all the boxes from a regulatory exercise,” says Gallagher. “We still see a lot of banks that used to have to do DFAST still use a lot of the key tenets in their risk management programs.”

Amalgamated Bank, a $5.8 billion state chartered bank headquartered in New York, has been stress testing its loan portfolios on an individual and macro level for several years even though it sits well below the regulatory threshold. For the first time ever, the bank decided to bring in an outside firm to do its own analysis, including peer comparisons.

President and CEO Keith Mestrich says it is as much a business planning tool as much as it is a risk mitigation tool. It gives executives insight into its loan mix and plays an important role in decisions that Amalgamated makes about credit and capital.

It tells you, are you going to have enough capital to withstand a storm if the worst case scenario comes true and we see these loss rates,” he says. “And if not, do you need to go out and raise additional capital or take some other measures to get some risk off the balance sheet, even if you take a pretty significant haircut on it?”

Banks that stress test have been forced to recalibrate and update their economic assumptions in the face of the economy’s sharp decline, as well as the government’s response. The unemployment rate spiked to 14.7% in April before dropping to 11.1% in June when the economy began to reopen, according to the Bureau of Labor Statistics. But the number of Covid-19 cases in the U.S. has surged past 3 million and several Western and Southern states are experiencing big increases in their infection rates, raising the possibility that unemployment might spike again if businesses are forced to close for a second time.

“I feel like the unemployment numbers are probably the most important ones, but they’re always set off by how the Covid cases go,” says Rick Childs, a partner at the consulting firm Crowe. “To the extent that we don’t get [the virus] back under control, and it takes longer to develop a vaccine and/or effective treatment options for it, I think they’ll always be in competition with each other.”

Another significant difference between the Great Recession and the current situation is the unparalleled level of fiscal support the U.S. Congress has provided to businesses, local governments and individuals through the $2 trillion CARES Act. It is unclear another round of fiscal support will be forthcoming later this year, which could also drive up the unemployment rate and lead to more business failures. These and other variables complicate the process of trying to construct a stress test model, since there aren’t clear precedents to rely on in modern economic history.

Stress testing clearly still has value despite these challenges, but Childs says it’s also important that banks stay close to their borrowers. “Knowing what’s happening with your customer base is probably going to be more important in terms of helping you make decisions,” he says.

Practical AI Considerations for Community Banks

A common misconception among many community bankers is that it isn’t necessary to evaluate (or re-evaluate for some) their use of artificial intelligence – especially in the current market climate.

In reality, these technologies absolutely need a closer look. While the Covid-19 crisis and Paycheck Protection Program difficulties put a recent spotlight on outdated financial technology, slow technology adoption is a long-standing issue that is exacerbating many concerning industry trends.

Over the last decade, community banks have faced massive disruption and consolidation — a progression that is likely to continue. It’s imperative that bank executives take a clear-eyed look at how advanced technologies such as AI can support their business objectives and make them more competitive, while gaining a better understanding of the requirements and risks at play.

Incorporating AI to Elevate Existing Business Processes
This may seem like a contrarian view, but banks do not need a specific, stand-alone AI strategy. The value of AI is its ability to improve upon existing structures and processes. Leadership teams need to be involved in the development process to identify opportunities where AI can tangibly drive business objectives, and manage expectations around the resources necessary to get the project up and running.

For example, community banks should review how AI can automate efficiencies into their existing compliance processes — particularly in the areas of anti-money laundering and Bank Secrecy Act compliance. This application of AI can free up manpower, reduces error rates and help banks make informed decisions while better serving their customers.

It’s necessary to have a strong link between a bank’s digital transformation program and AI program. When properly incorporated, AI helps community financial institutions better meet rising customer expectations and close the gap with large financial institutions that have heavily invested in their digital experiences.

Practical Steps for Incorporating AI
Once a bank decides the best path forward for implementing AI, there are a few technical and organizational steps to keep in mind:

Minimizing Technical Debt and “Dirty Data”: AI requires vast amounts of data to function. “Dirty data,” or information containing errors, is a real possibility. Additionally, developers regularly make trade-offs between speed and quality to keep projects moving, which can result in greater vulnerability to crashes. Managing these deficiencies, “or technical debt,” is crucial to the success of any AI solution. One way to minimize technical debt is to ensure that both the quantity and quality of data taken in by an AI system are carefully monitored. Organizations should also be highly intentional about the data they collect.More isn’t always better.

Minimizing technical debt and dirty data is also key to a smooth digital transformation process. Engineers can add value through new and competitive features rather than spending time and energy addressing errors — or worse, scrapping the existing infrastructure altogether.

Security & Risk Management: Security and risk management needs to be top-of-mind for community bankers any time they are looking to deploy new technologies, including leveraging AI. Most AI technologies are built by third-party vendors rather than in-house. Integrations can and likely will create vulnerabilities. To ensure security and risk management are built into your bank’s operating processes and remain of the highest priority, chief security officers should report directly to the CEO.

Managing risks that arise within AI systems is also crucial to avoid any interruptions. Effective risk management ties back to knowing exactly how and why changes affect the bank’s system. One common challenge is the accidental misuse of sensitive data or data being mistakenly revealed. Access to data should be tightly controlled by your organization.

Ongoing communication with employees is important since they are the front line when it comes to spotting potential issues. The root cause of any errors detected should be clearly tracked and understood so banks can make adjustments to the model and retrain the team as needed.

Resource Management: An O’Reilly Media survey from 2018 found that company culture was the leading impediment to AI adoption in the financial services sector. To address this, leaders should listen to and educate employees within each department as the company explores new applications. Having a robust change management program — not just for AI but for any digital transformation journey — is absolutely critical to success. Ongoing education around AI efforts will help garner support for future initiatives and empower employees to take a proactive role in the success of current projects.

At a glance, implementing AI technologies may seem daunting, but adopting a wait-and-see approach could prove detrimental — particularly for community banks. Smaller banks need to use every tool in their toolkit to survive in a consolidating market. AI poses a huge opportunity for community banks to become more innovative, competitive and prosperous.