Bolstering Risk Management Through Pay Governance

Risk management has been top-of-mind for bank leaders over the past year. Even before the bank failures in March, there was increased concern among bank leaders around several areas of risk. According to Bank Director’s 2023 Risk Survey, which was released in March but conducted in January 2023, respondents’ concerns about interest rate, credit and liquidity risks all increased markedly in 2023. Bank executives and directors also identified cybersecurity and compliance as areas where their concerns have increased.

Following recent bank failures and the subsequent increased scrutiny by regulators, risk management has become the top priority of the board. As such, compensation committees are fine-tuning how their incentive plan designs and governance processes consider risk management.

Six Ways to Bolster Risk Management Through Executive Pay Governance
Boards can deploy the following safeguards to mitigate risk in their banks’ executive pay programs and signal to external stakeholders that managing risk is a priority. In addition to being effective, each practice is reasonably straightforward to implement.

1. Risk scorecard review by the compensation committee. Absent formal risk-based metrics or a discretionary incentive plan, there are limited mechanisms for the compensation committee to account for risk management performance in a typical annual incentive plan. Presumably, the risk or audit committees review key risk metrics continually. In advance of reviewing the end-of-year financial performance under the incentive plan, the compensation committee reviews the same risk metrics as a first step, either independently or jointly with the risk committee. Based on that review, they can exercise discretion to reduce the payout under the financial results if sufficient rationale exists, such as liquidity concerns or capital deficiencies, among other items.

2. Risk adjustments at the individual level. The committee can adjust earned incentives for senior executives and other key positions, like head of mortgage lending, chief credit officer or chief technology officer, based on performance against risk management priorities within their scope of influence. If a risk management rating or evaluation is part of their individual performance rating or scorecard, they can use it to influence the individual performance factor or individual performance component in the scorecard. If there is no mechanism built into the plan for individual performance, the committee can apply a last-step risk evaluation to inform any negative discretion they may apply.

3. Building more informed discretion into the incentive plan. Though proxy advisors recommend a strict formula, the absence of some discretion in an incentive plan for banks could be rife with unintended consequences. Building in a discretionary adjustment factor with predefined categories for consideration and a specific range for adjustments, such as plus or minus 15%, can align pay decisions with business and risk factors that may not be represented in preset incentive scorecard goals. This provides a mechanism for the committee to consider headwinds, tailwinds and risk behaviors when interpreting results.

4. Risk event triggers in the clawback policy. Restatement triggers will be mandatory for public companies’ clawback policy by Dec. 1. In addition to restatement, misconduct triggers are also common across the industry, while clawbacks triggered by risk events are generally only prevalent among large financial institutions. Adding a risk-event trigger for gross negligence contributing to insolvency can provide a consequential penalty for failing to prevent the worst outcomes for banks of all sizes.

5. Deferred cash. Providing a deferred cash vehicle can align executive interests with creditors and depositors and appropriately balance the shareholder alignment already provided through equity compensation. The value of deferred cash can be indexed to changes in the bank’s book value or an appropriate interest rate to preserve value against inflation; dividends can also be credited during the vesting period, just like a stock unit. The executive becomes an unsecured creditor of the bank with additional incentives to use sound judgment while driving shareholder value.

6. Audit committee confirms the pay and performance of the top audit executive. Many of the charters for the audit committees at large financial institutions task the committee with conducting the annual performance review and approving compensation for the chief audit officer. Midsize and smaller banks could add a level of transparency in their processes and reinforce the independence of the audit function by doing the same.

Managing financial risk is at the core of the industry’s value proposition. In support of this, it is essential that the board oversees programs and processes that reinforce this priority. Employing best practices in a bank’s executive pay program and governance processes can reinforce sound risk management for years to come.

Practical Tips on Artificial Intelligence Risk Management

The world is abuzz with artificial intelligence (AI) and advanced AI chatbots. Unfortunately, regulation rarely keeps up with the breakneck pace of change in the technology world. This leaves many financial institutions wondering how to take advantage of the seemingly endless possibilities of AI without ending up in regulatory hot water.

Even if your financial institution is not ready to dive headfirst into this enticing world, your employees may be curious about what the hype is all about and exploring it on their own. In addition, some of your third parties may be exploring these possibilities as well. Here are three things every financial institution should be doing today to address the future impact of AI:

1. Updating the financial institution’s acceptable use policy to address AI.
Given the rising popularity and curiosity associated with AI, it is critical to provide employees with guidance about your financial institution’s stance on the use of AI. Some areas your financial institution should address in your Acceptable Use Policy and IT program include:

  • Restricting the use of customer data within AI programs without the prior knowledge and approval of Information Security Department.
  • If public AI sites such as Chat GPT are accessible by employees, defining what activity is permissible on these sites. Some examples may include drafting communications or policies, brainstorming ideas, or analyzing publicly available information.
  • Requiring that all AI outputs are reviewed to verify that the information is accurate and correct.

2. Understanding how AI intersects with current regulation.
Although financial regulatory agencies have yet to publish any regulation related to AI, the United States government has been pushing for guidance. The first installment of it came from the National Institute of Standards and Technology (NIST) in the form of an Artificial Intelligence Risk Management Framework, published in January 2023.  In less than 35 pages, it offers a resource to help manage AI risks for organizations designing, developing, deploying, or using AI systems. The framework provides the readers with a method for evaluating and assessing risks associated with AI through common risk management principles that include: govern, map, measure and manage. In addition, the appendix provides a useful summary of how AI risks differ from those of traditional IT systems.

Another resource that mentions AI is the Office of the Comptroller of the Currency’s Model Risk Management Handbook. On Page 4 of the handbook, it describes how users should evaluate systems using AI/machine learning and that these systems may be considered a model. It goes on to state that “even if your financial institution determines that a system using AI is not a model, risk management should be commensurate with the level of risk of the function that the AI supports.”

3. Gaining an understanding of how third parties use and manage AI risks.
Given the dramatic potential for change presented by AI, many technology providers are carefully deliberating how to incorporate and utilize AI within their pre-existing systems or to launch new products. It is important that bank boards and management teams gain an understanding of what third parties are doing and how they are developing appropriate risk management programs.

Long standing financial institution model providers, in areas such as the Bank Secrecy Act or asset and liability management, have a deep understanding of model risk management guidance requirements and often provide certification reports that provide your financial institution with comfort over their model’s inner workings. However, the majority of technology vendors incorporating AI into their products may not be as versed in financial institution regulation and may not hold the view that their products are models — leaving them with nothing to show you. This is why it is critical to talk to third parties early and understand their future plans, to start the discussion about risk management and assurance early.

Like so many other things going on in this rapidly changing world, AI presents new and unique risks — but there is no reason that financial institutions can not setup effective risk management programs to properly identify and monitor these emerging risks. The key is keeping an eye on the horizon and taking the proper incremental steps to continue evolving and maturing your financial institution’s risk management program.

Is Relationship Banking Too Risky?

Before they failed, Silicon Valley Bank, Signature Bank and First Republic Bank were highly profitable and well known for using a relationship banking approach to attract and retain customers. But their failures demonstrate that this approach can create serious risks for an institution in an environment where technology makes it easier for customers to move money.

Peter Serene, a managing director at bank data firm Curinos, says the risks that stem from relationship banking are layered.

“Relationship banking was not the problem. The problem was the concentration,” he says. “[T]he banks that failed were very concentrated. Relationship banking is still good but you can’t be single threaded on a particular segment.”

Broadly defined, relationship banking is an approach where bankers establish long-duration affiliations with their customers, often paired with high customer service. The hope is that this closeness means customers will bring their lending, payments and deposit accounts to the bank and may be less sensitive to price.

“From the bank’s perspective, you have a pretty stable deposit base and stable, repeat customers who come back to you. It’s an opportunity to cross sell and upsell new products and offerings as the customer’s needs change throughout their life cycle,” says Elena Shtern, customer advisory lead for financial regulatory territory at SAS.

Shtern points out that relationship banking was a “big differentiator” for the three banks that failed this spring. Silicon Valley Bank served the innovation economy and First Republic Bank catered to the wealthy. Signature Bank focused on New York real estate firms; its approach paid off until 2023, given its no. 10 tie in Bank Director’s RankingBanking based on 2022 results for institutions with more than $50 billion in assets.

But relationship banking at Signature led to large deposit accounts, according to the Federal Deposit Insurance Corp.’s postmortem report. Uninsured deposit accounts totaled 90% of total deposits: around 60 clients had balances above $250 million and another 290 clients had balances above $50 million. The FDIC wrote that examiners flagged the potential volatility of an uninsured deposit concentration. Management responded that they “believed the deposit base was considerably stable” but the FDIC said those assumptions weren’t well documented or substantiated.

Relationship banking also couldn’t assuage customer concerns about bank solvency — and digital banking technology has made it easier for funds to move. Serene says the large accounts, which were often non-operational corporate funds, “moved faster than models predicted” they would in a stressed liquidity environment. He points out that under the liquidity coverage ratio rules, these types of accounts have an assumed runoff of 40% over 30 days.

“In the case of the banks that failed, the numbers were more like 40% of [those] deposits left in 30 hours. There’s some real rethinking about behaviors,” he says. “Evolution in technology has made a difference.”

But technology doesn’t have to undermine a relationship banking approach. Sioux Center, Iowa-based American State Bank is building and strengthening relationships with customers and their children through its partnership with The Postage, a fintech that helps families organize their finances far ahead of transitions such as a move into care facilities or death, create wills and leave memories and messages for each other.

Tamra Van Kalsbeek, the bank’s digital banking officer, sees The Postage as a way the bank cares for its customers, while gathering deposits and connecting with different family members. It also allows the bank to attract business without competing on price. She says the bank’s “spirit club” of customers aged 55 and older were “really receptive” to the product. It has been a way for the customer or the bank to start a conversation with an executor of an estate or will.

Going forward, institutions that use a relationship banking approach may want to closely examine naturally occurring concentrations and diversify their customers and the types of accounts they have, Shtern says. Diversification among clients can increase bank stability, since it offsets the negative impact one group of customers might have. Martin Zorn, managing director, risk research and quantitative solutions at SAS Institute, adds that directors should ensure that executives are addressing concentration risks through close monitoring, hedges and increased liquidity. Boards should also press management on the inputs and assumptions that populate risk management models, ensure that they understand the answers and hold management accountable to addressing these risks.

“How do you manage your models? What is that governance around the model management? How do you stress test, back test or validate your models?” Zorn says. “Depending on your strategy, you may not be able to avoid concentration. There’s nothing wrong with taking more risk if you have the appropriate mitigants in place.”

Governance issues like these will be covered during Bank Director’s Bank Board Training Forum in Nashville Sept. 11-12, 2023.

Assessing Risk Management Readiness

As recent events have shown, even large, sophisticated banks can fail. These failures have been the result of risks which generally are managed within bank treasury groups: market and liquidity risks. For these banks, decreased market values of high-quality assets, paired with excessive levels of uninsured deposits, was a fatal combination.

There are a number of proactive tangible steps that boards and management teams can take to evaluate and enhance their institutions’ current market and liquidity risk management practices, beyond first-tier risk management.

Let’s start with measurement. Virtually all banks calculate base case balance sheet interest rate and liquidity risks. They need to measure the short-term effects on net interest income, along with the effect on market values in both rising and falling rate scenarios. They should particularly scrutinize portfolios that require behavioral assumptions for cash flows: non-maturity deposits, loan commitment facilities and mortgage-based assets.

This is where banks frequently fall short in not creating sufficiently stressed scenarios. They view extremely stressed scenarios as implausible — but implausible scenarios do occur, as demonstrated by the pandemic-driven economic shutdown. And yet, considering every possible extreme scenario will lead to scenario exhaustion and balance sheet immobilization.

What to do? One approach is to reverse the process and ask, “Where are potential exposures that could hurt us in an adverse scenario?” Use large, rapid movements up and down in interest rates, changes in yield curve shape like inversion or bowing, customer actions that drain liquidity, and market situations which affect hedge market liquidity and valuations. These scenarios create stresses based on known relationships between market events and balance sheet responses along with the effects of uncertain customer behavioral responses in these environments.

From these scenarios, the bank would know the market value and net interest income effects on investments, loans and known maturity liabilities. On non-maturity deposits and undrawn amounts in committed loan facilities, the bank must rely on assumptions of how these items would behave in various scenarios. One starting place for setting these assumptions is the outflow rates provided in the liquidity coverage ratio rules, which can be used for base assumptions, followed by scenarios with variations around these starting levels of outflow.

Measurement may be the most straightforward element of managing balance sheet risks. Once the bank puts measurements in place, they must communicate, acknowledge and act on them. Each of these elements present an opportunity for breakdown that executives should evaluate.

Effective communication is the responsibility of both treasury and risk management teams. In normal operating times, treasury develops information and risk management challenges this information. Risk management must then interpret the results for executives and the board. This interpretation role is useful in normal operating environments, but critical in stressed environments; risk management amplifies treasury’s message to ensure timely and appropriate actions.

Effective balance sheet risk communication must be accurate and timely. These communications include two critical components:

  • They are layered. The first layer shows the status of compliance with policy limits. The second layer provides a narrative of the current balance sheet situation, operating environment, projected earnings and range of potential risks. Unfortunately, the second layer often is presented as a compendium of everything that has been calculated and analyzed — but this compendium of information should occur in a third reference layer.
  • They are designed for the intended audience. Asset/liability committee, executive management and the board each should be receiving a different form of communication that aligns with their decision-making role.

Acknowledgement and action both must occur outside of the treasury group. Executive management and the board must absorb the risk situation and act accordingly. There is one word that captures the likelihood that a bank will effectively acknowledge and act on a risk situation: culture. An effective risk culture is one where all parties strive to optimize returns within agreed risk parameters while looking to eliminate or mitigate risks where possible.

There are signposts of effective risk management that a bank can evaluate and act on now. Management teams and the board should be looking at their current risk management practices and determine:

  • Are the measurements correct?
  • Is the information on risks communicated in ways that are digestible by each intended audience?
  • Are policy limits comprehensive and aligned with risk levels required to support business activities?
  • Do risk management groups have unfettered access to all information, as well as regular interactions with key board members?
  • Is everyone working collaboratively towards optimizing long-term risk adjusted returns?

If the answers to all these questions are “yes”, then the risk management function seems to be effective. If not “yes,” use the markers described above as starting guidance on moving toward effective risk management.

Liquidity Risk Looms in 2023

Liquidity and interest rate risk dominated bankers’ minds following a series of rapid interest rate hikes by the Federal Reserve, and deposit pricing has proven to be a particular challenge. In 2023, bank leaders will likely focus much of their time on various strategies aimed at growing low-cost deposits while also increasing lending, says Craig Sanders, a partner with Moss Adams. At the same time, bank executives and directors are also confronting growing concerns around cybersecurity risk and regulatory scrutiny of certain fees, such as overdraft charges. 

Topics include: 

  • Liquidity Management  
  • Cybersecurity Expertise 
  • Third-Party Risk Oversight 
  • Responding to More Scrutiny on Fees 

Bank Director’s 2023 Risk Survey, sponsored by Moss Adams, explores several key risk areas, including interest rate risk, credit risk, cybersecurity and emerging issues. The survey results are further explored in the second quarter issue of Bank Director magazine.

5 Ways Bank Boards Can Strengthen Operational Resilience

As banks face an expanding array of threats and challenges, boards recognize the need to adapt their thinking. As a result, boards are increasingly taking a new approach to operational resilience.

The topic of operational resilience calls to mind internal planning efforts to address a list of everything that could go wrong: next-generation cyberattacks and data breaches, fraud, natural disasters and the economic shocks of inflation and interest rate changes. These critical issues all require careful board oversight of risk mitigation strategies.

But what about external, customer-driven disruptions? Customers now expect seamless digital banking services and omnichannel experiences. New fintech competitors are capable of providing these amenities and are grabbing market share from traditional banks. Many traditional banks aren’t keeping up. An eye-opening 95% of bank executives “believe their current outdated legacy systems and technological capabilities are unable to fully optimize their data for customer-centric growth strategies,” according to the World Retail Banking Report 2022.

These are existential challenges and they demand the same level of attention from the board as, say, cybersecurity. Bank boards should ask themselves: How can we remain relevant in this rapidly changing landscape?

Redefining Operational Resilience
As they wrestle with new challenges and demands, many board members are opening up to a new mindset and approach to operational resilience. Today, becoming an adaptable, resilient bank requires two intertwined, customer-focused objectives:

  • Remaining relevant to customers by offering new services and conveniences.
  • Maintaining customer trust by protecting their data and money and executing transactions securely.

This balanced approach means that operational resilience can be more broadly defined as a company’s ability to build confidence and trust in its capability to adapt to changing circumstances.

Addressing Operational Resilience
Bank boards — including their audit and risk committees — can incorporate this new approach to operational resilience into their oversight activities starting with these five steps.

1. Add value creation to the board’s mandate and mindset
Boards often focus heavily on oversight of traditional risk management and compliance: protecting value. But they also should take more responsibility for creating value and guiding bank strategies to evolve services and compete with financial services startups. Both activities contribute to increased operational resilience.

2. Embrace a customer-centric point of view
Directors should approach both value protection and value creation from a customer perspective. That means working harder to understand customer needs and consider how any decision might affect customers. During board meetings, this customer focus can shape dialogues and influence the types of questions asked, even with seemingly internally focused topics. Board members also should make every attempt to connect with customers directly — for example, inviting them to board meetings to share their perspectives.

3. Allocate more time on the agenda for operational resilience
Boards rightly prioritize risk management on their meeting agendas, but competitive risks also should be part of those conversations. And risk-focused conversations should be balanced with discussions of strategy and value creation. These topics are essential to operational resilience, which means that board agendas might need to be restructured to allocate sufficient time for each.

4. Evaluate market conditions more frequently
Boards undertaking strategic planning only once a year might not be able to adapt quickly to changing economic conditions and customer needs. A more frequent cadence of market sensing is in order. For example, one bank board performs a quarterly exercise: Directors define the five most important external events that affect the current strategy and discuss any needed adjustments at board meetings.

5. Diversify board representation
Effective, dynamic boards prioritize diversity, equity and inclusion. A more diverse board offers a better understanding of the diverse needs of its customers. Establishing more female and minority representation — as well as generational diversity to include younger demographics — boards can bring fresh, diverse perspectives to discussions on value creation and customer relevance. Board members with varied professional backgrounds, beyond finance, also can enrich strategic discussions.

Disruption Is the New Normal
Over the past several years, banks have faced wave after wave of challenges and disruptions. But imagine that every disruption is a chance to improve the organization. Organizations that can do so embrace disruption, because they know they are resilient and can improve. Moving forward, the bank leaders who adopt an evolved, customer-centric approach to operational resilience — encompassing both risk management and value creation — are most likely to thrive.

5 Strategies for Maximizing Cybersecurity Efficiency

The balance between operational efficiency and risk management is a story ultimately told in the bank’s efficiency ratio; the rising cost of cybersecurity tools and talent don’t take a break when the market indicates trouble on the horizon.

The ever-evolving threat landscape lays a finger on the scales, given that cybersecurity incidents are costing banks more than ever. But there five ways banks can maximize their cybersecurity maturity leading into this uncertain environment by focusing on the less glamorous half of the ratio: the cost of doing business.

1. Include Line-of-Business Training in Cybersecurity Personnel Development Plans
Employees drive the every bank’s digital transformation strategic initiatives. As bank technology stacks grow, so do the exposure to cybersecurity risk. This has ushered even the most mundane workflows carried out by cybersecurity professionals further and further into the bank’s service chain.

Simply put, cybersecurity analysts make risk-based decisions about whether to accept or reject communication from bank customers all day long. In many ways, these employees act as digital bank tellers who engage in Know Your Customers practices more intimately than anyone else — except without all the line-of-business training expected in these customer-facing roles. When the cybersecurity team’s objective changes from defending the bank to supporting growth goals through cybersecurity, each risk-based decision figures into the opportunity at hand.

2. Streamline the Tech Stack
Banks, particularly those that grow through mergers, often struggle with weaving together an integrated tapestry of IT infrastructure. This can be further complicated by a la carte shopping for best-in-show solutions for disparate use cases. As banks evaluate the most opportune areas to increase their efficiency, this is an excellent time to find overlapping features between tools. Consolidating the technology stack can reduce the overall spend for ongoing licensure, as well as the number of systems to learn, support and monitor. Simpler operations are more efficient operations; streamlining the tech stack allows the organization to take full advantage of this principle.

3. Focus on the Cybersecurity Culture
For too long, the banking industry has repeated the outdated cybersecurity mantra: Humans are the weakest link. The elements of the typical security awareness training program begins with sending fake phishing emails to employees and ends with corrective trainings and action plans. Often, phishing test failure is a key risk indicator that follows employees over time. This leaves employees with only two conclusions: The employee is powerless against cybersecurity attacks, because humans will always be the weakest link, or every email represents an opportunity to fail.

If the goal of a security awareness training is to reduce cyber risk, would the program be any less effective if departed from the “Gotcha!” approach? Humans are the greatest factor in detecting and responding to attacks. This approach empowers employees to be active participants in every phishing decision and serves as a more impactful means of professional development during a time when budgets are thin.

4. Strengthen Collaboration and Communication
While the pandemic certainly feels like a thing of the past, the impact it has made on every bank’s culture still prevails. Whether the strategy has been to fully embrace work from home, return to office or to find some compromise with hybrid work schedules, communication within the bank looks different today.

In times of economic uncertainty, collaboration and communication are even more critical — which makes this is the best time to focus on communication and collaboration. Include loan production and other front line employees in incident response tests to practice critical lines of communication before it’s necessary. Empower business continuity teams to place a greater emphasis on simple exercises like cross-training within a department to increase collaboration and resiliency during turnover, which might happen due to changes in the market.

5. Strategize the Way AI Will Shape the Bank
While some experts are predicting the impact that artificial intelligence will have on the workforce over the next 10 years, one thing is certain: Employees are already using AI in their workflows. This creates opportunities for design without focus — the enemy of efficiency — but the greater risk that loose AI adoption poses to banks is model risk. Without a foundational model risk governance framework, banks will repeat the mistakes of AI pioneers. Banks should make this a planning year and invest time in strategy rather than budget in new automation tools.

As banks navigate the delicate balance between operational efficiency and risk management, the rising cost of cybersecurity and the looming uncertainties in the economy place risk managers in the pivotal role of controlling the efficiency ratio. By focusing on the strategic measures of risk management instead of revenue operations alone, banks can maximize their resilience and efficiency leading into the second half of 2023. Whether a hot or cold economy greets the industry in 2024, it will be the efficient banks that have the most to gain.

Turning Cost Centers Into Strategic Innovators

Compliance, risk and audit are important components to safe and sound banking, but too often they’re thought of as cost centers that don’t play a major role in customer engagement. However, those so-called cost centers can help drive new business. Engaging those functions from the start can lead to better partnerships with fintech vendors and ultimately to a better experience for the customer, says Michelle Prohaska, chief risk and compliance officer at Nymbus.

In this video, she discusses:

  • Vendor Selection
  • Best Practices for Communication with Vendors
  • Third-Party Risk Considerations

Loan Review Best Practices: Key to Combating Credit Risk

Despite current benign credit metrics, there’s a growing industry-wide sentiment that credit stress looms ahead.

There’s a proven correlation between early detection of emerging credit risk and reduced losses. Effective and efficient loan reviews can help your institution better understand the portfolio and identify potential risk exposures. Now is the time for banks to ensure their loan review, either in-house or external, can proactively identify potential credit weaknesses, gain deep knowledge about the subsegments of the portfolio, learn where the vulnerabilities exist and act to mitigate risk at the earliest opportunity. It’s time to emulate a whole new set of loan review best practices:

1. Trust your reviews to professionals with deep credit experience — not just junior CPAs.
Your reviewers should be seasoned experts that are skilled in the qualitative and quantitative axioms of credit, with hands-on experience in lending and risk management. Because their experience will drive better reviews and deliverables, it’s a good idea to ask for biographies of people assigned to your institution.

2. Confirm your review includes paralegal professionals to conduct separate documentation reviews.
It is essential that your loan reviews include specialists with technical expertise in regulatory and legal compliance, lending policy adherence, policies, collateral conveyances, servicing rules, among others — working in tandem with seasoned credit professionals.

3. Insist on smart, informed sampling.
To uncover vulnerabilities in specific segments of the portfolio, rely on a selection process that helps you choose very informed samples indicating possible emerging risk.

4. Quantify both pre- and cleared documentation, credit and policy exceptions.
In the best of times, many loan reviews show almost no bottom-line degradation in loan quality for the portfolio as a whole. On close examination, you may find significant numbers of technical and credit exceptions indicating that the quality of your lending process itself may need to be tweaked.

5. Understand your own bank’s DNA.
In this complex economic environment, it is imperative for institutions to analyze their own idiosyncratic loan data. Arm your loan review team with the ability to automatically drill down into the portfolio and easily examine trends and borrower types to inform risk gradings, assess industry and concentration risk, along with other variables. Seasoned reviewers will be incredibly valuable in this area.

6. Observe pricing based on risk grades, collateral valuations and loan vintages.
Loans originating around the same time and credits that tend to migrate as a group tend to share common risk characteristics. Isolating and analyzing those credits can answer the important question, “Are you being paid for the risk you’re taking?”

7. Pair loan reviews with companion stress testing.
Regulators are encouraging stress tests as a way for banks to learn where their risk may be embedded. Companioning the tests with loan reviews is a productive way to gain this knowledge. Start at the portfolio level and do loan-level tests where indicated.

8. Transparently report and clear exceptions in real time.
Banks can benefit from using fintech’s efficiency to remove huge amounts of time, team meetings and staff intrusions from the traditional process of reviewing loans. An online loan review solution gives teams a way to see exception activities and clearances as they happen.

9. Comply with workout plan requirements prescribed by interagency regulators.
Banks typically design workout plans to rehabilitate a troubled credit or to maximize the collected repayment. Regulators now require institutions to examine these plans independently as a standard loan review procedure that reflects a healthy degree of objectivity.

10. Deliver comprehensive management reports and appropriate high-level board reports with public/peer data.
Management should receive prompt and thorough loan review reports; board members should receive high-level reports with appropriate, but less detailed, information. Public data or analyses of your institution’s performance as compared to peers should accompany this reporting.

11. Conduct loan reviews as a highly collaborative and consultative exercise — counter to “just another audit.”
An effective loan review is not an internal audit experience. It’s an advisory process, and this approach is extremely important to its ultimate success. Substantive dialogue among participants with differences of opinion is key to favorable outcomes for the institution.

12. Take advantage of a technology platform to automate every possible aspect of the loan review process.
Best practices call for the efficiency that comes with automating the loan review process to the maximum extent possible, without sacrificing substance or quality. Technology enables faster and more complete early detection of vulnerabilities.

Loan reviews are critical to an institution’s risk-management strategy. It’s a one-two punch: Deeply qualified reviewers combined with automated technology that delivers a more efficient, less intrusive loan review process that will help combat the looming credit stress ahead.

In an Uncertain Market, Count on Data

Against a backdrop of challenging macroeconomic risks, including inflation, potential recession and high interest rates, banks are also dealing with volatility connected to the collapse of three regional banks. These are difficult times, especially for financial institutions.

At the same time, banks are struggling to achieve primacy: being the go-to for their customers’ financial needs amid the marketplace of more agile fintechs. To do this, banks need to make smart decisions, fast. This amalgamation of business-impacting factors might seem like an unsolvable puzzle. But in an uncertain market, banks can leverage data to cultivate engagement and drive primacy.

Banks can count on data, with some caveats. The data must be:

  • While there is a massive amount of data available, banks often lack a complete picture of the consumers they serve, particularly as digital banking has made it easier for consumers to initiate multiple financial relationships with different providers to get the best deals. It’s vital that banks get a holistic view of all aspects of a consumer’s financial life, including held away accounts, insurance and tax data.
  • Increased open banking functionality empowers consumers to take charge of their data and use it to be financially fit. Open banking serves that connectivity and makes it more reliable.
  • Banks are flooded with data, the torrent of which makes it difficult to extract value from that data. Up to 73% of data goes unused for analytics. But the right analytics allows banks to reduce the noise from data and glean the necessary insights to make decisions and attract and retain customers.
  • Most transaction data is ambiguous and difficult to identify. Banks need enriched data they can understand and use. Data enrichment leads to contextualized, categorized data that gives banks tangible insights to improve their customer’s journey and inform more meaningful interactions.

Data as a Differentiator
Once banks have high quality data, they can use it to differentiate themselves across three key areas:

1. Make smart, fast customer decisions.
Banks are expected to deliver relevant offers at the right time to customers before rapidly making critical risk decisions. The ability to do this hinges on having a holistic view into the totality of a customer’s bank accounts. Data science algorithms using artificial intelligence and machine learning can then surface insights from that data to engage, retain and cross-sell via personalized, proactive experiences. From there, banks can execute for growth with rapid integrations that help gain wallet share and productivity.

2. Promote financial wellness.
Banks are nothing without their customers. To win and keep customers, banks need to provide tools and products that can enable an intelligent financial life: helping consumers make better financial decisions to balance their financial needs today and building to meet their aspirations for tomorrow. One way to help them with this is to provide a holistic view of their finances with account aggregation and money management tools. According to a recent survey, 96% of consumers who used financial apps and tools powered by their aggregated data were more likely to stay with the financial institution providing these tools. These tools give banks a way to helping their customers and inspire loyalty.

3. Forecast and manage risk.
Uncertainty over recent events in the banking industry has made the need for immediate insights into net deposit flows an imperative. Banks can use aggregated data to identify, forecast and manage their risk exposure. Digital transformation, which has been all the rage for years now, can enable centralized holistic views of a bank’s entire portfolio. Dashboards and alerts make it more practical for bankers to identify risks in the bank as they develop. A platform approach is vital. Banks need an entire ecosystem of data, analytics and experiences to mobilize data-driven actions for engagement, retention, growth and ROI.

Now more than ever, banks rely on data to cultivate engagement and drive primacy. Starting with holistic, high-quality data and applying analytics to derive insights, banks can drive the personalized consumer experiences that are necessary to attract and retain customers. And they can use that same data to better forecast and manage risk within their portfolio.