Why Asset Size Does Not Matter To Regulators In ERM

ERM-1-21-19.pngConventional wisdom in banking has been that asset size matters in terms of regulatory expectations around enterprise risk management (ERM).

But that traditional school of thought might be changing. A new question has emerged: is it the institution’s asset size that matters, or is the complexity of the risk profile more important?

A common question among peer roundtables: what is a bank expected to do for ERM as it approaches the $10 billion asset size threshold of a regional banking organization (RBO)? The Federal Reserve considers an RBO to have total consolidated between $10 billion and $50 billion.

The next question typically is if regulatory expectations have lessened around comprehensive capital analysis and review (CCAR) or Dodd-Frank Act Stress Test (DFAST) requirements because of recent reforms in Congress?

These are hot topics especially for banks below the $10 billion asset size bubble, known as community bank organizations (CBO) by the Fed, because the cost of ERM implementation remains high.

Specific to CBOs between $2 billion and $5 billion in assets, regulatory agencies have been providing more prescriptive guidance and recommendations to upgrade and enhance ERM and model risk management frameworks consistent with existing regulatory guidance aimed at RBOs.

Examinations are more detailed, covering policies and procedures, personnel, risk appetite, risk assessment activities and board reporting. Examiners are pushing smaller banks to recognize the ERM value proposition because a keen risk awareness will inspire more informed decisions.

An effective ERM program starts with the risk culture necessary for appropriate governance of policies and procedures, risk awareness training, tone from the top and credible challenge. The culture should start with the CEO and the board establishing a proactive risk strategy and aligning the risk appetite of the bank with strategic planning.

Implementing an effective risk management program is understanding your bank’s risk profile and addressing matters proactively, having the discipline to identify emerging risks and mitigating those risks before a risk event or loss.

As banks approach $10 billion in assets, they are expected to increase the rigor around risk identification and assess risks for their likelihood and impact before identifying risk-mitigating controls.

A CBO should have a champion to effect change strategically throughout the organization, rather than a regulatory or audit check-the-box exercise. The risk management champion can be compared to an orchestra conductor who does not need to do everyone else’s job but should be able to hear someone is out of tune. Breaking down silos is key because risk management should be a continuous, collaborative process involving all stakeholders.

Regulatory expectations are converging as examiners push smaller banks to show a safe and sound risk management framework. This should encompass a separate board risk committee, or, at a minimum, a subcommittee responsible for ERM.

All banks have traditionally been expected to maintain appropriate risk management processes commensurate with their size and complexity and operate in a safe and sound manner.

The formality and documentation required is a new, evolving trend. Board and senior management oversight is important, as is risk monitoring and information system reporting. Board support is critical to understand risk areas, develop training programs and establish accountability among leadership and risk management team members.

Regulatory scrutiny for banks below $10 billion of assets has increased for ERM sub-processes, including model risk management, new products and services and third-party risk management.

We live in a post-CCAR world trending toward deregulation; however, the regulatory burden of risk management expectations for the smaller CBOs is increasing. Essentially, asset size does not matter anymore.

Are De Novos Making A Comeback?

de-novo-7-3-18.pngThere was a time, not long ago, when FDIC approved 237 applications in a single year. That was 2005. It’s unlikely there will be a return to similar activity levels, the de novo activity has grown from the post-recession single-digit levels to more than 20 open applications. That number that is anticipated to increase through 2018.

Among the de novos are geographically diverse groups involving non-traditional business models, online services, foreign nationals, ethnic/professional niches and minority ownership. Regulators have been open to applications that may have been deemed “non-starters” years ago.

Changes have been made to the FDIC application process that will benefit new community banks such as lessening the de novo period from seven to three years. The rescinding of the FDIC de novo period, the designation of de novo subject matter experts in the regional offices, and the issuance of supplemental guidance along with the FDIC’s “A Handbook for Organizer of De Novo Institutions” indicate a growing commitment by regulators to facilitate the process of establishing new community banks.

To ensure a smooth regulatory process and avoid significant cost outlays, groups should schedule and attend meetings with various regulatory agencies before pre-filing meetings to discuss the timeline and the likelihood of acceptance of an application. Federal and state regulators act in a timely manner, provide constructive feedback and can be easy to work with throughout the de novo process. Strong working relationship with the federal and state regulators, along with the collaboration between all parties highlight the importance of building the right team at the start.

The minimum opening capital requirement has been established at around $22 million. The caveat is that the capital must be in line with the risk profile of proposed bank, though more often than not $20 million or more of seed capital is almost always needed. Why is $22 million or more the magic number?

  • Start-up costs and initial operating losses of $1.5 to $3 million;
  • Profitability being achieved at between $175 to $225 million in assets;
  • Required Tier One Leverage ratio above 8 percent or more throughout the de novo period;
  • Creates an adequate loan-to-borrower limit.

Once the formation bank reaches the minimum capital requirement and gains approval it can open the doors. Once open, the bank can continue raising capital until a higher or maximum level is reached. Additionally, the ability to use 401k accounts for investors is a necessity.

De novo formations bring value to their communities, their markets, shareholders, and the banking industry by filling a void created by the consolidation. With the loss of many key banks, organizers and local businesses feel that larger banks are not providing the level of service and credit desired by small- to medium-sized business owners.

Since the Great Recession, select areas of the country have rebounded more strongly than others. Texas, the Dakotas, Florida, the Carolinas, Washington, D.C., Utah and Washington state are among leaders in job creation and population growth. Given the growth, along with the opportunities to serve growing ethnic and minority populations, many geographies across the country offer attractive opportunities for de novo banking.

Returns for de novo investors can be attractive. There is a risk associated with the initial start-up expenses and a resulting decline in tangible book value. A de novo raises initial capital at tangible book value. While building a franchise, reaching profitability and creating a successful bank allows for multiple expansions and strategic options which can provide attractive returns for initial investors.

Creating a well-connected and qualified board, management team and investor group is proven to be the best recipe for success. Having these individuals and businesses as deposit and lending customers increase, the community’s confidence in the bank facilitates the business generation, along with the marketing and word of mouth publicity.

The proper de novo team is comprised of the founder team, a strategic consultant with regulatory expertise and legal counsel. Business plans now routinely surpass 250 pages and legal requirements continue to expand. When choosing these partners, it is important they have experience in submitting de novo applications in recent years as nuances continue to evolve. Further, ensure all the fees paid are “success based,” so applicable expenses are aligned to the accomplishment of specific milestones.

Regulatory changes, market opportunities and industry consolidations have created an environment in which a de novo bank can form and flourish. With the right founding group and partners, now is the time to explore being part of the next wave of de novo banking.

Risk Versus Return in M&A Transactions

transactions-2-20-17.pngMergers and acquisition (M&A) transactions need to be looked at from a risk versus return perspective. Participants in deals, both the buyer and seller, should understand the value proposition of the transaction and determine whether it is better to continue to grow and thrive organically or execute on a deal. Understanding value drivers and how to optimize value is the key to prospering in the future.

1. Know your value and what drives it.
There are both value creators and value detractors that exist for every company. It might be weak internal controls, a consent order or a multimillion-dollar, unfunded pension that weakens your deal prospects. On the other hand, you may have strong core deposits, strong profitability metrics or an experienced and actively engaged management team with deep client relationships that drive growth and value.

Value detractors specific to each company can be corrected over time. As the risk profile of the company improves, it is shown that valuation multiples will also improve. A company that has many value detractors can improve its risk profile over time. By improving its risk profile, the company increases the market’s perception of the value of the company, leading to higher valuation multiples. As your institution’s comparative value to the market changes over time, you must conduct periodic valuations to understand what the company’s current value is and what is driving it.

2. Understand your bank’s strategic paths, value and the execution risks of each path.
Once a company has a better understanding of its current value, it must understand the different decision tree paths available. Each of these paths will have a resultant present value of the company based upon executing on each path into the future. The risks and return associated with each path needs to be assessed. Below is an example of a strategic decision tree with five different paths. Each of these future strategic paths is modeled to determine the resultant present value resulting from each scenario path.


Not only is a present value calculated for each path, but the key risks and value drivers for each path need to be determined as well. For instance, if the company remains independent (path A), a key risk is that it may not be able to attract and retain key talent necessary for the company to thrive in the future.

In addition to the execution risks associated with each path, the financial value of the company under each scenario is also based upon a set of assumptions. Those assumptions must be reviewed carefully and the management team and the board of directors must critically review and sign off on those assumptions. More specific to M&A transactions, here are some of the major factors that impact an M&A deal:

  • Price: A stronger buyer currency shortens the work-back period of tangible book value dilution in a stock transaction.
  • Form of Consideration: Cash may decrease the work-back period of dilution in a transaction relative to utilizing stock consideration, due to higher earnings per share accretion, but utilizing cash will reduce the amount of capital at the combined entity.
  • Cost Savings: Acquisition of smaller banks and in-market deals will generally have higher savings (30-50 percent), while market or business line expansions generally have somewhat lower savings (25-35 percent).
  • Synergies: Deals can provide many synergies such as higher legal lending limit, greater franchise, new combined customer base, new sources of fee income, complementary loan and deposit products, or additional management bench depth for the combined entity.
  • Transaction Expenses: These are nonrecurring expense items and therefore should not be included in the pro forma combined income statement going forward but will impact tangible book value per share (TBVS) dilution and work-back period. Transaction expenses should generally be 7-12 percent for community bank deals and levels outside the range should be reviewed.
  • Mark-to-Market Assumptions: The target gets marked-to-market in a deal and these marks will initially impact TBVS upward or downward. The marks will be amortized/accreted through earnings over time. The marks generally have a bigger initial impact on TBVS and the earnings impact will be taken over a longer time period.

3. Recognize that a good deal on paper does not translate to a successful resultant entity.
Even with an extensive review of the assumptions, modeling and financial aspects of a transaction, a good deal on paper does not necessarily translate into a successful entity. Merger integration will make or break an institution’s ability to realize value in a transaction. Practical issues including vendor selection, branding and employee retention impact restructuring expenses. Social issues, such as corporate culture and leadership structure, define the bank moving forward.

Remember that there is an inherent risk versus return tradeoff in every M&A transaction. Understanding your institution’s risk profile, corporate culture, and all possible strategic paths will mitigate risk and maximize return.

Why Banks Need to Control the M&A Process

manda-process-8-15-16.pngAll transactions are not created equal. At the end of the day, the party that has the better understanding of the transaction and has actively controlled the process from the start wins and unlocks maximum value. The bank that is better equipped to enter negotiations with all of the information will likely get the better end of the deal. From a practical standpoint, this means that the bank’s management and third-party advisor(s) have driven the process and timeline, and have clearly articulated expectations. It is imperative to have a single, centralized point of contact to control information, communications and negotiations. For most banks a third-party investment banker is the primary contact, allowing key executives to focus on running the bank. In these instances, it is incumbent upon the CEO to control the M&A process through logistics, modeling assumptions and strategy.

This begins with M&A process documentation. A CEO should work early on with the investment banker to identify key dates and contacts. For a seller, this will also include potential buyers to contact, confidential information memorandum recipients, dates on which access to data room and due diligence materials were granted, as well as comprehensive notes on when and why institutions exited the bidding process. The board of directors should participate periodically in status updates to ensure that it has fulfilled its fiduciary responsibilities through regular involvement in the process. The importance of documenting meetings and formal discussions, both internally and with the counterparty, cannot be overemphasized.

From a modeling perspective, every assumption in a pro forma model should have a corresponding status column. FinPro Capital Advisors (FCA) utilizes three levels of assumptions: information based on public filings for preliminary analysis, assumptions from due diligence and assumptions that have been formally signed off on by management. Below are ways you can control the process and assess the merits of a transaction to proceed with confidence to closing.

Retain a financial advisor that you can trust and have the discipline to walk away from a deal. FCA actively advises its clients to pass on deals that do not make sense, from either a financial or strategic perspective. Even a highly accretive deal can create social issues or be detrimental to the bank or its stockholders in the long run. Examples may include franchise dilution, conflicting corporate cultures, lack of a surviving brand or poor market reception.

Identify M&A parameters based on your strategic objectives. FCA makes the following recommendations:

  • Tangible book value per share (TBVS) dilution less than 10 percent, and preferably 7 percent or less.
  • TBVS work back period of five years or less. Three years or less is recommended.
  • Immediately accretive to core earnings, excluding one-time charges.
  • Internal rate of return equal to or greater than 10 percent.

Understand your bank’s risk profile. Opportunities must be assessed on a transaction-by-transaction basis, and there can be instances when a transformative deal can make sense with the rationale clearly explained to investors and the market. That said, here are some guidelines that potential acquirers should keep in mind:

  • Acquirer must be able to demonstrate an in-depth understanding of its risk profile.
  • Pro forma combined entity should be no less than a CAMELS 2 rated institution.
  • Tier 1 leverage ratio must be greater than 8 percent.
  • Coverage ratio (defined as total classified loans as a percentage of Tier 1 capital plus the allowance for loan and lease losses) of less than 40 percent.
  • Proactive and strong relationship with the regulators.

These guidelines are not a one-size-fits-all proposition. Some banks have a higher tolerance for TBVS dilution while others have strict parameters on the work back period (TBVS dilution divided by earnings accretion created by the deal, or the time it takes to “earn back” TBVS dilution) or minimum hurdles for earnings accretion. Banks with a clear idea of cutoff points for pricing, TBVS dilution and EPS accretion are generally better prepared to control the process and negotiate a transaction that adheres to their strategic principles.

Know your value. An accurate value assessment for both the buyer and the target is critical for any analysis. Require your advisor to incorporate trading valuation analyses in any pro forma analysis with a stock consideration component to determine a reasonable value for buyer currency. Require a comparable acquisition analysis to determine a valuation range for the target. These two analyses are standard in all FCA pro forma analyses and a critical discussion point with CEOs. It is also vital for targets to know their independent stand-alone value to help determine whether a sale at this time is a stronger strategic option than remaining independent. This can help evaluate whether the consideration price offered is likely fair, from a financial standpoint, to stockholders.

Understand what is going into your transaction adjustments. The transaction adjustments column is often the black box of pro forma analysis. An array of assumptions, including interest rate and credit marks, purchase price allocation, cost savings and transaction expenses are usually shown aggregated into a single column and it can be extremely difficult to identify the exact adjustments. FCA includes a detailed breakout of every single adjustment so that CEOs can track and understand the assumptions driving the deal. Management should critically review and sign off on all assumptions.

Request that your advisor incorporate custom sensitivity analyses with all pro formas. FCA incorporates single and multi-variable sensitivity analyses with all pro formas to show the impact of changes to buyer currency, consideration price and mix, and cost savings to stress test the impact of changing variables across a range of values.

By following these steps and proactively controlling the M&A process you can unlock maximum value in your transaction.

How Financial Institutions Can Meet the Marketplace Lending Challenge


What makes a bank a bank? When it comes to the commercial lending space, in a world of seemingly commoditized products and services, the true differentiation is defined by how a bank decides who they will lend to and who they won’t. It’s each individual bank’s unique credit policy that, however subtly, makes one bank different from another. All banks use many of the same metrics and scoring data to determine credit quality, and there is generally no secret sauce that one bank has and the rest don’t. Instead, it is often the nuances within those metrics and the interpretation and prioritization of the data that makes one bank different from another—and potentially, enables a business owner to get capital from one bank and not from the other.

Banks have spent a long time fine tuning their credit policies to match their risk appetite and even the history and culture of the bank. Their risk profile is integral to who they are. It is integrated into their brand, their mission statements and their core values. The bank’s credit policy is exclusive to that bank and helps define it as a lender.

Enter the fintech revolution, which has spawned a long list of marketplace lenders that have disrupted the business lending universe by essentially disregarding credit policies that took banks and credit unions decades to develop. Marketplace lenders like Lending Club, OnDeck and Kabbage are telling the business borrowing universe that they have a better solution than financial institutions when it comes to measuring a borrower’s credit worthiness.

Banks and credit unions are being driven to offer an online business lending solution by the need to improve the customer experience, increase customer acquisition and raise their profitability, while at the same time decreasing costs, streamlining workflow and reducing end-to-end time. As marketplace lenders aggressively court the business borrower, financial institutions need to do something in the online space just to remain competitive!

To replicate the technology that the disruptors have created would cost banks millions of dollars and years of development time and energy. The great news is, with innovation and evolution there is always the exploitation of every niche and iteration of a solution or model resulting in alternative means to attain the same outcomes.

There is a technological revolution within the fintech phenomenon that is being created by businesses that have the vision and mission to work with banks—not against them. Companies are hitting the marketplace with technology-only solutions that help banks help their business customers succeed. These “disruptors of the disruptors” are essentially selling financial institutions the technology needed to deliver loans easier, faster and more profitably, without forcing them to give up their credit policies, risk profile, relationships or control over the customer experience.

Banks and credit unions need to find these partners, and find them quickly, because they represent a way for those institutions to accelerate their entry into the online business lending space. Choose a partner that best meets your needs. Are you looking for an online application only, or an application and decisioning technology? Or, are you looking for an end-to-end solution that provides an omni-channel experience from application, through underwriting, docs and due diligence and even closing and funding? The type of partner you select depends on what’s driving your financial institution, whether that be increasing profitability, new customer acquisition, streamlining workflow, reducing end to end time or simply creating an enhanced customer experience for the businesses you serve. Explore all your options!

New Anti-Money Laundering Rules Will Impact Banks

anti-money-laundering-6-8-16.pngFueled by the leak of the Panama Papers, the Financial Crimes Enforcement Network (FinCEN) has published a final regulation requiring banks to identify beneficial owners of their legal entity customers. Heralding the new regulation as a critical step in its effort to prevent criminals from using companies to hide their identity and launder criminal proceeds, the Treasury Department, buttressed by new Justice Department initiatives, is amplifying the momentum building within the anti-money laundering (AML) enforcement community to achieve unprecedented transparency across the corporate spectrum.

What the Regulation Does
In writing the regulation, FinCEN has built upon the customer due diligence mandated by existing Customer Identification Program (CIP) regulations, adding a provision requiring banks to identify and verify natural persons who are beneficial owners of legal entity customers together with one individual who has significant management responsibility. To give adequate time for retooling of CIP programs, compliance with the final regulation becomes mandatory by May 11, 2018. Once in force, it will apply to all new accounts, but will only apply to existing accounts when the bank detects information relevant to reevaluating a customer’s risk profile.

FinCEN defines “legal entity customer” to mean a corporation, LLC, or other entity created by filing a public document with the secretary of state or similar office. General partnerships and other entities formed under foreign laws are also covered, but most trusts are excluded.

The regulation permits, but does not require, the use of an official Certification Form. Information must be provided to the best knowledge of the person opening an account. A bank may rely on the information supplied by its legal entity customer so long as it knows no facts causing it to question its reliability.

Beneficial ownership is measured by an “ownership prong” requiring identification of individuals owning 25 percent equity in the legal entity customer and a “control prong” requiring identification of a single individual having significant management responsibility. FinCEN makes clear that only the identity—not the status—of beneficial owners must be verified, and verification procedures should address elements in a bank’s CIP. Updating of beneficial ownership information would be triggered only if normal monitoring detects heightened risk in the profile or activities of a legal entity customer.

Even More Regulations May Be Coming Down the Pike
Treasury also proposes to issue regulations targeting U.S.-based, foreign-owned, single-member limited liability companies, to require taxpayer identification numbers and eliminate exemption from U.S. reporting requirements.

Treasury also has asked Congress to pass legislation requiring a company to disclose owner names at the time it is formed. If enacted, the legislation would enable the capture of critical information when a company commences business and would give U.S. enforcement authorities access to a central registry of beneficial ownership data. Treasury officials have not indicated whether the registry would be made available to banks. Treasury is also recommending legislation requiring U.S. banks to provide foreign jurisdictions with the same information that foreign banks must provide to the IRS.

Aligning itself with Treasury, the Justice Department also is proposing legislation to combat illegal proceeds of transnational corruption. If enacted, the legislation would allow prosecutors to pursue cases directly against corrupt foreign regimes, authorize administrative subpoenas and expand substantive corruption offenses.

How to Prepare
Even though mandatory compliance with the beneficial ownership regulation is two years away, the board should have compliance personnel begin the process of amending their bank’s CIP to satisfy the requirements of the new regulation, paying particular attention to the account opening process.

With regard to account opening, banks should:

  • Determine whether and to what extent the CIP already captures beneficial ownership information.
  • Develop beneficial owner identity verification procedures for legal entity customers that meet the new regulatory definition, and determine to what extent existing CIP verification procedures should be incorporated.

With regard to account maintenance, banks should:

  • Establish criteria and “red flags” that will trigger beneficial ownership reviews and updates of legal entity customers.
  • Identify legal entity customers that meet the new regulatory definition so that the institution will be able to act when triggering events occur.
  • Consider the need, despite no regulatory requirement, for conducting standardized periodic updates of beneficial ownership information.

With two powerful agencies combining to tighten risk-based controls on money laundering and foreign corruption, it is clear that banks will need to devote increased resources to AML compliance. Board members must remain mindful that the functional regulators will continue to require the global enterprise to maintain safety and soundness by appropriately managing risk and minimizing susceptibility to illegal financial activity.


Private Banks Can Get Deals Done

The vast majority of the banking industry is composed of privately owned stock banks. Of the 794 non-FDIC assisted bank M&A deals that were announced in 2013 through 2015, almost two-thirds involved a non-exchange traded buyer. Non-publicly traded banks are clearly getting deals done. There are several key facets that FinPro Capital Advisors (FCA) works on with its non-exchange traded bank clients in order to get an M&A transaction done.

1. Know Your Value
Value for a bank is driven by earnings per share (EPS) and tangible book value per share (TBVS). A bank’s stock price is equal to TBVS multiplied by a TBVS market multiple and EPS multiplied by an EPS market multiple. Those market multiples are the market’s perception of the risk profile of the bank, and a bank can influence that market multiple by changing its risk profile and communicating the appropriate risk profile to the public. As seen below in the table, a lower risk profile bank will likely have a higher TBVS market multiple, resulting in a much higher value.

Tangible Book Value Per Share – Range of Market Multiples 2016Q1
    High Risk Average Risk Low Risk
A Tangible Common Equity $150,000 $150,000 $150,000
B Common Shares Outstanding $5,000 $5,000 $5,000
C=A/B Tangible Book Value Per Share $30.00 $30.00 $30.00
D Price/TBVS Multiple 80.00% 100.00% 120.00%
C x D Stock Price $24.00 $30.00 $36.00

Value is measured primarily by stock price, which means that for both potential nonpublic buyers and sellers it is critical to conduct a quarterly valuation. A private bank can actually have more control over its valuation and the communication around the bank’s value proposition. A private bank controls its message, whereas a publicly traded bank’s message is heavily influenced by the market. FCA believes banks must continue to fix their risk profile, enhance value creators and reduce value detractors in order to increase inherent value. Then, this inherent value must be conveyed to the potential partner involved in the transaction.

2. Know Your Opportunities
In order to reflect all strategic options available, FCA periodically analyzes for each of its clients a full range of buy-side and sell-side options to reflect the full universe of options available to the institution. The detailed process includes:

  1. Comprehensive screening based on strategy
  2. Prioritizing the initial screen to approximately 10 potential targets (or buyers/strategic partners)
  3. Modeling to ensure appropriate assumptions with pro forma financials
  4. Rankings reflecting long-term strategy and multiple pro forma analyses

Once this preliminary list is established, further refinement and prioritization of both buyers and targets can be conducted based on M&A parameters, strategic rationale, and market knowledge as established by your institution’s board of directors. Once you have a prioritized list of strategic partners, be active in staying in contact with those institutions. You can never be sure when another institution on your list will seek a strategic partner.

3. Model Transactions Based On Quantitative and Qualitative Factors
After a short-list is established, comprehensive pro forma financials can be modeled. A buy-side institution needs defined parameters before modeling to maintain discipline. Exceptions to parameters require a strong qualitative rationale behind the deal. Whether you are a buyer or target, a more sophisticated understanding of modeling assumptions directly relates to unlocking greater value in the transaction and recognizing synergies. Regardless of whether you are a buyer or a seller, remember that banking is a people business so make sure to lock up key people as part of the transaction.


4. Understand Key Issues for Consideration
Though a deal must work financially, it is not just about the numbers. FCA spends a great deal of time working with its clients on nonfinancial aspects of the deal:

  • Choosing the correct legal, corporate and operating structure
  • Maintaining or reducing the risk profile of the combined entity
  • Understanding the regulatory view of the transaction
  • Understanding synergies (not just financial synergies) for the combined entity
  • Establishing the branding and marketing of the combined entity
  • Recruiting and retaining key talent is vital to any transaction
  • Establishing the corporate culture going forward
  • Effectively integrating the target to ensure future value

Just because an institution doesn’t trade on a national exchange, doesn’t mean it can’t be involved in M&A. Know your value, know your opportunities and understand the process. Whether you engage in a transaction or not, the organizations which move the quickest to capitalize on these opportunities are the ones which follow these four steps on a regular basis. Just make sure to choose your strategic M&A partner based upon the long term value of the combined entity.

Are You at Risk for a Trading Fraud?

stock-fraud-9-11-15.pngYou’ve probably read recently about trading-related frauds where individuals manipulated markets for their own gain. Several of these frauds were highly organized affairs, with traders using alternate channels to communicate with one another in order to manipulate individual trades and market conditions. The most recently settled foreign exchange action came to light once a reporter from a national business publication published the details of the collusion.

Most of the entities involved are relatively large organizations, with sophisticated governance and internal control programs. One has to ask, how could this occur, especially in this world where virtually anything done on a system can be tracked, stored, and retrieved? With hindsight, we can look at these frauds and glean some lessons by walking through the internal audit process at a high level. What can directors do to help make sure something like this does not happen at their organizations?

Risk Assessment
Are trading operations and similar functions scored high enough in the periodic risk assessment? By similar functions we mean any job function such as procurement or sales that has the following characteristics:

  • has a high level of discretion and is regularly in the market
  • has the de facto checkbook of the company
  • is under significant pressure to make revenue or save expenses
  • requires a specialized skill set to execute the role.

The lesson here is that these market roles, in many cases, have a risk profile higher than anticipated.

Audit Planning and Execution
Do you expect internal audit to master every function within your organization? Obviously, internal audit functions best when the auditors have knowledge of the business and the controls around that business. However, is it realistic to expect that internal audit can cover every risk with internal resources? Some prudent borrowing or “renting” of resources with specialized skill sets might be needed to adequately cover some types of risk.

Ongoing Monitoring
Virtually every organization in the U.S. with its own systems has some sort of user computing policy that describes the acceptable use of technology. Also prevalent is the use of monitoring tools to continuously track how employees are using systems. For some time now, organizations have been keenly aware of the damage that can be caused by employees going to inappropriate websites. Yet traders executed one of the well publicized trading frauds during normal business hours, using “back channel” means such as chat rooms provided through third parties. Certainly, the technology to monitor usage has existed for some time, however the connection between the usage and the risk was just not recognized.

Certainly, collusion is inherently difficult to detect or prevent. However, recent frauds highlight the fact that those with an organization’s checkbook can present a risk much greater than previously thought, and detecting or preventing similar frauds will require diligence throughout the risk management cycle.