2023 Risk Survey: Complete Results

Written by

Bank Director’s 2023 Risk Survey, sponsored by Moss Adams LLP, finds interest rates and liquidity risk dominating bank leaders’ minds in 2023.

The survey, which explores several key risk areas, was conducted in January, before a run on deposits imperiled several institutions, including $209 billion SVB Financial Corp., which regulators closed in March. Bank executives and board members were feeling pressure on deposit costs well before that turmoil, as the Federal Open Market Committee raised the federal funds rate through 2022 and into 2023.

Over the past year, respondent concerns about interest rate risk (91%), credit risk (77%) and liquidity (71%) all increased markedly. Executives and directors also identify cybersecurity and compliance as areas where their concerns have increased, but managing the balance sheet has become, by and large, their first priority.

Bank leaders name deposit pricing as the top strategic challenge their organization faces in 2023, and a majority say their bank has experienced some deposit loss, with minimal to significant impacts on their funding base. Most respondents say their No. 1 liquidity management strategy would be to raise the rates they pay on deposits, followed by increasing their borrowings from a Federal Home Loan Bank.

While SVB operated a unique business model that featured a high level of uninsured deposits and a pronounced concentration in the tech industry, many banks are facing tension as deposits reprice faster than the loans on their books.

Net interest margins improved for a majority of bank leaders taking part in the survey, but respondents are mixed about whether their bank’s NIM will expand or contract over 2023.

Click here to view the complete results.

Key Findings

Deposit Pressures
Asked about what steps they might take to manage liquidity, 73% of executives and directors say they would raise interest rates offered on deposits, and 62% say they would borrow funds from a Federal Home Loan Bank. Less favored options include raising brokered deposits (30%), the use of participation loans (28%), tightening credit standards (22%) and using incentives to entice depositors (20%). Respondents say they would be comfortable maintaining a median loan-to-deposit ratio of 70% at the low end and 90% at the high end.

Strategic Challenges Vary
While the majority of respondents identify deposit pricing and/or talent retention as significant strategic challenges, 31% cite slowing credit demand, followed by liquidity management (29%), evolving regulatory and compliance requirements (28%) and CEO or senior management succession (20%).

Continued Vigilance on Cybersecurity
Eighty-seven percent of respondents say their bank has completed a cybersecurity assessment, with most banks using the tool offered by the Federal Financial Institutions Examination Council. Respondents cite detection technology, training for bank staff and internal communications as the most common areas where they have made changes after completing their assessment. Respondents report a median of $250,000 budgeted for cybersecurity-related expenses.

Stress On Fees
A little over a third (36%) of respondents say their bank has adjusted its fee structure in anticipation of regulatory pressure, while a minority (8%) did so in response to direct prodding by regulators. More than half of banks over $10 billion in assets say they adjusted their fee structure, either in response to direct regulatory pressure or anticipated regulatory pressure.

Climate Discussions Pick Up
The proportion of bank leaders who say their board discusses climate change at least annually increased over the past year to 21%, from 16% in 2022. Sixty-one percent of respondents say they do not focus on environmental, social and governance issues in a comprehensive manner, but the proportion of public banks that disclose their progress on ESG goals grew to 15%, from 10% last year.

Stress Testing Adjustments
Just over three-quarters of respondents say their bank conducts an annual stress test. In comments, offered before the Federal Reserve added a new component to its stress testing for the largest banks, many bank leaders described the ways that they’ve changed their approach to stress testing in anticipation of a downturn. One respondent described adding a liquidity stress test in response to increased deposit pricing and unrealized losses in the securities portfolio.

When Directors Should Talk to Investors

Written by

Company boards have long spoken to investors in indirect ways, through their votes and organizational performance. But as powers shift to large investors and governance norms have changed, investor groups have demanded more one-on-one conversations with bank directors.

Allowing directors to speak to investors comes with risk, and not just due to the potential for legal missteps. The director becomes a public representative of the bank and anything he or she says will be scrutinized, resulting in possible backfire.

“You can’t really say you’re not speaking for the company,” says Peter Weinstock, a partner at the global law firm Hunton Andrews Kurth. “You’re speaking for the company.”

But in an age where activist shareholders have an increased presence and institutional investors such as Blackrock and State Street Corp. have greater power, organizations find that some investors expect this one-to-one interface with directors. When done right, it can ease tension among the investor base, allowing management to maneuver more freely. When done wrong, however, it can result in proxy fights and changes to the board and management.

The topics that investors care about impact the moves that directors and boards make. Board discussions on compensation, for example, are becoming more important. Last year saw the lowest level of shareholder support for executive pay — only 87.4% of S&P 500 companies received shareholder approval in advisory voting during proxy season, according to PwC. That indicates a higher bar for boards to get shareholder buy-in for executive compensation.

Companies also must deal with an increasing amount of activist shareholder proposals. PwC reports there was a 17% increase in shareholder proposals last year. Out of 288 proposals related to environmental, social and governance (ESG) matters, a popular topic last year, 41 proposals passed.

One way to provide context for the company’s efforts on those matters: director conversations.
Institutional investors and shareholder analysis groups have turned their focus to three big concerns – audit, governance and compensation – all of which reside at the board level. With questions surrounding those specific concerns coming from many different groups, banks have turned to so-called “roadshows.” In those organized conversations, directors speak to shareholders or investor services groups about specific governance or audit topics. During those roadshows, board members stick to a prewritten script.

“The advent of the one-way listening session allayed director fear,” says Lex Suvanto, global CEO at the public relations firm Edelman Smithfield. “There isn’t much risk in what they shouldn’t say.”

Certain concerns may require more direct conversations with a specific investment group. When entering those conversations, it’s important to remember what information the shareholders want to glean. “Understand who you are speaking to and what they are all about,” says Tom Germinario, senior managing director at the financial communication firm D.F. King & Co. “Is it a governance department or a portfolio manager, because there’s a difference?”

Each investor will come to the conversation with different goals, investment criteria and questions they want addressed. It’s on the company to prepare the director for what types of questions each investor may need answered.

During those different calls, banks should ask to receive the questions ahead of time. Many investors will provide this, since they understand that the director cannot run afoul of fair disclosure rules, a set of parameters that prevent insider trading. But not all investors will provide those insights upfront.

To head off such concerns, the bank’s communications or investor relations team should run a rehearsal or prepare the director with possible questions, based on the reason for the meeting.

The investors will look for anything that might give them insight. Directors that veer off script could run afoul of what they can legally disclose. Plus, the tenor of the answers must match what the CEO has said publicly about the company. Without practice, the conversation can unwittingly turn awry.

“If a director is on the phone with an investor and something is asked that the company hasn’t disclosed, the director can table that part of the discussion,” says Weinstock. “The company can then make a Regulation Fair Disclosure filing before following up with the investor on a subsequent call. That’s an option if the company wants to release the information.”

It’s important to remember the practice will also protect you, since you will have a significant amount riding on the conversation as well. “Directors may reveal that they’re not in touch with important investor priorities,” says Suvanto. “Directors need to understand and be fully prepared to represent the values and behaviors [of the company].”

Suvanto adds that many directors would have been better not to speak at all than to go into a room with a large institutional investor, unprepared. In a public bank, such a misstep can lead to a proxy battle, which may result in the director (or many directors) being replaced by members the investors view as more favorable or knowledgeable.

The conversation also works differently, depending on the size of the bank and whether it’s a private or public institution. Institutional investors likely will focus on larger banks. Small banks may not account for an oversized spot in the institutional investor’s portfolios. Instead, for smaller companies, it’s often about getting the CEO and chief financial officer in front of investors to encourage investment. Often, this does not need a director’s voice.

For private banks, however, there are certain moments where directors may be asked to step in. If, say, an organization has questions about its auditing practices. Or what if a competitor bank has major governance violations? To address questions from investors concerning those issues, it may be advisable to have the committee head for the specific concern speak to investors about the bank’s practices.

But even a private bank cannot ignore concerns about releasing information that’s meant to stay within the board room. “It’s important to realize that information does not belong to a director,” says Weinstock. “It’s also important to realize that private companies could have insider trading violations.”

What else could go wrong? A director could overpromise when the company isn’t ready to address the issue. This can happen in the environmental, social and governance (ESG) space with regards to addressing social concerns, for example. If a director commits to social commitments that the company cannot yet adopt, it can pit the director against the board or management. Either the company will decide to adopt the promised measures, or the director will have misled the investor.

“A director should never get on the phone alone,” says Germinario. “You never want an investor to misconstrue a promise.”

Research Report: A Practical Guide to ESG

Written by

For years, investors and activists have worked to compel large, public companies to report their stance on environmental, social and governance issues — better known as ESG. And recently, additional pressure has come from bank regulators on one specific ESG risk: climate. Smaller banks, meanwhile, see the writing on the wall and are taking steps to beef up their ESG programs.

As regulated entities, banks are no strangers to many elements of ESG, which Bank Director explores in the newly launched research report Choose Your Path: A Practical Guide to ESG, which is sponsored by Crowe LLP. Board structure and composition, cybersecurity and data privacy, risk management and regulatory compliance are all areas that fall under the governance umbrella. Social elements, which include financial access, diversity and community involvement, also incorporate into day-to-day operations as financial institutions comply with fair lending rules and other regulations. But it’s the ‘E’ for environmental — specifically, measuring greenhouse gas emissions — that frustrates some bankers who would rather focus on serving their communities than spending time and resources on that complex assessment.

In this report, Bank Director provides intelligence for bank boards and leadership teams seeking to better understand the current regulatory and investor landscape, and uncover what’s relevant for their own organizations. Inside, you’ll find:

  • A quick overview of how ESG has become a language of sorts to describe a company’s activities to investors and other stakeholders
  • Where Washington stands on ESG
  • How investors have focused their attention
  • How banks leverage ESG to uncover new opportunities, including how three community banks have identified core areas that are relevant to their own operations
  • Key material matters for banks to prioritize
  • What role boards could play in ESG oversight, and questions directors might ask

“[A]s disclosures grow, [investors] have more information to make comparable decisions, and that will just continue to grow because of the regulatory environment,’’ says Chris McClure, a partner at Crowe who leads the firm’s ESG team.

On Dec. 2, 2022, the Federal Reserve issued a request for comment on proposed principles for institutions over $100 billion in assets. These principles focus on climate-related financial risks: everything from ​​governance and policies and procedures to strategic planning and risk management. It’s in line with similar guidance issued by the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp.

At least one Fed Governor doesn’t believe the guidance is necessary: “Climate change is real, but I disagree with the premise that it poses a serious risk to the safety and soundness of large banks and the financial stability of the United States,” stated Christopher Waller. “The Federal Reserve conducts regular stress tests on large banks that impose extremely severe macroeconomic shocks and they show that the banks are resilient.”

In 2023, the Securities and Exchange Commission is expected to finalize its rule around climate disclosure, adding another element of compliance for all publicly traded companies — not just the biggest banks. While some exemptions are anticipated for smaller companies, the rule would expect companies to share how climate-related risks are managed and governed, along with the material impacts of these risks on operations and strategy. Companies could be required to measure greenhouse gas emissions — including emissions by vendors and clients — and share their goals for transitioning to a greener economy.

At the same time, governments in conservative states are working to oppose these rules, going after banks and asset managers that they believe discriminate against the oil and gas or gun sectors. It’s a tricky environment to navigate. Increasingly, some disclosure will be mandated, at least for publicly traded institutions. But bank leaders will still determine their own strategies for the road ahead — and banks that are successful will find the path that’s right for their organization.

To access the report, click here.

If you have feedback on the contents of this report, please contact Bank Director’s vice president of research, Emily McCormick, at [email protected].

What Crypto’s Falling Dominoes Could Mean for Banks

Written by

On Nov. 11, the cryptocurrency exchange FTX declared bankruptcy. It’s a saga that’s played out through November, but here’s the bare bones of it: After a Nov. 2 CoinDesk article raised questions about FTX and a sister research firm, a rival exchange, Binance, announced on Nov. 6 its sale of $529 million of FTX’s cryptocurrency. In a panic, customers then sought to withdraw $6 billion and by Nov. 10, FTX CEO Sam Bankman-Fried was trying to raise $8 billion to keep the exchange alive.

This isn’t just a modern version of the old-fashioned bank run. FTX’s new CEO, John J. Ray III — who led the restructuring of Enron Corp. in 2001 — stated in a filing that he’s never seen such a “complete failure of corporate controls” in his 40 years of experience. “From compromised systems integrity and faulty regulatory oversight abroad, to the concentration of control in the hands of a very small group of inexperienced, unsophisticated and potentially compromised individuals, this situation is unprecedented,” he said.

The fallout promises serious ramifications for the digital assets space — and may impact some banks. BlockFi, another cryptocurrency exchange that was bailed out by FTX last summer, filed for bankruptcy protection on Nov. 28. Those two bankruptcies have impacted Memphis, Tennessee-based, $1.3 billion Evolve Bank & Trust, which operates a banking as a service platform for fintechs including FTX.

The bank stated its exposure to FTX was in deposit accounts for a limited number of FTX customers, whose funds would be released once Evolve gets approval from the bankruptcy court handling the FTX case. Evolve also issued credit cards for BlockFi customers through a relationship with Deserve; those accounts were suspended. “Evolve has no financial exposure to BlockFi or to the credit card program they marketed,’’ Evolve said in a statement Thursday.

“To be clear, Evolve did not lend to FTX or their affiliates; we do not have corporate or deposit accounts with FTX or their affiliates; we do not lend against crypto; we do not offer crypto custodial services; and, we do not trade crypto,” Evolve said in an earlier statement to customers. Evolve also said the bank has never invested or transacted in crypto.

A larger bank also appears to be impacted. La Jolla, California-based Silvergate Capital Corp., with $15.5 billion in assets, said in a statement that its FTX exposure was less than 10% of its $11.9 billion in digital assets deposits; it later said that BlockFi deposits comprised less than $20 million. However, funds from digital assets clients make up 86% of Silvergate’s deposit base, according to its most recent earnings presentation. The rest are brokered, explains Michael Perito, a managing director at Keefe, Bruyette & Woods. And now, he says, “their targeted core customer base is under a lot of stress.” As a result, Kroll Bond Ratings Agency placed Silvergate’s ratings on watch downgrade on Nov. 21.

“As the digital asset industry continues to transform, I want to reiterate that Silvergate’s platform was purpose-built to manage stress and volatility,” said Alan Lane, CEO of Silvergate, in a press release. The bank declined comment for this article.

FTX may be the worst but it’s not the only crypto-related incident this year; it’s not even the first bankruptcy. The volatility has resulted in what has been dubbed a crypto winter, marked by a steep decline in prices for digital assets. The price for bitcoin peaked on Nov. 8, 2021, at $67,567. As of Nov. 29, 2022, that value hovered just above $16,000, with a market cap of $316 billion.

Even if banks don’t hold cryptocurrency on their balance sheets, there are many ways that a chartered institution could be directly or indirectly connected. Erin Fonté, who co-chairs the financial institutions corporate and regulatory practice at Hunton Andrews Kurth, advises all banks to understand their potential exposure.

She also believes that crypto could be at an inflection point. “Some of the non-sexy elements of financial services are the ones that keep you safe and stable and able to operate,” says Fonté. “It’s the compliance function, it’s the legal function, it’s proper accounting and auditing, internal and external. It’s all those things that banks do day in and day out.”

That could result in more regulation around crypto, and more opportunities for banks. “A lot of people are getting hurt, and have gotten hurt this year,” says Lee Wetherington, senior director of corporate strategy at Jack Henry & Associates. “That gets legislative attention and that certainly gets regulatory attention.”

What Could Change
Legislation could target crypto exchanges directly, but legislators are also looking at the banking sector. In a Nov. 21 letter, the Senate Banking Committee urged bank regulators to continue monitoring banks engaged in digital assets. They specifically called out SoFi Technologies, which acquired a chartered bank in February 2022 and subsequently launched a no-fee cryptocurrency purchase option tied to direct deposits. “SoFi’s digital asset activities pose significant risks to both individual investors and safety and soundness,” wrote the legislators. “As we saw with the crypto meltdown this summer … contagion in the banking system was limited because of regulatory guardrails.”

In a statement on SoFi’s Twitter account, the company maintained that it has been “fully compliant” with banking laws. “Cryptocurrency remains a non-material component of our business,” SoFi continued. “We have no direct exposure to FTX, FTT token, Alameda Research, or [the digital asset brokerage] Genesis.”

Currently, the Federal Reserve and Federal Deposit Insurance Corp. require notification from banks engaged in crypto-related activities; the Office of the Comptroller of the Currency takes that a step further, requiring banks to receive a notice of non-objection from the agency. More regulation is likely, says Fonté, and could include investor and consumer protections along with clarity from the Securities and Exchange Commission and Commodity Futures Trading Commission. “There’s a lot that’s going to come out there that is going to reshape the market in general, and that may further define or even open up additional avenues for banks to be involved if they want to be,” she adds.

Opportunities in crypto and a related technology called blockchain could include retail investment products, international payments capabilities or trade settlement, or payments solutions for corporate clients that leverage blockchain technology — such as those offered by Signature Bank, Customers Bancorp and Silvergate.

The risks — and opportunities — will vary by use case. “We’re being presented with entirely new risks that haven’t existed in the past,” says John Epperson, a principal at Crowe LLP.

Banks could be seen as a source of safety and trust for investors who remain interested in cryptocurrency. Larry Pruss, managing director of digital assets advisory services at Strategic Resource Management, believes banks could win back business from the crypto exchanges. “You don’t have to compete on functionality. You don’t have to compete on bells and whistles. [You] can compete on trust.”

James Wester, director, cryptocurrency at Javelin Strategy & Research, believes that with the right technology partners, banks can approach cryptocurrency from a position of strength. “We understand this stuff better,” he explains. “We understand how to present a financial product to our consumers in a safer, better, more transparent way.”

Wetherington recommends that banks consider cryptocurrency as part of a broader wealth offering. He’s visited bank boardrooms that have looked at how PayPal Holdings and other payments providers offer users a way to buy, sell or hold digital assets, and whether they should mimic that. And they’ve ultimately chosen not to mirror these services due to the reputational risk. “You can’t offer buy, hold and sell of a single asset class that is materially riskier than any number of more traditional asset classes,” he says. “If you’re going to offer the ability to buy, hold and sell a cryptographic monetary asset, you should also be making available the opportunity to buy, hold and sell any other type of asset.”

But all banks could consider how to educate their customers, many of whom are likely trading cryptocurrencies even if it’s not happening in the bank. “Help those customers with things like tax implications … or understanding how crypto may or may not fit into things that their retail customers are interested in. That’s one of the things that financial institutions could do right now that would be good for their customers,” says Wester. “There’s a real need for education on the part of consumers about [this] financial services product.”

Are Bank Directors Worried Enough About Fair Lending?

Written by

Bank directors and executives, be warned: Federal regulators are focusing their lasers on fair lending. 

If your bank has not modernized its fairness practices, the old ways of doing fair lending compliance may no longer keep you safe. Here are three factors that make this moment in time uniquely risky for lenders when it comes to fairness.

1. The Regulatory Spotlight is Shining on Fair Lending.
Fair lending adherence tops the agendas for federal regulators. The Department of Justice is in the midst of a litigation surge to combat redlining. Meanwhile, the Consumer Financial Protection Bureau has published extensively on unfair lending practices, including a revision of its exam procedures to intensify reviews of discriminatory practices.

Collections is one area of fair lending risk that warrants more attention from banks. Given the current economic uncertainty, collections activities at your institution could increase; expect the CFPB and other regulators to closely examine the fairness of your collections programs. The CFPB issued an advisory opinion in May reminding lenders that “the Equal Credit Opportunity Act continues to protect borrowers after they have applied for and received credit,” which includes collections. The CFPB’s new exam procedures also call out the risk of “collection practices that lead to differential treatment or disproportionately adverse impacts on a discriminatory basis.”

2. Rising Interest Rates Have Increased Fair Lending Risks.
After years of interest rate stability, the Federal Reserve Board has issued several rate increases over the last three months to tamp down inflation, with more likely to come.

Why should banks worry about this? Interest rates are negatively correlated with fair lending risks. FairPlay recently did an analysis of the Home Mortgage Disclosure Act database, which contains loan level data for every loan application in a given year going back to 1990. The database is massive: In 2021, HMDA logged over 23 million loan applications.

Our analysis found that fairness decreases markedly when interest rates rise. The charts below show Adverse Impact Ratios (AIRs) in different interest rate environments.

Under the AIR methodology, the loan approval rate of a specific protected status group is compared to that of a control group, typically white applicants. Any ratio below 0.80 is a cause for concern for banks. The charts above show that Black Americans have around an .80 AIR in a 3% interest rate environment, which plummets as interest rates increase. The downward slope of fairness for rising interest rates also holds true for American Indian or Alaska Natives. Bottom line: Interest rate increases can threaten fairness.

What does this result mean for your bank’s portfolio? Even if you conducted a fair lending risk analysis a few months ago, the interest rate rise has rendered your analysis out-of-date. Your bank may be presiding over a host of unfair decisions that you have yet to discover.

3. Penalties for Violations are Growing More Severe.
If your institution commits a fair lending violation, the consequences could be more severe than ever. It could derail a merger or acquisition and cause a serious reputational issue for your organization. Regulators may even hold bank leaders personally liable.

In a recent lecture, CFPB Director Rohit Chopra noted that senior leaders at financial institutions — including directors — can now be held personally accountable for egregious violations:

“Where individuals play a role in repeat offenses and order violations, it may be appropriate for regulatory agencies and law enforcers to charge these individuals and disqualify them. Dismissal of senior management and board directors, and lifetime occupational bans should also be more frequently deployed in enforcement actions involving large firms.”

He’s wasting no time in keeping this promise: the CFPB has since filed a lawsuit against a senior executive at credit bureau TransUnion, cementing this new form of enforcement.

How can banks manage the current era of fair lending and minimize their institutional and personal exposure? Start by recognizing that the surface area of fair lending risks has expanded. Executives need to evaluate more decisions for fairness, including marketing, fraud and loss mitigation decisions. Staff conducting largely manual reviews of underwriting and pricing won’t give company leadership the visibility it needs into fair lending risks. Instead, lenders should explore adopting technologies that evaluate and imbed fairness considerations at key parts of the customer journey and generate reporting that boards, executive teams, and regulators can understand and rely on. Commitments to initiatives like special purpose credit programs can also effectively demonstrate that your institution is committed to responsibly extending credit in communities where it is dearly needed.

No matter what actions you take, a winning strategy will be proactive, not reactive. The time to modernize is now, before the old systems fail your institution.

7 Key Actions for Banks Partnering With Fintechs

Written by

A longer version of this article can be read at RSM US LLP.

Many banks are considering acquiring or partnering with existing fintechs to gain access to cutting-edge technologies and remain competitive in the crowded financial services marketplace.

There are many advantages to working with fintech partners to launch newer services and operations, but failing to properly select and manage partners or new acquisitions can have the opposite effect: additional risks, unforeseen exposures and unnecessary costs. Partnership opportunities may be a focus for leadership teams, given the significant growth and investments in the fintech space over the last decade. Consumer adoption is up: 88% of U.S. consumers used a fintech in 2021, up from 58% in 2020, according to Plaid’s 2021 annual report; conventional banks’ market share continues to drop.

Planning is everything when partnering with or acquiring a fintech company. Here are seven key actions and areas of consideration for banks looking for such partnerships.

1. Understand your customers on a deeper level: The first step before considering a fintech partner or acquisition is to understand what your consumers truly want and how they want those services delivered. Companies can pinpoint these needs via surveys, customer focus groups, call centers or discussions and information-gathering with employees.

Organizations should also explore the needs of individuals and entities outside their existing customer bases. Gathering data that helps them learn about their customers’ needs, lifestyle preferences and behaviors can help banks pinpoint the right technology and delivery channel for their situation.

2. Understand leading-edge technological advancements: While fintech partnerships can give a traditional bank access to new cutting-edge technologies, leaders still need to understand these technologies and the solutions. This might involve helping teams gain fluency in topics such as artificial intelligence that can improve credit decisioning, underwriting processes and fraud detection, automation that speeds up service delivery responses and customer onboarding, data analysis and state-of-the-art customer relationship management tools and more.

3. Prepare for culture shock: Fintechs, particularly those in start-up mode, will be used to operating at a different pace and with a different style than typical banks. Fintechs may behave more entrepreneurially, trying many experiments and failing often and fast. This entrepreneurial mindset has implications for how projects are organized, managed, measured, staffed and led.

4. Take a 360-degree view of risk: Fintechs may not have been subject to the same strict compliance as banks, but as soon as they enter a partnership, they must adhere to the same standards, regulations and controls. Any technology-led, third-party partnership comes with the potential for additional risks in areas such as cybersecurity, data privacy, anti-money laundering and myriad other regulatory compliance risks. Banks need to have a solid understanding of the viability and soundness of the fintech they might partner with, as well as the strength and agility of the leadership team. They should also ensure the new relationship has adequate business continuity and disaster recovery plans.

From vendor selections and background checks to mutual security parameters and decisions around where servers will be located, all potential exposures are important for banks to assess. A new fintech relationship could open new avenues for outside threats, information breaches and reputation damage.

5. Don’t underestimate the management lift needed:Acquiring or partnering with a fintech or third-party vendor involves significant management work to meet customer needs, keep implementation costs in line and merge technologies to ensure compatibility between the two organizations.

Employees at each company will likely have different approaches to innovation, which is one of the major benefits of teaming up with a fintech company; your organization can rapidly gain access to cutting-edge technologies and the overall agility of a startup. But management needs to ensure that this union doesn’t inadvertently create heartburn among employees on both sides.

6. Build ownership through clear accountability and responsibility: A fintech partnership requires management and oversight to be effective. Banks should consider the ownership and internal staffing requirements needed to achieve the full value of their investment with a fintech organization.

Don’t underestimate the time and effort needed to develop and deploy these plans. Based on the automation levels of the solution implemented, these resources may need dedicated time on an ongoing basis for the oversight and operations of the solution as well.

7. Stick to a plan:While in a hurry to launch a service, leadership teams may gloss over the whole steps of the plan and critical items may fall off. To combat this, banks should have a robust project plan that aligns with the overall innovation strategy and clear definitions around who is responsible for what. A vendor management program can help with this, along with strategic change management planning.

Balancing the demands of innovation with a thorough and thoughtful approach that considers customer behaviors, risks, resources and plans for new solutions will make fintech partnerships go as smooth as possible. Institutions would do well to incorporate these seven key areas throughout the process of a potential third-party partnership to ensure the maximum return on investment.

Should You Invest in a Venture Fund?

Written by

Community banks needing to innovate are hoping they can gain an edge — and valuable exposure — by investing in venture capital funds focused on early-stage financial technology companies.

Investing directly or indirectly in fintechs is a new undertaking for many community banks that may lack the expertise or bandwidth to take this next step toward innovation. VC funds give small banks a way to learn about emerging technologies, connect with new potential partners and even capture some of the financial upside of the investment. But is this opportunity right for all banks?

The investments can jump start “a virtuous circle” of improvements and returns, Anton Schutz, president at Mendon Capital Advisors Corp., argues in the second quarter issue of Bank Director magazine. Schutz is one of the partners behind Mendon Ventures’ BankTech Fund, which has about 40 banks invested as limited partners, according to S&P Global Market Intelligence.

If there is a return, it might not appear solely as a line item on the bank’s balance sheet, in other words. A bank that implements the technology from a fintech following a fund introduction might become more effective or productive or secure over time. The impact of these funds on bank innovation could be less of a transformation and more of an evolution — if the investments play out as predicted.

But these bets still carry drawbacks and risks. Venture capital dollars have flocked to the fintech space, pushing up valuations. In 2021, $1 out of every $5 in venture capital investments went to the fintech space, making up 21% of all investments, according to CB Insight’s Global State of Venture report for 2021. Participating in a VC fund might distract management teams from their existing digital transformation plan, and the investments could fail to produce attractive returns — or even record a loss.

Bank Director has created the following discussion guide for boards at institutions that are exploring whether to invest in venture capital funds. This list of questions is by no means exhaustive; directors and executives should engage with external resources for specific concerns and strategies that are appropriate for their bank.

1. How does venture capital investing fit into our innovation strategy?
How do we approach innovation and fintech partnerships in general? How would a fund help us innovate? Do we expect the fund to direct our innovation, or do we have a clear strategy and idea of what we need?

2. What are we trying to change?
What pain points does our institution need to solve through technology? What solutions or fintech partners have we explored on our own? Do we need help meeting potential partners from a VC fund, or can we do it through other avenues, such as partnering with an accelerator or attending conferences?

3. What fund or funds should we invest in?
What venture capital funds are raising capital from community bank investors? Who leads and advises those funds? What is their approach to due diligence? Do they have nonbank or big bank investors? What companies have they invested in, and are those companies aligned with our values? What is the capital commitment to join a fund? Should we join multiple funds?

4. What is our risk tolerance?
What other ways could we use this capital, and what would the return on investment be? How important are financial returns? What is our risk tolerance for financial losses? Is our due diligence approach sufficient, or do we need some assistance?

5. What is our bandwidth and level of commitment?
What do we want to get out of our participation in a fund? Who from our bank will participate in fund calls, meetings or conferences? Would the bank use a product from an invested fintech, and if so, who would oversee that implantation or collaboration with the fintech? Do bank employees have the bandwidth and skills to take advantage of projects or collaborations that come from the fund?

Taking Model Risk Management to the Next Level

Written by

A financial institution’s data is one of its most valuable resources. Banks constantly collect data on their loans, deposits and customer behaviors. This data should play a key role in how financial intuitions manage their risks.

Yet, developing a data strategy can be seen as too complex based on the sheer amount of data an institution may have, or as an unnecessary burden if the objective is solely to use the information to satisfy regulatory requirements. But a holistic data strategy can enhance value across all model risk management (MRM) platforms, both for regulatory and strategic purposes. On the flip side, being inconsistent or not updating data and inputs in a timely manner can lead to inaccurate or inconsistent results. Executives need to continually update and review information for consistency; if not, the information’s relevancy in assessing risk across various platforms will decrease.

Currently, the most common data strategy approach for banks is using individual tools to measure risk for regulatory purposes. For instance, financial institutions are required to calculate and monitor interest rate risk related to their balance sheet and potential movements in future interest rates. Typically, one team within the institution extracts data and transfers it to another team, which loads the data into an internal or external model to calculate the various interest rate profiles for management to analyze and make decisions. The institution repeats this process for its other models (credit, capital adequacy, liquidity, budgeting, etc.), adjusting the inputs and tools as needed. Often, banks view these models as individual silos — the teams responsible for them, and the inputs and processes, are separate from one another. However, the various models used to measure risk share many commonalities and, in many aspects, are interdependent.

Integrating model risk management processes require understanding a bank’s current data sources and aggregation processes across all of its current models. The first step for executives is to understand what data is currently used across these platforms, and how your organization can utilize it other beyond just checking the regulatory box. In order to enhance data quality, can one data extract be used for multiple platforms? For example, can the same loan-level data file be used for different models that use similar inputs such as asset liability management (ALM) and certain CECL models? While models may utilize some different or additional fields and inputs, there are many fields — such as contractual data or loan prepayment assumptions — that are consistent across models. Extracting the data once and using it for multiple platforms allows institutions to minimize the risk of inaccurate or faulty data.

From here, bank executives can develop a centralized assumption set that can be modeled across all platforms to ensure consistency and align results between models. For instance, are the credit assumptions that are developed for CECL purposes consistent with those used to calculate your ALM and liquidity profile under various scenarios? Are prepayment assumptions generated within the ALM model also incorporated into your CECL estimate? Synchronizing assumptions can provide more accurate and realistic results across all platforms. The MRM dashboard is a tool that can be configured to alert bank executives of emerging risks and ensure that data shared by different models is consistent.

One common method of gaining insights using MRM is through scenario and stress testing. Today’s environment is uncertain; executives should not make future decisions without in-depth analysis. They can develop scenarios for potential growth opportunities, modeling through the integrated platforms to calculate impacts to profitability and credit and interest rate risk. Similarly, they can expand deposit data and assumptions to assess high-risk scenarios or future liquidity issues apart from normal day-to-day operations. Whatever the strategy may be, assessing risk on an integrated basis allows management to gain a better understanding of all impacts of future strategies and make stronger business decisions.

Once institutions begin centralizing their data and model inputs and streamlining their monitoring processes using MRM dashboards, management can shift their focus to value-added opportunities that go beyond compliance and support the strategic vision of the institution.

Why a Solid Risk Management Framework Helps Manage Change

Written by

Who owns risk management at your bank?

If your bank limits that function to the teams that report to the chief risk officer, it’s fumbling on two fronts: It’s failing to drive accountability across every corner of the enterprise, and it’s conceding its edge in a marketplace that’s never been more competitive.

Recognizing that every employee owns a piece of this responsibility make risk management an equal offensive and defensive pose for your organization. This empowers your employees to move nimbly, strategically and decisively when the bank encounters change, whether it’s an external regulatory pressure or an internal opportunity to launch a new product or service. In either case, your team navigates through change by building on best operational practices, which, in the end, work to your advantage.

Getting the bank into that position doesn’t happen overnight; the vision starts with the actions of your senior leaders. They set the tone and establish expectations, but everyone plays a hands-on role. When management prioritizes an environment where people can work collaboratively and have transparency into related roles, they foster consistency across your change management process that minimizes risk.

The need for a risk-aware culture aligns precisely with the signals coming out of Washington, D.C., that the stakes are getting higher. The Consumer Financial Protection Bureau hinted early at increased regulatory scrutiny, advising that it would tighten the regulatory standards it had relaxed to allow banks to quickly respond to customers’ financial hardship in 2020.

In response to the competitive and regulatory environment, your bank’s risk management framework should incorporate four key elements:

  • Start with setting the ground rules for how the bank will govern its risk. Define its risk strategy, the role the board and management will play and the committees that compose that governance structure — and don’t forget to detail their decision-making authority, approval and escalation process across those bodies. This upfront work also should introduce robust systems for ongoing monitoring and risk reporting, establish standard parameters on how the bank identifies issues and create a basic roadmap to remediate issues when they come along.
  • Operating Model. Distinguish the roles and responsibilities for every associate, with a key focus on how they manage risk generated by the core activities in that business. By taking the time to ensure all individuals, in every line of defense, understand their expected contributions, your bank will be ahead of the game because your people can act quicker and efficiently when a change needs to happen.
  • Standard Framework, Definitions and Taxonomies. In basic terms, everyone across the enterprise needs to speak the same language and assign risk ratings the same way. Calibrating these elements at the onset builds confidence that your bank gives thoughtful attention to categorize risks into the right buckets. Standardization should include assessment scales and definitions of different risks and risk events, leading to easier risk aggregation and risk reporting that enables a holistic view of risk across the enterprise.
  • Risk Appetite. Nothing is more important than establishing how much risk your organization is willing to take on in its daily business. Missing the mark can impact your customers, bottom line and reputation. Optimally, bank leaders will reestablish this risk appetite annually, but black swan events such as the pandemic should prompt more timely reviews.

Too often, banks reinvent the wheel every time a change or demand comes along. As the industry eyes increasing regulatory pressure in the year ahead, driving and promoting a robust risk management culture is no longer a “nice to have” within your organization; it’s a “need to have.”

When you reset the role and ownership of risk management as a strategic pillar in your bank’s future growth and direction you minimize your bank’s risk and actually propel your company forward.

Banks looking to check out best practices and a strategic framework for creating their enterprise risk framework should check out my latest whitepaper, Turning a Solid Risk Framework Into a Competitive Advantage.

What Banks Need to Know About Cyber Resiliency

Written by

In a world full of adversity, there is much to be said about the knowledge and strength it takes to overcome setbacks on an individual and organizational level — in short, resiliency.

That is especially crucial in an environment like cybersecurity, where the landscape is constantly changing. Banks must adapt to stay ahead of cyber threats through cyber resiliency.

The National Institute of Standards and Technology defines cyber resiliency as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” Today, organizations are complementing their cyber resilience strategies with security solutions that uphold their posture. While cybersecurity focuses on protecting information, technical devices, and systems, cyber resilience focuses on keeping business and resources intact amid industry failures and threats. Many dangers exist that can have a detrimental impact on your bank’s daily operations and overall reputation. The main three threats to your bank’s cybersecurity posture include:

  • Data Breaches: An unauthorized entry into an organization’s database that allows cybercriminals to access customer data.
  • Cybercrime: Organized crimes to steal, abuse, or misuse personal and confidential information.
  • Human Error: Employees fail to follow data privacy protocol and policies and accidentally sharing, leaking or exposing confidential information.

While these three are among the most prevalent risks, they are not alone. Your organization should educate employees about the malicious actors that exist in the cyberworld.

Pillars of Cyber Resilience
Your bank’s cyber resiliency posture cannot be assessed until you consider all the pillars that make up a proper strategy. Below are the five pillars of an ideal cyber resilience framework according to Security Intelligence:

  • Identify: Banks should have a strong understanding of all the resources that support the organization’s critical functions from both a business and cybersecurity standpoint.
  • Protect: Banks should safeguard all critical infrastructure services and information by implementing cybersecurity policies and solutions to create a robust layer of protection.
  • Detect: Banks should constantly monitor their enterprise network traffic for malicious activity, searching for any signs of data breaches or other significant threats. A cybersecurity solution will create a more effortless process for scanning your network.
  • Respond: Banks should respond to any significant threats or unsuspected activity in real-time.
  • Recover: Banks should implement disaster recovery and business continuity plans in case of a data breach or comprising cybersecurity incident.

By considering these five pillars, your bank will be well-suited to perfecting its cyber resiliency posture and ensuring it has all the resources and strength to bounce back from any potential setback quickly.

Taking Control of Your Cybersecurity Experience
The patterns of cyberattacks are evolving in response to changes in the cyber environment and the Internet of Things. For a more practical experience, your bank must consider the social and capital investments necessary to develop a cybersecurity strategy.

According to the Ponemon Institute, “organizations are making investments in technology that do not strengthen their cybersecurity budget based on the wrong metrics. Fifty percent of respondents say their organizations are wasting limited budgets on investments that don’t improve their cybersecurity posture. The primary reasons for the failure are system complexity, personnel and vendor support issues.”

It is not uncommon for security-related responsibilities to fall on employees. Ultimately, it is the company and the employees’ responsibility to protect their networks, servers, and personal and professional information. The key to building a better cybersecurity toolbox is rooted in the relationship between a cybersecurity solution and its users. An ideal cybersecurity solution should include elite features like one-touch compliance reporting and automation tools, integrated threat intelligence, around-the-clock monitoring search for leaked accounts on the deep and dark web, managed compliance, detection, and response, and fast deployment (90 minutes or less).

Prioritizing Cybersecurity
Having a strategy and system in place that continues running smoothly despite adversities directly reflects an institution’s cyber resilience. Your bank should be able to identify, protect, detect and react when facing cyberattacks. Investing your time, resources, and capital into cybersecurity solutions is an essential measure of success. It will ensure network security and protection. As stated in Security Magazine, information technology “should enable businesses to make informed decisions on how to manage cyber risk while continuing their growth agenda. Most directors or CEOs today realize the consequences on the bottom line apart from the damage to reputation caused by a breach or an attack.”

Proper growth always begins internally. Banks that normalize and implement security best practices can achieve cyber resilience. If your organization can adapt its traditional approaches to cybersecurity, it will be better equipped to recover from difficulties it may face. In the end, a quick bounce back is better than a long-term setback. So, what better time than now to act?