Are Bank Directors Worried Enough About Fair Lending?

Bank directors and executives, be warned: Federal regulators are focusing their lasers on fair lending. 

If your bank has not modernized its fairness practices, the old ways of doing fair lending compliance may no longer keep you safe. Here are three factors that make this moment in time uniquely risky for lenders when it comes to fairness.

1. The Regulatory Spotlight is Shining on Fair Lending.
Fair lending adherence tops the agendas for federal regulators. The Department of Justice is in the midst of a litigation surge to combat redlining. Meanwhile, the Consumer Financial Protection Bureau has published extensively on unfair lending practices, including a revision of its exam procedures to intensify reviews of discriminatory practices.

Collections is one area of fair lending risk that warrants more attention from banks. Given the current economic uncertainty, collections activities at your institution could increase; expect the CFPB and other regulators to closely examine the fairness of your collections programs. The CFPB issued an advisory opinion in May reminding lenders that “the Equal Credit Opportunity Act continues to protect borrowers after they have applied for and received credit,” which includes collections. The CFPB’s new exam procedures also call out the risk of “collection practices that lead to differential treatment or disproportionately adverse impacts on a discriminatory basis.”

2. Rising Interest Rates Have Increased Fair Lending Risks.
After years of interest rate stability, the Federal Reserve Board has issued several rate increases over the last three months to tamp down inflation, with more likely to come.

Why should banks worry about this? Interest rates are negatively correlated with fair lending risks. FairPlay recently did an analysis of the Home Mortgage Disclosure Act database, which contains loan level data for every loan application in a given year going back to 1990. The database is massive: In 2021, HMDA logged over 23 million loan applications.

Our analysis found that fairness decreases markedly when interest rates rise. The charts below show Adverse Impact Ratios (AIRs) in different interest rate environments.

Under the AIR methodology, the loan approval rate of a specific protected status group is compared to that of a control group, typically white applicants. Any ratio below 0.80 is a cause for concern for banks. The charts above show that Black Americans have around an .80 AIR in a 3% interest rate environment, which plummets as interest rates increase. The downward slope of fairness for rising interest rates also holds true for American Indian or Alaska Natives. Bottom line: Interest rate increases can threaten fairness.

What does this result mean for your bank’s portfolio? Even if you conducted a fair lending risk analysis a few months ago, the interest rate rise has rendered your analysis out-of-date. Your bank may be presiding over a host of unfair decisions that you have yet to discover.

3. Penalties for Violations are Growing More Severe.
If your institution commits a fair lending violation, the consequences could be more severe than ever. It could derail a merger or acquisition and cause a serious reputational issue for your organization. Regulators may even hold bank leaders personally liable.

In a recent lecture, CFPB Director Rohit Chopra noted that senior leaders at financial institutions — including directors — can now be held personally accountable for egregious violations:

“Where individuals play a role in repeat offenses and order violations, it may be appropriate for regulatory agencies and law enforcers to charge these individuals and disqualify them. Dismissal of senior management and board directors, and lifetime occupational bans should also be more frequently deployed in enforcement actions involving large firms.”

He’s wasting no time in keeping this promise: the CFPB has since filed a lawsuit against a senior executive at credit bureau TransUnion, cementing this new form of enforcement.

How can banks manage the current era of fair lending and minimize their institutional and personal exposure? Start by recognizing that the surface area of fair lending risks has expanded. Executives need to evaluate more decisions for fairness, including marketing, fraud and loss mitigation decisions. Staff conducting largely manual reviews of underwriting and pricing won’t give company leadership the visibility it needs into fair lending risks. Instead, lenders should explore adopting technologies that evaluate and imbed fairness considerations at key parts of the customer journey and generate reporting that boards, executive teams, and regulators can understand and rely on. Commitments to initiatives like special purpose credit programs can also effectively demonstrate that your institution is committed to responsibly extending credit in communities where it is dearly needed.

No matter what actions you take, a winning strategy will be proactive, not reactive. The time to modernize is now, before the old systems fail your institution.

7 Key Actions for Banks Partnering With Fintechs

A longer version of this article can be read at RSM US LLP.

Many banks are considering acquiring or partnering with existing fintechs to gain access to cutting-edge technologies and remain competitive in the crowded financial services marketplace.

There are many advantages to working with fintech partners to launch newer services and operations, but failing to properly select and manage partners or new acquisitions can have the opposite effect: additional risks, unforeseen exposures and unnecessary costs. Partnership opportunities may be a focus for leadership teams, given the significant growth and investments in the fintech space over the last decade. Consumer adoption is up: 88% of U.S. consumers used a fintech in 2021, up from 58% in 2020, according to Plaid’s 2021 annual report; conventional banks’ market share continues to drop.

Planning is everything when partnering with or acquiring a fintech company. Here are seven key actions and areas of consideration for banks looking for such partnerships.

1. Understand your customers on a deeper level: The first step before considering a fintech partner or acquisition is to understand what your consumers truly want and how they want those services delivered. Companies can pinpoint these needs via surveys, customer focus groups, call centers or discussions and information-gathering with employees.

Organizations should also explore the needs of individuals and entities outside their existing customer bases. Gathering data that helps them learn about their customers’ needs, lifestyle preferences and behaviors can help banks pinpoint the right technology and delivery channel for their situation.

2. Understand leading-edge technological advancements: While fintech partnerships can give a traditional bank access to new cutting-edge technologies, leaders still need to understand these technologies and the solutions. This might involve helping teams gain fluency in topics such as artificial intelligence that can improve credit decisioning, underwriting processes and fraud detection, automation that speeds up service delivery responses and customer onboarding, data analysis and state-of-the-art customer relationship management tools and more.

3. Prepare for culture shock: Fintechs, particularly those in start-up mode, will be used to operating at a different pace and with a different style than typical banks. Fintechs may behave more entrepreneurially, trying many experiments and failing often and fast. This entrepreneurial mindset has implications for how projects are organized, managed, measured, staffed and led.

4. Take a 360-degree view of risk: Fintechs may not have been subject to the same strict compliance as banks, but as soon as they enter a partnership, they must adhere to the same standards, regulations and controls. Any technology-led, third-party partnership comes with the potential for additional risks in areas such as cybersecurity, data privacy, anti-money laundering and myriad other regulatory compliance risks. Banks need to have a solid understanding of the viability and soundness of the fintech they might partner with, as well as the strength and agility of the leadership team. They should also ensure the new relationship has adequate business continuity and disaster recovery plans.

From vendor selections and background checks to mutual security parameters and decisions around where servers will be located, all potential exposures are important for banks to assess. A new fintech relationship could open new avenues for outside threats, information breaches and reputation damage.

5. Don’t underestimate the management lift needed:Acquiring or partnering with a fintech or third-party vendor involves significant management work to meet customer needs, keep implementation costs in line and merge technologies to ensure compatibility between the two organizations.

Employees at each company will likely have different approaches to innovation, which is one of the major benefits of teaming up with a fintech company; your organization can rapidly gain access to cutting-edge technologies and the overall agility of a startup. But management needs to ensure that this union doesn’t inadvertently create heartburn among employees on both sides.

6. Build ownership through clear accountability and responsibility: A fintech partnership requires management and oversight to be effective. Banks should consider the ownership and internal staffing requirements needed to achieve the full value of their investment with a fintech organization.

Don’t underestimate the time and effort needed to develop and deploy these plans. Based on the automation levels of the solution implemented, these resources may need dedicated time on an ongoing basis for the oversight and operations of the solution as well.

7. Stick to a plan:While in a hurry to launch a service, leadership teams may gloss over the whole steps of the plan and critical items may fall off. To combat this, banks should have a robust project plan that aligns with the overall innovation strategy and clear definitions around who is responsible for what. A vendor management program can help with this, along with strategic change management planning.

Balancing the demands of innovation with a thorough and thoughtful approach that considers customer behaviors, risks, resources and plans for new solutions will make fintech partnerships go as smooth as possible. Institutions would do well to incorporate these seven key areas throughout the process of a potential third-party partnership to ensure the maximum return on investment.

Should You Invest in a Venture Fund?

Community banks needing to innovate are hoping they can gain an edge — and valuable exposure — by investing in venture capital funds focused on early-stage financial technology companies.

Investing directly or indirectly in fintechs is a new undertaking for many community banks that may lack the expertise or bandwidth to take this next step toward innovation. VC funds give small banks a way to learn about emerging technologies, connect with new potential partners and even capture some of the financial upside of the investment. But is this opportunity right for all banks?

The investments can jump start “a virtuous circle” of improvements and returns, Anton Schutz, president at Mendon Capital Advisors Corp., argues in the second quarter issue of Bank Director magazine. Schutz is one of the partners behind Mendon Ventures’ BankTech Fund, which has about 40 banks invested as limited partners, according to S&P Global Market Intelligence.

If there is a return, it might not appear solely as a line item on the bank’s balance sheet, in other words. A bank that implements the technology from a fintech following a fund introduction might become more effective or productive or secure over time. The impact of these funds on bank innovation could be less of a transformation and more of an evolution — if the investments play out as predicted.

But these bets still carry drawbacks and risks. Venture capital dollars have flocked to the fintech space, pushing up valuations. In 2021, $1 out of every $5 in venture capital investments went to the fintech space, making up 21% of all investments, according to CB Insight’s Global State of Venture report for 2021. Participating in a VC fund might distract management teams from their existing digital transformation plan, and the investments could fail to produce attractive returns — or even record a loss.

Bank Director has created the following discussion guide for boards at institutions that are exploring whether to invest in venture capital funds. This list of questions is by no means exhaustive; directors and executives should engage with external resources for specific concerns and strategies that are appropriate for their bank.

1. How does venture capital investing fit into our innovation strategy?
How do we approach innovation and fintech partnerships in general? How would a fund help us innovate? Do we expect the fund to direct our innovation, or do we have a clear strategy and idea of what we need?

2. What are we trying to change?
What pain points does our institution need to solve through technology? What solutions or fintech partners have we explored on our own? Do we need help meeting potential partners from a VC fund, or can we do it through other avenues, such as partnering with an accelerator or attending conferences?

3. What fund or funds should we invest in?
What venture capital funds are raising capital from community bank investors? Who leads and advises those funds? What is their approach to due diligence? Do they have nonbank or big bank investors? What companies have they invested in, and are those companies aligned with our values? What is the capital commitment to join a fund? Should we join multiple funds?

4. What is our risk tolerance?
What other ways could we use this capital, and what would the return on investment be? How important are financial returns? What is our risk tolerance for financial losses? Is our due diligence approach sufficient, or do we need some assistance?

5. What is our bandwidth and level of commitment?
What do we want to get out of our participation in a fund? Who from our bank will participate in fund calls, meetings or conferences? Would the bank use a product from an invested fintech, and if so, who would oversee that implantation or collaboration with the fintech? Do bank employees have the bandwidth and skills to take advantage of projects or collaborations that come from the fund?

Taking Model Risk Management to the Next Level

A financial institution’s data is one of its most valuable resources. Banks constantly collect data on their loans, deposits and customer behaviors. This data should play a key role in how financial intuitions manage their risks.

Yet, developing a data strategy can be seen as too complex based on the sheer amount of data an institution may have, or as an unnecessary burden if the objective is solely to use the information to satisfy regulatory requirements. But a holistic data strategy can enhance value across all model risk management (MRM) platforms, both for regulatory and strategic purposes. On the flip side, being inconsistent or not updating data and inputs in a timely manner can lead to inaccurate or inconsistent results. Executives need to continually update and review information for consistency; if not, the information’s relevancy in assessing risk across various platforms will decrease.

Currently, the most common data strategy approach for banks is using individual tools to measure risk for regulatory purposes. For instance, financial institutions are required to calculate and monitor interest rate risk related to their balance sheet and potential movements in future interest rates. Typically, one team within the institution extracts data and transfers it to another team, which loads the data into an internal or external model to calculate the various interest rate profiles for management to analyze and make decisions. The institution repeats this process for its other models (credit, capital adequacy, liquidity, budgeting, etc.), adjusting the inputs and tools as needed. Often, banks view these models as individual silos — the teams responsible for them, and the inputs and processes, are separate from one another. However, the various models used to measure risk share many commonalities and, in many aspects, are interdependent.

Integrating model risk management processes require understanding a bank’s current data sources and aggregation processes across all of its current models. The first step for executives is to understand what data is currently used across these platforms, and how your organization can utilize it other beyond just checking the regulatory box. In order to enhance data quality, can one data extract be used for multiple platforms? For example, can the same loan-level data file be used for different models that use similar inputs such as asset liability management (ALM) and certain CECL models? While models may utilize some different or additional fields and inputs, there are many fields — such as contractual data or loan prepayment assumptions — that are consistent across models. Extracting the data once and using it for multiple platforms allows institutions to minimize the risk of inaccurate or faulty data.

From here, bank executives can develop a centralized assumption set that can be modeled across all platforms to ensure consistency and align results between models. For instance, are the credit assumptions that are developed for CECL purposes consistent with those used to calculate your ALM and liquidity profile under various scenarios? Are prepayment assumptions generated within the ALM model also incorporated into your CECL estimate? Synchronizing assumptions can provide more accurate and realistic results across all platforms. The MRM dashboard is a tool that can be configured to alert bank executives of emerging risks and ensure that data shared by different models is consistent.

One common method of gaining insights using MRM is through scenario and stress testing. Today’s environment is uncertain; executives should not make future decisions without in-depth analysis. They can develop scenarios for potential growth opportunities, modeling through the integrated platforms to calculate impacts to profitability and credit and interest rate risk. Similarly, they can expand deposit data and assumptions to assess high-risk scenarios or future liquidity issues apart from normal day-to-day operations. Whatever the strategy may be, assessing risk on an integrated basis allows management to gain a better understanding of all impacts of future strategies and make stronger business decisions.

Once institutions begin centralizing their data and model inputs and streamlining their monitoring processes using MRM dashboards, management can shift their focus to value-added opportunities that go beyond compliance and support the strategic vision of the institution.

Why a Solid Risk Management Framework Helps Manage Change

Who owns risk management at your bank?

If your bank limits that function to the teams that report to the chief risk officer, it’s fumbling on two fronts: It’s failing to drive accountability across every corner of the enterprise, and it’s conceding its edge in a marketplace that’s never been more competitive.

Recognizing that every employee owns a piece of this responsibility make risk management an equal offensive and defensive pose for your organization. This empowers your employees to move nimbly, strategically and decisively when the bank encounters change, whether it’s an external regulatory pressure or an internal opportunity to launch a new product or service. In either case, your team navigates through change by building on best operational practices, which, in the end, work to your advantage.

Getting the bank into that position doesn’t happen overnight; the vision starts with the actions of your senior leaders. They set the tone and establish expectations, but everyone plays a hands-on role. When management prioritizes an environment where people can work collaboratively and have transparency into related roles, they foster consistency across your change management process that minimizes risk.

The need for a risk-aware culture aligns precisely with the signals coming out of Washington, D.C., that the stakes are getting higher. The Consumer Financial Protection Bureau hinted early at increased regulatory scrutiny, advising that it would tighten the regulatory standards it had relaxed to allow banks to quickly respond to customers’ financial hardship in 2020.

In response to the competitive and regulatory environment, your bank’s risk management framework should incorporate four key elements:

  • Start with setting the ground rules for how the bank will govern its risk. Define its risk strategy, the role the board and management will play and the committees that compose that governance structure — and don’t forget to detail their decision-making authority, approval and escalation process across those bodies. This upfront work also should introduce robust systems for ongoing monitoring and risk reporting, establish standard parameters on how the bank identifies issues and create a basic roadmap to remediate issues when they come along.
  • Operating Model. Distinguish the roles and responsibilities for every associate, with a key focus on how they manage risk generated by the core activities in that business. By taking the time to ensure all individuals, in every line of defense, understand their expected contributions, your bank will be ahead of the game because your people can act quicker and efficiently when a change needs to happen.
  • Standard Framework, Definitions and Taxonomies. In basic terms, everyone across the enterprise needs to speak the same language and assign risk ratings the same way. Calibrating these elements at the onset builds confidence that your bank gives thoughtful attention to categorize risks into the right buckets. Standardization should include assessment scales and definitions of different risks and risk events, leading to easier risk aggregation and risk reporting that enables a holistic view of risk across the enterprise.
  • Risk Appetite. Nothing is more important than establishing how much risk your organization is willing to take on in its daily business. Missing the mark can impact your customers, bottom line and reputation. Optimally, bank leaders will reestablish this risk appetite annually, but black swan events such as the pandemic should prompt more timely reviews.

Too often, banks reinvent the wheel every time a change or demand comes along. As the industry eyes increasing regulatory pressure in the year ahead, driving and promoting a robust risk management culture is no longer a “nice to have” within your organization; it’s a “need to have.”

When you reset the role and ownership of risk management as a strategic pillar in your bank’s future growth and direction you minimize your bank’s risk and actually propel your company forward.

Banks looking to check out best practices and a strategic framework for creating their enterprise risk framework should check out my latest whitepaper, Turning a Solid Risk Framework Into a Competitive Advantage.

What Banks Need to Know About Cyber Resiliency

In a world full of adversity, there is much to be said about the knowledge and strength it takes to overcome setbacks on an individual and organizational level — in short, resiliency.

That is especially crucial in an environment like cybersecurity, where the landscape is constantly changing. Banks must adapt to stay ahead of cyber threats through cyber resiliency.

The National Institute of Standards and Technology defines cyber resiliency as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” Today, organizations are complementing their cyber resilience strategies with security solutions that uphold their posture. While cybersecurity focuses on protecting information, technical devices, and systems, cyber resilience focuses on keeping business and resources intact amid industry failures and threats. Many dangers exist that can have a detrimental impact on your bank’s daily operations and overall reputation. The main three threats to your bank’s cybersecurity posture include:

  • Data Breaches: An unauthorized entry into an organization’s database that allows cybercriminals to access customer data.
  • Cybercrime: Organized crimes to steal, abuse, or misuse personal and confidential information.
  • Human Error: Employees fail to follow data privacy protocol and policies and accidentally sharing, leaking or exposing confidential information.

While these three are among the most prevalent risks, they are not alone. Your organization should educate employees about the malicious actors that exist in the cyberworld.

Pillars of Cyber Resilience
Your bank’s cyber resiliency posture cannot be assessed until you consider all the pillars that make up a proper strategy. Below are the five pillars of an ideal cyber resilience framework according to Security Intelligence:

  • Identify: Banks should have a strong understanding of all the resources that support the organization’s critical functions from both a business and cybersecurity standpoint.
  • Protect: Banks should safeguard all critical infrastructure services and information by implementing cybersecurity policies and solutions to create a robust layer of protection.
  • Detect: Banks should constantly monitor their enterprise network traffic for malicious activity, searching for any signs of data breaches or other significant threats. A cybersecurity solution will create a more effortless process for scanning your network.
  • Respond: Banks should respond to any significant threats or unsuspected activity in real-time.
  • Recover: Banks should implement disaster recovery and business continuity plans in case of a data breach or comprising cybersecurity incident.

By considering these five pillars, your bank will be well-suited to perfecting its cyber resiliency posture and ensuring it has all the resources and strength to bounce back from any potential setback quickly.

Taking Control of Your Cybersecurity Experience
The patterns of cyberattacks are evolving in response to changes in the cyber environment and the Internet of Things. For a more practical experience, your bank must consider the social and capital investments necessary to develop a cybersecurity strategy.

According to the Ponemon Institute, “organizations are making investments in technology that do not strengthen their cybersecurity budget based on the wrong metrics. Fifty percent of respondents say their organizations are wasting limited budgets on investments that don’t improve their cybersecurity posture. The primary reasons for the failure are system complexity, personnel and vendor support issues.”

It is not uncommon for security-related responsibilities to fall on employees. Ultimately, it is the company and the employees’ responsibility to protect their networks, servers, and personal and professional information. The key to building a better cybersecurity toolbox is rooted in the relationship between a cybersecurity solution and its users. An ideal cybersecurity solution should include elite features like one-touch compliance reporting and automation tools, integrated threat intelligence, around-the-clock monitoring search for leaked accounts on the deep and dark web, managed compliance, detection, and response, and fast deployment (90 minutes or less).

Prioritizing Cybersecurity
Having a strategy and system in place that continues running smoothly despite adversities directly reflects an institution’s cyber resilience. Your bank should be able to identify, protect, detect and react when facing cyberattacks. Investing your time, resources, and capital into cybersecurity solutions is an essential measure of success. It will ensure network security and protection. As stated in Security Magazine, information technology “should enable businesses to make informed decisions on how to manage cyber risk while continuing their growth agenda. Most directors or CEOs today realize the consequences on the bottom line apart from the damage to reputation caused by a breach or an attack.”

Proper growth always begins internally. Banks that normalize and implement security best practices can achieve cyber resilience. If your organization can adapt its traditional approaches to cybersecurity, it will be better equipped to recover from difficulties it may face. In the end, a quick bounce back is better than a long-term setback. So, what better time than now to act?

A New Look at Problem Loan Management

Regardless of how you describe 2020, change was the common theme.

Not only did the coronavirus pandemic and economic contaction in 2020 change the way the banking industy identifies problem loans, it changed the way it approaches them. As 2020 unfolded, CLA continued to encourage institutions to evaluate policies and procedures, given that most were written for normal operating environments. A problem loan is a credit that cannot be repaid according to the terms of the initial agreement, or in an otherwise acceptable manner. In a time when payment deferrals and modifications are numerous and widespread, and government-assisted credit is necessary, how does problem loans identification change?

Risk Identification
The first step in problem loan management (PLM) is an effective risk identification program, which includes proper monitoring and continually applying appropriate risk ratings. Management teams can use internal reviews performed periodically or annually to assist with early risk detection.

Monitoring
Frequent monitoring of the portfolio remains one of the critical pillars of PLM. This requires collecting updated financials and information to monitor the wherewithal of the borrower, guarantor and related entities on a standalone and combined basis. Increased monitoring is warranted, especially for vulnerable industries.

Resources
Who leads your bank’s PLM program? Many lenders have not been exposed to a PLM process, or have not been in the industry long enough to experience an economic downturn. The art of PLM involves objective parties, including a group independent of the loan officer, to manage the loans effectively.

Evaluation of performance
Financials for 2020 will include unusual items, and completing year-over-year comparisons will require eliminating “extraordinary” items. For example, removing funds received through the Small Business Administration’s Paycheck Protection Program will be essential to ascertain and review the performance of core operations. Banks will need to consider how a borrower’s core performance would have met the requirements of the original loan terms without modifications. It is pertinent to remove these items and evaluate how the borrower is functioning at its core.

Action plans
The routine nature of completing a quarterly problem loan action report deserves a new look. Banks of all sizes must address problem loans and develop plans to mitigate exposure. Action plans are a way for management to track and document each borrower’s circumstances and next steps to reduce credit risk exposure.

Problem Loan Action Plan Considerations

  • Borrower identification and history — Identify the obligor(s) (direct and indirect), ownership composition, type of business, underlying debt(s), and operational changes over the past few years or as a result of COVID-19.
  • Communication — If the borrower remains communicative, address commitments made, if any, and all legal correspondence.
  • Financial analysis — Update financial information with a look at historical trend on standalone and global basis and impact of COVID-19.
  • Repayment history — Review payment status, including any late payments or 30/60/90-day history. Discuss modifications.
  • Collateral valuation and analysis — Evaluate need for updated values given changes in market, property type, or other pertinent factors.
  • Risk rating — Consider current and recommended risk rating changes, if any.
  • Impairment analysis — Clearly document the analysis or testing for impairment to support quarterly Allowance for Loan and Lease Losses analysis.
  • Progress update — Address actionable items from the last review. Is workout plan effective?
  • Next steps — Detail steps the borrower and institution will take to improve the status of the loan. Establish clear and quantifiable objectives and timeframes for both parties and document results as the plan progresses.

The information contained herein is general in nature and is not intended, and should not be construed, as legal, accounting, investment, or tax advice or opinion provided by CliftonLarsonAllen LLP (CliftonLarsonAllen) to the reader. For more information, visit CLAconnect.com.

CLA exists to create opportunities for our clients, our people, and our communities through our industry-focused wealth advisory, outsourcing, audit, tax, and consulting services. Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor.

The Promise, and Peril, of Risk Technology

The pandemic has underlined how essential risk technology is for proactive and responsive financial institutions.

Prior to the coronavirus outbreak, bank risk managers were already incorporating such technology to manage, sift and monitor various inputs and information. The pandemic has complicated those efforts to get a handle on emerging and persistent risks — even as it becomes increasingly critical to incorporate into day-to-day decision-making.

Data, and getting insights from it, has always been central to how risk managers have worked. That hasn’t changed,” says Sandeep Mangaraj, an industry executive at Microsoft who focuses on digital banking transformations.

Prior to the pandemic, concerns about operational risk had increased “somewhat” or “significantly” among 51% of CEOs, chief risk officers and directors responding to Bank Director’s 2020 Risk Survey, which was completed just before the pandemic. More than half also revealed heightened concerns around cybersecurity, credit and interest rate risk, and strategic risk.

That survey also found respondents indicating there was room for technology to improve their compliance with Bank Secrecy Act and anti-money laundering rules (76%), know your customer (50%) requirements, and vendor management requirements.

One way executives and risk managers can keep up is by incorporating risk technology to help sift through reams of data to derive actionable insights. These technologies can create a unified view of risk across exposure types and aggregation levels — product, business line, region — so executives can see how risk manifests within the bank. Some of these solutions can also capture and provide real-time information, supplementing slower traditional sources or replacing end-of-day reports.

But the pandemic led more than half of respondents to Bank Director’s 2020 Technology Survey to alter or adjust their technology roadmaps — including 82% of respondents at institutions with more than $10 billion in assets. Two-thirds said they would upgrade existing technology; just 16% planned to add technology to improve regulatory compliance.

Artificial intelligence holds a lot of promise in helping banks more efficiently and effectively comply with regulations and manage risk. Many banks are still early in their risk technology journeys, and are working to identify areas or situations that can be serviced or assisted by risk technologies. Forty-six percent of respondents to Bank Director’s Technology Survey say they are not utilizing AI yet.

Those that have are applying it to situations like fraud monitoring, which generates large amounts of data that the bank can correlate and act on, Mangaraj says. Others have applied it to process intelligence and process improvement, or used it to enhance the control environment. Key to the success of any AI or risk-technology endeavor is finding the right, measurable application where a bank can capture value for heightened risk or capabilities.

“We have a client who uses AI to monitor trader conversations that can proactively flag any compliance issues that may be coming up,” he says. “There are lots and lots of ways in which you can start using it. Key is identify cases, make sure you have clear measurement of value, monitor it and celebrate it. Success breeds success.”

The addition and incorporation of innovative risk technologies coincides with many banks’ digital transformations. While these changes can often complement each other, they can also make it difficult for a bank to manage and measure its risk, or could even introduce risk.

A strong management team, effective controls and active monitoring of the results are essential keys to a bank’s success with these technology endeavors, says James Watkins, senior managing director at the Isaac-Milstein Group. Watkins served at the FDIC for nearly 40 years as the senior deputy director of supervisory examinations, overseeing the agency’s risk management examination program.

“It’s time for a fresh look of the safeguards and controls that banks have in place — the internal controls and the reliability of the bank system’s and monitoring apparatuses. All of those are extremely important,” he says.

Bank executives and boards of directors must have the processes and procedures in place to ensure they’re using this technology and contextualizing its outcomes in a prudent manner.

“I think the importance of general contingency planning, crisis management strategies, thinking strategically — these are all areas that boards of directors and senior management really need to be attuned to and be prepared for,” Watkins says.

Keeping Optimism Alive

We are all in survival mode.

While the health and safety of one’s constituents takes top billing, keeping a business relevant — and viable — during these times should top the shortlist of any board’s agenda.

And while nobody has a compass to navigate these times, we at least have the means to aggregate an incredible amount of information and insight, vis-a-vis BankBEYOND.

With many fatigued from virtual conferences, we challenged ourselves to bring concise, novel ideas to a hugely influential audience. We followed Steve Jobs’ principle of design, working backward from the user’s experience to present board-level issues in new ways on BankDirector.com.

Our North Star in crafting the BankBEYOND agenda and experience: Respecting viewers’ time while surfacing issues that are both specific and relevant to their interests and responsibilities. Hence, our focus on issues that are strategic, risky and potentially expensive.

Since March, the industry has witnessed — and undergone — a rapid evolution of financial services. As a result, officers and directors must now assess the potential of their bank’s business in a post Covid-19 world. Growing a bank prudently and profitably took center stage at our Acquire or Be Acquired Conference in January; today, I suspect many boards and executives today emphasize efficiency to protect their franchise’s value. Indeed, a 50% efficiency ratio used to be the stretch goal for many banks; now, that might be closer to 35%.

Banks across the country are grappling with the tough choices they will need to make to rapidly bring those ratios down while delivering consistent service across physical and digital channels. We appreciate how so many institutions quickly embraced new technologies to solve specific business challenges, like the rollout of the Small Business Administration’s Paycheck Protection Program. In recent merger announcements, the drive to leverage technologies proved a primary catalyst for striking a deal. In fact, that’s where many efficiency gains come from.

However, boards realize that many of these technology additions can be expensive, which is why economies of scale becomes critical. We have seen how mergers can become the most expeditious way to generate meaningful economies of scale. But of course, much of the bank space is stuck in neutral at the moment when it comes to bank M&A.

We know that BankBEYOND’s audience has the responsibility for finding answers, rather than identifying barriers. We are tackling issues like:

  • Setting high-priority, short-term goals;
  • Keeping optimism and a sense of purpose alive; and
  • Weaving the best of the past eight months into everything the bank does going forward.

These are only three of the topics we’ll address with the help of various advisors and executives. Unlike a digital conference, with specific dates and watch times, we release families of videos and presentations at 8 a.m. CST. Beginning Monday, Nov. 9, we explore strategic and governance issues. The next day, we add information geared to the audit committee and risk committee. We conclude on Wednesday, Nov. 11, by sharing content developed for the compensation and nominating/governance committees.

BankBEYOND tees up the topics that allow for proactive — not reactive — change. By placing a premium on complex issues that all directors must address, we strengthen the knowledge of a bank’s board. And we rarely find a strong board at anything but a strong bank.

Beware Third-Quarter Credit Risk

Could credit quality finally crack in the third quarter?

Banks spent the summer and fall risk-rating loans that had been impacted by the coronavirus pandemic and recession at the same time they tightened credit and financial standards for second-round deferral requests. The result could be that second-round deferrals substantially fall just as nonaccruals and criticized assets begin increasing.

Bankers must stay vigilant to navigate these two diametric forces.

“We’re in a much better spot now, versus where we were when this thing first hit,” says Corey Goldblum, a principal in Deloitte’s risk and financial advisory practice. “But we tell our clients to continue proactively monitoring risk, making sure that they’re identifying any issues, concerns and exposures, thinking about what obligors will make it through and what happens if there’s another outbreak and shutdown.”

Eight months into the pandemic, the suspension of troubled loan reporting rules and widespread forbearance has made it difficult to ascertain the true state of credit quality. Noncurrent loan and net charge-off volumes stayed “relatively low” in the second quarter, even as provisions skyrocketed, the Federal Deposit Insurance Corp. noted in its quarterly banking profile.

The third quarter may finally reveal that nonperforming assets and net charge-offs are trending higher, after two quarters of proactive reserve builds, John Rodis, director of banks and thrifts at Janney Montgomery Scott, wrote in an Oct. 6 report. He added that the industry will be closely watching for continued updates on loan modifications.

Banks should continue performing “vulnerability assessments,” both across their loan portfolios and in particular subsets that may be more vulnerable, says James Watkins, senior managing director at the Isaac-Milstein Group. Watkins served at the FDIC for nearly 40 years as the senior deputy director of supervisory examinations, overseeing the agency’s risk management examination program.

“Banks need to ensure that they are actively having those conversations with their customers,” he says. “In areas that have some vulnerability, they need to take a look at fresh forecasts.”

Both Watkins and Goldblum recommend that banks conduct granular, loan-level credit reviews with the most current information, when possible. Goldblum says this is an area where institutions can leverage analytics, data and technology to increase the efficiency and effectiveness of these reviews.

Going forward, banks should use the experiences gained from navigating the credit uncertainty in the first and second quarter to prepare for any surprise subsequent weakening in credit. They should assess whether their concentrations are manageable, their monitoring programs are strong and their loan rating systems are responsive and realistic. They also should keep a watchful eye on currently performing loans where borrower financials may be under pressure.

It is paramount that banks continue to monitor the movement of these risks — and connect them to other variables within the bank. Should a bank defer a loan or foreclose? Is persistent excess liquidity a sign of customer surplus, or a warning sign that they’re holding onto cash? Is loan demand a sign of borrower strength or stress? The pandemic-induced recession is now eight months old and yet the industry still lacks clarity into its credit risk.

“All these things could mean anything,” Watkins says. “That’s why [banks need] strong monitoring and controls, to make sure that you’re really looking behind these trends and are prepared for that. We’re in uncertain and unprecedented times, and there will be important lessons that’ll come out of this crisis.”