Taking Model Risk Management to the Next Level

A financial institution’s data is one of its most valuable resources. Banks constantly collect data on their loans, deposits and customer behaviors. This data should play a key role in how financial intuitions manage their risks.

Yet, developing a data strategy can be seen as too complex based on the sheer amount of data an institution may have, or as an unnecessary burden if the objective is solely to use the information to satisfy regulatory requirements. But a holistic data strategy can enhance value across all model risk management (MRM) platforms, both for regulatory and strategic purposes. On the flip side, being inconsistent or not updating data and inputs in a timely manner can lead to inaccurate or inconsistent results. Executives need to continually update and review information for consistency; if not, the information’s relevancy in assessing risk across various platforms will decrease.

Currently, the most common data strategy approach for banks is using individual tools to measure risk for regulatory purposes. For instance, financial institutions are required to calculate and monitor interest rate risk related to their balance sheet and potential movements in future interest rates. Typically, one team within the institution extracts data and transfers it to another team, which loads the data into an internal or external model to calculate the various interest rate profiles for management to analyze and make decisions. The institution repeats this process for its other models (credit, capital adequacy, liquidity, budgeting, etc.), adjusting the inputs and tools as needed. Often, banks view these models as individual silos — the teams responsible for them, and the inputs and processes, are separate from one another. However, the various models used to measure risk share many commonalities and, in many aspects, are interdependent.

Integrating model risk management processes require understanding a bank’s current data sources and aggregation processes across all of its current models. The first step for executives is to understand what data is currently used across these platforms, and how your organization can utilize it other beyond just checking the regulatory box. In order to enhance data quality, can one data extract be used for multiple platforms? For example, can the same loan-level data file be used for different models that use similar inputs such as asset liability management (ALM) and certain CECL models? While models may utilize some different or additional fields and inputs, there are many fields — such as contractual data or loan prepayment assumptions — that are consistent across models. Extracting the data once and using it for multiple platforms allows institutions to minimize the risk of inaccurate or faulty data.

From here, bank executives can develop a centralized assumption set that can be modeled across all platforms to ensure consistency and align results between models. For instance, are the credit assumptions that are developed for CECL purposes consistent with those used to calculate your ALM and liquidity profile under various scenarios? Are prepayment assumptions generated within the ALM model also incorporated into your CECL estimate? Synchronizing assumptions can provide more accurate and realistic results across all platforms. The MRM dashboard is a tool that can be configured to alert bank executives of emerging risks and ensure that data shared by different models is consistent.

One common method of gaining insights using MRM is through scenario and stress testing. Today’s environment is uncertain; executives should not make future decisions without in-depth analysis. They can develop scenarios for potential growth opportunities, modeling through the integrated platforms to calculate impacts to profitability and credit and interest rate risk. Similarly, they can expand deposit data and assumptions to assess high-risk scenarios or future liquidity issues apart from normal day-to-day operations. Whatever the strategy may be, assessing risk on an integrated basis allows management to gain a better understanding of all impacts of future strategies and make stronger business decisions.

Once institutions begin centralizing their data and model inputs and streamlining their monitoring processes using MRM dashboards, management can shift their focus to value-added opportunities that go beyond compliance and support the strategic vision of the institution.

Why a Solid Risk Management Framework Helps Manage Change

Who owns risk management at your bank?

If your bank limits that function to the teams that report to the chief risk officer, it’s fumbling on two fronts: It’s failing to drive accountability across every corner of the enterprise, and it’s conceding its edge in a marketplace that’s never been more competitive.

Recognizing that every employee owns a piece of this responsibility make risk management an equal offensive and defensive pose for your organization. This empowers your employees to move nimbly, strategically and decisively when the bank encounters change, whether it’s an external regulatory pressure or an internal opportunity to launch a new product or service. In either case, your team navigates through change by building on best operational practices, which, in the end, work to your advantage.

Getting the bank into that position doesn’t happen overnight; the vision starts with the actions of your senior leaders. They set the tone and establish expectations, but everyone plays a hands-on role. When management prioritizes an environment where people can work collaboratively and have transparency into related roles, they foster consistency across your change management process that minimizes risk.

The need for a risk-aware culture aligns precisely with the signals coming out of Washington, D.C., that the stakes are getting higher. The Consumer Financial Protection Bureau hinted early at increased regulatory scrutiny, advising that it would tighten the regulatory standards it had relaxed to allow banks to quickly respond to customers’ financial hardship in 2020.

In response to the competitive and regulatory environment, your bank’s risk management framework should incorporate four key elements:

  • Start with setting the ground rules for how the bank will govern its risk. Define its risk strategy, the role the board and management will play and the committees that compose that governance structure — and don’t forget to detail their decision-making authority, approval and escalation process across those bodies. This upfront work also should introduce robust systems for ongoing monitoring and risk reporting, establish standard parameters on how the bank identifies issues and create a basic roadmap to remediate issues when they come along.
  • Operating Model. Distinguish the roles and responsibilities for every associate, with a key focus on how they manage risk generated by the core activities in that business. By taking the time to ensure all individuals, in every line of defense, understand their expected contributions, your bank will be ahead of the game because your people can act quicker and efficiently when a change needs to happen.
  • Standard Framework, Definitions and Taxonomies. In basic terms, everyone across the enterprise needs to speak the same language and assign risk ratings the same way. Calibrating these elements at the onset builds confidence that your bank gives thoughtful attention to categorize risks into the right buckets. Standardization should include assessment scales and definitions of different risks and risk events, leading to easier risk aggregation and risk reporting that enables a holistic view of risk across the enterprise.
  • Risk Appetite. Nothing is more important than establishing how much risk your organization is willing to take on in its daily business. Missing the mark can impact your customers, bottom line and reputation. Optimally, bank leaders will reestablish this risk appetite annually, but black swan events such as the pandemic should prompt more timely reviews.

Too often, banks reinvent the wheel every time a change or demand comes along. As the industry eyes increasing regulatory pressure in the year ahead, driving and promoting a robust risk management culture is no longer a “nice to have” within your organization; it’s a “need to have.”

When you reset the role and ownership of risk management as a strategic pillar in your bank’s future growth and direction you minimize your bank’s risk and actually propel your company forward.

Banks looking to check out best practices and a strategic framework for creating their enterprise risk framework should check out my latest whitepaper, Turning a Solid Risk Framework Into a Competitive Advantage.

What Banks Need to Know About Cyber Resiliency

In a world full of adversity, there is much to be said about the knowledge and strength it takes to overcome setbacks on an individual and organizational level — in short, resiliency.

That is especially crucial in an environment like cybersecurity, where the landscape is constantly changing. Banks must adapt to stay ahead of cyber threats through cyber resiliency.

The National Institute of Standards and Technology defines cyber resiliency as “the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” Today, organizations are complementing their cyber resilience strategies with security solutions that uphold their posture. While cybersecurity focuses on protecting information, technical devices, and systems, cyber resilience focuses on keeping business and resources intact amid industry failures and threats. Many dangers exist that can have a detrimental impact on your bank’s daily operations and overall reputation. The main three threats to your bank’s cybersecurity posture include:

  • Data Breaches: An unauthorized entry into an organization’s database that allows cybercriminals to access customer data.
  • Cybercrime: Organized crimes to steal, abuse, or misuse personal and confidential information.
  • Human Error: Employees fail to follow data privacy protocol and policies and accidentally sharing, leaking or exposing confidential information.

While these three are among the most prevalent risks, they are not alone. Your organization should educate employees about the malicious actors that exist in the cyberworld.

Pillars of Cyber Resilience
Your bank’s cyber resiliency posture cannot be assessed until you consider all the pillars that make up a proper strategy. Below are the five pillars of an ideal cyber resilience framework according to Security Intelligence:

  • Identify: Banks should have a strong understanding of all the resources that support the organization’s critical functions from both a business and cybersecurity standpoint.
  • Protect: Banks should safeguard all critical infrastructure services and information by implementing cybersecurity policies and solutions to create a robust layer of protection.
  • Detect: Banks should constantly monitor their enterprise network traffic for malicious activity, searching for any signs of data breaches or other significant threats. A cybersecurity solution will create a more effortless process for scanning your network.
  • Respond: Banks should respond to any significant threats or unsuspected activity in real-time.
  • Recover: Banks should implement disaster recovery and business continuity plans in case of a data breach or comprising cybersecurity incident.

By considering these five pillars, your bank will be well-suited to perfecting its cyber resiliency posture and ensuring it has all the resources and strength to bounce back from any potential setback quickly.

Taking Control of Your Cybersecurity Experience
The patterns of cyberattacks are evolving in response to changes in the cyber environment and the Internet of Things. For a more practical experience, your bank must consider the social and capital investments necessary to develop a cybersecurity strategy.

According to the Ponemon Institute, “organizations are making investments in technology that do not strengthen their cybersecurity budget based on the wrong metrics. Fifty percent of respondents say their organizations are wasting limited budgets on investments that don’t improve their cybersecurity posture. The primary reasons for the failure are system complexity, personnel and vendor support issues.”

It is not uncommon for security-related responsibilities to fall on employees. Ultimately, it is the company and the employees’ responsibility to protect their networks, servers, and personal and professional information. The key to building a better cybersecurity toolbox is rooted in the relationship between a cybersecurity solution and its users. An ideal cybersecurity solution should include elite features like one-touch compliance reporting and automation tools, integrated threat intelligence, around-the-clock monitoring search for leaked accounts on the deep and dark web, managed compliance, detection, and response, and fast deployment (90 minutes or less).

Prioritizing Cybersecurity
Having a strategy and system in place that continues running smoothly despite adversities directly reflects an institution’s cyber resilience. Your bank should be able to identify, protect, detect and react when facing cyberattacks. Investing your time, resources, and capital into cybersecurity solutions is an essential measure of success. It will ensure network security and protection. As stated in Security Magazine, information technology “should enable businesses to make informed decisions on how to manage cyber risk while continuing their growth agenda. Most directors or CEOs today realize the consequences on the bottom line apart from the damage to reputation caused by a breach or an attack.”

Proper growth always begins internally. Banks that normalize and implement security best practices can achieve cyber resilience. If your organization can adapt its traditional approaches to cybersecurity, it will be better equipped to recover from difficulties it may face. In the end, a quick bounce back is better than a long-term setback. So, what better time than now to act?

A New Look at Problem Loan Management

Regardless of how you describe 2020, change was the common theme.

Not only did the coronavirus pandemic and economic contaction in 2020 change the way the banking industy identifies problem loans, it changed the way it approaches them. As 2020 unfolded, CLA continued to encourage institutions to evaluate policies and procedures, given that most were written for normal operating environments. A problem loan is a credit that cannot be repaid according to the terms of the initial agreement, or in an otherwise acceptable manner. In a time when payment deferrals and modifications are numerous and widespread, and government-assisted credit is necessary, how does problem loans identification change?

Risk Identification
The first step in problem loan management (PLM) is an effective risk identification program, which includes proper monitoring and continually applying appropriate risk ratings. Management teams can use internal reviews performed periodically or annually to assist with early risk detection.

Monitoring
Frequent monitoring of the portfolio remains one of the critical pillars of PLM. This requires collecting updated financials and information to monitor the wherewithal of the borrower, guarantor and related entities on a standalone and combined basis. Increased monitoring is warranted, especially for vulnerable industries.

Resources
Who leads your bank’s PLM program? Many lenders have not been exposed to a PLM process, or have not been in the industry long enough to experience an economic downturn. The art of PLM involves objective parties, including a group independent of the loan officer, to manage the loans effectively.

Evaluation of performance
Financials for 2020 will include unusual items, and completing year-over-year comparisons will require eliminating “extraordinary” items. For example, removing funds received through the Small Business Administration’s Paycheck Protection Program will be essential to ascertain and review the performance of core operations. Banks will need to consider how a borrower’s core performance would have met the requirements of the original loan terms without modifications. It is pertinent to remove these items and evaluate how the borrower is functioning at its core.

Action plans
The routine nature of completing a quarterly problem loan action report deserves a new look. Banks of all sizes must address problem loans and develop plans to mitigate exposure. Action plans are a way for management to track and document each borrower’s circumstances and next steps to reduce credit risk exposure.

Problem Loan Action Plan Considerations

  • Borrower identification and history — Identify the obligor(s) (direct and indirect), ownership composition, type of business, underlying debt(s), and operational changes over the past few years or as a result of COVID-19.
  • Communication — If the borrower remains communicative, address commitments made, if any, and all legal correspondence.
  • Financial analysis — Update financial information with a look at historical trend on standalone and global basis and impact of COVID-19.
  • Repayment history — Review payment status, including any late payments or 30/60/90-day history. Discuss modifications.
  • Collateral valuation and analysis — Evaluate need for updated values given changes in market, property type, or other pertinent factors.
  • Risk rating — Consider current and recommended risk rating changes, if any.
  • Impairment analysis — Clearly document the analysis or testing for impairment to support quarterly Allowance for Loan and Lease Losses analysis.
  • Progress update — Address actionable items from the last review. Is workout plan effective?
  • Next steps — Detail steps the borrower and institution will take to improve the status of the loan. Establish clear and quantifiable objectives and timeframes for both parties and document results as the plan progresses.

The information contained herein is general in nature and is not intended, and should not be construed, as legal, accounting, investment, or tax advice or opinion provided by CliftonLarsonAllen LLP (CliftonLarsonAllen) to the reader. For more information, visit CLAconnect.com.

CLA exists to create opportunities for our clients, our people, and our communities through our industry-focused wealth advisory, outsourcing, audit, tax, and consulting services. Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered investment advisor.

The Promise, and Peril, of Risk Technology

The pandemic has underlined how essential risk technology is for proactive and responsive financial institutions.

Prior to the coronavirus outbreak, bank risk managers were already incorporating such technology to manage, sift and monitor various inputs and information. The pandemic has complicated those efforts to get a handle on emerging and persistent risks — even as it becomes increasingly critical to incorporate into day-to-day decision-making.

Data, and getting insights from it, has always been central to how risk managers have worked. That hasn’t changed,” says Sandeep Mangaraj, an industry executive at Microsoft who focuses on digital banking transformations.

Prior to the pandemic, concerns about operational risk had increased “somewhat” or “significantly” among 51% of CEOs, chief risk officers and directors responding to Bank Director’s 2020 Risk Survey, which was completed just before the pandemic. More than half also revealed heightened concerns around cybersecurity, credit and interest rate risk, and strategic risk.

That survey also found respondents indicating there was room for technology to improve their compliance with Bank Secrecy Act and anti-money laundering rules (76%), know your customer (50%) requirements, and vendor management requirements.

One way executives and risk managers can keep up is by incorporating risk technology to help sift through reams of data to derive actionable insights. These technologies can create a unified view of risk across exposure types and aggregation levels — product, business line, region — so executives can see how risk manifests within the bank. Some of these solutions can also capture and provide real-time information, supplementing slower traditional sources or replacing end-of-day reports.

But the pandemic led more than half of respondents to Bank Director’s 2020 Technology Survey to alter or adjust their technology roadmaps — including 82% of respondents at institutions with more than $10 billion in assets. Two-thirds said they would upgrade existing technology; just 16% planned to add technology to improve regulatory compliance.

Artificial intelligence holds a lot of promise in helping banks more efficiently and effectively comply with regulations and manage risk. Many banks are still early in their risk technology journeys, and are working to identify areas or situations that can be serviced or assisted by risk technologies. Forty-six percent of respondents to Bank Director’s Technology Survey say they are not utilizing AI yet.

Those that have are applying it to situations like fraud monitoring, which generates large amounts of data that the bank can correlate and act on, Mangaraj says. Others have applied it to process intelligence and process improvement, or used it to enhance the control environment. Key to the success of any AI or risk-technology endeavor is finding the right, measurable application where a bank can capture value for heightened risk or capabilities.

“We have a client who uses AI to monitor trader conversations that can proactively flag any compliance issues that may be coming up,” he says. “There are lots and lots of ways in which you can start using it. Key is identify cases, make sure you have clear measurement of value, monitor it and celebrate it. Success breeds success.”

The addition and incorporation of innovative risk technologies coincides with many banks’ digital transformations. While these changes can often complement each other, they can also make it difficult for a bank to manage and measure its risk, or could even introduce risk.

A strong management team, effective controls and active monitoring of the results are essential keys to a bank’s success with these technology endeavors, says James Watkins, senior managing director at the Isaac-Milstein Group. Watkins served at the FDIC for nearly 40 years as the senior deputy director of supervisory examinations, overseeing the agency’s risk management examination program.

“It’s time for a fresh look of the safeguards and controls that banks have in place — the internal controls and the reliability of the bank system’s and monitoring apparatuses. All of those are extremely important,” he says.

Bank executives and boards of directors must have the processes and procedures in place to ensure they’re using this technology and contextualizing its outcomes in a prudent manner.

“I think the importance of general contingency planning, crisis management strategies, thinking strategically — these are all areas that boards of directors and senior management really need to be attuned to and be prepared for,” Watkins says.

Keeping Optimism Alive

We are all in survival mode.

While the health and safety of one’s constituents takes top billing, keeping a business relevant — and viable — during these times should top the shortlist of any board’s agenda.

And while nobody has a compass to navigate these times, we at least have the means to aggregate an incredible amount of information and insight, vis-a-vis BankBEYOND.

With many fatigued from virtual conferences, we challenged ourselves to bring concise, novel ideas to a hugely influential audience. We followed Steve Jobs’ principle of design, working backward from the user’s experience to present board-level issues in new ways on BankDirector.com.

Our North Star in crafting the BankBEYOND agenda and experience: Respecting viewers’ time while surfacing issues that are both specific and relevant to their interests and responsibilities. Hence, our focus on issues that are strategic, risky and potentially expensive.

Since March, the industry has witnessed — and undergone — a rapid evolution of financial services. As a result, officers and directors must now assess the potential of their bank’s business in a post Covid-19 world. Growing a bank prudently and profitably took center stage at our Acquire or Be Acquired Conference in January; today, I suspect many boards and executives today emphasize efficiency to protect their franchise’s value. Indeed, a 50% efficiency ratio used to be the stretch goal for many banks; now, that might be closer to 35%.

Banks across the country are grappling with the tough choices they will need to make to rapidly bring those ratios down while delivering consistent service across physical and digital channels. We appreciate how so many institutions quickly embraced new technologies to solve specific business challenges, like the rollout of the Small Business Administration’s Paycheck Protection Program. In recent merger announcements, the drive to leverage technologies proved a primary catalyst for striking a deal. In fact, that’s where many efficiency gains come from.

However, boards realize that many of these technology additions can be expensive, which is why economies of scale becomes critical. We have seen how mergers can become the most expeditious way to generate meaningful economies of scale. But of course, much of the bank space is stuck in neutral at the moment when it comes to bank M&A.

We know that BankBEYOND’s audience has the responsibility for finding answers, rather than identifying barriers. We are tackling issues like:

  • Setting high-priority, short-term goals;
  • Keeping optimism and a sense of purpose alive; and
  • Weaving the best of the past eight months into everything the bank does going forward.

These are only three of the topics we’ll address with the help of various advisors and executives. Unlike a digital conference, with specific dates and watch times, we release families of videos and presentations at 8 a.m. CST. Beginning Monday, Nov. 9, we explore strategic and governance issues. The next day, we add information geared to the audit committee and risk committee. We conclude on Wednesday, Nov. 11, by sharing content developed for the compensation and nominating/governance committees.

BankBEYOND tees up the topics that allow for proactive — not reactive — change. By placing a premium on complex issues that all directors must address, we strengthen the knowledge of a bank’s board. And we rarely find a strong board at anything but a strong bank.

Beware Third-Quarter Credit Risk

Could credit quality finally crack in the third quarter?

Banks spent the summer and fall risk-rating loans that had been impacted by the coronavirus pandemic and recession at the same time they tightened credit and financial standards for second-round deferral requests. The result could be that second-round deferrals substantially fall just as nonaccruals and criticized assets begin increasing.

Bankers must stay vigilant to navigate these two diametric forces.

“We’re in a much better spot now, versus where we were when this thing first hit,” says Corey Goldblum, a principal in Deloitte’s risk and financial advisory practice. “But we tell our clients to continue proactively monitoring risk, making sure that they’re identifying any issues, concerns and exposures, thinking about what obligors will make it through and what happens if there’s another outbreak and shutdown.”

Eight months into the pandemic, the suspension of troubled loan reporting rules and widespread forbearance has made it difficult to ascertain the true state of credit quality. Noncurrent loan and net charge-off volumes stayed “relatively low” in the second quarter, even as provisions skyrocketed, the Federal Deposit Insurance Corp. noted in its quarterly banking profile.

The third quarter may finally reveal that nonperforming assets and net charge-offs are trending higher, after two quarters of proactive reserve builds, John Rodis, director of banks and thrifts at Janney Montgomery Scott, wrote in an Oct. 6 report. He added that the industry will be closely watching for continued updates on loan modifications.

Banks should continue performing “vulnerability assessments,” both across their loan portfolios and in particular subsets that may be more vulnerable, says James Watkins, senior managing director at the Isaac-Milstein Group. Watkins served at the FDIC for nearly 40 years as the senior deputy director of supervisory examinations, overseeing the agency’s risk management examination program.

“Banks need to ensure that they are actively having those conversations with their customers,” he says. “In areas that have some vulnerability, they need to take a look at fresh forecasts.”

Both Watkins and Goldblum recommend that banks conduct granular, loan-level credit reviews with the most current information, when possible. Goldblum says this is an area where institutions can leverage analytics, data and technology to increase the efficiency and effectiveness of these reviews.

Going forward, banks should use the experiences gained from navigating the credit uncertainty in the first and second quarter to prepare for any surprise subsequent weakening in credit. They should assess whether their concentrations are manageable, their monitoring programs are strong and their loan rating systems are responsive and realistic. They also should keep a watchful eye on currently performing loans where borrower financials may be under pressure.

It is paramount that banks continue to monitor the movement of these risks — and connect them to other variables within the bank. Should a bank defer a loan or foreclose? Is persistent excess liquidity a sign of customer surplus, or a warning sign that they’re holding onto cash? Is loan demand a sign of borrower strength or stress? The pandemic-induced recession is now eight months old and yet the industry still lacks clarity into its credit risk.

“All these things could mean anything,” Watkins says. “That’s why [banks need] strong monitoring and controls, to make sure that you’re really looking behind these trends and are prepared for that. We’re in uncertain and unprecedented times, and there will be important lessons that’ll come out of this crisis.”

Community Risks That Community Banks Should Address

States and counties are starting to reopen after a prolonged period of sheltering in place due to the Covid-19 pandemic.

Many community banks that function as the primary lenders to small businesses in the rural Midwest have yet to see a significant negative financial impact because of the shutdown. In fact, many community banks stand to receive significant loan origination fees from the U.S. Small Business Administration for participating in the Paycheck Protection Program. They’re also flush with cash, report the community bank CEOs I’ve asked, as many borrowers haven’t used their PPP loan funds and consumers have been holding their stimulus payments in their checking accounts.

But just because things look stable from a financial perspective doesn’t mean there isn’t risk in your community and to your bank. Let’s take a brief look at some issues community banks should be monitoring today:

Increasing personal debt caused by prolonged unemployment. Unemployed Americans received an unprecedented amount of unemployment benefits that for the most part ended on July 31, 2020. What are Americans doing now? Some furloughed employees have been recalled, but others weren’t. When income is scarce, the use of credit cards, overdraft protection, and personal loans increases. What is your bank doing to monitor the increasing financial pressure of your individual borrowers and account holders?

Delayed business closures. Small businesses without a significant online presence are finding it difficult to operate in this new environment. “Nonessential” small businesses survived the shutdown by using government funds, furloughing employees, drawing on credit lines, or using personal savings. The lost sales may not have been deferred to a later date. Instead, they are truly lost and won’t be recaptured. Without a fast and heavy recovery for small businesses, they may be forced to close and may not be able to support their current debt load. How is your bank monitoring the performance of your small business customer?

Reduced need for office and retail space. With the increase in employees working remotely, especially at businesses that typically use commercial office space, the perceived need for office space is declining. Once a lease term expires, community banks should expect some commercial borrowers to experience reduced rental income as tenants negotiate for less square footage or overall lower rates. Are you tracking the going rate for rent per square foot in your market?

Increased fraud risk. When people experience all three sides of the fraud triangle (rationalization, opportunity, and pressure), they’re more likely to commit fraud. Identification of the fraud can be significantly delayed. A bookkeeping employee whose spouse has been laid off can rationalize the need for the company’s money, has the opportunity to take it, and feels the financial pressure to use it for personal needs. This person may be able to cover it for a short time; but, covering it becomes more difficult as it grows. That can happen within the bank or at any of your commercial borrowers.

Community banks have yet to see a dramatic increase in past dues or downgrades in loan ratings; it’s likely too early to see the financial stress. Several community banks are adding earmarked reserves to the allowance for loan losses in each loan category as “Covid-related.” However, community banks should carefully evaluate loans that were “on the bubble” prior to the shutdown, were granted some form of deferral by the bank, or are in certain industries like hospitality. Interagency guidelines permit banks to not account for these loans as troubled debt restructures (TDR) if they meet certain criteria, but banks are still responsible for maintaining a proper allowance. A loan in deferral may need an increased reserve, even if it isn’t accounted for as a TDR. The time it takes for that stress to show (called “loss emergence period” in accounting) is longer than many think.

Two other significant financial impacts to banks relate to overdraft fees and interchange fees. As spending decreased, so did overdrafts and associated fee income. And without the discretionary debit card swipes, interchange fees fell significantly as well.

How much of the above information will you use as you prepare the 2021 budgets this fall? What will your baseline for 2021 be: 2019 or 2020? Regardless, assess the risks to the bank and plan accordingly.

This article is for general information purposes only and is not to be considered as legal advice. This information was written by qualified, experienced BKD professionals, but applying this information to your particular situation requires careful consideration of your specific facts and circumstances. Consult your BKD advisor or legal counsel before acting on any matter covered in this update.

Five Ways PPP Accelerates Commercial Lending Digitization

The Small Business Administration’s Paycheck Protection Program challenged over 5,000 U.S. banks to serve commercial loan clients remotely with extremely quick turnaround time: three to 10 days from application to funding. Many banks turned to the internet to accept and process the tsunami of applications received, with a number of banks standing up online loan applications in just several days. In fact, PPP banks processed 25 times more loan applications in 10 days than the SBA had processed in all of 2019. In this first phase of PPP, spanning April 3 to 16, banks approved 1.6 million applications and distributed $342 billion of loan proceeds.

At banks that stood up an online platform quickly, client needs drove innovation. As institutions continue down this innovation track, there are five key technology areas demonstrated by PPP that can provide immediate value to a commercial lending business.

Document Management: Speed, Security, Decreased Risk
PPP online applications typically provided a secure document upload feature for clients to submit the required payroll documentation. This feature provided speed and security to clients, as well as organization for lenders. Digitized documents in a centrally located repository allowed appropriate bank staff easy access with automatic archival. Ultimately, such an online document management “vault” populated by the client will continue to improve bank efficiency while decreasing risk.

Electronic Signatures: Speed, Organization, Audit Trail
Without the ability to do in-person closings or wait for “wet signature” documents to be delivered, PPP applications leveraged electronic signature services like DocuSign or AdobeSign. These services provided speed and security as well as a detailed audit trail. Fairly inexpensive relative to the value provided, the electronic signature movement has hit all industries working remotely during COVID-19 and is clearly here to stay.

Covenant Tickler Management: Organization, Efficiency, Compliance
Tracking covenants for commercial loans has always been a balance between managing an existing book of business while also generating loan growth. Once banks digitize borrower information, however, it becomes much easier to create ticklers and automate tracking management. Automation can allow banker administrative time to be turned toward more client-focused activities, especially when integrated with a document management system and electronic signatures. While many banks have already pursued covenant tickler systems, PPP’s forgiveness period is pushing banks into more technology-enabled loan monitoring overall.

Straight-Through Processing: Efficiency, Accuracy, Cost Saves
Banks can gain significant efficiencies from straight-through processing, when data is captured digitally at application. Full straight-through processing is certainly not a standard in commercial lending; however, PPP showed lenders that small components of automation can provide major efficiency gains. Banks that built APIs or used “bots” to connect to SBA’s eTran system for PPP loan approval processed at a much greater volume overall. In traditional commercial lending, it is possible for data elements to flow from an online application through underwriting to final entry in the core system. Such straight-through processing is becoming easier through open banking, spelling the future in terms of efficiency and cost savings.

Process Optimization: Efficiency, Cost Saves
PPP banks monitored applications and approvals on a daily and weekly basis. Having applications in a dynamic online system allowed for good internal and external reporting on the success of the high-profile program. However, such monitoring also highlighted problems and bottlenecks in a bank’s approval process — bandwidth, staffing, external vendors and even SBA systems were all potential limiters. Technology-enabled application and underwriting allows all elements of the loan approval process to be analyzed for efficiency. Going forward, a digitized process should allow a bank to examine its operations for the most client-friendly experience that is also the most cost and risk efficient.

Finally, these five technology value propositions highlight that the client experience is paramount. PPP online applications were driven by the necessity for the client to have remote and speedy access to emergency funding. That theme should carry through to commercial banking in the next decade. Anything that drives a better client experience while still providing a safe and sound operating bank should win the day. These five key value propositions do exactly that — and should continue to drive banking in the future.

Addressing the Income Inequality Imperative Before It’s Too Late

There’s an unofficial adage in journalism that three similar events make a story. One car wreck at a particular intersection is an accident. Two accidents are an unfortunate coincidence. Three times is a trend — and an issue to discuss and address.

So it was hard not to start worrying when three different guests — an entrepreneur, a former regulator and a longtime financial services consultant — mentioned the same potential fear on Promontory Network’s podcast “Banking with Interest.” They all worried that rising economic inequality, which has been exacerbated by the Covid-19 crisis, could spur widespread social unrest beyond anything we’ve seen to date.  

“Things can go really bad,” entrepreneur and Shark Tank costar Mark Cuban told me in April, well before the brutal police killing of George Floyd in late May sparked nationwide protests in response to racial injustice and inequality. “We’ve seen riots. We’ve seen small businesses burn down.”

One recent warning came from Karen Shaw Petrou, managing partner of Federal Financial Analytics. Petrou is one of the most thoughtful voices in the financial services industry; since 2018, she has been adamant that income inequality is an increasing — and underappreciated — risk to the financial system.

You have empirical and theoretical evidence that the more economically unequal a nation is, the more fragile its financial system,” Petrou told me in June. “I worry… that prolonged economic inequality, combined with the kinds of crises it keeps precipitating, will also lead to rage. History is not inspiring on the topic of what happens to societies with profound inequality.”

John Hope Bryant, the founder, chairman and CEO of Operation Hope, a not-for-profit dedicated to financial literacy and economic inclusion, agreed.

“Societies don’t crater from the top down,” he told me. “They crater from the bottom in. You cannot have 1% doing great, 15% doing pretty good and 80% plus doing pretty crappy and expect that to be sustainable.”

They are hardly alone. Both Citigroup CEO Michael Corbat and JPMorgan Chase & Co. Chairman and CEO Jamie Dimon flagged economic inequality as a growing threat to financial and political stability. And Brian Brooks, Acting Comptroller at the Office of the Comptroller of the Currency, acknowledged to me that systemic inequities need to be addressed.

“People are not actually crying out because the system is a terrible system, right? They’re crying out because the system that has worked for a bunch of people has totally excluded other people for a fairly long period of time,” he told me. “And the banking system can fix that.”

Among other things, Brooks wants to reexamine how credit scores are calculated and how current models shut minority Americans out of the finance system.

Economic inequality predates the spread of the coronavirus. The wealth gap between the richest and poorest families more than doubled from 1989 to 2016, according to the Pew Research Center. The data is particularly grim for African Americans. The average wealth of white households was seven times the average of black households in 2016, according to a recent post by Petrou. White Americans owned 85% of U.S. household wealth at the end of 2019, she wrote, while Black Americans held just 4.2%.

But the coronavirus crisis is set to make the problem far worse.

“Low-income households have experienced, by far, the sharpest drop in employment, while job losses of African-Americans, Hispanics, and women have been greater than that of other groups,” Federal Reserve Chairman Jerome Powell told lawmakers recently. “If not contained and reversed, the downturn could further widen gaps in economic well-being that the long expansion had made some progress in closing.”

There are proposed solutions. Petrou has called for the creation of an “Equality Bank,” controlled by a consortia of banking companies to “rewrite the profit equation to serve low- and moderate-income households.” This bank could offer short-term, low-dollar loans to consumers through the banking system, without the often-onerous rates and terms of existing products like payday loans.

Bryant has called for a new Marshall Plan to combat the problem, including calling for a universal income for workers making less than $60,000 per year,  a national financial literacy mandate, and a redesigned education system that includes a free college education for most students.

“You need a mass of people to be highly educated,” Bryant said. “This is not rocket science. It’s the radical movement of common sense. As you educate more people, and raise credit scores along with it, you get more economic energy. You get more small business startups, you get more job creation. You get higher educational engagement. You get better skilled workers. You get less societal friction. This is an investment, not a giveaway.”

Brooks, meanwhile, has said the OCC is set to launch a pilot project designed to bring together banks, civil rights organizations and academics to tackle wealth creation. Cuban has talked about creating jobs to track and trace the spread of the virus in the short-term and pushed for government investments in low-income housing and companies offering stock to employees so that they have a stake in a firm’s success.

Tackling economic inequality hasn’t been a high priority for many in banking and government. That needs to change — and soon. While people may reasonably disagree on the right solution to this issue, most are of the same mind when it comes to what happens if we don’t try to address it.

We need to lift people “from the bottom-up,” Cuban told me. “We have never thought like that in the past, and we need to. Because if we don’t, oh my goodness … If we screw up, it could get ugly.”