Addressing the Income Inequality Imperative Before It’s Too Late

There’s an unofficial adage in journalism that three similar events make a story. One car wreck at a particular intersection is an accident. Two accidents are an unfortunate coincidence. Three times is a trend — and an issue to discuss and address.

So it was hard not to start worrying when three different guests — an entrepreneur, a former regulator and a longtime financial services consultant — mentioned the same potential fear on Promontory Network’s podcast “Banking with Interest.” They all worried that rising economic inequality, which has been exacerbated by the Covid-19 crisis, could spur widespread social unrest beyond anything we’ve seen to date.  

“Things can go really bad,” entrepreneur and Shark Tank costar Mark Cuban told me in April, well before the brutal police killing of George Floyd in late May sparked nationwide protests in response to racial injustice and inequality. “We’ve seen riots. We’ve seen small businesses burn down.”

One recent warning came from Karen Shaw Petrou, managing partner of Federal Financial Analytics. Petrou is one of the most thoughtful voices in the financial services industry; since 2018, she has been adamant that income inequality is an increasing — and underappreciated — risk to the financial system.

You have empirical and theoretical evidence that the more economically unequal a nation is, the more fragile its financial system,” Petrou told me in June. “I worry… that prolonged economic inequality, combined with the kinds of crises it keeps precipitating, will also lead to rage. History is not inspiring on the topic of what happens to societies with profound inequality.”

John Hope Bryant, the founder, chairman and CEO of Operation Hope, a not-for-profit dedicated to financial literacy and economic inclusion, agreed.

“Societies don’t crater from the top down,” he told me. “They crater from the bottom in. You cannot have 1% doing great, 15% doing pretty good and 80% plus doing pretty crappy and expect that to be sustainable.”

They are hardly alone. Both Citigroup CEO Michael Corbat and JPMorgan Chase & Co. Chairman and CEO Jamie Dimon flagged economic inequality as a growing threat to financial and political stability. And Brian Brooks, Acting Comptroller at the Office of the Comptroller of the Currency, acknowledged to me that systemic inequities need to be addressed.

“People are not actually crying out because the system is a terrible system, right? They’re crying out because the system that has worked for a bunch of people has totally excluded other people for a fairly long period of time,” he told me. “And the banking system can fix that.”

Among other things, Brooks wants to reexamine how credit scores are calculated and how current models shut minority Americans out of the finance system.

Economic inequality predates the spread of the coronavirus. The wealth gap between the richest and poorest families more than doubled from 1989 to 2016, according to the Pew Research Center. The data is particularly grim for African Americans. The average wealth of white households was seven times the average of black households in 2016, according to a recent post by Petrou. White Americans owned 85% of U.S. household wealth at the end of 2019, she wrote, while Black Americans held just 4.2%.

But the coronavirus crisis is set to make the problem far worse.

“Low-income households have experienced, by far, the sharpest drop in employment, while job losses of African-Americans, Hispanics, and women have been greater than that of other groups,” Federal Reserve Chairman Jerome Powell told lawmakers recently. “If not contained and reversed, the downturn could further widen gaps in economic well-being that the long expansion had made some progress in closing.”

There are proposed solutions. Petrou has called for the creation of an “Equality Bank,” controlled by a consortia of banking companies to “rewrite the profit equation to serve low- and moderate-income households.” This bank could offer short-term, low-dollar loans to consumers through the banking system, without the often-onerous rates and terms of existing products like payday loans.

Bryant has called for a new Marshall Plan to combat the problem, including calling for a universal income for workers making less than $60,000 per year,  a national financial literacy mandate, and a redesigned education system that includes a free college education for most students.

“You need a mass of people to be highly educated,” Bryant said. “This is not rocket science. It’s the radical movement of common sense. As you educate more people, and raise credit scores along with it, you get more economic energy. You get more small business startups, you get more job creation. You get higher educational engagement. You get better skilled workers. You get less societal friction. This is an investment, not a giveaway.”

Brooks, meanwhile, has said the OCC is set to launch a pilot project designed to bring together banks, civil rights organizations and academics to tackle wealth creation. Cuban has talked about creating jobs to track and trace the spread of the virus in the short-term and pushed for government investments in low-income housing and companies offering stock to employees so that they have a stake in a firm’s success.

Tackling economic inequality hasn’t been a high priority for many in banking and government. That needs to change — and soon. While people may reasonably disagree on the right solution to this issue, most are of the same mind when it comes to what happens if we don’t try to address it.

We need to lift people “from the bottom-up,” Cuban told me. “We have never thought like that in the past, and we need to. Because if we don’t, oh my goodness … If we screw up, it could get ugly.”

Risk, Business Continuity Planning: Trends and Lessons from Covid-19

The Covid-19 pandemic has introduced unprecedented strains to the economy, enhancing concerns about credit risk and pressuring lenders’ ability to serve their borrowers.

Cybersecurity and other risk environments have also evolved, following government-mandated work from home models. These shifts are prompting bank leaders to evaluate their business continuity plans and pandemic planning initiatives to ensure they’re putting safety and efficiency first.

Bank Director’s 2020 Risk Survey, sponsored by Moss Adams, was conducted in January before the U.S. economy felt the full effect of the coronavirus. Yet, insights derived from this annual survey of bank executives and board members help paint a picture of how the industry will move forward in a challenging operating environment.

Credit Risk
Most community banks have issued loans through the Paycheck Protection Program (PPP), the Small Business Administration’s loan created under the Coronavirus Aid, Relief and Economic Security (CARES) Act passed in late March. These loans, which may be forgiven if borrowers meet specified conditions, allowed small businesses to retain staff, pay rent and cover identified operating expenses.

However, it’s likely that businesses will seek additional credit sources as the economy restarts. The lapse in business revenue generation will pose significant underwriting challenges for banks.

More than half of respondents in the 2020 Risk Survey revealed enhanced concerns around credit risk over the past year, while 67% believed that competing banks and credit unions had eased underwriting standards.

While there’s no way to determine what the future holds, near-term lending decisions will likely occur amid an uncertain economic recovery. There are some important questions institutions should consider when determining their lending approach:

  • How will our organization evaluate lending to businesses that have been closed due to the coronavirus?
  • Should a pandemic-related operational gap be treated as an anomaly, or should lenders consider this as they underwrite commercial loans?
  • What other factors should be considered in the current environment?
  • How much bank capital are we willing to put at risk?

Cybersecurity
Directors and executives who responded to the survey consistently indicate that cybersecurity is a key risk concern. In this year’s survey, 77% revealed their bank had placed significant emphasis on increasing cybersecurity and data privacy in the wake of cyberattacks targeting financial institutions, such as Capital One Financial Corp.

With more bank staff working remotely, cyber risks are even greater now. Employees are also emotionally taxed with concerns about their health, family and jobs, increasing the risk for errors and oversights. Unfortunately, the COVID-19 pandemic presents cybercriminals with a ripe opportunity to prey on individuals.

Business Continuity
In the survey, respondents whose bank had weathered a natural disaster within the last two years were asked if they were satisfied with their institution’s business continuity plan. The majority, or 79%, indicated they were.

However, the Covid-19 pandemic isn’t a typical natural disaster. Although buildings haven’t been destroyed, companies are still experiencing significant disruption to their normal operations — if they’re able to operate at all.

These circumstances, coupled with expanding technology and banks operations increasingly moving to the cloud, will likely lead to further changes in business continuity planning.

Remain Flexible
In an interagency statement released a week before the World Health Organization declared that the Covid-19 outbreak a pandemic, federal regulators reminded depository institutions of their duty to “periodically review related risk management plans, including continuity plans, to ensure their ability to continue to deliver their products and services in a wide range of scenarios and with minimal disruption.”

The Federal Financial Institutions Examination Council also updated its pandemic guidance, noting the need for a preventative program and documented strategy to continue critical operations throughout a pandemic.

Since that time, banks have encouraged customers to broadly adopt digital platforms and, when necessary, serve customers in person through drive-through lines or by appointment to reduce face-to-face contact. Bank employees wear masks and gloves, branches are cleaned frequently and, where possible, staff work remotely.

Gain Insights
The pandemic is a real-world tabletop exercise that can provide important takeaways about the effectiveness of an organization’s business continuity plan. It’s important for organizations to take advantage of this opportunity.

For example, there could be another wave of Covid-19 later this year; alternately, it could be years before we see an event similar to what we’re experiencing. Either way, your bank must to consider the potential consequences of each outcome and have a plan ready. Reviewing your organization’s business continuity plans and initiatives can help reveal opportunities to move forward with confidence, despite challenging operating environments.

Avoiding Pitfalls of Covid-19 Modifications for Swapped Loans

Many banks are modifying commercial loans as they and their commercial borrowers grapple with the economic fallout of the Covid-19 pandemic.

Payment relief could include incorporating interest-only periods, principal and interest payment deferrals, and/or loan and swap maturity/amortization extensions. While modifications can provide borrowers with much-needed financial flexibility, they also risk creating unintended accounting, legal and economic consequences.

Don’t forget the swaps
Lenders need to determine whether there is a swap associated with loans when contemplating a modification. Prior to modification, lenders should coordinate efforts with their Treasury or swap desk to address these swapped loans, and ensure that loan and swap documentation are consistent regarding the terms of the modification.

Develop realistic repayment plans
Lenders need to consider how deferred obligations will be repaid when creating a temporary payment deferral plan. The lender may need to offer an interest-only period so a borrower can repay the deferred interest before principal amortization resumes, or deferred interest payments could be added to the principal balance of the loan. Lenders also should consider whether the proposed modification will be sufficient, given the severity of the borrower’s challenges. The costs associated with amending a swapped loan may convince a lender to offer a more substantive longer-term deferral, rather than repeatedly kicking the can down the road with a series of short-term fixes.

Determine whether swap amendment is necessary
The modified loan terms may necessitate an amendment of the associated swap. It may be possible to leave the swap in place without amendment if you are only adding an interest-only period, as long as the borrower is comfortable with their loan being slightly underhedged. But if you are contemplating a full payment deferral, it typically will be desirable to replace the existing swap transaction with a new forward-starting transaction commencing when the borrower is expected to resume making principal and interest payments.

Understand bank or borrower hedge accounting impact of loan modifications
Lenders often hedge the value of their fixed-rate loans or other assets through formalized hedging programs. A popular strategy has been to designate these swaps as fair value hedges using the shortcut method.

This method requires that the economic terms of the asset, such as amortization of principal and timing of interest payments, precisely match those of the hedge. A mismatch due to a loan payment deferral would cause the lender to lose the hedge’s shortcut status. The lender’s hedging program potentially could maintain hedge accounting treatment using the more cumbersome long-haul method if that mismatch scenario was contemplated in the hedge inception documentation.

Borrowers who have taken variable rate loans may have entered into swaps to gain synthetic rate protection. Restructuring  a hedge to defer payments alongside the loan’s deferred payments could jeopardize an accounting-sensitive borrower’s hedge accounting treatment. It is possible for the borrower to reapply hedge accounting under the amended terms, although the restart has additional considerations compared to a new un-amended hedge. If hedge accounting is not restarted, the derivative’s valuation changes thereafter would create earnings volatility per accounting rules. While borrowers should be responsible for their own accounting, lenders’ awareness of these potential issues will only help client relationships in these uncertain times.

Take stock of counterparty derivative exposure
As interest rates plunge to record lows, many lenders have seen their counterparty exposure climb well above initially-approved limits. Hedge modifications may further exacerbate this situation by increasing or extending counterparty credit exposure. We recommend that lenders work with their credit teams to reassess their counterparty exposure and update limits.

Accounting guidance also requires the evaluation of credit valuation adjustments to customer swap portfolios. Lenders should ensure that their assumptions about the creditworthiness of their counterparties reflect current market conditions. These adjustments could also have a material impact on swap valuations.

Hope for the best, plan for the worst
Hopefully, loan modifications will give borrowers the opportunity to regain their financial footing. However, some may face continued financial challenges after the crisis. Lenders should use the modification process to prepare for potential defaults. Loan deferments or modifications should provide for the retention of the lender’s rights to declare a default under the loan documents and any swap agreements. The lender, through consultation with its credit team, may want to take this opportunity to bolster its position through the inclusion of additional guarantors or other credit enhancements.

The economic fallout from the global pandemic continues to have a profound impact upon borrowers and lenders alike. Adopting a thoughtful approach to loan modifications, especially when the financing structure includes a swap or other hedge, may make the process a little less disruptive for all.  

How One Bank Flattened Fraud

Argo.pngProtecting the bank and its customers — through cybersecurity measures, identity verification, fraud detection and the like — is vital in ensuring a financial institution’s safety and soundness, as well as its reputation in the marketplace. These investments typically represent significant cost centers, but fraud prevention tools can be an exception to the rule if they’re able to pay for themselves by preventing losses.

The idea is, when you put in a fraud system — and this is where some folks lose it — you want to make sure to catch more fraud than the system costs,” says Ronald Zimmerman, vice president in the operations department at $32.2 billion IBERIABANK Corp., based in Lafayette, Louisiana. “You always have to make sure that the cost doesn’t supersede your savings.”

Zimmerman implemented ARGO OASIS about a year ago. OASIS, which stands for Optimized Assessment of Suspicious Items, uses neural networks and image analytics to detect and prevent fraud. Modeled after the human brain, neural networks are a form of artificial intelligence designed to recognize patterns, making it well suited to identify check alterations, forgeries and other forms of transaction fraud. The solution then provides bank employees with detailed information to enable them to further investigate the activity.

Bank Director’s 2020 Risk Survey found that just 8% of executives and directors report that their bank uses AI technology to improve compliance. One-third are exploring these types of solutions.

IBERIA brought in OASIS to identify fraud in its “two-signature accounts” — customer accounts that require two signatures on a high-dollar check. “We have a queue set up in OASIS to monitor these checks as they come in through clearing. If a signature is missing or is in question, OASIS flags it for review,” Zimmerman says.

One thing about the technology that sets it apart is its check stock validation tool. “You have an overlay button where you can place a questioned check on top of a good check, and you have a little slide bar [so you] can see the small differences,” he says.

That tool alone has helped the bank stop roughly $300,000 in check fraud over the first eight months of use — meaning ARGO has already paid for itself. “We’ve caught a ton of fraud through this product,” says Zimmerman.

And $300,000 is a conservative estimate of the bank’s savings, Zimmerman says, because fraudsters have learned not to target his bank. “Check fraud flattened out, because the fraudsters have probably moved on, knowing that we’ve covered up a hole that was there before.”

ARGO OASIS was recognized as the Best Solution for Protecting the Bank at the 2020 Best of FinXTech Awards in May. ALTR, a blockchain-based security solution, and IDology, which uses big data for identity verification and fraud detection, were also finalists in the category.

Importantly, ARGO helps IBERIA stop fraud efficiently. A task that used to occupy three full-time employees’ time now takes two employees just a couple of hours.

IBERIA will soon merge with Memphis, Tennessee-based First Horizon National Corp. to form a $75 billion company. The deal was driven in part by the pursuit of scale.

Generating efficiencies is essential to better compete with big banks, said First Horizon CEO Bryan Jordan in a 2017 presentation. “We’ve got to be invested in technologies in such a way that we’re at or above table stakes,” he said. “The trick for us will be to … create efficiency in other parts of the business to create money that we can invest in leading-edge technologies and processes that really allow us to be competitive.”

Leveraging AI to reduce compliance busywork is a great place to start.

CEOs Weigh Challenge of Recalling Workers During Pandemic

The Covid-19 pandemic is a crisis at both the personal and corporate level.

Having sent most of their employees to work from home since March, banks are now making plans to gradually re-integrate them into their old work environment. Doing so while infection rates are still high – and in some locations, still rising – is a human resource challenge unlike any faced in the modern corporate era.

Can banks bring their employees back to the workplace and keep them safe – and are they ready to come back?

I’ve had this conversation with a number of bank CEOs and senior executives in recent months; they all treat office worker repatriation as a serious issue that demands a thoughtful and careful approach. To a person, they express reluctance to force employees to return to an office environment if they fear there is a greater chance of being infected there than in their own homes.

And since all of their banks have operated with a distributed work force for three months or more with little — if any — decline in productivity, there’s no sense of urgency to immediately pull everyone back to the office.

Large banks that operate from office towers in big cities may face the biggest logistical challenges in bringing people back.

In an interview for my story in the third-quarter issue of Bank Director magazine – “Surviving the Pandemic” – Bill Demchak, chairman and CEO at Pittsburgh-based PNC Financial Services Group, gave voice to the cautiousness that many bank leaders feel.

Demchak says his executive team has discussed the timing of when PNC might reopen its 33-story office tower in downtown Pittsburgh. “Should we start bringing people back sometime in June, given that the government says it’s okay?” he asks. “We ultimately decided not to.”

Demchak lists some of the many considerations. The bank would have to partition off sections of the floor space in Plexiglas to maintain social distancing. The software running the elevators would have to be reprogramed to control the flow of people to upper floors, and the small number of people who would be allowed in each car would have to stand facing the interior walls to protect themselves. Seventy percent of PNC employees in the tower also commute on mass transit, which would increase their risk of infection. And since most summer camps in the Pittsburgh area have been cancelled because of the coronavirus, pulling people back into the office would create an immediate child care issue for many.

There are advantages to having your people in the same place. “You get knowledge transfer; people learn new skills and you maintain the culture of behavior and norms that we want to promote as a firm,” Demchak says. “I don’t know that you get any of that by bringing 30% of the senior people back and ticking them off by surrounding them with Plexiglas and making them ride the elevators backwards.”

Fifth Third Bancorp in Cincinnati has already begun to repatriate some of its employees to their old office locations. About half of the bank’s 22,000 workers remained onsite, either in the branches or operations centers, during the pandemic.

The plan is to bring back the remaining 11,000 in three phases, according to Chairman and CEO Greg Carmichael, beginning with an initial 1,000 in phase one who are onsite now, working in social distancing arrangements. “We want to learn, make sure that’s going to go as well as we would expect it to,” he says. “There’s signage that’s required, how many people in an elevator, how many people in a bathroom, food service, all those types of things.” The remaining 10,000 will be brought back in the next two phases. Fifth Third is following recommendations from the Centers for Disease Control and Prevention for Covid-19 workplace health and safety, and going beyond them in some instances.

The bank also had to stock up on large quantities of personal protective equipment, and anyone who has tried to purchase facemasks and hand sanitizers knows they are hard to come by even in small numbers. “We’ve got the hand sanitizers. We’re doing the wipe downs of the workstations, and we’ve got face coverings for all 11,000 employees,” Carmichael says.

The bank has also established an employee hotline to report violations of the new safety rules. “If someone sees a situation they’re not comfortable with, we have a hotline they can call immediately and we’ll address it immediately,” Carmichael says. “We want our employees to know that their safety is job one for us, and making sure we’re protecting them the best we can.”

It’s likely that not every employee will want to return to their old office. “The people that I talk to are really in fairly diametrically opposed camps right now,” says Darren King, the chief financial officer at M&T Bank Corp. in Buffalo, New York. “There’s the crowd that says, ‘I love working from home. I never want to go back to the office.’ And there’s an equally passionate crowd that says ‘As soon as the office is open, let me in. I want out of my house.’”

The trick will be offering flexibility to those employees who prefer to remain home-based, while keeping the office crowd safe. Like most banks, the majority of M&T’s staff have been working remotely through the pandemic; because productivity hasn’t suffered, it may be a matter of choice for some.

“We would not force anyone who’s uncomfortable and able to work from home to come back,” King says.

Preparing to Be There for Your Community

The fallout from COVID-19 will likely take some time to stabilize. The personal and social costs are already significant, and neither is independent of economic and business disruptions.

Especially impacted are the businesses on Main Streets everywhere that are served by community banks. Community banks will be essential to any recovery, so it is important that they take steps now to ensure they’re positioned to make a difference.

The Challenge Of A “New Normal”
Financial markets were in “price discovery” mode this spring, but that phase is unlikely to last for long. If Treasury rates rise from their current levels, banks are likely to do well with their traditional models. But if they remain low, and spreads eventually stabilize to 2019 levels, nearly every institution will encounter pressure that could undermine their efforts to be a catalyst for Main Street’s recovery.

Bank Director’s recent piece “Uncharted Territory” warned that the experience of past financial crises could mislead bankers into complacency. Last time, dramatic reductions in funding costs boosted net interest margins, which helped banks offset dramatically higher loan losses. The difference today is that funding costs are already very low — leaving little room for similar reductions.

Consider asset yields. Even without significant credit charge-offs, community bank profitability could face headwinds. Community banks entered 2020 with plenty of fuel to support their thriving Main Streets. Their balance sheets had been established for a Treasury rate environment that was 100 basis points higher than today’s. If rates settle here for the next couple of years and existing assets get replaced at “new normal” levels, yields will fall and net interest margins, or NIMs, could take a hit.

Banks could have trouble “being there” for their communities.

Where do the current assets on banks’ balance sheets come from? They were added in 2018, 2019 and the first quarter of 2020. If we assume a fixed rate loan portfolio yields somewhere around 300 basis points over the 5-year swap rate at closing (which averaged about 1.75% over 2019), and floating rates loans yield somewhere around 50 basis points over prime day to day, we can estimate banks’ first quarter loan yields at perhaps 4.75% fixed-rate and 5.25% prime-based.

Prime-based yields have already dropped for the second quarter and beyond: They are now earning 3.75%. Fixed-rate loans continue to earn something like 4.75%, for now.

Banks that can quickly reduce funding costs might, in fact, see a short-term bump in net interest margins. If they can stave off provision expenses, this might even translate into a bump in profitability. But it will not last.

If Treasury rates remain at these historic lows and spreads normalize to 2019 levels, current balance sheets will decay. Adjustments today, before this happens, are the only real defense.

Banks’ fixed rate loans will mature or refinance at much lower rates — around 3.50%, according to our assumptions. Eventually, banks that enjoyed a 3.50% NIM in 2019 will be looking at sustained NIMs closer to 2.50%, even after accounting for reduced funding costs, if they take no corrective steps today. It will be difficult for these banks to “be there” for Main Street, especially if provision expenses begin to emerge.

Every community bank should immediately assess its NIM decay path. How long will it take to get to the bottom? This knowledge will help scale and motivate immediate corrective actions.

For most banks, this is probably a downslope of 18 to 30 months. For some, it will happen much more rapidly. The data required may be in asset and liability management reports. Note that if your bank is using year-end reports, the intervening rate moves mean that the data in the “100 basis points shock” scenario from that report would represent the current rates unchanged “baseline.” Reports that do not run income simulations for four or more years will also likely miss the full NIM contraction, which must be analyzed to incorporate full asset turnover and beyond.

Times are hectic for community banks, but in many cases commissioning a stand-alone analysis, above and beyond standard asset-liability compliance requirements, is warranted.

Then What?
The purpose of analyzing a bank’s NIM timeline is not to determine when to start taking action, but to correctly size and scope the immediate action.  All the levers on the balance sheet— assets, liabilities, maybe even derivatives — must be coordinated to defend long-term NIM and the bank’s ability to assist in Main Street’s recovery.

The Small Business Administration’s Paycheck Protection Program lending is fully aligned with the community bank mission, but it is short term. Banks must also plan for sustainable net interest income for three, four and five years into the future, and that planning and execution should take place now. The devised NIM defense strategy should be subjected to the same NIM decay analysis applied to the current balance sheet; if it’s insufficient, executives should consider even more significant adjustments for immediate action.

The economic environment is out of bankers’ control. Their responses are not, but these require action in advance. Banks can — and should — conduct a disciplined, diagnostic analysis of their NIM decay path and then correct it. This interest rate environment could be with us for some time to come.

2020 Risk Survey Results: “Don’t Panic. Just Fly the Airplane.”

It wasn’t uncommon in the latter half of 2019 for bank executives to note the margin pressure faced by the industry, brought on by an inhospitable interest rate environment. And rates dropped even lower in early 2020, with the Federal Reserve cutting rates to zero.

“In spite of the Fed’s yo-yo interest rate, we have a responsibility to manage our assets in a manner that is in the best interest[s] of our shareholders and communities we serve. The key is not to panic, but [to] hold the course,” said John Allison, CEO of Conway, Arkansas-based Home Bancshares, in the $15 billion bank’s second quarter 2019 earnings call. “At the end of the day, your management’s trying to operate profitably in the middle of this chaos. They say when you’re piloting an airplane and there’s a major problem, like an engine going out: ‘Don’t panic. Just fly the airplane.’”

Allison’s advice to “just fly the airplane” seems an appropriate way to frame the risks facing the banking industry, which Bank Director explored again in its 2020 Risk Survey, sponsored by Moss Adams. Conducted in January, it includes the views of more than 200 independent directors, CEOs, risk officers and other senior executives of U.S. banks below $50 billion in assets.

A majority of these industry leaders say they’re more worried about interest rate risk amid a competitive environment for deposit growth — 25% report their bank lost deposit share in 2019, and 34% report gains in this area. Looking ahead to 2020, most (73%) say their bank will leverage personal relationships to attract deposits from other institutions. Less than half will leverage digital channels, a strategy that skews toward — but is not exclusive to — larger banks.

In the survey, almost 60% cite increased concerns around credit risk, consistent with the Federal Reserve’s Senior Loan Officer Opinion Survey from January, which reports dampened demand for commercial loans and expectations that credit quality will moderately deteriorate.

Interestingly, Bank Director’s 2020 Risk Survey finds respondents almost unanimously reporting that their bank’s loan standards have remained consistent over the past year. However, the majority (67%) also believe that competing banks and credit unions have eased their underwriting standards over the same time period.

 

Key Findings

  • Scaling Back on Stress Tests. The Economic Growth, Regulatory Relief and Consumer Protection Act, passed in May 2018, freed banks between $10 billion and $50 billion in assets from the Dodd-Frank Act (DFAST) stress test requirements. While last year’s survey found that 60% of respondents at these banks planned to keep their stress test practices in place, participants this year reveal they have scaled back (7%) or modified (67%) these procedures.
  • Ready for CECL. More than half of survey respondents say their bank is prepared to comply with the current expected credit loss (CECL) standards; 43% indicate they will be prepared when the standards take effect for their institution.
  • Cyber Anxiety Rising. Eighty-seven percent of respondents say their concerns about cybersecurity threats have risen over the past year. This is the top risk facing the banking industry, according to executives and directors. Further, 77% say their bank has significantly increased its oversight of cybersecurity and data privacy.
  • Board Oversight. Most boards review cybersecurity regularly — either quarterly (46%) or at every board meeting (24%). How the board handles cybersecurity governance varies: 28% handle it within a technology committee, 26% within the risk committee and 19% as a full board. Just one-third have a director with cybersecurity expertise.
  • Climate Change Overlooked. Despite rising attention from regulators, proxy advisors and shareholders, just 11% say their bank’s board discusses climate change at least annually as part of its analysis and understanding of the risks facing the organization. Just 9% say an executive reports to the board annually about the risks and opportunities presented by climate change. More than 20% of respondents say their bank has been impacted by a natural disaster in the past two years.

To view the full results of the survey, click here.

How Banks Can Use the Dark Web to Shed Light on Cybersecurity


cybersecurity-9-5-19.pngCyberthreat intelligence, or CTI, can give bankers a deeper understanding of the potential threats that face their business.

Whether it is knowing your enemy or learning about the latest malware, CTI provides information that can help executives make prudent, risk-based decisions. This information comes from the open internet as well as closed sources, including the darknet and dark web. Analyzing this CTI can produce insights and identify signs of a potential breach, leaked data or pending attacks.

The darknet is the part of the internet that is not accessible through conventional browsers and requires specific software or configurations; the deep web is the part of the internet that is not accessible through search engines. Some nation states, cybercriminal gangs and threat actors thrive in this underground economy through illegal activity that includes the sale of personal information, financial goods and illicit services. For bank’s CTI, the deep web and darknet are a treasure trove of breached information and threat indicators.

A vast majority of these cyberthreat intelligence sources contain goods and sensitive data stolen from the financial services industry. Potential financial gain drives bad actors to maintain a thriving marketplace built on illicit items, including debit and credit card numbers, identity theft services and banking malware.

While no tool or service can completely eliminate the risk of a data breach, integrating CTI into a bank’s cybersecurity program can make it more difficult to target and lower the likelihood of a breach. To get value from CTI, a bank can:

  • Identify the threat actors that are leveraging potential vulnerabilities in systems used by the financial sector;
  • Understand whether a particular organization or client is being targeted directly;
  • Detect active malware campaigns that could target the bank;
  • Learn where its customer and employee information may exist;
  • Find breached credit or debit cards on deep web or darknet marketplaces; and
  • Understand emerging trends regarding data theft.

There are a variety of ways that financial institutions can leverage, and directly benefit from, CTI. Some examples include:

  • Incorporating technical indicators of compromise into the company’s security information and event management system;
  • Briefing high-level executives on industry trends and providing intelligence on potential future attacks;
  • Providing intelligence briefings to security operation centers (SOCs), increasing the situational awareness of technical campaigns and bad actors;
  • Developing incident response scenarios;
  • Achieving timely integration with fraud teams to deactivate stolen credit or debit cards;
  • Working with law enforcement to remove stolen credit, debit or other financial information from the deep or dark web;
  • Segregating and limiting internal access to systems if an individual’s credentials are exposed;
  • Communicating with social media and marketing teams about exposed data; and
  • Implementing patches for known vulnerabilities that are discovered on external-facing systems and applications.

What does a successful CTI program look like at financial institutions?
Deep analytical CTI is usually not possible at small- to medium-sized financial institutions using the internal resources of their existing security teams, and is often outsourced to a vendor or third party. Outsourcing can provide some value-added actions, such as:

  • Identifying breached credit and debit cards or other financial information;
  • Monitoring chatter about C-suite executives;
  • Assisting in fraud prevention through credential theft;
  • Thwarting attacks planned by adversaries that uses new financial theft malware, ransomware or Trojans;
  • Examining reputational damage or brand-related chatter for an organization;
  • Identifying large credential data dumps or breaches;
  • Identifying or ascertaining stolen or fraudulent goods like blueprints, skimmers and physical devices, or sensitive data such as tax forms, personally identifiable information and protected health information.

CTI can provide a variety of actionable information that executives can use to make better cybersecurity decisions and assess their risk appetite. With CTI, bankers can prioritize initiatives, address budgets and create business strategies for securing customer, employee and client data. A deeper understanding of the threats they face gives companies a firmer grasp of the tumultuous cyber landscape and a clearer vision of how to prevent problems.

The Newest Exposure Facing Community Bank Boards


cyberattack-8-30-19.pngCybercrimes continue to pose the greatest significant risk to the banking sector, ranging from standard phishing attack to a newer ATM jackpotting schemes that manipulate a machine to dispense larger amounts of money.

Many of the losses originate through human error, so it is critical to ensure all employees are trained on the newest phishing schemes and how to best avoid them. Cyber liability insurance claims represented the largest increase in the percentage of total liability claims, according to data from the American Bankers Association, rising from 19% in 2017 to 26% in 2018.

Several of the most-recent examples of covered cyber claims began when a bank employee succumbed to a phishing attack. This is where the employee clicks on a link provided by what is perceived to be a trusted source, which downloads malware. The malware often causes a breach of network security, providing the perpetrators with complete access to a bank’s networks. In some scenarios, the malware freezes the bank’s systems, and extorts executives for a “consulting fee” to return access of the internal systems. The fee is often in the form of bitcoin or another form of untraceable cryptocurrency.

While that can be a significant expense to the bank, the more-common claim scenario includes the expenses associated with the breach of network security. These can include, but are not limited to:

  • Notification costs
  • Forensics expenses
  • Credit monitoring costs
  • Establishing of a call center
  • Hiring a public relations firm
  • Obtaining legal advice, ensuring all discovery is protected by attorney-client privilege

Most cyber liability policies will cover to both breach remediation expenses, as well cyber extortion costs, as long as the third-party providers are approved by the carrier.

However, the loss scenario does not have to be limited to extortion or post-breach remediation expenses. As reported in 2018, a regional Virginia bank fell victim to an ATM heist for a total loss of $2.35 million. The fraud was initially caused by an employee who fell victim to a targeted phishing email, which allowed culprits to install malware on bank servers. The malware allowed thieves to disable the anti-theft and anti-fraud protections, including 4-digit PIN numbers and daily withdrawal limits thresholds. The bank succumbed to two separate instances of ATM thefts from this intrusion into their computer systems. The first resulted in a loss of $550,000 over a holiday weekend; the second resulted in a loss of over $1.8 million.?

Recommendations:

  • Make sure your employees are trained, and retrained, on how to detect a phishing e-mail and what to do if they suspect the e-mail may not be legitimate.
  • If you have any network security third-party providers, confirm if they are already included under the cyber carrier’s panel counsel list, which is a list of pre-approved vendors with pre-negotiated rates. If not, try to get them added on a pre-approved basis. This would typically occur during the renewal of the cyber policy, not during a claim.
  • If there is a breach of network security, make sure the cyber carrier approves all third-party expenses in writing, in advance, to ensure they will indemnify the bank for those expenses.
  • If cybersecurity, cyber risk or cyber insurance is discussed during a board meeting, make sure to document that in the minutes of the meeting. We suggest that boards show that such discussions take place on a quarterly basis, which can result in those boards being viewed in a better light in the event of a cyber-attack.

This Is a Red Flag for Banks


yield-curve-7-5-19.pngThe yield curve has been in the news because its recent gyrations are seen as a harbinger of a coming recession.

The yield curve is the difference between short- and long-term bond yields. In a healthy economy, long-term bond yields are normally higher than short-term yields because investors take more risk with the longer duration.

In late June, however, the spread between the yield on the three-month Treasury bill and the 10-year Treasury note inverted—which is to say the 10-year yield was lower than the three-month yield.

Inverted Yield Curve.png

An inverted yield curve doesn’t cause a recession, but it signals a set of economic factors that are likely to result in one. It is a sign that investors lack confidence in the future of the economy. Or to put it another way, they have greater confidence in the economy’s long-term prospects than in its near-term outlook.

Long-term yields drop because investors want to lock in a higher return. This heightened demand for long-dated bonds allows the U.S. Department of the Treasury to offer lower yields. The historical average length of recessions is about 18 months, so a 10-year Treasury note takes investors well beyond that point.

Short-terms Treasury yields rise because investors are skittish about the economy’s near-term prospects, which requires the Treasury Department to entice them with higher yields.

It turns out that inverted yield curves have a pretty good track record of predicting recessions within the next 12 months. The last six recessions were preceded by inverted yield curves, although economists point out that inversions in 1995 and 1998 were not followed by subsequent downturns. And more than two years passed between an inversion in December 2005 and the onset of the 2008 financial crisis.

Still, an inverted yield curve is an economic red flag for banks. The industry’s performance inevitably suffers in a recession, and even the most conservative institutions will experience higher loan losses when the credit cycle turns.

An inversion is a warning that banks should tighten their credit standards and rein in their competitive impulses. Some of the worst commercial loans are made 12 to 18 months prior to an economic downturn, and they are often the first loans to go bad.

Ironically, if banks tighten up too much, they risk contributing to a recession by cutting off the funding that businesses need to grow. Banks make these decisions individually, of course, but the industry’s herd instinct is alive and well.

It’s possible that the most recent inversion presages a recession in 2020. In its June survey, the National Association of Business Economics forecast the U.S. economy to grow 2.6 percent this year, with only a 15 percent chance of a recession. But they see slower growth in 2020, with the risk of a recession by year-end rising to 60 percent.

This has been an unprecedented time for the U.S. economy and we seem to be sailing through uncharted waters. On July 1, the economy’s current expansion became the longest on record, and gross domestic product grew at a 3.1 percent annualized rate in the first quarter. Unemployment was just 3.6 percent in May—the lowest in 49 years—while inflation, which often rises when the economy reaches full employment because employers are forced to pay higher salaries to attract workers, remained under firm control.

These are historic anomalies, so maybe the old rules have changed.

The Federal Open Market Committee is widely expected to cut the fed funds rate in late July after raising it four times in 2018. That could both help and hurt bankers.

A rate cut helps if it keeps the economic expansion going. It hurts if it makes it more difficult for banks to charge higher rates for their loans. Many banks prospered last year because they were able raise their loan rates faster than their deposit rates, which helped expand their net interest margins. They may not benefit as much from repricing this year if the Fed ends up cutting interest rates.

Is an inverted yield curve a harbinger of a recession in 2020? This economy seems to shrug off all such concerns, but history says yes.