Regtech: Reaping the Rewards


regtech-4-24-18.pngAs it evolves, regtech is uniquely poised to save banks time and money in their compliance efforts, and has become a common topic for many in the banking industry. If you’re ready to realize the promise of regtech at your institution, here are a few key steps to take before you start parsing through providers or sending out requests for proposals.

Consider changes to your organizational structure that would place oversight of both legal and compliance transformations under one department. In Burnmark’s RegTech 2.0 report, Chee Kin Lam, the group head of legal, compliance and secretariat for DBS Bank, pointed to his authority over both legal and compliance functions and budgets as a key to the Singapore-based bank’s ability to work with regtech companies.

At first blush, a change to your bank’s internal structure seems like an extreme measure for a precursor to a technology pilot, but that perception misses the big-picture implications of implementing a new regtech solution. If a bank intends to engage meaningfully with regtech, Lam pointed out, there’s a need for an overarching framework for onboarding new technologies to make sure they “speak to each other at a legal/compliance level instead of at an individual function level—e.g. control room, trade surveillance, AML surveillance and so on.”

What’s more, legal and compliance functions are already tied closely together, and any regtech solution would likely impact both areas of the bank. Central management of these two functions can help ensure efficient regtech implementation.

Create a solid, detailed problem statement before you ever look for a solution. Lam suggests identifying the top legal and compliance risks your bank is facing, and working from there to identify pain points for your employees and customers when they interact with that risk area. One way to go about this process is to utilize design thinking, which looks at products and experiences from the point of view of the customers and employees who utilize them.

By seeking out pain points and working through the design-thinking process to find their root cause, bank leadership can identify specific, actionable areas for improvement. As tempting as it can be for an institution to attempt a total overhaul of its regulatory processes, banks should pursue modular regtech solutions to solve specific, defined problem statements instead. As Peter Lancos, CEO and co-founder of Exate Technology, points out in RegTech 2.0, “[f]ragmentation makes a regulatory strategy impossible—especially due to geographic spread and banks having separate teams set up to deal with individual regulations.”

Leverage outside expertise. The risks of implementing regtech can be daunting, so bank leaders need to use every tool in their arsenal to get deployment right. Banks should involve regulators in the conversation early on in the process of working with a regtech company. According to Jonathan Frieder of Accenture in The Growing Need for RegTech, “[r]egulators globally have continued to accept and, ultimately, to embrace regtech” making 2018 “a pivotal year.”

In addition to getting regulators on board, banks should consider enlisting outside assistance from consultants or other regulatory experts. Such experts provide assistance with assessing problem statements or potential regtech vendors. Lancos states that he feels “it is essential for banks to have regulatory expertise support to actually write the rules that go into the rules engine of regtech solutions.”

Regtech implementation is a lot more involved than an average plug-and-play fintech product. However, when a bank considers the cost efficiencies, improved compliance record and decreased customer and employee frustration, the upside of regtech can be well worth the planning it requires.

Staying Relevant in a Changing Industry



How can community banks choose the right path to ensure that their institution stays relevant in this era of technological change? In this video, Kevin Riley, president and CEO of $12 billion asset First Interstate BancSystem, shares with Barbara Rehm of Promontory Interfinancial Network how his bank is focusing on investments in its digital platform, and how he expects the financial industry to change in the near future.

Riley discusses:

  • Building a Vision for the Future
  • Investing in Digital Delivery
  • How the Industry Will Evolve
  • Competitive Threats

Acquire or Be Acquired Perspectives: One True Thing About Banking and Finance


strategy-4-20-18.pngLudwig, Gene.pngThis is the third in a five-part series that examines the bank M&A market from the perspective of five attendees at Bank Director’s Acquire or Be Acquired conference, which occurred in late January at the Arizona Biltmore resort in Phoenix.

Read the perspectives of other industry leaders:
John Asbury, president and CEO of Union Bankshares
Gary Bronstein, a partner at Kilpatrick Townsend & Stockton LLP
Kirk Wycoff, managing partner of Patriot Financial Partners, L.P.


If you have seen as many cycles in the bank industry as Eugene Ludwig, founder and CEO of Promontory Financial Group and a former comptroller of the currency, you know the time to be most vigilant is not when things seem bleak, but instead when things seems brilliant.

“The one thing I’m certain of is that the good times may go on for a year, two years, five years, seven years, but they will not go on forever,” says Ludwig. “Those folks that continue to be disciplined…will make it through good times and have advantages in bad times. Those that are imprudent will be gone.”

Ludwig made this point while attending Bank Director’s most recent Acquire or Be Acquired conference held earlier this year at the Arizona Biltmore resort in Phoenix. Ludwig’s perspective on banking and the M&A landscape is one of five that Bank Director has solicited from attendees at the annual conference.

“We’re obviously in good times,” says Ludwig. “The general spirit of the community banking session I popped into was upbeat and optimistic. Also, as Marshall McLuhan said, ‘The message is in the medium.’ The medium here is the size of the audience—1,100 people. Audiences tend to slim out in tough times. Having said that, I think people are sober about the challenges the banking industry faces.”

When Ludwig talks about the challenges banks confront, the first thing he talks about is technology, “both accepting new technologies and being able to utilize them effectively on one hand and also not losing customers to new entrants in the marketplace on the other hand.”

One upside for community banks, says Ludwig, is that they seem to be less vulnerable than regional and money center banks to the threat posed by the largest technology companies with the deepest pockets.

“I think Amazon and Google most likely will be more threatening to the mid- and large-sized institutions than the small ones—though still very threatening because the consumer loan business, where they will focus, is fundamentally not a community bank business or even a particularly regional bank business,” says Ludwig. “That’s a big bank business or specialty lender business.”

The same is true on the liability side of the balance sheet, says Ludwig. “The heart of community banking is core deposits and deposit-taking. As a big commercial entity, it’s still perhaps less likely that Amazon is able to get a bank charter with access to deposit insurance so it’s at a disadvantage in terms of core deposits and having a full suite of banking services the way banks do. If Amazon does get a charter, or the equivalent, then the community bank still—at least for a time—has community feel and touch and personal ties that will prove highly beneficial to it compared to other deposit gatherers.”

In addition to technology, discussions about the state of the M&A market obviously loomed large at this year’s Acquire or Be Acquired conference. Ludwig agrees with other industry observers who have characterized the current M&A activity as lukewarm.

“It is one of those promises of things to come that for a long time hasn’t come,” says Ludwig. “There is of course M&A activity, but there has been a belief among some that there would be an explosion in activity and that hasn’t happened.”

Ludwig’s comments echo those of fellow conference attendee Kirk Wycoff, managing partner of Patriot Financial Partners, a private equity firm based in Philadelphia. An average of 4 percent of banks enter into mergers or acquisitions each year, notes Wycoff in an interview with Bank Director. There is variation from year to year, but it tends to be on the margin and the absolute number of transactions should trend lower as the industry consolidates.

Ludwig points to two reasons for what seems to be the recent and modest lull in M&A activity. First, with bank valuations at their highest level in a decade, deals continue to look expensive in many parts of the country. And on a more granular basis, Ludwig notes “there is less differentiation among valuations within the industry than one would expect” given the differences among bank franchises. “Having said that, every now and then, this can also produce profound opportunity because individual institutions hit air pockets or run out of management gas,” he says. “So there are definite opportunities in the marketplace.”

The thing to watch in this regard is the quality of a bank’s deposit franchise. “If you run bank valuations in the community banking sector, and I’ve owned a couple in my time, it’s all about the deposits,” says Ludwig.

I think that we’re getting into an era where deposit funding will be at a premium,” Ludwig continues. “When we started Promontory Interfinancial Network in 2001, banks were crying for deposits, [unlike] the last few years. (Editor’s note: Ludwig was one of Promontory Interfinancial Network’s founders and currently serves as chairman of the board, although the companies operate independently. Ludwig sold Promontory Financial Group to IBM Corp. in 2016 and continues as its CEO.) It may not go back to that, but it could. One thing true of banking and finance is that it’s cyclical. As Mark Twain said: ‘History may not repeat itself, but it rhymes.’”

AI is Groundbreaking Technology—But What Will the Regulators Say?


FinXTech-4-19-18.pngIn one sense, regtech—a recent word invention that stands for regulatory technology—is just a rebranding of an evolutionary process that has been going on for decades. Ever since the first IBM mainframe computers rolled off the assembly line in the 1960s, banks have been deploying technology to improve the efficiency and effectiveness of their operations and lower their costs. Of course, technology has come a long way since the dawn of the IBM mainframe—or “Big Iron” as they were sometimes called. Consider for a moment that anyone walking around today with an Apple iPhone 8 has more computer power in the palm of their hand than the Apollo 11 astronauts used on their 238,900-mile journey to the moon.

Another example—one with the potential to revolutionize the task of regulatory compliance—is artificial intelligence, or AI. “People see it as something that can solve all of your problems,” Harshad Pitkar, a partner at the consulting firm PricewaterhouseCoopers, said during a presentation at Bank Director’s The Reality of Regtech event, which took place April 18 at the Nasdaq MarketSite in New York.

While it holds great promise, Pitkar said deployment of AI in the regulatory compliance space needs time to mature, with more focus on building on “practical applications” that address specific compliance challenges within the bank. Pitkar also cautioned that like many complex technology solutions, AI projects take time and patience to get off the ground. “[They’re] not so easy to implement,” he said. “It’s not as easy as turning on a switch.”

It is still unclear however, how regulators will embrace technology-driven compliance solutions. Concepts and emerging technologies like AI in oversight of the compliance process are taken very seriously.

Regulators are by nature conservative, so it shouldn’t be surprising they may be slow to warm up to an innovative new technology solution proposed to replace a more manual, people-driven process they are very familiar with. At the same time, financial regulators are well aware of the many innovations emerging in regtech and financial technology generally—and the need for them to keep pace with this innovation. A number of regulatory agencies around the world, including a few in the United States, are establishing “reglabs” or “regulatory sandboxes” to test new ideas.

James Kim, an attorney with Ballard Spahr and a former regulator at the Consumer Financial Protection Bureau, said during a later panel discussion that banks should make a concerted effort to educate their supervisory agencies about regtech projects they have undertaken. “Educate your regulators,” Kim said. “They need to feel comfortable that your new technological systems are effective.” Speaking from experience, Kim said regulators will always be playing catch with the banking and fintech communities as the innovation tide rolls on. “They probably will always be dead last in having the expert knowledge in this area,” he said. “They need to be led.”

Sizing Up Amazon Web Services


cloud-4-17-18.pngFintech is prominent in today’s business lexicon, having migrated from the back office to a prominent position in both consumer and commercial finance. Its core functionality on mobile devices and wide application in artificial intelligence (AI) spans blockchain, smart contracts, banking, insurance, regulation and cybersecurity. And Amazon Web Services (AWS), a major cloud player, is the go-to provider for small and mid-sized businesses.

AWS delivers internet-based, on-demand computing, servers, storage, remote computing, mobile development and security, and a host of other information technology (IT) resources, all on a pay-as-you-go basis. Companies can gain unfettered, rapid access to low-cost, flexible services, with no up-front investment in hardware, software consulting and design, or expensive-to-maintain data centers. Companies can operate faster, more securely and less expensively, preserving their most valuable resources: time and money. And it is user-friendly—the AWS Management Console is simple, intuitive and accessible on the web or through the AWS Console mobile app. Wide adoption means lower costs from economies of scale.

AWS has mushroomed since its introduction a decade ago—posting $5.1 billion in revenue for fourth quarter 2017 and a 44.6 percent increase in year-over-year sales. AWS’ business model enables financial services firms and banks to scale up and down with increasing speed and agility. They can target new market segments, such as millennials—the fastest-growing consumer base—instantly, and easily offer an uncomplicated, compelling and accessible banking experience, appealing to a broad range of customers anywhere in the world.

Users’ traditional security concerns are assuaged with the AWS infrastructure, which aligns with best security practices, including SOC 1 and SOC 2 assurances. Third-party attestations and helpful white papers are available at its AWS Security Center at aws.amazon.com. AWS’ reliable development environment supports establishing a firewall via separate accounts for development and production. Thus, companies can try new features, conduct product experiments and perform user acceptance testing (UAT) without compromising the integrity of existing applications or disrupting active operations.

Although AWS offers quick, easy and simple solutions, users need assurance of adequate controls to protect the underlying database. Company decision makers must clarify who controls the data and how security is managed before migrating their data. Minimum precautionary measures include encrypting data, limiting the amount of data stored and insisting on multifactor authentication. Data ownership is a murky issue with AWS, and companies’ data could be mined to gain a competitive advantage.

AWS fintech customers should understand that segregation of duties is paramount. Oftentimes, small organizations have a chief technology officer who is also responsible for development, design and support. These multiple duties can create a control issue. Additionally, fintech companies may not have clearly defined production schedules, so they often make changes during the day. Segregating the production from the development environment mitigates the risk of unauthorized changes.

The overarching issue of regulation is major. The Financial Stability Board, an international body that monitors the global financial system, highlights 10 issues that supervisors and regulators must heed, and three have top priority. First is an oversight structure to govern third-party service providers, including cloud computing and data services. Second is mitigating cyber risks by maintaining contingency plans for cyberattacks and focusing on cybersecurity when designing IT systems. Third is monitoring macro financial risks against undue concentration and large and unstable funding flows.

These top issues have particular application to fintech, where traditional risk management functions may not suffice. Blockchain and robotics technologies demand a risk management framework that examines underlying assumptions, revises risk tolerance levels and acceptable risks, and increases stress testing and simulations.

AWS has earned a solid reputation in the marketplace—it is more than 10 times the size of its nearest competitor—and its prominence will increase. Small and medium-sized businesses have championed its ease of use, cost savings and scalability. However, they must protect data and avert potential operational risk.

Digitization Inside and Out of the Boardroom


digitization-4-16-18.pngAs global businesses and markets are caught in a seemingly perpetual cycle of disruption and adjustment, company leadership and directors are tasked with finding new, innovative ways of communicating and working with shareholders in an increasingly complex and fragmented landscape. This is even more important given the massive technological advancements within the last decade, which have not only shifted the ways in which companies operate, but the means in which businesses and investors convey and share information.

Recent advancements in technology have transformed everyday business processes through digitization, which, in turn, has made cybersecurity a top priority. Moreover, they have made the world a much more connected place, facilitating business at a faster pace than ever before. To help company leadership adjust, new technologies have been developed to help directors and leadership teams improve collaboration and workflow.

Digitization
Today’s boards are going paperless, and the reality has become indisputable: directors are turning away from printed documents in favor of digital information that is easy to share and accessible on mobile platforms, like board portals.

Through digitization, directors are now accustomed to heightened levels of speed and efficiency across all business processes. With board portals, corporate secretaries and meeting managers are able to streamline board book creation and tighten information security. The benefits to this technology are clear: easy access to digital meeting information with user-friendly tools for assigning tasks, approvals, consent votes and secure messaging.

We have also observed a growing trend driving increased global demand for board portal solutions: the need to collaborate and share confidential information and documents across internal and external teams in a highly secured environment. The C-suite executives who already use our board portal tools for director-level collaboration are now expanding that capability across their organizations, all through a single sign-on service.

Cybersecurity
As businesses shift to digital platforms, data security plays a much bigger role. Companies must closely scrutinize how sensitive information is handled due to the risk of breaches. Cyberattacks are common and can result in significant financial and reputational damage; cybercrime damage costs are expected to total $6 trillion annually by 2021, according to CSO. This makes it especially important for boards and company leadership to take a strategic approach to data protection. Information is being shared in more rapid and innovative formats, and the methods in which boards communicate with shareholders will need to prioritize safety along with accessibility.

Protecting sensitive information should be at the top of a company’s concerns. This is why solutions should comply with strict encryption standards, multi-factor authentication and a completely cloud-less data storage system. Companies can also leverage machine learning and artificial intelligence (AI) to navigate and secure large volumes of data. These technologies can monitor and detect network anomalies that signal potential attacks and prevent further access before data is compromised.

Globalization
Due to the digitization of communication channels, we are now able to connect and do business in seconds with people halfway across the world. As technology brings us closer together, it breaks barriers to information accessibility. This ease of information exchange has impacted investing by virtually removing any impediments that once stood in the way of certain markets.

Increased ease of access to information around the world means companies, and particularly company leadership, should ensure key information is digestible for all stakeholders. That’s why being equipped with full translation services for common languages can be advantageous.

Moreover, as globalization continues to facilitate business and investing opportunities, shareholder bases are broader and more diverse than ever before. With the rise of passive investing, companies lack a level of transparency that allows them to know who their stakeholders are. For this reason, it is necessary to take advantage of tools and technologies that provide actionable insights into passive investment data and provide a more comprehensive picture of shareholders.

Looking Ahead
As technology continues to augment the ways in which companies operate, boards need to keep pace, ensuring they are communicating with their shareholders in the most efficient and preferred methods possible.

What Leaders Say It Takes to Compete Today


strategy-4-5-18.pngIf it weren’t for the occasions when his kids need to borrow some cash, Frank Sorrentino says they’d never set foot in a bank branch.

Sorrentino, the CEO of $4.7 billion asset ConnectOne Bancorp in Union, New Jersey, was one of several senior bank executives who joked about millennials’ tech-savvy lifestyle during a roundtable session, sponsored by Promontory Interfinanical Network (a partner to thousands of banks), at Bank Director’s 2018 Acquire or Be Acquired conference. But the habits of younger consumers and the challenges they present, including how they affect the race for deposits, are among the top concerns of today’s bank leaders.

Technology is a disruptive force that has permeated the banking industry, affecting operations and decisions for directors at all levels. “Today, to me it appears that things are changing right beneath our feet,” Sorrentino says. “The speed of adoption, speed of change, is just something that’s breathtaking.”

An 800-pound gorilla NOT named Amazon
The threat posed by big banks that are competing aggressively for consumers is very real for regional and smaller community banks—though some do see bright spots.

The ability of the largest banks to chart their own courses with technology could hurt regional and community banks, especially if that technology were to become proprietary or exclusive.

“They can decide to turn up or turn down product almost at whim, and very quickly put pressure on anyone in this room in…a very negative way,” Sorrentino says. “I’m not so sure the next-generation 800-pound gorilla is going to be thinking the same way.”

Sorrentino pointed to the widespread adoption of Zelle, a peer-to-peer (P2P) payments product that is currently being offered by 58 banks and credit unions, including ConnectOne. That type of product is helpful, he says, and works as long as banks of all sizes have access to it.

But the disrupting factors of the future may be the tech giants like Amazon or could just be the direction technology is leading customers—which is to say, far away from traditional banks.

Convenience in banking has trumped much of the traditional channels, which are largely based on in-person relationships. “That same experience now has to come through those interactions over the [smart] phone,” says Chuck Shaffer, chief financial officer and head of strategy at Seacoast Bank Corp. in Stuart, Florida, which has $6 billion in assets.

“When my own children, who live in New York City, say that they went and opened up an account at Chase because that’s where they can transact their Venmo [a competing P2P service offered by PayPal] without having to pay a fee, it’s very concerning,” says David Provost, president and CEO of Chemical Financial Corp., a $20 billion-asset institution headquartered in Midland, Michigan.

Data-fueled growth strategies
Other executives have similar assessments of the competition, though some remain optimistic about the potential for growth through more conventional means and using technology for that purpose, as well.

“I think customers come to you first; [it] doesn’t mean they don’t get better offers. It doesn’t mean that you don’t have to maybe match offers that normally you might not, but I think that there is still a degree of loyalty,” says Sally Steele, chairman of the board at Community Bank Systems, a $10 billion-asset bank based in Dewitt, New York. “But on the other hand, as the Zelles of the world roll through the banking industry, we’re all going to be beneficiaries of that.”

Nearly two-thirds of directors and CEOs surveyed for Bank Director’s 2018 M&A Survey say they are planning to grow organically, rather than through acquisitions, using strategies rooted in modern technology.

Shaffer’s 90-year-old bank has been around long enough to be familiar with the days before the internet, but Seacoast has been deliberate in investment and integration of data-backed strategies, both internally and purchased. “We operate in one data platform. We built a SAS database over top of that, then built automated marketing over top of that,” he says.

This data-driven approach has generated customized service and marketing pitches tailored to any demographic group and is now yielding significant revenue. “Three years later, we’re doing over $300 million; this year we’ll do around $400 million largely because we’re making the right offer at the right moment to the right customer,” Shaffer says. “We’ve been explosive in building exponential growth in the organization.”

2018 L. William Seidman CEO Panel



Former FDIC chairman and Bank Director’s publisher, the late L. William Seidman, advocated for a strong and healthy U.S. banking market. In this panel discussion led by Bank Director CEO Al Dominick, three CEOs—Greg Carmichael of Fifth Third Bancorp, Gilles Gade of Cross River Bank and Greg Steffens of Southern Missouri Bancorp—share their views on the opportunities and threats facing banks today.

Highlights from this video:

  • Reaching Today’s Consumer
  • Front and Back-Office Technologies That Matter
  • Competitive Threats Facing the Industry
  • The Future of Community Banking

 

RegTech: A New Name for an Old Friend


regtech-3-20-18.pngWith all of the buzz around regtech, it’s easy to forget that banks have leveraged technology for compliance and reporting for decades. But thanks to recent developments in data architecture, artificial intelligence and more, regtech is on the rise, and it’s evolving into something a lot more sophisticated.

The definition of regtech is simple. According to New-York-based analytics firm CB Insights, regtech is “technology that addresses regulatory challenges and facilitates the delivery of compliance requirements.” Regtech can be as simple as using an Excel spreadsheet for financial reporting or as complex as using adaptive algorithms to monitor markets. By studying the evolution of regtech, banks can begin to decipher which technologies are aspirational and which ones are crucial to navigating today’s demanding regulatory regime.

Regtech has and is evolving in three key phases, according to the CFA Institute Research Foundation, a nonprofit research group in Charlottesville, Virginia. The first phase was focused on quantifying and monitoring credit and market risks. A powerful illustration of the forces driving this initial phase can be seen in the Basel II accord, which was published in 2004. Basel II focused on three pillars: minimum capital requirements, supervisory review by regulators and disclosure requirements meant to enhance market discipline.

Despite the enhanced regulatory requirements of Basel II, the global financial crisis of 2008 exposed serious deficiencies in capital requirements that spurred the second and current phase of regtech’s evolution. New anti-money laundering (AML) and Know Your Customer (KYC) laws have drastically increased compliance costs. According to Medici, a financial media company, financial institutions spend more than $70 billion annually on compliance. In addition, increased fines for banks, new capital requirements and stress testing have resulted in a heavily burdened banking system. With increased regulatory requirements, we have seen a corresponding increase in technology solutions poised to meet them. The following are a few key areas banks should explore:

  • Modeling and Forecasting: Even if your bank is not subject to the Dodd-Frank Act Stress Test (DFAST) or Comprehensive Capital Analysis and Review (CCAR), it should still be able to leverage modeling and forecasting tools to manage liquidity, meet CECL (current expected credit loss) accounting standards and monitor important trends.
  • KYC/AML: Regulatory requirements that require your financial institution to “know your customer” when you onboard them often rely heavily on paper-based processes and duplicative tasks. In addition, the Bank Secrecy Act requires banks to perform intense transaction monitoring to help prevent fraud. Both of these obligations can be curtailed through the use of technology, and solutions are available to digitize client onboarding and use AI to monitor transactions.
  • Monitoring Regulations: Rules and regulations are being promulgated and revised at a rapid pace. Instead of hiring a cadre of attorneys to keep up, banks can use regtech to monitor requirements and recommend actions to keep the bank in compliance.

Banking is, by necessity, a risk-averse industry. As such, taking a leap with companies that will touch bank data, gather information from back-office software or deploy AI can seem like a scary proposition. Some regtech providers on the marketplace today are new, but some were forged through the fires of the financial crisis, and others are time-tested vendors that have been around for decades. Whether a regtech partner is established or emerging, banks can (and should) hedge their bets by communicating with their regulators and forming a plan to monitor the new technology.

The CFA Institute Research Foundation posits that we are on the precipice of phase three in the evolution of regtech. This future state will be marked by a need for regulators to develop a means of processing the large amounts of data that regtech solutions generate. In addition, regtech has the potential to enable real-time monitoring. Both advancements will require a rethinking of the regulatory framework, and more openness between banks and regulators.

Despite the portmanteau (which is usually reserved for new or unfamiliar concepts), regtech is an old friend to the banking industry. Its future may hold the keys to a new conceptualization of what oversight means. For now, though, regtech represents an opportunity for banks to leverage technology for what it was intended to do: Save humans time, labor and money.

2018 Risk Survey: Technology’s Impact on Compliance


regtech-3-19-18.pngIn addition to better meeting the needs of consumers, technology’s promise often revolves around efficiency. Banks are clamoring to make the compliance function—a significant burden on the business that doesn’t directly drive revenue—less expensive. But the jury’s out on whether financial institutions are seeing greater profitability as a result of regtech solutions.

In Bank Director’s 2018 Risk Survey, 55 percent of directors, chief executive officers, chief risk officers and other senior executives of U.S. banks above $250 million in assets say that the introduction of technology to improve the compliance function has increased the bank’s compliance costs, forcing them to budget for higher expenses. Just 5 percent say that technology has decreased the compliance budget.

Regtech solutions to comply with the Bank Secrecy Act, vendor management and Know Your Customer rules are widely used, according to survey respondents.

Accounting and consulting firm Moss Adams LLP sponsored the 2018 Risk Survey, which was conducted in January 2018 and completed by 224 executives and board members. The survey examines the risk landscape for the banking industry, including cybersecurity, credit risk and the impact of rising interest rates.

Fifty-eight percent say that the fiscal year 2018 budget increased by less than 10 percent from the previous year, and 26 percent say the budget increased between 10 and 25 percent. Respondents report a median compliance budget in FY 2018 of $350,000.

Additional Findings

  • Cybersecurity remains a top risk concern, for 84 percent of executives and directors, followed by compliance risk (49 percent) and strategic risk (38 percent).
  • Respondents report that banks budgeted a median of $200,000 for cybersecurity expenses, including personnel and technology.
  • Seventy-one percent say their bank employs a full-time chief information security officer.
  • Sixty-nine percent say the bank has an adequate level of in-house expertise to address cybersecurity.
  • All respondents say that their bank has an incident response plan in place to address a cyber incident, but 37 percent are unsure if that plan is effective. Sixty-nine percent say the bank conducted a table top exercise—essentially, a simulated cyberattack—in 2017.
  • If the Federal Reserve’s Federal Open Market Committee raises interest rates significantly—defined in the survey as a rise of 1 to 3 points—45 percent expect to lose some deposits, but don’t believe this will significantly affect the bank.
  • If rates rise significantly, 45 percent say their bank will be able to reprice between 25 and 50 percent of the loan portfolio. Twenty-eight percent indicate that the bank will be able to reprice less than 25 percent of its loan portfolio.
  • One-quarter of respondents are concerned that the bank’s loan portfolio is overly concentrated in certain types of loans, with 71 percent of those respondents concerned about commercial real estate concentrations.

To view the full results to the survey, click here.