They say the older you get, the faster time passes. So it was with 2015. It just seemed like yesterday I was writing this article for the 2015 January edition of our newsletter with my ankle in a cast and a lot of supporting hardware inside. At this time I am happy to say, I am no longer in a cast, there are a few less screws in my ankle, and the intense physical therapy is behind me. I can, however, predict the weather (if only I could predict interest rate changes as easily).
Another adage states the more things change, the more they stay the same. That is so true today in the financial institution industry. Some things, such as technology, cyber risks, and consumer regulations change so quickly that it is hard to keep up with the changes. But while details change, the responsibility to manage the risks in these many areas has not. I did a little research to see what the financial institution regulatory bodies were worried about in 2015, 2005, and 1995. The following is just a brief listing of what I saw in those years:
Not all of the areas of concerns were the same in the past twenty years; yet there definitely were a lot of similarities. What has not changed is the responsibility of management to manage these risks in a safe and sound manner. What we have also learned in the past twenty years is that these risks cannot be managed alone and should be managed on an enterprise-wide basis.
Accordingly, many of my resolutions for 2016 are the same or similar as those from last year—not unlike my own personal resolutions of “Eat better, exercise more, get better sleep.”
1. Cybersecurity. You cannot pick up an industry periodical without reading about this topic. The regulators released a cybersecurity assessment tool, and we have a free one on our website www.wipfli.com/cybersecurity. Resolve to check out the website; there is a significant amount of information that is great to share with the Board and your team. The regulators say that the IT exams will focus on this topic, but your institution will not be penalized unless you have not prepared at all. Be ready though for your 2017 examination!
2. Bank Secrecy Act and Anti-Money Laundering (BSA/AML). We saw increased scrutiny in BSA examination coverage from federal and state regulators in both 2014 and 2015. Resolve that the four pillars of an effective BSA/AML compliance program—compliance team, training, internal controls, and independent audit—are appropriate for your financial institution’s risk profile. And ask your Wipfli BSA team to help; many of our professional staff are Certified Regulatory Compliance Managers with BSA/AML as a core focus and/or hold BSA/AML certifications such as Certified Anti-Money Laundering Specialist and Certified BSA/AML Professional.
3. Changing Regulatory Requirements. Do you know what TRID stands for? If you don’t, it is too late, but I suspect your mortgage people and compliance people know (TILA-RESPA Integrated Disclosure). Resolve to consider signing up for our ComplianceHelp service, which provides email responses within one business day to your compliance questions. In addition, it grants you access to a quarterly live compliance meeting, either in person or virtually. Support your compliance staff by leveraging the insights of our regulatory experts. Visit www.wipfli.com/compliancehelp to subscribe.
4. Capital and Net Worth. Capital and net worth continue to be king. This is worth repeating again. Do you know how much tolerance you have in your capital ratios if you don’t manage risks properly or if you embark on an aggressive growth plan, either organically or via acquisition? Resolve to make sure you know those capital specifics and make sure your capital plan is current. If you have questions, please contact your Wipfli relationship executive who can direct you to our capital experts.
5. Fair Lending—it isn’t just for mortgage loans anymore. Yes, lending practices in the mortgage arena are being looked at, but regulators also have been assessing fairness in credit cards, automobile loans, student loans, overdraft charges, and small business lending. And not only do issues regarding fair lending impact your bottom line, they also create significant reputation risk; a difficult problem to recover from quickly. Resolve to have a fair lending review to address any potential issues. Contact Jerry Miller at email@example.com or Melissa Blaser at firstname.lastname@example.org if you have any questions about this process.
6. Credit Underwriting. Examiner comments indicate concern over the loosening of credit standards. Competition among financial institutions is fierce for those best customers, and some institutions are stretching credit standards to get that loan booked. Good credit underwriting is key to making sound choices and managing loan portfolio risk. Occasionally, resources in the loan department may be tight, and a lender can sometimes be both the credit analyst and the underwriter. If that’s happening in your institution, resolve to put your lenders’ time and energy toward the analysis of making good credit decisions and let us help you with the “spreads” that support those decisions. Contact your Wipfli relationship executive for more information.
7. CECL—it is coming. Effective dates are out; many financial institutions have a long time before implementation of the current expected credit loss accounting standard. For nonpublic business entities, 2020 is the magic number. That seems like a long time from January 2016, but now is the time to start gathering data about your loan portfolio to use when implementation is required. In addition, the CECL standard will have impact on other areas of the financial institution, so resolve to include them all in your implementation planning. Your information technology department can help determine what data is available on your core systems, how attributes not being currently tracked can be added, and what reports are available. We know there will be an impact on capital—having the ALCO and the CFO involved is a must. And most important of all—talk about it with the Board so there are no surprises. Stay tuned to our website and your email inbox for information on the implementation, and if you have more specific questions, call us.
8. Interest Rate Risk. Prime rate hasn’t changed since December of 2008 when it began dropping to the current rate it is at this writing and has not increased since June of 2006. The iPhone was not even invented until 2007, and we’ve had nine iterations since. I confess I am an Android user, and its first launch was in 2008, and I believe it has had 13 models since then. The “Great Recession” ended in June of 2009, and we have been waiting and worrying about interest rate risk ever since. We should! Investment portfolios have been stretched; customers are pushing for longer term fixed rate loans; and we are not sure we really know what the behavior will be for our deposit customers —especially as the baby boomers continue to retire and millennials look to nonbanking entities to park their money. I think 2016 is the year to resolve to take a deep dive into your assumptions on those deposits, both nonmaturity and time deposits. And then revisit those loan assumptions, especially as the possibility of prepayment rates slow and in some cases, floors will reduce the impact of increasing interest income for a longer time period. And then determine the potential impact on not only your net interest income, but also your economic value of equity.
9. Liquidity Risk. Tag teaming with interest rate risk, resolve to revisit your liquidity policy and procedures as well as your contingency funding plan. Incorporate the changes in your assumptions for your interest rate risk model and possible behavioral changes in your deposit base into your contingency funding scenarios. We have a great team of ALM experts to help you if you need it.
10. Employees—a repeat. Resolve to engage the largest nonreported asset at your financial institution—your employees. Retention is very important for many of your key positions, and in some cases, retention is even more critical in the lower level positions as they are the up and comers who will replace retiring key employees. Engage them in conversations and see what keeps them up at night. They have insight that is from a different view than the C-suite and may be your best advocates for what you are doing right and the best control to keep you from doing wrong! Staff meetings are an excellent place to do this, but consider other options such as taking a department to lunch several times a year. Once the dialogue gets rolling, it can be a very valuable investment in employee retention.
As I conclude, I note that all of these address risk. As the author, I have taken the liberty to add one more resolution: Resolve to look at risk in a holistic manner across your organization. While one individual may have a partial picture of risk trends and levels, another may have a separate view, and another may have a different part of the picture. How do you capture a complete risk profile? How do you monitor changes in risk? How much risk is acceptable? Given the speed of change and the regulatory emphasis on enhancing enterprise risk management techniques in the financial industry, 2016 is the year to seek risk management solutions. If you are just thinking about it or refining your approach, please consider contacting us to talk about this critical focus area. To all our clients, prospects, friends, and associates, we wish you much success in 2016!