New Guidance from the
Fed on Examination of Community Banks - A Three Part Series
Part One- A
Warning and an Opportunity
Introduction
The Federal Reserve recently released Community Affairs Letter
#13-19. The title of this letter is “Community
Bank Risk-Focused Consumer Compliance Supervision Program”. The letter details the approach that the
agency plans to employ when approaching the examinations of banks with assets
less than $10 billion in assets. At
first glance, the casual reader could complete this guidance and conclude that
not much is changed; that the agency has simply restated its risk based
approach to examinations. We however,
contend that there is more to this letter than meets the casual eye. In fact, it is our contention that this
guidance presents both a warning and an opportunity
The Warning
The guidance discusses the approach that supervisory staff
should use when developing a risk profile for a bank. This approach of course, includes past
examination reports and history, environmental facts such as the economic
conditions around the bank and the overall income performance at the bank. The expectation
is also that the supervisory staff will contact the bank and interview staff
about their impressions of the risk profile at the bank.[1]
The portion of this guidance that may go
unsaid is that the expectation is that Banks will have the ability to completely,
accurately and realistically assess the levels of compliance risk and
present steps that are being taken to mitigate risk. The bank must be able to distinguish residual
risk from inherent risk.
·
Inherent risk – This is the risk
associated with a particular line of business of a product or even a customer
base
·
Residual risk- This is the level of risk
that remains after the Bank has taken steps to mitigate
In parts two and three of this series we will discuss
identifying and rating each of these levels of risk at community banks. But the point here is that the supervisory
staff will expect the management of the Bank to know what these risks are and to
have clearly identified what it is they have done to reduce risk and how they
monitor the risk that remains.
A quick example might be a decision to offer Home Equity Lines of Credit (“HELOCS”)
Inherent Risk [2]-
The risk that is always associated with this kind of product may include many
of the following:
o
Improper Disclosures
o
Incorrect Right of Recession
o
Failure to get copies of Appraisals to customers
o
Unfair or incomplete disclosures of Pricing
Residual Risk [3]
– This is the level of risk that will exist even after the mitigation is put in
place:
o
Bank Staff uses improper or incomplete forms
o
Staff is unaware of the required disclosures
o
Staff turnover creates lower knowledge of the
product
Examination staff will interview the management of the Bank
to make sure that they recognize all of the risks that are associated with the product
and have included these risks in the strategic decision to offer the product. Did the Bank have the staff in place, the
infrastructure in place and the ability to monitor compliance established before
the product was offered?
If the supervisory staff comes to the conclusion that the
ability of the management to recognize and mitigate risk, then the likelihood
is that there will a great deal of supervisory activity.
The Opportunity
The chance to prove that you have truly identified the risks
associated with the overall operation of the Bank and to demonstrate that you
have taken steps to control those risks gives you the opportunity to greatly
control your overall compliance environment.
The ability to self- assess, self-correct and self-police
will greatly enhance the relationship and reduce the need for regulator
intrusions. It has become increasingly
clear that the regulators are looking to Banks to be able to recognize risks
and self-police them. For example, CFPB
bulletin 2013-06[4]
addresses the fact that regulators will look favorably on the Bank that “self-polices”. We addressed our opinion on this subject in
our blog post dated July 25, 2013. We
are strong supporters of the idea that Banks can greatly and positively impact
the relationship with the regulators (and reduce the amount of examinations!)
by charting a course that includes a strong risk assessment and self-policing.
Preparing Your Risk
Profile As you prepare for the regulatory assessment that is imminent, we advise that you do your own assessment. As you do an assessment, be prepared to consider all of the potential compliance issues independent of safety and soundness, marketing and strategic planning. The assessment must be based only on the risks associated with noncompliance.
Make sure that you consider current training and access to training
for the upcoming onslaught of regulations in 2014. The process should be one that is brutally
honest and takes into account the Bank’s own knowledge of weaknesses and areas
of concern. The willingness of a
management to discuss the true status of the compliance program will help the
bank develop a collaborative relationship with the regulators. From this point the possibilities are
endless.
In part two of this series we discuss the identification
of inherent risk
[1] Examiners
need to contact institution management to develop and maintain an understanding
of the institution and the market(s) in which it operates. Such contact
typically involves a specific information request that provides the opportunity
to learn about any changes that would affect the profile. These changes might
include changes in management personnel, organizational structure, or the
institution’s strategic direction, including any new products, markets, or
delivery channels the institution has introduced or entered or is considering
introducing or entering.
[2] This
list is not intended to be all inclusive, but simply for discussion
purposes.
[3]
See Comment Above
[4] Responsible
Business Conduct: Self-Policing, Self-Reporting,
Remediation, and Cooperation
No comments:
Post a Comment