New Guidance from the Fed on Examination of Community Banks - A Three Part Series

Part One- A Warning and an Opportunity  

 Introduction

The Federal Reserve recently released Community Affairs Letter #13-19.  The title of this letter is “Community Bank Risk-Focused Consumer Compliance Supervision Program”.  The letter details the approach that the agency plans to employ when approaching the examinations of banks with assets less than $10 billion in assets.   At first glance, the casual reader could complete this guidance and conclude that not much is changed; that the agency has simply restated its risk based approach to examinations.  We however, contend that there is more to this letter than meets the casual eye.  In fact, it is our contention that this guidance presents both a warning and an opportunity

The Warning

The guidance discusses the approach that supervisory staff should use when developing a risk profile for a bank.  This approach of course, includes past examination reports and history, environmental facts such as the economic conditions around the bank and the overall income performance at the bank. The expectation is also that the supervisory staff will contact the bank and interview staff about their impressions of the risk profile at the bank.[1]  The portion of this guidance that may go unsaid is that the expectation is that Banks will have the ability to completely, accurately and realistically assess the levels of compliance risk and present steps that are being taken to mitigate risk.  The bank must be able to distinguish residual risk from inherent risk. 

·         Inherent risk – This is the risk associated with a particular line of business of a product or even a customer base

·         Residual risk- This is the level of risk that remains after the Bank has taken steps to mitigate

In parts two and three of this series we will discuss identifying and rating each of these levels of risk at community banks.   But the point here is that the supervisory staff will expect the management of the Bank to know what these risks are and to have clearly identified what it is they have done to reduce risk and how they monitor the risk that remains. 

A quick example might be a decision to offer Home Equity Lines of Credit (“HELOCS”)

Inherent Risk [2]- The risk that is always associated with this kind of product may include many of the following:  

o   Improper Disclosures

o   Incorrect Right of Recession

o   Failure to get copies of Appraisals to customers

o   Unfair or incomplete disclosures of Pricing

Residual Risk [3] – This is the level of risk that will exist even after the mitigation is put in place:

o   Bank Staff uses improper or incomplete forms

o   Staff is unaware of the required disclosures

o   Staff turnover creates lower knowledge of the product

Examination staff will interview the management of the Bank to make sure that they recognize all of the risks that are associated with the product and have included these risks in the strategic decision to offer the product.  Did the Bank have the staff in place, the infrastructure in place and the ability to monitor compliance established before the product was offered? 

If the supervisory staff comes to the conclusion that the ability of the management to recognize and mitigate risk, then the likelihood is that there will a great deal of supervisory activity. 

The Opportunity

The chance to prove that you have truly identified the risks associated with the overall operation of the Bank and to demonstrate that you have taken steps to control those risks gives you the opportunity to greatly control your overall compliance environment.  

The ability to self- assess, self-correct and self-police will greatly enhance the relationship and reduce the need for regulator intrusions.  It has become increasingly clear that the regulators are looking to Banks to be able to recognize risks and self-police them.  For example, CFPB bulletin 2013-06[4] addresses the fact that regulators will look favorably on the Bank that “self-polices”.  We addressed our opinion on this subject in our blog post dated July 25, 2013.  We are strong supporters of the idea that Banks can greatly and positively impact the relationship with the regulators (and reduce the amount of examinations!) by charting a course that includes a strong risk assessment and self-policing. 

Preparing Your Risk Profile  

As you prepare for the regulatory assessment that is imminent, we advise that you do your own assessment.  As you do an assessment, be prepared to consider all of the potential compliance issues independent of safety and soundness, marketing and strategic planning.  The assessment must be based only on the risks associated with noncompliance.   

Make sure that you consider current training and access to training for the upcoming onslaught of regulations in 2014.  The process should be one that is brutally honest and takes into account the Bank’s own knowledge of weaknesses and areas of concern.   The willingness of a management to discuss the true status of the compliance program will help the bank develop a collaborative relationship with the regulators.  From this point the possibilities are endless. 

In part two of this series we discuss the identification of inherent risk 

---

[1] Examiners need to contact institution management to develop and maintain an understanding of the institution and the market(s) in which it operates. Such contact typically involves a specific information request that provides the opportunity to learn about any changes that would affect the profile. These changes might include changes in management personnel, organizational structure, or the institution’s strategic direction, including any new products, markets, or delivery channels the institution has introduced or entered or is considering introducing or entering.

[2] This list is not intended to be all inclusive, but simply for discussion purposes. 

[3] See Comment Above

[4] Responsible Business Conduct: Self-Policing, Self-Reporting,

Remediation, and Cooperation