New Guidance from the Fed on Examination of Community Banks - A Three Part Series

Part Two – Defining the Inherent Risk Profile

In part one of this series we discussed the examination guidance on community banks from the Federal Reserve.  We noted that Consumer Affairs letter 13-19 details the risk=k based approach that the Fed intends to use for examination and supervision.  We pointed out that we believe that this guidance presents both a warning and an opportunity.  The warning is that the regulators will increasingly expect that banks have a strong system for recognizing and evaluating risk.  The opportunity presented is the ability to present a strong case to the regulators and in doing so, reduce overall regulator contact.

Developing Your Own Compliance Risk Profile-Inherent Risk

The first thing that regulators will review is the inherent risk of compliance violations at a bank.  This review is designed to look at both internal and external factors at the bank that could cause a compliance problem.  We recommend that our clients perform this review on a regular basis.   To determine the inherent risk of compliance, we recommend a five step approach:

Ø  Products:  take an assessment of the products that you offering.  Even though you may offers several very sophisticated consumer products, the inherent risk that there will be a compliance violation has more to do with the infrastructure that you have in place to administrate these loans than the products themselves.   How long have you been offer the suite of products that you have?  Are there any new products (less than a year old)?  What problems has your bank experienced with the products in the past?  Have there been findings or enforcement actions?   Another area to examiner here is the level of stability of staff, the longer the staff has been in place; the more likely that the problems have been experienced can be overcome.   Finally in this area, it is important to be aware of any new or changing regulations that might impact the delivery  of your product lines

Ø  Policies and procedures:  every bank has a set of policies and procedures so the question is not so much whether you have them; it is whether they are effective.  You should have a procedure for reviewing policies and procedures on an annual basis.  The next question to pursue is what are the actual practice sat the bank Vis-a -Vis the policies and procedures.  It is often the case that staff tends to “re-write “procedures in an effort to streamline work.   It is essential to do a regular “sound check” of staff to see whether the policies and procedures are truly being followed.  In this area it is also critical that the auditing staff being retained is “mean”.  Regulators have been very clear in emphasizing the need for audits to contained detailed scopes.

Ø  Compliance culture:  what is the overall level of acceptance of compliance at the bank?  For many of our clients compliance is viewed as at best, a necessary evil.  Frankly, in most cases compliance is viewed with abject hostility.  Despite this fact compliance is here to stay and is going to continue to be emphasized.  The truth is that there are no compliance regulations that have not been earned by the banking industry at some time in the past.  The level of responsiveness to compliance findings and concerns is a matter that will be given a great deal of weight by regulators.   It is important to get senior management and the Board’s buy-in! 

Ø  Training:  This is an area that often gets overlooked.  Many banks look to cut costs by reducing training to a bare minimum.  We also advise that this is a mistake.  The regulators expect that staff will be kept up  to date on regulations and will consider a well-developed system for training to be a very positive factor in reducing inherent risk  

Ø  Overall economic and regulatory environment:  Although it is easy to keep one’s “nose to the grindstone” when dealing with compliance, development if a strong assessment of inherent risk requires that the compliance staff be able to look at the light at the end of the tunnel and make  sure that the light isn’t from an oncoming  train!  

The detailed Risk-Based compliance supervision program is a document that goes into great detail about the methods that the examination staff is expected to employ when developing a risk profile for the community banks it supervises. 

Keys to Effectively Assessing Inherent Risk

We believe that there are a few keys to developing a risk portfolio that will allow for reduced or even minimal supervision from your regulator

·         Your assessment must be comprehensive.   You must take into account both internal and external factors.   This means that your assessment should consider what is going on in the marketplace surrounding the products that you offer.  It is not enough to simply chug along doing what you do with little knowledge of trends in the industry.  It is important to be aware of regulators are responding to fees charged for overdrafts for example.   This sort of information can keep your bank from making an untimely decision to offer a product that has been frowned upon.

·         Your assessment must be honest.  Regulators are increasingly willing to work with banks that “come clean’ about their problems.   It is much better for you to recognize weaknesses in your system than for the regulators to do so.  When THEY point it out, they also draw the conclusion that you are unaware!  If there are problems in your current compliance system, point them out and present a plan for addressing them in the most expeditious manner  possible

·         Your assessment must be forward looking.    Your assessment should consider the changes that the new regulations will require,  planned growth at the bank and changes in the community Finally your assessment should be dynamic and have the ability to be updated on a  regular basis

While it is the examination staff that will ultimately create the risk profile document, we advise our clients to develop a risk assessment on their own and be prepared to share it with the regulatory staff.  Remember the goal is to develop a reputation for clear-eyed compliance and collaboration.