Credible Challenge,
Risk Management and Compliance
In recent months there have been some developments that have come together to shed some light on what ERM might mean for community banks. First there has been the OCC pronouncement about the expectations for ERM in very large banks. Next the concept of clear credible challenge by the Board to the senior management of banks has been espoused by all of the regulatory agencies. Finally , regulators have made it clear that in the future, compliance management will be considered a part of the “M” rating in a banks CAMEL rating for safety and soundness.
The OCC released guidance for very
large banks on what is expected for a credible risk management structure. For very large banks this means that there
has to be:
· Department heads and line business holders must track and manage
the individual risk in their business units
· There must be an independent risk manager whose
role it is to monitor and control risk
throughout the organization
·
Independent audits must be performed to test the
risk monitoring system
The main thrust of this guidance
is that there has to be an entity (ultimately the Board) that serves to set the
level of risk that is acceptable at a financial institution. Further the risk managers should be independent
of the risk takers. At the end of the
day, the expectation is that the Board will control the level of risk at the
Bank and must push back against the business lines that naturally want to
increase risk for profits.
Along those same lines, the idea
that the Board must present credible challenge to the senior management at the
bank is a concept that is becoming widely impressed by the regulators. The concept here is not simply that the Board
members question each and every decision of management. Instead the idea is that the Board must
undertake a process that allows them to get comprehensive information about the
banks performance in real time. It also
means that the Board must then take this information and use it to challenge
the strategic plans and projections of management. Much like the biblical saying that “iron
sharpens iron” the idea here is that the Board must increasingly ensure that
management has thought through the idea and has answers for credible challenges
to those plans. Again most of the pronouncements
in this area are directed at large banks, but that no means says that community
banks should a different route. Board members should be cognizant of the fact
that the regulators are expecting a strong commitment to directing the bank.
The third factor that comes into
play is the ascendance of compliance as an issue for bank management. In past years, the truth is that compliance
often took a back seat to safety and soundness.
After all, the thought went, no banks fails because of compliance problems. However, recently regulators have come to realize
that compliance management is s indeed a reflection of overall management. The ability of banks to direct the compliance
management program has to be a part of the “M” component of the CAMEL
ratings. In point of fact the
Comptroller of the Currency in remarks made in late 2013 said as much. In his December 2013 comments to the
Consumer Federation of America, Mr. Tim Curry, the Comptroller of the Currency
pointed out that consumer compliance is a management issue:
In reality, there is no neat dividing line
between consumer compliance and safety and soundness issues. If an institution
has a compliance issue, they are certain to have underlying risk management
issues. Consumer protection is
inextricably linked to safety and soundness. [1]
The fact of the matter is that at
the very base of the financial crisis that this country recently experienced is
consumer lending gone horribly wrong.
Compliance is going to be a major focus for the regulators in the near
future. The areas of compliance are also
expanding. The area in simply the
alphabet soup regulations that we know so well, vendor management, debt
collections practices, the effects of practices at a bank are all topic that
cme under the rubric of compliance.
Putting together the ideas of
enterprise wide risk management, credit challenge theory and compliance
management as a safety and soundness issue.
We come to a “brave new world” for compliance. When the strategic plan is being put together
for example, it will soon be the expectation that the question “how are we
meetng the credit needs of our community” is asked regularly. When a Chief Credit Officer tells the Board
that it is not economically feasible to offer home mortgages, it will be
expected that a member of the Board will challenge the officer to “prove
it”!
There are currently many mantras that
have been held to be true for some time without challenge. For example, community often say that they
have limited accesses to community development opportunities because they get
eaten up by the big banks. Now is a good
time to find out if that is really true.
When was the last time you actually reviewed the community development
opportunities in your assessment area.
This is not to say that there are vast opportunities out there that remain
untapped. It IS to say that now is the
time to prove it with statistics and research!
What’s a community Bank to do?
It is clear that the regulators
don’t expect community banks to hire a full time risk officer. Frankly it might be easy to say these
directives only apply to large banks, stick ones head in the proverbial sand
and hope that nothing will happen. On the
other hand, it is also clear that the regulators are expecting that a senior
management position, preferable one that is not in the risk taking function to
monitor and administrate the risk portfolio of the bank. Now is the time to face the inevitable realty
of risk management.
So how does a community banks
start the risk management process under his new regime. Well, you start with putting your Board reports
on turbo charge! Report to the board
have to step outside the box. In addition
to the operating results of the last reporting period, the reports should include
changes to regulations and how these regulations might impact the bank. For example, many community banks felt hat
the rules on qualified mortgages represented a whole new world of regulatory
concerns and immediately decided to make only qualifying mortgages. However, if the specifics of these
regulations had been presented to Boards with the opportunity to discuss them,
many would have noticed that the regulations basically state best practices for
making loan. There was very little to
fear and the in some cases, an opportunity to increase market share. Going forward regulators will expect that
these sort of regulations receive robust discussion at the Board level.
We also suggest that Board reports
include information on technological changes and they impact the bank. Mobile banking and RDC present opportunities
to grow the client base. Of course, both
of these products come with the possibility of increased risk. The expectation that the decision to use (or
not to use) these products will come after the considered decision of the
Board.
One of the areas that often goes
overlooked by banks is the changing demographics of the assessment area that
they serve. In the recent past the
failure to note the changing face of the neighborhood lead a client to make a
product decision that lead to a fair lending investigation. The bank simply decided that the minimum
disposable income for HELOCs would by $50,000.
However, because had not done research on its assessment area in some time,
they were unaware that this decision cut out whole neighborhoods that
surrounded the headquarters of the bank.
In our opinion, change presents opportunity, so a changing environment
has to be one of the considerations of a strategic plan.
In the end, now is the time to enhance your risk
management program, the level of Board participation in the process and to
include compliance as one of the pillar considerations that your bank makes as
it plans for the future.
No comments:
Post a Comment