Seasonally Appropriate... 

A Cornucopia of Risk Issues

In the past several weeks, there has been a flurry of activity amongst the leaders of the various regulatory agencies, all raising the issue of risk management in some form or another.  Of course the standard aspects of loan portfolio risk are being mentioned, and several of these individuals were quick to point out all the effort they are putting in to making it easier for banks to be compliant with their expectations with regard to managing risk in credit portfolios, etc. 

Beyond that, there are new aspects of risk management that these regulators are highlighting.  Many of them mirror the news headlines that have dominated the press - cyber-attacks on various organizations and the issue of data security, bank culture and the impact that has on decisions within a bank regardless of what is in the policy manual, compliance with fair lending regulations in the mortgage space, and rate risks being accepted by banks as they attempt to achieve profitability in both their loan and investment portfolios.

There is a new data breach being announced every day it seems.  While the regulators have ramped up their emphasis on vendor management as one approach to eliminate potential gaps in data control, there is a scramble to manage not only the real risk of data security, but also the reputational risk of being vulnerable.  Examiners will be spending more time on the review of vendor evaluations and those evaluations will be more thorough and provide a deeper look at where potential risks might lie.  Examiners will also expect bank boards to be asking appropriate questions about the bank's preparations and data security efforts before they come on site.  A recent article in American Banker gave some recommendations for where a bank board might focus with regard to its banks cybersecurity preparedness. (1)

Examiners are also looking to board members to be more aware of the cultural messages being sent throughout each organization.  The concept of a culture problem was mentioned even with regard to the issues at JPMorgan, and in a recent article Thomas Curry stressed again the importance of a strong risk culture, and how that message needs to be carried throughout an organization. (2)  He places responsibility for that with the bank management, and points out that these problems are not created or solved overnight.  And as with the excessive press coverage that a big data breach gets, these failures within a management team to set cultural expectations for ethical behavior tend to have long lasting and far reaching reputational risk to a company.  Frankly, the frequency of these events has been a major contributor to reputation deterioration of the industry as a whole.

A focus on compliance particularly in the mortgage lending space has been indicated by many of the regulators in industry presentations.  Earlier this month at a mortgage industry conference, top officials from the OCC, as well as the CFPB and the Department of Justice all confirmed that they will be addressing concerns in the fair lending area during upcoming exams.  The CFPB has made highly publicized attempts to enforce new servicing rules, with several high dollar penalties against banks and mortgage servicers.  The OCC is particularly interested in mortgage modifications, which were one of the more common approaches used to resolve problem mortgages since the downturn, part of the national home retention effort.  Their primary concern relates to discrimination against minorities in issuing those modifications, and there is also a general concern regarding a lack of internal controls in place to prevent potential violation of fair lending rules. (3)

Lastly, regulators are raising the warning flags on interest rate risk, most recently when FDIC Chairman Gruenberg spoke at the American Banker Regulatory Symposium in September. (4)  The compression of the net interest margin has been the topic of much gnashing of teeth and hand wringing, but that is not the only area of concern.  Chairman Gruenberg also points to the looming issue with investment securities and the gradual move many banks have made to longer term securities in their investment portfolios.  These longer terms have provided some banks higher yields during this period, when funds may have been idle due to lack of quality loan demand.  As interest rates edge back toward a more normal level, these longer term securities may present liquidity issues and experience potential declines in value.  If history is any indicator, this will occur at the same time that many banks see dollars in relatively stable deposits begin to be reduced in search of higher returns, and the combination could be an unwelcome impact on capital levels at some institutions.  Unlike in cycles past, capital level requirements are stricter now and many banks have less than an adequate cushion.

Dealing with a variety of risks is something most bankers are used to, however this season appears to present a new challenge in that the risks have shifted a bit from the last several years.  The industry has an opportunity to meet these challenges and by doing so, with the help of supportive regulators, we can remove some of the blemish that has been cast on banks, large and small, during a period of rapid change and stress.