The Bank Audit & Risk Committees Conference – Day Two Wrap Up

With all of the information provided at this year’s Bank Audit & Risk Committees conference(#BDAudit14 via @bankdirector), I think it is fair to write that some attendees might be heading home thinking “man, that was like taking a refreshing drink from a firehose.”  As I reflect on my time in Chicago this week, it strikes me that many of the rules and requirements being placed on the biggest banks will inevitably trickle down to smaller community banks.  Likewise, the risks and challenges being faced by the biggest of the big will also plague the smallest of the small.  Below, I share two key takeaways from yesterday’s presentations along with a short video recap that reminds bankers that competition comes in many shapes and sizes.

The Crown Fountain in Millennium Park
The Crown Fountain in Millennium Park

Trust, But Verify

To open her “New Audit Committee Playbook” breakout session, Crowe Horwath’s Jennifer Burke reinforced lessons from previous sessions that a bank’s audit committee is the first line of defense for the board of directors and shareholders.  Whether providing oversight to management’s design and implementation with respect to internal controls to consideration of fraud risks to the bank, she made clear the importance of an engaged and educated director.  Let me share three “typical pitfalls” she identified for audit committee members to steer clear of:

  1. Not addressing complex accounting issues;
  2. Lack of open lines of communication to functional managers; and
  3. Failure to respond to warning event.

To these points, let me echo her closing remarks: it is imperative that a board member understand his/her responsibility and get help from outside resources (e.g. attorneys, accountants, consultants, etc.) whenever needed.

Learn From High-profile Corporate Scandals

Many business leaders are increasingly aware of the need to create company-specific anti-fraud measures to address internal corporate fraud and misconduct.  For this reason, our final session looked at opening an investigation from the board’s point-of-view.  Arnold & Porter’s Brian McCormally kicked things off with a reminder that the high-profile cyber hacks of Neiman Marcus and Target aren’t the only high-profile corporate scandals that bankers can learn from.  The former head of enforcement at the OCC warned that regulators today increasingly expect bank directors to actively investigate operational risk management issues.  KPMG’s Director of Fraud Risk Management, Ken Jones, echoed his point.  Ken noted the challenge for bank executives and board members is “developing a comprehensive effort to (a) understand the US compliance and enforcement mandates — and how this criteria applies to them; (b) identify the types of fraud that impact the organization; (c) understand various control frameworks and the nature of controls; (d) integrate risk assessments, codes of conduct, and whistleblower mechanisms into corporate objectives; and (e) create a comprehensive anti-fraud program that manages and integrates prevention, detection, and response efforts.”

A One-Minute Video Recap

##

To comment on this piece, click on the green circle with the white plus (+) sign on the bottom right. If you are on twitter, I’m @aldominick.  P.S. — check back tomorrow for a special guest post on AboutThatRatio.com.

The Bank Audit & Risk Committees Conference – Day One Wrap Up

Fundamentally, risk oversight is a responsibility of the board.  One big takeaway from yesterday’s Bank Audit and Risk Committees conference (#BDAudit14 via @bankdirector): the regulatory framework has changed considerably over the past 12 to 18 months — with less focus being placed on things like asset quality and more on operational risks and new product offerings.  To this end, I get the sense officers and directors cannot always wait for the Federal Reserve or other agencies to release guidance to get a sense of the potential impact on their institution.

photo-13
Frank Gehry’s Chicago masterpiece

Trending Topics

Overall, the issues I took note of were, in no particular order: (a) when it comes to formulating a risk appetite, no one size fits all; (b) a bank’s CEO and/or Chairman should establish a formal, ongoing training program for independent directors that provides training on complex products, services, lines of business and risks that have a significant impact on the institution; (c) bank examiners are increasingly asking more probing questions regarding new products and services & third-party vendor risk; (d) the DOJ’s “Operation Chokepoint” use of the banking system to identify fraud and criminal activity in certain areas perceived as high risk was mentioned in three different general sessions; and (e) cyber security is the hot topic.

A Two and a Half Minute Recap

##

To comment on this piece, click on the green circle with the white plus (+) sign on the bottom right. More from the Palmer House in Chicago, IL later today on twitter (@aldominick) and again tomorrow on this site.

Three Thoughts on Banks and Risk

I’m heading out to Chicago and Bank Director’s annual Bank Audit & Risk Committees Conference.  The agenda — focused on accounting, risk and regulatory issues — aligns with the information needs of a Chairman of the Board, Audit and/or Risk Committee Chair and Members, Internal Auditors, Chief Financial Officers and Chief Risk Officers.  Before I welcome some 300 attendees (representing over 150 financial institutions from 39 states) to the Palmer House, I thought to share three things that would keep me up at night if I traded roles with our attendees.

The Bean

(1) The Risk of New Competition

For bank executives and board members, competition takes many forms.  Not only are banks burdened with regulation, capital requirements and stress testing, they now have the added pressure of competition from non-financial institutions.  Companies such as Paypal, as well as traditional consumer brands such as Walmart, are aggressively chipping away at the bank’s customer base and threatening many financial institutions’ core business — a fact made clear by Jamie Dimon, the CEO of JPMorgan Chase, at a shareholder meeting this February.

“You’d be an idiot not to think that the Googles and Apples  .  .  .  they all want to eat our lunch.  I mean, every single one of them.  And they’re going to try.”

To this end, I find myself agreeing with Accenture’s Steve Culp, Accenture’s senior managing director of Finance & Risk Services, when he writes “banks need to keep developing their risk capabilities, skills and talents, and align these skills with their agenda around future growth. If they don’t align their growth agenda with their risk capabilities—building a safe path toward growth opportunities—they will miss out on those growth opportunities.”  While I plan on diving much deeper into this topic following the conference, I definitely welcome feedback on the issue below.

(2) The Risk to A Reputation

While the Dodd-Frank Act requires publicly traded banks with more than $10 billion in assets to establish separate risk committees of the board, and banks over $50 billion to additionally hire chief risk officers, I’m seeing smaller banks proactively following suit.  Such additions, however, does not absolve directors and senior managers of financial institutions from preparing for the worst… which is easier said then done.   In some ways, a bank’s reputation is a hard-to-quantify risk.  Anyone can post negative comments online about an institution’s products, services or staff, but one only needs to look at Target’s financial performance post-cyber hack to realize that revenue and reputation goes hand-in-hand.

(3) The Risk of Cyber Criminals

Speaking of Target, earlier this year, Bank Director and FIS collaborated on a risk survey to pinpoint struggles and concerns within the boardrooms of financial institutions.  As we found, tying risk management to a strategic plan and measuring its impact on the organization proves difficult for many institutions, although those that have tried to measure their risk management program’s impact report a positive effect on financial performance.  What jumps out at me in the results of this research are the concerns over cyber and operational security.  Clearly, the number of “bad actors” who want to penetrate the bank’s defenses has increased exponentially, their tools have become remarkably sophisticated, and they learn quickly.  I read an interesting piece by an attorney at Dechert (sorry, registration required) that shows the analytical framework for cyber security is very similar to what most directors have focused on in their successful business careers: people, process and technology.  But theory is one thing, putting into practice a plan to protect your assets, entirely different.

##

To comment on today’s column, please click on the green circle with the white plus sign on the bottom right. If you are on twitter, I’m @aldominick. Aloha Friday!

Time To Sell The Bank?

From the the appeal of spreading into new geographies to the attractiveness of acquiring exceptional talent to drive new sources of revenue, the need and desire to grow exists at virtually every financial institution. For those pursuing another bank, a merger or acquisition (M&A) provides an avenue to drive earnings while improving operating leverage, efficiency and scale. I have written about M&A from a potential buyers point-of-view (e.g. Acquire or Be Acquired – Sunday Recap); today’s piece flips the script and highlights three issues that may precipitate a sale.

Compliance Costs

Banks are facing some very significant challenges in the years ahead — and not just from consolidation.  As KPMG shared in its An Industry At a Pivot Point, “the costs and time stresses created by the regulatory environment are not going away, and will continue to affect four areas for banks: strategy and business models, interactions with customers and client assets, data and reporting structures, and governance and risk capabilities.”  Certainly, the sharply increased cost of regulatory compliance might lead some to seek a buyer; others will respond by trying to get bigger through acquisitions so they can spread the costs over a wider base.

Capital Concerns

Some banks will have to raise capital just to meet the Basel III requirements, while others will have to raise capital to do an acquisition or support their organic growth. The required levels are so much higher now that banks will have to manage their capital much more closely than they did before.  (*If you’re looking for a central resource for the many ongoing regulatory changes that are reshaping bank capital and prudential requirements in the United States, take a look at Davis Polk’s excellent Capital and Prudential Standards Blog.)

Earnings Pressure

As the attractiveness of branch networks and deposit franchises dwindles, lack of top-line growth will lead to further industry consolidation. With little overall changes in our economy, in-market mergers between banks with significant overlap in branches and operations offer tremendous cost-saving opportunities when done skillfully.

##

To comment on this piece, click on the green circle with the white plus sign on the bottom right. Aloha Friday!