An Easy Way to Lose Sight of Critical Risks

CHICAGO — Let me ask you a question:

How does the executive team at your biggest competitor think about their future? Are they fixated on asset growth or loan quality? Gathering low-cost deposits? Improving their technology to accelerate the digital delivery of new products? Finding and training new talent?

The answers don’t need to be immediate or precise. But we tend to fixate on the issues in front of us and ignore what’s happening right outside our door, even if the latter issues are just as important.

Yet, any leader worth their weight in stock certificates will say that taking the time to dig into and learn about other businesses, even those in unrelated industries, is time well spent.

Indeed, smart executives and experienced outside directors prize efficiency, prudence and smart capital allocation in their bank’s dealings. But here’s the thing: Your biggest—and most formidable—competitors strive for the same objectives.

So when we talk about trending topics at today and tomorrow’s Bank Audit and Risk Committees Conference in Chicago, we do so with an eye not just to the internal challenges faced by your institution but on the external pressures as well.

As my team at Bank Director prepares to host 317 women and men from banks across the country this morning, let me state the obvious: Risk is no stranger to a bank’s officers or directors. Indeed, the core business of banking revolves around risk management—interest rate risk, credit risk, operational risk. To take things a step further:

Given this, few would dispute the importance of the audit committee to appraise a bank’s business practices, or of the risk committee to identify potential hazards that could imperil an institution. Banks must stay vigilant, even as they struggle to respond to the demands of the digital revolution and heightened customer expectations.

I can’t overstate the importance of audit and risk committees keeping pace with the disruptive technological transformation of the industry. That transformation is creating an emergent banking model, according to Frank Rotman, a founding partner of venture capital firm QED Investors. This new model focuses banks on increasing engagement, collecting data and offering precisely targeted solutions to their customers.

If that’s the case—given the current state of innovation, digital transformation and the re-imagination of business processes—is it any wonder that boards are struggling to focus on risk management and the bank’s internal control environment?

When was the last time the audit committee at your bank revisited the list of items that appeared on the meeting agenda or evaluated how the committee spends its time? From my vantage point, now might be an ideal time for audit committees to sharpen the focus of their institutions on the cultures they prize, the ethics they value and the processes they need to ensure compliance.

And for risk committee members, national economic uncertainty—given the political rhetoric from Washington and trade tensions with U.S. global economic partners, especially China—has to be on your radar. Many economists expect an economic recession by June 2020. Is your bank prepared for that?

Bank leadership teams must monitor technological advances, cybersecurity concerns and an ever-evolving set of customer and investor expectations. But other issues can’t be ignored either.

So as I prepare to take the stage to kick off this year’s Bank Audit and Risk Committees Conference, I encourage everyone to remember that minds are like parachutes. In the immortal words of musician Frank Zappa: “It doesn’t work if it is not open.”

3 Trends (and 3 Issues) Every Bank’s Board Needs To Consider

Quickly:

  • The challenges faced by financial institutions today are as numerous as they are nuanced. Be it data security, emerging technology, fraud, crisis management and/or the effectiveness of internal controls, I opened the 12th annual Bank Audit & Risk Committees Conference by laying out a number of key governance, risk and compliance issues and trends.

CHICAGO — While a sophomore at Washington & Lee University, a professor loudly (and unexpectedly) chastised a close friend of mine for stating the obvious. With a wry laugh, he thanked my classmate “for crashing through an open door.” Snark aside, his criticism became a rallying cry for me to pause and dive deeper into apparently simple questions or issues.

Audit16x9

I shared this anecdote with some 400 attendees earlier today; indeed, I teed up Bank Director’s annual program by reminding everyone from the main stage that:

  1. We’re late in the economic cycle;
  2. Rates are rising; and
  3. Pressure on lending spreads remains intense.

Given the composition of this year’s audience, I acknowledged the obvious nature of these three points. I did so, however, in order to surface three trends we felt all here should have on their radar.  I followed that up with three emerging issues to make note of.

TREND #1:
Big banks continue to roll-out exceptional customer-facing technology.

Wells Fargo has been kicked around a lot in the press this year, but to see how big banks continue to pile up retail banking wins, take a look at Greenhouse by Wells Fargo, their app designed to attract younger customers to banking.

TREND #2:
Traditional core IT providers — Fiserv, Jack Henry & FIS — are under fire.

As traditional players move towards digital businesses, new players continue to emerge to help traditional banks become more nimble, flexible and competitive.  Here, FinXact and Nymbus provide two good examples of legitimate challengers to legacy cores.

TREND #3:
Amazon lurks as the game changer.

Community banker’s fear Amazon’s potential entry into this market; according to Promontory Interfinancial Network’s recent business outlook, it is their greatest threat.

In addition to these trends, I surfaced three immediate issues that banks must tackle

ISSUE #1:
Big banks attract new deposits at a much faster pace than banks with less than $1 billion assets.

If small banks can’t easily and efficiently attract deposits, they basically have no future. ‘Nuf said.

ISSUE #2: 
Bank boards need to know if they want to buy, sell or grow independently.

In a recent newsletter, Tom Brown of Second Curve Capital opined that “if you have less than $5 billion in assets, an efficiency ratio north of 65%, deposit costs above 60 basis points, and earn a return on equity in the single digits, this really is time to give some thought to selling.”  As I shared on LinkedIn yesterday, the 3 biggest bank M&A deals of the year took place in May: Fifth Third Bancorp’s $4.6 billion purchase of MB Financial, Cadence Bancorp’s $1.3 billion acquisition of State Bank Financial and Independent Bank Group’s $1 billion agreement to buy Guaranty Bancorp. 
 I don’t see the pace of consolidation slowing any time soon — and know that banks need to ask if they want (and can) be buyers or sellers.

ISSUE #3:
The risk of data breaches across industries continues to increase.

Be it risk management, internal control or third-party security considerations, every aspect of an institution is susceptible to a data breach — and managing these threats and identifying appropriate solutions takes a village that includes the most senior leaders of an organization.

##

Just as banks need to develop their audit and risk capabilities, skills and talents, so too do officers and directors have both an opportunity and the responsibility to stay abreast of various trends and topics.  Bank Director’s event continues tomorrow with some fascinating presentations. To see what’s been shared already, take a look at Twitter, where I’m tweeting using @aldominick and #BDAudit18.

21 Reasons I Am Excited About Acquire or Be Acquired

Quickly:

  • Making banking digital, personalized and in compliance with regulatory expectations remains an ongoing challenge for the financial industry. This is just one reason why a successful merger — or acquisition — involves more than just finding the right cultural match and negotiating a good deal.

By Al Dominick, CEO of DirectorCorps — parent co. to Bank Director & FinXTech.

PHOENIX, AZ — As the sun comes up on the Arizona Biltmore, I have a huge smile on my face. Indeed, our team is READY to host the premier financial growth event for bank CEOs, senior management and members of the board: Bank Director’s 24th annual Acquire or Be Acquired Conference. This exclusive event brings together key leaders from across the financial industry to explore merger & acquisition strategies, financial growth opportunities and emerging areas of potential collaboration.

AOBA Demographics

The festivities begin later today with a welcoming reception on the Biltmore’s main lawn for all 1,125 of our registered attendees.  But before my team starts to welcome people, let me share what I am looking forward to over the next 72 hours:

  1. Saying hello to as many of the 241 bank CEOs from banks HQ’d in 45 states as I can;
  2. Greeting 669 members of a bank’s board;
  3. Hosting 127 executives with C-level titles (e.g. CFO, CMO and CTO);
  4. Entertaining predictions related to pricing and consolidation trends;
  5. Hearing how a bank’s CEO & board establishes their pricing discipline;
  6. Confirming that banks with strong tangible book value multiples are dominating M&A;
  7. Listening to the approaches one might take to acquire a privately-held/closely-held institution;
  8. Learning how boards debate the size they need to be in the next five years;
  9. Engaging in conversations about aligning current talent with future growth aspirations;
  10. Juxtaposing economic expectations against the possibilities for de novos and IPOs in 2018;
  11. Getting smarter on the current operating environment for banks — and what it might become;
  12. Popping into Show ’n Tells that showcase models for cooperation between banks and FinTechs;
  13. Predicting the intersection of banking and technology with executives from companies like Salesforce, nCino and PrecisionLender;
  14. Noting the emerging opportunities available to banks vis-a-vis payments, data and analytics;
  15. Moderating this year’s Seidman Panel, one comprised of bank CEOs from Fifth Third, Cross River Bank and Southern Missouri Bancorp;
  16. Identifying due diligence pitfalls — and how to avoid them;
  17. Testing the assumption that buyers will continue to capitalize on the strength of their shares to meet seller pricing expectations to seal stock-driven deals;
  18. Showing how and where banks can invest in cloud-based software;
  19. Encouraging conversations about partnerships, collaboration and enablement;
  20. Addressing three primary risks facing banks — cyber, credit and market; and
  21. Welcoming so many exceptional speakers to the stage, starting with Tom Michaud, President & CEO of Keefe, Bruyette & Woods, Inc., a Stifel Company, tomorrow morning.

For those of you interested in following the conference conversations via our social channels, I invite you to follow me on Twitter via @AlDominick, the host company, @BankDirector and our @Fin_X_Tech platform, and search & follow #AOBA18 to see what is being shared with (and by) our attendees.

Strong Board. Strong Bank

Quickly:

  • A bank’s CEO, Chairman and board of directors face a number of challenges in today’s ever competitive, highly regulated and rapidly evolving financial services industry.

By Al Dominick, CEO of DirectorCorps — parent co. to Bank Director & FinXTech

ATLANTA — Complex regulations, technological innovations and a highly competitive environment that leaves little room for error have placed unprecedented demands on the time and talents of bank boards.  Still, no one I’m with today seems interested in pity or sympathy.  To wit, I’m in Atlanta, at the Ritz-Carlton Buckhead, as we host Bank Director’s annual Bank Board Training Forum.  With us are 200+ men and women committed to strengthening their bank’s performance by enhancing the skills and abilities of their boards.

I’m buoyed by their collective optimism, especially having surfaced myriad governance issues, compliance challenges, audit responsibilities, risk concerns and areas of potential liability. What follows are five takeaways from presentations made today that are growth, risk or team-oriented.

  1. When it comes to growing one’s bank, an acquisition of another institution certainly helps a buyer achieve operating scale efficiencies, which in turn increases its valuation.
  2. In addition to traditional M&A as a driver of growth, we are seeing more partnerships with (and outright acquisitions of) non-banks in order to enhance non-interest income and the expansion of net interest margins.
  3. Personally, I appreciated Jim McAlpin (a partner at the law firm of Bryan Cave) for elaborating on the phrase “Strong Governance Culture.” As he explained, the regulatory community takes this to mean a well developed system of internal oversight and a board culture focused on risk management.
  4. When it comes to risk, financial institutions face a quite a few. Indeed, Eve Rogers, a Partner at Crowe Horwath, touched on cybersecurity, economic factors, regulatory changes, shrinking margins and fee restrictions. As she made clear, proactively identifying, mitigating, and, in some cases, capitalizing on these risks provides a distinct advantage to the banks here with us.
  5. In terms of compensation, a good checklist for all banks includes (a) the bank’s compensation philosophy, (b) specific details for how to incorporate a performance plan against a strategic plan and (c) details around how one’s compensation peer group was formed — and when was it last updated.

Tomorrow morning, I share some new ideas for approaching technology in terms of growth and efficiency given the digital distribution of financial goods and services.  As I noted from the stage, we’re seeing some banks, rather than hire from the ground up, take a plug-and-play approach for partnering (or acquiring) FinTech companies. While I certainly intend to talk about the culture and team aspects of technology tomorrow, my focus goes to how and where machine learning, RegTech, payments, white labeling opportunities and core providers allow financial institutions to present a cutting-edge looks and feels to its customers under the bank’s brand.  (*If you’re interested, click here.)

The Intersection of Leadership and Profitability

By Al Dominick, CEO of DirectorCorps — parent co. to Bank Director & FinXTech

Quickly

  • Key takeaways from one of my favorite summer banking events, Crowe Horwath’s Bank Leadership and Profitability Improvement Conference.

_ _ _

This morning, on the first of my two flights from Washington National to Monterey, California, I learned that Walmart customers might soon be able to get installment loans for big-ticket items through Affirm, a San Francisco-based FinTech I first wrote about in 2014 (For Banks, the Sky IS Falling).  Per the Wall Street Journal, the companies reportedly are nearing an agreement on a pilot program.  This potential partnership caught my eye as I prepared for today and tomorrow’s conference.  Indeed, relationships like these make clear that when it comes to growth and efficiency, the digital distribution of financial goods and services is a significant issue for the banking industry.

This idea took further shape when I walked into the conference center at the Inn at Spanish Bay.  Immediately upon entering the room, I found John Epperson, a partner at Crowe and Jay Tuli, senior vice president retail banking and residential lending at Leader Bank, sharing their opinions on partnership strategies involving banks and FinTechs.  From the stage, they touched on increasing net interest margins via improved pricing strategies on commercial loans, approaches to streamline mortgage application processes, ideas to reduce staff counts for loan administration processes and how to improve customer experiences through online rent payment solutions.

Their perspectives lined up with those we recently shared on BankDirector.com.  To wit, “many banks have realized advantages of bank-FinTech partnerships, including access to assets and customers.  Since most community banks serve discreet markets, even a relatively simple loan purchase arrangement can unlock new customer relationships and diversify geographic concentrations of credit.  Further, a FinTech partnership can help a bank serve its legacy customers; for instance, by enabling the bank to offer small dollar loans to commercial customers that the bank might not otherwise be able to efficiently originate on its own.”

Of all the difficult issues that bank leadership must deal with, I am inclined to place technology at the top of the list.  Banks have long been reliant on technology to run their operations, but in recent years, technology has become a primary driver of retail and small business banking strategy.  John and Jay simply reinforced this belief.

In addition to their thoughts on collaboration, this afternoon’s sessions focused on ‘Liquidity and Balance Sheet Management,’ ‘Fiscal Policy During Regulatory Uncertainty’ and ‘Managing Your Brand in a Digital World.’  While I took note of a number of issues, three points really stood out:

  • Yes, banks can make money while managing decreasing margins and a flat yield curve.
  • Asset growth without earnings growth is a concern for many because of loan pricing.
  • How a CFO sets a target(s) for interest rate risk may start with an “it depends” type response — but gets nuanced quickly thereafter.

Finally, I’m not holding my breath on the industry receiving regulatory relief any time soon.  I get the sense many here aren’t either.  But it would be nice to see some business people brought in to run various agencies and I’m looking forward to the perspectives of tomorrow’s first guest speaker, Congressman John Ratcliffe.

##

My thanks to Crowe Horwath, Stifel, Keefe Bruyette & Woods + Luse Gorman for putting together this year’s Bank Leadership and Profitability Improvement Conference at The Inn at Spanish Bay in Pebble Beach, California.  I’ll check in with additional takeaways based on tomorrow’s presentations.

3 Disruptive Forces Confronting Banks – and How Zelle Might Help

By Al Dominick, CEO of DirectorCorps (parent co. to Bank Director & FinXTech) | @aldominick

“The volume and pace of what’s emerging is amazing. I’ve never seen it before in our industry.”

These words, spoken about technology driving an unprecedented pace of change across our financial landscape, came from Greg Carmichael, today’s keynote speaker at Bank Director’s annual Bank Audit & Risk Committees Conference.  Greg serves as president and CEO of Fifth Third Bancorp, a diversified financial services company headquartered in Cincinnati, Ohio.  The company has $142 billion in assets, approximately 18,000 employees, operates 1,191 retail-banking centers in 10 states and has a commercial and consumer lending presence throughout the U.S.

Fifth Third Bancorp’s four main businesses are commercial banking, branch banking, consumer lending and wealth and asset management.  Given this focus, Greg’s remarks addressed how, where and why technology continues to impact the way banks like his operate.  Thinking about his perspective on the digitization of the customer experience, I teed up his presentation with my observations on three risks facing bank leadership today.

Risk #1: Earlier this year, the online lending firm SoFi announced that it had acquired Zenbanx, a startup offering banking, debit, payments and money transfer services to users online and through its mobile app.  As TechCrunch shared, “the combination of the two will allow SoFi to move deeper into the financial lives of its customers. While today it focuses on student-loan refinancing, mortgages and personal loans, integrating Zenbanx will allow it to provide an alternative to the traditional checking and deposit services most of SoFi’s customers today get from banks like Bank of America, Citi or Chase.”  Given that many banks are just beginning their digital transformation, combinations like this create new competition for traditional banks to address.  Cause for further concern?  It came to light that SoFi just applied for an industrial loan bank charter in Utah under the name SoFi Bank.

Risk #2: With so much talk of the need for legacy institutions to pair up fintech companies, I made note of a recent MoneyConf event in Madrid, Spain.  There, BBVA chairman Francisco González said that banks need to shed their past and image as ‘incumbents’ and transform into new digital technology companies if they are to prosper in a banking environment dominated by technologically astute competitors. Transforming the bank “is not just a matter of platforms. The big challenge is changing an incumbent into a new digital company.”  Clearly, transforming one’s underlying business model is not for the faint of heart, and the leadership acumen required is quite substantial.

Risk #3: Finally, when it comes to digital companies doing it right, take a look at TheStreet’s recent post about how “Amazon Has Secretly Become a Giant Bank.”  I had no idea that its Amazon Lending service surpassed $3 billion in loans to small businesses since it was launched in 2011.  Indeed, “the eCommerce giant has loaned over $1 billion to small businesses in the past twelve months… Hiking up the sales for third party merchants is a plus for Amazon, as the company gets a piece of the transaction.” What I found particularly note-worthy is the fact that over 20,000 small businesses have received a loan from Amazon and more than 50% of the businesses Amazon loans to end up taking a second loan.

A Potential Solution

Jack Milligan, our Editor-in-Chief, recently wrote, “disruptive forces confronting banks today are systemic and in some cases accelerating.” In his words, the greatest risk facing bank leadership today is “the epochal change occurring in retail distribution as consumers and businesses embrace digital commerce in ever increasing numbers, while aggressive financial technology companies muscle into the financial services market to meet that demand.”

Against this backdrop, Fifth Third Bank just announced it will be one of more than 30 major financial institutions to roll out Zelle, a new peer-to-peer (P2P) payments service operated by Early Warning.  As Greg shared during his remarks, this will initially be offered through the banks’ mobile banking apps, and positions the bank to better compete with PayPal’s Venmo.

This is big news.  Indeed, Business Insider noted in today’s morning payments brief that the growing crowd of providers will fight over a mobile P2P market set to increase ninefold over the next five years, reaching $336 billion by 2021.  In addition to working directly with financial institutions, let me also note that Early Warning has established strategic partnerships with some of the leading payment processors –– think FIS, Fiserv, and Jack Henry.  These relationships will allow millions more to experience Zelle through community banks and credit unions.

##

Here in Chicago, we have 298 bank officers and directors with us today and tomorrow — and our Bank Audit and Risk Committees Conference itself totals 366 in attendance.  In terms of bank representation, we are proud to host audit committee members, audit committee chairs, CEOs, presidents, risk committee members, risk committee chairs, corporate secretaries, internal auditors, CFOs, CROs and other senior manager who works closely with the audit and/or risk committee.  Curious to see what’s being shared socially? I encourage you to follow @bankdirector and @fin_x_tech and check out #BDAudit17.

5 Cybersecurity Companies Bank Execs & Board Members Need to Know

When it comes to cybersecurity, the best defense might just be a great offense.  Whereas cybersecurity once focused on how banks could avoid losing money, my team and I are working on a program for 2017 to help officers and directors address potential scenarios (and develop realistic response plans) should a hack, breech or attack occur.  Indeed, protecting the bank against a cyber attack is a core responsibility of every member of a bank’s board and executive team.

In recent posts, I’ve highlighted various fintechs that I find compelling given their relationships with financial institutions.  In terms of cybersecurity, I’ve had the chance to learn more about companies like DefenseStorm (given their support of companies like nCino and LiveOak Bank) that I greatly respect.  Below are five more companies that I think bank leadership teams need to know:

Cognizant

A global cybersecurity solution and service provider, Cognizant supports multiple industry verticals and information security service lines.  I encourage you to take a look at their thoughts on what traditional banks can do to rebuild trust in the digital era.

Centrify

California-based Centrify offers identity & access management solutions to help secure enterprise identities against cyberthreats that target today’s IT environment of cloud computing.  Banking customers include such recognizable names as BB&T, SunTrust, Citi and RBS.

Lookout

Lookout has taken a mobile-first approach to security.  Indeed, one of the world’s largest investment management firms chose Lookout to provide threat and data leakage protection to over 10,000 managed iOS and Android devices.

Feedzai

Founded by data scientists and aerospace engineers, Feedzai’s mission is to “make commerce safe for business customers and create a better experience for their consumers through artificially intelligent machine learning.”

Brighterion

Since the founding of Brighterion, its core technology has been adapted and improved for real-time applications in the fields of payment, healthcare, marketing and homeland security.  For instance, its analysis of payments provides “unprecedented behavioral insights,” from the spending behavior of customers to the constantly evolving techniques of fraudsters.

##

As a complement to these five businesses, let me wrap up by sharing a recent FinXTech article:Emerging Technologies Combat Cybercrime.  As you will read, banks are doing everything they can to reassure customers that their digital information is safe and secure.

3 Key Takeaways from Bank Director’s Audit & Risk Conference

A quick check-in from the Swissotel in Chicago, where we just wrapped up the main day of Bank Director’s 10th annual Bank Audit & Risk Committees Conference.  This is a fascinating event, one focused on key accounting, risk and regulatory issues aligned with the information needs of a bank’s Chairman, CEO, Bank Audit Committee, Bank Risk Committee, CFO, CRO and internal auditor.  Risk + strategy go hand in hand; today, we spent considerable time debating risk in the context of growing the bank.

By Al Dominick, President & CEO of Bank Director

Earlier today, while moderating a panel discussion, I referenced a KPMG report that suggests “good risk management and governance can be compared to the brakes of a car. The better the brakes, the faster the car can drive.”  With anecdotes like this ringing in my head, allow me to share three key takeaways:

  1. A company’s culture & code of conduct are critical factors in creating an environment that encourages compliance with laws and regulations.
  2. Risk appetite is a widely accepted concept that remains difficult, in practice, to apply.
  3. As a member of the board, do not lose sight of the need to maintain your skepticism.

This year’s program brings together 150+ financial institutions and more then 300 attendees. The demographics reflect the audience we serve, so I thought to share three additional trends.  Clearly, boards of directors are under pressure to evolve.  Financial institutions need the right expertise and experience and benefit greatly when their directors have diverse backgrounds.

Further, as more regulatory rules are written, board members need to understand what they mean and how they can affect their bank’s business.  Finally, technology strategies and risks are inextricably linked to corporate strategy; as such, the level of board engagement needs to increase.

Given the many issues — both known and unknown — a bank faces as our industry evolves, today made clear how challenging it can be for an audit or risk committee member to get comfortable addressing risk and issues.  Staying compliant requires a solid defense and appreciation for what’s now.  Staying competitive?  This requires a sharper focus given near constant pressures to reduce costs while dealing with increasing competition and regulation.

##

To see what we’re sharing on our social networks, I encourage you to follow @bankdirector @fin_x_tech and @aldominick.  Questions or comment?  Feel free to leave me a note below.

Cybersecurity and the Fintech Wave

Earlier this month, at Bank Director’s FinTech Day at Nasdaq’s MarketSite in New York City, I noted how many technology firms are developing strategies, practices and tools that will dramatically influence how banking gets done in the future. Concomitantly, I expressed an optimism that banks are learning from these new players, adapting their offerings and identifying opportunities to collaborate with new “digital-first” businesses.  Unfortunately, with great opportunity comes significant risk (and today’s post looks at a major one challenging bank CEOs and their boards). 

By Al Dominick, President & CEO, Bank Director

To grow your revenue, deposits, brand, market size and/or market share requires both strong leadership and business strategy.  Right now, there are a handful of banks developing niche vertical lines of business to compete with the largest institutions. For instance, East West Bancorp, EverBank Financial, First Republic Bank, Opus Bank, PacWest Bancorp, Signature Bank and Texas Capital Bancshares.

Just as compelling as each bank’s approach to growing their business is the idea that new competitors in direct and mobile banking will spur the digitalization of our industry.  I am a firm believer that through partnerships, acquisitions or direct investments, incumbents and upstarts alike have many real and distinct opportunities to grow and scale while improving the fabric of the financial community.

However, with myriad opportunities to leverage new technologies comes significant risk, a fact not lost on the bank executives and board members who responded to Bank Director’s 2016 Risk Practices Survey, sponsored by FIS.  For the second year running, they indicate that cybersecurity is their top risk concern.

More respondents (34 percent) say their boards are reviewing cybersecurity at every board meeting, compared to 18 percent in last year’s survey, indicating an enhanced focus on cybersecurity oversight. Additionally, more banks are now employing a chief information security officer (CISO), who is responsible for day-to-day management of cybersecurity.

However, the survey results also reveal that many banks still aren’t doing enough to protect themselves—and their customers. Less than 20 percent of respondents say their bank has experienced a data breach, but those who do are just as likely to represent a small institution as a large one, further proof that cybersecurity can no longer be discussed as only a “big bank” concern.

For those thinking about the intersection of fintechs and banks, take a look at our just-released 2016 Risk Practices Survey. This year, we examine risk governance trends at U.S. banks, including the role of the chief risk officer and how banks are addressing cybersecurity. The survey was completed in January by 161 independent directors, chief risk officers (CRO), chief executive officers (CEO) and other senior executives of U.S. banks with more than $500 million in assets.

Key Findings Include:

  • Sixty-two percent of respondents indicate their bank has used the cybersecurity assessment tool made available by the Federal Financial Institutions Examination Council, and have completed an assessment. However, only 39 percent have validated the results of the assessment, and only 18 percent have established board-approved triggers for update and reporting. FWIW, bank regulators have started to use the tool in exams, and some states are mandating its use.
  • Seventy-eight percent indicate that their bank employs a full-time CISO, up from 64 percent in last year’s survey.
  • The majority, at 62 percent, say the board primarily oversees cybersecurity within the risk or audit committee. Twenty-six percent govern cybersecurity within the technology committee.
  • Forty-five percent indicate that detecting malicious insider activity or threats is an area where the bank is least prepared for a cyberattack or data breach.
  • Just 35 percent test their bank’s cyber-incident management and response plan quarterly or annually.

Clearly, banks are increasingly relying on complex models to support economic, financial and compliance decision-making processes.  Considering the full board of a bank is ultimately responsible for understanding an institution’s key risks — and credibly challenging management’s assessment and response to those risks — I am pleased to share this year’s report as part of our commitment to providing timely & relevant information to the banking community.

What To Do With FinTech

For the 699 financial institutions over $1Bn in asset size today, the drive to improve one’s efficiency ratio is a commonly shared goal.  In my mind, so too should be developing relationships with “friendly” financial technology (FinTech) companies.

By Al Dominick // @aldominick

Small banks in the United States — namely, the 5,705 institutions under $1Bn in assets* — are shrinking in relevance despite their important role in local economies.  At last week’s Bank Audit & Risk Committees Conference in Chicago, Steve Hovde, the CEO of the Hovde Group, cautioned some 260 bankers that the risks facing community banks continue to grow by the day, citing:

  • The rapid adoption of costly technologies at bigger banks;
  • Declining fee revenue opportunities;
  • Competition from credit unions and non-traditional financial services companies;
  • Capital (in the sense that larger banks have more access to it);
  • An ever-growing regulatory burden; and
  • The vulnerability all have when it comes to cyber crime.

While many community banks focus on survival, new FinTech companies have captured both consumer interest and investor confidence.  While some of the largest and most established financial institutions have struck relationships with various technology startups, it occurs to me that there are approximately 650 more banks poised to act — be it by taking the fight back to competitive Fintech companies or collaborating with the friendly ones.

According to John Depman, national leader for KPMG’s regional and community banking practice, “it is critical for community banks to change their focus and to look for new methods, products and services to reach new customer segments to drive growth.”  I agree with John, and approach the intersection of the financial technology companies with traditional institutions in the following manner:

For a bank CEO and his/her executive team, knowing who’s a friend, and who’s a potential foe — regardless of size — is hugely important.  It is also quite challenging when, as this article in Forbes shows, you consider that FinTech companies are easing payment processes, reducing fraud, saving users money, promoting financial planning and ultimately moving our giant industry forward.

This is a two-sided market in the sense that for a FinTech founder and executive team, identifying those banks open to partnering with, investing in, or acquiring emerging technology companies also presents great challenges, and also real upside.  As unregulated competition heats up, bank CEOs and their leadership teams continue to seek ways to not just stay relevant but to stand out.  In my opinion, working together benefits both established organizations and those startups trying to navigate the various barriers to enter this highly regulated albeit potentially lucrative industry.

*As of 6/1, the total number of FDIC-insured Institutions equaled 6,404. Within this universe, banks with assets greater than $1Bn totaled 699. Specifically, there are 115 banks with $10Bn+, 76 with $5Bn-$10Bn and 508 with $1Bn – $5Bn.

How to Understand a Bank’s Audit and Risk Committees Issues in Three Steps

I’m in Chicago at Bank Director’s annual Bank Audit & Risk Committees Conference along with more than 260 bankers and some 315 total attendees.  At a time when audit and risk committees have an increasing amount of responsibilities, I’m impressed with the commitments made by attendees and speakers alike to tackle real issues as opposed to sugar coating the challenges before banks today.

As we move into a series of afternoon breakout sessions, I am taking a pause to share my observations on the day so far.  Having moderated a session that touched on how banks can enhance risk oversight capabilities and effectively challenge management on risk, let me try to make sense of the issues being faced by senior bankers and board members if you are not with us.

Step 1: Know Where We Are Coming From

Now that the worst of the financial crisis is behind them, you might think bank boards might finally breathe a sigh of relief.  You would be mistaken.  For example, we have been in an exceptionally low-interest rate environment — one that has caused net interest margins to decline significantly since 2000.  Moreover, growing the bank organically remains challenging with slow loan growth and changing consumer expectations.  Finally,  compliance costs and uncertainties continue to escalate.  So yes, for banks here with us in Chicago, the storm was weathered.  Still, significant risks and challenges remain in place.

Step 2: Accept Where We Are Today

Per our first speaker, Steve Hovde, it has become exceedingly more difficult to maintain net interest margins without growing loan balances.  As he made clear, banks with lower loan-to-deposit ratios operate with less overhead, but they have been unable to translate their lower operating costs into higher profitability over the long run.  In his words, loan growth is now paramount to profitability — and banks will need to find ways to generate loans either organically or (more likely) through M&A activity.

I know that many banks are struggling to find new revenue sources.  I also hear how bank boards are considering diversifying into new loan products and service offerings to attract and retain new and existing customers.  So, for banks considering new lending strategies or launching a new product or service, I made note that the audit committee, risk committee and internal auditor must collaborate to safeguard the organization by understanding an organization’s initiatives, limits and controls, all while understanding the risk monitoring that exists at the institution.

Step 3: Understand Where Things Are Heading

As we look ahead, it is quite clear that the largest banks in the U.S. (e.g. those above $50Bn in assets) have greatly benefited from their ability to spread fixed costs over a larger pool of earning assets.  They have lower efficiency ratios, more non-interest income and stronger earnings.  Since there are at most 30 banks that are above that $50Bn threshold out of some 6,500 banks, the risks facing most of the industry may take various forms but share similar origins.  That is, banks — and their boards — will continue to wrestle with technology issues, find fewer opportunities to replace declining fee revenue, deal with non-regulated “shadow” banks, struggle with regulatory cost burdens and expectations, face new cyber threats and have to address third-party vendor risks.

##

Tomorrow, I will have more to share on this afternoon’s breakout sessions and our final point/counterpoint session.  In between, I invite you to follow the conversation via Twitter using #BDAudit15, @bankdirector and/or @aldominck.

About That Elephant Coming Out of the Corner (*hello cyber security & banking)

Last summer, a cyberattack on JPMorgan Chase by Russian hackers compromised the accounts of 83 million households and seven million small businesses.  While the New York Times reports the crime did not result in the loss of customer money or the theft of personal information, it was one of the largest such attacks against a bank.  A data breach like this illustrates the clear and present danger cyber criminals pose to the safety and soundness of the financial system.  In my opinion, there can be nothing more damaging to the reputation of, and confidence in, the industry as a whole than major security breaches.

Yesterday, Bank Director released its annual Risk Practices Survey, sponsored by FIS, the world’s largest global provider dedicated to banking and payments technologies. As I read through the results, it became immediately apparent that cyber security is the most alarming risk issue for individuals today.  So while I layout the demographics surveyed at the end of this piece, it is worth noting that 80% of those directors and officers polled represent institutions with between $500 million and $5 billion in assets — banks that are, in my opinion, more vulnerable than their larger counterparts as their investment in cyber protection pales to what JPMorgan Chase, Wells Fargo, etc are spending.  In fact, the banks we surveyed allocated less than 1% of revenues to cybersecurity in 2014.  Accordingly, I’m gearing my biggest takeaway to community bankers since those individuals most frequently cited cyber attacks as a top concern.

Interestingly, individual concern hasn’t yet translated into more focus by bank boards. Indeed, less than 20% say cybersecurity is reviewed at every board meeting — and 51% of risk committees do not review the bank’s cybersecurity plan.  As I read through our report, this has to be a wakeup call for bank boards. While a number of retailers have made the news because of hacks and data thefts, this remains an emerging, nuanced and constantly evolving issue.

It would not surprise me if bank boards start spending more time on this topic as they are more concerned than they were last year. But I do see the need to start requiring management to brief them regularly on this issue, and start educating themselves on the topic.  In terms of where to focus early conversations if you’re not already, let me suggest bank boards focus on:

  • The detection of cyber breaches and penetration testing;
  • Corporate governance related to cyber security;
  • The bank’s current (not planned) defenses against breaches; and
  • The security of third-party vendors.

Personally, I don’t doubt that boards will spend considerably more time on this issue — but things have changed a lot in the last year in terms of news on data breaches.  If bankers want to start assessing the cybersecurity plan in the same way they look at the bank’s credit policies and business plan, well, I’d sleep a lot sounder.

So I’ll go on record and predict that boards will become more aware and take on a more active role in the coming months — and also expect that regulators will start demanding that boards review cybersecurity plans, and that all banks have a cybersecurity plans.  To take this a step further, check out this piece by the law firm Arnold & Porter: Cybersecurity Risk Preparedness: Practical Steps for Financial Firms in the Face of Threats.

About this report

Bank Director’s research team surveyed 149 independent directors and senior executives of U.S. banks with more than $500 million in assets to examine risk management practices and governance trends, as well as how banks govern and manage cybersecurity risk. 43% of participants serve as an independent director or chairmen at their bank. 21% are CEOs, and 17% serve as the bank’s chief risk officer.