An Easy Way to Lose Sight of Critical Risks

CHICAGO — Let me ask you a question:

How does the executive team at your biggest competitor think about their future? Are they fixated on asset growth or loan quality? Gathering low-cost deposits? Improving their technology to accelerate the digital delivery of new products? Finding and training new talent?

The answers don’t need to be immediate or precise. But we tend to fixate on the issues in front of us and ignore what’s happening right outside our door, even if the latter issues are just as important.

Yet, any leader worth their weight in stock certificates will say that taking the time to dig into and learn about other businesses, even those in unrelated industries, is time well spent.

Indeed, smart executives and experienced outside directors prize efficiency, prudence and smart capital allocation in their bank’s dealings. But here’s the thing: Your biggest—and most formidable—competitors strive for the same objectives.

So when we talk about trending topics at today and tomorrow’s Bank Audit and Risk Committees Conference in Chicago, we do so with an eye not just to the internal challenges faced by your institution but on the external pressures as well.

As my team at Bank Director prepares to host 317 women and men from banks across the country this morning, let me state the obvious: Risk is no stranger to a bank’s officers or directors. Indeed, the core business of banking revolves around risk management—interest rate risk, credit risk, operational risk. To take things a step further:

Given this, few would dispute the importance of the audit committee to appraise a bank’s business practices, or of the risk committee to identify potential hazards that could imperil an institution. Banks must stay vigilant, even as they struggle to respond to the demands of the digital revolution and heightened customer expectations.

I can’t overstate the importance of audit and risk committees keeping pace with the disruptive technological transformation of the industry. That transformation is creating an emergent banking model, according to Frank Rotman, a founding partner of venture capital firm QED Investors. This new model focuses banks on increasing engagement, collecting data and offering precisely targeted solutions to their customers.

If that’s the case—given the current state of innovation, digital transformation and the re-imagination of business processes—is it any wonder that boards are struggling to focus on risk management and the bank’s internal control environment?

When was the last time the audit committee at your bank revisited the list of items that appeared on the meeting agenda or evaluated how the committee spends its time? From my vantage point, now might be an ideal time for audit committees to sharpen the focus of their institutions on the cultures they prize, the ethics they value and the processes they need to ensure compliance.

And for risk committee members, national economic uncertainty—given the political rhetoric from Washington and trade tensions with U.S. global economic partners, especially China—has to be on your radar. Many economists expect an economic recession by June 2020. Is your bank prepared for that?

Bank leadership teams must monitor technological advances, cybersecurity concerns and an ever-evolving set of customer and investor expectations. But other issues can’t be ignored either.

So as I prepare to take the stage to kick off this year’s Bank Audit and Risk Committees Conference, I encourage everyone to remember that minds are like parachutes. In the immortal words of musician Frank Zappa: “It doesn’t work if it is not open.”

3 Key Takeaways from Bank Director’s Audit & Risk Conference

A quick check-in from the Swissotel in Chicago, where we just wrapped up the main day of Bank Director’s 10th annual Bank Audit & Risk Committees Conference.  This is a fascinating event, one focused on key accounting, risk and regulatory issues aligned with the information needs of a bank’s Chairman, CEO, Bank Audit Committee, Bank Risk Committee, CFO, CRO and internal auditor.  Risk + strategy go hand in hand; today, we spent considerable time debating risk in the context of growing the bank.

By Al Dominick, President & CEO of Bank Director

Earlier today, while moderating a panel discussion, I referenced a KPMG report that suggests “good risk management and governance can be compared to the brakes of a car. The better the brakes, the faster the car can drive.”  With anecdotes like this ringing in my head, allow me to share three key takeaways:

  1. A company’s culture & code of conduct are critical factors in creating an environment that encourages compliance with laws and regulations.
  2. Risk appetite is a widely accepted concept that remains difficult, in practice, to apply.
  3. As a member of the board, do not lose sight of the need to maintain your skepticism.

This year’s program brings together 150+ financial institutions and more then 300 attendees. The demographics reflect the audience we serve, so I thought to share three additional trends.  Clearly, boards of directors are under pressure to evolve.  Financial institutions need the right expertise and experience and benefit greatly when their directors have diverse backgrounds.

Further, as more regulatory rules are written, board members need to understand what they mean and how they can affect their bank’s business.  Finally, technology strategies and risks are inextricably linked to corporate strategy; as such, the level of board engagement needs to increase.

Given the many issues — both known and unknown — a bank faces as our industry evolves, today made clear how challenging it can be for an audit or risk committee member to get comfortable addressing risk and issues.  Staying compliant requires a solid defense and appreciation for what’s now.  Staying competitive?  This requires a sharper focus given near constant pressures to reduce costs while dealing with increasing competition and regulation.

##

To see what we’re sharing on our social networks, I encourage you to follow @bankdirector @fin_x_tech and @aldominick.  Questions or comment?  Feel free to leave me a note below.

Main Areas of Focus for a Bank’s Audit and Risk Committees

What’s top-of-mind for a bank’s Audit and Risk committee members?  Let’s start with cyber security…

By Al Dominick // @aldominick

There are many challenges that bank boards & executives must address, and these two videos (one by our editor, Jack Milligan; the other, by me) briefly review current issues that demand attention + emerging ones that we took note of at this week’s Bank Audit & Risk Committees Conference at the JW Marriott in Chicago.

*For more on the risks facing banks today, take a look at this report from our conference (#BDAudit15).

How to Understand a Bank’s Audit and Risk Committees Issues in Three Steps

I’m in Chicago at Bank Director’s annual Bank Audit & Risk Committees Conference along with more than 260 bankers and some 315 total attendees.  At a time when audit and risk committees have an increasing amount of responsibilities, I’m impressed with the commitments made by attendees and speakers alike to tackle real issues as opposed to sugar coating the challenges before banks today.

As we move into a series of afternoon breakout sessions, I am taking a pause to share my observations on the day so far.  Having moderated a session that touched on how banks can enhance risk oversight capabilities and effectively challenge management on risk, let me try to make sense of the issues being faced by senior bankers and board members if you are not with us.

Step 1: Know Where We Are Coming From

Now that the worst of the financial crisis is behind them, you might think bank boards might finally breathe a sigh of relief.  You would be mistaken.  For example, we have been in an exceptionally low-interest rate environment — one that has caused net interest margins to decline significantly since 2000.  Moreover, growing the bank organically remains challenging with slow loan growth and changing consumer expectations.  Finally,  compliance costs and uncertainties continue to escalate.  So yes, for banks here with us in Chicago, the storm was weathered.  Still, significant risks and challenges remain in place.

Step 2: Accept Where We Are Today

Per our first speaker, Steve Hovde, it has become exceedingly more difficult to maintain net interest margins without growing loan balances.  As he made clear, banks with lower loan-to-deposit ratios operate with less overhead, but they have been unable to translate their lower operating costs into higher profitability over the long run.  In his words, loan growth is now paramount to profitability — and banks will need to find ways to generate loans either organically or (more likely) through M&A activity.

I know that many banks are struggling to find new revenue sources.  I also hear how bank boards are considering diversifying into new loan products and service offerings to attract and retain new and existing customers.  So, for banks considering new lending strategies or launching a new product or service, I made note that the audit committee, risk committee and internal auditor must collaborate to safeguard the organization by understanding an organization’s initiatives, limits and controls, all while understanding the risk monitoring that exists at the institution.

Step 3: Understand Where Things Are Heading

As we look ahead, it is quite clear that the largest banks in the U.S. (e.g. those above $50Bn in assets) have greatly benefited from their ability to spread fixed costs over a larger pool of earning assets.  They have lower efficiency ratios, more non-interest income and stronger earnings.  Since there are at most 30 banks that are above that $50Bn threshold out of some 6,500 banks, the risks facing most of the industry may take various forms but share similar origins.  That is, banks — and their boards — will continue to wrestle with technology issues, find fewer opportunities to replace declining fee revenue, deal with non-regulated “shadow” banks, struggle with regulatory cost burdens and expectations, face new cyber threats and have to address third-party vendor risks.

##

Tomorrow, I will have more to share on this afternoon’s breakout sessions and our final point/counterpoint session.  In between, I invite you to follow the conversation via Twitter using #BDAudit15, @bankdirector and/or @aldominck.

A Complete Guide to Bank Director’s Audit & Risk Committees Conference

Whether it is a complex product, new service or emerging line of business, this year’s Bank Audit & Risk Committees Conference examines the many issues and opportunities being faced in boardrooms at financial institutions of all sizes across the country.

By Al Dominick // @aldominick

While much has been written about how and where banks might grow, with new opportunities come new challenges.  With our industry undergoing significant change, boards must be highly informed in order to proactively oversee the management of security risks, compliance challenges and reputational issues.  At this year’s Bank Audit & Risk Committees Conference, we focus in on key accounting, risk and regulatory issues that challenge bankers and board members alike.  Today’s column tees up this year’s program, one that opens on Wednesday at the JW Marriott in Chicago, IL.

Screen Shot 2015-06-08 at 2.03.43 PM

Wednesday, June 10

Before the curtains officially come up, we offer a series of pre-conference programs; most notably, a series of peer exchanges exclusive to a bank’s audit and risk committee chairs.  Modeled upon our annual Bank Chairman/CEO Peer Exchange, small groups of directors meet in closed door, off-the-record peer exchanges for candid discussions about various hot topics.  In addition, we have added a cyber security workshop that allows attendees to play out various scenarios that involve a hack, breach or attack.  Finally, we offer a primer for newer audit and risk committee members and chairs that provides a framework for both roles and responsibilities.

Thursday, June 11

According to several bankers I have recently talked to, this has become a must-attend event for audit committee members, audit committee chairs, CEOs, CFOs, presidents, corporate secretaries, internal auditors, chief risk managers and other senior executives who works closely with the audit and/or risk committee.  This year, we cover pertinent issues such as enterprise risk management, fraud, relations with internal and external auditors, audit committee oversight and regulatory changes for banks.  It is this ability to focus in on critical concerns and complex scenarios to a very specific group of officers and directors that sets us apart from others.  At a time when audit and risk committee members are being asked to take on more responsibilities and perform at higher levels than ever before, the presentations made on day one are laser-focused on key financial, risk management and regulatory issues.

Friday, June 12

A significant imperative for members of a bank’s board today?  Fully integrate risk management, compliance and ethics “that fit” into a particular bank’s culture.  On day two, we look at how this might be done while addressing many other challenges.  Indeed, some of the key risks facing banks today (that regulators expect boards and senior managers to address) include:

  • Strategic risk as banks adapt business models to respond to the current economic and competitive landscapes;
  • Management succession and retention of key staff;
  • Loosening loan underwriting standards;
  • Expansion into new products and services;
  • Exposure to interest rate risk;
  • Oversight of third party service providers;
  • Increased volume and sophistication of cyber threats;
  • BSA/AML risk from higher-risk services and customer relationships; and
  • Maintaining effective compliance management systems.

The presenters at this event are some of the leading experts in accounting, legal, consulting and regulatory areas, as well as experienced bank officers and directors.  From Sullivan & Cromwell to KPMG, Arnold & Porter to Crowe, Latham & Watkins to FIS, we are pleased to bring some of the industry’s foremost advisors together in Chicago.

##

To follow the conversation via Twitter, check out #BDAUDIT15, @bankdirector and @aldominick.

Three Thoughts on Banks and Risk

I’m heading out to Chicago and Bank Director’s annual Bank Audit & Risk Committees Conference.  The agenda — focused on accounting, risk and regulatory issues — aligns with the information needs of a Chairman of the Board, Audit and/or Risk Committee Chair and Members, Internal Auditors, Chief Financial Officers and Chief Risk Officers.  Before I welcome some 300 attendees (representing over 150 financial institutions from 39 states) to the Palmer House, I thought to share three things that would keep me up at night if I traded roles with our attendees.

The Bean

(1) The Risk of New Competition

For bank executives and board members, competition takes many forms.  Not only are banks burdened with regulation, capital requirements and stress testing, they now have the added pressure of competition from non-financial institutions.  Companies such as Paypal, as well as traditional consumer brands such as Walmart, are aggressively chipping away at the bank’s customer base and threatening many financial institutions’ core business — a fact made clear by Jamie Dimon, the CEO of JPMorgan Chase, at a shareholder meeting this February.

“You’d be an idiot not to think that the Googles and Apples  .  .  .  they all want to eat our lunch.  I mean, every single one of them.  And they’re going to try.”

To this end, I find myself agreeing with Accenture’s Steve Culp, Accenture’s senior managing director of Finance & Risk Services, when he writes “banks need to keep developing their risk capabilities, skills and talents, and align these skills with their agenda around future growth. If they don’t align their growth agenda with their risk capabilities—building a safe path toward growth opportunities—they will miss out on those growth opportunities.”  While I plan on diving much deeper into this topic following the conference, I definitely welcome feedback on the issue below.

(2) The Risk to A Reputation

While the Dodd-Frank Act requires publicly traded banks with more than $10 billion in assets to establish separate risk committees of the board, and banks over $50 billion to additionally hire chief risk officers, I’m seeing smaller banks proactively following suit.  Such additions, however, does not absolve directors and senior managers of financial institutions from preparing for the worst… which is easier said then done.   In some ways, a bank’s reputation is a hard-to-quantify risk.  Anyone can post negative comments online about an institution’s products, services or staff, but one only needs to look at Target’s financial performance post-cyber hack to realize that revenue and reputation goes hand-in-hand.

(3) The Risk of Cyber Criminals

Speaking of Target, earlier this year, Bank Director and FIS collaborated on a risk survey to pinpoint struggles and concerns within the boardrooms of financial institutions.  As we found, tying risk management to a strategic plan and measuring its impact on the organization proves difficult for many institutions, although those that have tried to measure their risk management program’s impact report a positive effect on financial performance.  What jumps out at me in the results of this research are the concerns over cyber and operational security.  Clearly, the number of “bad actors” who want to penetrate the bank’s defenses has increased exponentially, their tools have become remarkably sophisticated, and they learn quickly.  I read an interesting piece by an attorney at Dechert (sorry, registration required) that shows the analytical framework for cyber security is very similar to what most directors have focused on in their successful business careers: people, process and technology.  But theory is one thing, putting into practice a plan to protect your assets, entirely different.

##

To comment on today’s column, please click on the green circle with the white plus sign on the bottom right. If you are on twitter, I’m @aldominick. Aloha Friday!

Joining a Bank’s Audit Committee?

At most financial institutions, the audit committee is the most important board committee. Indeed, just about everything of significance that happens within an institution ends up passing through the audit committee in some form or fashion.  To build off of yesterday’s post (Building a Higher Performance Bank Board), let me take a quick look at this essential committee.

bank-vault-door-3d-gualtiero-boffi

While a typical audit committee meeting involves matters like a summary of internal audits, regulatory reports and economy/operational/product/market/personnel changes, I thought to share four characteristics of “high performing audit committees” based on numerous conversations with audit committee chairs, members and executives with accounting firms:

  1. Independence from management is critical;
  2. Financial expertise is key;
  3. Access to external experts (e.g. authorized to engage counsel independently) is essential; and
  4. Industry knowledge separates the good from the great.

As my friend and colleague Jack Milligan likes to say, members of a bank’s audit committee are typically the smartest people on the board.  When you look at some of the technical accounting and financial reporting issues they have to deal with, you would at least have to agree that they carry a pretty heavy load — particularly when the audit committee is also responsible for risk governance, which is still the case on most community bank boards.

If you’re interested…

Here are three resources that can help you go deeper into this topic today:

Tomorrow’s focus: joining a bank’s Risk Committee.

What you learn at a puppet show

Hank Williams "walking" the red carpet in Nashville

I wrapped up a fairly intense period of travel with a day trip to NYC on Monday and a subsequent overnight in Nashville on Tuesday & Wednesday. While in the Music City, our Chairman invited me to join him at a puppet festival (yes, you read that right). The show, a musical chronicle of the history of country music, benefitted the Nashville Public Library Foundation and the Country Music Hall of Fame. Laugh if you will, but I will tell you, it was amazingly creative. As I mingled with various benefactors of both institutions, I found myself engaged in conversation with the former managing partner at Bass, Berry & Sims. Having led one of the preeminent law firms in the Southeast, his perspective on how dramatically the legal profession has changed in the last fifteen years struck a nerve. The parallels between his profession and the banking space were immediately apparent. So with Patsy Cline playing in the background, we talked about the future of banking, professional services firms and relationship building in general. As we did, I made a mental note to share three thoughts from this week that underscore how things continue to change in our classically conservative industry.

(1) First Republic’s founder and CEO, Jim Herbert, shared some of his Monday morning with me while I was in NYC. Jim founded the San Francisco-based bank in 1985, sold it to Merrill Lynch in 2007, took it private through a management-led buyout in July 2010 after Merrill was acquired by Bank of America, then took it public again this past December through an IPO. For those in the know, First Republic is one of this country’s great banking stories. Not only is it solely focused on organic growth, it’s also solely focused on private banking. While my conversation with Jim was off-the-record, I left his office convinced its the smarts within, not the size of, a bank that will separate the have’s from the have not’s in the years ahead. Clearly, as new regulations and slim profit margins challenge the banking industry, the skills and backgrounds of the employees who work in banking must change.

(2) Speaking of successful banks that have successfully navigated recent challenges… KeyCorp’s Chief Risk Officer, Bill Hartman, joined us last week for Bank Director’s annual Bank Audit Committee Conference in Chicago. Bill is responsible for the bank’s risk management functions, including credit, market, compliance and operational risk, as well as portfolio management, quantitative analytics and asset recovery activities. While I shared some thoughts about that program last week, I thought to elaborate on how KeyCorp divides the roles and responsibilities of its Audit and Risk Committees. Some still think you “retire” to the board; as he showed, that is definitely not the case – especially not at an institution that counts 2 million customers, 15,000 employees and assets of $89 Bn. In terms of Key’s Audit Committee, members oversee Internal Audit, appoint independent auditors and meet with the Chief Risk Officer, Chief Risk Review Officer, and of course, for financial reporting, the CFO. I thought it was interesting to note their Audit Committee met 14 times in 2012 — twice as often as the institution’s Risk Committee convened. With many smaller banks considering the creation of such a committee, let me share the focus of their Risk Committee. Strategically, it is responsible for:

  • Stress testing policy;
  • Dividend and share repurchases;
  • Modeling risk policy;
  • Asset and liability management; and
  • Setting tolerances, key risk indicators and early warning indicators

For those thinking about introducing a Risk Committee into their bank, take a look at what some of our speakers shared leading up to last week’s Audit Committee conference for inspiration.  For a recap of the event, our editor shares his thoughts in today’s Postcard from the Bank Audit Committee Conference.

(3) Yesterday, I was pleased to learn that ConnectOne’s CEO, Frank Sorrentino, agreed to participate in our annual Bank Executive & Board Compensation Conference in November. In addition to being one of the more active bankers I follow on Twitter, I’ve written about his bank going public in a previous post. Today, it’s a WSJ piece that shows U.S. regulators grilling banks over lending standards and “warning them about mounting risks in business loans” that has me citing the NJ-based bank. This particular article quotes the CEO of the Englewood Cliffs, N.J. bank in terms of lending standards (yes, a subscription is required). He reveals that regulators recently asked what he is doing to ensure he isn’t endangering the bank by making risky loans. His response: “the bank is trying to offset the lower revenue from low-interest-rate commercial loans by cutting expenses.” While I get the need for oversight, I do wonder how far the regulatory pendulum will continue to swing left before sanity/reality sets in at the CFPB, FDIC, OCC, etc. I’ll stop before I say something I regret, but do want to at least encourage a Twitter follow of Frank and his “Banking on Main Street” blog.

Aloha Friday!