What (Bank) Directors Think

Quickly:

CHICAGO — Guess what?  As institutions continue to seek out growth and efficiencies through technology, they in turn expose themselves to new risks and liabilities. Understanding the two-sided nature of this proverbial coin reflects just one of the many nuanced conversations that took place during our annual Bank Audit & Risk Committees Conference.  If you’re not familiar with this exclusive event, we invite bank leaders from across the country to take a broad and strategic view at the risk landscape, while also focusing on specific actions to improve a bank’s performance.

Indeed, our team put together an agenda filled with opportunities to improve existing audit and risk functions.  In addition, we surfaced new ideas around issues and topics such as cybersecurity, credit quality, blockchain, rising interest rates and financial reporting.

Personally, I was thrilled to welcome more than 400 men and women to the Swissotel Chicago — with over 300 participants comprising bank CEOs, chairmen, board members, CFOs, CROs, senior executives and internal auditors.  Throughout our time together, we took the opportunity to pose a series of questions to this hugely influential and knowledgeable audience.  As we discovered, the increasing level of U.S. debt proved the biggest macroeconomic concern for this group by a wide margin.  Yes, we polled this group using an audience response device and found 52% placed this issue as their top concern — far outpacing the 15% who cited a potential recession and 13% who pointed towards a political crisis.

Such in-person polling provides quite a bit of insight as to where we might be heading as an industry and an economy.  What follows are five additional survey results from this year’s event on how this experienced audience feels about various hot topics.

Q: What do you think is the biggest risk to the industry?

54% = Technology changes and FinTech
20% = Recession risk and loan quality
17% = Flattening yield curve
6% = Pushed out by consolidation
4% = Regulatory scrutiny

Q: What are your expectations for deposit competition in your markets over the next year?

78% = We face stiff competition; deposit pricing will be a key concern
13% = Our ability to compete for deposits will improve as rates rise
9% = Unsure

Q: As rates rise, are you concerned about loan terms within the bank’s existing loan portfolio?

50% = No
35% = Yes, but for a short period of time
10% = Yes, I’m deeply concerned
4% = Unsure

Q: What is your greatest concern about deploying RegTech within your bank?

23% = Updates to internal processes / infrastructure
22% = Cost of RegTech solutions
21% = Identifying valid solutions
17% = Vetting providers / third party management
15% = Internal skills
3% = Regulatory acceptance

Q: Do you believe the bank’s board has the necessary level of cybersecurity expertise?

78% = No
18% = Yes
4% = Unsure

I’ll keep my observations on these findings to personal conversations… That said, from improving risk oversight, mastering new reporting requirements and staying ahead on compliance, this year’s conference provided practical takeaways for participants to bring back to their banks.  Curious to see what we covered?  I encourage you to take a look at BankDirector.com or search for @BankDirector and #BDAudit18 on Twitter.

3 Challenges That Comes With Technology

In this brief video, I share three major areas of risk facing financial institutions today.  Filmed during yesterday’s Bank Audit & Risk Committees conference in Chicago, IL, these points reflect my time with Chief Financial Officers, Chief Risk Officers, General Counsels along with Audit and Risk Committee members and various executives from leading professional services and advisory firms.

As new technology players emerge and traditional participants begin to transform their business models, I believe that successful institutions will enable financial services for life’s needs through collaboration and partnerships with the very fintech companies that once threatened to displace them.  In case you’re interested in issues like these, take a look at FinXTech, our “new” platform that promotes collaboration between the most forward thinkers in the industry – in order to create real innovation, change and a better future for all.

Cybersecurity and the Fintech Wave

Earlier this month, at Bank Director’s FinTech Day at Nasdaq’s MarketSite in New York City, I noted how many technology firms are developing strategies, practices and tools that will dramatically influence how banking gets done in the future. Concomitantly, I expressed an optimism that banks are learning from these new players, adapting their offerings and identifying opportunities to collaborate with new “digital-first” businesses.  Unfortunately, with great opportunity comes significant risk (and today’s post looks at a major one challenging bank CEOs and their boards). 

By Al Dominick, President & CEO, Bank Director

To grow your revenue, deposits, brand, market size and/or market share requires both strong leadership and business strategy.  Right now, there are a handful of banks developing niche vertical lines of business to compete with the largest institutions. For instance, East West Bancorp, EverBank Financial, First Republic Bank, Opus Bank, PacWest Bancorp, Signature Bank and Texas Capital Bancshares.

Just as compelling as each bank’s approach to growing their business is the idea that new competitors in direct and mobile banking will spur the digitalization of our industry.  I am a firm believer that through partnerships, acquisitions or direct investments, incumbents and upstarts alike have many real and distinct opportunities to grow and scale while improving the fabric of the financial community.

However, with myriad opportunities to leverage new technologies comes significant risk, a fact not lost on the bank executives and board members who responded to Bank Director’s 2016 Risk Practices Survey, sponsored by FIS.  For the second year running, they indicate that cybersecurity is their top risk concern.

More respondents (34 percent) say their boards are reviewing cybersecurity at every board meeting, compared to 18 percent in last year’s survey, indicating an enhanced focus on cybersecurity oversight. Additionally, more banks are now employing a chief information security officer (CISO), who is responsible for day-to-day management of cybersecurity.

However, the survey results also reveal that many banks still aren’t doing enough to protect themselves—and their customers. Less than 20 percent of respondents say their bank has experienced a data breach, but those who do are just as likely to represent a small institution as a large one, further proof that cybersecurity can no longer be discussed as only a “big bank” concern.

For those thinking about the intersection of fintechs and banks, take a look at our just-released 2016 Risk Practices Survey. This year, we examine risk governance trends at U.S. banks, including the role of the chief risk officer and how banks are addressing cybersecurity. The survey was completed in January by 161 independent directors, chief risk officers (CRO), chief executive officers (CEO) and other senior executives of U.S. banks with more than $500 million in assets.

Key Findings Include:

  • Sixty-two percent of respondents indicate their bank has used the cybersecurity assessment tool made available by the Federal Financial Institutions Examination Council, and have completed an assessment. However, only 39 percent have validated the results of the assessment, and only 18 percent have established board-approved triggers for update and reporting. FWIW, bank regulators have started to use the tool in exams, and some states are mandating its use.
  • Seventy-eight percent indicate that their bank employs a full-time CISO, up from 64 percent in last year’s survey.
  • The majority, at 62 percent, say the board primarily oversees cybersecurity within the risk or audit committee. Twenty-six percent govern cybersecurity within the technology committee.
  • Forty-five percent indicate that detecting malicious insider activity or threats is an area where the bank is least prepared for a cyberattack or data breach.
  • Just 35 percent test their bank’s cyber-incident management and response plan quarterly or annually.

Clearly, banks are increasingly relying on complex models to support economic, financial and compliance decision-making processes.  Considering the full board of a bank is ultimately responsible for understanding an institution’s key risks — and credibly challenging management’s assessment and response to those risks — I am pleased to share this year’s report as part of our commitment to providing timely & relevant information to the banking community.

Main Areas of Focus for a Bank’s Audit and Risk Committees

What’s top-of-mind for a bank’s Audit and Risk committee members?  Let’s start with cyber security…

By Al Dominick // @aldominick

There are many challenges that bank boards & executives must address, and these two videos (one by our editor, Jack Milligan; the other, by me) briefly review current issues that demand attention + emerging ones that we took note of at this week’s Bank Audit & Risk Committees Conference at the JW Marriott in Chicago.

*For more on the risks facing banks today, take a look at this report from our conference (#BDAudit15).

A Complete Guide to Bank Director’s Audit & Risk Committees Conference

Whether it is a complex product, new service or emerging line of business, this year’s Bank Audit & Risk Committees Conference examines the many issues and opportunities being faced in boardrooms at financial institutions of all sizes across the country.

By Al Dominick // @aldominick

While much has been written about how and where banks might grow, with new opportunities come new challenges.  With our industry undergoing significant change, boards must be highly informed in order to proactively oversee the management of security risks, compliance challenges and reputational issues.  At this year’s Bank Audit & Risk Committees Conference, we focus in on key accounting, risk and regulatory issues that challenge bankers and board members alike.  Today’s column tees up this year’s program, one that opens on Wednesday at the JW Marriott in Chicago, IL.

Screen Shot 2015-06-08 at 2.03.43 PM

Wednesday, June 10

Before the curtains officially come up, we offer a series of pre-conference programs; most notably, a series of peer exchanges exclusive to a bank’s audit and risk committee chairs.  Modeled upon our annual Bank Chairman/CEO Peer Exchange, small groups of directors meet in closed door, off-the-record peer exchanges for candid discussions about various hot topics.  In addition, we have added a cyber security workshop that allows attendees to play out various scenarios that involve a hack, breach or attack.  Finally, we offer a primer for newer audit and risk committee members and chairs that provides a framework for both roles and responsibilities.

Thursday, June 11

According to several bankers I have recently talked to, this has become a must-attend event for audit committee members, audit committee chairs, CEOs, CFOs, presidents, corporate secretaries, internal auditors, chief risk managers and other senior executives who works closely with the audit and/or risk committee.  This year, we cover pertinent issues such as enterprise risk management, fraud, relations with internal and external auditors, audit committee oversight and regulatory changes for banks.  It is this ability to focus in on critical concerns and complex scenarios to a very specific group of officers and directors that sets us apart from others.  At a time when audit and risk committee members are being asked to take on more responsibilities and perform at higher levels than ever before, the presentations made on day one are laser-focused on key financial, risk management and regulatory issues.

Friday, June 12

A significant imperative for members of a bank’s board today?  Fully integrate risk management, compliance and ethics “that fit” into a particular bank’s culture.  On day two, we look at how this might be done while addressing many other challenges.  Indeed, some of the key risks facing banks today (that regulators expect boards and senior managers to address) include:

  • Strategic risk as banks adapt business models to respond to the current economic and competitive landscapes;
  • Management succession and retention of key staff;
  • Loosening loan underwriting standards;
  • Expansion into new products and services;
  • Exposure to interest rate risk;
  • Oversight of third party service providers;
  • Increased volume and sophistication of cyber threats;
  • BSA/AML risk from higher-risk services and customer relationships; and
  • Maintaining effective compliance management systems.

The presenters at this event are some of the leading experts in accounting, legal, consulting and regulatory areas, as well as experienced bank officers and directors.  From Sullivan & Cromwell to KPMG, Arnold & Porter to Crowe, Latham & Watkins to FIS, we are pleased to bring some of the industry’s foremost advisors together in Chicago.

##

To follow the conversation via Twitter, check out #BDAUDIT15, @bankdirector and @aldominick.

The Bank Audit & Risk Committees Conference – Day One Wrap Up

Fundamentally, risk oversight is a responsibility of the board.  One big takeaway from yesterday’s Bank Audit and Risk Committees conference (#BDAudit14 via @bankdirector): the regulatory framework has changed considerably over the past 12 to 18 months — with less focus being placed on things like asset quality and more on operational risks and new product offerings.  To this end, I get the sense officers and directors cannot always wait for the Federal Reserve or other agencies to release guidance to get a sense of the potential impact on their institution.

photo-13
Frank Gehry’s Chicago masterpiece

Trending Topics

Overall, the issues I took note of were, in no particular order: (a) when it comes to formulating a risk appetite, no one size fits all; (b) a bank’s CEO and/or Chairman should establish a formal, ongoing training program for independent directors that provides training on complex products, services, lines of business and risks that have a significant impact on the institution; (c) bank examiners are increasingly asking more probing questions regarding new products and services & third-party vendor risk; (d) the DOJ’s “Operation Chokepoint” use of the banking system to identify fraud and criminal activity in certain areas perceived as high risk was mentioned in three different general sessions; and (e) cyber security is the hot topic.

A Two and a Half Minute Recap

##

To comment on this piece, click on the green circle with the white plus (+) sign on the bottom right. More from the Palmer House in Chicago, IL later today on twitter (@aldominick) and again tomorrow on this site.