Financial Services Blog

New Crisis = New Safety and Soundness Standards, Part 4

Examination Expectations in the New Normal, Part 4

This blog was co-authored with my colleague, Erica Crain, National Leader for Credit Risk Services at CLA.

This week we wrap up our highlighted key takeaways from the “Interagency Examiner Guidance for Assessing Safety and Soundness Considering the Effect of the COVID-19 Pandemic on Institutions” (the June 2020 interagency guidance) to assist in preparing financial institutions for what comes next during this transition from normal to new normal. Over the past few weeks, we have explored Asset Quality (part 1 and part 2), and Earnings, Capital, Liquidity and Sensitivity to Market Risk (part 3). In this final piece of the series, we explore the evaluation of Management. As a reminder, we will be holding a live webinar on Tuesday September 1, 2020 at 2pmCST to explore this four part blog series. More details can be found at the end of this post.

As we conclude our review of the June 2020 interagency guidance, we remain focused on the three overarching themes that all financial institutions should consider and prepare for: (1) documentation throughout the pandemic, (2) appropriate risk assessment & management, and (3) supervisory actions.

Management

The word management appears over 60 times in the June 2020 interagency guidance and has appeared over 40 times in our the first three blog posts. Why do we mention this? Management is the blanket that covers each of the core component areas and is ultimately the driving force for navigating this time of uncertainty.  Now more than ever, a financial institution’s management team needs to display its responsiveness and flexibility to the issues presented by the pandemic.  The guidance specifically states, “examiners should assess the reasonableness of management’s actions in response to the pandemic”.  Management teams should therefore assess how well documented their efforts are in each of the core component areas and how that information will be conveyed during the next safety and soundness examination. 

All financial institutions are now facing the reality of a remote or virtual regulatory examination.  While some efficiencies can be gained through a remote review, there is also the potential for management teams to lose the opportunity for detailed discussions that translate decisions or actions that have yet to transpire, or fully transpire, on to paper.  This means that comprehensive documentation is more critical now than ever before.  Have you ever felt “surprised” by results that were discussed at a regulatory examination exit meeting?  Did you feel that the information had not been communicated until it was too late for the management team to explain or respond?  The likelihood of these experiences increasing is high as regulatory exams are managed remotely.  So, how can your management team “manage” the new exam process?  Document, document, document.  It has been said, “if it isn’t documented, then it didn’t happen”.  As such, an essential next step for all financial institution management teams is an assessment of what policies, procedures, and risk assessments need to be revised based on decisions made in response to the pandemic. At a time when management teams are inundated with responding to customer needs amidst an ever-changing economic environment with limited staff and navigating new government programs and regulatory guidance, the expectation for well-supported documentation is increasingly emphasized.  

Financial institution management teams are likely feeling the fatigue from discussing how the pandemic is affecting their customers, employees, and the bottom line.  Open lines of communication between all departments is vital on a day-to-day basis; however, truly “giving voice” to key operational, credit, financial and market risks is imperative now to more accurately assess the level of risk facing the financial institution and to respond appropriately.  Involving the board of directors is valuable and lends a different perspective that can enhance the financial institution’s risk assessment process.  Additionally, management teams should ensure risk assessments are completed objectively and consider utilizing existing or new third party providers to help bolster an identified area of risk.  The phrase, “you don’t know what you don’t know” comes to mind.  Partnering with those that have a different perspective, such as third-party providers, can help to more fully explore risks that exist in the community and beyond as well as help to identify best practices for management consideration.

While governance is not specifically addressed in the June 2020 interagency guidance, it is crucial that management engage their boards of directors and keep them informed as global and local circumstances change. Identifying key leaders in the institution with oversight of major financial institution areas such as operations, credit, risk, and finance are essential, if not already conducted.  This team should be responsible for identifying and documenting the impacts to the organization including but not limited to policy and procedure updates and addendums, strategic and budgetary adjustments, and enterprise and departmental risk changes. Management teams will need to translate what immediate responses made to the pandemic internally necessitate shifts to the institution’s long-term strategy. Some practices and procedures will never return to the way they once were.  For example, how does the “new normal” impact management’s long-term growth strategy, capital planning initiatives, credit risk management, internal controls with limited/reduced staff, and overall culture with a work-from-home vs onsite balance?  These are just a few examples that come to mind when thinking of how short-term changes have and will continue to impact the future planning.  

With many forced changes occurring in response to the pandemic, management should ensure reporting to the board of directors is more comprehensive and potentially occurring more often.  It is reasonable to conclude that information submitted to your financial institution’s board of directors will have increased during such a period of significant change caused by the pandemic.  If that is not the case, management teams should consider re-evaluating what additional information may need to be communicated to keep your board well informed.  For example, clearly distinguishing those issues caused by external factors (beyond management’s control) from those within management’s grasp is essential to evaluate and communicate.  The proverbial “to do list” for management teams becomes more achievable when it is clear what is within the team’s ability to effect change.  It is also important to go through this exercise and update it regularly as the guidance states examiners will evaluate and distinguish between the two when rating a financial institution’s management. 

Risk Management Considerations

The objectivity of a financial institution’s risk management is critical and especially highlighted during this time of uncertainty.  As we discussed previously, many financial institutions reacted rapidly to the pandemic addressing operational and customer issues at an unforeseen pace. Unlike past recessions, the current environment has immediately shifted customer and employee interactions to virtual settings. Many financial institutions were able to react within days to this shift. Now more than ever, management teams should recognize and document newly introduced risks of fraud, cyber threats, and weakened or lax internal controls. Management should consider each of these risks and make appropriate adjustments to policies and procedures. When considered individually, management teams should be reviewing risk from the following perspectives:

  • Enterprise risk management – many smaller financial institutions do not have formal enterprise risk management programs. However, this does not mean it should not be considered. Management teams should document gaps between the board, strategic and general risk areas and identify ways to reduce these gaps.
  • Operational risk management – with the immediate shift to virtual settings, management teams should review the risks introduced as a result of new technologies, employees working from home, and branch procedures. Management should work with internal audit to identify new controls, where necessary, to mitigate these risks. As an example, working with reduced staff can present operational challenges with internal control procedures and safety considerations, such as opening and closing practices. What adjustments have been made and have the new procedures been documented?   
  • Credit risk management – as we discussed in our first two blogs in this series, credit risk management is a primary point of focus with the influx of loan modifications and forbearance, Paycheck Protection Program (PPP) loans, and other stresses caused by deteriorating credit quality. Management teams should be documenting their formulated responses to these programs and risks to ensure consistency and effective risk identification as the pandemic persists.  Heightened consideration is also warranted for establishing or maintaining an objective and independent loan review system as part of the credit risk management program as emphasized by the regulators in the May 8, 2020 Interagency Guidance on Credit Risk Review Systems.
  • Compliance risk management – compliance teams should be engaged with management to ensure the high rate of regulatory changes over the past several months along with loan modification programs are addressed and documented in compliance programs and well communicated to employees.

Overall, the impact the pandemic has on a financial institution’s risk management programs could possibly include more new internal audits, new or revised controls, and expanded testing in financial statement audits. 

How can we help?

CLA is here to know you and help you, and we can help you prepare for your upcoming safety and soundness examination. We have tools, resources and teams ready to objectively assess your risk management and design best practices in these core areas in response to COVID-19. We encourage you to join us for our live webinar on Tuesday September 1, 2020 at 2pm CST where we will explore this blog series in more detail. You can use this link to register. Please contact your CLA representative anytime for more information.

Tags: , , Auditing/Accounting, COVID-19 accounting and financial statement guidance, COVID-19 regulatory and tax updates, Financial Services General | Comments Off on New Crisis = New Safety and Soundness Standards, Part 4

  • Managing Principal Financial Services
  • Charlotte, NC
  • 704-816-8452

Susan is a CPA with more than 20 years of combined experience in public accounting and the financial institution industry, including experience with Fortune 500 financial services companies. Susan serves as the managing principal of CLA’s financial services group. Her responsibilities include providing engagement oversight in the areas of assurance and internal audit. In addition, Susan provides board advisory and management consulting services in the areas of strategic planning and mergers and acquisitions. Susan has been involved in multiple mergers and acquisitions of sizes ranging from $150 million to $500 billion with engagement at all stages of the process.

Comments are closed.

Subscribe to Blog   

We’re committed to helping you stay on top of issues and requirements affecting financial services companies. Check back often to learn about industry updates, new regulations, technology innovations, and fresh ideas that may help you prepare for future challenges.