We knew it would happen eventually. The FDIC is now seeking to get aggressive in seeking money from the "bad" guys. Its 2011 budget in fact shows a significant increase in staffing to handle the planned increased litigation. While we don't know for sure, it is estimated that the FDIC will spend in excess of $50 billion in the closing of failed banks. This is in addition to the approximately $57 billion it has already spent during this crisis. That's a hefty number.
The agency has to try to recoup some of this money. And that it has. From recent news we know that the Agency has authorized lawsuits totaling $2.5 billion in damages. In November 2010, the FDIC announced that it was suing the Directors and Executives of a Chicago based $230 million bank that failed in February of 2009. Most recently the FDIC announced that it was suing the Directors and Executives of an $1 billion failed Atlanta based bank.
Many say this is just a tip of the iceberg. Let's do the math.
There will probably be at least 100 more this year. The number of banks on the FDIC's confidential "problem bank" list is estimated to be around 850. The FDIC has up to three years after the failure of a bank to file a tort claim (a civil suit), and six years for breach of contract. Since 2008 there have been approximately 314 bank failures, and none of these banks have reached the three year mark as yet. Obviously these lawsuits will soon become a daily event.
When a bank fails, the regulators generally blame those responsible for running the institution; that is, senior management and directors. In fact, some who have been associated with a failed bank are often "black listed" by the regulators from working in the industry. The directors, many of whom go on a board for prestige and a sense of self accomplishment, get slammed with litigation. Of course, a good D&O policy helps to mitigate some pain but still cannot take away the personal affliction. But then, the D&O policy is only relevant if the shareholders don't intervene and lay claim to it first before the regulators. Now you've also got financial liability and legal bills.
Trust me, this scenario is not uncommon when things go bad.
Let's face it - banking is regulated and there is a reason why bank regulations require board and senior management approval of all significant policies, procedures and strategic plans. So we can play the blame game when things go a bit awry.
Unfortunately, in the community banking spectrum, corporate governance does not often get the type of attention it deserves. Board members are not always well informed of banking and corporate governance responsibilities, and it is hard to ensure that they are when such governance is limited to one day a month. Most board members are members of more than one committee, and therefore have to cram information from ALCO, IT, compliance, credit and even audit all at the same time. Many of these individuals are active community members or local business professionals who have never had any banking background. Too often they must rely on management's assertions and banking skills without having the tools to adequately assess them. For the most part, many management teams do a good job of earning the trust of their Board.
What happens (more than it should) is that the Board inevitably relies on management. Not possessing any independent tools or appropriate background to assess the effectiveness of bank wide decisions or direction, they rely too often solely on the regulatory exam report as a verification of the adequacy of performance. But we know from experience that regulatory emphasis is a lagging indicator. When a bank fails an exam it's too late. The Board, senior officers and the bank are already in trouble.
I have been part of countless discussions where a bank believes that a weakness does not exist simply because the last regulatory exam did not identify it. "The regulators were just here and they didn't say anything," is quite often the justification to not correct or spend money to strengthen inherent weaknesses. So what does that say about that institution's business culture? That in fact they have assigned the risk management authority to the regulators.
Board oversight is too often limited to measuring profitability and ensuring that the regulatory reports are clean. Unfortunately risk management, corporate governance and directional risks are concepts that are given the "mumbo-jumbo - whaaat-ever" treatment. "We are a very simple bank and we're too small for all that jargon". The reality is that a majority of the bank failures over the past two years are small community banks. The level of scrutiny in recent examinations suggests that regulators are starting to believe that perhaps a small community bank is not the right model for the banking industry. The thought process assumes that such banks do not possess a cost structure to be able to absorb the required level of risk management and IT infrastructure. Now that sounds like a lot of "mumbo-jumbo" to me. There are plenty of community banks that do a great job of running strong and healthy. And of course, as with any business, there are those that could improve.
So I thought I would take a stab at identifying a few things that a community bank board may want to strengthen to improve risk awareness. This is where I usually start rambling on and on, so I'll limit it to just five items:
There are obviously a lot more items that should be on this list, but we'll visit those another time. I promised not to ramble so I'll stop here for now. Oh, one more easy one that won't cost you anything either. Have executive sessions (meeting without the presence of management) with your key service providers. Finally ask questions. You don't have to know banking, IT or interest rate risks, but you can ask questions and hold people accountable.
In theory, I believe we all would agree that the risk management costs need to remain commensurate with the growth and size of any institution. The issue that generally arises is how to define that relationship. Management that is concentrating too narrowly on the bottom line, and doesn't see an immediate benefit to such costs will minimize its needs ... and a board that relies too heavily on management's decisions will often ignore it. And when things go wrong, it will be the regulators that step in and define it for us.
At that point, the cost becomes higher, the FDIC "problem bank" list grows further, and there is always another "end". Oops I meant "and".
Amit Govil, Managing Partner, has over 25 years of experience serving the risk management needs of financial institutions