Tuesday, July 23, 2019

Regulatory Burden – Managing the Pain

Posted by OnCourse Staff July 12, 2011 5:21pm

Photo Credit: throbi

“If you have ever played the game of Jenga -- where you pull blocks from a tower and add them to the top -- you know that eventually the structure falls down. It can’t handle the twin pressures of lost foundational support and additional weight,” ABA Chairman-elect, Albert Kelly declared in one of his past posts in the ABA’s Washington Perspective. Personally, I love Jenga, even though my daughter beats me every time. Albert Kelly’s reference to Jenga when comparing the burden of new regulations and the onslaught of over reaching regulatory exams is perhaps an excellent analogy to describe the current landscape at the community banking level. 

I hear a lot from many of our clients about the regulatory overreach during the safety and soundness examinations. So what we are saying is that the regulators are either ignorant of the burden or have a concerted plan to close down small community banks.  I get asked this question a lot at many of the Audit Committee Meetings: “Amit, what do you see out there? Are the regulators trying to close us down?”

I recently attended a conference hosted by the Financial Manager’s Society in Boca Raton, FL where I was asked to be on a panel with two regulators one from the FDIC, and one from the OTS (soon to be the OCC) to discuss TDRs (I am sure that I was asked only because they couldn’t get anyone else).  I have to admit that both of the regulators, however, were extremely smart and perceptive.

Now you’re probably saying, “Et tu, Amit? You’ve joined the other side as well?”   No, don’t give up on me yet! Hear me out.

When I meet individuals like them, it gives me hope that the regulators understand the regulations and the pain and burden on small community banks in particular. What I find interesting is that many of the regulators in charge of policy and technical pronouncements are indeed very knowledgeable. They actually understand the meaning of “commensurate to the complexity and size of the institution”.  You will notice more and more that the regulatory policy statements provide guidance and structure, rather than specifics on implementation.  While it is frustrating to not get a clear and concise methodology, the vagueness can actually be an advantage if used properly. No specifics can impact our ability to correctly implement a regulation. Similarly, a lack of specifics can actually be advantageous because it allows us the flexibility to implement that same regulation in a creative manner which meets the intended objective of the policy statement. If we take the time to understand it and develop a concise approach that makes sense for our institution, and can explain to the examiner, it can be used as an advantage.

So what happens? Some of the smaller community banks and examiners lack the in-house expertise to use this flexibility. Both tend to gravitate to a practice that they might have seen at another institution as being a one stop solution. Now, it’s important for me to emphasize the difference between regulators and examiners.  We tend to use the terms interchangeably. The regulators that I often meet at the national conferences are extremely knowledgeable and actually understand these policy statements. I don’t mean to infer that examiners are not knowledgeable.  As a Firm that deals in risk management and out-sourced internal audit, we too have these issues.  The objective is to standardize our audit approach on a firm wide basis so that it is not based on a specific auditor’s perspective. Since we are incredibly smaller in size compared to the regulatory agencies, our burden in accomplishing this is clearly less of a challenge.  So training of personnel and ensuring that everyone is on board and on the same page in a large organization can be a very challenging effort.  If we compound this with an environment which requires a greater regulatory scrutiny whether it is in the Asset Quality arena or previously in the BSA/AML area, we’ve got the makings of a confused examination environment.

While I acknowledge that many of the regulators that I meet at the conferences are indeed smart, we need to also understand that regulatory agencies and the accounting profession as well are always reactionary.  FASB is always catching up or reacting to an issue or concern in the accounting arena. BSA/AML regulations came out of the 9/11 incident and also because it was discovered that a few banks that were blatantly facilitating money laundering for years while they continued to get a 1or a 2 rating in compliance.  We have been trying to educate our clients about the inherent IT security risks and how the Gramm-Leach-Bliley and other IT guidance are just not good enough to manage an institution’s security risks. How do you push a bank to do more when the regulators give you a 1 or 2 CAMEL rating in IT? So what essentially happens in these situations is community banks too often out-source risk management to the regulators. We are really asking our internal audit function to help us just enough to get by the regulatory exam.  Many internal audit functions are very good at that. They help manage that particular need and do not go beyond that at the risk of being seen as too aggressive.

It gets complicated when a situation occurs and the regulators react. Recently, Citibank was hacked, and over 600,000 customers were potentially susceptible to ID theft.  I loved Citibank’s spin on the situation as they said that it affected less than 1% of its customer data base. However, it did get a peep out of the FDIC chairman, who said that we clearly need to review the IT security standards for banks in this internet age. Let’s fast forward to next year’s regulatory exam.  As a bank, we have this false sense of comfort that we are excellent in managing our IT risks as evidenced by our prior CAMEL ratings in this area.  This year however, due to the reactionary environment and change in emphasis, the regulators come with different checklist and we are caught by surprise.

Similarly, let’s look at the Asset Quality situation.  For many years during the “good times”, our independent loan review and the regulators emphasized payment history as the single most important criteria in evaluating credit risk.  If the borrower has an excellent payment history, the argument went, who cares if I don’t have the financial information or if I don’t have an objective basis of assessing the borrower’s credit risk rating? All of a sudden, the economic landscape changes and same examiners that signed off on that same very loan as being excellent in the past were now questioning its assessment suggesting that management is somehow ill prepared to manage the credit risks of the bank. These are the same management and loans that only last year looked so rosy and wonderful. There really was no change in regulations. Regulatory policy statements for assessing credit risk haven’t really changed but we all just elected to ignore them.  So now when the examiners come to the bank, fresh out of their training on the new emphasis, we, as a bank, are startled and confused. Now one can argue all day whether that is regulatory examination inconsistency or an overreach or is it really our own lack of understanding of the evolving change in the landscape. Smaller community banks often, because of lack of resources, tend to suffer the most during such times.  Perhaps the Bank needs to reassess its reliance on its Loan Review vendor.

Take another example, the ALLL methodology requirement hasn’t really changed much from a regulatory perspective since 1993 (…oh here he goes again with the ALLL!). Now imagine if your internal auditor came to you during such time and tried to tell the Bank that the ALLL methodology is not consistent with the interagency policy statement. The response would have been, “You must be smoking something! Both my regulators and external auditors think that I am well reserved. In fact, my external auditors think that I may be over reserved and want me to reduce my reserve level.  But we’re going to remain conservative and not do that unless our regulators say it’s okay.” As your internal auditor, I could have pleaded until I turned blue to say, “I understand that the reserve level is okay, but I am actually concerned about the methodology of how we arrived at the number and whether we can actually support it in conformity with GAAP and regulatory guidance.” I probably would have been fired.

Let’s continue this dialogue of regulatory inconsistency during examinations.  As it relates to regulatory exams, I hear from many clients that there seems to be a lack of understanding of the risk emphasis with respect to identified issues during the examination. I hear of isolated exceptions being used by examiners to support a MRA or a finding in a report. More than one bank executive has told me “the examiners in charge seem to lack the authority to intervene on minor issues being raised by junior  examiners and use their experience and knowledge of the bank and the environment within which the Bank operates to put things in perspective. Instead all decisions are being made at the regional or even national level by individuals who view things without taking into account the related risk factors.” I hear that a lot lately.

Having spoken in confidence with some examiners, I understand that some agencies, more than others, have specifically modified their reporting mechanism.  Their internal reviews discovered that in many instances of bank failure, some of the issues were raised during exams by examiners, only to be down played and minimized by those in charge.  To circumvent that weakness, the agencies have enhanced the ability of junior personnel to raise issues and weakened the ability of their immediate superiors to close them without an adequate level of documentation and support. In theory, it seems like the right way to respond.  However, in practice, I believe this issue more than any other has contributed to the frustration and the use of the term “overbearance” to characterize the recent regulatory exams.  The regulatory exams in some instances are suggested as being turned into a checklist mentality without an adequate level of the understanding of the risk of the identified issue.  All issues are deemed high risk and subject to inclusion in the report. When junior personnel along with their immediate superiors who jointly spend 3-5 weeks in the field cannot make a decision on any issues and have to rely on regional or national personnel to make conclusions, we have the making of a scenario which is ripe for regulatory overreach.  In many cases, the examiners are being required to raise all issues with the regional office and when that office concludes, without the benefit of being on the location to understand existing mitigating factors, that the raised issue is indeed serious and warrants inclusion in the report of examination, an unintended wrong signal is sent to the field examiner. This process further encourages the field examiners to be even tougher and raise even the minutest issues.

While it seems that more and more exams are becoming guilty of this pattern, I remain comforted by the fact that the regulators in-charge of policy and guidance understand risks. Unfortunately, they don’t run the exams. So maybe as the dust settles and the economy turns around, those in charge at the top will have the ability to push down their knowledge and their intended emphasis. Until then, we need to think outside the box.

Another major tremor that will affect many community banks is the merger of the OTS into the OCC. No matter what anyone says, unless these institutions are proactive, they will be in a state of shock as the try to understand how the same regulations can be interpreted and enforced in such a dynamically different way. As an out-sourced internal audit firm that has serviced the needs of both OCC community banks and those regulated by the OTS for over 25 years, we have seen the disparity in the enforcement of regulations within both agencies. This is like Wal-Mart merging into Target. I think the only thing more divergent than those two cultures would be the NCUA merging into the OCC.   It will be interesting to see how OTS banks absorb the OCC culture.  Quite frankly, I think banks regulated by the OTS had almost an unfair advantage over those that were not.  Many of today’s thrifts act like a commercial bank, yet, their regulations were more geared towards the typical risks of thrifts. So if I am an executive of a thrift, do I wait and see the change in emphasis that the OCC will require me to implement through its regulatory exams over the next two years or do I become proactive, swallow the pain and do it of my own volition? I will bet that many will wait and complain about the regulatory burden. The risk management, compliance and internal audit structures of many of these smaller OTS institutions are extremely weak when compared to their OCC counterparts. So we have now the settings of another industry outcry of regulatory burden which we will hear over the next few years.

When smaller institutions lack internal resources and out-source many risk management functions, perhaps one thing that might help is to maintain a dialogue with the vendors to ensure that they are continually realigning their services with the shifting emphases.  While this may sound self-serving, too often the need for vendors to maintain costs and be the low cost service provider restricts their ability to train personnel and invest the required resources to shift and expand their services to meet the changing times. The issue of costs vs. quality is all the more important during volatile times. In a recent Audit Committee discussion, I had a member frustratingly ask me “…I don’t understand why we had so many issues with the regulatory exam when we have an outside loan review vendor, out-sourced internal audit, out-sourced ALM vendor and external audit firm.  We’re spending so much money and yet we have issues. We rely on our vendors because we don’t have the time or expertise. What could we have done differently?”  This is pretty common where everyone points the finger at someone else and we ultimately learn to accept the fact that there wasn’t anything different that could have been done because it’s the regulators being overly reactive. Sometimes that is true, but in this case what really happened was that the Bank in an attempt to maintain costs, elected to reduce the internal audit’s scope in the area of loan documentation and asset quality with the acknowledgement that those areas would be covered by the loan review vendor and that it would be just a duplication of work.  The loan review program, however, was managed by the Chief Lending Officer and not the Audit Committee.  The CLO in his attempt to reduce the burden and save costs, also reduced the scope of that work. While everybody acted with good intentions, collectively, we had a process where one of the most important areas of a small, yet growing institution, was being ignored by all of the vendors and the Audit Committee had this false sense of comfort that all of the areas were being properly managed by reputable outside vendors.  

Whether they are right, wrong, strong, weak or just “normal”, the regulatory agencies are an integral part of banking. I am not going to pretend to have the answer as to how to minimize the regulatory burden or the perceived “overreach.” Coming off the heels of a tumultuous economic meltdown and the public perception that the banking industry (to them all banks are the same) is to blame, regulations and regulatory reach is going to increase, at least for a while.  During these times, to manage and to compete effectively, we will need to enhance our understanding of the regulatory changes, emphases and ensure that our processes and risk management needs are also evolving. 

If not, then we can always try the Deepak Chopra method to awaken our mind-body-spirit connection with the regulators to achieve the level of spirituality, higher consciousness, and emotional freedom, and the power of intention to manage those exams. If that doesn’t work either, there is always the 21 year old Chivas Regal bottle. Come to think of it, somehow being continuously beaten by my daughter at Jenga with glass of scotch in my hand doesn’t seem to faze me much.  

Comments

Add a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.



 Image

OnCourse Staff

The OnCourse writing staff work to keep you informed about the most pertinent financial industry news of the moment



OnCourse Staff's Posts Subscribe to RSS Feed



New Jersey's Corporate Business Tax Legislation: A Look at the Impact for Banks
Correspondent Banking: The Challenges of Data Transparency
Training – An Investment and Risk Management Tool
Are You Gambling with Your BSA Program?
The Case of Foreign Banks and Heightened Scrutiny
IRS and New Jersey Tax Audits of Banks
State Taxation of Financial Institutions in Today's Environment
Does your 401(k) Plan need an Audit?
De-Risking of Foreign Correspondent Banks
Same Day ACH Credits – Phase One
FinCEN Finalizes Ruling on Beneficial Ownership and Ongoing Customer Due Diligence
Is the IRS Status of your Defined Benefit plan in Jeopardy?
The Dilemma of Banking Medical Marijuana Businesses and Other Indirect Risks
Is your Institution Monitoring Working Capital Lines of Credit?
Financial Reporting and Regulatory Update on the Horizon
BSA/AML Training: Is your program effective?
Planning in a Consolidating Banking Industry
To opt-out or not to opt-out, that is the question – A reminder on March 31, 2015 Call Report, Schedule RC-R, item 3.a
Anti-Money Laundering – The Age of Technology
FFIEC Releases Revised BSA/AML Examination Manual: So what’s new?
OFAC Consolidates Non-SDN Listings
Coping with HOPA
Coping with the CFPB’s Ability-to-Repay Rule
Appraisal Disclosure Rule
Cybercriminals Broaden their Attacks in Social Networks
The Importance of Segregating a Bank’s Credit Function from its Lending Function
Appraisal Management Companies in Regulatory Crosshairs
All About the Home Owners Protection Act
Requesting Current Financial Information
Countdown to Windows XP End of Life and Support: Are you still at Risk?
314(b) Distinct Advantages for Financial Institutions
Where is the Document?
The Credit -- Er, IT Crisis?
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
Wag the Dog
Consumerization of Technology and its influence on Information Security
Keeping the Balance: IT Security and the Org Chart
IT Security: "IT's" About Process
Detective, Reactive and Preventive: Evolving Your IT Security
Do You Know The Security Features of the New $100 Bill?
Segregation of Duties for Wire Transfer Processing
Summarizing ACAMS White Paper on EDD and AML Risk Assessments (Industry Survey)
Allowance for Loan Loss Tips and Tricks
Community Banks Slowly Warm Up to Private Student Loans
Has your Bank updated the Adverse Action Notice?
How Does Your Bank Handle Customer Requested Maintenance Changes?
OCC Releases Booklet on "Common Sense" Community Banking
New SAR Filing Updates
Is your BSA/AML automated monitoring system up to par?
The Importance of BSA Training
Office of Foreign Assets Control (“OFAC”) introduces the OFAC SDN Fuzzy Logic Search Tool
Filing the New CTR Forms: What you need to Know
FFIEC Proposed Risk Management Guidance on Social Media: Beware and Prepare
Pandemic Preparedness: Are you testing your Pandemic Plan?
FFIEC issues revised “Supervision of Technology Service Providers” booklet
Is Your Institution's Marketing UDAAP Compliant?
What is Enterprise Risk Management?
New OCC Guidance Released on Investor Owned Properties
Electronic Work Papers - Why P&G Made the Switch
OCC to Toughen Exams in Response to United States Senate Permanent Subcommittee On Investigations
Clarifying Regulatory Obligations Regarding Continuing Activity SAR Filings
Federal Regulatory Agencies Proposal New Rule
Risk management - Smaller institutions and the benefits of ERM
Strengthening Your Loan Maintenance Monitoring
New Lending Proposal from CFPB
FDIC Reaches Settlement on Overdraft Fees
FRB Guidance on Foreclosures
Loan Denials and Withdrawals – Tips to Sure Up your Process
The Summer of CFPB Proposals
Community Lenders Seize Market Share From Big Banks by Using Advanced Online Lending Technology
Dodd-Frank Rule to Change Legal Lending Limit Monitoring Requirements
The ABCs of a TDR
Supreme Court ruling for the Freeman, et al. v. Quicken Loans, Inc case
New FinCEN Guidance for CTR Aggregation for Businesses with Common Ownership (FIN – 2012 –G001)
Senior member of House of Financial Services Committee Introduces Overdraft Protection Act
FinCEN is looking to streamline the financial institution reporting process by issuing mandatory E-filing reporting requirements.
Curry: Operational Risk Now OCC’s Top Concern
JOBS Act Client Alert - Rules 506 of Regulation D
New Rules Proposal for Servicers Coming from the CFPB
Wall Street Receives Volcker Rule Clarity
De-stressing with stress testing
Banks Participate in Information Sharing to Battle Online Theft
IT security: Is your program still effective?
Banking Solutions: ALLL and GAAP in Agreement
How are the most recent regulatory enforcement trends that banks are facing today affecting internal audit? Why?
What are the most recent regulatory enforcement trends that banks are facing today?
Mobile banking: How do we get there?
UBS further struggles with $2 Billion loss by Rogue Trader
Capital One Becomes Dodd-Frank Test as Nation’s Fifth Largest Bank
Community Banks to receive US Funding for Small Businesses
FDIC fields questions about overdraft guidance
Negligent Hiring – A mistake can cost more than just money!
Regulatory Burden – Managing the Pain
From Embezzlement to Imprisonment: Former Citigroup employee faces charges with $19.2 million in bank fraud
TDR or Not to TDR …Much Ado about Nothing?
Finding the Right Hire
Model behavior: Is your ALM model capturing your bank’s risks?
ALLL best practices: Pay attention to qualitative factors
Abandoned Property Law, and its new New York State of Mind
Consumerization of Technology and its influence on Information Security
FDIC releases Provisions on Dodd-Frank to help Community Banks
Social Media in the Employment Arena – It Gets Funky!
The Proof is in the Pudding: Affects of Dodd-Frank on Community Banks
Banks and Businesses get "swiped" over Fees
A little bit of this, and a little bit of that: Fed Unveils list of Banks Helped during Financial Crisis of 2008
IT Security: "IT's" About Process
To Test or Not to Test; That is the Question
2011 Failed Bank List Hits 25
Wag the Dog
Committee on Financial Services to Hold Hearing on the Effects of Dodd-Frank on Small Biz and Banks Today
2011 Failed Bank List up to 18
A Culture of Whatever: On the Path to Proper Governance
The Test Drive: Leasing or Buying a HR IT Platform
Detective, Reactive and Preventive: Evolving Your IT Security
Cracking the ALLL Code: How to Develop the Right FAS 114 Methodology
Double Digits: Bank Closings up to 11 in 2011
FCIC Releases Report on the Causes of the Financial Crisis
Part of the In Crowd: Thoughts on the Dodd-Frank Act
Another One Bites the Dust: Regulators Close 4 Banks
Keeping the Balance: IT Security and the Org Chart
On Notice: FDIC Issues Rule for Temp Unlimited Deposit Insurance
2011 Failed Bank List Up to 3
Welcome to OnCourse
Stick 'Em Up!
Time for a Tune-Up: The Necessity of a HR Audit
Visa Instituting Two-Tiered Debit Card Interchange Structure
The First Failed Banks of 2011
The Credit -- Er, IT Crisis?
Painting a Masterpiece: The Art of the ALLL Reserve
The Law on Your Side: Understanding HR Regulations in 2011
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
No Respite from RESPA