1 / 26

Community Bank Risk Management Implementing the Basics

Community Bank Risk Management Implementing the Basics. VACB Teleseminar Wednesday, June 24, 2008 10:30 AM – 11:30 AM Eastern. S. R. A. Purpose of This Session. To understand the evolution and changing expectations for risk management in Community Banks

natan
Download Presentation

Community Bank Risk Management Implementing the Basics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Community Bank Risk ManagementImplementing the Basics VACB Teleseminar Wednesday, June 24, 2008 10:30 AM – 11:30 AM Eastern S R A

  2. Purpose of This Session To understand the evolution and changing expectations for risk management in Community Banks To guide you in implementing a basic Enterprise Risk Management program in your institution To present a different point of view in not only how to assess risk, but also how to explain it To show that risk management is logical and a continuum – it should not be complex To display a Virginia State-Wide regulatory view of risk management in Community Banks

  3. What is Risk? “The potential that events, expected or unanticipated, may have an adverse impact on the bank’s capital or earnings.”

  4. Changing Expectations for Bank Risk Practices Regulatory Expectations Fed and VA State Banking Commission – “The Bar Has Been Raised” SEC and FED Emerging Expectations Regarding Risk Oversight and Formal Risk Management Processes Credit Rating Agencies S&P Evaluation of Enterprise Risk Management Board of Directors Are being asked to provide increased oversight Need an enterprise-wide view of risk…and usually don’t get it Reporting is sporadic at best CEO’s and New Executive Management The bar has also been raised

  5. Risks Are Managed in Many Ways (and In Many Places) Throughout the Bank Credit Risk Loan Risk Rating Systems Credit Policies Loan Approval Processes Loan Reporting and Monitoring Processes (Including Loan Review) Emerging Risk: How are problem loans managed in your institution? Financial Risk Interest Rate Risks Liquidity Risks Financial Reporting Risk – Sarbanes Oxley Process (Audit Process) Regulatory/Legal Risk AML/BSA Risk Assessment – Independent Monitoring Compliance Policies, Monitoring and Reporting Risk Rating of Laws and Regulations Legal Risks

  6. Risks Are Managed in Many Ways and In Many Places Throughout the Bank Operational Risk Managed throughout the organization with numerous operational controls Disaster Recover and Business Continuity Information Risk Management Vendor Management – Risk Assessments and Controls Internal Audit Assessment of Risk Throughout the Bank (Risk –Based Audits) Strategic Risk Strategic Planning Are new strategies being develop to contemplate a dramatic change in commercial lending? Reduced Product Profitability – Net Interest Margins Under Pressure Reputational Risk Banks Under Attack Today On Many Fronts: Compensation Practices Extravagant Travel Expenses Regulatory Actions Industry-Wide Reputational Challenges

  7. The Fragmented Way in Which Risks Are Managed Can Cause a Lack of Clarity and Confusion How Does the Board and Senior Management Oversee Significant Risks Throughout the Bank? Significant issues today received the lion’s share of attention Are risks proactively managed? Are all categories of risk reported reviewed? How Are Key Risks Reported to Senior Management and the Board Today? Common reporting process for all risk categories and business lines? How are key risks measured and identified? How Are Plans to Manage Risks Discussed and Evaluated? Active management within each business line and staff group? Are Risk Tolerances Identified and Discussed? Credit risk is normally strong in this area (Limits, Concentrations, etc. are normally identified) How Do Risk Related Functions of the Bank Work Together? Audit, Loan Review, Legal, Compliance, Credit Risk, Sarbanes Oxley Do these functions use a common methodology and reporting?

  8. SRA’s Enterprise Risk ManagementImplementation Guide Assess Current State of Risk Management Start by answering the questions on the previous slide Establish Risk Management Leadership Board Sets the Tone and is Responsible for Oversight CEO Ultimately Responsible with the CRO Help Overall Risk Champion Identified Risk Management Framework Developed Common Definition of Risk Management 78% of companies have no formal definition of risk (NC State Survey) Risk Management Framework Adopted Categories of Risk Identified (Strategic, Credit, Regulatory/Legal, Financial, Operational, Reputation) Bank-Wide Risk Management Policy and Guidelines Developed Risk Governance Committee Established

  9. SRA’s Enterprise Risk ManagementImplementation Guide - Continued High Level Implementation Plan and Timeline Created Resources and Funding Identified and Approved Initial “Top Risk” Reporting Developed By Business Line and Staff Group Consolidated Bank Level Risk and Control Infrastructure Instituted in Each Business Line and Staff Group Start with a “Pilot” in One Business or Staff Group Identify a Risk Champion in Each Business or Staff Group Perform Risk Assessments Institute Risk Reporting (Key Risk Indicators Established) Risk Mitigation (Action) Plans Developed Formal Risk Management Monitoring Instituted

  10. Roles and Responsibilities Risk Management is Everyone’s Responsibility: Board of Directors/Risk Committee/Audit Committee CEO/COO/Executive Committee Chief Risk Officer (CRO) Sector managers Line of business and staff group managers Line of business and staff group employees Audit, Compliance, Legal, Loan Review, Credit Risk Management Risk Management Should Be Uniformly Baked Into the Infrastructure of the Bank Not a separate “bolt on” process

  11. A Bank Wide Risk Management Framework Must Be Established Vision, Objectives Policy/ Procedure Reporting Execution Monitoring/Assessment Copyright 2009 Robert Lane

  12. Assessing Vision and Strategy Is your vision forward looking? Where do you see the organization two to five years in the future? In crafting your vision have you considered all your major stakeholders such as: Customers Significantly changing landscape New sources of lending will be required in the future as a result of significant corrections in Commercial Real Estate, Acquisition and Development Loans, Residential Development Loans Employees Community Shareholders To achieve your vision, is it supported by goals and objectives that are: Achievable? Understandable? Meaningful? Measurable? How is vision translated into action?

  13. Assessing Policy/Procedure Written versus unwritten? A conundrum for the ages. Consider… How many people will be expected to follow the policy? Is the process a hot topic and/or one under regulatory scrutiny? Do you expect policies and procedures to “protect” you? Exception reporting is a must. More risk management is not necessarily better risk management. At some point you reach declining marginal returns. What’s the proper balance? Policy and procedure can unduly restrict flexibility and make hinder customer service. Are policies and procedures understandable and current? Policy gatekeeper? Who owns it? Interpretation?

  14. Assessing Execution Board room walls are embellished with lofty Vision and Mission Statements. Shelves are often lined with terrific policies and procedures in impressive-looking binders. But, does the organization have: an implementation plan with action steps a communications plan Who is responsible for implementation? Is the organizational structure appropriate? Do you have the right people in the right positions? Do you have the appropriate bench strength (succession planning?) Is the staff appropriately trained? Is everyone speaking the same language?

  15. Assessing Execution (continued) Training To what extent have employees been trained in new policies or changes to existing policies? How has the effectiveness of training been gauged? Resources Is the size of the staff adequate to ensure adherence with policies and procedures? Are employees provided with proper hardware, software and operating platforms? Structure Is the managerial structure in place conducive to achieving desired goals and objectives? Centralized versus autonomous? What about performance management? Can’t vs. won’t.

  16. Monitoring and Assessments Monitoring is key. We’re all from Missouri…show me! Organization must determine that monitoring coverage is adequate. Who is monitoring what? How are risks assessed in each area of the Bank? A number of different mechanisms typically exist: Internal/external audit Compliance Loan review Self monitoring (KRI/KPI) and assessment Outside consultants Exception reporting Risk aggregation Regulators How are risks identified and assessed throughout the Bank?

  17. Assessing Reporting Organization has spent a great deal of time implementing and monitoring. What do they do with the results? For a reporting mechanism to be effective, information should be from internal and external sources and: Timely Meaningful (data vs. information) Accurate Scorecards based on desired attributes of the corporation or particular line of business Applied consistently throughout the organization In many instances, you don’t know what they don’t know. So…give me everything.

  18. Making Risk Reporting Visual Color coding (green, amber, or red) enhances Board and management comprehension Provides visual placeholder Assists management in allocation of resources Allows management to track progress

  19. Special Assets Department ReviewRisk Management Assessment 1. Objectives, Goals 2. Policies and Guidelines Credit Policies Loan Workout Guidelines Exception Process FAS 114 Guidelines 6. Reporting/MIS 3. Organization and Staffing Daily Performance Information Problem Loan Report Monthly Management Reporting Quarterly Board Reporting ALLL/FAS 114 Reporting Organization Structure Staff Levels Training and Development Compensation & Performance Delegation of Authority 5. Monitoring/Assessment 4. Execution Credit Review/Internal Audit Portfolio and ALLL/FAS 114 Monitoring External Audit Monitoring of FAS 114 Management Routines Executive Management Oversight Self Assessments Problem Loan Mgmt Collections and Dispositions Loan File Management Risk Rating Accuracy ALLL/FAS 114 Process Charge-Off Decisioning Transfer In/Out Process

  20. Recent Exercise with VA Bank Examiners Conducted training session for 35 bank examiners comprising entire department for the State of Virginia Completed break out sessions in which examiners assessed their banks Here are their findings

  21. Risk Management State-Wide Vision Policy/ Procedure Reporting Execution Monitoring/Assessment Copyright 2009 Robert Lane

  22. Vision Assessment - Amber Strengths: Banks regularly meet to discuss plans Progress tracking occurs in most institutions Some banks have well developed Budgets Weaknesses: • Outdated Strategic Plans • The market has changed dramatically • Plans are too general • Some banks lack well developed Capital Plans • Many banks have unrealistic goals (i.e., growth plans)

  23. Policies and Procedures - Amber Weaknesses: Policies and procedures tend to be “boiler plate” and “one size fits all” Polices are written for the Examiners Polices are too broad and not understandable Exception reporting is haphazard Too many conflicting policies Policies are too restrictive Not communicated effectively to employees Conflicts in operating practices and policy Strengths: • Most banks have complete policy manuals written • Generally covers all areas of the Bank • Reviewed annually and approved by the Board • Generally one employee is designated to be the “gatekeeper” for their area

  24. Execution Assessment - Amber Strengths: Generally implement plans and communicate well Banks have the right people in the right positions Training appears adequate Some banks now adding Risk Management Committees Also adding senior loan officer and compliance officers Weaknesses: • Ineffective policies and procedures makes execution inconsistent • Credit approval for example • Lack of independent quality control procedures • Ineffective/nonexistent MIS for timely receipt of critical information • Poor quality of staff • Overstaffing and still not meeting goals • Failed merger of previously independent banks • Ineffective/nonexistence Treasury function • Lack of good succession planning

  25. Monitoring Assessment - Amber Strengths: Internal audit is generally adequate Loan review starting to get stronger in some institutions Effective communication between senior management and the Board Exception tracking is adequate Weaknesses: • Risk assessments should be more detailed (BSA and IT) • Broad risk parameters serve as guidance • Weak loan review functions

  26. Reporting Assessment - Red Strengths: Couldn’t site any Weaknesses: • Untimely reporting • Board not asking questions • Quality of information is poor • Chairman of the Board dictates solely what reports go to the board • Exception to policies not appropriately reported • Lack of compliance not reported to the Board • Lack of delegation of authority to management – input guarded

More Related