With stable economic conditions, many community and local banks are experiencing a period of steady growth. As they approach $1 billion in total assets, these growing banks encounter additional opportunities – but they also face new risks and regulatory expectations.
In some instances, boards and executive teams might find the added pressures and increased supervisory efforts that the $1 billion threshold entails to be a considerable burden. In fact, some institutions hesitate crossing the $1 billion asset mark, choosing to restrain growth when they see the milestone approaching.
Regardless of whether they choose such a strategy, the board and senior management should begin surveying the wide variety of new requirements well in advance so that they can make an informed strategic decision and equip themselves to manage the increased compliance and risk management challenges they will face if they choose to continue their growth. Here are five important steps banks should take as they approach $1 billion in total assets.
Banks nearing the $1 billion threshold will already be familiar with some of the requirements of the Federal Deposit Insurance Corporation Improvement Act of 1991 (FDICIA). Among other provisions, FDICIA requires banks with more than $500 million in total assets to have an audit committee made up mostly of outside directors. In addition, they must submit an annual report that includes an independent auditor’s report to the audit committee and management reports that clearly state management’s responsibility for establishing and maintaining adequate internal controls over financial reporting.
When a bank’s assets exceed $1 billion, the FDICIA requirements become more extensive. A $1 billion bank is required to have a completely independent audit committee, which could mean several new members must be recruited.
The management reporting requirements are expanded as well. When a bank exceeds $1 billion in total assets, the CEO and CFO are required to submit a formal assertion regarding the effectiveness of the bank’s internal controls over financial reporting based on a recognized internal control framework. In addition to developing and implementing a qualified framework, this assertion also involves extensive documentation and testing of the controls. Moreover, the independent auditor’s report must include an attestation regarding the effectiveness of such controls.
The time and resources that will be needed to meet these requirements are extensive. While some banks complete their FDICIA compliance projects in a year or less, a more reasonable 18- to 24-month schedule can be much less of a struggle and considerably less costly.
Bear in mind also that the FDICIA requirements are established as of the end of the calendar year. So if a bank reaches $1 billion in total assets on Dec. 31, it must begin complying with the expanded FDICIA requirements immediately in the new calendar year.
Clearly, looking ahead and anticipating the threshold a few years in advance is important. Starting early gives everyone time to document the relevant business processes, identify critical financial reporting controls, implement the necessary framework, and test the controls to confirm their operating effectiveness. What’s more, the associated costs of these activities can be spread out over two years.
Beyond the initial implementation costs, banks also should expect to incur additional audit expenses during the first several years after crossing the $1 billion threshold, as auditors will need to develop and implement the relevant testing procedures that will enable them to attest that the internal controls over financial reporting are effectively designed and operating as intended. Moreover, in addition to the tangible cost- and resource-related issues, banks also should anticipate some cultural and operational challenges as employees learn to adapt to the more formal and structured financial reporting processes and controls.
A formal, structured ERM function is an almost universal feature among large financial institutions, as it is among most large organizations. In smaller banks, however, risk management typically is a more locally focused activity, with each functional unit’s management team focusing on its own specific risk management responsibilities. These responsibilities can range from simple and obvious roles such as protecting cash in teller drawers to more complex ones such as verifying regulatory compliance, assessing and managing credit risk, and developing and implementing long-term strategies.
As they approach the $1 billion threshold, banks that do not yet have dedicated ERM functions can expect to encounter growing regulatory pressure to establish such a unit. Banks that already have established ERM functions should be prepared to devote additional time, personnel, and other resources to advance their risk management programs to the next level of maturity.
In addition to implementing consistent, structured processes for assessing and mitigating risks across all departments, effective ERM programs also can help banks do a better job of identifying and seizing opportunities. After all, a prudent amount of risk is inherent to banking. Without risk, a bank ultimately ceases to function.
The ERM function identifies, assesses, reports, and mitigates those risks appropriately so that management can correctly balance the risk against the potential reward. In this way, ERM becomes much more than a defensive measure for managing immediate risk. Instead, it can live up to its full potential as a strategic tool that supports the bank’s long-term growth.
Obviously, ERM cannot succeed without complete support from the board and executive team. The board must actively ask strategic questions to validate management’s focus on risk management, identify gaps in the system, and establish and support a formal structure for identifying, assessing, and addressing risks and opportunities.
Clear ownership of the effort is important, and banks should appoint a chief risk officer or comparable high-level executive who will be responsible for the ERM process and program. He or she is charged with bringing together the various risk-related activities within the bank to make sure see that they align with the bank’s overall risk tolerance profile.
At the same time, though, all members of the organization must recognize their own continuing responsibilities. For example, managers in all areas should be encouraged to participate in identifying and discussing risk and should understand what risks the organization will and will not accept.
Ultimately, the purpose of the ERM program is to move beyond just establishing the systems, processes, and technical aspects of risk management. As crucial as these tools are, they are secondary in importance to the vital cultural foundation that must be present for ERM to be effective.
For many years, the largest banks in the U.S. have been working aggressively to capitalize on fast-changing technological advances. Regional and community banks, on the other hand, often find they must allocate their more limited resources carefully to achieve the greatest possible benefit for their technology investments. As a result, the rate at which banks adopt various advanced data science tools varies widely among individual institutions.
One of the fundamental requirements for taking advantage of today’s digital technologies is having access to the necessary data, particularly customer data. The process of building out a bank’s databases, verifying their accuracy, synchronizing them, and making them secure can require a major commitment of time and resources – not to mention a very large financial investment.
As the $1 billion threshold approaches, this effort takes on greater urgency. Even if a growing bank is not yet ready to launch many of the most sophisticated tools today, it will almost certainly need to implement them within the next few years to remain competitive. Capturing and digitizing the necessary data now will be considerably less expensive than trying to recreate missing information later.
The migration to the current expected credit losses (CECL) methodology for estimating credit loss allowances offers a good example of the type of data challenges faced by growing financial institutions. The expanding loan-level analytics and reporting requirements associated with CECL have put severe strains on some banks’ data management capabilities, especially when data is siloed and not easily integrated across the enterprise. In such instances, the costs of data acquisition, monitoring, and governance can be substantial.
As data volumes grow, and as the loan and deposit data that banks capture becomes increasingly granular and detailed, the issue of data governance takes on added importance. Cybersecurity, data privacy, data integrity, and regulatory compliance also become increasingly challenging. Growing banks should reassess and, if necessary, enhance their data governance programs now, in anticipation of the increased reliance on data-driven decision-making in the future.
In addition to upgrading their data management processes and governance policies, banks approaching $1 billion in assets also can expect to make additional investments in new data technology systems and solutions, starting with the bank’s core technology system. A core system designed to meet the needs of a $500 million bank in a cost-effective manner generally will not have the level of sophistication that a bank needs at the $1 billion level – and will become even more inadequate as growth continues. In almost every instance, the infrastructure and systems either begin to fail or, at the very least, cannot deliver the solutions the growing bank is seeking.
The new infrastructure should be designed and implemented in a way that can be scaled up in the future as demand grows. In addition to growing volumes of customer and transaction data, the new system must also be flexible and adaptable to new types of digital banking products and services, some of which have probably not been invented yet. For a community bank with extensive paper files and manual processes, the upgrade can be much less costly and stressful today than it could be several years from now. In addition, delaying needed technological upgrades can deprive the bank of several years’ worth of productivity and efficiency improvements.
In most instances, upgrading a bank’s core system can help centralize many functions. Properly managed, this centralization can help produce improved quality and greater consistency in the way transactions are handled. At the same time, though, centralizing various functions can have a significant impact on bank staff, so the infrastructure upgrade should include plans for reallocating resources and retraining employees as needed.
While most of the focus in infrastructure is on technology systems, it is also prudent for growing banks to revisit their physical infrastructure as well. Branch strategies, reconfigurations, and consolidation will continue to grow in importance as the bank’s asset size increases.
As the costs associated with crossing the $1 billion threshold rise, bank executive teams might reasonably wonder how they will maintain reasonable cost structures and maintain shareholder value in the coming years. Fortunately, bank growth also presents an opportunity to reduce some incremental costs by taking advantage of economies of scale and other efficiencies.
Reducing costs can be most readily accomplished by engaging strategic sourcing and procurement specialists to perform a comprehensive vendor benchmarking project. The first step involves gathering accounts payable and vendor contract data across the entire organization and then comparing those expenditures against expense levels reported by comparable peers.
The bank executive team also reviews additional opportunities for centralizing the procurement of various operational services, which might still be handled at the branch or operational unit level. Armed with up-to-date expense benchmarks, procurement teams can then prioritize the various disparities and develop a renegotiation strategy, beginning with those contracts that offer the greatest savings opportunity.
Industry experience suggests such a project typically can produce annual cost savings in the range of $250,000 for every $1 billion in total assets – a figure that can offset a significant portion of some of the other expenses incurred in association with the $1 billion threshold. In many instances, such a project can be conducted on a pay-for-performance basis, so cost outlays are minimal.
As banks cross the $1 billion threshold, they can expect to encounter more robust regulatory requirements as well as the need to implement new programs, processes, and procedures across all business lines and administrative departments. At the same time, however, boards and management teams should remember what got them to this point – a focus on corporate cultures and underlying values.
Maintaining a consistent commitment to customer service will become even more crucial as banks expand into more competitive arenas. In the same way, reiterating cultural values can help maintain the right tone from the top – an important tool in offsetting fraud risks that also are likely to increase as banks grow.
Above all, banks approaching the $1 billion milestone should begin early – well over a year in advance – to engage in a thorough, thoughtful, and comprehensive evaluation of the changes they will encounter and to develop the strategies they will employ for a successful transition.