Regulatory agencies’ perspectives on strategic risk
By Cheryl Winokur Munk
Thanks to heightened market changes and competitive pressures, banks are juggling more strategic risk than ever before. Accordingly, federal and state regulators are stepping up their efforts to ensure that banks understand and are properly accounting for these additional strategic risks.
Regulators define strategic risk as the threats to a bank’s earnings and capital from making poor business decisions, failing to implement business decisions properly or failing to respond to industry changes. Strategic risk is one piece of the larger enterprise risk-management pie, regulators say.
While the published regulatory guidance itself around strategic risk isn’t new, these days banks and regulators are discussing issues pertaining to strategic risk more often. That’s mainly because of various business and market-related happenings such as the prolonged low-rate environment, heightened competition from nonbank providers, new regulatory requirements and fast-paced technological changes affecting the industry.
Accordingly, regulators are focused more intently on certain areas of strategic risk than they were a few years back, and they’re having more discussions with banks about what does and doesn’t fly. “We’re seeing more changes to a bank’s strategy than would historically have been normal,” says Darrin Benhart, deputy comptroller for supervision risk management at the Office of the Comptroller of the Currency.
By necessity, cybersecurity is one area of strategic risk receiving heightened regulatory attention. Regulators want banks to demonstrate they have procedures and controls around information relating to a bank’s information technology. Ignoring it could be considered strategic risk, according to James Watkins, senior deputy director of supervisory examinations in the division of risk management supervision at the FDIC.
Competitive pressures from so-called FinTech companies and alternative nonbank lenders also have caused more banks to delve into products and services they have never offered before. Regulators want banks to show that they have thought through business decisions carefully and have plans in place to get them where they want to go, explains David Cotney, commissioner of the Massachusetts Division of Banks and chairman of the Conference of State Bank Supervisors.
So, for example, if a bank is examining ways to get into new business lines, regulators want to see the complete plan in writing—to make sure it’s the right direction for the bank and that the bank has thought through the operational issues, the risks and how the bank will handle those risks. The goal is to ensure the bank has a sound plan and strategy before it goes in this new direction, Cotney says.
Regulators also are taking a closer look at banks’ lending controls, as they move into new areas or develop certain loan concentrations. “When a bank has loan concentrations, we expect heightened supervision for that lending activity,” Watkins explains. “We want to make sure management is familiar with the activities and has the proper understanding and control systems.”
“When a bank has loan concentrations, we expect heightened supervision for that lending activity.”
—James Watkins, FDIC
During examinations, regulators consider such issues as whether the bank is making sound assumptions. Sometimes banks haven’t completely thought through the operational complexities or compliance-related issues that may arise from introducing new products or services.
“Examiners look for areas where we think banks haven’t really thought things out,” Benhart says.
Regulators also are paying closer attention to banks’ third-party relationships. Their goal is to ensure banks don’t rush into these associations without doing their homework. “You want to make sure that the fit is right and that your due diligence is adequate,” Cotney says.
Strategic risk also comes into play when banks decide not to implement certain products and services that competitors may offer. Regulators say they aren’t forcing banks to offer particular products or services, but add that banks do need to be mindful that not responding in a timely fashion to industry changes can put their business at risk.
“If you aren’t responsive and looking at your business model, your business can dwindle away, reducing your earnings, and the safety and soundness of the bank can be an issue,” Benhart says.
Cotney encourages banks to initiate informal discussions with regulators when questions or concerns arise about strategic risk. “If they are thinking about big changes in the direction of an institution, we certainly welcome having that kind of conversation,” he says.
Cheryl Winokur Munk is a financial writer in New Jersey.