Future Ready


Four considerations in measuring and monitoring strategic risk

By Cheryl Winokur Munk

Federal and state regulators are examining strategic risk with a fine-tooth comb these days, and many banks are figuring out how to properly account for this somewhat amorphous and frequently changing risk category.

Regulators define strategic risk as the risk to a bank’s earnings and capital from making poor business decisions, from not implementing business decisions properly or from failing to respond to industry changes. By definition, strategic risk is always changing, and this requires banks to stay on their toes.

Here are some important guidelines from regulatory consultants to consider as your community bank engages in the process of monitoring and addressing strategic risk.

Put everything in writing. Unlike several years ago, most banking supervisors now expect banks to have a written and detailed strategic plan as part of the risk-assessment process. A plan should include specific and measurable short-term and long-term goals. It also should factor in external risks such as the national economy and the local economy as well as the regulatory environment, explains Pam Perdue, executive vice president of operations at Continuity, a regulatory compliance consulting firm in New Haven, Conn.

In addition, regulators want to see, in writing, that banks have considered various possibilities, run different models and can justify their business decisions, she says.

Perdue says she’s seen banks create two-page strategic plans but says regulators are now looking for something longer and more comprehensive. Accordingly, a sound strategic plan should be 20 to 50 pages for the average community bank, she maintains.

“Regulators have moved away from accepting informal methodologies, and they want to see formal, written methodologies,” she says.

Be specific. Among other things, banks need to show in writing that they have considered the various effects market and regulatory changes can have on their business. Specifically, banks need to focus on areas such as new capital requirements, interest-rate risks, identifying loan concentrations and cybersecurity. For each of these areas, regulators will want to make sure banks have thought through various scenarios and have hedged appropriately.

“You do not want the regulators to be identifying the risks that you’ve missed,” says Greyson E. Tuck, a consultant and attorney with Gerrish McCreary Smith, a community bank consulting firm in Memphis, Tenn.

Regulators are also increasingly focused on the strategic risk of not having a viable succession plan in place. Tuck says he has seen a few recent examples of regulators who have cited banks as deficient during formal exams for not having a written succession plan for the bank’s top three officers.

“This has to be part of every effective strategic plan,” Tuck says. “It’s important because if you don’t have a plan for who is going to run the organization, when you’ve got a change in management, you’re going to be caught flat-footed. It all boils down to business continuity.”

Show regulators you’ve done your homework. Regulators want to make sure banks have carefully considered the possible ramifications of rolling out new products and services. For instance, regulators want to see in writing that the bank has researched the product or service, has considered the potential effects on earning and capital and has a concrete compliance plan, explains Cathy Ghiglieri, president of Ghiglieri & Co., a consulting firm in Austin, Texas.

Regulators also want to see documentation that banks have considered additional staffing needs, any infrastructure changes, and management, training and cybersecurity issues, among other things, she says.

Four or five years ago, banks could have tried delving into new business areas without going through so many hoops. Now the regulatory environment requires them to be much more sure-footed about their decision-making processes, explains Todd Cooper, a vice president and general manager with Wolters Kluwer Financial Services, a risk-management and consulting firm in Minneapolis.

Ask for regulatory feedback. Many banks are fearful of regulatory scrutiny and don’t realize they can ask their primary regulator for informal feedback at any time. This gives banks an opportunity to fix potential issues well before a formal examination is underway.

“It’s a great way to take advantage of the regulatory help you can get without it costing you a penny,” says Perdue. “The mutual goal of the regulator and the bank is the success of the bank.”

Cheryl Winokur Munk is a financial writer in New Jersey.