Stumbling Stones

Regulators spotlight toe-stubbing rocks in the examination road

By Cheryl Winokur Munk

Community banks have managed an unprecedented amount of regulatory change in recent years, and most banks are doing a good job keeping up, according to several federal and state regulators. There are, however, some areas where banking agency officials see some room for improvement.

Here are a few regulatory stumbling stones—some involve new issues, but most involve familiar, ongoing issues—that state and federal regulators see some banks tripping over during their examinations.

Broadly, regulators say their supervisory antennas continue to quiver most when banks change a business strategy, enter a new marketplace or engage in a new product or service line without completing the necessary homework beforehand. These circumstances are when banks typically encounter the most regulatory and operational troubles, they say.

Michael Steckline, vice president of consumer affairs in the Kansas City Federal Reserve’s department of supervision and risk management, stresses the importance of connecting compliance staff with all other operational areas. Sometimes banks run to the marketing department without routinely involving compliance and before fully understanding the risks of a new endeavor. Other times, banks fail to think holistically about what the overall impact an action might have, Steckline says. (See “A Seat for Compliance,” on page 40.)

“We can tell right away whether there’s been communication,” adds Todd Hirsch, a managing examiner with the Omaha branch of the Federal Reserve Bank of Kansas City, whose district supervises nearly 200 state-chartered community banks. “We know something doesn’t seem right when we hear one story from one area of the bank and another story from a different area.”

Ongoing issues
Of course, examiners at the FDIC say they’ve been most watchful lately of credit and interest-rate risks, a lingering holdover from the excesses of the mortgage market bubble as well as the ongoing low-interest-rate environment. Another area of ongoing attention for regulators—if not a mantra of warning from them—is when a bank’s activities become “too concentrated” in one business activity or another. In particular, community banks need to show regulators that they understand the risks of focusing a certain set of lending activity—such as commercial real estate lending, as is widely known and repeatedly heard by community bankers—and that they have enough capital to withstand potential issues.

“It’s something that can be damaging to banks if not handled in an appropriate way,” offers James Hunter, vice president of exams and inspections in the Kansas City Fed’s department of supervision and risk management.

“The devil is always in the details.”
—Beverly Cole, Office
of the Comptroller
of the Currency

Third-party vendor management is another area where regulators see compliance concerns arise from time to time, and where community banks should act not just thoughtfully but energetically, points out Bret Afdahl, director of the South Dakota Division of Banking, which performs safety and soundness exams for 52 state-chartered community banks.

Afdahl says community banks need to thoroughly understand the work and performance of their various vendors—and actively monitor that performance—as much as any operations within their own institution. He gives the example of banks that enter relationships with third-party service providers to market credit cards, where those third parties don’t accurately disclose the terms of the card. That scenario would raise a big red examination flag—for regulators and ultimately for the banks on the receiving end of regulatory scrutiny.

“If banks are going to get into that kind of product, they need to figure out what the compliance requirements are and what pitfalls to avoid before they enter into the relationship,” Afdahl says.

Community Banker
University®, powered

ICBA’s comprehensive education curriculum for community bankers offers a wide range of compliance resources, from classroom seminars and certification courses, to online instruction to audio conferences and webinars. The program also offers compliance publications and working papers.

Maintaining accurate records and files on borrowers, particularly commercial borrowers, is another area where some banks have issues. Robert J. Entringer, commissioner of the North Dakota Department of Financial Institutions, has seen numerous banks fail to keep their lending documentation up to date. His state’s banking department has been warning institutions about the issue for several years, but he says the problem still occasionally surfaces.
“Banks need that information,” says Entringer, who oversees 69 state-chartered banks. “We want to see it too, but it’s to their benefit.”

Anticipate new rules
Some state and federal regulators suggest that community banks think ahead about pending rules and regulatory changes coming down the pike and consider how to prepare for those sooner rather than later. Many community banks, for example, will need to upgrade their IT systems to comply with expanded reporting requirements of the Home Mortgage Disclosure Act, which becomes effective in 2018. The new HMDA requirements add about 25 new data reporting fields.

Although community banks may already have some of the necessary data on hand for expanded HMDA reporting, “the devil is always in the details,” suggests Beverly Cole, deputy comptroller for compliance supervision at the Office of the Comptroller of the Currency. “Now is the time for banks to start preparing for the change.”

Not surprisingly, another dynamic area that regulators expect to continue to scrutinize is banks’ cybersecurity defenses, procedures and training. So far, community banks in North Dakota have been doing a good job of responding to the ever-changing threats and regulatory requirements involved with cybersecurity, but the issue will always require ongoing attention from front-line staff, senior managers and directors, as well as IT managers, Entringer says.

“Cybersecurity isn’t just the IT guy’s problem. It needs to be on the forefront of the board’s discussions and reviewed,” he says.
Meanwhile, federal and state regulators recognize that not all issues related to compliance and regulation are clear-cut and encourage banks to use many of the free information resources regulators have made available to them. They also encourage banks to reach out with questions or concerns—perhaps even before spending the money on getting an outside consultant’s advice.
“I think we can save them some money and time if they contact us first,” says Cole, with the OCC.

Cheryl Winokur Munk is a financial writer in New Jersey.