Focus on risk management
Northwestern Financial Review, Jun 15-Jun 30, 2003 by Grandstrand, Karen L
Bank examiners are focusing on risk management. Increasingly, banks are facing examiner criticism, downgrades in CAMELS ratings, and enforcement actions based on the alleged failure to have sufficient internal systems for identifying, measuring, controlling and monitoring risk. Examinations and enforcement actions are demanding greater board of director oversight, better loan documentation, an audit program controlled by outside directors, and compliance monitoring systems.
A number of factors are driving the focus on risk management, including the soft economy, bank expansion into new markets and products, bank growth and recent financial scandals. In addition, the Sarbanes-Oxley Act has created new standards for corporate governance. While these standards technically do not apply to non-public banking organizations with total assets of less than $500 million, they have become the standard against which everyone is judged.
Indeed, on March 5, 2003, the FDIC issued a Financial Institutions Letter strongly encouraging financial institutions to follow a number of the Sarbanes-Oxley provisions. For example, the FDIC letter encourages each bank and its external auditing firm to comply with the auditor conflict of interest rules, adopt a code of ethics, and ensure effective communication between the external auditor and the bank's audit committee.
On May 5, 2003, the OCC, Federal Reserve and OTS issued a separate release concerning the applicability of Sarbanes-Oxley and the recent corporate governance proposals for the New York Stock Exchange (NYSE) and the NASDAQ. The release states that the agencies do not expect to take steps to generally apply the board composition, director independence, audit committee, auditor independence and other corporate governance requirements of Sarbanes-Oxley or NYSE and NASDAQ proposals to non-public organizations that are not otherwise subject to them. The release additionally provides that the agencies continue to believe that supervisory responses should be appropriate to the size, complexity, risks and resources of different banking organizations. The agencies' regulatory approach, as well as the approach adopted by Congress in the Sarbanes-Oxley Act, has sought to balance the goal of strong corporate governance with the recognition that smaller, non-public banking organizations typically have fewer resources and less complex operations than public organizations.
However, the release goes on to state that organizations are encouraged to periodically review their policies and procedures relating to corporate governance and auditing matters and ensure that such policies and procedures are consistent with applicable law, regulations, and supervisory guidance and remain appropriate in light of the organization's size, operations and resources. Further, the agencies will assess an organization's policies and procedures for corporate governance, internal controls and auditing during the supervisory process and may take enforcement action if there are deficiencies.
In other words, while your bank may not be subject to Sarbanes-Oxley, the regulators expect your corporate governance, internal controls and audit to "remain appropriate." The risk management standards that were accepted at past examinations may not be accepted now if your bank has grown, experienced an increase in classified credits, or expanded into new markets and products. A good example of the changed expectations is the recent Written Agreement among Fifth Third Bancorp, the Federal Reserve Bank of Cleveland and the State of Ohio. The Written Agreement focuses on the improvement of Fifth Third's risk management, internal controls, financial accounting, audit, and information technology functions, as well as its management and corporate governance policies and procedures. This enforcement action against Fifth Third is not based on violations of Sarbanes-Oxley, but on the regulators' assessment of the quality of Fifth Third's overall risk management systems. In our experience, many similar enforcement actions have been proposed by the regulators against banks of all sizes, including small, non-public banking organizations.
Accordingly, banks of all sizes should understand the changed landscape. Based on the new standards, banks need to be proactive. Every banking organization should review existing practices and controls; establish a risk management program that it believes is appropriate given the organization's size, operations and resources; and be ready to explain its risk assessment and risk program to the examiners. This proactive approach will limit examination findings and better ensure that the bank board of directors, versus the examiners, is determining the organization's governance structure and managing the bank's affairs.
KAREN L. GRANDSTRAND
Bank & Finance Group
612.492.7153
Most Recent Business Articles
- Multiple criteria evaluation and optimization of transportation systems
- Multi-criteria analysis procedure for sustainable mobility evaluation in urban areas
- A two-leveled multi-objective symbiotic evolutionary algorithm for the hub and spoke location problem
- Multi-criteria analysis for evaluating the impacts of intelligent speed adaptation
- The development of Taiwan arterial traffic-adaptive signal control system and its field test: a Taiwan experience
Most Recent Business Publications
Most Popular Business Articles
- 7 tips for effective listening: productive listening does not occur naturally. It requires hard work and practice - Back To Basics - effective listening is a crucial skill for internal auditors
- FAS 109: a primer for non-accountants - Financial Accounting Standards Board's "Statement 109: Accounting for Income Taxes"
- LIFO vs. FIFO: a return to the basics
- Too Young to Rent a Car? - 25-years-old the minimum age for car renting - Brief Article
- Design a commission plan that drives sales - Sales Commissions
Most Popular Business Publications
Content provided in partnership with
Presented by American Express