In the first quarter 2005 issue of SRC Insights, I discussed several issues I believed were worthy of close management attention during 2005. These included accounting, auditing, and internal controls; compliance risk, credit risk, and interest rate risk; and mergers and acquisitions. As we enter another new year, I think it is prudent to revisit these topics, since some still require close attention, and also to look ahead to examine how these and other issues, including information security, ethics, business continuity, competition for talent, and Basel, could impact banking organizations in 2006. Banking organizations continue to face challenges; however, they have proven themselves to be resourceful when faced with such demands.
Accounting, Auditing, and Internal Controls
Broadly speaking, financial reporting is still about measuring performance, disclosing information, and creating the infrastructure to ensure confidence and integrity in financial statements. Accounting, auditing, and internal control issues continue to provide challenges for management. In 2005, accelerated filers completed the first cycle of Sarbanes-Oxley Section 404 reporting (SOX 404)—management’s report on internal control over financial reporting and the related auditor’s report on management’s assessment—and the majority of comments received by regulators on this new reporting requirement were negative. While the industry recognized that certain benefits were achieved from implementing SOX 404, the overall consensus was that the increased costs outweighed the recognized benefits. In response, regulators released additional guidance in May 2005 to provide further information and clarification in certain identified implementation areas to help reduce any unnecessary costs and other burdens without jeopardizing the benefits of the new requirements. Moreover, outside auditors with experience from the previous year will likely make adjustments to improve the value of the process in 2006.
Management needs to keep current on all auditing and accounting issues to ensure that financial statements are prepared according to generally accepted accounting principles and to state financial results accurately. Last year, closure was reached on the Other-Than-Temporary Impairment guidance with the release of FASB Staff Positions (FSP) 115-1 and 124-1. The FSPs maintain the three-step process for determining investment impairment and nullify certain requirements of the original EITF 03-1. In 2006, updated FASB guidance related to business combinations and consolidated financial statements is expected to be finalized. One of the major issues is the elimination of the ability to carry over the allowance for loan and lease losses (ALLL) in a business combination. Also in 2006, final guidance is expected, amending FAS 140, Accounting for Transfers and Servicing of Financial Assets and Extinguishment of Liabilities, which deals with the issues of legal isolation and other conditions for sale treatment. In addition, accounting for post-retirement benefits will receive FASB’s attention in 2006, and FASB is also expected to release draft guidance that addresses fair value accounting. Finally, the SEC will address disclosures surrounding executive compensation.
Compliance risk will remain a central focus for management in 2006. High-profile regulations were in the spotlight in 2005, including HMDA and the Bank Secrecy Act and Anti-Money Laundering (BSA/AML) rules. In today’s climate of increasing organization complexity and business line diversity, organizations are strongly encouraged to manage compliance in a more integrated, enterprisewide manner. This allows them to identify potential gaps, overlaps, or unclear boundaries between their individual compliance programs and to help allocate resources to areas with higher reputational risk. While effective compliance risk management is imperative, it is important that banking organizations do not maintain a singular focus on compliance. Strategy, innovation, leadership, and growth are also key components for a successful organization.
Last year was the first year for the release of expanded HMDA data. The data alone are not a definitive indicator of unfair practices or lender abuses. Rather the inclusion of loan pricing information provides regulators with a screening tool to identify situations where additional testing may be necessary to determine the effectiveness of fair lending compliance.
As planned, a new BSA/AML examination manual was released in June 2005. The new manual was designed to clarify existing regulatory requirements and examination expectations and to promote examination consistency among the regulators. It does not introduce any new guidance. Sound BSA/AML risk management enables an organization to identify risks, to better direct resources to safeguard operations from money laundering or terrorist financing, and to ensure compliance.
Throughout 2005, asset quality indicators showed no significant signs of deterioration, and underwriting standards were considered to be at historic highs, but strong competition can force easing of standards, and risk management practices may not have kept pace with the recent strong loan growth. High growth markets and increased commercial real estate lending at community banks are two areas of current supervisory concern, and regulators are carefully monitoring CRE concentrations. In addition, strong growth in nontraditional mortgage products prompted the issuance of draft interagency guidance in late 2005. Regulators have concerns over the suitability of these products to a broader range of customers, the effect of payment shocks, and the layering of risk.
Interagency draft guidance on CRE concentrations was also released recently. Management must ensure that credit concentrations are monitored and managed effectively to limit risk exposure, and institutions with concentrations are expected to adopt advanced risk management practices to mitigate the associated risks. Now is an appropriate time to review lending manuals and the portfolio management process.
Also, in late 2005, loan loss provisions were on the rise. In 2006, close attention will be paid to this trend to determine whether this was only in response to one-time events or whether this supports indications that we have reached a peak in the credit cycle.
Interest Rate Risk
The Federal Open Market Committee raised its target for the fed funds rate eight times in 2005, bringing the total number of rate increases to 13 over the last 19 months. However, despite the ongoing increases in short-term rates, long-term rates were little chaged. Accordingly, the yield curve conitued to flatten in 2005, resulting in margin compression. Loan pricing did improve late in the year and, combined with solid loan growth, did offer minimal margin relief. Some institutions have restructured their balance sheets in response to rising rates, and this has come at a cost. Regulators continue to express concern over leverage programs that are not effectively utilized, which can increase interest rate risk and create the potential for a negative impact on earnings in a rising rate environment. Another area of ongoing focus will be rising noncore funding levels as strong competition for deposits continues. In addition, continued margin pressure may lead to yield chasing, and unrealized securities losses have re-emerged as a result of the rate increases. Management should ensure that interest rate management practices remain strong through this evolving economic environment.
Mergers and Acquisitions
As was predicted in 2005, earnings growth is again expected to slow in 2006. There was strong merger activity in 2005, but it was less than in the previous year, and the total assets involved were greatly reduced. Due to the slowdown in earnings performance, a desire for continued growth and expansion, and a reduction in merger premiums, a renewed motivation for consolidation may emerge in 2006. Merger activity will be spurred by balance sheet mismatches, market share penetration strategies, management succession, equity prices, and rising expenses. New organizational infrastructures are also emerging in response to new technologies, market changes, and regulation. Nevertheless, de novo institutions will continue to form in response to consolidation.
Incidents of threats to the security of customer information are in the news every day—phishing, hacking, insider abuse, and the loss of backup tapes. Regulators continue to focus on organizations’ preventative measures for safeguarding customer information. In 2005, Interagency Guidance on Response Programs for Unauthorized Access to Customer Information & Customer Notice and Interagency Guidance on Authentication in an Internet Banking Environment were both issued. Due to the rapid changes in the business environment, management must be diligent in addressing its information security risks. This includes ensuring a secure relationship with third-party vendors when information technology is outsourced, including conducting due diligence of the vendor, assessing all of the associated risks, and completing regular reviews of practices and procedures supported by the vendor’s products and services. Banking organizations are expected to design an information security program to control risks commensurate with the sensitivity of information and the complexity and scope of activities.
Ethics—Code of Conduct
The greatest risk to a firm’s reputation is a breach of the law or its code of conduct. Banks should ensure that sound tenets of corporate governance are deeply rooted in their cultures to strongly promote and support an environment of ethical decision making.
Business impact and risk assessments are the foundation for an effective business continuity plan. Planning should be conducted on an enterprisewide basis, and plan effectiveness should be tested. Results should be subject to an independent audit and reviewed by the board of directors. Periodic updates are also necessary to address any changes in the organization or its service provider.
Competition for Talent
The ongoing shift to technologically-intensive industries, demographic shifts, and increasing competition for skilled lenders and risk managers may constrain an institution’s ability to grow. A shortage of suitable candidates will require banking organizations to seek creative ways to deploy flexible staff and place a premium on effective recruitment and staff development and retention.
Finally, no review of the past year or discussion of expectations for the coming year would be complete without a mention of the ongoing implementation of the proposed Basel II guidance. The U.S. is striving to implement the proposed international regulatory framework of Basel II by 2009. Establishing the link between regulatory capital and risk management and the need to identify and measure risk at the largest, most complex organizations are two of the key goals of the Basel II framework. A Basel I ANPR was issued in 2005 to address areas that are in need of updating and specific potential competitive implications of Basel II.
The views expressed in this article are those of the author and are not necessarily those of this Reserve Bank or the Federal Reserve System.