Local Banks Deem Risk Management a High Priority
In the wake of the Great Recession, federal banking regulators have beefed up risk management rules for American financial institutions, as part of an effort aimed to prevent another fiscal crisis.
The obscure, looming prospect of setting off another financial collapse, coupled with the real threat of repercussions from the government for not meeting standards, has banks shifting more of their focus from returns to risk.
In fact, many banks are going beyond legal requirements.
The Office of the Comptroller of the Currency is cracking down, in particular, on financial institutions with more than $50 billion in assets, with the newest batch of regulations passed in January, amid warnings of heightened risk expectations.
The law requires these large banks to put in place a structured risk assessment and mitigating procedure and to hire chief risk officers. Banks with at least $10 billion in assets are required to have a separate risk committee.
However, some smaller banks are following suit and adopting policies based on these guidelines.
“Our policy and procedures go above and beyond what regulation calls for because it’s good practice,” said Nathan Gairhan, president and CEO of United Bank of Springdale.
A survey published in January by BankDirector.com shows 97 percent of banks with more than $1 billion in assets employ a chief risk officer or equivalent on staff, and 63 percent oversee risk within a separate risk committee.
Regardless of if financial institutions are enhancing risk management programs in order to ensure legal compliance or as a best practice, risk management seems to have become more of a priority than ever before.
Bank of Arkansas CEO Jett Cato named actively managing risk and building risk and compliance management capabilities as one of the bank’s top five corporate objectives for 2014.
Changes for the Fayetteville-based bank include an expansion of its risk management staff.
“We are putting a lot of time and effort into risk management,” said Jeff Kennedy, director of operational risk management.
Bank of Arkansas, a division of BOK Financial Corp., reported assets of $27 billion to the Federal Deposit Insurance Corporation in Dec. 31. However, the bank is working to implement a risk management framework that is only required for larger banks, with added steps that include examining risk appetite, which helps define boundaries and limits, Kennedy said.
Honed System
Risk management strategy is nothing new in the banking world.
“It’s in our DNA,” Gairhan said.
However, although risk management strategies have been present in banks for many years, the systems are now being honed and formalized.
At Bank of Arkansas, a formal risk management officer was appointed about a year ago. Before that, the chief audit executive took on the responsibilities.
United Bank, which is currently still classified as a federal savings and loan, although it has filed for chartered bank status, has had a formal risk management policy set in place since 2011, Gairhan said.
At Arvest Bank of Fayetteville, many risk management positions have been in place for more than 20 years and some for much longer, said Robert Kelly, chief risk officer. However, the risk division was officially formed in 2010 and was staffed with previously existing departments.
“As a discipline, risk management contemplates a range of actions from assessing risk and exposures to inform leaders, to helping business unit leaders in understanding risks being assumed, to aid in legal and regulatory compliance, to finding sensible ways to reduce risk, including risk transfer,” Kelly said. “An effective program needs to recognize the risks of the specific bank and design processes and activities to best fit the particular environment.”
Arvest is the state’s largest privately owned bank, with $14 billion in assets. It has more than 100 associates who work in full-time positions in the risk division throughout the bank’s 280 offices.
Elite Position
Risk management is a specialized, executive-level position in many banks and the category encompasses a broad range of specialties, including finance, accounting, information technology, information security, anti-money laundering, credit analysis, interest rate risk, insurance, employment law, physical security, banking, trust, vendor management, internal controls and law.
Many of Arvest’s risk division associates have earned one or more professional certifications in a variety of relevant fields and the risk group is supported by outside specialists in many of the areas described, Kelly said.
In addition, there are more than 50 associates who work full-time in operational risk activities such as monitoring account activity and in legal compliance.
Special purpose systems and software provide tools to perform needed analysis, and there are many positions outside the risk division that have risk management aspects to their duties, Kelly added.
For example, credit risk officers focus on loan portfolio analysis and monitoring in support of the loan departments.
At Bank of Arkansas, most risk management staff is centralized, housed in various offices throughout the state, and categorized by the eight types of risk as defined by banking regulators. The risk division in on office might handle compliance risk, another liquidity, another information security risk.
United Bank, which reported $137 million in assets and has six offices throughout the state, employs a chief risk officer and six executive staff members whose primary focus is risk management. There is also a risk committee on the bank’s board and an internal risk committee, which reviews the risk strategy on a quarterly basis.
Balanced Approach
“Risk is always present no matter the situation,” Kelly said. “Risk management is much more about identifying risk and exposures that are part of various activities and working to avoid unnecessary risk while still doing business and taking care of customer needs.”
The duty falls on the banks to maintain customer service while staying abreast of new products or services to continually address risk management, which can be a moving target, Gairhan said.
But, according to a BankDirector.com survey, financial institutions will reap positive benefits in the form of higher profits if risk management is emphasized.
Although measuring the impact of risk management on the organization is difficult for many institutions, those that have tried report a positive effect on financial performance, according to the website.
Respondents to the survey whose banks have a separate board-level risk committee report, on average, a higher return on assets and higher return on equity, compared to banks that govern risk within a combined audit/risk committee or within the audit committee, according to BankDirector.com.
However, it is yet to be seen whether the added overhead and increased manpower an enhanced risk management strategy entails will counterbalance any positive financial results for individual banks.
Either way, risk management will likely continue to be a priority for financial institutions throughout the country in the coming years.