Good news - the IRS reports fewer taxpayers reported identity theft in the first 5 months of this year (107k) than in 2016 (204k) and 2015 (297k). It seems better risk management techniques that include: improved coordination between the IRS and private sector tax preparers, better technology filters, limiting the number of refunds that can be send to a single bank, and other factors have all helped reduce this risk over time.
Bankers know all about risk management and new governance, risk and compliance (GRC) changes are coming down the pipe in the next 12 months or so. That means community banks will need to be ready too. In order to better prepare your bank and your customers for these changes, here are some issues that you should consider relative to GRC concerns in various areas:
Enterprise risk management - (ERM) has become a key part of all banks' day-to-day plans and long-term strategic planning. As ERM continues to become more sophisticated, with threats becoming more prevalent and more confounding, community banks should try to embrace new technologies to better monitor and mitigate risk. Changes in leadership at the regulatory agencies may also impact the industry's view of enterprise risk, as regulatory reform discussions have been in the works even before the last election.
Credit and loan risk - US banks are preparing to implement the new Current Expected Credit Loss (CECL) standard for loan loss accounting, which will require banks to make significant changes to data collection, analytics and processing systems. In the new CECL environment, data integrity and keeping a close eye on portfolio concentrations and underwriting standards on loans will become more important than ever.
Interest rate risk - The Fed has raised the federal funds rate 2x so far this year (Mar & Jun) to a range of 1.00% to 1.25% currently. The Fed projects 1 more rate hike this year, taking things to about 1.50%. Looking forward the federal funds rate is projected to rise to about 2.25% in 2018 and 3.00% in 2019. In the face of this rising rate environment, community banks should revisit deposit pricing pressure expectations and overall strategy for controlling related risks.
Liquidity risk - Bank executives are paying close attention to deposit funding risk, as core deposits have surged for many years. Bankers should examine the behavior of liabilities and model alternative assumptions to prepare.
Operational risk - For community banks, this risk often equates to vendor risk management and succession planning. Why? Community banks often rely heavily on third-party vendors for everything from core banking to payments processing to technology support. As such, focus on strengthening risk management of these third parties to protect your bank.
Data quality, analytics, and reporting - Regulators have made clear that they expect all banks to have the capabilities to access and provide high-quality data. This includes ensuring credible internal reporting and MIS to support regulatory reporting requirements and management information. Regulators expect community banks to: conduct a maturity assessment of data management capabilities; document gaps that exist in reporting requirements; and demonstrate a focus on continuous improvement for data. For this last point, you need to have a governance process that includes reporting functions (such as risk and finance) and data production functions.
Of course, this list is only a partial one, but we hope it helped to get you thinking about the important aspects of GRC and improving risk management.