It would seem that some people just don't want to work very hard. At least that is true in one part of Italy, where postal police found a mailman with more than a half-ton of undelivered mail sitting in his garage. The missing mail had reportedly been building up for 8Ys in the garage and included all sorts of things. The article gave no reason for the man's behavior, but one could certainly say laziness may have been a contributing factor perhaps.
Bankers are anything but lazy, particularly when it comes to managing risk. Look no further than a 2017 Wolters Kluwer's survey of banks and credit unions on the subject. It finds a slight increase in anxiety levels of financial institutions, particularly in the area of managing risk. Notably, 65% of respondents expressed concern about their organization's ability to manage risk across all lines of business vs. 52% in 2016.
The survey finds banks are feeling pressure from a number of areas. Top of mind is complying with new Home Mortgage Disclosure Act (HMDA) requirements. More than 50% of respondents said the new requirements will have a significant impact on their organization.
HMDA is an area that should be on the watch-list for community banks, given this concern and potential changes that could occur in the future. In December, the CFPB said it intends to review its controversial 2015 rule, recognizing that the compliance requirements pose "significant systems and operational challenges." Adding fuel to the fire, several House Financial Services subcommittee members recently aired their concerns about the additional data points being collected under the rule and the extra burden for community-based financial institutions.
Not surprisingly, cybersecurity and data security led the list of top risks expecting escalated priority in 2018, with 83% of respondents indicating their organization will focus on cybersecurity over the next 12 months vs. 70% in 2016.
Financial institutions also noted several obstacles they face in managing an effective compliance program. The survey found 46% of respondents cited inadequate staffing as a main concern, while 39% named manual compliance processes. Meanwhile, 34% said there were just too many competing business priorities.
In addition to many of the themes presented in the survey, we also expect banks in the coming months to place more emphasis on enterprise risk management (ERM). This is a growing focus for regulators irrespective of bank size, so education is the first step to staying on top of things. Compliance managers will sometimes make the mistake of trying to design programs around new regulations. A better approach is to focus on actual business practices and risks and then back test against regulations.
Third-party risk should also be high on your priority list, as evidenced by updated guidance last year from regulators. Many banks are striving to come up with an effective vendor risk management program and the nuances can make that tough. Starting simple with your highest risk vendors in a spreadsheet perhaps, ranking them by likelihood and impact of potential issues and then building out from there, is one easy way to begin.
Given that 69% of respondents to the survey said they don't expect a measurable reduction in regulatory burden over the next 2Ys, risk management remains a source of concern for many community banks. In the coming months, we'll continue to keep you informed about possible regulatory changes that might soon be delivered to your inbox, and particular areas that should be on your watch list.