Page 1

bankingsolutions 2014

an educational guide for financial products and services

THE WARREN GROUP’S Annual Information Guide For Bankers

+INSIDE: Niche Mortgages On The Rise IT Compliance Viewed Through A Different Lens Learning From HeartBleed A New Approach ToBanking An Old Product Solutions 2014 | 1


Trusted Market Leader for Financial Institutions

Risk Mitigation, Quality Service, and Peace-of-Mind All Covered is a trusted advisor offering IT security, infrastructure, audit and compliance services to financial institutions. We offer a complete suite of managed services specifically designed with financial companies in mind. Our technical engineers and support professionals have the regulatory and compliance expertise to successfully assist you with FFIEC exams, third party audits and state regulations.

Professional Services

Cloud Services

30 Years of Experience

IT Security

IT Compliance

IT Administration

Call us today at (800) 242-7403 or visit us at www.allcovered.com


bankingsolutions 2014

an educational guide for financial products and services

O

ur annual guide to products, trends and services in the world of banking this year bears all the signs of the times – risk, compliance, technology, and customer relations. We hope you find the 2014 edition of Banking Solutions to be helpful, interesting and informative.

CEO & Publisher Timothy M. Warren Jr.

18 Trends in Information Systems and

Related Compliance Considerations

President & COO David B. Lovins

By Patrick Morin

Editorial Director Cassidy Murphy Custom Publications Editor Christina P. O’Neill Direct of Business Media George Chateauneuf Publishing Group Sales Manager Rich Ofsthun Advertising Account Managers Claire Merritt, Bob Holzhacker, Mike Lydon Director of Creative Services & Marketing John Bottini Marketing and Communications Manager Nicole Patti Design Production Manager Scott Ellison Graphic Designers Tom Agostino, Amanda Martocchio

©2014 The Warren Group Inc. All rights reserved. The Warren Group is a trademark of The Warren Group Inc. No part of this publication may be reproduced in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher. Advertising, editorial and production inquiries should be directed to: The Warren Group, 280 Summer Street, Boston, MA 02210. Call 800-356-8805.

Helping Community Banks Attract Deposits and Retain Customers

By Tom Drunsic

8

Digital Signage and Mobile – a Happy Marriage

By Mitchell Goss

6

10 What Have you Done for Me Lately?

Examining your Core Relationship

20 Will HeartBleed Convince the

Public to Be More Secure?

By Kevin Hamel

22 Eight Common Accounting

Mistakes Identified in Audits of Financial Institutions

By J.P. LaPointe

24 Taking the Theme Literally:

A Response on Niches

By Patti White

12 Taking a Common-Sense Approach

to Commercial Loan Stress Testing

By David Etter

14 IT Compliance with a

Side of Banking

By Patrick Whelan

27 Risk Rating Loans is Not

a Simple Process, but a Solid Methodology is a Good Start

By Bo Singh

30 The State of High Risk

16 Vital Function for Community Banks

May Be Outsourced if Care is Taken

By Dan Horan

Processing Today

By Laura Kaiser

32 The Best Defense is a Good Offense By Robert B. Segal

Banking Solutions 2014 | 3


SIMPLE SOLUTIONS

OUR GUIDE TO RECALCULATING THE FUTURE

isk rating, loan review, the accessibility and security of information technology in the age of the cloud, and preparing for an eventual interest-rate rise – all these topics and more are covered in Banking Solutions 2014. The take-home theme of our contributors to this year’s issue is the need to more closely analyze the effect of risk in one segment of a financial institution’s business than was common in pre-regulatory decades past. This could be defined as risk from within, and several contributors address it. CEIS gives guidance in elemental things to ask when outsourcing the loan review process. Norcom Mortgage examines the Ability to Repay rule and its impact on niche mortgage products, particularly for mid-sized banks. Sheshunoff Consulting & Solutions takes on a guide to stresstesting and the use of risk migration analysis. T. Gschwender & Associates goes back to some of the basics – the “five Cs” of lending – to propose a loan review system for independent loan review assessment. Risk from outside comes from the rise of interest rates. No financial institution wants to get left behind that curve. The commonsense approach is to hold more short-term products. Then, there is the challenge of taking on high-risk accounts. 4 | Banking Solutions 2014

These could be unconventional customers such as travel, multi-level marketing, foreign exchange, dating services, adult products, gaming and even psychic services. Determining the legitimacy of unconventional customers should be a priority for any financial institution seeking to take them on. Then there are the advantages of cloud-based digital displays that can create customer interest and traffic. Zero-In gives a case study of a bank that created a mobile checking game for smartphones and tablets, requiring user dexterity, which led to a competition among the game’s users and rewards for the leading players. On the more tangible side is a look at lockboxes for commercial customers. Some commercial customers won’t open an account in a bank that doesn’t offer them; once they have them, the lockbox accounts become a “sticky” product – no commercial customer wants to have to change the address of lockboxes to which their customers have become accustomed to sending payment. As banking transitions further into the 21st century, the challenge of today’s financial environment presents the opportunity for every institution to become betterrun, more customer-centric and proactive. We thank our contributors for their involvement and interest in helping the banking industry make the best choices for what tomorrow may bring. n


PAYMENTS MADE SIMPLE

LOCKBOX SERVICES REMOTE DEPOSIT CAPTURE MARKETS THAT WE SERVE ARE: FINANCIAL INSTITUTIONS MUNICIPALITIES CORPORATIONS NONPROFITS

BENEFITS WE OFFER: •

Support for OCR, MICR & bar code

Excellent customer service

Secure internet access

Same day processing

Support for credit card payments

Deposit with any bank

Stop-file processing

Remote capture

Check and list processing and check only payments

Electronic bill payment & presentment

Support for OCR, MICR and bar code scan lines

Online exception item processing

Private labeling available

View data and images online for up to 7 years

Compatiblity with any software

Healthcare revenue cycle management

Image deposits

Fully customized image based lockbox services:

retail, wholesale, wholetail

Get detailed reports via email, web or hard copy.

DON’T DRIFT IN UNCHARTED WATERS. Let Lighthouse Payment Services be your guide. For more detailed information and a FREE price quote, call TJ Drunsic at sales@lighthousepayments.com

o nts.c e m y a housep www.light

m


LOCKBOX SERVICES

HELPING COMMUNITY BANKS ATTRACT DEPOSITS AND RETAIN CUSTOMERS BY TOM DRUNSIC | LIGHTHOUSE PAYMENT SERVICES

ockbox processing is one of those cash management services that community banks are asked for from time to time, and it is a service community banks need to have in order to compete with the larger banks. We find that often a community bank will be faced with a situation in which a commercial customer will want to do business with them, but one of the things that they will ask for is a lockbox service – and if the bank doesn’t have it, they are probably going to have to say no to the customer and the deposits they will bring. Lighthouse Payment Services did a study in 2005 where a community bank had seven lockbox customers, each generating over $500,000 in deposits for the bank. The average bill for the lockbox service to the customer was only $175 per month! These seven customers would not have been customers of that

It’s one of the services that, once you sell it, you are going to keep that customer for a long time.

6 | Banking Solutions 2014

particular bank if that bank did not have a lockbox service – so you can see the potential here. Lockbox processing also helps with customer retention, because when a customer sets up a lockbox service, it can be difficult to move that service. Once the customer has told all of their customers to mail payments to a specific location, they are really reluctant to change that location. It’s one of the services that, once you sell it, you are going to keep that customer for a long time. Community banks are constantly challenged by today’s regulatory environment, but they are also challenged by all of their competition. Lockbox services can help position them a little better to compete with the larger banks, who often offer the service. Any community bank can get a lockbox service, and they don’t have to pay a thing for it, until they actually have a customer using the service. It’s one of the best services a bank can offer, because it can be positioned and put in place, and when you have a customer that comes looking, you’re ready with a solution. n Tom Drunsic is CEO of Lighthouse Payment Services Inc., a Massachusetts-based lockbox provider. He may be reached at sales@LighthousePayments.com or 617-365-1898. www.LighthousePayments.com


RE

GIS

EXPERIENCE THE FUTURE OF

BANKING

BankWorld is your opportunity to learn about emerging opportunities and innovative solutions for the banking industry at the Northeast’s largest and most exciting banking show. The one-day conference includes essential educational sessions, interactive panels, cutting-edge exhibits, plenty of networking opportunities, attendee raffle prizes and much more! BankWorld is for you if you’re an executive, senior management or bank staff involved in: operations, technology, lending, retail banking, marketing & sales, human resources, security, or compliance & risk management. Join us the evening before BankWorld, as we honor the rising stars in the Connecticut banking industry at the New Leaders awards dinner. This is a great opportunity for bank management to get their hands on the latest products and technology and learn how to keep their business moving forward. Platinum Sponsor

TE

RT OD AY !

Presented by

MOHEGAN SUN JAN. 23, 2015

WWW.BANKWORLDEXPO.COM INTERESTED IN LEARNING MORE? Visit www.bankworldexpo.com, call 617.896.5307 or email bankworld@thewarrengroup.com

Gold Sponsors

Silver Sponsors

Bronze Sponsor

Event Partner

TM

Pulling Together. Succeeding Together.


ENGAGING THE AUDIENCE

DIGITAL SIGNAGE AND MOBILE – A HAPPY MARRIAGE BY MITCHELL GOSS | ZERO-IN

It was clear from the start that the campaign was going to be wildly successful, and additional creative ways to promote the game began to rise. n this world of cloud-based networking, where systems talk to other systems, there is no shortage of creative ways to provide information faster than ever before. This is obviously nothing new – and as we move into a world of connected homes, cars and beyond, suddenly we have instant access to everything, anywhere. Cloud-based digital displays, commonly referred to as digital signage, are no exception. It is commonplace now to see displays providing real-time transportation schedules in an airport, current pricing from a point-of-sale system in a fastfood restaurant, or the day’s yoga class schedules in a health club. Union Savings Bank and their marketing agency, The Pita Group, however, had a new (and fun!) idea to leverage the communication power of digital signage already installed throughout their branch offices. In an effort to engage and incentivize audiences, particularly their younger members, a mobile checking game was developed for both smartphones and tablets. The game challenges players to create as many rows, columns or diagonals of three matching coins as possible within one minute. Players who line up a minimum of one row win $30 when they open a new checking account at Union Savings Bank. In addition, for each day an individual plays the game, he or she earns another entry into a weekly drawing to win an Apple iPad. Check out the video on the bank’s website, www.unionsavings.com. It was clear from the start that the campaign was going to be wildly successful, and additional creative ways to promote the game began to rise. One solution to build on the 8 | Banking Solutions 2014

excitement (and competitive fun) was to incorporate the realtime leaderboard posting on the in-branch digital displays. This same game information, available on mobile platforms and social media networks, was now front and center for every customer who walked into any of Union Savings Bank’s nearly 30 offices. Displays in every office accessed the game’s real-time data and then posted the day’s leaders, as one would expect from any online game. This helped to not only draw attention to the checking game, but also to the displays in general – which promote other bank products and messaging – because the timely information captured customers’ attention with the live scoring. While we see interesting usages of our system throughout banking and other industries, this unique application of webbased signage was exceptionally fun. We had the opportunity to participate in a great marketing plan, which truly exemplified how to resonate with customers in this fast-paced digital era. n

Mitchell Goss is the co-founder and vice president of sales and operations of Zero-In. He studied accounting and information systems at Lehigh University. Mitch is a Certified Public Accountant (CPA), formerly with KPMG Accounting & Consulting. He has 15-plus years of financial services experience and is a NY State Entrepreneur of the Year recipient. To learn how digital signage can help your bank engage customers, contact Mitch at mgoss@zero-in.com or (888) 260-7291 x125. www.zeroinmedia.com


core technology you can depend on...

a relationship you can trust. Trust needs more than words to be genuine.

are as meaningful for you as they are advanced.

And trust runs deep at DCI.

Not to mention live support 24/7 and regular face-to-face visits.

We’re a core partner founded and still privately owned by bankers, with bankers as board

Put your trust in a unique community of people

members, user group leaders and employees.

who listen and have a personal interest in you.

So you can trust that we really do have your

Over fifty years of innovation and stability proves

interests at heart.

it is a relationship you can genuinely trust.

You’re never ignored or alone at DCI. Direct

Make it personal. Make DCI your core processor.

access to DCI executives, engineers and user groups makes sure we deliver technologies that


T E C H N O L O G Y T O D AY

WHAT HAVE YOU DONE FOR ME LATELY? Examining your Core Relationship

ore processing technology is not what it used to be. The acceptance of “what you see is what you get” technology is becoming less common. Today’s ideal technology partner must be agile, advanced, and engaged with the bank as a collaborator when developing updates and creating new products and services. Bank technology today can be seen as a profit center vs. expense, and as a cornerstone of a bank’s strategic business plan. It should help banks survey and adjust their strategy, and do so at a cost and time savings for both the bank and its customer. And it should be more than just crunching numbers.

Emerging Core Trend

Banks today must anticipate and adjust to the varied needs of their account holders. They should look at their core processing relationships with the same expectations. It is no longer enough for banks to tolerate their core relationship. Institutions can and should demand a responsive and interactive partnership from their technology provider. Core technology should be functional, flexible, continually updated, and provided by a company structured around client satisfaction and mutual success.

Functionality

There are several questions banks should ask of their core technology. Can it make me more profitable? Uniquely competitive? Reduce expenses? Integrate with my other technology choices? Can the company provide a clear, honest description of its architecture, infrastructure and operation? 10 | Banking Solutions 2014

Functional core technology is a strategic advantage and vital component of business and should be designed and managed around the bank’s key goals – 1) to help retain customers and 2) to better compete with other financial institutions through product customization and service automation through its bank management system. As an example, Tioga-Franklin Savings Bank in Philadelphia, PA, cultivated a 140-year-old reputation for stability and personal service, but realized they needed more than that to compete in today’s rapidly changing banking environment. Robert Lockyer, Tioga-Franklin’s president and CEO, says, “To keep Tioga-Franklin relevant for another 140 years means we need technology that helps us easily respond to regulatory and customer demands without changing who we are.” Struggling with antiquated, manual processes, limited support and the inability to offer new products to their customers, Tioga-Franklin underwent a year-long technology search and partnered with Data Center Inc. (DCI), the Hutchinson, Kansas-based developer of the award-winning iCore360® core banking software. TiogaFranklin gained vast improvements in organizational efficiencies through workflow automation and regulatory simplification that help focus more staff and resources on new services and customer relationships. Lindsay Butler, Tioga-Franklin’s compliance officer and systems administrator, says, “The iCore360° demo showed us how much we’d been missing out on; how much more efficient we could be, and how much deeper we could expand our customer relationships. We’re already planning new product lines, and even routine lines of credit, account origination and online banking will be easier for us to manage.” In another example, Fred Henrich, president of Coatesville, PA-based Coatesville Savings Bank said, “We looked at a lot of companies and finally chose iCore360° as our core because its flexibility in design and operation will more easily grow with us and expand our competitive service capabilities as we need it.” However, technology alone is not enough. It is the mixture of innovation with responsive support and collaborative development with a core processor that allows banks to offer the highest level of service.


We need technology that helps us easily respond to regulatory and customer demands without changing who we are. Flexibility

A core processor must be flexible, collaborative and responsive, adapting to your needs and growth. The best core processor/bank relationship should involve communication from both sides – with support and product development representative of industry trends as well as client needs and input. Tioga-Franklin’s president, Robert Lockyer, is quick to point out that, as impressed as they were with the iCore360° software, it was the people at DCI – the staff, executives, owners and customers – that tipped the scales, because, as he puts it, “They match our values. They all genuinely care and understand us on a professional and personal level. DCI is a company we can relate to and trust.” Coatesville’s Fred Henrich adds, “Our core processor, DCI, is also a great partner. We look forward to their frequent visits and enjoy having access to their management and a voice in their development process.”

Company Culture and Structure

Banks need a core processing partner they can count on for the long haul. Institutions should not hesitate to ask – Is my core technology partner stable and positioned for growth? What are the plans for not only product development, but for the company overall? What is the business model? How are core system decisions made and by whom? Is the company driven more by stockholder expectations or

the banks it serves? Is it likely to be aquired or sold? Mike Cearely, executive vice president of Sublette, KS-based Centera Bank said, “Core processors that understand the value of their customers’ success, and take a unique role in achieving that success, set themselves apart because they are rare.” It is not enough for a core technology provider to claim good service. The company must also

embrace and demonstrate a company culture and structure driven by customer satisfaction and success. “Our core processor’s unique ownership, advice and regular technology enhancements were a major reason we chose to implement their system – it is unique in an industry where that is rarely the case,” said Thomas Ellison, chairman of Nacogdoches, TX-based Commercial Bank of Texas. “The contact with our core processor throughout the year has a significant influence on their product development and business model, which directly applies client response into technology offerings.”n DCI is the developer of the iCore360® core processing software and related technologies for community banks nationwide. DCI is privately owned by banks, with clients serving as board members and user group leaders.

www.datacenterinc.com

Core Processor Relationship Checklist ❑❑ What value does the technology bring my bank? ❑❑ What do terms like .NET or web-based really mean compared to others? ❑❑ Will there be upgrade costs at conversion? ❑❑ What is the cost of upgrades during contract? ❑❑ What is the ownership structure and business model of the core technology company? ❑❑ What is the potential of this company to be sold or the software to be sunset? ❑❑ What does the processor say they will deliver, and how do they prove it? ❑❑ What do their customers say they deliver?

Banking Solutions 2014 | 11


STRESS TESTING

TAKING A COMMONSENSE APPROACH TO COMMERCIAL LOAN STRESS TESTING BY DAVID ETTER | SHESHUNOFF CONSULTING + SOLUTIONS

he initial reaction to reading the above headline from a number of bankers will be: “There’s no common sense involved in stress testing. Why do I need to do it? It’s not applicable to my institution … and even the big banks can’t get it right.” Unfortunately, stress testing is here and now for financial institutions, and not just for the $50 million or $10-plus billion ones – and it’s not going away. Both the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC) have stated that stress testing is required, even for the smaller institutions (credit unions are still only required to do so at the $10-plus billion level). In a speech delivered electronically to the Independent Community Bankers of America Annual Conference on March 4, 2014, Thomas Curry (Comptroller of the Currency, spoke on a number of topics, including stress testing. On this topic, he said: “I can’t think of a more fundamental risk management practice than subjecting your credit book to rigorous testing.” A common-sense approach to completing this required task is to first understand what are you stress testing. For this discussion, we will focus on the commercial loan portfolio. For many institutions, the primary source of repayment for the majority of their Commercial Mortgages and Commercial Loans is cash flow. Focus on stressing your primary source of repayment. You do not have to stress your entire loan portfolio; you can stress a meaningful portion of it and apply the result to the portion of the portfolio not tested. Many first reactions to the question of what to stress re12 | Banking Solutions 2014

sults in a litany of variables to be included. For much of your Commercial Real Estate portfolio, stressing the NOI and measuring the resultant risk based upon the revised cash flow directly or indirectly incorporates many of these factors. For example, if NOI declines, does not the value of the property? The level of risk in the credit is indicated by its risk rating assigned after the stress scenario is applied. Not all loans will be impacted in a like manner to a stress scenario. Certain discretionary spending loan segments (such as hospitality) will likely react differently than others (such as multifamily). To this end, a risk based approach of assigning different stress amounts to high/ medium/low risk loan types is appropriate. The impact of applying a stress scenario is best understood using a risk migration analysis. Migration of risk ratings is a language that bankers and board members all understand, and are comfortable with. It is also one method where the FDIC and OCC were in complete agreement on in their written guidance on stress testing. The migrations analysis, as applied to the entire portfolio, can provide you with the pro-forma impact on Asset Quality – the first of the findings from a stress test as required by the regulators. The results of a migration analysis can be incorporated into a re-run of your recent ALLL model on an “as stressed” basis. Inputting the results of the migration analysis into

I can’t think of a more fundamental risk management practice than subjecting your credit book to rigorous testing.


the ASC 450 portion of the ALLL calculation as well as adjustments to qualitative factors (such a changes to the level of Classified loans and changes to the collateral value of collateral dependant loans) will provide you with an “as stressed” ALLL. This leads to the calculation of a pro-forma

Provision expense. This pro-forma Provision can now be inserted into the Earnings calculation to produce the second required findings – pro-forma impact on Earnings. Once you have the pro-forma impact on Earnings, it is straightforward to calculate the proforma impact on Capital, the capstone of the exercise. The above is a brief summary of one way to complete a stress test. Many of the bankers I have spoken to have focused on completing the stress test because the regulators require it of them. The following is a list of examples of where stress test results can provide meaningful information for bankers: • Portfolio concentration limits setting. • Portfolio management resource allocation – pools less susceptible to adverse change in stress environ-

ment may receive lesser portfolio scrutiny or allocation of scarce resources. • Annual strategic plan updates and capital discussions. n David Etter is the managing director of loan review services for Bennington Partners/ Sheshunoff Consulting + Solutions. BP/SCS provides credit risk management services to financial intuitions throughout the U.S. David has 30-plus years of commercial lending and credit experience and has completed numerous stress test for clients over the past several years. He may be reached at detter@ smslp.com or 203-262-4140. www.smslp.com

ATLANTIC STRATEGIES, ATLANTICCAPITAL CAPItal Strategies, Inc.INC. COMPREHENSIVE ADVISORY

COMPREHENSIVE ADVISORY • Tailored investment plan 

Targeted investment plan

• Security selection and best execution 

Security selection and best execution

• Pre-purchase analysis and ongoing monitoring 

Pre-purchase analysis and ongoing monitoring

• Policy development Dealer selection and due diligence review 

• FullPolicy regulatory reporting development 

Full regulatory reporting INVESTMENT CONSULTING

• Annual portfolio reviews INVESTMENT CONSULTING One-time portfolio review • Credit monitoring surveillance

Credit • Watch listmonitoring reporting surveillance Watch list reporting • Market pricing 

Investment services INVESTMENT advisory ADVISORY SERVICES

Atlantic Capital Strategies, Inc. is an SEC-registered Atlantic Capital Strategies, Inc. is an SEC-registered investment advisory investment located Our in Bedford, Massachusetts. firm locatedadvisory in Bedford,firm Massachusetts. senior bankers provide advisory services to community-based financial institutions, Ourinvestment senior bankers provide investment advisory services to including commercial banks, savings banks and credit unions. community-based financial institutions, including commercial banks, savings banks and credit unions. WWW.ATLANTICCAPITALSTRATEGIES.COM www.atlanticcapitalstrategies.com

Market pricing

• OTTI analysis and impairment opinions 

OTTI analysis and impairment opinions

Contact

CONTACT Atlantic Capital Strategies, Inc. Robert B.B.Segal, Robert Segal, CFA CFA 8 Birchwood President and Drive CEO Bedford, MA 01730 781-276-4966 781-276-49966 or bob@atlanticcapitalstrategies.com bob@atlanticcapitalstrategies.com Banking Solutions 2014 | 13


D ATA R E C O V E R Y

IT COMPLIANCE WITH A SIDE OF BANKING BY PATRICK WHELAN | ALL COVERED

t’s not breaking news that compliance around information technology has become an ever-growing hindrance to community financial institutions that fall under the guidelines of the Federal Financial Institutions Examination Council. With the onset of the Gramm-Leachy-Bliley Act in 1999, protection of customers’ private information became paramount overnight. The mindset of “information technology is fine as long as it works” was no longer acceptable. Information technology now requires policies that govern all aspects of IT, documenting the existence of required controls. From the way bankers interface with their customers to the way records are stored, the operations and client deliverables of financial institutions have gone digital. This has resulted in institutions taking greater measures to ensure the confidentiality, integrity and availability of the digital processes of banking. Needless to say, the acts of Hurricane Sandy resulted in increased awareness as to the importance of availability. Just as institutions were starting to understand that customer risk was the same in smaller institutions as large, along came the largest natural disaster to hit the East Coast in decades. The impact of Hurricane Sandy increased the focus and attention to controls and redundancy of the institution’s computing infrastructure. Institutions were forced into a real-life disaster scenario and had a front row seat to witness how well they had prepared for unforeseen scenarios. Community financial institutions were at a severe disadvantage when it came to redundancy and geographic dispersion of information technology assets. Unlike mega and super-regional banks, whose primary and secondary sites can be hundreds and thousands of miles apart, it is not uncommon for community banks to have disaster and recovery sites five to 30 miles away from their primary infrastructure. This scenario works well for a building-specific scenario, but falls short when facing 14 | Banking Solutions 2014

regional disasters. Regional blackouts, snowstorms and terrorist attacks are now a part of all disaster and recovery planning. A question for every banker: “Why do your customers keep their funds with you?” The benefits of keeping your money in a financial institution are by no means holistic to the subsequent points, but as it relates to infrastructure, consider the following: • Institutions have a safe that slightly trumps the firebox stored under one’s bed; not only is it impressive in size, but it’s under constant surveillance from both human and mechanical controls. Security of the customer’s funds are carefully taken into account, and ultimately insured for up to $250,000 in deposits. • One would look a bit out of place traveling with this firebox on daily errands or vacations, so ease of access is a huge bonus. From widely accepted debit cards to ATMs, funds are much more accessible. If you are not big on recounting your chips after every hand, you run into an issue of knowing exactly how much your assets in the firebox are worth. Online banking has since taken over passbooks, but financial institutions, in one way or another, provide up-todate information about what customers’ assets are worth and were they reside. • There is a financial benefit to gaining interest on funds stored in financial institutions, whereas the funds in one’s mattress continuously lose value at the rate of inflation. From an infrastructure standpoint, we have seen these same benefits come from institutions moving their infrastructure to


redundant enterprise data centers. Cutting through the ambiguity of fancy cloud terms, data centers have been built out in order to serve some of the very same needs as vaults in financial institutions. The need to have readily available, on-demand, secure infrastructure at a predictable cost – as opposed to wondering what is going on and where all the investments go in the room with all of the wires – has proved to be a great benefit. Outsourcing has become increasingly important to community financial institutions’ competitive advantage, and technology is no exception to this. No longer do your facilities need to be built around a scaled-down data center – you simply build a bank and plug into an

enterprise desktop as a service solution. By paying a monthly fee based upon the requirements of the institution, you shift the risk from the institution to the vendor. There is no longer a need to take the chance of spending hundreds of thousands of dollars on devices, only to find out that you are acquiring a bank, or building branches, that your technology investment is undersized to handle. The vendor now has the responsibility to build out and maintain a scalable environment that can be spun up to handle the institution’s terminal and application needs as they arise. Executive meetings should not be inundated with talks around generators, separate zone cooling, fire suppression, terabytes and megahertz. The ability

to partner with a banking-specific outsourced provider of service bureau IT allows the institution to focus on innovative competitive advantages, as opposed to weighing out the risk of the devices that support these efforts.  n Patrick Whelan, CISA, is a strategic consultant focused on security, compliance and infrastructure planning for community financial institutions. He may be reached at pwhelan@allcovered.com or (908) 596-0843. www.allcovered.com

Assisting Community Banks in

Charting a Path to Success Since 1989

Consulting Services Implemented by Experienced Lenders and Risk Managers: Loan review ProgramS • General Loan Review • Portfolio Acquisition Review (Due Diligence) • Specialty/Structured Finance Review

Loan LoSS reServe methodoLogy • Methodology Validation • Methodology Refinement

Loan PortfoLio StreSS teSting

• Bottom Up Loan Level Approach • Top Down Capital Adequacy Assessment

CeiS review ConSuLting • Credit Risk Process Review • Loan Policy Maintenance • Loan and Credit Seminars

888-967-7380 • www.ceisreview.com Banking Solutions 2014 | 15


LOAN REVIEWS

VITAL FUNCTION FOR COMMUNITY BANKS MAY BE OUTSOURCED IF CARE IS TAKEN BY DAN HORAN | CEIS REVIEW

he loan review function is a tool that monitors the quality of the respective institution’s loan portfolio as it relates to internal lending policies, the effectiveness of the credit administration function, and is thus a tool to be utilized by senior management and the board. The loan portfolio is typically the asset that presents the greatest potential risk for loss exposure to banks. The board of directors of each financial institution has the legal responsibility to formulate appropriate lending policies and to supervise ongoing implementation thereon. Although smaller institutions are not expected to maintain separate loan review departments, it is essential that an effective loan review system be in place at all regulated financial institutions. This system will provide vital and objective information to senior management and the board regarding overall credit quality, trends in the various portfolio segments, adequacy of the ALLL, identification of loans with welldefined weaknesses, and adherence to and/or deviations from established loan policies and procedures – all of which 16 | Banking Solutions 2014

is critical for financial and regulatory reporting purposes. This continuous evaluation of the quality of the bank’s loan portfolio must be specifically outlined within the bank’s lending and collection policies, as approved by the board. Any lending policy should not be a static document, but rather one that is reviewed periodically, and revised accordingly, to reflect changing conditions within the community served. A separate loan review policy or system should be incorporated within the lending or credit policy manual, which should include a written description of the overall credit grading process, frequency and scope of reviews and qualifications, and independence of loan review personnel. Any loan review function, whether it is internal or via an independent loan review service like CEIS Review Inc. (CEIS), should be designed to address the following objectives: • Promptly identify loans with well-defined weaknesses so that timely action can be taken to minimize the bank’s credit loss. • Provide essential information to assess the adequacy of the bank’s ALLL. • Assess the adequacy of and adherence to the bank’s loan


policy and procedures and that the loan portfolio is in compliance with federal and state regulations. • Provide management and the board of directors with an objective assessment of the overall portfolio quality. • Identify relevant trends that might affect the collectability of the loan portfolio and isolate certain potential problems. • Identify weaknesses in loan documentation and credit file reporting and provide appropriate corrective recommendations. • Monitor collateral on secured loans for adequacy thereon (based on the guidelines set forth within the bank’s credit policy) and for perfected collateral liens. • Ensure that appraisals on troubled real estate and other secured loans are maintained on a timely basis. • Review all troubled problem

loan reports for appropriateness of the plan of action, risk rating designation and loan loss reserve allocation. Many regional banks across the country that are not sufficient in size to maintain a separate and distinct loan review department commonly outsource this function. While outsourcing, an institution should ensure that the loan reviews are conducted by experienced professionals that have senior or executive level banking experience, as opposed to junior level individuals that may not recognize potential issues before they arise. Whether the loan review function is an internal or external department, that department should be able to produce a professional and decisive report for the institution’s management to utilize to better manage their respective institutions. In order to do so, the report should elaborate on the overall portfolio’s quality, trends, administrative

process, and policy adherence. A loan review audit by an independent professional firm experienced in the business is not just another internal management tool – it is a necessity for the establishment of credibility to external entities that review and supervise the respective organizations. Financial institutions should strive for “satisfactory” or better ratings, so as not to be restricted in their individual business models or platforms that are used on an ongoing basis to serve the local communities within which they reside. n Justin Hill, Marketing & Administration 888-967-7380 justinjh@ceisreview.com

www.ceisreview.com

Banking Solutions 2014 | 17


RISK MANAGEMENT

TRENDS IN INFORMATION SYSTEMS AND RELATED COMPLIANCE CONSIDERATIONS BY PATRICK MORIN | BAKER NEWMAN NOYES

ver the past several years, compliance activities have increased to keep pace with the ever expanding scope of industry regulations. Thankfully, information systems can provide significant help in carrying out regulatory activities and responsibilities, such as: • providing security features to protect the privacy of customer information; • monitoring and alerting pre-specified activity automatically; • managing processing workflows to ensure consistent and complete processes; and • retaining required documentation in an indexed and easily available database. Because of the effectiveness of these tools, financial institutions have come to rely on systems. However, to be able to trust these systems, financial institutions need to assess whether they have considered certain recent trends associated with their use. Along with the growth of system use, the corresponding information systems landscape has changed in at least the four following areas: Environment – In the past, the information system environment was much simpler. The information system was limited to one, maybe two, software applications and computers that were operated from a single facility. Now, information systems can include many different software applications that can be in a hybrid environment – some in-house, some with thirdparty vendors, and some ‘in the cloud’ – all at the same time. 18 | Banking Solutions 2014

Management – Information systems that were once centrally managed often now have distributed management, with the potential of end users having the ability to change how the system operates. Upgrades and Updates – New development methods have replaced the former annual or semi-annual updates with rapid update cycles, which are sometimes updated automatically by the system provider. Access Control – The single or local access points have been expanded to allow for multiple points of entry, including remote access to systems and access to master data files from additional, third-party applications. Due to these changes, there are increased opportunities for systems to become unreliable or for information to migrate to systems of which risk management and compliance functions are not aware. We have noted increased unanticipated risks associated with the confidentiality, integrity and availability of information systems and data managed by financial institutions, when implementing new systems. The following examples highlight some trends seen and other observations we have made during recent projects: 1. Cloud-based solution: A commercial lender recently implemented a cloud-based underwriting and credit assessment solution. The financial institution performed thorough due diligence of the vendor and verified that the solution is subject to routine audits, the results of which are shared. The solution provides flexible end-user configuration to customize assessment rules, triggers and reporting. Upon implementation, management deemed it unnecessary to allocate IT management oversight due to the noted “intuitive nature” of the system’s configuration utilities. The system is managed jointly by the financial institution’s marketing and lending departments. Risk noted: Some of the configurations have the potential to materially affect how the system operates, and in some cases, can result in changes to the underlying data and assessments. Without subjecting the configuration process to the financial institution’s change management process, controlled by the IT function, there is risk of loss of both system and data integrity. 2. Document imaging system: A small financial institution implemented an internal, network-hosted document imaging system to capture and store all customer paper records. The solution was implemented following the vendor’s recommendation but to save costs, it was installed on a server that provides common network space. Further, the default setup allowed more than one-third of users to modify or delete document images once scanned. Risk noted: Due to the use of a shared server volume, scanned image documents could be accessed directly through the network, circumventing the imaging system’s user controls and potentially impacting the confidentiality of the information. Further, the high number of users with access to modify or delete images increased the risk of unintended loss or availability of the documents. 3. Informational website vendor: A wealth management group for a financial institution engaged a vendor to


host an “informational” web site for prospective and existing customers. The only connection to the financial institution’s transactional banking site was through a hyperlink that redirected browsers on the web site. During an independent vulnerability testing engagement, the gathered testing data disclosed that the corresponding web address of the site changed; the timing of the change relative to the testing activities was a coincidence. Further analysis of the site data indicated that the web site had been migrated to a new web server, and that the new server was not implemented securely. Risk noted:Due to the unsecure nature of the web server, in spite of the web site’s “informational purpose,” there was increased risk of unauthorized changes to the web site (integrity), and a risk that customers’ hyperlink access of the transactional site would be hijacked (security).

As seen from these examples of risk considerations, financial institutions should conduct an assessment of the systems they rely upon for carrying out and addressing regulatory responsibilities. For each tool or data set, financial institutions should: Evaluatewhether the financial institution’s risk management function has a comprehensive system inventory of the related systems and providers. Working with IT support, trace data, reports or tools back to the source system or environment. Once located, we recommend asking IT, “where else” at least five times, to help ensure all data storage locations are identified. Once completed, determine if all relevant systems are adequately covered in the risk assessment process, and update the system inventory as necessary. Assess whether adequate assessment activities have been performed. Using the system inventory described above, determine whether adequate vendor due diligence was performed during

system acquisition, and if the vendor provides ongoing support and services, determine whether the vendor is subject to ongoing monitoring. Further, for outsourced systems, determine whether they are subject to periodic testing and audits, with the results shared for your financial institution to review. Engage third-party assistance, if needed. Fortunately, no financial institution needs to complete this alone. When evaluating the systems, consider leveraging information from peer institutions that use the systems, and any related user groups, and if needed, consider hiring third-party testing vendors. By following a periodic action plan containing these elements, your financial institution should have a good foundation for an effective assessment process. n Patrick Morin is principal of risk and business advisory for CPA firm Baker Newman Noyes.

www.bnncpa.com Banking Solutions 2014 | 19


G U A R D I N G T H E G AT E

WILL HEARTBLEED CONVINCE THE PUBLIC TO BE MORE SECURE? BY KEVIN HAMEL | COCC

ore shocking than HeartBleed and so many other cybercrime exploits is the following nugget from Verizon’s 2013 Data Breach Investigations Report: “Most point-of-sale breaches could have been prevented if basic steps had been taken to enhance security.” What are the basic steps that virtually every consumer and corporate computer user could take? • Resetting passwords from the factory defaults. • Not using social media accounts on payment systems. • Keeping the payment system separate from corporate email and other functions. None of these steps is difficult, and considering the enormous consequences of not taking them – billions stolen, trust eroded, product and service opportunities squandered – it is more important than ever to convince the general public to embrace the key tenets of cyber security. Now is the time to reintroduce “defense in depth” – a concept that has minimized the potential damage of cybercrime for years. Bank regulators look for defense in depth – also known as “layered defense” – during examinations. Perhaps non-regulated industries as well as the general public should adapt defense in depth, too. Here’s how defense in depth can protect consumers and organizations: Most cybercrime incidents require a series of missed security opportunities in order to succeed. Each step in the commission of a cybercrime actually provides an opportunity to stop the criminals from succeeding. 20 | Banking Solutions 2014

Let’s look more closely at the major steps and the missed opportunities to thwart the attack: • A phishing email arrives in a user’s email box. Opportunity missed: Filters to detect and delete questionable emails not in place. • The user clicks on a link in the phishing email. Opportunity missed: User education sessions on recognizing and not opening suspicious emails didn’t take hold. • The exploit “phones home” to its controlling computer for further instructions. Opportunity missed: Filters can detect and disable most communications with known criminal computers. • The exploit installs malware. Opportunity missed: User is logged in as “administrator” – this opens the door for a criminal to install software. As a regular user, this is more difficult to accomplish. • The exploit takes control of the user’s system. Opportunity missed: System wasn’t current with the latest software updates – these prevent criminals from taking advantage of software “errors,” also known as vulnerabilities. There’s a bit more involved in today’s breaches, but you get the idea. If a computer user corrects any one of these errors, she or he stands a good chance of preventing the cybercrime. The system is more difficult to compromise. The user’s money, identity, and intellectual property remain secure. The ultimate irony is that correcting the errors listed above will not cost the typical organization that much money. Consumers can actually find free solutions to correct these errors. Imagine that! By employing a defense in depth strategy, we might not have to lose $110 billion annually to cybercrime. We might actually take the next important steps toward cyber innovation rather than wring our hands about the next cybercrime exploit. Are these reasons enough to change our passwords to something other than “password”? To establish user accounts in place of administrative accounts for day-to-day computer use? To keep our software current with the latest security updates? If not, then we will continue to experience breach after breach, and computer users will become even more numb to the ravages of cybercrime. Perhaps the HeartBleed scare will begin our collective journey to greater computer security – one of the few positive outcomes from the HeartBleed exploit. n Kevin Hamel is vice president and security officer at COCC, a provider of technology services to banks and credit unions since 1967. He may be reached at Kevin.hamel@cocc.com or 888-678-0444. www.cocc.com


A WORD OF ADVICE

EIGHT COMMON ACCOUNTING MISTAKES IDENTIFIED IN AUDITS OF FINANCIAL INSTITUTIONS BY J.P. LAPOINTE | WOLF & CO

orking with a broad range of banking clients provides an expansive overview of common accounting issues that arise with financial institutions. Below are eight significant areas of concern that required additional guidance to clients this year.

Deferring commissions on loan originations

In the current interest rate environment, many institutions are selling fixed-rate first mortgages in the secondary market. As incentive to the loan originators, many institutions are paying commissions for loan originations. As commissions paid have not been significant in recent years, many institutions have not been including these amounts in loan origination cost deferrals. These commission amounts should be deferred as loan origination costs upon origination of the loan. The deferred costs on loans that are intended for sale will become part of the carrying value of the loan and would subsequently be part of the gain or loss on the sale of that loan. Institutions should revisit their cost study to ensure all required components are included.

22 | Banking Solutions 2014

Mortgage banking derivatives

In conjunction with loans that are intended to be sold in the secondary market, management should consider the impact of mortgage banking derivatives related to loan commitments. Mortgage banking derivatives reflect the fair value of the rate lock commitment intended to be sold in the secondary market, including the value of servicing. The derivative on the commitment should therefore approximate the gain that is expected to be recognized as a result of the sale of the loan. In addition, derivatives on loan commitments that move to loans held for sale would no longer be considered derivatives and would become part of the amortized cost basis of the loans. Management should calculate the derivative related to loan commitments, including loans held for sale, and determine materiality in relation to the financial statements to conclude whether or not they should be recorded.

Mortgage servicing rights recognition

As noted above, many institutions are selling loans in the secondary market and retaining the servicing of those loans. In conjunction with these loan sales, institutions are capitalizing mortgage servicing rights. These servicing


rights should be capitalized at fair value; however, as a practical expedient, many institutions are using an arbitrary percentage of the loan balance sold as the capitalized amount. If using this method, management must ensure that this arbitrary percentage is a reasonable estimate of fair value. If not, this can create issues

Operating a financial institution today is complex and comes with many risks.

there are significant prepayments, additional amortization and accretion should be recorded on any related premiums and discounts. Some investment accounting systems will automatically calculate and record the additional amortization or accretion on these prepayments using the level yield method. However, some systems do not have the capability to calculate and record the additional amortization or accretion on the prepayments, which could lead to misstatements of both the balance sheet and the income statement. Methodologies utilized for the amortization of premiums and discounts should be revisited to ensure the appropriate recognition related to accelerated prepayments.

Interest rate swaps with earnings recognition, as well as issues with potential future period impairment if the mortgage servicing rights are capitalized at an amount that is higher than the fair value.

Estimated life of mortgage servicing rights Another issue that can cause errors is the estimated life that is used for amortizing mortgage servicing rights. Mortgage servicing rights are to be amortized over the estimated period of servicing income. Some institutions use an expected life of six or seven years to amortize the servicing assets, which factors in early payoffs. However, they are also accelerating the amortization of servicing rights on loans that are paid off early. If your institution uses an expected life in which payoffs are factored in, writing down the servicing rights on paid off loans would only be appropriate if the prepayment speed is exceeding what was used to determine the expected life of the loans.

Investment premiums and discounts

Due to the current low interest rate environment, many institutions are experiencing significant prepayments on mortgage-backed securities. When

As a result of the prolonged low interest rate environment, many institutions are looking to hedge against rising interest rates. One of the ways that they are doing this is by entering into interest rate swaps. There are risks that are associated with entering into these transactions and management, as well as the board of directors, should understand these risks prior to entering into a swap transaction. In addition, there are accounting issues related to interest rate swaps, including the determination of fair value. It is important for management to understand the assumptions being used in the valuation of the swaps and how the swaps are being recorded. Management will ultimately be taking responsibility for the amounts recorded and the assumptions used in the determination of the fair values.

Reliance on specialists

It’s common for institutions to engage benefits specialists to perform calculations of estimates that require a specific technical expertise, and the results are often taken at face value. However, management must review the results and ensure they understand the assumptions used in the calculations and the overall outcome based on their expectations.

For example, if the specialist is preparing a calculation for a postretirement benefit and the discount rate was reduced from 4.5 percent to 4 percent, one would expect an actuarial loss and related increase in the benefit obligation. If the calculation then reflects an actuarial gain, management should question what other changes were reflected in the calculation that did not result in the expected loss.

Deposit operations segregation of duties

As business goals and objectives are constantly changing, we sometimes lose focus on areas that may not be considered significant at the current time. One of these areas seems to be segregation of duties in the area of deposit operations. There are many risks within the deposit operations area that could be mitigated with proper segregation of duties, which include new account openings, the deposit reconciliation, dormant accounts, file maintenance and customer statement returns. Our engagement teams have seen a significant increase in the number of deficiencies identified in this area during the past year. Controls over deposit operations should be reviewed to ensure adequate segregation of duties, which includes system access and physical access controls. Operating a financial institution today is complex and comes with many risks. By working closely with your internal and external audit team, you can work on mitigating these risks to ensure that your financial institution is operating as effectively as possible.  n J.P. LaPointe, CPA, is audit manager at Wolf & Co., a Boston-based tax and compliance consultant to community banks for over 100 years. He may be reached at jlapointe@wolfandco.com or (617) 261-8183. www.wolfandco.com

Banking Solutions 2014 | 23


NICHE MORTGAGES

TAKING THE THEME LITERALLY: A RESPONSE ON NICHES BY PATTI WHITE | NORCOM MORTGAGE & INSURANCE

uch has been said about the impact the Dodd-Frank Act has had, and will have, on the mortgage industry. Early concerns involved overburdening restrictions and the impossibility of compliance, but as companies finalize their plans to manage the new regulations, what emerge are not so much concerns about day-to-day operations, but the shifts the new regulations will prompt in industry philosophy. Prior to Dodd-Frank, the mortgage industry had become what many other industries also are: a field of widely available options in which many individual companies stood out for their specialties, either unique products they provided as lenders or particular products in which they cultivated expertise. With the imposition of the new regulations of the Ability-to-Repay (ATR) Rule, companies no longer find themselves able to specialize or cater to specific segments of customers; the new guidelines simply burden lenders with too much risk to offer many of their specialized options. Instead, the ways in which companies make themselves stand out have shifted from products and practical concerns to more nebulous concepts like customer service and responsiveness. In the aftermath of Jan. 1 and 10, there will be a period of adjustment for mortgage companies nationwide as they learn how to navigate the new regulatory waters. While large institutions have announced that they will originate non-QM loans, it is unlikely they will buy non-QM loans from other 24 | Banking Solutions 2014

institutions. A large portion of lenders, therefore, will be confined strictly to QM loans, at least until they understand more about the ATR Rule’s effects and which investors are willing to take on what amount of risk. Larger banks, who can afford to take risks on their own non-QM loans right off the bat, and smaller companies, who have a QM exemption, may maintain a close approximation to business as usual, but companies who fall in the middle of these two extremes will find themselves in competition in a more limited market. With generally the same products to offer as their peers, these mid-sized companies will have lost their main tool in such competition and will be striving to find new ways to stand out from the crowd. The specific products, services and relationships companies offered prior to Dodd-Frank’s enactment, in many cases, created a culture of niches. Companies used their market position to their advantage to stand out to their customers, offering either products or pricing that was unique amongst their competitors or that appealed to their particular client bases. As in any regulated industry, companies must distinguish themselves and build business off certain distinctions, or niches, but the new regulations have made many of those niches an impossibility, whether temporarily or not. The QM framework will be less dependent on price or unique products and instead based on how the sales experience compares amongst peer institutions. The burden of attempting to maintain distinction has fallen to details that are more difficult to craft. Instead of unique terms, pricing and products, companies must craft messages in how their service is superior to their competitors’, a task that is made complicated by the fact

There will be a period of adjustment for mortgage companies nationwide as they learn how to navigate the new regulatory waters.


that superior customer service is more difficult to define and market than the more straightforward terms of product availability. The definitions of excellent customer service and the ideal sales experience can differ greatly from consumer to consumer, making a company’s niche harder to pin down. Likewise, if the QM framework has the expected effect of limiting eligible borrowers for those institutions not originating non-QM loans, true niches are likely to become secondary to the overall goal of finding qualified borrowers. The production volumes in 2013 appear to be below 2012 levels, so most lenders do not have the luxury of limiting themselves to exploiting a market niche. One consequence of the ATR Rule is that the first few months of 2014 will be defined by plurality. In the early stages of QM, we are all created equal. The regulatory environment is somewhat limiting to the individuality that, to some degree, built the industry. In particular, nonbank mortgage companies who depend on distinction and personality are jockeying for position in the new QM market. Competition is good for the market. It is good for consumers, because lenders competing for business create consumer advantages. It is good for 26 | Banking Solutions 2014

lenders, because it keeps us sharp. Furthermore, any rules or trends that limit competition generally draw criticism from the mid-sized and small lenders, who rely on such competition to fuel their business. Because competition is a necessity, the industry must find ways to continue to foster it, despite the challenging new regulatory climate. It is clear that existing niches have been largely pushed out because of new regulatory constraints. One would expect, then, that as existing niches have been pushed out, new niches would not find their way into the market. Yet, if “necessity is the mother of invention” is a truism, we should see niches reappear or develop in the market over the next year, simply because niches are the only way for mortgage companies to distinguish themselves and drive business. The shift between the markets before and after the new regulations is not that niches will cease to exist, but that they will evolve to take new shapes that allow them to foster business and drive competition – and also to respect the new regulatory climate without imposing undue risk on lenders. For the last six months, we have heard that in the first six months following the rules’ enactment, lending will be

defined by uncertainty. Nowhere is that more true than in relation to the concept of niches, whose effective elimination in their previous form will require institutions to reinvent significant aspects of their business. Though we do not claim to have the answer, we would expect the industry to start carving out distinctions, and also challenge institutions to be creative when searching for those news niches. Since competition has not been totally regulated outside the market, there is room for mortgage companies to begin to redefine their forte in the market. n Patti White is vice president of correspondent lending at Norcom Mortgage & Insurance, a Connecticut-based provider of residential and commercial mortgages and insurance policies. She may be reached at patti@norcom-usa.com or 860-899-3793. www.norcom.usa.com


LOAN REVIEW

RISK RATING LOANS IS NOT A SIMPLE PROCESS, BUT A SOLID METHODOLOGY IS A GOOD START BY BO SINGH | T. GSCHWENDER & ASSOCIATES INC.

iven the number of recent financial institution failures, banks would benefit from taking a hard look at their loan review function. Ask yourself: Are you getting the same report year after year without recommendations to help you strengthen your credit risk management practices? Are your loan review consultants providing you tools to help you do your job better? Do they even have a methodology to risk rate loans, or is it simply their opinion? Risk rating loans is not a simple process. If it was, some of these failures wouldn’t have occurred. To properly risk rate a loan, many variables must be considered. For example, although the debt service coverage ratio (DSCR) may be less than 1.00, that does not necessarily mean the credit deserves a criticized (special mention) or classified (substandard, doubtful or loss) risk rating. Suppose the borrower has excellent liquidity and collateral protection is good. What would be the risk rating now? What if the borrower is in an industry that has been significantly impacted by current economic conditions … how would that impact the risk rating? Bottom line – a risk rating is dependent upon many variables, and how these variables interplay with each other. You better have a solid methodology to back up your conclusions. TGA has been providing loan review services to

financial institutions for over 30 years. In evaluating credits, TGA sticks to the proven “five Cs of lending.” Each of the following variables is evaluated for each loan relationship: 1. Capacity (cash flow) to repay the loan. 2. Capital of the borrower to provide a cushion against unexpected losses and evaluation of the overall financial condition of the borrower. 3. Collateral protection. 4. Character of the borrower and their willingness to repay the loan. 5. Conditions in the marketplace that may impact the borrower. Credit Administration is also assessed to determine if a loan was structured properly for its intended purpose and if it is being monitored properly on an on-going basis. These variables are weighted based on their importance and impact on potential deterioration of the credit. Each of the six variables is assigned a score from 1 to 5 (with 1 being poor, 3 being average, and 5 being superior) based on the current characteristics of that variable. The variable score is supported by reviewer comments to justify the variable score. The score is then multiplied by the variable weight to determine the overall variable rating. The six variable ratings are then added together to determine the credit risk rating score. The credit risk rating score is compared to a table that has ranges for

Capacity Credit Admin

Capital

Risk Rating Collateral

Conditions

Character

Banking Solutions 2014 | 27


a timely manner while thoroughly documenting all key loan information. The system also allows us to be consistent and transparent in our risk rating assignments, but still permits reviewer judgment in assigning the risk rating. This program is available for our clients to use, which allows both TGA and the client to risk rate loans similarly, resulting in very few upgrades and downgrades during the independent loan review assessment.n

each risk rating to determine the appropriate relationship risk rating. Our methodology has been tested over 30 years and has been reviewed by all regulatory agencies during bank

exams. TGA uses a proprietary loan review system to complete reviews. This highly regarded system enables us to complete reviews in

Bo Singh is the president of T. Gschwender & Associates Inc. (TGA). He may be reached at info@tgschwender-assoc.com or 315-701-1293.

www.tgschwender-assoc.com

Collaboration The Power of

Experience the power of collaboration with COCC.

We combine today’s most advanced financial technology with our uniquely effective service model – we call it “collaborative to the core.” How do we collaborate? We engage our clients in deciding which features we develop, encourage open discussion, and tailor our training, support and implementation strategies to meet our client’s needs. The result is outstanding value and record- breaking client satisfaction. That’s how COCC has succeeded since 1967. Visit www.cocc.com or call us at 888.678.0444 to learn how collaboration can help your financial instituation succeed.

COCC • 100 Executive Boulevard, Southington, CT 06489 • 888.678.0444 • www.COCC.com 28 | Banking Solutions 2014


Get Introduced To Your Best Prospects. And start building stronger business relationships today.

MEDIA SOLUTIONS

New York is the banking and finance capital of the country, and

> PRINT

one of the largest financial centers in the world. Its institutions

Quarterly Magazine Banking New York

host an impressive amount of deposits, assets, wealth and, as a result, power. Banking New York magazine is a highly focused publication for the array of executives and managers within every bank in New York state. You have the unique opportunity to promote your products, services and solutions within the pages of New York’s own banking publication. Banking New York has been educating bankers since 2007.

> ONLINE Website and Digital Magazine Advertising Direct Email Marketing

Now in the second year partnership with the Independent Bankers Association of New York (IBANYS), the magazine’s reach and coverage is more expansive than ever before. > EVENTS Questions? To learn more about Banking New York or to customize a marketing program unique to your business needs, call 800-356-8805 ext. 307 or email advertising@thewarrengroup.com.

Banking Conferences throughout the Northeast

Published by The Warren Group in partnership with the Independent Bankers Association of New York


T H E G O O D , T H E B A D A N D T H E P R O F I TA B L E

THE STATE OF HIGH RISK PROCESSING TODAY BY LAURA KAISER

he lure of high risk processing and its potential for windfall profits is nothing new. Since becoming a legitimate and bankable income source some 15 years ago, more and more consulting firms and processors claim they can place categories not widely accepted. So when your organization decides it’s time to diversify its portfolio with some less traditional accounts, it’s important to know how to separate smart risks from just plain risky business. There are plenty of non-traditional accounts with excellent income potential, but the rules regarding which to consider accepting are constantly changing. To stay current, profitable and within the confines of the law, it helps to have strong connections to consultants or partner processing banks that know the laws and have experience managing risk appropriately. And as a bank executive, it’s always wise to network with experts who can provide sound advice on what types merchants to look for and which ones to avoid. Gene Lieb, consultant with Business Financial Resources, a consultancy in the high risk processing field since 1992, says, “In the beginning there were a few processors out there willing to take on furniture and flooring sales with maybe a few escort services thrown in. That’s how it all started. Today, future delivery status still factors into the equation, especially with Internet sales, 30 | Banking Solutions 2014

but market globalization has made this business more complex.”

A Global Reach

Lieb is referring primarily to the thousands of online merchants operating all over the world with the ability to sell to nearly anyone with a computer or smartphone. With good reason, this has made many banks more cautious about the types of accounts they will accept. It’s important to proceed with caution when navigating international processors – many don’t recognize U.S. laws – and when dealing with varied rates and conditions between regions. This is especially true when choosing to work with gaming, replica, nutraceutical, cigarette, tobacco clients, etc. Unfortunately, it has become common practice to disguise these types of businesses for the purpose of securing accounts. Earnings from prohibited items such as sea salts, controlled pharmacy items, firearms and other objectionable goods has created a darker, greedier side of high risk processing. The allure of a large payday can be tempting and less reputable organizations will promise creative solutions to get around the laws governing these types of merchants. Lieb stresses the importance of avoiding this type of risk, saying that “these items are illegal and potentially dangerous – that’s obvious. Working with this type of business can also damage your reputation. You risk having your accounts turned off and becoming black-listed by processors at the very least. And it just gets worse from there.” Financial institutions that do their own processing, as well as those that don’t, can benefit from consulting services that specialize in understanding how to rate all types of accounts, including those with future delivery. Whether it’s an outside consulting firm or someone within your organization, an expert can help assess cancellation and chargeback risks and suggest emerging safe-bet categories. It’s important to keep in mind that just because online services come with future deliveries, doesn’t automatically make them high liability business types. All merchants should be judged on a case by case basis. Even traditional retail stores, though generally considered low risk, must be judged on their credit and performance because they too have been known to shut down with unfinished customer business. Lieb says that with proper sales and delivery monitoring, travel, multi-level marketing, foreign exchange, dating services, adult products, gaming, psychic services and others make excellent accounts. n Laura Kaiser is a professional freelance writer and creative consultant working with companies in the NY/NJ/PA Tristate area.


Fastest growing LOAN REVIEW company in the Northeast…why? Innovative products to help you reduce cost, increase efficiency, and improve credit risk management processes all at once. What has your current loan review company done for you lately?

Fresh perspective… serious results. Bo Sing “ In my 20 plus years as a banker, TGA’s loan review is one of the best that I have seen. TGA’s risk-based approach ensured coverage of our most risky loans while ensuring appropriate portfolio coverage based on our credit risk. Although our ALLL has been reviewed by other loan review firms over the years, the first review TGA performed identified an opportunity to save our bank significant dollars. I highly recommend them.” – Robert M. Fisher, President & CEO, Tioga State Bank

Experience the Difference TGA has been performing loan reviews for over a quarter of a century. Our “risk -based ” loan reviews are the best in the industry. Contact us for a free consultation and see how our investment in state of the art technology can benefit your team.

E xperience and a F resh P erspective… What Do Y ou R eally Have to Lose? Contact Us at: info@tgschwender -assoc.com or 315-701-1293 311 Montgomery Street, Suite 1, Syracuse, NY 13202 www.tgschwender-assoc.com

IBANYS Preferred Provider


AT T H E M A R G I N S

THE BEST DEFENSE IS A GOOD OFFENSE Will HeartBleed Convince the Public to Be More Secure? BY ROBERT B. SEGAL | ATLANTIC CAPITAL STRATEGIES INC.

ver the past five years, financial institutions have operated in a setting of historically low interest rates. These conditions have influenced changes in asset mix while presenting challenges to maintaining profitability. As interest rates declined, the yield curve steepened, prompting many institutions to rely more heavily on longer-term loans and securities to support profitability. According to a recent report by the FDIC, these changes in balance sheet composition appear to have resulted in increased interest rate risk exposure. Asset expansion since 2008 has primarily been the result of growth in bank securities portfolios, according to the FDIC. Securities balances grew by a larger dollar volume and at a considerably faster pace than loans during the five years ending second quarter 2013. During this period, the annual growth rate of securities far exceeded the increase in loans (8.2 percent vs. -0.4 percent). Securities as a percentage of assets increased from 14.7 percent to 20.2 percent for institutions with assets over $1 billion and from 18.5 percent to 23.1 percent for banks under $1 billion. Even as smaller banks increased securities holdings, they’ve also shifted to securities and loans with longer maturities. Since second quarter 2008, longer-term assets (loans and securities with maturities or repricing dates greater than five years) increased from 19.9 percent to 28.8 percent. Long-term securities represent 13.0 percent of assets and more than half of all securities held by smaller banks. Long-term loans represent 15.8 percent of assets. Meanwhile, larger banks have only slightly increased longer-term assets, from 19.3 percent to 20.7 percent. Although it is difficult to predict when interest rates will increase, the FDIC guidance urges banks to prepare for a period of rising interest rates. The report said the value of longer-maturity securities may decline as interest rates increase, putting banks' earnings, liquidity and images in jeopardy. 32 | Banking Solutions 2014

Keeping Risk Down

To reduce risk, the FDIC recommends that banks consider boosting their holdings of shorter-maturity or variable-rate securities and lock in profits by selling longer-term securities. Banks that have extended asset portfolio duration to capture higher yields may find that variable-rate products are more effective in managing sensitivity and mitigating potential depreciation in the portfolio. While a shift to floating-rate assets certainly helps to reduce interest rate sensitivity, this comes at a cost. At the December 2013 FOMC meeting, the Fed reaffirmed its view that highly accommodative monetary policy will remain appropriate for a considerable time after their bond purchase program ends and the recovery strengthens. The Fed anticipates the target range for federal funds will remain at 0 to 25 basis points until “well past the time” that the unemployment rate declines below 6.5 percent. A wide range of indicators implies that the first increase in the target federal funds rate will occur during the latter stages of 2015. Based on trading in short-term interest rate futures, the Fed will raise rates no earlier than the third quarter of 2015. A majority of Fed governors and district presidents see the first hike in 2015. Of this group of 17, only two look for an increase this year, while 12 expect it to happen in 2015 and three in 2016. Most policymakers say the rate will stay below 2 percent through the end of 2016. In this environment, floating-rate assets may provide 2 to 2.50 percent less yield relative to comparable fixed-rate assets for a period of two or three years. Most institutions still need to generate interest income, and a large allocation to floating-rate assets could impact earnings. If the Fed in fact does not raise rates for two years, then fixed-rate assets put on the books today will earn a positive carry relative to the federal funds rate. Four- to five-year average life assets would perform well on a relative basis, because these instruments should have “rolled down” the yield curve by the time the Fed acts. This feature provides some price protection in a rising rate environment, as the assets will be shorter-term when rates start to rise. As the Fed pares back on its bond purchases this year, longerterm interest rates may continue to climb. It is sometimes challenging to add assets in this kind of environment, because bankers could find these assets to be underwater in the near term. With regulator concern over mark-to-market pricing and balance sheet fair value testing, the goal is selecting those instruments that will not exhibit excessive price volatility. This means avoiding extension risk in the investment portfolio and making sure commercial loans are structured appropriately. As always, institutions should maintain robust risk management practices, keeping interest rate risk exposure at reasonable levels.  n Robert B. Segal is president of Atlantic Capital Strategies Inc. He may be reached at bob@atlanticcapitalstrategies.com or 781-276-4966.

www.atlanticcapitalstrategies.com


Risk & Compliance Services + Internal Audit + Compliance Administration Program + IT Audit Sheshunoff Consulting + Solutions (“SCS�) is the industry leader in providing consulting expertise and advisory services to financial institutions of all sizes throughout

+ Online Compliance Consulting + BSA/AML Compliance

the U.S. For more than 40 years, SCS has continually delivered the highest quality Risk Management Services. To see if Sheshunoff Consulting + Solutions can tailor a Solution to assist your organization, contact us Deanna Wachsmuth - Managing Director Risk & Compliance

Loan Review Services + Commercial Loan Reviews + ALLL Reviews

Tel. 603-379-2740 e-mail dwachsmuth@smslp.com

+ Acquisition Due Diligence

David Etter - Managing Director Loan Review

+ Commercial Portfolio Stress Testing

Tel. 203-262-4140 e-mail detter@smslp.com

+ Loan Policy Review & Revision

Visit us at www.smslp.com to tailor your Solution today.

+ Appraisal Reviews


CUT THE CORD! Ask about our Ad- Free TV. How much are you paying your cable provider to play competitor adver tising on your in-branch televisions? Zero-In now offers a cable T V alternative to promote your business without third par ty ads. OUR CONTENT PARTNERS:

F OR MOR E INF OR M AT ION, P L E A SE CON TAC T MITCHELL GOSS • 888.260.7291 X 125 • MGOSS@ZERO-IN.COM

ZERO-IN.COM

Banking Solutions 2014