Skip to main content

Author: admin

Implementing a Threat Intelligence Program

Written by admin on . Posted in Information Technology.

By: Mike Detrow, CISSP, Senior Consultant and Manager of IT

As part of its continued focus on cybersecurity, the Federal Financial Institutions
Examination Council’s (FFIEC) September 2016 Information Security
Handbook emphasizes the need for institutions to implement procedures for
obtaining, monitoring, assessing, and responding to evolving threat and vulnerability
information.

Institutions have typically implemented a number of preventative controls such as firewalls, intrusion prevention systems, and antivirus applications to protect their information systems. However, these systems are not always effectively managed and monitored. Even in cases where perimeter devices are well managed and monitored, it is not uncommon to see security weaknesses within the internal network such as missing patches, system misconfigurations, and default passwords. Advanced attacks may not be prevented by perimeter network controls alone and may only be identified through information obtained from external intelligence sources and by monitoring internal detection systems.

An advanced attack typically follows these general steps to achieve the attacker’s goal:

1. Active and passive reconnaissance is performed to learn about the target organization and to identify weaknesses.
2. Based on the identified weaknesses, the attacker obtains or develops malicious code and attempts to deliver this code to the organization through social engineering techniques, exploitation of vulnerable services or applications, or other means.
3. If the attacker is successful, malware and/or backdoors are then installed on the organization’s systems for the attacker to establish control.
4. If needed, privilege escalation is performed through exploiting vulnerable systems or misconfigurations.
5. The attacker performs the intended activities, such as data exfiltration from the organization’s information systems.

To comply with the FFIEC’s guidance, financial institutions must implement a Threat Intelligence Program that documents the following:ƒƒ

  • Employee Responsibilities. Employee responsibilities for monitoring, analysis, response, and reporting should be clearly defined to ensure accountability and appropriate approval for any recommended changes. In addition, the responsibilities for monitoring accounts with administrative capabilities should be documented to ensure independence.
  • Monitoring Threat Intelligence Sources. External threat intelligence sources may include the Financial Services Information Sharing and Analysis Center (FS-ISAC), hardware vendors, or software vendors. Internal sources may include intrusion prevention systems, intrusion detection systems, firewall logs, server event logs, antivirus alerts, or a Security Information and Event Management (SIEM) system. The process for monitoring internal systems begins with the development of a network activity baseline, or in other words, an understanding of the normal daily activity within the institution’s IT environment. Once the institution understands the baseline, monitoring systems can be implemented and tuned to provide alerts to activity that is outside of the baseline and requires additional analysis. A list of the intelligence sources that are monitored and the procedures for monitoring these sources should be documented. Monitoring procedures may indicate that emails are sent to specific employees when an alert is issued or they may indicate that an employee reviews a system management console on a daily basis. Monitoring procedures may also indicate the process for determining the applicability of an alert to the institution’s environment.
  • Analysis and Response. Analysis and response procedures should identify the steps to be taken to assess the risk of a specific threat, determine a mitigation strategy, and implement the mitigation strategy.
  • Reporting. Reporting procedures should identify the type and frequency of reports that will be provided to the board of directors to evaluate the effectiveness of the threat intelligence program. Reports may include a list of the threat notifications received, applicability to the financial institution, and management’s responses to the applicable threats.

Conclusion
By implementing a Threat Intelligence Program and actively monitoring evolving threats, institutions can prevent or limit a threat’s impact on the institution and its customers.

Young & Associates, Inc., has developed Threat Intelligence Program templates to assist with the implementation of a Threat Intelligence Program. For more information, click here.

Capital Market Commentary – November 2016

Written by admin on . Posted in Management & Planning.

By: Stephen Clinton, President, Capital Market Securities, Inc.

Market Update
The current expansion began in June 2009 and has now continued for 88 months, making it the fourth longest period of growth since the data has been recorded. The third quarter growth in the U.S. economy was 2.9%. A tight job market, increasing wages, and low oil prices are aiding the economic growth. Additionally, stronger export growth added to the GNP. Corporate profits are expected to grow and businesses are showing interest in business expansion after sitting on the sidelines for some time.

The following summarize certain issues we think are worth watching:

  • Retail sales in September were up 2.7% from the prior year. Consumer spending, the primary driver for the U.S. economy, accounts for two-thirds of GDP.ƒƒ
  • The number of Americans applying for first-time unemployment benefits was reported at a four-decade low in early October. Initial jobless claims have now remained below 300,000 for seven years, the longest streak since 1970. Job growth has been spurred by a hiring streak that surpassed its previous record in March and is now at 70 straight months. Unemployment is now at 5%.
  • Median household incomes have risen, increasing 5% in the last year. This has led to the consumer confidence reading hitting its highest point in nine years.
  • The Fed continues to remain cautious. Despite fueling expectations for rising interest rates, the Fed has boosted rates only once since the last recession.
  • Home-price growth accelerated in August, as a lack of inventory and low interest rates helped push prices to near record levels. The S&P CoreLogic Case-Shiller Indices covering the entire nation rose 5.3% in the 12 months ending in August.
  • Inflation has remained below the Fed’s 2% annual target for more than four years, but has shown signs of firming recently. Now expectations are building that inflation may move above the Fed’s target.
  • Mr. Trump’s November election will usher in a new President who will have party majorities in both the House and Senate. This should help the new Administration enact programs and policies more readily.

Short-term interest rates remain historically low with the 3-month T-Bill ending September at 0.26%. The 10-year T-Note ended September at 1.56%, down 71 basis points from year-end 2015. This has led to a significant reduction in the slope of the yield curve.

The stock market performance in 2016 has been positive. The Dow Jones Industrial Index closed September up 5.07% for the year. The Nasdaq Index closed up 6.08%. The Nasdaq Bank index ended September up 5.15%. Larger U.S. bank pricing struggled, ending the first three quarters of 2016 down 3.05%.

The dichotomy between big bank pricing and smaller bank pricing can be seen by comparing pricing multiples for each. Since 1995, banks in the S&P Bank Index averaged a price-to-earnings multiple of 14.1. Currently they average 12.0. Conversely, smaller banks had a historical average of 15.9 and are now trading at a multiple of 17.8.

Interesting Tid Bitsƒƒ

  • New Competition. Goldman Sachs, the Wall Street giant, recently began offering consumer loans. An online consumer lending platform was rolled out offering personal loans up to $30,000.
  • CFPB. Thanks to a lawsuit brought by nonbank mortgage lender PHH Mortgage, a three-judge panel recently ruled that the single director structure of the CFPB was unconstitutional and limited the CFPB’s ability to ignore statute of limitations governing administrative enforcement actions.
  • The Big Get Bigger. It was recently reported that since Dodd-Frank was passed in 2010, large banks have grown by 30%. The six largest U.S. banks now hold assets of approximately $10 trillion. There are now at least 1,500 fewer banks with assets under $1 billion than prior to the financial crisis.
  • ƒBoom in Global Trade. The S&P 500 is up nearly nine-fold since October 1986. Among factors cited to explain this dramatic growth is the acceleration of global trade spurred by various trade agreements.
  • ƒƒMerger and Acquisition Activity. In the first nine months of the year, there were 185 bank and thrift announced merger transactions. This compares to 195 deals in the first three quarters of 2015. The median price to tangible book for transactions involving bank sellers was 129% which is down from the 141% median recorded in 2015.

Ag Lending in 2017

Written by admin on . Posted in Lending & Loan Review.

By: Bob Viering, Senior Consultant

In our loan review practice, we have an opportunity to work with ag banks throughout the Midwest. In general, our findings are similar to what you may have read from many ag economists. Working capital is dwindling quickly, and the debt to asset ratio is increasing as is short-term debt. Many banks have been refinancing intermediate- and long-term assets to fix working capital declines and carryover debt. Some borrowers have sold land to reduce debt. We have seen many instances where borrowers have been able to reduce input costs and, most importantly, cash rents to bring them back to the point where they are either producing positive debt service coverage or are coming much closer to positive debt service coverage than they were in 2014. But overall, balance sheets are weakening and repayment is a continuing challenge. Credits that were barely a pass credit in better times have, in many cases, dropped to Special Mention or Substandard. Solid pass credits from a couple of years ago are now one weak year from a criticized level.

For many bankers, having struggling ag borrowers is a relatively new experience. I have more recently been through the experience in working with struggling ag borrowers while working at a western bank that had many cattle ranches that were severely impacted by low cattle prices and drought conditions. Many of the lessons learned there are just as applicable to the situation many of us face here in the Midwest.

As you head into renewal season, here are a few items to consider:

1. Complete information is critical. There is an old Russian proverb, “Trust but verify.” This is good to keep in mind when analyzing your borrower. As things get tougher, there is a temptation by some borrowers to not include every liability or to see some liabilities as something not worth mentioning. When short-term borrowing gets tougher, some borrowers will turn to using the local co-op for some inputs, borrowing from family and friends, or using online lenders (FinTech has hit agriculture too) or credit cards. At renewal time at our bank, we would send out a renewal package that had not only financial statement requests but a complete debt schedule form and inquiry about other loans or bills from any source, including family. We ran a new credit bureau report and compared it to prior ones to see if any new credit card or other type of debt was taken out since the last renewal and looked for any significant increases in balances, especially on credit cards. We completed a new UCC search for the same reason. In the end, we wanted to be sure that all debts were accounted for and had a source of repayment.

2. Restructure only if it helps. Often we see banks terming out any carryover debt or being quick to term out short-term debt to improve working capital. Before you restructure debt, make sure the underlying problem is fixed. Carryover debt usually occurs because the farmer didn’t make enough from crop/livestock sales to pay all term debt, operating lines, and living expenses. Given that revenue isn’t likely to grow in the next few years, improving cash flow is about expense control. Has the operation cut input costs, cash rents (this is the big one), and living costs to a level they can produce enough profits to cover their debt payments and family living? If so, then they are a perfect candidate for a restructure. If those tough choices have not been made and the operation won’t operate profitably, then you are likely to find yourself with even more carryover, more debt, and far fewer options not far down the road.

3. Income taxes may become an issue. Section 179 deductions were very helpful to reduce/eliminate income taxes in the past. But with far fewer pieces of equipment being purchased, those deductions have decreased significantly. Prepaying expenses and holding over grain sales can put off taxes for a while but, at some point, the timing can get tougher and some operations will now show taxable income when their accrual earnings may be negative. Those tax payments are often not planned for and can create a significant cash outflow at exactly the wrong time. It’s important that you encourage your borrowers to work with their tax professionals to plan as far ahead as possible to minimize any tax consequences.

4. Be empathetic and be realistic. Many of your borrowers were on top of the world a few short years ago. Everything they did went well and equipment dealers (and friendly bankers) made expansion with few tax consequences a reality. With today’s reality of weak (if any) earnings and less ability to add debt, it has become a very stressful time for many farmers and their families. It’s a lot tougher to be a banker too. Good bankers help their customers succeed. It’s not always easy and it’s often stressful, but letting customers operate unprofitably and not trying to help them make tough decisions usually only makes the problem get worse. It’s so important to be empathetic with your borrowers and to have a thick skin when they get mad. They may seem like they’re mad at you when they are really frustrated about their current situation. However difficult the conversation may seem today, it’s a far easier conversation than to have to tell someone that they have to quit farming and start over.

Ag lending is a key part of many banks’ loan portfolios and is important to their local market. Even in these tough times, it’s critical to work with your customers and do all you can to help them succeed. At Young & Associates, Inc., we work with many banks with ag portfolios. If we can help you with your loan review, policy reviews, process/underwriting reviews, and improvement plans, give us a call at 1.800.525.9775 or send an email to bviering@younginc.com.

Regulatory Initiative Provides Good Reminder of Importance of Credit Policies

Written by admin on . Posted in Lending & Loan Review.

By: Tommy Troyer, Executive Vice President
A look back over recent issues of the 90-Day Note, or a more general scan of industry news and regulatory comments, would reveal the industry’s focus on underwriting standards and possible industry-wide changes in underwriting standards over the last several years. As we have noted previously, for any individual community bank, the important consideration is not simply how conservative or liberal underwriting standards are or whether underwriting standards are loosening or tightening. Instead, the question that is critical for the ultimate health and profitability of the bank focuses much more on whether underwriting standards, and any changes in underwriting standards, are accurately understood and monitored, consistent with an institution’s risk management capabilities, and regularly assessed to ensure that the risk/return calculus and the institution’s level of capital are appropriate for the loan portfolio’s characteristics.

The above considerations, as well as overall industry trends in risk appetite and underwriting standards, are quite naturally of interest to regulators as well. In addition to other regulatory tools (such as loan officer surveys) for measuring underwriting standards, the OCC has launched within the last year an initiative to try to standardize and collect assessments of underwriting practices during safety and soundness examinations. We have heard OCC leadership discuss this initiative at banking conventions and have heard from clients who have had OCC safety and soundness exams over the last year. While the OCC’s overall approach to assessing underwriting can be informative or, at the minimum, a great reminder of critical factors for controlling credit risk, our intention here is to highlight an aspect of controlling underwriting standards and credit risk that should not be, but sometimes is, overlooked: the role of credit policies.

The Important Role of Credit Policies
Credit policies represent perhaps the most important tool for the board of directors and bank management to define underwriting standards and credit risk appetite. While it can be appropriate for some details of underwriting criteria to be maintained outside of formal loan policy, it is not appropriate or effective to employ an overly generic credit policy that provides little specific detail about the characteristics of credits the institution desires to originate. The OCC’s assessment of an institution’s underwriting considers the range of important factors one might expect (for example, loan structure, presence of appropriate covenants, etc.). Importantly, this assessment also extends to whether loan policy provides enough detail and information to control these important characteristics of credit underwriting. Without a policy that defines the bank’s limits on factors such as amortization periods, collateral advance rates, etc., underwriting standards can loosen and credit risk can grow without the intention or even the knowledge of the board. An appropriately detailed policy sets limits on the extent of any loosening that might occur and, assuming exception tracking and reporting is effective, allows for the board to receive better information about any changes in underwriting quality.

Some institutions try to avoid having too much specificity in policy because they do not want to create too many policy exceptions or provide examiners or auditors with more opportunities to “catch” them in violation of their own policy. There certainly is such a thing as a policy that is too specific or detailed to be effective, as at a certain level of detail it is not possible for lenders and analysts to actually know or easily find all of the policy requirements. However, it is also important to recognize the risks that come with overly generic policies, primarily, the inability to effectively control the terms of credit extended and the possibility of regulatory concern about the bank’s effectiveness in defining risk appetite and controlling risk.

The amount of detail is certainly not the only factor that determines the effectiveness of a credit policy. The content of the actual details certainly matters (a well-defined minimum debt service coverage ratio of 0.75 and maximum collateral advance rate against work-in-process inventory of 150%, for two extreme examples, are specific but do not effectively control credit risk). The organization and consistency of policy also matter, as a credit policy can only be effective if it is a usable tool for lenders and credit personnel.

Many credit policies at community banks have been in place for a long time, with small or ad hoc updates put in place as needed. Young & Associates, Inc. offers a policy review service that takes advantage of our exposure to the credit policies of many community banks around the country to evaluate the adequacy of a bank’s policy and to make recommendations for enhancements. We will not tell you what your risk appetite should be, but we can and will assess the content of your policy against regulatory expectations, compare your specific risk limits to what is common across the industry so that you can have better information about where your risk appetite stands relative to peers, and evaluate the effectiveness of your policy’s layout, language, and internal consistency.

If you would like to discuss the importance of credit policies or believe your institution may benefit from a policy review, please contact Tommy Troyer at ttroyer@younginc.com or 1.800.525.9775.

New Prepaid Rule

Written by admin on . Posted in Compliance & Regulations.

By: Bill Elliott, CRCM, Senior Consultant and Manager of Compliance

On October 5, 2016, the CFPB issued a final rule amending Regulations E and Z to create comprehensive consumer protections for prepaid financial products. The result of this rule is that many of you may not continue to offer these accounts, and those of you who do not currently offer the accounts may not want to start. The purpose of this article is not to talk you into or out of these products, but to give you the basic facts so that you can make the best decision for your institution.

The Prepaid Rule runs 1,501 pages, so we can only do an overview in this article. You may also want to look at the following: http://www.consumerfinance.gov/policy-compliance/guidance/implementation-guidance/prepaid

Another site worth your time might be: http://www.consumerfinance.gov/policy-compliance/rulemaking/final-rules/prepaid-accounts-under-electronic-fund-transfer-act-regulation-e-and-truth-lending-act-regulation-z/

Prepaid Accounts
The Prepaid Rule adds the term “prepaid account” to the definition of “account” in Regulation E. Payroll card accounts and government benefit accounts are prepaid accounts under the Prepaid Rule’s definition. Additionally, a prepaid account includes a product that is either of the following, unless a specific exclusion in the Prepaid Rule applies:

  1. An account that is marketed or labeled as “prepaid” and is redeemable upon presentation at multiple, unaffiliated merchants for goods and services or usable at automated teller machines (ATMs); or
  2. An account that meets all of the following:
    1. Is issued on a prepaid basis in a specified amount or is capable of being loaded with funds after issuance
    2. Whose primary function is to conduct transactions with multiple, unaffiliated merchants for goods or services, to conduct transactions at ATMs, or to conduct person-to-person (P2P) transfers
    3. Is not a checking account, a share draft account, or a negotiable order of withdrawal (NOW) account

There are exceptions to the rule. Under the existing definition of account in Regulation E, an account is subject to Regulation E if it is established primarily for a personal, household, or family purpose. Therefore, an account established for a commercial purpose is not a prepaid account.

Pre-Acquisition Disclosures
The Prepaid Rule contains pre-acquisition disclosure requirements for prepaid accounts. The requirements are detailed. However, there often will be a reseller of these products, meaning that the seller must prepare this disclosure for you. This “short form” disclosure includes general information about the account.

Outside but in close proximity to the short form disclosure, a financial institution must disclose its name, the name of the prepaid account program, any purchase price for the prepaid account, and any fee for activating the prepaid account.

There is also a long form disclosure which sets forth comprehensive fee information as well as certain other key information about the prepaid account.

The Prepaid Rule includes a sample form for the long form disclosure. The long form disclosure must include a long laundry list of items that details every nook and cranny of the account’s use. The Prepaid Rule also requires financial institutions to make disclosures on the access device for the prepaid account, such as a card. If the financial institution
does not provide a physical access device for the prepaid account, it must include these disclosures on the website, mobile application, or other entry point the consumer uses to electronically access the prepaid account.

All these disclosures are in addition to your standard Regulation E initial disclosure. The initial disclosures must include all of the information required to be disclosed in the pre-acquisition long form disclosure.

Error Resolution and Limitations on Liability
Prepaid accounts must comply with Regulation E’s limited liability and error resolution requirements, with some modifications. This may or may not be your problem, depending on who owns the account. But if your third-party vendor must give the customer these rights, the cost will likely go up, possibly making selling these cards a problem.

Periodic Statements and the Periodic Statement Alternative
The Prepaid Rule requires financial institutions to provide periodic statements for prepaid accounts, such as payroll accounts. However, a financial institution is not required to provide periodic statements for a prepaid account if it makes certain information available to a consumer, such as:

  • Account balance information by telephone
  • ƒElectronic account transaction histories for the last 12 months
  • ƒƒWritten account transaction histories for the last 24 months

Overdraft Credit Features
The Prepaid Rule amends Regulations E and Z to regulate overdraft credit features that are offered in connection with prepaid accounts. It adds the term “hybrid prepaid credit card” to Regulation Z and sets forth specific requirements
that apply to hybrid prepaid-credit cards. Doing something like this will materially increase your costs. Of course, there are many more rules on the subject that we cannot include in this article.

Effective Dates
The Prepaid Rule is generally effective on October 1, 2017.

What Should You Do?
Over the next few months, you need to talk with any existing companies that you do business with for this kind of product. They may still be struggling with how they are going to approach this, so you may not get all your answers immediately. But you need to know what your role is going to be after October 1, 2017 so that you can make the best decision for your institution. And all new product offerings, whether internal or external, need to be examined carefully to make sure that you can comply with the rules.

For more information about this article, contact Bill Elliott at 1.800.525.9775
or compliance@younginc.com.

 

 

Criteria for Determining Loan Defects on the Secondary Market

Written by admin on . Posted in Lending & Loan Review.

By: Debra Werschey, Consultant and Manager of Secondary Market Services

In determining whether there is a significant defect on a loan, the quality control reviewer must give due consideration to the severity of the defect. In addition, the defect must relate but not be limited to one of the following:

1. The underwriting of the borrower’s creditworthiness and capacity. This would entail the borrower’s income, credit, liabilities, and assets.
2. The borrower’s eligibility and qualification. Things to consider are the area median income, first time home-buyer status, and status as lawfully present in the United States.
3. The underwriting criteria related to property or project eligibility. Is the property for residential use or condo eligible?
4. The property appraisal or the physical condition of the property. A close examination of the property appraisal is required. Are the comparable sales similar to the subject?
5. The loan and product terms and criteria. Criteria such as LTV ratio, occupancy, credit score, and loan purpose must be reviewed. The terms for ineligible transaction types, products that may require special lender approval as a prerequisite for delivery, limitations on cash out to borrowers that determines the type of refinance, and any negotiated exception or variance must be considered.
6. The requirements applicable at the time of loan purchase. This would include making sure that there are no defaults, all taxes and insurance premiums have been paid or escrows established, and no modification, encumbrance, subordination, or release of mortgage has occurred.
7. The existence, sufficiency, or enforceability of any required insurance or guaranty. The property must have sufficient hazard insurance coverage in place.
8. The form and/or execution of required loan documents that without which made the loan ineligible for sale or limit the enforceability of the required loan terms. The file must contain the Uniform Residential Loan Application,
any power of attorney used, and any nonstandard and special purpose documents such as living trusts.

All of the above factors and more should be taken into consideration when a reviewer is completing a post-closing quality control review to identify defects. Young & Associates, Inc. is a trusted provider of mortgage quality control reviews and can assist your bank in this area. For more information on our quality control services, contact me at 1.800.525.9775 or click here to send an email.

New Customer Due Diligence (CDD) Requirements for Banks

Written by admin on . Posted in Compliance & Regulations.

Effective DATES: The final rules are effective July 11, 2016. Banks must comply  with these rules by May 11, 2018 (Applicability Date).

Summary
Banks have not been required to know the identity of the individuals who own or control their legal entity customers (also known as beneficial owners). This is viewed as a weakness of the system that they are trying to correct.

FinCEN believes that there are four core elements of CDD:
1. Customer identification and verification
2. Beneficial ownership identification and verification
3. Understanding the nature and purpose of customer relationships to develop a customer risk profile
4. On-going monitoring for reporting suspicious transactions and, on a risk-basis, maintaining and updating customer information

Banks must now identify and verify the identity of the beneficial owners of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted). A bank may rely on the beneficial ownership information supplied by the customer, provided that it has no knowledge of facts that would call into question the reliability of the information. The identification and verification procedures for beneficial owners are very similar to those for individual customers under a bank’s customer identification program (CIP), except that for beneficial owners, the institution may rely on copies of identity documents. Banks are required to maintain records of the beneficial ownership information they obtain, and may rely on another bank for the performance of these requirements, in each case to the same extent as under their CIP rule.

The AML program requirement for banks now explicitly includes risk-based procedures for conducting ongoing customer due diligence, to include understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile.

A customer risk profile refers to the information gathered about a customer at account opening used to develop a baseline against which customer activity is assessed for suspicious activity reporting. This may include self-evident information such as the type of customer or type of account, service, or product. The profile may, but need not, include a system of risk ratings or categories of customers.

In addition, CDD also includes conducting ongoing monitoring to identify and report suspicious transactions and to maintain and update customer information. For these purposes, customer information shall include information regarding the beneficial owners of legal entity customers. The regulation requires that banks conduct monitoring
to identify and report suspicious transactions. Because this includes transactions that are not of the sort the customer would be normally expected to engage, the customer risk profile information is used (among other sources) to identify such transactions. This information may be integrated into the bank’s automated monitoring system, and may be used after a potentially suspicious transaction has been identified, as one means of determining whether or not the identified activity is suspicious.

When a bank detects information (including a change in beneficial ownership information) about the customer in the course of its normal monitoring that is relevant to assessing or reevaluating the risk posed by the customer, it must update the customer information, including beneficial ownership information. Such information could include, e.g., a significant and unexplained change in the customer’s activity, such as executing cross-border wire transfers for no apparent reason or a significant change in the volume of activity without explanation. This applies to all legal entity
customers, including those existing on the Applicability Date.

This provision does not impose a categorical requirement that banks must update customer information, including beneficial ownership information, on a continuous or periodic basis. Rather, the updating requirement is event-driven, and occurs as a result of normal monitoring.

Your Response
This is going to entail changes mostly in the deposit area. Your loan area probably already collects most of this information, as they require guarantees. Also note that we stated at the beginning of this article that the mandatory date is not until 2018. It is likely that there will be changes so an immediate response to this rule does not seem reasonable. Please, however, do not lose sight of this timetable to make sure you have it in place in plenty of time before the mandatory dates. If we can help in any way, please let us know. We will also be happy to assist in any other way to help you meet your BSA and compliance needs. This could include hands-on assistance and/or consulting assistance depending upon your needs. For more information, contact us at 1.800.525.9775 or compliance@younginc.com.

Employee Retirement Income Security Act (ERISA) Compliance – Important Changes

Written by admin on . Posted in Management & Planning.

By: Sharon Jeffries, Human Resources Manager

The Employee Retirement Income Security Act (ERISA) requires plan administrators (employers) to give plan participants in writing the most important facts they need to know about their health benefit plans.

One of the most important documents participants are entitled to receive automatically when becoming a participant of an ERISA-covered health benefit plan is a summary of the plan, called the Summary Plan Description or SPD. The plan administrator is legally obligated to provide to participants, free of charge, the SPD. The summary plan description is an important document that tells participants what the plan provides and how it operates. It provides information on when an employee can begin to participate in the plan, how service and benefits are calculated, when and in what form benefits are paid, and how to file a claim for benefits. If a plan is changed, participants must be informed, either through a revised summary plan description, or in a separate document, called a Summary of Material Modifications, which also must be given to participants free of charge.

A Wrap Plan Document is designed to meet plan documentation requirements under ERISA and other federal laws and to incorporate all other welfare plans, insurance contracts, and other relevant documents into a single plan. These materials can be kept together for administrative ease. The Wrap Plan Document provides additional legal protection for the employer and plan fiduciaries and can simplify plan administration.

What Does That Mean?
In the past, much of the regulatory focus was on the retirement side of the ERISA legislation. However, with the implementation of the Patient Protection and Affordable Care Act (PPACA), that has changed. Much of the current government monitoring, oversight, and auditing relates to the health and welfare side of the ERISA regulation.

ERISA now requires employers who are plan administrators of their group health plans to comply with two (2) critical requirements or they will risk potential penalties and possible government audits.

Those requirements are:

  • Maintain and distribute SPDs to plan participants which accurately reflect the contents of the plan and which include specific information as required under federal law.
  • Group health plans must be administered in accordance with a written Plan Document which must be made available to plan participants and beneficiaries upon request.

Are You at Risk?
Yes, and the reason is this: Many banks will mistakenly assume that insurance contracts, certificates of insurance, and benefit summaries fulfill the ERISA requirements for an SPD and Plan Document, but they do not. And, the primary reason is that they do not include the required or recommended provisions that protect the plan and the employer.

What Should You Do?
Recognize that:

  • Failure to provide an SPD or Plan Document within 30 days of receiving a request from a plan participant or beneficiary will result in a penalty of up to $110/day for each violation.
  • ƒƒLack of an SPD could trigger a plan audit by the United States Department of Labor (DOL).
  • The United States DOL has increased its audit staff and national enforcement initiatives to investigate employers’ compliance with Health Care Reform, resulting in companies of all sizes being audited and being required to provide an SPD and Plan Document.

The Solution
Do not try to create these documents in house. Allow experts in the areas of benefits and benefits regulations assist you with this monumental effort. Young & Associates, Inc. has partnered with The Alpha Group Agency, Inc. to offer our clients this unique service. The Alpha Group Agency, Inc. is a highly skilled, reputable organization involved in the management of health insurance services as well as other related subjects.

The Alpha Group Agency, Inc. has been an advisor to Young & Associates, Inc. for almost fifteen (15) years in the management of its group health insurance plans. For additional information on how you can become compliant with these critical ERISA regulations and also lower the risk of a DOL audit, contact Sean Nehlsen, The Alpha Group Agency, at 1.800.886.3315 or snehlsen@thealphaga.com.

Capital Market Commentary – August 2016

Written by admin on . Posted in Management & Planning.

By: Stephen Clinton, President, Capital Market Securities, Inc.

Market Update

The economy continued to move forward into the seventh year of post-recession recovery. The first quarter growth in the U.S. economy was 1.1%. The following summarizes certain issues we think are worth watching:

  • Brexit shook the markets in June. Britain’s vote to leave the European Union has caused the market additional concern about world-wide economic growth prospects.
  • This adds to the existing concerns about growth potential in the world’s second largest economy, China.
  • ƒThe Federal Reserve is in a holding pattern as we approach its late September policy meeting. Most believe that the Fed wants to continue to move interest rates upward, but they are being cautious.
  • ƒJune’s job growth report indicated a renewed momentum in the labor market. After a dismal report in May, the job growth in June exceeded most analysts’ expectations. Unemployment was reported at 4.9%. This falls within the Fed’s normal long-run employment target of between 4.5% and 5%.
  • ƒThe tightening job market has put upward pressure on wages as employers are in competition to find workers. The average hourly earnings for private-sector employees was estimated to have increased 2.6% in the last year. This is the highest growth in wages since 2009. Since 2000, median household income (adjusted for inflation) has dropped 7%. Thus rising wages is a positive sign for future consumer spending.
  • The global issues have caused the U.S. dollar to gain value. The dollar has increased in value almost 10% over the last year. This increase makes U.S. exports more expensive.
  • ƒƒBusiness investment has been slowing. Companies have been hesitant to invest in machines, technology, and inventory. The level of business investment in capital goods has declined nearly 12% since 2014.
  • ƒOil prices continue to remain well below historical levels. This has impacted the market in a variety of ways. Consumers and businesses have benefited from lower gasoline prices. However, the oil production firms have been hard hit and banks are being forced to strengthen their loan loss reserves for struggling oil related
    firms.
  • After years of volatility, home prices have grown at an annual rate of approximately 5% since early 2015. Increasing home prices and low mortgage rates have made the housing market one of the strongest sectors in the U.S. economy in recent months.
  • We are now approximately three months from electing a new President. The differences between the two candidates appear to be dramatic. The uncertainty surrounding the election will impact the markets until after the election.

Short-term interest rates remain historically low with the 3-month T-Bill ending June at 0.26%. The 10-Year T-Note ended June at 1.49%, down 78 basis points from year-end 2015. This has led to a significant reduction in the slope of the yield curve.

The stock market performance in 2016 has been mixed. The Dow Jones Industrial Index closed June up 2.90% for the year. The Nasdaq Index closed down 3.29%. The Nasdaq Bank index ended June down 4.18%. Larger U.S. banks fared even worse, ending the first half of 2016 down 11.25%.

Interesting Tid-bits ƒƒ

  • Lost value. Since the start of 2016, 20 of the world’s largest banks have lost a quarter of their combined market value. In total, approximately $465 billion has been lost.
  • ƒƒPrinting money? The Fed owns approximately $2.4 trillion in U.S. Treasury debt at the end of June. This represents approximately 20% of the total U.S. Treasury Debt.
  • ƒƒThe wealthy get richer. It was recently reported that the top 20% of American families account for 48.9% of total U.S. income compared to 44.3% in 1990.

Merger and Acquisition Activity
In the first half of the year, there were 114 bank and thrift announced merger transactions. This compares to 139 deals in the first half of 2015. The median price to tangible book for transactions involving bank sellers was 131% which is down from the 141% median recorded in 2015.

Strategic Planning – 8 Lessons from the Facilitator

Written by admin on . Posted in Management & Planning.

By: Gary J. Young, President and CEO

For 30 years, I have had the pleasure of working with community banks across the country in developing a strategic plan. Yes, my first strategic planning engagement was in 1986. I recently completed a strategic plan for a great bank in Alaska, the first one in that state. There are two banks in Ohio that I have been facilitating strategic plans for since the mid-1980s. And there is another bank in New Mexico in which I am approaching 20 years. Many others are new clients. I certainly feel that I have helped those banks succeed in the way they define success. I also have learned from
all of my strategic planning clients. Those main items are the subject of this article. Regardless of how you approach strategic planning, I believe these concepts will help make your plan meaningful to the management team and the board of directors.

The following are the 8 lessons learned from the facilitator:

1. There is no value in a strategic plan. I know this is a strange thought coming from a strategic plan facilitator. But, I have learned that value is achieved only when the plan is implemented to the benefit of the bank. It is absolutely critical to build consensus and buy-in. If participants believe the plan is from the facilitator, you have lost. The facilitator is there to achieve consensus on the bank’s plan, then write that management and the board want to implement for success.

2. A strategic plan is not about predicting the future, but making the future. Nobody can predict the future. But, that’s not what strategic planning is about. An effective strategic plan is about making the future not predicting it. That’s why I often ask plan participants, “If you could envision the perfect future for your bank, what would it look like, or be like in five years?” The goal is to then build strategies and tactics to deliver the consensus of that perfect future. Of course, there will be deviations from which a change-in-course will be made. We call that good management.

3. There is no one best plan. I have seen successful banks run in an extremely conservative manner and successful banks run in an extremely aggressive manner. There is never one best way. Whatever the strategy, I can give you an example of a successful bank that took a different position. The key is to have a consensus in strategy that exists between the board of directors and senior management. I don’t mean there needs to always be agreement on issues, but agreement on the basic core values that lead to direction.

4. Every good community bank needs to fill in the blank. However you might define this statement, it is wrong.  Community banks are incredibly unique. While Bank A may have 80% of things in common with Bank B, they are still incredibly different. To the facilitator, keep your EYES WIDE OPEN. Only in that way, will you see the nuances that make the job of facilitating a strategic plan rewarding and down-right fun.

5. Banking is about risk. Without risk there is no bank. This relates to 3 and 4 above. But, it is critical that the facilitator help define the risk appetite of the directors. This will then help define capital adequacy which ultimately is at the heart of every strategic plan. Management and the board of directors need to understand there is no right answer. Your risk appetite is all that matters. But, I will tell you one thing that is absolutely wrong: taking risk that is beyond your appetite and that you don’t fully understand. Please, never do that.

6. Define your target or goal for capital. This is a part of 5 above, but it is critical. Let’s assume that capital adequacy based on risk is 7.5%, but the board wants to maintain 9.5%. This is certainly OK, but understand there is a cost to the excess capital. Excess capital could be viewed as an insurance policy against potential losses. Many banks that had excess capital during the Great Recession were certainly happy they did. Excess capital could also be used as pportunity capital in case it is needed for a branch purchase, bank purchase, etc. But also remember, as the tier-1 leverage ratio increases, the return on equity decreases, all other things being equal. A decrease in return on equity is a drag on shareholder value.

7. Asset quality can kill you. Discussing asset quality is not as exciting as many other issues. But, nothing will derail a bank’s plans quicker and more completely than problems in asset quality. Even though loan growth drives asset growth, which is a key component of bank success, we must remember to aggressively seek and conservatively underwrite, and thoroughly understand the risk associated with the loan growth.

8. A facilitator will never know your bank or your market like you do. I am like most other facilitators. I have had the experience of working with hundreds of community banks and seeing how things work positively and negatively. That is my perspective and it is good to have that voice at the retreat. But, I always remind new clients that while I have an experienced perspective, just because I share an opinion does not make it right for your bank in your market. It might be right for 95% of other banks, but that doesn’t mean that it is right for your bank.

I hope that you will consider these concepts as you complete your next strategic plan. And, if you are considering a facilitator, I hope you consider Young & Associates, Inc. If you would like to discuss this article or strategic planning, please call me at 330.283.4121 or click here to send an email.

Is Credit Risk Rising?

Written by admin on . Posted in Lending & Loan Review.

Loan Review Observations and Recommendations for Effective Risk Management

By: Tommy Troyer, Executive Vice President

Over the recent past, there have been a number of public assertions, warnings, or observations that credit risk is rising in the banking industry. These statements have come in many forms, and while we do not intend to present an exhaustive review of such statements here, it is easy to present a brief list showing the various forms and messengers: ƒƒ

  • Public Comments by Regulatory Officials: Thomas Curry, the Comptroller of the Currency, devoted his speech to the RMA Annual Risk Management Conference in November of last year to evidence that credit risk was rising and to the need for the industry to respond with appropriate risk management tools and ALLL decisions. Similarly, at the Ohio Bankers League’s CEO Symposium in May, Julie Blake, Assistant Deputy Comptroller, shared with attendees that credit risk had moved to the top of the OCC’s risk priorities and provided some evidence of increases in risk appetite over recent years.
  • Formal Regulatory Publications: This category includes issuances of regulatory guidance, such as the December 2015 CRE guidance (discussed in a previous 90-Day Note) that was issued not to provide new guidance to banks but simply to highlight what regulators believed to be increasing risk in the CRE space and to remind banks of risk management expectations. This category also includes more informational publications, such as the OCC’s Semiannual Risk Perspective, which has been highlighting some increases in credit risk recently.
  • Private Sector Commentary: Any bankers who may be inclined to brush off such regulatory comments as simply arising from regulatory conservatism should pay special attention to comments about credit risk originating from bankers themselves. The July-August edition of the Risk Management Association’s RMA Journal includes an article written by a banker and quoting numerous other private sector risk executives about their feelings that credit risk has likely increased and that heightened diligence on the part of banks is needed to appropriately manage that risk.

Ultimately, all of these comments are based on observations that underwriting standards have loosened and concentrations of credit may be increasing. Unlike typical asset quality measures that provide lagging indicators of credit risk (such as nonaccrual or charge-off rates), underwriting standards can provide a leading indicator of changes in credit risk.

Loan Review Observations
Given these industry-wide observations, what does the situation look like for community banks? Our contribution to this topic is primarily anecdotal, and is based on observations gleaned from the independent loan reviews we perform for community banks. While it must be acknowledged that the diversity of community bank practices and circumstances means that no generalization will apply to all community banks, our anecdotal observations would seem to support the belief that credit risk has risen in recent years. For our community bank clients, the loosening of credit standards is actually less evident in changes to formal underwriting standards (in part because community banks often do not employ as detailed of a set of underwriting standards as larger banks) and more evident in the decisions banks are making on what might be described as “borderline” credits. In other words, our clients have not slashed their required minimum debt service coverage ratios or FICO scores as much as they have begun saying “yes” a little more often on deals that could go either way. Healthy debate in credit committees is important and should be encouraged. One interesting piece of information for banks to consider is whether more deals have recently been approved in credit committee by a split vote rather than unanimously, which may indicate that banks are saying yes to a few more “on-the-fence” deals than they have historically.

Closely related to the concept of approving the borderline deal, and an issue commonly discussed by regulators, is the increase in loans approved with one or more exceptions to loan policy. Making commercial loans on a non-recourse basis is perhaps the classic community bank commercial credit policy exception, and these types of deals may well be increasing.

Other examples of increasing risk include an increased willingness to finance start-up ventures or significant expansions of current businesses and, in some cases, a reflection of the eased CRE terms referred to in the aforementioned 2015 regulatory guidance, such as longer interest-only payment periods. Especially in more urban markets or markets where larger banks are active, competition is undoubtedly a major factor in some of these developments, as banks unwilling to make any concessions on terms or price today can quite quickly find themselves with a shrinking loan portfolio.

What Should Community Banks Do?
Young & Associates recognizes, as do most community banks, that an increase in risk appetite is not necessarily a bad thing. However, an increase in risk appetite that is not matched by a corresponding increase in risk management is a bad thing. So how should community banks ensure that any loosening credit standards now do not result in major issues later? The following actions are a good start:

  • Monitor and report to the board forward-looking measures of asset quality. If a bank’s appetite for credit risk is increasing, it should be because of a conscious decision of the board. It should not be something the board discovers several years later when asset quality problems begin to manifest. Forward-looking measures are key to monitoring changes in credit risk before it is too late. Such measures include reporting on the rate of policy exceptions (including loans with multiple exceptions); tracking loan performance by vintage, which can provide an early warning when the performance of a recent vintage early in its time on book is notably weaker than that of previous vintages; and even a measure as simple as monitoring the rate of loan growth compared to peers.
  • Enhance risk management practices. At a time when credit risk may be increasing, banks should be sure that risk management practices are also heightened. In such a situation, it may be appropriate to increase the scope of independent loan review so that a greater percentage of credits, and especially new originations, are reviewed.  Steps to quantify risk, such as stress testing higher-risk portfolios or portfolios that represent concentrations, are even more important at times of increased risk. And personnel should not be overlooked: increased volumes of higher-risk loans without a corresponding increase in the credit staff’s capacity may be a recipe for trouble.
  • Ensure that capital planning factors in any increases in risk. As noted, a measured and controlled increase in the credit risk a bank is willing to accept can be a positive for its shareholders and community. For this to be true over the long term, however, the bank’s capital planning process must appropriately account for this increase in risk. Regulatory minimum capital ratios are but a small part of capital planning, and capital planning can only be effective when it is sensitive to changes in a bank’s risk profile. Banks must ensure that their capital planning process accounts for changes in risk across the bank and that they are able to effectively identify such changes.

Conclusion
We have not seen from our clients (nor do we expect to see) the type of extremely risky loans that people write books and movies about in the aftermath of a credit crisis.  However, there is anecdotal evidence to support the widely-held belief that credit risk in the banking sector is higher than it was a few years ago. It is crucial that banks effectively identify and manage any such increases.  Young & Associates, Inc. can assist banks in both identifying and managing credit risk. Contact Tommy Troyer at 1.800.525.9775 or click here to send an email to discuss loan review, stress testing, or capital planning services.

The World of Overdraft

Written by admin on . Posted in Compliance & Regulations.

By: Bill Elliott, CRCM, Senior Consultant and Manager of Compliance

For some time now, I have been saying in seminars that the federal government will not rest until there are no overdraft fees. On February 3, 2016, the Consumer Financial Protection Bureau (CFPB) stated that they wish to improve checking account access. They sent a letter to the 25 largest retail banks encouraging them to make available and widely market lower-risk deposit accounts that help consumers avoid overdrafts. Of course, anyone can avoid overdrafts by managing the account properly, but this was not mentioned in the letter.

As a companion item, the CFPB also issued a bulletin warning banks and credit unions that failure to meet accuracy obligations when they report negative account histories to credit reporting companies could result in Bureau action. For the industry, this seems to be of more interest.

The CFPB reminded all banks to “establish and implement reasonable written policies and procedures regarding the accuracy of the deposit account information provided to the consumer reporting companies.” Make sure that you can show an accurate and fully functioning system to your examiners at their next visit. This means policies, procedures, and practices to accurately report information and also a system to handle consumer disputes about these issues.

This is not a new requirement – just a reminder of existing requirements. Mistakes do happen, but we need to be very careful with all reports to all types of credit reporting agencies. This is obviously something that the CFPB is going to be pushing very hard. They are all about the consumer, and do not spend much time worrying about the financial services industry. But if we do our jobs correctly, there really is no issue here. If the correct information results in a decline of a deposit account, the consumer will have to deal with the result.

The CFPB is providing consumers with resources to help navigate the deposit account system. CFPB Director Richard Cordray stated, “Consumers should not be sidelined out of the basic banking services they need because of the flaws and limitations in a murky system. People deserve to have more options for access to lower-risk deposit accounts that can better fit their needs.” Many bankers would find fault with that statement, as there is a percentage of customers who just cannot manage their checking account. But this seems to be the direction the CFPB is going. Their notice on this issue stated, “the CFPB is weighing what additional consumer protections are necessary for overdraft and related services.”

This following section is a direct quote from the CFPB’s notice about these issues, and is something that we should keep in mind for the future.

Screening Accuracy Improvements
The bulletin issued by the CFPB today warns banks and credit unions that they must have systems in place regarding accuracy when they pass on information, such as negative account histories, to checking account reporting or other credit reporting companies. The consumer reporting companies focused on checking accounts typically generate reports on charge-off amounts, past non-sufficient funds activity, unpaid or outstanding bounced checks, overdrafts, involuntary account closures, and fraud.The CFPB is concerned about inaccuracies and inconsistent information provided by the financial institutions to the reporting companies. In a recent Supervisory Highlights, the CFPB noted that examiners found that one or more financial institutions failed to “establish and implement reasonable written policies and procedures regarding the accuracy of the deposit account information provided to the consumer reporting companies.” Examiners also found that at least one entity violated its federal obligation to handle consumer disputes about these issues.Banks should expect accurate information from checking account reporting companies to make fair assessments of deposit account applicants. If the system is tainted with incomplete, inconsistent, and inaccurate information, banks and credit unions cannot make informed decisions.”

This is one of the many areas that is concerning the CFPB, which means that it needs to concern us as well. If you need any assistance in this or any other area of compliance, contact us at 1.800.525.9775 or compliance@younginc.com.

Connect with a Consultant

Contact us to learn more about our consulting services and how we can add value to your financial institution

Ask a Question