Skip to main content

Author: admin

Capital Market Commentary – May 2016

Written by admin on . Posted in Management & Planning.

By: Stephen Clinton, President, Capital Market Securities, Inc.

Market Update – Slow Liftoff
Following its first rate increase in almost a decade in December, the Fed has decided to proceed cautiously on future rate increases. At the Fed’s meeting in March, the Fed held rates unchanged. The minutes of the March meeting indicated that there were various opinions as to how quickly interest rates should be increased. It appears that two increases is the most likely scenario this year.

In other economic developments:

  • U.S. GDP expanded at a 1.4 percent seasonally adjusted annual rate in the fourth quarter of 2015. This continues the economic recovery that began seven years ago.
  • The latest inflation rate for the United States is 1.0 percent for the 12 months ending February 2016. This is well below the Fed’s target of 2 percent and gives the Fed latitude to slowly increase interest rates.
  • Job creation has been at the forefront of the economic recovery. The Labor Department reported that more Americans were hired to start a new job in February than in any month since before the recession began in 2007. The unemployment rate edged up to 5 percent in March, but that was largely due to more Americans joining the labor force.
  • Manufacturing activity remains soft. Weak global growth, low oil prices, and financial volatility were cited as reasons for a decline in orders for durable goods. A bright spot, however, was the U.S. auto industry that recorded its best month of sales in over ten years in March.
  • Another indicator of the impact foreign economic growth has had on the U.S. economy was revealed in the decline in U.S. exports. In February, the export activity was 4.2 percent below the level of the prior year. The strong dollar also has impacted exports in that the stronger dollar makes U.S. products more expensive.
  • The non-manufacturing sector of the U.S. economy continues to show strength. According to the Institute for Supply Management, non-manufacturing activity rose to 54.5 in March. (A reading above 50 signals expansion.)
  • U.S. consumers barely increased their spending in February and spent less in January than the government had estimated earlier. Consumer spending edged up 0.1 percent in February. The government also revised downward its estimate of spending growth in January from a solid 0.5 percent gain to a much weaker 0.1 percent, which matched December’s lackluster figure. With consumer spending, which fuels about 70 percent of the economy, off to a weak start in 2016, economic growth in the first quarter is anticipated to be weak. Impacting consumer spending is the slow growth in incomes which moved up just 0.2 percent in February.
  • Home prices continued rising at a steady clip in January, another sign that 2016 will offer more of the same in the housing market: tight inventory leading to rising prices and sales volatility. The S&P/Case-Shiller Home Price Index, covering the entire nation, rose 5.4 percent in the 12 months ending in January.
  • Oil prices have moved up recently. Oil prices remain down more than 20 percent from last year. Most analysts still see the market as over-supplied but some expect that falling U.S. output and rising demand will alleviate some of the glut later this year.

We do expect the economy to strengthen later this year. We anticipate GNP reaching 2 percent for the year as a whole. Job growth remains positive and the dollar’s strength has weakened somewhat perhaps aiding export growth. We think home building and home sales will be a positive to the economy and expect the limited supply to cause home prices to continue their upward trend. We agree with the forecast of two rate increases this year, as we expect the Fed to move cautiously.

Interesting Tid Bits

  • The GSEs continue to be a source of funding for US government spending. In all, Fannie and Freddie received $187.5 billion from the Treasury but have paid $245.8 billion back in the form of dividends.
  • Baby boomers are re-writing the old adage that as you get older you seek to get out of debt. The Federal Reserve reported that the average 65 year old borrower today was reported to have 47 percent more mortgage debt than in 2003. They also have 29 percent more auto debt. Both figures were adjusted for inflation.
  • It is projected that this year Americans will use prepaid cards (including gift cards) to a total of $651 billion, an increase of 57 percent from six years ago.
  • During the first six weeks of 2016, the KBW Bank Index dropped nearly 23 percent to a three-year low. Over the same period, the Dow Jones Industrial Average fell slightly more than 10 percent over the same period.

Short-term interest rates remain low, with the 3-month T-Bill ending March at 0.21 percent. The 10-year T-Note ended March at 1.78 percent. The yield curve has flattened with the 10-year T-Note falling 49 basis points since December 31, while the three-month T-Bill increased 5 basis points.

The general stock market struggled out of the gate in 2016. As noted above, the market recorded a significant correction in the first six weeks of the year. The market has recovered with the Dow Jones Industrial Index ending March 31 up 1.49 percent for the quarter. This marks a new high for the Dow. The KBW Bank Index ended the March quarter down 12.11 percent. The poor performance of the banking sector is attributable to a variety of concerns, including problem loans surfacing related to the oil industry, continued margin compression issues as interest rates are not rising as quickly as anticipated, and limited growth prospects due to the slow growth of the U.S. economy.

Merger and Acquisition Activity
For the first quarter of 2016, there were 64 bank and thrift announced merger transactions. This compares to 66 deals in the first quarter of 2015. The median price to tangible book for transactions involving bank sellers was 129 percent which is down slightly from 2015’s median value.

Young & Associates, Inc. has been a resource for banks for over 37 years. Through our affiliate, Capital Market Securities, Inc., we have assisted clients in a variety of capital market transactions. For more information on our capital market services, please contact Stephen Clinton at 1.800.376.8662 or click here to send an email.

Mortgage Quality Control Outsourcing

Written by admin on . Posted in Lending & Loan Review.

By: Debra L. Werschey, Consultant and Manager of Secondary Market Services

Banks and other financial institutions face increased focus on quality control of the loan origination and closing process.

Lenders’ quality control programs are more important than ever. Our Quality Control services help ensure your quality control program is effective in meeting Fannie Mae, Freddie Mac, HUD, FHLB and other investors’ requirements and in mitigating post-purchase risk.

With Young & Associates, you have a trusted partner for quality control outsourcing.

Why Outsource Quality Control?

Outsourcing quality control to Young & Associates allows lenders to correct loan processes, help mitigate loan file errors, and obtain data to develop quality control solutions.

By outsourcing the quality control (QC) process, it’s easier for banks—particularly community banks—to navigate new regulations and optimize their internal resources (time, staffing, and expertise).

Additionally, when you outsource and shift the QC workload to us, you can achieve high-quality results at a lower cost to your organization.

Increasing Industry Regulation

Fannie Mae and Freddie Mac and other mortgage investors demand higher loan quality standards from lenders who want to sell their loans to them.

As the mortgage industry struggles with the best ways to incorporate QC processes into a qualified mortgage (QM) world, be prepared. Recent financial history has shown that this trend of increasing regulation is likely to continue. Help control your risks by outsourcing quality control related to regulatory requirements.

Benefits of Quality Control Outsourcing

Organizations with a commitment to quality control recognize quality begins before an application is taken and continues throughout the entire mortgage process.

By outsourcing quality control to Young & Associates, you get oversight and assistance with:

  • QC Plan Development
  • QC Reviews – approved, denied, and defaulted loan files
  • FHA Branch Audits
  • FHA/VA Denied Loan Review
  • Pre-Closing Reviews Reverse Audits

Why Choose Young & Associates for Quality Control Outsourcing

We’ve developed our strong reputation through consistently providing quality services, assuring our clients the highest level of professional service available today.

Through our QC outsourcing services, you benefit from our comprehensive and extensive knowledge of the mortgage industry. We work diligently to keep apprised of the regulatory requirements.

Committed to Your Success

Young & Associates has provided education, outsourcing, and a wide variety of consulting services to community financial institutions since 1978. We are committed to your future success and look forward to assisting you.

To learn more about quality control outsourcing for mortgage compliance, call 1.800.525.9775 or contact us online.

CECL Nears Finalization (For Real This Time)

Written by admin on . Posted in Lending & Loan Review.

By: Tommy Troyer, Executive Vice President

Those who have been following the Financial Accounting Standards Board’s (FASB) nearly decade-long effort to revamp the accounting rules impacting the recognition of impairment on financial assets (and thus how community banks determine the level of their ALLL) have heard for years that the project was nearing completion. While the project has indeed been moving forward over all these years, the anticipated date of finalization has been repeatedly pushed back. However, this time really is different: on April 27, FASB voted to direct FASB staff to prepare the final draft of the proposed update for a vote by written ballot. FASB hopes for the standard to be formally approved by June 30, but any delays beyond that point should be minimal as FASB has clearly reached a level of comfort with the current draft language.

The new approach to loss recognition is known as the CECL, or Current Expected Credit Loss, model. It represents a significant change to current practices, with the heart of the change being that the ALLL should cover expected lifetime losses on held-to-maturity loans and most other financial assets, rather than simply covering “probable” losses that are deemed to have been “incurred” as of the balance sheet date. In simplified terms, this means that the foundation of the ALLL estimate for community banks will not be an estimate of losses over the next year but will instead be an estimate of all losses expected over the life of the loans held on the balance sheet as of the date of the ALLL calculation. Additionally, the standard requires a forward-looking aspect, as institutions must consider the impact of “reasonable and supportable forecasts” on their loss estimates.

FASB also decided on April 27 to delay the implementation date of CECL by one year from the implementation dates originally determined in November. This means that CECL will need to be implemented in the first fiscal year following December 15, 2019 (2020 for banks with January-December fiscal years) for banks that are “SEC-filers,” and in the first fiscal year following December 15, 2020 (2021 for January-December fiscal years) for banks that are not “SEC-filers.” Early adoption beginning in the first fiscal year following December 15, 2018 (2019 for January-December fiscal years) is permitted.

The Balancing Act: Prepare, but Don’t Panic
The proper approach for any community bank is to attempt to find a balance between complacency about CECL and panic about CECL. Complacency about CECL (including believing that the extra year FASB provided before implementation means an additional year before a bank needs to start preparing) will lead to issues down the road. The methodology and data used to estimate the allowance under CECL will need to be meaningfully different from what banks use today, and as such, preparation to collect data and develop a methodology should begin now. Banks should understand that nearly all community banks base their current ALLL methodology on data that measures net charge-off rates on a monthly, quarterly, or annual basis. Such data does not describe lifetime loss rates, however, which is what is needed to comply with CECL’s lifetime expected loss standard. Thus, some basic data collection and evaluation efforts should begin now, in part to allow some time to accumulate the data needed by the implementation date.

At the same time that banks recognize the need to begin preparing, they need to also recognize that CECL does not represent any reason to panic. CECL will require some additional work for an effective transition, but it is not an existential threat to any community bank. We believe that some of the most extreme concerns discussed publicly in recent years about CECL and the complexity of approach it might require were overstated, given comments from FASB, financial regulators, and the wording of the 2012 draft Accounting Standards Update. All of these sources emphasized that the approach used by an institution should be appropriate for that institution’s size and complexity. However, the most recent draft released by FASB does represent a notable improvement in the clarity with which this fact is communicated: community banks will not be expected to use unduly complex or expensive approaches. Further, it seems that in every opportunity financial regulators have to speak about CECL, they emphasize that they intend to tailor their expectations for approaches to the size and complexity of financial institutions. Regulators have also repeatedly noted that they do not believe that a community bank will need to purchase an expensive software solution or vendor model in order to comply with CECL.

The Path Forward
At this point in time, banks have all of the information about CECL that they could need to develop a project plan for the transition. Such a plan should incorporate all relevant areas of the bank (for example, in many community banks the IT area will need to provide support with data gathering and warehousing), and updates on progress should regularly be provided to the board or a committee thereof. Evaluating the adequacy of existing credit risk data and planning to improve its collection and storage should be a high priority. Data should be collected in a way that allows institutions to measure lifetime losses and to understand the most important drivers of risk that impact loss rates.

Young & Associates, Inc. is closely following CECL and what it means for community banks. We have presented and will continue to present educational offerings on CECL through various state banking associations. We are also prepared to provide consulting services to help assist community banks in the preparation process. This can include helping banks understand the types of methodologies that can be acceptable means of estimating lifetime losses under CECL and the types of data that will be needed to support such methodologies.

To discuss CECL further, contact Tommy Troyer at 1.800.525.9775 or click here to send an email.

Dealing with Adverse Impact and Compensation Disparities in Affirmative Action Plans

Written by admin on . Posted in Management & Planning.

By: Mike Lehr, Human Resources Consultant

When clients see adverse impacts in their Affirmative Action Plans (AAP), it is not unusual for them to say, “So Mike, does this mean I have to hire more females and minorities?” This is the wrong question. It should be, “How do we look into this more?”

AAPs are similar to insurance policies. They help us identify risk in our recruiting, hiring, compensation, promotion, and termination policies and practices. If the Equal Employment Opportunity Commission or the Civil Rights Commission investigate a complaint, they will very likely want to see our AAPs. As with insurance, good plans afford us more protection than bad ones do.

When adverse impacts arise with clients, I automatically look at two areas first:

1. Employment practices and activities
2. The plan’s statistics

Employment Practices and Activities
I review employment practices and activities in affected areas first for two reasons. First, too often what should happen differs from what actually happens. There might not be anything wrong with the policy or practice. It just isn’t being followed well. Why change it? This often happens with policies regarding the acceptance of applications and completion of self-identification disclosures.

The second reason why I look at employment practices and activities first is that they give me ideas on where better recordkeeping might help produce better statistics. This makes revisiting the statistics easier and more directed.

This happens often when we dive into the specifics of a job. Since community bankers often wear many hats, weighting the job against several census codes rather than just one is better. Also, since many community banks serve rural communities, the census sample for a job might be too small to be representative. A next best code can come into play then.

Plan Statistics
When it comes to the plan’s statistics, too often they are based on what is easy to track and figure. This shows up most in the job groups used to categorize jobs, the availability of candidates for openings (promoting from within versus hiring from outside), and the census codes used to compare banks’ jobs with the outside world.

I’m not a fan of redoing calculations after the results. I am a fan of saying, “In order to understand this and our options better, how can we improve our data collection for next year?” It’s similar to analyzing a credit. If there are questionable items, we ask for more information.

As an example, I often recommend dividing up the Professional job group (2) into Lending Professionals (2.1) and Administrative Professionals (2.2). Lending and credit jobs can be in the first group, and accounting, finance, marketing, trust, and other non-lending related jobs can be in the second.

Since lending is a specialized skill to banking and is often sales-related, it frequently creates adverse impacts and compensation disparities for the Professional job group. This can happen if census data is small but not enough so to justify alternative census codes.

Granted, the adverse impact might not disappear. Knowing it’s focused on lending or administrative professionals does help though. Rather than carefully monitoring practices in the entire Professional Job Group, we might only need to focus on a sub-set of it.

Additionally, for the same reasons, I often recommend splitting up the Administrative Support Group (5.0) into three groups such as Ancillary (or Executive) Administrative Support (5.1), Operational Support (5.2), and Retail Administrative Support (5.3).

Often, 75 percent of the jobs in Retail Administrative Support are tellers. They are introductory jobs often filled from outside. More promotions-from-within occur with the other administrative support groups. This pattern affects availability and compensation calculations.

Compensation
From a statistical perspective, I also focus on compensation because it’s grayer than clients often think it is. Even The Code of Federal Regulations (see § 1620.13 through § 1620.19) admits that what is equal pay for equal work “cannot be precisely defined.”

Furthermore, “‘equal’ does not mean ‘identical.’” It is defined by the job’s requirements in terms of skill, effort, and responsibility, not the qualifications of the person unless they specifically impact those requirements. That means two jobs with different titles could be “equal.” That means having better qualifications does not matter unless those qualifications are important to the job.

That is why it helps to begin compensation analyses with job groups, not jobs with the same title. The latter could easily give a false sense of security. Starting at the global level and working down forces us to really look at what makes jobs unequal. AAPs with workable job groups and census codes can help prioritize the jobs and the job descriptions we need to rework or revisit with legal counsel.

Conclusion
Returning to the original question, AAPs have many ways for us to look into adverse impacts and compensation disparities more. A good plan not only provides us good insurance against adverse actions, it guides and prioritizes us. This saves our time and money.

For more information on Affirmative Action Plans, contact Mike Lehr at 1.800.525.9775 or click here to send an email.

Compliance Reviews and the Impact of Technology

Written by admin on . Posted in Compliance & Regulations.

By: Bill Elliott, CRCM, Senior Consultant and Manager of Compliance

When I was working in a bank, we had a conference room available for meetings for up to about 10 people. As with most institutions, there was always a battle regarding who could use the room when, as there was only the one room for meetings. So you had to sign up quickly or you had to camp out in there to make sure you had the room when you needed it. Of course, most of the time there was no hope – safety and soundness examiners, compliance examiners, IT examiners, internal auditors, external auditors, consultants, etc., were already in there, and the bank’s meetings would have to move somewhere else. All of you know the feeling – someone seems to be in your shop almost every day examining something.

Benefits of Off-Site Reviews
The days of having every portion of any examination, audit, or review on-site have come to an end. While some institutions still rely mostly on paper, many have a great deal of the required information in an electronic form. And if it is available electronically, much of what needs to be done can now be completed off-site.

There are clear advantages in an off-site review that go beyond freeing up a conference room. Whoever is coming into your shop will have expenses, sometimes significant expenses, such as food, mileage, lodging, etc. So every day that they do not have to be there saves you money. From the standpoint of the examiner, auditor, or consultant, every day that they are not on the road is a plus. Both parties benefit from off-site work.

Off-Site Compliance Reviews
As the head of our compliance division, I will put this in the context of compliance reviews. I can see no reason for a deposit review to ever be completed 100% on-site. Even if your bank has no technology, which is unlikely, Truth in Savings disclosures could be snail-mailed to wherever they need to go with no risk, as there is no customer information on those documents. Some banks can make many other portions of the review materials available electronically, further reducing the on-site time. We generally still have to come on-site for certain portions of the review, such as Regulation E error resolution reviews and Regulation CC hold notice reviews, as most banks do not store that information electronically, at least not yet. But the policy review portion of Regulation E and Regulation CC reviews can certainly be done off-site.

On the loan side, we at Young & Associates, Inc. are doing more and more loan compliance reviews off-site or partially off-site. As technology continues its relentless advance, we can do the necessary review work easily and efficiently. If all we are doing is loan file review, we can complete many of these reviews without ever appearing at the bank. Exit meetings are done via telephone, and with all of the other communication methods available today, there just is not a need to physically come to the bank.

We now have several clients with monthly or quarterly review schedules who see us on-site one time per year. And they have seen significant cost savings due to the reduced travel. By the way, if the work is being completed off-site, ask for a discount in the fee when you can. You do not have to ask for a discount for retainer engagements from Young & Associates, Inc. Every retainer engagement we send automatically has a discount feature built in that ranges from 5 percent to 15 percent depending on several factors, including the amount of consultant time that will be saved by not having to travel to your location.

We offer other services electronically as well. Our Virtual Compliance Consultant (VCC) program, which offers tremendous compliance support via a monthly compliance conference call for compliance discussions or training, compliance policy assistance, and access to all of our compliance-related products, is all electronic. We also offer board of director training live, using electronic methods. And the list will continue to grow.

Conclusion
As you contemplate this type of change, make sure that you involve your IT department to assure the information stays secure. Neither you nor your examiner/auditor/consultant need to have a breach. But it can be done, and your bottom line will be better off as a result.

To hear more about any of the compliance services mentioned in this article, or for more information on what Young & Associates, Inc.’s compliance department can offer your bank, contact Bill Elliott at 1.800.525.9775 or click here to send an email.

Observations from Our Review of Completed Cybersecurity Assessments

Written by admin on . Posted in Information Technology.

By: Mike Detrow, Senior Consultant and Manager of IT

Financial institutions have begun the process of completing the Cybersecurity Assessment Tool provided by the FFIEC and some are struggling to complete it accurately. In this article, I will discuss the process for using the tool, as well as some of our observations from the review of these completed assessments.

Using the Tool
The Cybersecurity Assessment Tool was designed to help financial institutions identify their Inherent Risk Profile and evaluate their level of Cybersecurity Maturity. The end result is for financial institutions to understand the relationship between the risks associated with the activities, services, and products offered and the adequacy of the controls used to mitigate these risks. During the completion of the tool, management must collaborate with personnel from all internal departments and include third parties that are providing risk management services, such as IT service providers.

Determine the Inherent Risk Profile
The assessment process begins with the identification of the institution’s Overall Inherent Risk Profile. The tool identifies five categories for the activities, services, and products in place at the institution. For each activity, service, or product, management must select the most appropriate inherent risk level based upon the options listed within the tool. Once this process is complete, management must determine the Overall Inherent Risk Profile based on the number of applicable statements in each risk level. As an example, if the majority of activities, products, or services fall within the Minimal risk level, management may determine that the institution has a Minimal Overall Inherent Risk Profile. As each category may pose a different level of inherent risk, management should consider evaluating whether a specific category poses additional risk in addition to evaluating the number of instances selected for a specific risk level.

Determine Cybersecurity Maturity Level
The second part of the assessment is to evaluate the institution’s Cybersecurity Maturity Level for each of the five domains identified within the tool by indicating whether or not the institution has attained each of the Declarative Statements within a specific maturity level for that domain. To attain a specific Cybersecurity Maturity Level for a domain, 100% of the Declarative Statements within that maturity level must be attained.

Determine Relationship Between the Two Parts
The tool includes an illustration showing the relationship between the Inherent Risk Level and the Cybersecurity Maturity Level. As an example, if an institution has determined that it has a Minimal Overall Inherent Risk Profile, the recommended Cybersecurity Maturity Level range for each domain is Baseline to Intermediate. As an institution completes the assessment, the first goal should be to ensure that the Baseline Cybersecurity Maturity Level is attained for each of the five domains identified by the tool as the Baseline level identifies the minimum expectations required by law, regulations, or supervisory guidance. If an institution has not yet reached the Baseline level at the time of the Cybersecurity Assessment completion, an action plan should be developed to implement the requirements to attain the Baseline level. Once the institution has attained the Baseline level, management can determine the target Cybersecurity Maturity Level and develop an action plan to attain that level. In the example above, for an institution with an Overall Inherent Risk Profile of Minimal, management may determine that their target Cybersecurity Maturity Level is Evolving. It is important for financial institutions to understand the relationship between the Overall Inherent Risk Profile and the recommended Cybersecurity Maturity Level identified in this tool to recognize that regulators will not expect an institution with a Least or Minimal Overall Inherent Risk Profile to attain a Cybersecurity Maturity Level of Advanced or Innovative.

Observations
The primary issue that we have identified through our review of completed Cybersecurity Assessments is the misinterpretation of the Declarative Statements. Each of the Declarative Statements within the Baseline level has a reference to the associated FFIEC Information Security Booklet, which allows institutions to locate additional information about the requirements to attain the statement. Management should review the references to the FFIEC Information Security Booklets to fully understand the meaning of each Declarative Statement. Interpretation of the Declarative Statements for Cybersecurity Maturity Levels above Baseline may require assistance from a third party or additional research.

We have found that a number of institutions with Inherent Risk Profiles of Least or Minimal have selected Yes for many Declarative Statements that the institution has not yet attained. If management is unsure of the meaning of a Declarative Statement, appropriate expertise should be sought before selecting Yes. Incorrectly indicating that the institution has attained a Declarative Statement will eventually lead to audit and examination findings.
Small community financial institutions should thoroughly evaluate a number of the Baseline level Declarative Statements before indicating that they have been attained. To view a list of these Declarative Statements, click here.

Conclusion
Completion of the FFIEC’s Cybersecurity Assessment Tool is a new process for financial institutions that will require feedback from the institutions that use the tool, as well as additional clarification from regulatory agencies. Institutions that spend time with examiners and risk management providers to understand and complete the tool accurately should gain a better understanding of their current cybersecurity risk level and be able to identify additional mitigating controls that can be implemented to prevent or reduce the impact of a cyberattack.

For more information on this article and/or how Young & Associates can assist your bank, contact Mike Detrow at 1.800.525.9775 or click here to send an email.

Capital Market Commentary – February 2016

Written by admin on . Posted in Management & Planning.

By: Steve Clinton, President, Capital Market Securities, Inc.

We are now approaching seven years since the Great Recession. While the economic recovery has been slow, it has lasted much longer than a typical recovery. The average recovery, since the end of World War II, had been 58 months. The longest recovery on record was the 10-year period that spanned the 1990s. The length of the current recovery has been aided by the Fed’s maintenance of historically low interest rates. The Fed ended its “zero” rate posture and raised a key interest rate in December. This was the first increase in interest rates in almost a decade. How quickly the Fed is able to move interest rates higher will depend upon the continued strength of the economy.

Job creation continues to occur and unemployment has trended downward. Inflation remains in check. Business profitability may have reached a near-term plateau. Fourth-quarter earnings for the S&P 500 are expected to slide 5.3 percent, according to data provider FactSet. That would represent the third straight quarterly drop in profits, and the first time the S&P 500 has experienced such a decline since the first three quarters of 2009. Steady consumer spending has enabled the U.S. economy to continue to grow despite broad economic weakness globally.

As we enter 2016, there are a number of items worth monitoring:

  • Presidential Election – The Obama era enters its final year. The presidential campaigns have already begun in earnest. The primaries began February 1st. The future direction of the country will be decided in the next election.
  • Economic Growth – Last year, we predicted that “U.S. economic growth in 2015 will be hard-pressed to continue its strong pace.” Our prediction was correct in that the economy likely expanded 2 percent last year. The results reflect weak global trade and severe cutbacks by energy companies due to the slide in oil markets. Also, business investment has been limited. Our prediction for 2016 – a 2 percent growth comparable to 2015.
  • Housing – Home price values steadily accelerated throughout 2015, underscoring that the housing market is returning to normal as the economy improves. The S&P/Case-Shiller Home Price Index rose 5.2 percent in the 12 months ending in October. The index is up 36 percent from its low recorded in March 2012, and is only 11.5 percent below the high recorded in July 2006. We anticipate that real estate values will continue to increase at a moderate pace in 2016.
  • Oil Prices – In early 2015, we noted that oil prices had declined to $50 a barrel. Oil prices continued to decline in 2015 as supply outstripped demand. In early 2016, oil prices fell below $30 a barrel reaching a 12-year low. The prospect of up to 500,000 barrels a day of Iranian crude flooding an already oversupplied market is the main reason for oil price declines. We expect oil prices to fall to a level of around $25 a barrel and that will force major suppliers to restrict oil production which will drive oil prices higher in the second half of 2016.
  • Industrial Production – The industrial sector remains soft. Capacity utilization fell to 76.5 percent in December. Before the recession, capacity use typically hovered above 80 percent. U.S. car sales were a bright spot in 2015. Auto sales were a record, passing a total last reached 15 years ago as cheap gasoline, employment gains, and low interest rates spurred Americans to snap up new vehicles. In all, auto makers sold 17.5 million cars and light trucks in the U.S. last year, a 5.7 percent increase. We anticipate slowing auto sales in 2016. Rising rates will make auto financing more expensive.
  • Imports/Exports – Europe and Japan, the U.S.’s major trading partners are at risk economically. China’s problems have been well discussed in the press. However, U.S. exports account for only about 13 percent of gross domestic product. If the rest of the world falters, a relatively small share of U.S. production will be exporting into the weakness. We do expect the strong dollar and continued economic struggles of our trading partners to cause exports to trail 2015 levels.
  • Consumers – Consumer confidence is being tested as we enter 2016. For the six-year period beginning January 2009 until the end of 2014, the S&P 500 more than doubled. This increased wealth added to consumer confidence and consumer spending. In 2015, the S&P 500 was essentially flat for the year. 2016 has begun with a market correction of nearly 10 percent. It is likely the recent stock market results will weigh on household finances. Offsetting the negative of lowered net worth will be lower gas prices that will serve to increase consumers’ incomes. Overall, we anticipate consumer spending to hold steady.
  • Fed – We mentioned last year that we expected modest rising rates in the second half of 2015. We also predicted that the Fed would be patient. We only got one rate increase in 2015. With the state of the economy, we would expect the Fed to continue to move slowly in 2016 in its effort to move interest rates upward.

Market Update
The overall stock market ended lower in 2015. The U.S. stock market encountered its first correction (a drop of at least 10 percent) in four years in August. The Dow declined 2.23 percent in 2015 while the S&P 500 Index was down 0.73 percent. Short-term interest rates ended 2015 with the 3-month T-Bill at 0.16 percent. Longer-term interest rates increased modestly in 2015. The 10-year T-Note ended the year at 2.27 percent, compared to 2.17 percent at December 31, 2014.

Bank pricing followed the overall market decline in 2015. The KBW Bank Index declined 1.59 percent for the year. Bank prices, as measured by the KBW Bank Index, remain nearly 40 percent below the highs recorded in 2006.

Merger and Acquisition Activity
Merger activity in 2015 was comparable to the level of activity in 2014. Pricing on 2015 bank sales was comparable to 2014’s pricing, recording a median price to book multiple of 141 percent and a price to earnings multiple of 22.4 times.

Interesting Tidbits
As has been our custom from time to time, we like to pass along various items that we have seen that you might enjoy reading:

  • The number of Americans seeking first-time jobless benefits is lower this year than any since 1973. (Note: The labor force has nearly doubled since 1973.) This indicates that the number of workers involuntarily losing their jobs is trending near historical lows.
  • The U.S. bull market is now more than 6½ years old, the fourth longest on record.
  • JPMorgan Chase expects to spend about $500 million on cybersecurity in 2016. Bank of America Chairman Brian Moynihan has said that the bank’s cybersecurity budget is unlimited. John Stumpf, Chairman of Wells Fargo, said the bank spends “an ocean of money” on cybersecurity. Says Stumpf, “it’s the only expense where I ask if it’s enough.”
  • U.S. merchants are said to have paid $61 billion in interchange fees last year.
  • High-yield bond assets held by U.S. mutual funds total over $300 billion, triple their level in 2009.

Young & Associates, Inc. has a successful track record of working with our bank clients in the development and implementation of capital strategies. Through our affiliate, Capital Market Securities, Inc., we have assisted clients in a variety of capital market transactions. For more information on our capital market services, please contact Stephen Clinton at 1.800.376.8662 or click here to send an email.

A Capital Plan That Addresses Enterprise Risk Management

Written by admin on . Posted in Management & Planning.

By: Gary J. Young, President and CEO

The need for community banks to complete a Capital Plan has intensified since the Office of the Comptroller of the Currency issued guidance which closely corresponds with the manner in which the FDIC and Federal Reserve assess capital adequacy according to information in their examiner’s handbook. The concept is that the bank (1) assess capital adequacy in relation to its unique overall risks, and (2) plan for maintaining appropriate capital levels in all economic environments. A bank should maintain a sufficient level of capital based on the associated risk at the bank and within the economic environment comprised within the bank’s market. This sounds a lot like Enterprise Risk Management. In fact, I believe that Enterprise Risk Management is morphing into Capital Planning based on risk.

This article outlines the methodology that Young & Associates. Inc. recommends in meeting this guidance.

Step 1 – Developing a Base Case
A five-year projection of asset generation and capital formation (earnings less dividends) would be used to project the future tier-1 leverage ratio and risk-based capital ratios. This is the base case scenario. Within this scenario, minimum capital adequacy standards will be established. At this point, there will be no additional capital for risk. As an example, for the tier-1 leverage ratio, the bank might establish a 5.0 percent minimum plus a 1.5 percent additional for unknown risk. This approach would be similar to the Basil III calculation. This would establish a 6.5 percent leverage ratio minimum. This example is for the leverage ratio only. A separate calculation would be needed to examine risk-based capital.

Step 2 – Identification and Evaluation of Risk
The focus here will be in identifying and evaluating all risk within the Enterprise:

  • Credit risk
  • Operational risk
  • Interest rate risk
  • Liquidity risk
  • Strategic risk
  • Reputation risk
  • Price risk
  • Compliance risk

The risk would be assigned a level (i.e., extreme, high, moderate, and low) and a trend (i.e., decreasing, stable, or increasing). Based on these assignments, additional capital may be added to the base. In the analysis of risk you should examine the current position, as well as potential risk in a stressed environment. You should also look closely at regulatory examinations, audit reports, and observation of current systems. Consider assigning additional capital for each position within the risk levels. It is acceptable and advisable that differing risk areas would have differing impacts on capital need. As an example, credit risk might have a greater capital contribution than price risk. Let’s assume that an additional 1.25 percent in capital is required based on the bank’s risk profile. This is similar to the use of Qualitative Factors in the Allowance for Loans and Lease Losses. Added to the 6.5 percent from above, the new capital adequacy level based on risk would be 7.75 percent.

It is possible that your directors would want the leverage ratio to exceed 7.75 percent. Let’s assume that percentage is 9.0 percent. While directors want 9.0 percent, those directors could also state that based on our risk compared with others, 7.75 percent is the measure for regulatory capital adequacy. This is not inconsistent.

Step 3 – Capital after Lending Stress
Both the FDIC and the OCC have suggested models for banks to stress capital based on stress from loan losses by loan classification. Young & Associates, Inc. strongly recommends that the appropriate model should be included in your bank’s planning process. The goal is for the model to indicate that the bank could survive a significant stress. This will also help in formulating your capital contingency which is discussed as Step 4.

 Step 4 – Contingency Planning for Stressed Events
If development of the base case and identification of risk is perfect with no internal or external errors, there would be no need for a contingency plan. However, as we all know, plans don’t work perfectly. Therefore, it is critical to stress all assumptions in the development of the base case and in the identification and evaluation of risk. The stress or worst-case scenario in these areas will determine the amount of capital needed to be raised. The analysis would then examine all realistic possibilities for increasing capital including, but not limited to:

  • Reducing assets from the base case
  • Asset diversification (impacts risk-based capital)
  • All profitability enhancement measures
  • Dividend reduction, if applicable
  • Branch sale, if applicable
  • Downstream cash from holding company
  • Capital raise from existing shareholders
  • Capital raise from new shareholders
  • Additional holding company debt
  • Sale of the bank

A brief word for mutual companies that are now regulated by the OCC: Many of the capital raising opportunities do not exist for a mutual. We would suggest that this is an additional risk for these banks. We would suggest that an additional 0.5 percent, or so, of additional capital is necessary for mutual banks compared with stock banks.

Step 5 – Policy
All of the preceding will be placed in policy and would include:

  • Assignment of roles and responsibilities
  • Process for monitoring risk tolerance levels, capital adequacy, and status of capital planning
  • Key planning assumptions and methodologies, as well as limitations and uncertainties
  • Risk exposures and concentrations that could impair or influence capital
  • Measures that will be taken based on differing stress events
  • Actions that will be taken based on stress testing

Young & Associates, Inc. has been working with banks to develop capital adequacy standards, a capital contingency, and the related policies. In addition, we have developed a product that will help you complete this risk assessment on your own in as little as one day. You can find this product by clicking here, or you can call our office. If you have any questions about this article or would like to discuss having Young & Associates assist your bank, please call Gary J. Young, President and CEO, at 330.283.4121, or click here to send an email.

Regulatory Attention on CRE Portfolios is Rising

Written by admin on . Posted in Lending & Loan Review.

By: Tommy Troyer, Senior Consultant and Loan Review Manager

Over the last several months, it has become increasingly difficult to miss the fact that the federal regulatory agencies (the FDIC, Federal Reserve, and OCC) believe that credit risk is on the rise across the banking industry and particularly within Commercial Real Estate (CRE) portfolios. While industry-wide developments are of course not necessarily reflective of the situation of any single bank, it is the case that regulatory concerns about building credit risk in CRE portfolios makes it more likely that your bank’s CRE policies, underwriting, and portfolio management will be closely scrutinized in your next safety and soundness exam. Note that in this context, CRE refers to what are sometimes called non-owner occupied commercial real estate loans: loans for which the sale of the property, take-out financing, or third-party rental/lease income are the primary sources of repayment.

Recent Comments on Increasing CRE Risk
On December 18, 2015, all three federal bank regulatory agencies issued the interagency Statement on Prudent Risk Management for Commercial Real Estate Lending, an existing guidance on CRE lending. In fact, the statement itself contains no new guidance or regulatory expectations. Its purposes, instead, appear to be to “remind financial institutions of existing regulatory guidance on prudent risk management practices” for CRE and, perhaps more importantly, to highlight the belief that credit risk in CRE portfolios is increasing and must be carefully monitored and managed. The guidance highlights several reasons to believe that CRE portfolios may experience some strain over the next several years. These include both market factors (historically low capitalization rates are cited) and findings from recent exams (easing of underwriting standards along several dimensions, increasing frequencies of underwriting policy exceptions, and insufficient monitoring of market conditions).

The new interagency statement is far from the only suggestion of increased concern regarding the CRE market. The OCC’s Semiannual Risk Perspective for Fall 2015 cites easing underwriting standards, increasing CRE concentrations (especially in multifamily), and for community banks, strong growth in CRE lending as possible risks. The December 2015 – January 2016 RMA Journal includes the final installment of the publication’s annual rundown of “Today’s Top Credit Risk Issues.” Multifamily lending makes the list, suggesting that the Risk Management Association, a respected industry group unaffiliated with any financial regulators, also sees notable risk in the CRE market.

The fact that the CRE market remains competitive in many areas, combined with low interest rates, has thus far meant that several traditional but lagging indicators of credit risk (for example, delinquency and non-accrual rates) have not yet shown signs of weakening. Nonetheless, as has been demonstrated in past credit cycles, the risk factors cited above can often lead to increases in credit risk that do eventually result in deteriorating asset quality and increasing charge-offs.

Prudent CRE Risk Management for Community Banks
The good news is that the keys to effectively managing risks in the CRE portfolio are not mysteries and are achievable for any disciplined and committed community bank. The recent interagency statement provides a good summary. It notes that, in part, banks that successfully manage CRE risk:

  • Establish and adhere to appropriate policies, underwriting standards, and concentration limits
  • Conduct accurate cash flow analysis on the project, borrower, and global levels at underwriting and on an ongoing basis
  • Effectively monitor market developments (supply and demand, vacancy and rental rates, etc.)
  • Implement appropriate appraisal review and collateral valuation processes

In addition to the factors described above, two additional critical features of CRE risk management, CRE Stress Testing and Independent Loan Review, are mentioned. These processes can be performed internally by community banks, but due to resource and other constraints may be both more efficient and more effective if outsourced.

Stress Testing the CRE Portfolio
The interagency statement notes that “market and scenario analyses” that “quantify the potential impact of changing economic conditions on asset quality, earnings, and capital” are an important aspect of CRE risk management. This is a reference to stress testing the CRE portfolio. Further, the 2006 interagency Concentrations in Commercial Real Estate Lending, Sound Risk Management Practices states that any institution with a CRE concentration “should perform portfolio-level stress tests.” Even if your bank does not meet the concentration thresholds defined in the 2006 guidance for identifying institutions with “potentially…significant CRE concentration risk,” stress testing the CRE portfolio can have a number of important benefits. By quantifying the impact of several adverse scenarios on asset quality, earnings, and capital, a CRE stress test can inform your bank’s strategic and capital planning processes, your internally established credit concentration limits and practices, and your credit policy and underwriting requirements.

Young & Associates, Inc. offers a CRE Portfolio Stress Testing service that provides an insightful and efficient stress testing solution. Our service uses data specific to your bank’s portfolio to stress your CRE portfolio across several factors. Our report will assist in quantifying the possible impact to earnings and capital that could result from decreases in collateral value, property net operating incomes, or increases in interest rates. In the current environment in which interest rate increases are likely over the next several years and decreases in collateral values are at least a distinct possibility, understanding your bank’s possible exposure is key to maintaining a safe and sound bank and demonstrating effective risk management to your examiners. Our CRE Stress Testing service is performed remotely, meaning that no travel expenses are associated with the service. More importantly, once the project has been discussed and you have provided a response to our initial data request, bank management can remain free to work on the many other initiatives that require attention, while we make use of our existing systems and expertise, making the stress testing process an efficient one. Our service includes a detailed report documenting the results of the stress test and, if desired, a phone presentation of the findings to management or the board.

Independent Loan Review
An effective independent loan review function is critical to assessing asset quality in the CRE portfolio, determining the accuracy and effectiveness of both underwriting and the ongoing monitoring of CRE credits, and identifying whether exceptions to credit policies or underwriting standards are being appropriately identified and approved by the bank. Any issues identified by loan review can be proactively addressed by the bank, helping to ensure risk mitigation is in place before the issues are identified by examiners or are revealed by deteriorating asset quality.

Most community banks find that their size and the requirement that loan review be performed by a qualified, independent party means that outsourcing loan review is the best option. Young & Associates, Inc. has extensive experience providing loan reviews for community banks. Our loan review of a sample of your CRE portfolio may identify individual credits of concern, but more importantly, will provide perspective regarding whether your credit standards, credit analysis, and ongoing monitoring of existing credits are adequate for the nature of your CRE portfolio. In this way, our findings not only inform management and the board about existing risks in the portfolio, but provide recommendations for effectively managing that risk. We can perform loan reviews on-site or, if your technological capabilities allow, remotely, allowing you to reduce or eliminate the travel expenses associated with the loan review.

For information regarding Young & Associates, Inc.’s CRE Stress Testing service, please contact Kyle Curtis at 1.800.525.9775 or click here to send an email. For information regarding Young & Associates, Inc.’s Independent Loan Review service, please contact Tommy Troyer at 1.800.525.9775 or click here to send an email.

Do You Know Where Your Data Went Last Night?

Written by admin on . Posted in Information Technology.

By: Mike Detrow, CISSP, Senior Consultant and Manager of IT

Maybe your data went to a football game on an employee’s smart phone. Or, perhaps your data met some international friends at an offsite backup location used by one of your service providers. In either case, if you do not know how your data moves and where your data is stored, you cannot protect it.

During our IT Audit engagements, it is not uncommon to see bank employees storing or transferring non-public information (NPI) using services such as Google Drive or Dropbox. This creates a very dangerous situation if one of these services suffers a data breach or the data is synchronized to personal devices infected with malware. In most of these cases, senior management does not understand how employees are handling NPI.

The importance of understanding and controlling NPI data flow and data storage is emphasized in the newly released version of the FFIEC’s Information Technology Management Handbook, as well as in the declarative statements to meet the Baseline maturity level within the Cybersecurity Assessment Tool. This article will discuss a process that can be used to document the data flow and data storage locations used within your institution and those used by your third-party service providers.

Here’s a way this could be used to illustrate the way that an institution can document data flow and data storage. You will first identify each Service or Application that uses NPI. Some examples of these services and applications include: core processing, lending platform, internet banking, and online loan applications. Next, you will identify the Vendor(s) associated with each service or application. The Process Type is used to identify the various processes that are performed using the specific service or application that may use different methods for accessing the data or result in data being transmitted through different connectivity types. An example of different process types can be illustrated with internet banking where data may flow between the core processing system and the internet banking system through a dedicated circuit, but customers access the internet banking system through a home internet connection. The Type of Data will most often be customer NPI, but may also include proprietary institution data. Data can be accessed in numerous ways including: institution workstations, institution servers, employee mobile devices, customer PCs, and customer mobile devices. The Connectivity Type may include: dedicated circuits, virtual private networks (VPN), local area networks (LAN), wide area networks (WAN), wireless networks, or the internet. Controls in Transit may include: encryption, firewall rules, patch management, and intrusion prevention systems (IPS). The Primary Storage Location(s) should include known locations where the data is stored such as: application or database servers, data backup devices, service provider datacenters, and service provider backup locations. The Optional Storage Location(s) should consider other places where data can be stored such as: removable media, an employee’s workstation, mobile devices, Dropbox, and Google Drive. Identifying the Optional Storage Location(s) may take a significant amount of time, as this step will involve discussions with application administrators to understand the options for exporting data and discussions with employees to understand their processes for transferring and storing data. A review of this information may lead to the implementation of additional controls to block the use of unapproved sharing and storage services.

Controls at Rest may include: encryption, physical security, and environmental controls. The Access Rights column should identify who can access the data at any point in time, which may include institution employees, service provider employees, and subcontractors used by a service provider.

This may seem like a daunting task to complete, and it may take a significant amount of time depending on the size and complexity of your institution. One option for implementing this process is to start with your annual vendor review process rather than trying to complete the process for all of your services and applications at one time. When you are gathering and reviewing documentation from each service provider, complete the table shown above for the service or application provided by that service provider. Documentation for internally managed systems and applications can also be completed over a period of time.

Upon completion of this process, you should have a full understanding of how your data moves between devices and where the data is stored. This information will allow you to justify the risk ratings within your information security risk assessment and identify additional controls that need to be implemented to properly protect your data.

For more information on this article, contact Mike Detrow at 1.800.525.9775 or click here to send an email.

Network Vulnerability Testing and the Case for Increasing Test Frequency

Written by admin on . Posted in Information Technology.

By: Mike Detrow, CISSP, Senior Consultant and Manager of IT

Even though you may only hear about a few IT vulnerabilities through mainstream news outlets each year, new vulnerabilities are being identified and reported on a daily basis. If remediation steps are not taken, a financial institution may be vulnerable to a cyber-attack if its information systems are affected by one of these vulnerabilities. A number of methods can be used to identify vulnerabilities that affect an institution’s information systems, including: network vulnerability testing, subscribing to services that provide vulnerability alerts, and monitoring vendor websites for vulnerability notifications. This article will focus on identifying vulnerabilities that currently exist within an institution’s information systems through the use of network vulnerability testing.

Network vulnerability testing is used to identify vulnerabilities such as misconfigurations, default passwords, and missing patches on network devices such as PCs, servers, routers, printers, and firewalls. This testing is typically performed using an automated tool that scans these devices for known vulnerabilities. The automated tool can perform either an un-credentialed scan or a credentialed scan. An un-credentialed scan assesses the vulnerabilities that can be detected without network credentials. A credentialed scan assesses the vulnerabilities that can be detected by a user that can log onto the network. An assessor reviews the results from the automated tool and performs tests to determine the applicability and criticality of the vulnerabilities detected before providing a report of the vulnerabilities and recommended remediation steps to the client.

We typically talk about external network vulnerability testing and internal network vulnerability testing. External network vulnerability testing focuses on the firewalls that the institution has implemented to protect its internal network. Internal network vulnerability testing focuses on the devices connected to the internal network which encompasses the institution’s operations center and any branch office networks.

In the past, it was typically deemed acceptable for smaller financial institutions to have network vulnerability tests performed on an annual basis. While this may have been acceptable for institutions with very static configurations, many institutions are actually making numerous changes to their IT environment over a one-year period that may introduce new vulnerabilities. Changes such as new software, new devices connected to the network, and firewall rule changes can create vulnerabilities that may not be identified until the next annual vulnerability test. Another common issue occurs when an institution takes steps to remediate an identified vulnerability, but the steps taken do not eliminate the vulnerability and it remains exploitable until the next annual network vulnerability test. It is also common for some institutions to focus only on external network vulnerability testing. However, it is important to test the internal network as well to identify any vulnerabilities that may be exploited by insiders or malware that makes its way onto an internal device.

With the increasing number of large-scale data breaches and the focus on cybersecurity, financial institutions should anticipate increased scrutiny from examiners during their evaluation of each institution’s selected network vulnerability testing schedule. While the network vulnerability testing frequency required for each financial institution will differ based on its size and complexity, most institutions should be increasing the frequency of external network vulnerability tests beyond once each year to help identify any potential vulnerabilities before they are exploited. Institutions should also consider increasing the frequency of internal network vulnerability testing to identify any vulnerabilities that may be exploited by insiders or malware.

For more information about this article or to learn more about the services offered by Young & Associates, Inc. to assist your financial institution with network security, please contact Mike Detrow at 1.800.525.9775 or click here to send an email.

 

How to Staff Branches in the Digital Age

Written by admin on . Posted in Management & Planning.

By: Mike Lehr, Human Resources Consultant

The digital age has hit branches hard. Lines out the door no longer exist. Patterns of activity flatten with each passing day. Activity spikes can occur anytime. How should banks staff their branches in the digital age?

In the past, banks relied on transaction-based staffing models to answer these questions. In the digital age, these models show staff reductions year after year. Transactions are going down. From our studies and experience, community banks staff to peak demand for the week. That means for rest of the week excess capacity exists. Staff is idle. Now, the busiest time of day is when employees open and close branches. It is not when customers transact.

Still, customers need help. It is a different kind of help. It is not about transactions. It is about sales. The digital age has blown the doors off product and service offerings. It is no longer just accounts and loans. It is no longer about what kind of accounts and loans. It is about the many ways to access them. The ways to do business with banks have spread like weeds.

Customers still need help from a person. It is not help with transactions though. It is help with understanding what banks can do for them. It is advising. It is consulting. It is selling. Traditional transaction models do not deal with selling. They are about transactions. Reducing staff can reduce selling. The question becomes, “What are your people really doing?”

The digital age is turning branches into sales offices. Staffing models need to account for sales. It is about new accounts. It is about referrals. It is about cross selling. How much time does it take to do these things? How much time does it take to do them well?

Selling is more complicated than transacting. It is a team effort. Tellers could act as assistants for sales personnel. They could research customer data. They could identify customers who might need additional help. They could make up the call lists for customer service representatives, loan officers, and branch managers. Still, it boils down to what your people are doing. How much time is it taking? How much downtime is there? How much time are they selling? The answers will most likely surprise.

If you would like to learn more how Young & Associates, Inc. can help you answer these questions for your bank and your people, contact Mike Lehr at 1.800.525.9775 or click here to send an email.

Connect with a Consultant

Contact us to learn more about our consulting services and how we can add value to your financial institution

Ask a Question