Skip to main content

Federal Crop and Livestock Insurance Programs and What’s Changing in 2025

By Craig Horsch, Consultant, Young & Associates

Overview of Federal Crop & Livestock Insurance Programs

Federal Crop Insurance and Federal Livestock Insurance are supplemental insurances that cover losses which are unavoidable and caused by naturally occurring events. They do not cover losses resulting from negligence or failure to follow good farming practices related to crops and/or livestock.

Federal Crop Insurance Programs include three main programs—Price Loss Coverage (PLC), Agriculture Risk Coverage (ARC), and the Marketing Assistance Loan Program (MALP)—as well as the Whole-Farm Revenue Protection Plan 2025 (WFRP), per the USDA Risk Management Agency. These programs are briefly described below:

  • PLC Overview:

    PLC program payments are issued when the effective price of a covered commodity is less than the effective reference price for that commodity. The effective price is defined as the higher of the market year average price (MYA) or the national average loan rate for the covered commodity. PLC payments are made to owners of historical base acres and are not tied to the current production of covered commodities. Covered commodities include wheat, corn, sorghum, barley, oats, seed cotton, long- and medium-grain rice, certain pulses, soybeans/other oilseeds, and peanuts.

  • ARC Overview:

    There are two types of Agriculture Risk Coverage: Agriculture Risk Coverage–County (ARC-CO) and Agriculture Risk Coverage–Individual (ARC-IC).

    • The ARC-CO program provides income support tied to the same historical base acres—not current production—of covered commodities. ARC-CO payments are issued when the actual county crop revenue of a covered commodity is less than the county ARC-CO guarantee for that commodity.
    • ARC-IC provides income support based on a farm’s revenue from current production of covered commodities, compared with a benchmark average of that farm’s production of those commodities. However, payments are limited to a portion of the farm’s historical base acres. This page focuses on ARC-CO; the ARC-IC program has not been widely adopted.
  • MALP Overview:

    The MALP allows producers to use eligible commodities they have produced as collateral for government-issued loans. Eligible commodities include wheat, corn, sorghum, barley, oats, upland and extra-long-staple cotton, long- and medium-grain rice, soybeans and other oilseeds, certain pulses, peanuts, sugar, honey, wool, and mohair.

  • WFRP Overview:

    WFRP insurance provides coverage against the loss of revenue that you expect to earn or obtain from commodities you produce or purchase for resale during the insurance period, all under a single insurance policy. WFRP offers benefits such as:

    • A range of coverage levels from 50% to 85% to fit the needs of more farming and ranching operations;
    • Replant coverage for annual crops, except Industrial Hemp;
    • The ability to consider market readiness costs as part of the insured revenue;
    • Provisions to adjust the insurance guarantee to better fit expanding operations;
    • An improved timeline for farming operations that operate as fiscal year filers; and
    • Streamlined underwriting procedures based on the forms used for WFRP.WFRP is designed to meet the needs of highly diverse farms that grow a wide range of commodities and sell to wholesale markets. The WFRP policy was specifically developed for farms that market directly to local or regional buyers, sell through identity-preserved channels, and produce specialty crops, animals, and animal products. The amount of farm revenue you can protect with WFRP insurance is the lower of the revenue expected on your current year’s farm plan or your five-year average historic income, adjusted for growth. This represents an insurable revenue amount that can reasonably be expected to be produced on your farm during the insurance period. All commodities produced by the farm are covered under WFRP, except timber, forest and forest products, and animals used for sport, show, or as pets.It is important to understand that WFRP covers revenue produced during the insurance period. For example, if a calf weighs 800 pounds at the beginning of the insurance period and is sold at 1,200 pounds during the insurance period, the value of production will be the additional 400 pounds gained. Inventory adjustments are used to remove production from previous years and to add revenue for production that has not yet been harvested or sold.

Understanding USDA Livestock Insurance Programs

Per the USDA Risk Management Agency website, the Federal Livestock Insurance Programs are as follows:

  • Livestock Gross Margin – Cattle:

    The LGM for Cattle Insurance Policy provides protection against the loss of gross margin (market value of livestock minus feeder cattle and feed costs) on cattle. The indemnity at the end of the 11-month insurance period is the difference, if positive, between the gross margin guarantee and the actual gross margin. The LGM for Cattle Insurance Policy uses futures prices to determine both the expected and actual gross margins. Adjustments to futures prices are based on state- and month-specific basis levels. The price the producer receives at the local market is not used in these calculations.

    Eligible producers are those who own cattle in the states of Colorado, Illinois, Indiana, Iowa, Kansas, Michigan, Minnesota, Missouri, Montana, Nebraska, Nevada, North Dakota, Ohio, Oklahoma, South Dakota, Texas, Utah, West Virginia, Wisconsin, and Wyoming. Only cattle sold for commercial or private slaughter—primarily intended for human consumption—and fed in one of the eligible states are covered under the LGM for Cattle Insurance Policy.

  • Livestock Gross Margin – Dairy Cattle:

    The LGM for Dairy Cattle Insurance Policy provides protection against the loss of gross margin (market value of milk minus feed costs) on milk produced from dairy cows. The indemnity at the end of the eleven-month insurance period is the difference, if positive, between the gross margin guarantee and the actual gross margin. The LGM for Dairy Cattle Insurance Policy uses futures prices for corn, soybean meal, and milk to determine the expected and actual gross margins. The price the producer receives at the local market is not used in these calculations.

    Any producer who owns dairy cattle in the contiguous 48 states is eligible for LGM for Dairy Cattle Insurance Policy coverage. Only milk sold for commercial or private sale—primarily intended for final human consumption—from dairy cattle fed in any of the eligible states is covered under this policy.

  • Livestock Gross Margin – Swine:

    The LGM for Swine Insurance Policy provides protection against the loss of gross margin (market value of livestock minus feed costs) on swine. The indemnity at the end of the 6-month insurance period is the difference, if positive, between the gross margin guarantee and the actual gross margin. The LGM for Swine Insurance Policy uses futures prices to determine both the expected and actual gross margins. The price the producer receives at the local market is not used in these calculations.

    Any producer who owns swine in the 48 contiguous states is eligible for LGM for Swine insurance coverage. Only swine sold for commercial or private slaughter—primarily intended for human consumption—and fed in the 48 contiguous states are eligible for coverage under the LGM for Swine Insurance Policy.

 

Policy Outlook: Projected Spending Impacts of Proposed PLC and ARC-CO Changes

In light of potential 2025 farm policy changes, the article “Spending Impacts of PLC and ARC-CO in the House Agriculture Reconciliation Bill” by Schnitkey, Paulson, Coppess (University of Illinois), and Zulauf (Ohio State University), published in farmdoc daily, offers valuable insight into the budgetary and structural implications of proposed revisions to two cornerstone commodity programs: Price Loss Coverage (PLC) and Agricultural Risk Coverage at the County Level (ARC-CO).

Key Proposed Changes

Under the House Agriculture Reconciliation Bill, four primary changes to PLC and ARC-CO are proposed:

1. Statutory Reference Price Increases:

From 2025 to 2030, statutory reference prices for major program crops would increase—for example, from $3.70 to $4.10 per bushel for corn (an 11% increase), from $8.40 to $10.00 for soybeans (19%), and from $5.50 to $6.35 for wheat (15%). Similar increases are also proposed for seed cotton, rice, and peanuts (Schnitkey et al., 2025, Table 1).

2. PLC Payment Floor Adjustments:

The bill proposes new price floors for PLC payments—$3.30 for corn and $0.30 per pound for seed cotton—to limit downside price risk. These new thresholds would reduce outlays in low-price environments by capping PLC payment escalation.

3. ARC-CO Enhancements:

Changes to ARC-CO include increasing the coverage level from 86% to 90% and the maximum payment rate from 10% to 12.5% of benchmark revenue, making the program more responsive during periods of reduced revenue.

4. Loan Rate Increases:

The bill also proposes a 10% increase in the loan rates for the six largest program crops, further enhancing the income safety net (Schnitkey et al., 2025).

Budgetary and Distributional Impacts

The authors estimate that these program changes would raise federal outlays for PLC, ARC-CO, and marketing loan programs from $46.5 billion to $76.4 billion between 2025 and 2035—a 64% increase (Schnitkey et al., 2025, Table 2). However, this increase is not evenly distributed across commodities or regions:

  • Southern crops—notably peanuts, rice, and seed cotton—would see the largest increases in payments per base acre. In contrast, traditional Midwestern crops such as corn and soybeans would receive more modest increases.
  • For farms with 500 base acres, estimated average annual payments under the proposed changes would be:

This disparity stems from differences in statutory reference prices across crops. Southern crops historically have higher relative reference prices, leading to larger government payments—an imbalance that would be widened under the proposed bill (Schnitkey et al., 2025).

Political and Policy Implications

To fund these increased outlays, the House Agriculture Committee is proposing spending reductions from the Nutrition Title, particularly the Supplemental Nutrition Assistance Program (SNAP). This cost-shifting pits agricultural and nutrition interests against each other and introduces politically sensitive trade-offs that could impact the outcome of future Farm Bill negotiations (Schnitkey et al., 2025).

Why This Matters

For agricultural lenders and risk managers, particularly those serving Midwestern crop producers, the proposed updates could affect the farm income landscape, collateral valuations, and overall credit risk. Although support increases are significant for crops like rice and peanuts, the more moderate gains for corn and soybeans mean Midwest producers may see less benefit from the bill in its current form. Understanding the potential outcomes of these policy shifts can help financial institutions refine their risk assessments and prepare clients for what lies ahead.

Staying Ahead in a Changing Agricultural Risk Landscape

As federal crop and livestock insurance programs evolve—and legislative proposals like those in the 2025 House Agriculture Reconciliation Bill signal substantial shifts in farm subsidy distribution—lenders must be prepared to navigate increased complexity in agricultural credit risk. From changes in PLC and ARC to adjustments in federal loan programs and WFRP, these developments have direct implications for borrower cash flow, collateral valuation, and overall lending strategy.

For financial institutions serving agricultural clients, now is the time to reassess risk management frameworks, update lending practices, and evaluate credit exposures in light of these changes.

Young & Associates has deep expertise in agricultural lending and credit risk analysis. Our team can help your institution proactively adapt, with services that include portfolio review, credit risk management consulting, and tailored support for ag-specific lending challenges. Whether you’re seeking to strengthen underwriting processes or prepare for policy-driven shifts in borrower performance, we’re here to help you respond with confidence.

Explore our lending and credit risk consulting services to learn how we can support your institution’s success in this evolving environment.

 

References

Coppess, J., C. Zulauf, G. Schnitkey, N. Paulson and B. Sherrick. “Reviewing the House Agriculture Committee’s Reconciliation Bill.” farmdoc daily (15):89, Department of Agricultural and Consumer Economics, University of Illinois at Urbana-Champaign, May 14, 2025. Permalink

Kalaitzandonakes, M., B. Ellison, T. Malone and J. Coppess. “Consumers’ Expectations about GLP-1 Drugs Economic Impact on Food System Players.” farmdoc daily (15):49, Department of Agricultural and Consumer Economics, University of Illinois at Urbana-Champaign, March 14, 2025. Permalink

Schnitkey, G., N. Paulson, C. Zulauf and J. Coppess. “Price Loss Coverage: Evaluation of Proportional Increase in Statutory Reference Price and a Proposal.” farmdoc daily (13):203, Department of Agricultural and Consumer Economics, University of Illinois at Urbana-Champaign, November 7, 2023. Permalink

Schnitkey, G., C. Zulauf, K. Swanson, J. Coppess and N. Paulson. “The Price Loss Coverage (PLC) Option in the 2018 Farm Bill.” farmdoc daily (9):178, Department of Agricultural and Consumer Economics, University of Illinois at Urbana-Champaign, September 24, 2019. Permalink

Schnitkey, G., N. Paulson, C. Zulauf and J. Coppess. “Spending Impacts of PLC and ARC-CO in House Agriculture Reconciliation Bill.” farmdoc daily (15):93, Department of Agricultural and Consumer Economics, University of Illinois at Urbana-Champaign, May 20, 2025. Permalink

The Importance of Field Examinations in Asset-Based Lending

By Ollie Sutherin, Chief Financial Officer, Young & Associates

Asset-based lending (ABL) is a creative financing alternative that will unlock additional working capital for businesses. While it appears more complex than traditional commercial real estate transactions, the appropriate training and education eliminate intimidation. Many community financial institutions tend to avoid ABL opportunities due to the perceived burden of ongoing monitoring. However, with the appropriate due diligence at the outset of a lending relationship, the process becomes significantly more manageable and efficient.

The Reality of Ongoing Monitoring in Asset-Based Lending

Having worked at a small regional bank, I experienced firsthand the detail-oriented process of handling ABL monitoring. Line of credit renewals often relied heavily on borrowing base certificates (BBCs)—many of which lacked accuracy and detail. Field examinations were seldom part of the equation, and decisions were often based on whether the BBC appeared “sufficient” to support the requested loan amount, whether payments were current, and whether principal was being retired in a frequent manner. What was consistently overlooked were several critical elements:

  • Early detection of fraud or irregularities
  • Evaluation of internal operational controls
  • Comprehensive and consistent collateral eligibility testing
  • Longitudinal trend analysis and risk monitoring

Field Exams: A Vital Tool for Risk Mitigation

In today’s competitive lending environment, speed and efficiency are crucial. However, it’s imperative not to sacrifice thorough due diligence for the sake of expediency. Relying solely on BBCs without incorporating periodic field examinations introduces significant risk—risk that could far outweigh the relatively modest cost of performing a field exam. The reality is clear: a field exam provides the lender with a deeper understanding of the borrower’s financial health, operational integrity, and collateral quality. The field exam also provides information that can be used to set appropriate advance rates for the various collateral types.

You Don’t Know What You Don’t Know

One illustrative example comes from a colleague who shared her first field examination experience shortly after completing her training and certification. She was tasked with examining receivables for a large borrower. Drawing on the tools and methodology she had just mastered, she uncovered a serious case of fraud  whereby the borrower was systematically crediting and rebilling invoices once they aged past 90 days. This practice inflated the eligible receivables reported in the BBC and granted the borrower significantly more borrowing availability than permitted.. Without the field exam, this fraud would likely have continued undetected—exposing the financial institution to considerable, non-avoidable risk.

While instances like these may not occur every day, they underscore an essential truth: you don’t know what you don’t know. Field examinations offer lenders a proactive mechanism to confirm the integrity of a borrower’s financial reporting and ensure continued creditworthiness. In asset-based lending, that peace of mind over your relationships far outweighs the small investment.

How Y&A Can Support Your Lending Program

Asset-based lending can open new avenues for community financial institutions, but it also introduces unique risks that require careful, ongoing oversight—particularly through field exams and detailed collateral monitoring. As illustrated, relying solely on surface-level reporting leaves institutions vulnerable to inaccuracies and potential fraud.

Our Y&A Credit Services team provides a wide range of solutions that support strong credit risk management, including credit underwriting, underwriting reviews, and credit administration. These services can help your institution build a solid foundation for managing more complex lending relationships like ABL.

If your team is looking to enhance credit processes, improve documentation quality, or strengthen internal controls, Young & Associates is here to help you prepare—strategically and confidently—for what’s ahead. Reach out to us today for a free consultation.

Credit Unions: Prepare for Increased Cybersecurity Exam Scrutiny in 2025

By Mike Detrow, CISSP; Director of IT & IT Audit, Young & Associates

Is Your Credit Union Ready for Stricter NCUA Cybersecurity Examinations?

There have been some signals over the past few years that the NCUA is focusing more attention on cybersecurity and may be increasing scrutiny in this area during upcoming exams. In this article, I will identify these signals and also provide steps that credit unions can take to prepare for this potential in their next exam.

Looking back at the NCUA’s Letters to Credit Unions from January 2022 through present, we see the following regarding cybersecurity:

  • January 2022: The NCUA continues to develop updated information security examination procedures
  • January 2023: The NCUA will continue to have cybersecurity as an examination priority
  • January 2024: The NCUA will continue to prioritize cybersecurity as a key examination focus
  • October 2024: The NCUA provided the following reporting statistics regarding the cyber incident response notification rule: “From September 1, 2023, the effective date of the NCUA’s cyber incident notification rule, through August 31, 2024, federally insured credit unions reported 1,072 cyber incidents. Seven out of ten of these cyber incident reports were related to the use or involvement of a third-party vendor.”
    • This letter also identifies the following four key focus areas for boards of directors:
      • Ongoing cybersecurity education for the board of directors and credit union employees
      • Approval of a comprehensive information security program that includes risk assessments, security controls, and incident response plans and is reviewed and updated at least annually
      • Oversight of operational management
      • Ensuring that an effective incident response plan is in place and includes specific requirements
  • January 2025: Cybersecurity remains a top supervisory priority and the NCUA urges each credit union’s board of directors to prioritize cybersecurity as a top oversight and governance responsibility

What Do These Trends Mean for Credit Unions?

While the NCUA has identified cybersecurity as an examination focus area or priority in their supervisory priority statements for 2023, 2024, and yet again for 2025, the key information that identifies the potential for a more significant regulatory change is identified in the October 2024 letter. This letter states that 1,072 cyber incidents were reported over a one-year period and that seven out of ten of these incidents were related to the use or involvement of a third-party vendor.

While the information provided does not include any details about the severity of these incidents or how many may be attributed to a single vendor or single credit union, it would be hard for this number of reported cyber incidents not to get the attention of examiners and credit union management when it averages out to nearly three incidents per day. At a minimum, these statistics identify the need for better oversight of vendors by credit unions and potentially regulators. It also indicates that approximately 320 of the reported cyber incidents were not specifically attributable to the use or involvement of a vendor, which points to potential deficiencies in cybersecurity controls at the affected credit unions.

How Credit Unions Can Prepare for 2025 Cybersecurity Exams

The identification of key focus areas for boards of directors in the October 2024 letter is also noteworthy. This spells out specific recommendations for a credit union’s training program, information security program, oversight of operational management, and the incident response plan.

The recommendations for the oversight of operational management are very specific and include the following:

  • Set clear expectations regarding the due diligence of third-party vendors with respect to information security
  • Ensure that cybersecurity is a core value within the credit union and influences decision-making
  • Provide access to cybersecurity expertise and an adequate budget for the appropriate cybersecurity technologies and tools
  • Place an emphasis on vulnerability management, patch management, application and website whitelisting and blacklisting, and threat intelligence
  • Engage external parties with appropriate expertise to conduct audits of the cybersecurity program
  • Establish a framework for ongoing reporting of the status of the cybersecurity program including risk assessments, risk management and control decisions, service provider arrangements, results of testing, and any recommended changes to the program
  • Protection of data backups including secure storage and other controls to protect from ransomware as well as periodic testing to verify the recoverability of data
  • Ongoing training for members to promote sound cybersecurity practices

This is a potential indication that there will be more regulatory focus on evaluating the effectiveness of the board’s cybersecurity oversight and additional efforts to hold the board accountable if it does not take steps to promote cybersecurity as a core value within the credit union to mitigate potential cybersecurity threats.

How Should Credit Union Leaders Prepare?

The board of directors and senior management should ensure that each of the recommendations identified in the October 2024 Board of Director Engagement in Cybersecurity Oversight (24-CU-02) letter is put into practice at the credit union. While some credit unions may have internal resources to help with this process, many credit unions will benefit from having an independent consultant review their information security program, policies and procedures, incident response plan, vendor management practices, and technical security controls to identify areas for improvement to comply with the NCUA’s recommendations. The consultant can then provide templates and other resources for management to use to implement the recommended improvements, or the consultant can be engaged to assist the credit union with the implementation of the recommended improvements.

How can Young & Associates Help?

Young & Associates offers the following services to both evaluate and improve your cybersecurity program and security controls by identifying weaknesses and assisting with corrective actions to help you better protect your credit union from current cybersecurity threats.

  • IT Audits
  • Internal and External Vulnerability Assessments
  • Internal and External Network Penetration Testing
  • Social Engineering Tests
  • Policy templates, including an Incident Response Plan designed specifically for credit unions
  • Cybersecurity Program Development

For more information about our cybersecurity consulting services, contact us today.

2025 Begins with a Normal Yield Curve – But Where is the Risk?

By Michael Gerbick; President, Young & Associates

On Wednesday, January 29, 2025, Jerome Powell and the Federal Open Market Committee (FOMC) decided to maintain the target range for the federal funds rate at 4.25 – 4.50 percent after three successive cuts totaling 100 bps in September, November, and December. There continues to be heightened attention and focus on the yield curve, and for valid reasons, as the curve’s shift has been dramatic in recent years.

The chart below shows the yield curve at five different points in time from January 2022 to Tuesday, February 18, 2025. The shape of the curve has gone from normal to inverted and now back to normal. Looking at a few different US Treasury Bond maturities over the last 14 months, you can see the one month yield has decreased over 120 bps and the 20 year has increased over 60 bps! Each rate curve shape and elevation imply different opportunities for your balance sheet. A more asset-sensitive and positive gap on a balance sheet may be more attractive for earnings in the short term and helpful when the Fed was raising rates in 2022 and 2023.  A more liability-sensitive and negative gap on a balance sheet may be more attractive for earnings in the short term as the Fed reduces rates. Your ALCO is likely well-versed in these shifts and has been managing these drastic movements and their impact on the Bank’s overall strategy.

The normal yield curve indicates improved expectations for economic growth in the years ahead. That said, there is also caution for inflation. When the Fed began rate reductions, there were discussions regarding more cuts totaling 100 bps by year end 2025, then these ambitious views have shortened to perhaps two cuts of 25 bps each. The yield curve is still elevated from what it was several years ago and the Fed Funds rate is higher than the previous cycle’s peak of 2.25 – 2.50 percent in 2018-2019. The consumer is more savvy than they were at that time as well.

At the end of 2024, we spent time interviewing some of our community banker colleagues to gain a pulse on what they are talking internally about in their ALCO meetings concerning interest rate risk. As expected, there is an overall sense of relief to have a normal yield curve instead having to manage to the inverted one of recent years. There is still an overall sense of caution headed into 2025 for many reasons, with two key factors briefly discussed in the following sections.

Cost of Deposits

Community banks may not realize the full impact of the Fed’s rate reduction in their cost of deposits. Given the continued elevated competition for deposits and the more savvy consumer, community banks may find their deposit rate offering slower to adjust than the Fed’s rate movements and some may see their interest expense actually increase in 2025. There may also be migration to more longer term duration CDs (movement from less than 6 months to 1 year or more). Yes, longer term CDs will keep the deposit costs higher than non-maturity but will create welcomed funding stability for the bank. Continued focus on the bank’s deposit makeup and shifts are necessary. Staggering the CD maturities will be critical for community banks to manage this new environment so as to maintain adequate liquidity levels as CDs mature and consumers make a choice to reinvest, migrate to shorter term or perhaps withdraw their funds.

Investments

Many investments were made by community banks with PPP funds and other excess liquidity in a low rate environment back in 2021. The Fed raised rates 550 bps and many of those investments contributed to a significant amount of unrealized loss. Now, the Fed cut rates 100 bps and the yield curve is no longer inverted. The rates are still elevated and there are still a significant amount of investments on community banks’ balance sheets with unrealized losses. The chart below shows the fair value of investment portfolio expressed as a percent of the amortized cost of the investment portfolio over the last four years for commercial banks.

You can see all three asset sizes over the last four years have a similar trend line. Consider a bank having $100MM in their security portfolio, it is likely its portfolio is currently $7-$10MM underwater. This changes each day as these investments continue to reprice and mature over time.  As they do, bank management is faced with how best to serve its bank either in reinvesting short-term or long-term within their investment portfolio or funding higher yielding loan growth opportunities. Each has liquidity and capital implications that must be considered.

Conclusion

Community banking is resilient and the conversations with community bankers reveal their drive to prepare and plans for managing risk in 2025 and beyond. ALCO and Boards of Directors should continue their sharp focus on managing interest rate risk.  If the deposit competition is fierce for your Bank and interest expense in 2025 is expected to be elevated, then focus on what is within your bank’s control. On the asset side of the balance sheet, consider paying attention to the loan and investment portfolios and when they are repricing, what additional loan fee income can be generated, revisiting discussions and confirming the types of loans the bank is comfortable making.

When considering interest rate risk, confirm your bank’s risk profile and always remember to stay within the Board approved risk parameters. Your bank’s balance sheet may have experienced significant change away from a neutral risk position given the economic environment in recent years. If you have found your bank is outside the risk parameters, discuss strategies with your Board that are designed to get the bank back within acceptable risk thresholds.  Always be clear with the Board on expectations and inform them we may not be able to fix this overnight.  One banker said it best when providing advice for community bankers trying manage the interest rate risk of the bank, “Always manage the bank’s IRR to a better position, even if getting to that position takes years …don’t get ahead of your skis and try to do it all in one day.”

Lastly, thank you to those community bankers that spent their time discussion IRR and sharing their insights in the interest of helping other community bankers.

If you’d like to hear more about our ALM services, specifically interest rate risk and liquidity risk reviews, please reach out as we would be happy to discuss and assist.

Market Shifts & Margin Pressures

By Michael Gerbick, President, Young & Associates

On Thursday, November 7, 2024, Jerome Powell and the FOMC (Federal Open Market Committee) announced a 25 basis point (bp) interest rate reduction of the federal funds rate just after they announced a 50 bp cut in September.  September’s rate reduction was the first time since March 2020, the Fed has cut rates.  Consider the last several years regarding interest rates: rates dropped to zero in the face of a pandemic, rates skyrocketed 550 bps resulting in an inverted yield curve spanning years, and now another shift in monetary policy.

To provide a visual display of this environment, please view the yield curve over the last few years and then just after the announcement of the latest rate cut on November 7, 2024. Between July 2022 and August 2024, the 10-year bond yield was less than the 2-year yield indicating an inverted yield curve. You can see in the November 8, 2024 curve, the yield on the 2-year bond below the 10-year. The shift in the yield curve has been incredible. Consider the decisions made around each of these points in time at your institution.

US Treasury Yield Curve

This rate environment and the decisions made within it are impacting banks everywhere, especially community financial institutions. Decisions on how best to retain and grow deposits have impacted balance sheets and income statements during this time. It is well-known consumers were placing their money in certificates of deposit (CDs) as rates rose and continued to move their funds to these higher yielding deposit accounts, even after the Fed’s last hike in 2023. The charts below utilize call report information from S&P Global for commercial banks and reveal the deposit mix shift from non-maturity deposits and CDs from the last year. Segmenting CD deposit data from commercial banks by asset size, one can see the shift in the deposit mix for the community banks less than $1B has been the most significant.

CDs as % of Total Deposit Shift September 2023 to September 2024

These CDs will mature; the following chart shows the majority of these maturities will take place in the next year (+84%), with nearly 30% maturing by year end 2024.

% of CDs Maturing in 3 Months and 3-12 Months from September 2024

The deposit shift to CDs is not only more costly to community financial institutions, raising their cost of deposits and ultimately adding pressure to their Net Interest Margin, but they can also be more volatile than traditional non-maturity deposits with savvy depositors more willing to move their deposit relationship to the institution with the highest yielding return. In addition, the data in the charts show this deposit shift is more significant for the smaller community banks with less of an opportunity to reprice in the shorter term than the other community commercial banks.

Many of our community bank colleagues are very much aware of these rising costs and are actively pursuing all resources (including each other) on how best to manage this aspect of the balance sheet. In May 2024, the FDIC released its Annual Risk Review and in June 2024 the OCC released their Semiannual Risk Perspective both outlining significant trends and risks in the banking industry. Among the critical sections in each, the analysis of market risks stands out, particularly for community financial institutions. Both articles have common themes, I’ll break down some important insights from the reports and how they may impact your institution and its strategy in the coming months and years.

Liquidity, Deposits, & Funding: A Shifting Landscape

Reinforcing the analysis earlier this article, the OCC and FDIC both indicate 2023 saw an increase in the cost of funds for banks as community banks reacted to the rising rate environment and for more savvy consumers. For community banks, which typically have smaller balance sheets and lean heavily on customer relationships, the stability of insured deposits has been a positive. However, the growing trend of depositors seeking higher yields has led to a shift from traditional savings accounts to CDs and other high-yielding options.

This shift puts upward pressure on interest expenses, a trend community financial institutions are already feeling. In fact, CDs accounted for 26% of median of all FDIC bank deposits at the end of 2023, compared to 19% the previous year. To remain competitive and retain deposits, community banks are raising deposit rates, which in turn increases their cost of funds.

For community banks that have traditionally benefited from lower-cost deposits, this shift represents a double-edged sword—depositors are seeking better returns, but retaining those deposits requires higher costs. The challenge will be finding a balance between offering attractive rates to depositors and managing interest expenses.

Addressing Deposit Competition

To combat this competition, community financial institutions need to focus on differentiating the value they provide beyond rates. Here are some approaches you may find value in pursuing:

  • Tiered Deposit Products: Offering tiered-rate accounts for different deposit levels or durations can help incentivize customers to commit their funds for longer periods while minimizing the impact on your cost of funds.
  • Relationship Banking: Unlike larger institutions, community banks can leverage personal relationships with customers. Offering value-added services such as financial planning or personalized advisory services can deepen customer loyalty, encouraging them to keep their deposits with your institution even if competitors offer slightly higher rates. This applies to new lending relationships too, prioritize getting the customer’s deposit relationship as the new loan is established.
  • Community Initiatives: Reinforce your brand of being an active member of the community. Consider leveraging the relationship banking discussed above; partner with these businesses to sponsor local fundraisers together. Consider avenues to reinforce your commitment to the community with other members of the community. This can not only build loyalty but also emphasize the bank’s role in the community, creating a compelling reason for customers to stay and others to start a relationship with you.

Increased Reliance on Wholesale Funding

Liquidity pressures in 2023 forced banks, especially community institutions, to turn more heavily to wholesale funding to meet liquidity needs. This is especially concerning for community banks that have historically relied on stable local deposits. The FDIC report noted that liquid assets at community banks declined alongside loan growth, driving a reliance on wholesale sources to fund assets. By the end of 2023, 19% of total assets at community banks were funded by wholesale sources, the highest level since 2017.

Wholesale funding often comes with higher costs and introduces funding risk, particularly in periods of market stress. Community banks need to carefully manage this balance, ensuring they have access to cost-effective liquidity while avoiding over-reliance on wholesale sources that could pose risks if market conditions deteriorate.

Net Interest Margins & Interest Rate Risk

Margin Compression & Variability Among Banks

Both the OCC’s and FDIC’s report make it clear that NIM compression is a concern. Although the median NIM increased slightly to 3.45% in 2023, this masks the deeper issue: funding costs—particularly deposit rates—are rising faster than loan yields, minimizing the yield gains on the assets. Many community banks saw margin compression as the cost of funds outpaced asset yields.

In the FDIC report it is highlighted that smaller community banks with less than $100 million in assets generally fared better than others, with 70% of these institutions reporting higher NIMs comparing 2022 to 2023. This is likely due to their ability to maintain stronger liquidity positions and avoid the sharp increases in funding costs that larger institutions faced. However, even smaller banks are not immune to the challenges posed by rising interest rates, and they may find their NIMs under pressure in the coming quarters as deposit costs continue to rise.

Strategies for Managing the Squeeze

  • Balancing Deposit & Loan Pricing: The traditional method of managing NIM by lowering deposit rates or raising loan rates may no longer provide the same value it did in the past. Community banks can explore variable-rate loan products with rate floors, which allow for automatic adjustments as interest rates rise and have some protection as rates decline. This provides a hedge against rising funding costs.
  • Dynamic Pricing Models: Incorporating dynamic pricing strategies for both deposits and loans can help strike the right balance between growth and profitability. For instance, a Midwest community bank adopted a step-up CD product, which started with a competitive rate that increased over time, providing both flexibility for depositors and predictability for the bank’s funding costs.
  • Strategic Use of Securities Portfolios: To manage asset-liability mismatches, community banks can strategically deploy their securities portfolios. If the bank has excess liquidity, consider investing in current higher rate securities. Many banks invested in securities prior to the most recent rising rate environment and have unrealized losses. Although realizing significant loss on the sale of your securities is not ideal, banks should have discussions internally concerning their portfolio, payback period if a loss is realized and the most prudent path forward for their institution.

Interest Rate Risk Environment Remains High

For community banks, interest rate risk (IRR) has become an increasingly critical issue. The FDIC’s report points to the elevated share of long-term assets held by these institutions, which could constrain future NIM growth. As interest rates rose rapidly in 2022 and 2023, some community banks began selling off lower-yielding securities to reinvest in higher-rate assets. The OCC reports call out unrealized losses in held-to-maturity portfolios declined in the fourth quarter of 2023, but remained elevated at 11.5 percent. This security management strategy was mentioned earlier in this article and if implemented should be tightly monitored so as to minimize the impact and risk of any realized losses on those securities.

The OCC’s report discusses the uncertainty of the rate environment and depositor behavior prior to the Fed acting and reducing rates. It states:

Uncertainty regarding the rate environment and depositor behavior over the next 12 to 24 months increases the importance of stress testing and sensitivity analysis of deposit assumptions. Given uncharted depositor behavior and rate sensitivity observed during the recent increasing rate environment, prudent risk management would include interest rate risk and liquidity stress-testing scenarios that assume higher than expected deposit competition, resulting in higher-than-expected deposit pricing regardless of rate movement direction.

Well-developed assumptions are key to IRR management and modeling. With a declining rate environment community, banks may want to assume more conservative betas in their repricing assumptions.

Strategic Takeaways for Community Banks

So, what can community financial institutions do based on the data in the OCC and FDIC’s Reviews?

  • Diversify Funding Sources: The increasing reliance on wholesale funding is costly for community banks. Banks may focus on exploring alternative funding sources or solidifying relationships with local depositors may help mitigate future liquidity pressures.
  • Focus on Asset-Liability Management (ALM): With interest rate risk remaining high, it is critical for community banks to develop more dynamic asset-liability management strategies. Refining the ALM modeling deposit beta assumptions and monitoring the shift of the deposit mix can help to improve forecasts and reduce the risk of negative financial impact. In addition, reinvesting proceeds from lower-yielding securities at higher rates can help but must be carefully managed to avoid significant losses.
  • Manage Interest Expenses: Even with the Fed reducing rates a total of 75 bps in the last few months, the competition for deposits remains fierce, and many community banks will need to continue offering higher rates to retain customer funds. While this will delay the full impact of cost relief from the Fed’s rate reduction, thoughtful pricing strategies and maintaining a strong loan portfolio could help offset these expenses.

From Stress to Success: Stay Agile, Stay Informed

As community financial institutions adjust to the Fed’s 50 bps and 25 bps rate reductions and face the challenges outlined in both the FDIC’s 2024 Risk Review and the OCC’s Semiannual Risk Perspective, it is clear that agility and innovation will be key to success. The market risks—ranging from deposit competition and NIM compression to liquidity pressures—are significant, but with strategic thinking and proactive management, community banks can navigate these challenges and continue to thrive. With proactive strategies focused on liquidity management, asset-liability alignment, and cost control, community financial institutions can navigate these turbulent waters and position themselves for success in 2024 and beyond.

For community banks, the key takeaway is clear: stay agile, monitor funding costs closely, and adopt risk mitigation strategies that balance growth with stability. By doing so, these institutions can continue serving their communities and remaining resilient in the face of economic uncertainty.

For over 45 years, Young & Associates has guided community financial institutions through shifting market risks. Whether it’s capital planning, liquidity management risk reviews, or interest rate risk management reviews, our team is here to ensure your institution stays agile and ready to adapt to evolving market conditions. Contact us to learn more about how we can support your success.

Bridging the Small Business Lending Gap

How Technology Shapes the Future for Community Financial Institutions

By Ollie Sutherin, Chief Financial Officer, Young & Associates

The challenges posed by the COVID-19 pandemic are no surprise to anyone in the financial services industry, least of all to the small business owners across the country. However, concerns around small business lending were growing well before the pandemic and continue to rise, particularly for community financial institutions (CFIs). The evolution of technology has introduced a unique set of challenges and opportunities for CFIs, often seen as a double-edged sword: it both undermines the traditional values CFIs are known for and opens up a vital path to remaining competitive.

Historically, community financial institutions have built their foundation on personal relationships and tailored, customer-first service. It’s this “high-touch” approach that has endeared CFIs to their communities. However, as a new generation of small business owners emerges, so too does the demand for efficiency, automation, and immediate access to capital. In today’s fast-paced business environment, entrepreneurs are less interested in handshake deals and more focused on solutions that save them time and hassle. This shift in expectations is being effectively capitalized upon by fintech companies and larger financial institutions.

The Rise of Technology in Small Business Lending

For many entrepreneurs, the path to success hinges on one critical element: access to capital. Yet, what was once a deeply relational process—built around trust, face-to-face meetings, and careful consideration—has been revolutionized by technology. Today’s small business owners want quick answers. They want the loan process to be as streamlined and efficient as possible. Fintechs and large banks have answered that call by offering tech-driven solutions that not only provide rapid loan decisions but also reduce administrative burdens on both sides of the equation.

The ability to upload financial documents, run credit checks, and aggregate tax returns through automated platforms has cut out many of the manual processes that used to consume weeks or even months in the lending cycle. Fintech innovations use predefined input criteria to spread tax returns, perform credit analysis, and score loan requests—almost instantly. These advances have reduced the reliance on human loan officers and credit teams, who once reviewed each file manually, often delaying decisions and requiring more information from business owners. This high-tech, low-touch approach is particularly appealing to time-strapped small business owners.

The Technology Investment Gap

While fintechs and large institutions are surging ahead, many community financial institutions are lagging behind in terms of technological investment. A significant factor is the stark difference in budgets allocated to technology. Reports indicate that many CFIs dedicate only 3-5% of their total budget to tech solutions, compared to the 10% or more that larger institutions consistently invest. This discrepancy is further widened when considering that large financial institutions often invest in proprietary technologies that require ongoing development and maintenance, allowing them to stay on the cutting edge.

Fortunately, this doesn’t mean community institutions are left without options. Many vendors now offer solutions tailored specifically to CFIs, and these technological tools can be integrated as add-ons to existing products. These systems give CFIs the ability to provide faster decisions, greater transparency, and a smoother experience for small business clients—all without requiring massive investments in proprietary systems.

The Path Forward for CFIs

So, where does this leave community financial institutions in the rapidly evolving small business lending landscape? The answer lies in striking a balance between the traditional values that define CFIs and the technological advancements necessary to compete in today’s marketplace. CFIs possess a unique advantage that fintechs and large banks cannot easily replicate: a deep connection to their local communities and a personal touch that resonates with customers.

By leveraging technology to streamline processes while preserving the relationship-focused nature of their services, CFIs can offer the best of both worlds. Automated loan processes reduce friction and save time for both lenders and borrowers, but the human element—offering personalized advice, local expertise, and building trust—remains critical. This “high-tech, high-touch” approach enables CFIs to retain their core values while meeting the evolving demands of small business owners.

Conclusion: A Double-Edged Sword

Ultimately, the gap in technological investment presents both a challenge and an opportunity for community financial institutions. To remain competitive in today’s lending environment, CFIs must embrace technology without abandoning the personal service that sets them apart. The future of small business lending will depend on the ability of community institutions to wield this double-edged sword—combining the efficiency of streamlined processes with the warmth and trust of personal interaction. By doing so, CFIs will not only bridge the technology gap but also deepen relationships with their clients, ensuring they remain a trusted partner in their communities for generations to come.

If you have questions or would like to discuss how Young & Associates can help your institution tackle its lending challenges, contact us today. Together, we can find the solutions that best fit your needs and ensure your continued success.

CRE Stress Testing for Banks: A Crucial Tool in a Post-COVID World

By Jerry Sutherin, CEO at Young & Associates

Despite having limited requirements as defined by interagency guidance, the case can be made for requiring community financial institutions to have regular stress tests performed on their commercial real estate loan portfolios.

Emerging Challenges in Commercial Real Estate Lending

Recent post-COVID events have resulted in a heightened concern with regulators as it relates to commercial real estate. Most notably, interest rates have increased 525 bps from March 2022 through July 2023 and this correlates with the level of commercial loan delinquencies over that same period as noted in the chart below. This is further exacerbated the “work from home culture” and office vacancies increasing over the same period.

The ultimate impact on the commercial real estate sector is weaker NOIs, coverage ratios that are insufficient to meet loan covenants, higher Cap Rates, and lower valuations. For those loans locked into a lower rate, the issue now becomes; what happens when loans mature or reset? That is occurring now.

CRE Composition and Delinquency at US Banks Chart - S&P Global

Regulatory Expectations for Bank Stress Testing

Regulatory expectations for community bank stress testing initiatives have been set in both formal regulatory guidance and through more informal publications and statements. An interagency statement was released in May 2012 to provide clarification of supervisory expectations for stress testing by community banks.[1]

The issuance specifically stated that community banks are not required or expected to conduct the types of enterprise stress tests specifically articulated for larger institutions in rules implementing Dodd-Frank stress testing requirements, the agencies’ capital plan for larger institutions, or as described in interagency stress testing guidance for organizations with more than $10 billion in total consolidated assets.

OCC Guidance on Stress Testing Practices

However, in October 2012, the OCC provided additional guidance to banks on using stress testing to identify and quantify risk in the loan portfolio and to help establish effective strategic and capital planning processes.[2] The guidance reiterated that complex, enterprise-wide stress testing is not required of community banks, but also states that some stress testing of loan portfolios by community banks is considered to be an important part of sound risk management.

In the guidance, the OCC does not endorse a particular stress testing method for community banks; however, the guidance also discusses common elements that a community bank should consider, including asking plausible “what if” questions about key vulnerabilities; making a reasonable determination of how much impact the stress event or factor might have on earnings and capital; and incorporating the resulting analysis into the bank’s overall risk management process, asset/liability strategies, and strategic and capital planning processes.

The OCC bulletin also provides a simple example of a stress testing framework for community banks. In the summer of 2012, the FDIC also provided further guidance related to community bank stress testing in the Supervisory Insights Summer Edition.[3]

Interagency Guidance on Commercial Real Estate Risk

Perhaps the most significant piece of guidance related to loan portfolio stress testing for community banks is the 2006 interagency Concentrations in Commercial Real Estate Lending, Sound Risk Management Practices.[4] The continuing importance of and regulatory emphasis on this guidance was made clear in December 2015 when the interagency Statement on Prudent Risk Management for Commercial Real Estate Lending[5] was released, which reiterated the importance of the principles described in the 2006 CRE Guidance.

The 2006 CRE Guidance describes several important practices for effectively managing the risks associated with CRE lending, especially concentration risk. Portfolio stress testing of the CRE portfolio is described as a critical risk management tool for institutions with CRE concentrations.

Examiner Expectations for Portfolio-Level Stress Testing

While community banks have not been pushed to perform the enterprise-wide stress testing that the above guidance specifically states is not expected of them, examiner expectations for portfolio-level loan stress tests have continued to increase over time and are becoming more prevalent during a bank’s recurring exams. These expectations are centered on portfolios that represent significant concentrations and, given the perceived level of risk and the existence of the 2006 CRE Guidance, are therefore most focused on CRE portfolios.

A reasonable and well-documented approach to CRE portfolio stress testing, undertaken at appropriately frequent intervals such as on an annual basis, is the most effective way for community banks to meet examiner expectations and to contribute toward effective risk management of CRE concentrations.

Regulatory Criteria for CRE Concentration Risk

The guidance also states that strong risk management practices (with stress testing being one of the most important) and appropriate levels of capital are important elements of a sound CRE lending program, particularly when an institution has a concentration in CRE loans. The guidance then lays out the criteria regulatory agencies utilize as a preliminary means of identifying institutions that are potentially exposed to significant CRE concentration risk:

  1. Total reported loans for construction, land development, and other land represent 100% percent or more of total capital, or
  2. Total commercial real estate loans (as described above) represent 300% or more of the institution’s total capital, and the outstanding balance has increased by 50% or more during the prior 36 months.

Concentration Levels Chart

The guidance is clear that these thresholds do not constitute limits on an institution’s lending activity and are instead intended to function as a high-level indicator of institutions potentially exposed to CRE concentration risk. Conversely, being below these thresholds also does not constitute a “safe harbor” for institutions if other risk indicators are present such as poor underwriting or poor performance metrics such as deteriorating risk rating migration and delinquency.

Case Study: Loan Portfolio Concentration Levels

As noted in the example above, the figures indicate that the bank does not have a high level of construction, and land development loans as the balances do not exceed the 100% threshold level as a percentage of total capital. However, the Bank has exceeded the 300% threshold of non-owner-occupied real estate loans as calculated under the 2006 CRE Guidance.  Additionally, the Bank’s three-year growth rate in this category was 72.7%, which is greater than the 50% reference level that constitutes the second part of the two-part regulatory test for a heightened concentration in this category.

Impact of Loan Acquisitions

It should also be noted that regulatory guidance does not differentiate between organic growth and commercial real estate growth via acquisition. Therefore, all such loans acquired does impact the ratios noted in the concentration chart above.

Loss Estimation in Bank Stress Testing

The basic premise for any stress test modeling is to identify moderate / high loss estimates and the impact to capital on a loan-level basis as well as portfolio-wide. While some community banks provide some stress testing on a transactional basis at origination, the output is typically limited to scenarios that focus primarily on future interest rate fluctuations.

CRE stress test modeling, on the other hand, allows for an organization to gauge potential losses of the CRE portfolio using internal core loan-level data as well as call report data while factoring in other variables that could influence the ultimate collectability of commercial real estate loans.

Loan-Level or Bottom-Up Stress Testing

The bottom-up or loan-level portion of the stress test estimates losses under the stress scenarios on a loan-by-loan basis. The loan selection is typically a function of the desired penetration identified by the organization and is comprised mostly of larger transactions with a sampling of newer originations and adversely risk rated transactions.

In this portion of the analysis, various stress factors are applied to the NOI, collateral value, and interest rate for each loan identified by the Bank. This information, coupled with the transaction’s debt service coverage, liquidation costs and Cap Rates help form a possible loan-level loss for each loan in moderate and in moderate and high-risk scenarios.

Top-Down Stress Testing

To ensure that the entire CRE portfolio is stressed, a useful model would use a top-down loss estimation method to “fill in” losses on the remaining portfolio for which loan-level information was not provided. This is accomplished by comparing the total balances for which loan-level data was provided in each of the various categories (construction and land development, multifamily, and all other non-owner occupied CRE) to the Bank’s call report. Losses are estimated on the amount of exposure for which loan-level information was not provided by applying a top-down loss rate.

The Moderate and High Stress Scenarios below are determined by applying the loss rates included in the stress test example in the 2012 OCC guidance on community bank stress testing. These loss rates represent two-year loss rates, consistent with the OCC’s stress testing guidance.

Top-Down Loss Rates Chart

Enhancing Portfolio Oversight and Credit Risk Management

Collectively, the “bottom-up (loan level)” and “top-down” moderate and high stress scenarios provide a global overview of a bank’s CRE portfolio and its potential impact to capital. Knowing that this is not a replacement for an enterprise-wide stress test, it allows a bank to provide its management, Board of Directors, and regulators with some context of the estimated losses in this segment of their loan portfolio while also serving as an effective supplement to their internal or third-party loan review.

Historically speaking, any situation in which significant weakness is experienced in critical market and economic factors will result in credit losses that are elevated above those that a bank experiences in “normal” times if unprepared. There is no replacement for appropriate credit administration, however all banks should always utilize tools such as stress testing to enhance their oversight of the metrics behind their CRE portfolio.

The performance of any financial institution and ultimately their ongoing safety and soundness are dependent on the performance of the Bank’s CRE portfolio. It is critical that management and the board of directors ensure that the Bank emphasizes effective implementation of the risk management elements discussed in the 2006 CRE Guidance. These elements include:

  • Continued effective board and management oversight,
  • Effective portfolio management,
  • Ensuring that management information systems are able to provide the information necessary for effective risk management,
  • Performing periodic market analysis and stress testing,
  • Regularly evaluating the appropriateness of credit underwriting standards, and
  • Maintaining an effective credit risk review function

If a financial institution is successful in these endeavors, their CRE loan portfolio should continue to contribute positively to their performance. Accordingly, I am a proponent of all community financial institutions having a stress test performed regularly to ensure the performance of that segment of their loan portfolio as well as the entire organization.

Partner with Young & Associates for Expert CRE Stress Testing

Navigating the complexities of commercial real estate stress testing can be challenging, especially with evolving regulatory expectations and economic uncertainties. At Young & Associates, we offer specialized CRE and Ag portfolio stress testing services designed to address these very challenges. With over 45 years of experience, our team understands the intricacies of regulatory guidance and can provide your community bank with the insights needed to enhance strategic and capital planning.

Our proven stress testing model assesses the potential impacts of adverse economic conditions, helping you manage risk effectively and comply with regulatory expectations. We provide actionable insights to guide your loan product design and underwriting standards, easing the burden of stress testing and supporting your institution’s resilience.

Choose Young & Associates for a partnership that combines deep industry knowledge with a commitment to excellence. Let us help you stay ahead of regulatory demands and strengthen your CRE portfolio management. Reach out to us now to schedule a consultation.

 


[1]              FDIC, PR 54-2012, Statement to Clarify Supervisory Expectations for Stress Testing by Community Banks. May 14, 2012.

[2]              OCC Bulletin 2012-33, Community Bank Stress Testing: Supervisory Guidance. October 18, 2012.

[3]              FDIC Supervisory Insights, 9(1).” Summer 2012.

[4]              FDIC FIL-104-2006, OCC Bulletin 2006-46, FRB SR 07-1, Concentrations in Commercial Real Estate Lending, Sound Risk Management Practices. December 12, 2006.

[5]              FDIC FIL-62-2015, OCC Bulletin 2015-51, FRB SR 15-17, Statement on Prudent Risk Management for Commercial Real Estate Lending. December 18, 2015.

 

The Rising Need for Virtual Chief Information Security Officers

By Mike Detrow, CISSP, Director of IT & IT Audit, and Noah Lennon, CISA, Consultant, Young & Associates

Emerging trends in technologies, such as cloud computing and artificial intelligence, have significantly increased the complexity of the IT environments at community financial institutions. This has led to heightened regulatory requirements and demands for increased compliance efforts from an already stressed internal staff. Even the most skilled internal staff may find it challenging to manage the increased workload of managing the information security program, IT audits, and regulatory risk, which can lead to repercussions from regulators or security incidents.

For many, the need for dedicated information security management is abundantly clear, but affording and finding dedicated professionals in their communities is not an easy task. While you may already be using the services of a managed services provider (MSP) that may provide some support in this area, most MSPs are focused on IT infrastructure rather than information security programs. Virtual Chief Information Security Officers (vCISOs) are growing in popularity as a solution to this problem as they offer numerous benefits over a dedicated ISO, which are not only limited to cost savings.

Key Benefits of vCISO Services for Financial Institutions

Some of the benefits that a vCISO can provide include:

Document Templates

vCISOs maintain templates for documents such as policies, incident response plans, business continuity and disaster recovery plans, or can simply provide recommendations for enhancements of existing documents. Additionally, vCISOs have exposure to a breadth of policies across the many clients using their services, which allows constant improvements to the financial institution’s own policies and documentation.

Audit/Exam Preparation

vCISOs can help financial institutions prepare for an audit or exam by making sure that documentation is kept up to date and can help with the documentation gathering process to make sure it is well organized when it is provided to the regulator or auditor. vCISOs are also aware of recent audit/exam findings received by other clients and can help prevent your financial institution from receiving these same findings by addressing the identified issues prior to your next audit/exam.

Routine Tasks

vCISOs are aware of the activities that need to be completed each year and can skillfully lead them. These activities include vendor reviews, user access reviews, employee and board training, policy revisions and approvals, strategic planning, end of life monitoring, IT steering committee meetings, and more.

Security Monitoring

vCISOs can help to verify that appropriate security controls are implemented for the financial institution’s information systems, ensure that appropriate logging is configured, and help to monitor logs and alerts to detect and investigate security events.

Vendor Contacts

vCISOs work with a variety of vendors in the financial industry and can attest to their quality of work, which can assist the financial institution in choosing quality service providers. Leveraging existing rapport between the vCISO and service providers enables smoother transitions between vendors and clarity in the expectations for the relationship.

Plan Testing Exercises

vCISOs routinely help their clients perform business continuity and incident response tests, so they have testing scripts already developed to help make the testing process more efficient and productive. vCISOs can also help to ensure that these tests are appropriately documented for regulatory compliance and board reporting.

Incident Response

vCISOs may have experience in responding to incidents that their other clients have experienced. This knowledge can be used to implement controls that will help to prevent an incident at your financial institution or respond more efficiently should you experience an incident.

Selecting the Right Virtual CISO

So now that you are considering the idea of hiring a vCISO, how do you know what to look for?  To help with this process, we have identified some of the criteria that you should consider when selecting a vCISO.

Industry Expertise and Regulatory Understanding

One of the first characteristics to look for is a partner that focuses exclusively on financial institutions, or at a minimum has a division with this focus and understands the specific regulatory requirements from the FFIEC and your specific regulatory agency. While some firms may claim to cover all industries, there are differences in the regulatory requirements for various industries and you need a partner that truly understands the requirements that you must meet. In addition, while there may be many similarities that are shared by financial institutions, there are also differences in available local providers, customer demands, regulators, technology, and complexity, so you need to make sure that your partner has the flexibility to customize their processes and deliverables to your specific needs.

Proactive Approach and Value Addition

A vCISO should also provide value by regularly introducing new ideas to enhance the information security program, strengthen the security culture, and improve efficiency in routine processes.  You should not need to continuously ask your partner for recommendations for improvements.

Integrated Documentation Systems

Another consideration is the process used by the vCISO to maintain documentation. While some smaller and less complex institutions may do okay with multiple standalone documents and spreadsheets, having an integrated system that is used to share data for various purposes such as the information security risk assessment, vendor risk assessment, and business continuity plan may save time and ultimately money as well as limit the potential for errors as data is updated.

Maintaining Service Quality

One potential concern with using a vCISO is that unlike an CISO employed by the financial institution, vCISOs have multiple clients and may be less loyal to your financial institution than a full-time employee. To avoid potential issues associated with this type of relationship, just like any other vendor, you must perform appropriate due diligence and continuously monitor your vCISO to ensure that they are providing an acceptable level of service for your institution.

The Strategic Value of Virtual CISO Services

In closing, not only can vCISOs help financial institutions meet regulatory and technological goals without the costs associated with a full-time employee, they also bring a broad range of prior experience from working with multiple financial institutions. If you are struggling to stay on top of increasing technologies and related regulations, a vCISO can be an invaluable resource in ensuring your financial institution is successful.

Your Trusted IT Consulting Partner 

At Young & Associates, we understand the unique needs and challenges faced by financial institutions. Our IT consulting services are tailored to help you navigate the complexities of technology solutions while ensuring regulatory compliance and information security. Contact us today to learn more about how we can support your institution’s IT needs. 

Internal Audit: Your Third Line of Defense in Third-Party Risk Management

By Jeanette McKeever, CCBIA, Director of Internal Audit, Young & Associates

In today’s financial landscape, banks and credit unions increasingly rely on third-party vendors to meet regulatory demands, leverage technological advancements, and maintain competitive edges. However, these relationships introduce various types of risks in internal audit, from compliance and operational risks to reputational and strategic risks. Amidst economic uncertainty, increased digitalization, and growing supervisory attention, many financial institutions are reviewing their third-party risk management (TPRM) frameworks to ensure they are robust and comprehensive.

Here, the role of internal audit becomes indispensable. Internal audit’s role in TPRM goes beyond mere compliance. By leveraging their unique skills and perspectives, internal auditors can help institutions identify, monitor, and control risks while achieving strategic goals.

Understanding Third-Party Risk in Banking

Third-party relationships and their associated risks require careful management. Ineffective oversight of the complex operational, financial, technological, and legal agreements governing these extended business relationships can lead to brand or reputation damage, data security breaches, and significant financial losses. Additionally, such oversight failures can result in errors in financial reporting, compounding the challenges and potential impacts on the institution.

Financial institutions are entrusting an increasing percentage of their operations to third parties, prompting regulators to scrutinize these relationships more closely. The updated interagency guidance from the Federal Deposit Insurance Corporation (FDIC), the Federal Reserve Board (FRB), and the Office of the Comptroller of the Currency (OCC) outlines the regulatory expectations for managing third-party risks throughout the relationship lifecycle: planning, due diligence, selection, contract negotiation, ongoing monitoring, and termination.

Monitoring vendor performance is also a regulatory requirement for credit unions. The National Credit Union Administration (NCUA) specifies the criteria for assessing vendor performance in their 2007 supervisory letter SL No. 07-01, “Evaluating Third-Party Relationships.” This guidance emphasizes key areas for third-party relationship management, including risk assessment and planning, due diligence, risk management, monitoring, and control.

The Role of Internal Audit in Third-Party Risk Management

Though Chief Risk Officers are typically responsible for managing third-party risks, internal audit plays a crucial role as the third line of defense. Internal auditors bring essential skills, capabilities, and perspectives to thoroughly examine TPRM programs, identifying gaps or areas for improvement that might have been missed by the second line of defense. The board relies on internal auditors as an extra layer of security to ensure that third-party risks are properly identified and assessed, appropriate internal controls are in place, and timely risk intelligence is generated to inform decision-making.

Leveraging Internal Audit to Improve Third-Party Risk Controls

Internal audit can contribute significantly to managing third-party risks through various areas:

  • Pinpointing Critical Contracts: Internal auditors can assist in identifying high-risk third parties and ensure they receive more frequent scrutiny. This can help with prioritizing risk management efforts.
  • Assessing Risk Management Programs: They can evaluate the effectiveness of third-party due diligence processes and controls, conducting research to gauge the risk level and reputation of third parties.
  • Reviewing Compliance with Governance Standards: Internal auditors can verify if the financial institution’s processes for selecting and managing third parties adhere to governance requirements and include necessary risk and compliance clauses in contracts.
  • Evaluating and Improving Risk Controls: They can assess the effectiveness of risk management controls, ensure regulatory compliance, and check for “right to audit” clauses in third-party agreements.
  • Facilitating Informed Decision-Making: Auditors offer valuable insights into third-party risks. They also evaluate decision-making and contract management processes. This ensures that these processes align with the bank or credit union’s strategic objectives. Additionally, auditors verify that the processes provide sufficient risk protection.
  • Assessing Performance and Identifying Opportunities: They review global third-party performance, detect inconsistencies, and recommend best practices for effective risk and performance management.

Integrating Internal Audit into Third-Party Risk Management Strategies

1. Independent Vendor Risk Assessment and Identification

Conducting a risk assessment is essential for the initial decision-making process regarding whether to establish a third-party relationship. Internal auditors bring an independent perspective to the assessment and identification of third-party risks. They can perform thorough risk assessments to identify all third-party relationships and associated risks. This independent evaluation helps ensure no significant risk is overlooked, and it provides a holistic view of the financial institution’s third-party risk landscape.

2. Vendor Due Diligence and Selection Oversight

The due diligence process equips management with the necessary information to evaluate both the qualitative and quantitative aspects of potential third parties, determining whether a relationship will support the financial institution’s strategic and financial goals while mitigating identified risks.

If your financial institution has its own internal audit team, involving them in the due diligence process for vetting potential third-party relationships can be highly beneficial. Though not prevalent practice in community banks and credit unions yet, leveraging your institution’s third line of defense can enhance third-party risk management processes and provide an extra layer of protection.

Internal audit teams can provide oversight during the due diligence and selection phases of third-party relationships. They can assess the processes used for selecting third parties to confirm that the institution has effective policies and procedures in place. By ensuring thorough due diligence, internal auditors help identify potential risks early on. Their oversight includes evaluating the third party’s operational quality, compliance capabilities, risk profile, and long-term viability.

3. Contract Management and Compliance

Financial institution management should ensure that the specific expectations and obligations of both the financial institution and the third party are clearly defined in a written contract before finalizing the arrangement. Board or committee approval is required for many material third-party relationships, and significant contracts should be reviewed by appropriate legal counsel before finalization. The level of detail in contract provisions will depend on the scope and risks associated with the third-party relationship. Effective contract management is crucial for mitigating third-party risks. This involves not just due diligence but also thorough processes in agreement formation, publication, activation, compliance with service delivery, analysis, optimization, and offboarding.

The internal audit function can engage in contract management in two key areas:

  1. Auditing the overall contract management process.
  2. Reviewing active contracts with critical vendors.

Auditing the Contract Management Process

An effective contract management process is crucial for maintaining strong performance across your institution. Even minor inefficiencies can lead to significant issues, particularly when your financial institution aims to grow and scale. A robust contract management system contributes to a thriving institution.

Regular audits of your contract management lifecycle can reveal hidden costs and growth opportunities. These audits should assess process deficiencies, compliance issues, and historical management practices. Start by identifying key stages in your process and setting benchmarks for measurement. Key stages often include planning, due diligence, selection, contract negotiation, ongoing monitoring, and termination, as outlined in regulatory guidance.

Evaluate your management practices within each stage. Is the contract management process clearly defined? Are roles and responsibilities assigned? Who ensures compliance with service-level agreements (SLAs)? Addressing these questions through a contract management audit can help identify risks and gaps, ensuring a more effective and efficient process.

Reviewing Active Contracts with Critical Vendors

Begin by inventorying and segmenting critical vendors based on risk levels to identify those most critical to audit. Incorporate audits of high-risk and important service provider contracts into your annual audit plan. Gain an understanding of the key risks associated with each service provider and thoroughly review their contracts.

Internal auditors can review critical third-party contracts to ensure they include comprehensive risk and compliance clauses. This includes verifying that contracts have “right to audit” provisions, which allow the institution to monitor third-party compliance continuously. Once you’ve established your audit rights, you can start the contract audit by assessing key legal and business risks. Look for deficiencies and compliance issues in the contract, and consider conducting on-site reviews if your audit rights permit. An efficiency audit may also be warranted to ensure services are delivered as per the contract and service level agreements.

After completing the audit, validate the results, identify root causes, and propose solutions. Finally, communicate the results to the contract owner and key stakeholders, ensuring they are informed of the findings and recommended actions.

4. Ongoing Monitoring and Reporting

Once a third-party relationship is established, continuous monitoring is essential to manage evolving risks. Internal audit can play a vital role in developing and implementing monitoring frameworks that track third-party performance, compliance, and risk exposure. Regular audits and reviews can provide senior management with timely risk intelligence, enabling informed decision-making and ensuring that effective internal controls are in place.

5. Internal Audit Collaboration with Risk Management Functions

Internal audit of third-party risk management becomes more effective when auditors and risk managers collaborate and share information, leveraging each other’s abilities and tools. By working closely with risk, compliance, and other departments, internal auditors can ensure that third-party governance policies and procedures are consistently applied across the bank or credit union.

By integrating third-party risk assessments with audit plans, both auditors and risk management teams can eliminate redundancies in the risk evaluation processes. This approach also helps standardize the risk language used and offers management teams and boards a comprehensive view of the financial institution’s third-party risk profile. This collaboration integrates TPRM into the overall risk management strategy, enhancing the institution’s ability to manage third-party risks.

Building a Robust Third-Party Risk Management Framework

To effectively manage third-party risks, financial institutions should establish a comprehensive TPRM framework. TPRM necessitates a framework that holds the board of directors and senior management accountable, requiring them to adjust the principles based on the size, scope, and criticality of the products or services provided by third parties. This framework should be consistently applied across the institution and integrated into its operational, risk, and compliance management activities. As discussed, key components of a robust TPRM framework include:

  • Defining and Inventorying Third-Party Vendors: Internal audit can assist in identifying and inventorying all third-party relationships, categorizing them by risk level and criticality.
  • Risk Appetite Assessment: Assessing the bank or credit union’s risk appetite concerning third-party relationships, particularly those in high-risk locations or industries.
  • Enhanced Vendor Due Diligence: Conducting enhanced due diligence for critical third-party relationships, ensuring alignment with the institution’s risk profile and regulatory requirements.
  • Ongoing Monitoring and Performance Standards: Establishing and maintaining rigorous monitoring and performance standards for third-party relationships, ensuring continuous compliance and risk management.
  • Training and Awareness: Providing training for stakeholders on TPRM processes and the importance of effective third-party risk management.

Risk-Based Internal Audit for Financial Institutions

With regulatory bodies calling for enhanced third-party oversight, the imperative for thorough risk and assurance functions has never been greater. These functions must delve deeply into the third-party network to ensure that critical risks and compliance requirements are diligently managed and monitored. Internal auditors are pivotal in this endeavor and should seek to broaden their role in fortifying third-party risk management.

At Young & Associates, we understand the critical importance of robust TPRM processes and offer expert consulting services to help banks and credit unions strengthen their internal audit functions, risk management, and more. By leveraging our expertise, financial institutions can enhance their third-party risk management frameworks, ensuring compliance, mitigating risks, and achieving strategic objectives. Ultimately, effective TPRM is not just about regulatory compliance; it’s about creating a resilient and thriving financial institution.

For more information on how Young & Associates can support your internal audit needs, click here.

CDs Maturing in Q2: Impact on Interest Rate Risk Management

By: Michael Gerbick, President at Young & Associates

Interest rate risk (IRR) is the exposure of a bank or credit union’s current or future earnings and capital to adverse changes in market rates. Management of that risk is critical to community financial institutions and since the pandemic and rates went to zero, due to the rapid pace of change, effective management of that risk has been difficult due to the rapid increase in interest rates.

Navigating Market Volatility: The Role of ALM Models 

Most banks and credit unions utilize asset liability management (ALM) models to assist in the modeling of interest rate increases and decreases, typically +/- 400 bp shock scenarios. Similar to the parallel rate shock scenarios of the ALM models designed to identify risk exposure in a rapidly changing rate environment, the Fed raised rates between March 2022 and July 2023 from 0% to 5.25–5.50%.  

The yield curve shape changed significantly, putting additional stress on the Asset Liability Committees (ALCO) responsible for managing the ALM function of financial institutions, and has not let up. Yes, the inverted yield curve has flattened from 12 months ago, however in March this year, the Treasury yield curve for the two-year and ten-year yields hit a consecutive day record for being inverted 625 days, besting the previous record set in 1978.  

The chart shown below1 illustrates the difference between the higher yield 2-year and the lower yield 10-year. 

Strategies Amidst Rising Rates: Insights for Community Banks and Credit Unions 

Amongst many of the strategies employed during the rising rate environment of 2022 and 2023 was offering certificates of deposit (CDs) to maintain and grow deposits on the balance sheet. However, the funding mix began to shift as consumers migrated towards the higher interest-bearing accounts or the Bank increased Federal Home Loan borrowing which caused the cost of funds to increase.  

Industry research for the last two years shows interest-bearing deposits up 5.1% and non-interest-bearing deposits down 28%2. Rates have not risen since July 2023, however many of the CDs offered in 2023 are due to mature in 2024 in a different rate environment than when they were issued. Financial institutions are monitoring this closely.  

Strategic Considerations for ALCOs: Addressing Interest Rate Risk 

ALCOs are tasked with predicting the interest rate exposure in the elevated rate environment. Currently, we are in a unique environment and banks and credit unions should be cautious about using historical data only to predict future activity. In addition to non-bank competitors competing for deposits, community financial institutions need to continue improving their approach to cost of funds, net interest margin compression, and how the institution will effectively manage their exposure to interest rate risk. A few strategies and actions financial institutions can employ related to deposits are: 

Optimizing Interest Rate Exposure

Increase the frequency in which ALCO meets to review the interest rate environment. This may currently be semi-annual or quarterly at your institution. The financial institution may consider meeting monthly to stay abreast of any changes in the environment or new products the Bank is releasing. 

Policy Revision

Review your policy limits approved by the Board. Your policy may only have -100 bp or -200 bp scenarios listed given the previous low-rate environment. Not only review the existing policy limits with the Board but increase the stress range to account for -300 bp and -400 bp. 

Trigger Points

In addition to the policy limits, consider thresholds for the rate of change of the risk measures that consider risks associated with liquidity, interest rate risk, and capital. These rate of change thresholds are designed to commence action or additional investigation into the source of the significant movement ahead of falling outside of policy limits. 

Stress Your Assumptions

ALM models have built-in assumptions and are likely based on historical industry averages supplemented by data supplied by your institution. Common key assumptions outlined by the FDIC3: 

  • Asset Prepayment – represents the change in cash flows from an asset’s contractual repayment schedule. The severity of prepayments fluctuates with various interest rate scenarios. Mortgage loans are a prime example of assets subject to prepayment fluctuations.
  • Non-Maturity Deposits
    • Sensitivity or Beta Factor – describes the magnitude of change in deposit rates compared to a driver rate.
    • Decay Rate – estimates the amount of existing non-maturity deposits that will run off over time.
    • Weighted Average Life – estimates the average effective maturity of the deposits.
  • Driver Rate – represents the rate, or rates, which drive the re-pricing characteristics of assets and liabilities. Examples include Fed funds rate, LIBOR, U.S. Treasury yields, and the WSJ Prime rate.

Have discussions with your team and understand what is going on broadly in the economic environment as well as items specific to your bank or credit union. Address changes or concerns in your modeling assumptions or at the very least, be aware of their potential impact. Spend time to learn the assumptions. Do not accept the defaults as correct, make sure your team understands them.

In addition to your base case, stress the assumptions – double or triple the decay rates, assume a high sensitivity to driver rates in the change in deposit rates, and cut the prepayment speeds in half. The alternate scenarios with severe assumptions will assist ALCO in understanding potential value creation and risks.  

Interest Rate Risk Review

Regulatory guidance indicates that every bank should have an annual third-party assessment of the interest rate risk system. Similar to other audits, this review should be delivered to the Board of Directors or the Board’s audit committee and is a critical component of the Board’s responsibility for bank oversight. 

Educate the Board on Interest Rate Risk

There are educational videos available through the FDIC website. In addition, there are IRR modeling vendors that will attend meetings to provide perspective to your institution on the current economic environment and your modeling results. Leverage them. 

Managing Interest Rate Risk in 2024 and Beyond 

There is always an opportunity for significant value creation in any environment. The rapidly increasing rate environment experienced in 2022-2023 brought forth significant risks and opportunities. The 2024 environment possesses new challenges, and I am excited to see our community banks and credit unions adjust their balance sheets, act on the highest value opportunities, and limit their interest rate exposure.  

Assess Your Interest Rate Risk 

Ready to proactively manage your institution’s interest rate risk? Young & Associates offers comprehensive interest rate risk reviews tailored to your needs. Ensure your bank or credit union is prepared to navigate market volatility with confidence. Reach out to us now to schedule your consultation!

 

 


1Federal Reserve Economic Data (FRED) 10-Year Treasury Constant Maturity Minus 2-Year Treasury Constant Maturity
2S&P Global US Bank Market Report 2024
3FDIC Developing Key Assumptions for Analysis of Interest Rate Risk

Managing CRE Credit Risk Amid Market Shifts

By: Jerry Sutherin, President & CEO of Young & Associates

The landscape of commercial real estate (CRE) lending is shifting due to current economic events, presenting both challenges and opportunities for community financial institutions deeply entrenched in this sector. The challenges range from the profound impact of remote work trends and the uncertain future of office spaces to growing concerns about inflation and higher interest rates bringing CRE risk into the spotlight. This volatility has garnered increased attention from internal and external stakeholders, as well as regulatory authorities. Consequently, identifying the most pressing threats among these challenges and proactively mitigating risk has become a top priority for financial institutions with CRE exposure.

In the face of rising interest rates and delinquencies, many financial institutions are preparing to confront these economic stressors. In fact, some were already scaling back lending before the recent collapses of Silicon Valley Bank and Signature Bank. We have all witnessed the tightening of lending standards resulting from that event, and many analysts anticipate further tightening among all community financial institutions. This constriction is also impacted by limited deposits and liquidity forcing financial institutions to be selective in how they deploy their capital. These facts leave many analysts predicting when credit problems will emerge in the CRE sector.

The evidence speaks for itself. According to S&P Global Market Intelligence, the delinquency rate for all CRE loans held in U.S. banks has increased by five basis points year over year. Moreover, within a single quarter earlier this year, the delinquency rate for nonowner-occupied nonresidential property loans spiked by a significant 24 basis points. This has led to tighter lending standards at origination, reflecting the concerns of institutions. Further, financial institutions are taking proactive measures to mitigate CRE risk after origination. Some have set aside high-single-digit percentage allowances for office loans. Others have reduced exposure through portfolio sales. Overall, loan originations have fallen, CRE sales have slumped, and forecasts indicate a drop in CRE prices.

The tightening of lending standards, the slowdown in the growth of CRE loans, and the impact on loan originations have emerged as central concerns in the financial sector. What unifies these factors is their inherent risk and whether they act as warning signals or responses. Managing CRE credit risk is undeniably intricate, but leveraging available strategies and tools empowers community banks, credit unions, and financial institutions to effectively navigate the ever-changing CRE lending sector. This enables them to proactively assess and plan for risk mitigation, rather than merely react to these changes.

Understanding Commercial Real Estate Risk

As CRE loans represent a substantial part of many banks’ loan portfolios and higher yielding assets, especially within community financial institutions, understanding the significance of CRE credit risk is paramount. Community banks and credit unions often operate in areas experiencing job and population growth, leading to a high demand for CRE lending and, in turn, a high concentration of CRE loans. This growth and its corresponding effects on loan portfolio concentration pose new challenges for banks in terms of risk monitoring and control.

While larger financial institutions commonly maintain experienced staff and even entire departments to manage these risks, it is generally not cost effective for smaller financial institutions to hire and maintain qualified resources to help mitigate the inherent risks. In the absence of an internal CRE risk management team, it is imperative for financial institutions to rely on independent third-party resources to assist in this crucial process.

Historical Context and Lessons from Past Experiences

A retrospective examination underscores the importance of proactive risk management. Many significant historical banking failures were largely attributed to overinvestment in CRE loans and the lack of an effective risk management process. Weak underwriting standards and poor portfolio management led to an oversupply of CRE properties and borrower defaults. Over time, regulatory improvements, such as stricter underwriting and risk management requirements, have been implemented. Nevertheless, predicting the future remains uncertain. We can only analyze past patterns and the shortcomings to properly assess future risks.

In 2023, community and regional financial institutions comprise approximately 72% of the CRE loan market, taking on an above-average amount of CRE credit exposure. Recognizing such circumstances is vital, as you should be alert to potential red flags. Identifying and managing CRE credit risk is critical.

Identifying Emerging CRE Risk

A comprehensive understanding of CRE credit risk highlights the increasing complexity of its landscape. CRE credit risk is multifaceted, with numerous risk categories affecting CRE lending, including market risk, asset risk, liquidity risk, and credit risk, among others. To construct a robust risk management strategy, all these variables must be explored and considered.

To assess your financial institution’s CRE loan segment’s health, a systematic approach is needed. When determining if your CRE portfolio exceeds your institution’s risk appetite and how to quantify that risk and respond effectively, the answers lie in developing a comprehensive, tailored framework for assessing and analyzing your CRE loan market. The most recent regulatory interagency Statement on Prudent Risk Management for Commercial Real Estate Lending notes that institutions that successfully monitored risk have:

  • Established appropriate loan policies, underwriting standards, and concentration limits.
  • Conducted cash flow analyses based on realistic rates and expenses to ensure repayment ability and assessed borrowers’ ability to repay during interest rate fluctuations and loan structure changes.
  • Analyzed the impact of economic changes on the loan portfolio’s quality, earnings, and capital.
  • Provided boards and management with information to adapt lending strategies in changing market conditions.
  • Maintained information systems to manage concentration risk effectively.
  • Implemented appropriate appraisal review and collateral valuation processes.

With the many challenges faced by community financial institutions, the need to effectively identify, measure, and manage these risks has become paramount. While established best practices exist to address these risks, financial institutions must transition from assessing each risk in isolation to recognizing the interconnectedness and synergy between them. A more holistic approach to risk management is required, allowing institutions to confidently inform their capital planning, risk tolerance, and overarching strategy.

Strengthening CRE Risk Management in Community Financial Institutions

A comprehensive risk management strategy empowers financial institutions to adapt to market dynamics, instilling confidence among stakeholders and regulators. Alongside the factors discussed in the previous section, regulatory guidelines highlight two critical facets of CRE risk management: stress testing and portfolio reviews. While community financial institutions can execute these internally, outsourcing can offer efficiency and effectiveness.

CRE Portfolio Stress Testing

Stress testing and sensitivity analyses are indispensable tools for evaluating CRE risk and gauging the impact of economic fluctuations on asset quality, earnings, and capital. These assessments should align with the portfolio’s size and risk profile. CRE stress tests inform strategic and capital planning, credit concentration limits, policy, and underwriting. Integrating stress testing into risk management and strategic planning is essential to anticipate and mitigate risks, especially given current market uncertainties.

Although loan-level stress testing serves a purpose on a transactional level at origination, financial institutions should also regularly perform portfolio-level stress testing that encompasses a bottoms-up and a top-down approach. The bottom-up approach allows financial institutions to gauge the risks of individual, seasoned loans by stressing each transaction through interest rate changes, collateral values, and other market factors. Implying moderate and high stress scenarios to each transaction allows for early identification of potential losses and their impact on the capital of your organization. The top-down approach takes the remaining portfolio not identified on a loan-level analysis and uses the same stressors to further identify any possible impact to capital.

Independent Loan Reviews for CRE Risk Mitigation

Thorough loan reviews are pivotal for identifying and mitigating potential CRE portfolio risks. They enable banks to assess loan quality, maintain compliance with regulations, and make necessary adjustments on a loan and portfolio level. An effective loan review function is crucial for assessing asset quality, evaluating underwriting and ongoing monitoring, and identifying exceptions to policies. Proactive issue resolution ensures risk mitigation before regulatory scrutiny or asset quality deterioration.

To further safeguard against future losses, it is critical that a loan review be independent. If maintained internally at the organization, it should report directly to the audit committee of the board of directors or the full board of directors. If a third-party firm is contracted to perform this work, it too should report all findings to the board of directors or a committee thereof.

Tactical Approaches to Limit CRE Risk in an Unpredictable Market

To minimize exposure to CRE credit risk, institutions should enhance communication with borrowers, allocate additional resources for portfolio management, understand collateral, and manage interest rate risk. Effective market area monitoring, adaptable to the institution’s unique risk exposure and appetite, is essential. Clear communication of risk tolerance from the board down to lending staff fosters alignment and clarity.

Community financial institutions must not become complacent in their approach to risk management. It is critical to remain agile and continually adapt to changing environments and emerging risks, especially in the currently volatile realm of CRE lending. By staying proactive and employing a comprehensive risk assessment and management approach, banks and credit unions can successfully address CRE credit risk, safeguard their portfolios, and maintain their success.

Optimize Your Risk Management Strategies with Young & Associates

With over four decades of experience, Y&A specializes in helping community financial institutions manage risk. Our enduring presence in the industry reflects our ability to adapt to evolving financial landscapes. Our seasoned consultants, who have backgrounds in banking, bring firsthand experience of market fluctuations.

Outsourcing CRE Stress Testing

Young & Associates offers a CRE portfolio stress testing service that efficiently and insightfully assesses your portfolio. Using data specific to your bank, we stress your CRE portfolio across various factors. Our report quantifies potential impacts on earnings and capital resulting from collateral value decreases, changes in property net operating incomes, or increases in interest rates. What sets us apart is our ability to handle the stress testing process efficiently, allowing your institution’s management to focus on other important initiatives.

Outsourcing Loan Review

For most community financial institutions, outsourced loan review is the best choice due to size and the need for an independent party. Our loan review service, applied to your CRE portfolio, not only uncovers individual credit assessments but also evaluates the alignment of your credit standards, analysis, and continuous credit monitoring with the specific characteristics of your CRE portfolio. Our findings not only inform you about existing portfolio risks but also provide recommendations for effective risk management.

Contact us to explore how we can support your journey in addressing CRE credit risk effectively.

How Strategic Planning Drives Effective Change Management

By: Michael Gerbick, COO 

Change is an undeniable aspect of the modern financial world. To stay competitive, thrive in a dynamic marketplace, and satisfy the demands of both customers and regulators, banks and credit unions must embrace change management as an integral part of their strategic planning process. But how can financial institutions seamlessly integrate change management into their strategies while ensuring their governance processes remain robust enough to meet regulatory requirements? Understanding this symbiotic relationship and how to strategize for achievement is vital.

The Unavoidable Reality: Change in the Financial Sector

The significance of change management in the bank and credit union industry has gained even more prominence in recent times. In the Fiscal Year 2024 Bank Supervision Operating Plan released by the Office of the Comptroller of the Currency Committee on Bank Supervision, change management takes center stage. The plan underscores the importance of banks implementing significant changes in various aspects of their operations, from leadership to risk management frameworks, and even in their use of third-party service providers that support critical activities.

The operating plan emphasizes the role of examiners in identifying these financial institutions and evaluating the suitability of their governance processes. This includes assessing whether the acquisition or retention of qualified staff aligns with the changes undertaken by the board or management. These changes can arise from a variety of factors, including mergers and acquisitions, system conversions, regulatory requirements, and the implementation of new, modified, or expanded products and services, such as cutting-edge technological innovations.

This regulatory focus underscores the critical nature of integrating change management into the strategic planning process for banks and credit unions. It is not just about responding to the evolving landscape; it is about proactively steering the ship towards a brighter, more competitive future. Change is a constant in the financial sector. Market dynamics, technological advancements, shifting customer expectations, and regulatory updates all contribute to the perpetual evolution of this industry.

For banks and credit unions, change should not be a reactive response; it should be a proactive strategy. Strategic planning, often seen as the roadmap for an organization, is the mainstay that can help financial institutions navigate these uncharted waters. However, the true synergy lies in integrating change management into this planning process.

The Power of Change Management

Change management, at its core, is about guiding an organization through the transition from its current state to a desired future state while minimizing disruptions and ensuring that the change is well-received by employees and stakeholders. In the context of banks and credit unions, effective change management can manifest in various forms, such as:

  • Digital Transformation: Embracing new technologies to enhance customer experiences and operational efficiency.
  • Compliance Updates: Adapting to evolving regulatory frameworks to avoid penalties and maintain trust.
  • Cultural Shifts: Fostering a culture of innovation and adaptability among employees.
  • Product and Service Enhancements: Continuously improving offerings to meet customer demands.
  • Proactive Risk Assessment and Management: Identifying, mitigating, and seamlessly integrating risk management to safeguard against potential risks and challenges.

The crucial role of change management in this industry cannot be overstated. It enables financial institutions to execute their strategic visions successfully, transforming conceptual ideas into concrete actions.

Incorporating Change Management into Your Financial Institution’s Strategic Planning

To weave change management seamlessly into your strategic plan, consider the following steps:

  1. Establish a Clear Vision: Clearly define your strategic objectives and the desired outcomes of the change initiatives. Ensure that your team understands and is aligned with this vision.
  2. Identify Key Stakeholders: Recognize the individuals and groups affected by the proposed changes. Engage with them early to gather insights, address concerns, and gain their support.
  3. Create a Robust Governance Framework: Robust governance processes are essential for change management in banking. This includes defining roles and responsibilities, establishing decision-making processes, and setting up regular progress tracking mechanisms.
  4. Develop a Communication Strategy: Effective communication is the backbone of change management. Craft a comprehensive plan to keep stakeholders informed, engaged, and motivated throughout the change journey.
  5. Build Change Champions: Identify and empower individuals within your institution who can serve as change champions. They can help drive the transformation and inspire their colleagues.
  6. Monitor and Adapt: Regularly assess the progress of your change initiatives and be ready to adjust your strategies as needed. Change is iterative, and adaptability is key to success.

Incorporating change management into strategic planning is critical. By establishing a clear vision, engaging key stakeholders, creating a robust governance framework, crafting effective communication strategies, building change champions, and embracing adaptability, your financial institution can navigate change seamlessly and achieve its strategic objectives.

Governance Processes: Meeting Regulatory Requirements

Incorporating change management into your strategic plan does not mean sacrificing regulatory compliance. In fact, it can enhance your ability to meet these requirements effectively. Here is how you can navigate this regulatory landscape while optimizing your change management efforts:

  • Risk Assessment: Conduct comprehensive risk assessments to identify potential compliance gaps and challenges associated with your proposed changes. Address these issues proactively and effectively to minimize regulatory risks.
  • Regulatory Engagement and Collaboration: Establish open and constructive lines of communication with regulators and examiners. Keep them informed of your change initiatives, seek their insights and guidance on change management strategies, and demonstrate your commitment to compliance.
  • Documentation and Reporting: In line with regulatory requirements, maintain meticulous records of your change management efforts, including compliance measures. Thorough and accurate documentation can simplify examinations and audits, making the process smoother and more efficient.
  • Training and Education: Invest in training and educating your staff on regulatory changes and their implications. Knowledgeable employees are your first line of defense against compliance issues.
  • Continuous Improvement: Remember that change is perpetual. Continuously assess and adapt your change management strategies to stay ahead in a rapidly evolving industry.

By following the strategies outlined above, you can navigate the complex regulatory landscape while optimizing your change management efforts and harmonizing change with compliance. Embrace these practices, and your organization will not only thrive in the face of change but also meet regulatory demands with confidence and efficiency.

Embracing Proactive Change Management

Change management is a function of an effective strategic plan. The symbiotic relationship between them is the cornerstone of success in modern financial institutions. Embracing change as an opportunity, rather than a challenge, is crucial. Integrating change management into your strategic planning process, establishing robust governance procedures, and ensuring regulatory compliance are the keys to thriving in an ever-evolving industry.

Remember, change is not a one-time event but a continuous journey toward a brighter future for your institution and stakeholders. Align your strategic planning with regulatory directives and embrace change management as a proactive strategy to not only meet regulatory demands but also position your institution as an industry leader in the dynamic financial landscape. Embrace change, and let it steer your institution toward success.

Young & Associates: Your Partner in Change

Y&A is here to support financial institutions as they navigate the ever-evolving landscape of the financial industry. With our team’s extensive experience in regulatory compliance, risk management, and strategic planning, we stand ready to assist you in successfully embracing, harnessing, and facilitating change. With over 45 years of proven experience as a trusted ally to financial institutions, you can rely on Y&A to guide through the financial sector’s changing terrain. Get in touch with us to learn how we can help.

Connect with a Consultant

Contact us to learn more about our consulting services and how we can add value to your financial institution

Ask a Question