Banking Exchange Magazine Logo

Talking to regulators about risk

Show how seriously your bank takes risk management

Talking to regulators about risk

Your plans are really gaining traction. Three new loan offices you opened have handily exceeded their profit and volume goals in their first year and are on track to do so in their second year too. The board congratulated you and the team.

Still, you know your shareholders want greater dividends or more growth in the next two to three years. You know that organic growth alone may not suffice. So you’ve been talking to a nearby bank about a possible combination. When you review the numbers, you see an acquisition would be immediately accretive to your shareholders—and theirs—and create a larger, more liquid market in your stock. You and the board are excited at the prospects.

Then comes time for your annual exam by your primary regulator.

As you reflect on how to discuss the state of your business with them, it is of course best to understand their perspective—how they see things and why they approach their jobs as they do.

Truly, you’re on the same side

At an abstract level, your success in the long run is their success, just so long as there are no serious problems along the way.

You are driving your bank to growth, increased profits, expanded job opportunities for employees, and positive returns for your shareholders.

The regulators simply don’t want problems.

Examiners themselves need to be thorough and accurate. Their work is reviewed and they do not want to be the ones who miss an important matter that was within the scope of their exam.

And they also are interested in having bank management think favorably of them, and report to their supervisors that view. So they have an incentive to be knowledgeable about the bank and to work cooperatively with management to get the job done.

Know this: Although individual examiners are typically not politically motivated, their agencies are. Leaders of bank regulatory agencies need to be responsive to legislative and executive concerns. No one wants to be brought to task, especially publicly, for problems that are allowed to develop on their watch. And, if problems do happen, they want to be seen as tough and responsive.

If any of us had those jobs, we’d be that way too.

What’s hot? Just ask them

From regulators’ being on the spot in this way thus arise the “hot” concerns that agencies identify. We’ve all seen it:  mortgage servicing; commercial real estate loan concentrations; Bank Secrecy Act and anti-money-laundering compliance; and even flood insurance compliance.

Examiners are guided to pay special attention to current items, so they are particularly sensitive to the then-current hot items at each exam. In fact, you can ask them what they are now, and what is developing over the near-term horizon. Experience tells me that they’ll give you direct answers.

Knowing the various pressures and incentives that frame the agencies’ and examiners’ situation is a good place to start in deciding how to portray your organization to them.

Helping them to do their jobs by being prepared to answer their key questions at the outset will help them, which will then help you.

Your plans versus examiners’ priorities

Next, it is helpful to analyze how your current situation and plans interact with their pressures and incentives.

• Has growth in the loan portfolio caused you to tilt towards a CRE concentration? 

• Are you extending maturities in your investment portfolio just when agencies are publicly expressing concerns over interest rate risk? 

• As capital becomes the focus of safety in the banking system, how will your capital management policy withstand more stringent scrutiny? 

• And what about your vendor management program? 

These are examples, and you can bet we will see some fade away while new ones arise, or re-arise, in the future. Staying current is the key.

Examiners recognize your desire to grow and make more money. However, they expect—even demand—that risk management grows at least proportionately with growth and the demands of the times. Risk needs to be an integrated part of your strategic planning and business processes to meet expectations.

Communicating your understanding of your own risk convincingly to the examiners and their supervisors is your goal.

Do so, and you will be given leeway.

Fail to do so, and you will be playing continuous defense.

Hit risk management books before the exam

Prior to an exam, even last minute, it is worth a review of your bank’s position regarding current hot items. Take the time to do so. Beef up areas that will be a focus, or get the process under way before the examiners arrive.

Voluntary attention and initiative earns far more credit than responsive behavior.

Examiners are charged with assessing a bank’s overall risk profile.

They use phrases like “Quantity of Risk,” “Quality of Risk Management,” “Residual Risk,” and “Direction of Risk.” Broadly …

Quantity of Risk is what we think of as inherent risk.

Quality of Risk Management reflects the aggregate assessment of the effectiveness of management’s control and risk mitigation activities.

Residual Risk is what results after our risk management activities are applied.

Direction of Risk has its plain-English meaning.

Frame your remarks with terms that align well to their categories, which will help them write the exam report they are charged with producing.

If your bank has an established ERM program in place, a well-organized report should exist that is structured along these lines. If there is a Risk Committee of the Board, reports given to it should likewise be structured similarly.

And if not, that’s OK too, at least in general, and at least for now. Commitment to forming that outlook, and demonstration of tangible steps in that direction, are necessary to assure credibility, though.

So if formal reports are not where you’d like them to be, speak to examiners about incorporating their concepts in your communications. Have your key management staff do likewise. Consistency matters.

Explain yourself—even if you do it twice

First impressions also matter. If you’ve undertaken a new activity, it is best to lead with your analysis of the risks involved and the controls, resources, and reporting put in place to mitigate the risk. Then the profits or other positive outcomes that are expected can be discussed as the reason for taking on the risk and investing resources to manage it.

Leading with your understanding of risk and the structure to manage it ahead of the rewards will resonate with examiners. Doing so will more likely produce a better rating than doing it the other way around.

While you plan your communication to your examiners, it is possible that they may not give such attention to how they communicate to you. What they say can be just plain wrong, challenging, or worse.

That should be the exception, but it will happen.

We all know that aggressive responses, even to ill-conceived comments will be unproductive in the long run. Instead, take these times as an opportunity to explain further what you are doing.

At other times, you will hear an insightful comment, perhaps pointing out a lapse in your processes or plans. Be ready to admit you failed to consider something, or formed an improper judgment on the matter raised, if in fact that’s the case.

Open-minded listening, investigation, and fact-based consideration win the day. Should you determine that an examiner has raised a valid point, say so, and incorporate your further thoughts into your analysis and communication.

Communication reigns when M&A arises

Other than examinations and more routine interactions with your regulators, you may be approaching them with a potential merger or acquisition. You’ve focused on the benefits to your shareholders—regulators don’t share that focus.

Today, it is commonplace to approach the regulators in advance of signing an agreement with the target company. The communication to the regulators prior to signing an agreement should be responsive to their concerns based on the same principles as during an examination.

Laying out the basics of the transaction comes first, and will include pro-forma financial statements depicting the assumed benefits of the transaction. Take the time to lay out in clear terms the financial metrics that regulators are most concerned with: resulting tangible capital levels; loan quality data; pro-forma allowance for loan and lease losses and credit marks assumed; loan concentrations; and similar matters.

Social issues in these transactions are of great significance.

Regulators will, of course, want to know who will be in charge. But they will also want to understand the assumed cost-savings, which are usually heavily weighted to cuts in staff.

Be as clear as you can about your plans regarding the risk, credit, and audit areas. It is likely in the early stages of a transaction that you’re not sure. But a simple statement that you are committed to provide appropriate resources in these areas at the outset will be helpful.

If there are aspects of the transaction that reduce risk, make sure they are clearly communicated. For example, capital levels may be improved, problem loans eliminated through sale, or loan concentrations reduced.

In the end, regulators will be more cooperative if they view the transaction as reducing risk in the institutions they oversee. Help them come to that conclusion in a clear, factual manner.

Demonstrate that risk management is “baked in”

Whatever the reason you are talking to the regulators, modulating your communication to address their concerns and pressures will yield improved results. Depict risk management as part of the way the bank runs.

Direct, early, and consistent interaction about what risks you really worry about and what you’re doing about them. If there are items that may appear to be a problem but you’ve determined are not, say so—and explain why.

Taking such efforts will demonstrate how you have in fact incorporated risk management into the company. It’s best to be upfront and early in these communications.

Aim at winning examiners’ confidence. If you do so, silently declare victory.

And congratulations, you win!

Daniel Rothstein

Dan Rothstein is CEO of DR Risk Solutions, a consulting firm specializing in enterprise risk management, loan portfolio management and regulatory relations.  Rothstein’s career spans more than 30 years, and he has spearheaded the development, implementation, and successful integration of best practice ERM programs, operational risk and control systems, and credit and loan portfolio management. He is also an attorney admitted in New York. You can reach him at [email protected]

back to top


About Us

Connect With Us