
Financial Services Risk Management Issues: Old Wine Products in New Bottles Technology


Timothy R. McTaggart, Partner, Pepper Hamilton LLP
Mobile banking, peer-to-peer lending, use of Cloud Computing, proliferation of social media, and the use of Big Data, all can have novel impacts on the operation of financial services entities regulated by federal and state regulators. This article describes several significant regulatory perspectives on risk management as the financial services industry adapts to providing its traditional products (e.g., “the Old Wine”) with new technology (e.g., “the New Bottles”).
Here are the trend lines:
1. Enterprise Risk Management: The bank regulators want to see an enterprise-wide risk management system in place at regulated financial institutions. The regulators want systems and personnel to operate on an integrated centralized basis, across functional lines and outside of narrow organizational “silos.” If there is not a centralized Chief Risk Officer function in place, the regulators will want to see a centralized risk management and control committee established.
2. Risk-Based Assessment, Not Zero Tolerance: In general, the bank regulators will be satisfied with policies and procedures designed to manage the organizational risks scaled to the severity of the potential risk, but without seeking a complete 100 percent management of the risk. I quickly add that the overall management of risks will need to be very close to 100 percent, however. Nonetheless, there will be some risks that go undetected and provided that the internal controls and risk management systems subsequently detect and address the errors or weaknesses, the bank regulators (and external auditors) likely will be satisfied.
By contrast, even if there is a non-material risk but it is one that continues to occur repeatedly, or even worse, it is an error previously noted by the regulators in an examination report, bank management (and, by extension, management at vendor IT firms for technology issues in outsourced arrangements) will likely be downgraded/criticized for not taking action to respond to an ongoing “fixable” problem.
Check Out: Top Risk Management Solution Companies
Additionally, there are some statutory requirements with respect to certain consumer finance laws that provide a close to zero tolerance level for any type of calculation or related errors.
3. Speed: The marketplace is faster today due to social media and other communications advances. Financial institutions are obligated to guard their organizational reputations and to provide products and services that maintain their reputation among consumers and investors. Consequently, financial institutions are required by their regulators to closely manage their vendor relationships, especially technology providers.
For example, a financial institution needs to be able to “triage” a situation that impacts its reputation due to malfunctioning technology or due to breaches of private information. The speed at which the news of a problem can spread is now much faster in this networked environment as compared to earlier generations when many of the senior regulators were first trained as supervisors. The speed in the marketplace puts added pressure on industry and regulators to get the problem resolved as soon as possible and not to unleash another round of issues with poor execution in addressing the initial problem.
The best preparation for financial institutions to respond to the increased pace and speed is to arrange in advance of a crisis to have a single point of contact for media inquiries, for regulatory inquiries, and for investor inquiries. The financial institution, along with its technology vendors, as part of their ongoing assessment of the risks involved in the business relationship between the parties, need to evaluate various “What If” scenarios to make sure that the necessary training on both sides are implemented and ready to be used to assist each firm when a crisis develops.
4. The Camel has more than Two Humps: It’s All Risk All the Time: Historically, bank regulators examined banks for compliance with Capital, Asset quality, Management strength, Earnings and Liquidity, the so-called “CAMEL” review. Over the last several decades, the bank regulators continue to use these baseline evaluations but also have extended the range of risks to items that are not so heavily oriented solely to financial and business costs. Regulators have asked financial institutions to look beyond interest rate risk to also consider legal and operational risk, regulatory risk, and compliance risk.
“The speed at which news can spread is now much faster in this networked environment as compared to earlier generations when many of the senior regulators were first trained as supervisors”
In short, the regulators have shifted the focus from a determination of whether a specific product is “profitable” by solely looking at the associated revenues and costs, and instead asked whether there are some hidden risks or costs pertaining to operational, compliance or reputation risk that might arise in due course. This is now the standard approach for evaluating risk and the “old way” of simply measuring marginal revenue versus marginal cost is no longer the only inquiry necessary.
5. FFIEC Guidance on Social Media: On December 17, 2013, the Federal Financial Institutions Examination Council (“FFIEC”) issued guidance on “Social Media: Consumer Compliance Risk Management Guidance.” Social media is broadly defined in the Guidance and the definition is intended to evolve over time. However, notwithstanding the breadth of the social media definition, the Guidance clarifies that e-mails and text messages are not considered social media unless those messages are further linked with social media channels, such as Facebook.
The Guidance is not intended to impose any new requirements on financial institutions. The Guidance instead details how the existing legal and regulatory requirements must be followed when social media is used in the financial services marketplace. The Guidance also contains a strong message for financial institutions to monitor social media to stay current on commentary about their respective institutions. Consistent with the points noted earlier in this article, the Guidance expects financial institutions to have a comprehensive risk management program to address and control the broad spectrum of potential risks related to social media, including compliance and legal risks, reputational risks, and organizational risks.
6. Conclusion: The critical themes that emerge from the regulatory trend lines are as follows:
• Board and senior management need to be actively involved in risk management and any material reporting of errors/concerns.
• Financial institutions must closely review the selection and management of third-party relationships.
• Employee training must be developed to support the risk management process.
ON THE DECK
Featured Vendors
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Digital Transformation & Innovation
Digital Transformation and technological advancements in a NEO Bank
Digitising your businesses DNA
The Bank's Experience: How a Company's Use of Fintech Can Accelerate...
Fintech solutions for the exploding savings market: How banks can...
Looking to Finance a Tech Startup? Your Timing May Be Just Right
