White Papers

Download PDF

BEST PRACTICES IN BANKING  

Many banks today are moving away from traditional practices and adopting forward-thinking "Best Practices" to support profitability, growth and enhance shareholder value. These "Best Practices" are applicable to every area of banking as the industry changes. The recent economic downturn, regulatory change, and emerging technologies have combined to change the way bankers think about Marketing, Product Development, Business Management and Risk Management.

Banks face many challenges in today's dynamic marketplace. In a global economy that's become increasingly competitive, Banks need efficient development of products that quickly satisfy a more demanding customer base and build long-term customer trust. Banks must enhance risk management and address a broad range of regulatory changes that require reporting with greater standardization and transparency. Banks must optimize both internal and external innovation, while seeking operational excellence at all levels.

Meeting these challenges requires new business and Information Technology (IT) strategies that boost revenues, improve operational efficiency, cut costs, and enhance the overall management of your business. Today, banks are looking beyond traditional practices to new ideas and tools that analysts and prudent leaders have identified as best for the industry.

1. RISK MANAGEMENT AND REGULATORY COMPLIANCE There was a time when community banks could be profitable throughout the economic cycle by focusing almost entirely on credit risk. But the days when the five C's of credit defined risk management are over. In today's global economy a myriad of risks affect banks of all sizes and in every geographic location. It is becoming perilous for community banks not to identify and closely monitor all the risks in their institution.
a. CREDIT RISK - Although credit risk remains the most serious issue facing banks, it is certainly not the only one. The economic conditions facing the nation during the past three years has created awareness among bankers and regulators that banks need to be looking for different aspects of risk to determine capital requirements. The Basil Accords was a step in this direction but, following the lead of European Banks, even community banks are beginning to address what is being referred to as "Enterprise Risk Management".
i. MARKETING Traditionally banks have increased their growth and profitability by investing in securities and making loans. Loan officers were hired to do the latter and they were responsible for everything from soliciting the business, to underwriting and presenting the loan for approval and finally documenting the loan through a loan secretary. In addition, they maintained the loan through the disbursement of funds, inspections of collateral, and oversight of technical exceptions. Such functions were often decentralized and relied on a highly skilled person who had extensive credit training, usually in large banks.
Best practices today has evolved to create a highly centralized loan function. Business Development officers are sent out to the customers' place of business rather than having the customer come into the bank to request a loan. Mortgage loans are often solicited over the internet and companies like Quicken Loans have made great inroads into this segment of banking by delivering products in a highly efficient manner that is time sensitive. Commercial lending is slowly adapting and product delivery is becoming extremely important.
The credit aspects of lending are shifting away from the Loan Officer and into a separate arena as Credit Departments/Loan Administration take on an increasingly important role.
ii. LOAN ADMINISTRATION The Loan Administration or Credit Administration Departments in Bank's today contain credit analysis functions that spread financial statements, make structural recommendations and often complete the entire write up of the loan for submission to various levels of approval. These centralized staff functions also have taken on responsibility for documentation, collateral inspections, and loan disbursements, once approved by the lender, the ordering of appraisals, the establishment of loan files (usually scanned into a sophisticated search system), and the monitoring of risk data related to the loans, including the identification and resolution of technical exceptions within the loan portfolio. The documentation and booking of renewals and new loans is also their responsibility and usually a "Compliance Person" monitors the pre and post closing to make sure the loan is booked as approved. These checks and balances are critical to minimizing risk. One of the major issues discovered in the portfolio of troubled banks has been they didn't properly monitor the booking and risk associated with the loan portfolio and as a result, collateral often wasn't properly perfected, funds were advanced improperly, workmanship on some projects was shoddy, and financial information was inadequate to evaluate the customer on a timely basis. Collateral Valuation has historically and traditional been completed at the time of loan origination, often relying on an appraisal by an independent third party. This has been especially true for "real estate" oriented banks. Appraisals have been ordered by the lender as part of his myriad of duties and responsibilities. With the introduction of "mark to market" and the decline in real estate values, many of these appraisals are no longer valid. As a result, banks are required to update the collateral valuations on many loans either through outside appraisals or internal evaluations. "Best Practices" now dictates that this function should be independent of the line lending function and should be assigned to an independent department such as loan review.
iii. LOAN REVIEW - Once loans are recorded on the bank's books, banks have reviewed credits utilizing an independent loan review process. In smaller banks this is often done by contracting with a third party. This traditional approach has been limited in scope and in many cases proved inadequate, particularly on larger/more complex credits. Today "Best Practices" supports a separate Loan Review function that is independent of the "line" lending function and that provides an objective review of the credit and its performance. This aspect of the lending area has taken on renewed emphasis with bankers and regulators alike and is critical to the loan grading process which will be discussed later. The establishment of an Allowance for Loan and Lease Loss (ALLL) reserves in co-ordination with lending and the CEO provides a level of independence which would be consistent with regulatory objectives and provide the independence requisite to such compliance. Likewise the centralized ordering of appraisals within this area would serve to provide the objectivity requisite to FASB regulations. The responsibilities of Loan grading and outside loan review are additional functions being placed in this area. More and more banks are establishing this function under their Risk Management Department. This is consistent with the new Enterprise Risk Management guidelines and with assessing risk for capital calculations.
iv. LOAN POLICIES - Traditionally Banks "borrowed" loan policies from various sources and periodically modified them to accommodate regulatory concerns. There has been a tremendous gap between banks regarding the level of sophistication in their loan policies. For example, many loan policies haven't traditionally addressed: participations, out of market loans, loan concentration, etc. As a result these critical issues that affect risk have not been properly monitored by management and certainly not by the Board. Traditionally Bank Boards have been made up of community leaders who know little if anything about Bank Loan Policies. As a result Loan Policies were market driven with little attention to the inherent risks associated with various types of loans. "Best Practices", with respect to loan policies today, requires addressing loan concentrations by type; size, and location. Loans are required to meet specific requirements under Loan Agreements and these agreements are closely monitored by Loan Administration. Credit analysts and/or loan review stress test the loans to make sure they can continue to perform under various economic and industry risk scenarios. Loan "workout policies" are incorporated to address stressed credits and policies addressing overdrafts are typically included in loan policies. Exceptions to these policies are monitored by Loan Administration and Bank Directors are being trained to take a much greater interest in these policies.
v. LOAN PROCEDURES -- Traditionally banks have developed methods for booking loans and monitoring them based upon the requirements of the loan policies and driven to a large extent by their data processing systems. Memos in file sometimes explain the proper procedures to be followed with respect to various loan processes. This has proven to be inadequate. Inconsistency and reduced efficiency has lead banks to adopt the use of "Procedure Manuals" that are used to address this inconsistency. These manuals also provide valuable audit trails for both regulators and auditors and help to insure adherence to bank policy.
vi. RETAIL LENDING -- In addition to mortgage banking activity, retail banking continues to be important in the Strategic Plan of most banks. Traditionally banks maintained retail banking officers in their banks, including their branches. Today, banks deal with mortgage banking, credit cards, and other specialized areas of lending that require unique talents and special handling. "Best practices in these areas are not addressed here, but the issue of direct consumer lending has evolved to the point that most bankers realize that smaller consumer loans can require so much handling that they are not profitable. Those banks exhibiting "Best Practices" have adopted a process that involves branch managers and their staffs making consumer loans on site utilizing "credit scoring" systems that interface with their loan and data processing systems to minimize handling and decision making. These have proven to be extremely useful in enabling banks to retain this service and maintain profitability standards.
vii. SUMMARY -The independence of the Marketing/Business Development effort from Loan Administration has become increasingly recognized as essential to "Enterprises Risk Management". Greater efficiency, minimized risk and enhanced profitability are the by-products. More and more banks are adopting pricing models to ensure profitability from loan relationships. Equally important is the monitoring and management reporting associated with these areas. Management reports at various levels help managers to establish approval authorities and monitor performance. Systems and processes have become the critical ingredients to increasing efficiency in profit models for "high performance banks".

b. ECONOMIC OR MARKET RISK

i. Traditionally most banks, other than mega banks, have reacted to economic/market risk rather than planning for it. This is proving to be a fatal mistake for many banks. Today banks are setting up Risk Management departments to monitor critical aspects of risk. Keeping track of the national and local economies, monitoring industry risks by type, and assessing the inherent risks in the banking industry has become increasingly important. Operating third party software (such as Co Star, Zanola Property Services, etc.) and utilizing services maintained by trade organizations can prove to be very valuable in assessing such risk. These services can also prove to be very valuable to credit analysis and loan review. They also assist management in providing direction to the lenders regarding the type of credit desired.

c. OPERATIONAL AND SYSTEMS RISK - We have previously addressed the operational risks associated with lending but privacy and security risk, fraud (both internal and external) can also prove to be critical. Terrorist activity, new regulations, and technological risks have created a whole set of new "Best Practices" during the past few years. These practices are well documented under the Gramm Leach Bliley act, privacy regulations and now the Dodd/Frank bill. External financial audits, compliance audits and IT Audits are essential to insure compliance with all of the old rules, let alone the new rules. Many banks avoid such audits or limit them in order to avoid additional expense. The most profitable banks rely heavily on the outside review to confirm that their practices and procedures, systems, and internal performance are consistent with the bank's commitment to its shareholders, regulators and directors, as well as the bank's customers.

"Best Practices" also dictate the use of procedures manuals outside of the lending area. Traditionally banks have relied on managers and memos to provide direction to employees. Written procedure manuals that conform to bank policies help to train employees, insure consistency in operations, and help minimize opportunities for fraud. Disaster recovery, robbery, fraud, contingency planning, etc. are all critical aspects of operational efficiency and are critical in the banking industry. Compliance training systems are equally important. Failure to address these issues in a timely, professional manner can result in "civil money penalties". Fortunately, there are many outside services that provide "Best Practices" in these areas. More will be said about IT and data processing services later.

d. REGULATORY RISK -

i.-A comprehensive compliance policy is essential and bank wide training and testing of employees, including management is mandatory.
ii. PRIVACY - New regulations and a heightened sense of urgency by the regulators necessitate policies and procedures to address this critical area and ensure the bank is in conformance. Perhaps the greatest risk in banks today is the lack of file encryption in transferring data through the internet. "Best Practices" suggests that extensive training be done in this area once systems are in place to provide protection for such data and that performance is closely monitored to insure that privacy and security are not breached. Insurance is also a viable consideration for protecting the bank in this area.
iii. SECURITY - IT security to avoid breaches in systems (including the internet) represent one of gravest threats to the banking industry. Identity theft through bank systems can prove to be extremely costly, if not fatal to a bank. Traditionally banks have tended to avoid this area because of the costs and the lack of any income potential to offset the cost. New product offerings and services made available through increased technology, combined with regulations and regulatory enforcement, have made this aspect of banking even more critical than before. With the emphasis on risk management, management must focus on addressing these issues with the support of its external vendors.
iv. AUDIT - Traditionally most banks have had full audits conducted on their banks. The major audit firms have continued to update their policies and procedures in accordance with regulation and have maintained the state of the art requirements for "Best Practices". The greatest risk in this area is that banks often rely too heavily on their auditors. The audit is a confirmation that the bank is doing its job. Just as appraisals are intended to verify value in the lending area. Audits should not remove the responsibility for safety and soundness from bank management.
v. SAFETY AND SOUNDNESS - All of the above could arguably fall under this section. Examinations from regulatory bodies have long been identified as "Safety and Soundness Exams". Based upon recent conversations with regulators, the emphasis in these exams will be placed upon the Loan Portfolio, Security and Privacy. The examination of the loan portfolios will focus largely on system enhancements to identify risk, migration reports for problem loans, compliance with regulatory consent orders, if appropriate, identification of TDRs and Impairment where appropriate and proper grading of loans.
vi. FASB /GAP ACCOUNTING - FASB regulations in the current environment have received greater attention and more specific interpretation from regulators; specifically FASB 5, 114, and 66. All bankers should be very familiar with these regulations and the requirements associated with them. Recent guidelines from FDIC letters on Appraisals, and Workout Lending are available to assist management to navigate the waters with respect to requirements under regulatory and FASB requirements.
e. CAPITAL RISK - Recent examinations have focused on Tier I capital and on Tier I Risk Based Capital and what standards are applicable for Well Capitalized, Adequately Capitalized, Under Capitalized, and Severely Under Capitalized Banks. These industry standards are under closer review by all regulatory agencies and in many instances, depending on the risk in the bank, higher thresholds are being required. "Best Practices" has dramatically shifted during the past year with the Basil Accords. Regulators are now encouraging banks to look at its policies in order to determine the level of risk and therefore the level of capital needed for a particular bank. For example, higher concentrations in construction lending would suggest greater risk than loans secured by CDs. Therefore a higher threshold for capital adequacy. Many different aspects of risk should be factored into a model that would derive a level of capital consistent with that risk. A company that does "Best Practices" analysis with respect to both risk and capital is SAS. This information can be found on the internet and provides a sample of "Best Practices" for this critical aspect of banking. Inadequate capital has been a major source of risk for bank failures and is second only to liquidity as the determinant for closing a bank.

f. LIQUIDITY RISK - Adequate liquidity to support major moves in the portfolio of a bank has traditionally been at the forefront of Strategic Planning. Several years ago banks recognized the potential for extraordinary growth in real estate related credit and many aggressively pursued such growth. The funding for this growth was not readily available from the local markets so Banks started buying brokered deposits, internet deposits, and borrowed money from the Federal Home Loan Banks, placing a greater reliance on non-core funding. This resulted in greater leverage and produced good returns as long as the loan portfolio remained strong and produced earnings commensurate with the costs. When loans began to falter, reserves and income losses began to deplete capital resulting in Banks declining from Well Capitalized to Adequately Capitalized which caused regulations restricting the use of brokered CDs which, in turn, placed liquidity strains on many banks. In late 1989, regulators recognized the same constraints during the S&L crisis (RTC) and took the position that brokered CDs were not good for the banking industry. Over time they became more lenient and banks once again relied heavily on this source of funding. Now the regulators are once again focused on core funding. Best Practices would suggest that banks recognize a prudent balance and set policy with respect to limiting funding from non-core funding sources which includes CDs over $100,000. Concentrations within non-core funding sources and the pledging of collateral should also be limited and monitored.

g. INTEREST RATE RISK - The monitoring of interest rate risks in all banks is done through modeling techniques and programs generally and traditionally provided by outside vendors such as Sendaro. These programs are well written but the assumptions used to derive the level of interest rate risk within the portfolio are not always based on sound facts. Regulators have recently written several letters dealing with their concerns about interest rate risk. Most economic models are suggesting that interest rates are being artificially maintained at low level in order to encourage growth in a moribund economy and that within the next 18 months they expect rapid growth in interest rates which could exacerbate the problems faced by the banking industry. Most Modeling Systems "stress test" rates by 3%; in 1% increments. Given the current interest rate environment, the upward move in rates should be given greater weight in planning for the future. Short term flexibility and funding should be given greater attention in order to not be penalized by long term rate commitments on the asset side of the balance sheet.

II. MANAGING A BANK - One of the unique aspects of banking is that it has many masters. Bank management must recognize that it has a responsibility like any other business to return a profit and/or increase value for the share holders of the company. The Board of Directors must also recognize that basic tenant. Yet both have to acknowledge that this goal must still be compatible with the requirements of regulatory agencies, customers and shareholders because there is a public trust responsibility as well.
a. BOARD OF DIRECTORS - It is the responsibility of the Board of Directors to establish operating policies and to monitor management to insure that those policies are implemented within the context of the banks goals and objectives. In order to do this the Board needs to be informed, qualified and inquisitive in the implementation of their duties. It is not a social club. Traditionally many board, especially in community banks, functioned in this role but that is no longer the case. Training for Directors is available through many of the qualified banking schools located throughout the country (SWIGSBE at SMU in Dallas). Additional training is available from the industry's trade associations.

b. SHAREHOLDERS - The goal of any shareholder is to maximize his return on his investment. In the banking industry this return has been relatively good through the years, however prior to the most recent recession, it was abnormally excessive. It is management's responsibility to set realistic goals within the constraints of the economy and the regulatory environment and its fiduciary responsibility as a public trust.

c. REGULATORS - Regardless of the regulator, they readily admit that they should have been more stringent in their actions related to concentration of credit prior to the most recent recession. As a result, banks should recognize they must be prudent in such actions during the next decade. Bankers also must realize that this relationship works much better as a partnership overseeing public trust than it does as a "necessary evil" "Best Practices" would suggest that good communication, a thorough understanding of all regulations and strong leadership skills are essential to performance in the regulatory environment going forward.

d. EMPLOYEES - Because of the rapid growth in banking during 2000 through 2007, it was difficult to find qualified people. Now with the problems banks are having, many bankers have gotten out of the business. There is and has been a dearth of qualified, trained employees. At the same time good employees are available given the current environment. "Best Practices" suggest that hiring qualified management and paying them what they are worth and training employees to do the jobs under "Best Practices" is better than just hiring people who have experience because it may be the wrong kind of experience. Many bankers involved in the bank acquisition environment in 1980, the late 1990s and in 2002 - 2006 experienced the cultural shock impact of those acquisitions. Many of the acquired bank's employees eventually left because they couldn't assimilate into the new bank's culture.

e. CUSTOMERS - Traditionally customers have chosen banks for a variety of reasons with convenience being at the forefront. This is still true today but technology threatens the norm. MINT, utilization of cell phones and IPADs is rapidly changing the way people do business. Relationship banking remains important, especially in consumer banks and customer loyalty is still a key to successful banking, but apathy and adequate service in a fast paced world also restricts account mobility. Balancing the socio-economic changes with increased technological innovation and a retiring work force will challenge even the sagest prognosticator.

Ill. REGULATORY ENVIRONMENT- Once again, interest rate risk, Mark to Market, TDRs, Impairment and Security/Privacy issues are likely to dominate the regulatory environment during this next year.

IV. RETAIL BANKING - As new mobile distribution channels quickly change the business landscape, banks are adapting to customer demands for real-time information and mobile payment accessibility, while efficiently handling security and authentication.