Blog / July 30, 2020

Balancing Safety and Soundness with Compliance in the Midst of COVID-19

Strategies for Protecting Enterprise Viability While Supporting Customers

Historic. Unprecedented. Unimaginable. These are not exaggerations of the coronavirus pandemic, an event that has left millions unemployed and countless businesses shuttered or operating at limited capacity. Until this health crisis subsides, the financial sector has an important role to play in helping affected consumer and commercial customers navigate this uncertain situation.

Ironically, a financial institution’s ability to meet that challenge largely depends on the basic tenets of good governance and sound risk management—measures that are quite precedented in helping to ensure the financial health and compliance stance of institutions that adopt, implement and consistently use them.

This summer, federal and state banking regulators offered a timely reminder of this truth when they published their Interagency Examiner Guidance for Assessing Safety and Soundness Considering the Effect of the COVID-19 Pandemic on Institutions.

Examining Safety and Soundness for Financial Institutions in 2020

The guidance was jointly published on June 23 by the Federal Reserve, the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), the National Credit Union Administration (NCUA) and state bank and credit union regulators. It outlines the supervisory principles they will use to assess institutional safety and soundness in light of COVID-19.

Consistent with their pre-COVID stance, examiners will continue to consider an institution’s asset size, complexity and risk profile. Given that certain economic sectors have been hit harder by the pandemic, the industry and business focus of an institution’s customers will be another important factor.

Examiners will use existing agency policies and procedures, but the guidance grants them the authority to use “appropriate flexibility” that takes into account the following:

  • The unique and evolving nature of the pandemic
  • The potential long-term operational and financial impacts on institutions and their customers
  • Management’s ability to appropriately assess and respond to the crisis
  • Good faith efforts to follow previous or upcoming regulatory statements regarding COVID-19

The federal and state agencies acknowledge the possibility that sound risk management may not fully shield institutions from the unique stresses resulting from COVID-19. However, when conducting bank safety and soundness exams, regulators will distinguish new weaknesses brought on by the pandemic from an overall lack of good management or corporate governance.

As for determining CAMELS and ROCA component ratings, which may be downgraded where deteriorating conditions warrant, the guidance states that examiners will consider these key metrics:

  • Capital adequacy
  • Asset quality
  • Overall management
  • Risk management and audit
  • Earnings
  • Liquidity
  • Market sensitivity risk

Strategies for Mitigating COVID-19 Effects

PwC says that COVID-19 could potentially pose the “most serious challenge to financial institutions in nearly a century.” Knowing what our industry went through in 2008, it is hard to imagine a situation that tops that crisis, but here we are.

On one end, banks and credit unions have had to quickly adjust their own operations in accordance with waves of lockdowns and re-openings that vary by state and sometimes county. It costs money and creates potential operational deficiencies to migrate so many employees to fully remote work.

On the other end, institutions are dealing with customers who have lost their jobs or businesses and are struggling to meet their loan obligations. This affects profitability and portfolio performance.

The examiner guidance clearly recognizes this mounting pressure, but it also reminds institutions that safety and soundness should not be neglected, nor should compliance.

Here are four strategies—grounded in good corporate governance and sound risk management—that can help your bank or credit union navigate this unpredictable and unprecedented pandemic.

Change Management in Practice

Barely two months after the World Health Organization (WHO) first identified a Coronavirus-related pneumonia in China, the United States declared COVID-19 a national emergency on March 13. Six days later, California became the first state to mandate a stay-at-home order. Many other states followed suit in the days and weeks thereafter.

In living memory, financial institutions as a whole have never had to adjust so much of their operations to prevailing circumstances in such a short period of time and across their entire footprints.

In the best of times, change can introduce new risk into an environment. In pandemic conditions with every employee and customer adopting new personal routines and behaviors simultaneous to the institution incorporating enterprise changes, the risk potential is exponentially greater.

Only the use of a formal change management process can effectively mitigate that risk. Either an existing Project Office or a special COVID-19 project team should be leading the effort. All policy, process, procedure, system or product changes related to the pandemic should flow through this group so that it can conduct the following important tasks:

  • Assess and document the potential effects of recommended changes
  • Find mitigating solutions for those effects or make calculated decisions to accept the risk
  • Produce documentation that supports all change decisions and risk calculations
  • Communicate changes to all appropriate parties
  • Monitor incorporated changes, measure their effectiveness and adjust them as needed

Compliance in Focus

The OCC followed up the Interagency Guidance with its Semiannual Risk Perspective, in which it further underscored the potential impact of COVID-induced financial stress on institutions. Furthermore, it warned that, “Compliance risk is elevated because of a combination of altered operations, employees working remotely, and several new federal and state programs designed to support consumers . . .”

The message from regulatory agencies is clear: Institutions are encouraged to help their customers and communities through this pandemic, but they must do so in a prudent and fair manner.

For example, a significant number of loan modification requests may require policy exceptions in order to approve them. Examiners will closely scrutinize such transactions to make sure there are no violations of the Equal Credit Opportunity Act (ECOA), the Fair Housing Act (FHA) or other fair lending regulations.

Your institution can avoid trouble by:

  • Documenting all underwriting policy updates necessitated by COVID-19
  • Clearly communicating fair lending expectations to all appropriate staff
  • Employing multiple underwriting approval layers
  • Conducting independent audits of closed files

Fair lending is not the only area of compliance that could be problematic amidst the backdrop of this global health crisis. The OCC warns that institutions may face a greater risk of Bank Secrecy Act (BSA), Office of Foreign Assets Control (OFAC) and consumer protection violations if they are not careful to ensure that existing compliance policies are followed even as the majority of employees work remotely.

ALLL and CECL in Parallel

Recent job losses and business closures are likely to affect credit risk at most institutions, which makes loan loss provisioning all the more important. Of course, this raises questions about the Financial Accounting Standards Board’s (FASB) current expected credit loss (CECL) method for reserve setting.

Given that non-SEC filers have until 2023 to implement the new standard, institutions may be tempted to put their CECL preparations on hold while dealing with the immediate COVID crisis. However, as Bloomberg Tax notes, the whole point of CECL “is to reveal timely information about credit losses so that banks’ stakeholders are more nimble in making informed and sound decisions.”

To that point, grouping and categorizing loans and leases based on risk for CECL purposes creates worthwhile data. Further, running parallel CECL modeling against the current Allowance for Loan and Lease Losses (ALLL) model helps gauge the effect of environmental factors, such as the local unemployment rate, on required capital reserves.

In other words, all of the prep work being done for a 2023 CECL implementation now provides senior management with invaluable information and insight into the institution’s financial health during COVID-19 so that they can appropriately direct resources and conduct interventions where needed.

If that is not reason enough to continue moving forward with CECL, Independent Banker rightly warns that, “Regulators aren’t waiting until 2023 to begin asking community banks about CECL documentation.”

Stress Testing in Real Time

The severity of this situation also calls for stress testing that goes above and beyond the hypothetical exercise that regulators require smaller institutions to periodically conduct.

In fact, McKinsey argues that institutions should create and maintain “an up-to-date and scenario-based view” of how the pandemic is expected to affect them. As critical news becomes available, such as spikes in infection rates or business closures within the institution’s footprint, that information should be incorporated into this situational stress test for a revised outlook.

Creating this real-time picture enables senior management to make more informed, risk-based decisions throughout the pandemic.

Stay Compliant Through the Pandemic

Your institution is rightly expending an enormous amount of resources to support your customers and communities through this unprecedented event. Stay compliant and keep your reputation and financials intact with expert compliance services for financial institutions to maximize safety and soundness.

Doing so won’t just satisfy your prudential regulator. It will also ensure your institution’s future.

Keith Monson serves as CSI’s chief risk officer. In this role, Monson maintains an enterprise-wide compliance framework for risk assessment and reporting, as well as other key components of CSI’s corporate compliance program. With over 30 years of experience, he has a wide range of expertise in the compliance arena, having served as chief compliance officer for both large and small financial institutions.

Get In Touch

Are you looking for the edge to outperform the competition? CSI is a full-service technology and compliance partner.

Let’s Talk