There’s no question that financial institutions will find themselves subject to more regulatory oversight in the near future. Along with that are numerous financial/investment firms that are filing to become bank holding companies. The leap to such status is by no means an easy one, according to Bill Barrett, partner and technology and information leader in the financial services office of Ernst & Young (New York). Barrett says it will take some effort by these firms to adjust to the tighter regulatory oversight to which all bank holding companies are subject.
“The Fed’s supervision of bank holding companies impacts virtually every aspect of the business and requires a new way of thinking and operating,” he told BS&T.
Barrett notes there are three primary “realities” bank holding companies must face these days:
1. The Fed will have increasing oversight, marking an enduring shift in its operations. Regulators have become more intrusive in day-to-day business operations and are more closely overseeing each organization’s risk governance and management framework.
2. If the risk governance and compliance frameworks and processes are deemed insufficient, the Fed could step in and curtail a firm’s business plans, including new product launches, mergers and acquisitions, and other business expansion efforts.
3. Firms can suffer reputational damage based on the Fed’s actions, resulting in potential loss of stakeholder trust, market share and stock price.
“The Fed’s supervision of bank holding companies impacts virtually every aspect of the business and requires a new way of thinking and operating,” he says.
To adapt to this new style of regulation, Barrett suggests banks start by performing an assessment to determine if their risk management, internal controls, and compliance processes are sufficient to appropriately address the complexities of the organization. The assessment should include a close look at the current operating model and processes to identify the gaps between what exists and what is needed to meet Fed guidelines and evolving expectations.
Once this is done, an organizational roadmap should be established to improve the company’s risk management and controls. “With the roadmap in place, banks must elevate the roles of risk, compliance, and information officers and foster collaboration among them,” Barrett explains. “Doing so will empower the bank to effectively deal with the level of oversight expected from the Fed, resulting in less intrusion of supervisors, reduced curtailment of business from regulatory scrutiny, and increased trust and confidence in the organization.”
Most of all, management must remember not to treat risk management as an exercise in compliance. Instead, Barrett emphasizes that it is “an opportunity to become a well-governed business.”
“During this economic crisis, risk officers are battling on three fronts: they are trying to look in the rear view mirror and determine previous risk forecasting and reporting mistakes; control and extinguish today’s fires; and ensure the right risk governance, management processes and systems exist to accurately forecast future threats and appropriately mitigate these threats,” he notes.
IT will play a critical role as banks seek to create a culture of risk management. Barrett says it is the duty of CIOs and CTOs to ascertain whether the bank’s technology will help or hinder the company’s risk management efforts. The real need is for more quality information so that the bank’s leaders can make more informed decisions.
“With the size of these organizations and the complexity of their products and services, CIOs and other technology officers are being called upon to build systems that can help risk management and compliance gather and aggregate data in real-time; monitor risk and compliance throughout the company; and make informed decisions and recommendations to senior leaders,” he relates. “Sound IT practices and more sophisticated processing systems must feed senior leaders’ and management’s need for more timely and accurate data, and enable managers to make more incisive decisions based on better information and an increased understanding of the company’s exposure to risk throughout its operations.”
With this comes the need to strengthen oversight and governance over IT processes and services, and manage risks more effectively within IT as a component of overall operational risk. “With the significant reliance that banks place on IT, the increasing amounts of information being processed, the complexities of processing, and the use of outside service providers, there are risks and threats in IT that need to be identified, managed and mitigated,” Barrett says.