May 14, 2012
Authored by: Jonathan Hightower
On May 14, 2012, the Federal Reserve, FDIC and the OCC released a joint statement confirming that that banking organizations with total consolidated assets of $10 billion and under will not be required to conduct formal stress tests. Management of many smaller banking organizations had been concerned that the stress testing required of larger banks would “trickle down” in an informal sense to smaller banks. With this regulatory statement, that concern is alleviated, at least in the official sense.
We continue to believe that the heightened (or perhaps renewed) emphasis on risk management by the regulators will affect banks of all sizes. It is likely that regulators, directors, and shareholders of all banks will want to confirm that management has identified the key risk factors affecting the institution and that the board has established the institution’s tolerance for accepting those risks and implemented any appropriate mitigants.
We recommend that banks of all sizes, even the smallest community banks, undertake an enterprise risk management analysis to identify the key risks facing the institution. The board of the institution, as a subpart of its strategic planning function, should review those risks and establish the institution’s risk tolerance with respect to each category of risk (many consultants will capture this analysis in a “risk appetite statement”). Establishing and understanding those risk tolerances will form a roadmap for setting and executing the institution’s strategic initiatives. In implementing this analysis, some institutions may undertake some level of stress testing with respect to certain risks.
This risk management analysis is a natural adjunct to the self examination process used we recommend using in preparing for a regulatory exam (see our prior “Self Exam” post). While the self exam process is typically more focused on the bank’s current position and past performance and this risk management analysis is more forward-looking, both processes require an introspective review. Senior regulators have repeatedly confirmed to us (and we have seen in practice) that where banks take the initiative in implementing credible risk management programs and other pre-examination preparation, the examiners are much more likely to defer to the judgment of management and the board of the bank – with the result being a much better interaction with regulators (who, in an ideal scenario, can be a partner in the risk identification process).
We believe the key for banks and bank boards is to conduct an honest, forward-looking, and customized analysis of the risks facing your institution. While the guidance related to development of a stress test framework for larger banks may serve as a useful data point in developing an approach to enterprise risk management, management of community banks should focus on developing a risk analysis that is totally unique to the institution and its business model. We believe that implementing this type of risk analysis will satisfy the regulators, better inform the board, and, most importantly, add economic value for the institution’s shareholders.