Intense focus on regulatory/compliance issues continues

Last year, the financial services industry spent an increasing amount of time and resources dealing with regulatory and compliance issues. The largest institutions have focused on Basel II implementation for the past five years, and many retooled corporate governance structures to handle increasing reputation and legal risk in the wake of Enron et al.

But in 2004 institutions of all sizes dealt with increased regulatory demands, ranging from new programs related to privacy, information security, and anti-terrorism statues in addition to an increased focus on corporate governance. Not only must longstanding consumer-protection-related programs be maintained and adequately staffed, but the industry has been called upon to implement a series of new programs to meet the challenges of the current regulatory environment. This is proving to be costly and time consuming for everyone.

As a result, many have compared the current regulatory/compliance environment to that of a "perfect storm." Following on the heels of the corporate scandals came revelations about weaknesses in Bank Secrecy Act enforcement, creating a zero-tolerance level for human error. The intense congressional focus that created many of these new statutory requirements is unlikely to abate, leading some to worry that bank regulatory agencies may over-react. There is concern that the increased focus on compliance related issues could interfere with safety and soundness examination procedures.

How are institutions ensuring that all of the compliance issues are covered in the current environment? Many have designated a chief compliance officer and implemented a compliance risk management system on an enterprise-wide level.

At a minimum, a strong compliance program must have both board-level and senior management oversight. Roles and responsibilities must be clearly defined and documented. Overall accountability must be clearly distinguished as well. Finally, a process to monitor compliance performance must be established.

The regulatory agencies are also concerned that as a number of institutions have grown, appropriate control functions have not been put in place. Moreover, expense reduction efforts across the industry have cut back on control function areas in some instances. So, while much of the increased regulatory focus on compliance-related issues has been driven by statutory requirements, in some instances, the regulatory agencies believe that the industry has cut back control functions when it should not have. It is for this reason that the agencies' intense focus on compliance issues is unlikely to lessen and, indeed, will only intensify.

New Regulatory Requirements Also Forthcoming

In addition to the increasing focus on compliance-related issues, the regulatory agencies have also initiated revisions to some existing reporting requirements. Beginning in 2006, call report data will be submitted electronically. The electronic submissions were initially scheduled to begin this year, but were moved back a year to give the industry additional time to make systems changes.

The agencies are also contemplating a revision to the regulatory classification rating system. The current system has only five ratings:

1. Pass

2. Special Mention

3. Substandard

4. Doubtful

5. Loss

Most institutions today have a more robust internal risk-rating system than the regulatory requirement, and the agencies will issue proposed changes this spring. Once industry comment has been reviewed, an additional proposal will be issued for further comment. Current plans call for the revised rating system to be implemented in 2007.

On December 21, the agencies issued proposed revisions to the Shared National Credit Program. The current program has been in place for 25 years and covers credits in the syndicated market that are over $20 million and have three or more participants. In 2004 the SNC Program covered approximately 7,500 facilities to nearly 5,000 borrowers and represented committed exposures in excess of $1.5 trillion.

The industry has long argued that the SNC Program should be modernized, particularly in light of industry improvements in internal risk management practices, but also given the additional requirements of Basel II. The agencies are proposing to standardize the SNC data collection system and expand the data collected as well. They will also create a single database. Currently, the Federal Reserve and the OCC maintain separate SNC databases with slightly different data collection processes.

In addition, the agencies propose to modernize the SNC Program so that it can support Basel II implementation by applying advanced credit risk analytics and benchmarking techniques common to SNC borrowers, facilities, and reporting bank portfolios. The revisions would also provide reporting banks with benchmark data.

As with Basel II implementation, the regulators are proposing to create two classes of SNC reporters:

1. Expanded Reporters: banks that serve as agent for at least 100 SNC facilities and have been identified as mandatory or opt-in Basel II (about 20 institutions).

2. Basic Reporters: banks that would continue to submit data similar to what the average reporting banks currently provide (about 100 institutions).

And, also like Basel II, any bank may volunteer to be an Expanded Reporter. The proposed changes would become effective beginning in 2007, the same time frame as the parallel run period for Basel II banks.

Increased Focus Here to Stay

The proposed changes to the SNC Program will require significant systems changes for participating banks and could prove quite costly. The agencies are aware of the potential costs and have sought extensive input from the industry. Comments are due on the first round of revisions February 15. Once those comments have been reviewed, another proposal will be issued for industry comment.

Many believe that the February 15 deadline is tight, given the intense focus on Basel II implementation issues. The January 28 deadline for responding to the Qualitative Impact Survey, which all Basel II banks must complete, left little time to review and comment on the SNC modernization proposal.

Is Risk Management Compromised?

With the ever-increasing demands around compliance and reporting issues unlikely to diminish, do risk management professionals have enough time and the adequate resources to focus on risk management issues? It's an important question that needs to be asked, and answered.

Contact Pamela Martin by e-mail at [email protected].

[c] 2005 by RMA. Pamela Martin is director of Regulatory Relations and Communications for The Risk Management Association.

COPYRIGHT 2005 The Risk Management Association
COPYRIGHT 2005 Gale Group