(As published in Scotsman Guide, Residential Edition, April 2023)
What’s on the minds of lenders these days? It’s a common question in these economically perilous times. For the past 10 years, Wolters Kluwer Compliance Solutions has surveyed lenders on their insights about risks and regulatory concerns.
No matter the type or asset size of the financial institution in question, effective navigation of regulatory changes continues to lead the list of challenges facing compliance professionals at banks, credit unions and other lending organizations. Originators will want to understand how these concerns can impact the bottom line of their own companies and for their lending partners.
The Regulatory & Risk Management Indicator survey was first developed in 2013 to methodically collect key trend information on the breadth and depth of regulatory and risk concerns among lenders. The survey also identified the areas needing attention in the coming year. As in past years, people responded from institutions of all sizes, although a majority (81%) in this most recent survey represent smaller banks and savings & loan institutions, followed by credit unions (18%). The nearly 330 people surveyed are primarily from bank management and executive levels, followed by those in compliance roles as well as those in lending functions.
The survey aims to take the pulse of compliance and risk officers for banks and other lenders. Over the years, it has also revealed where respondents believe their organizations currently stand, where they need to be, and how they will go about addressing challenges.
Rigorous examinations
The survey measures lender concerns about current regulatory and risk trends, along with anticipated impacts to an institution’s relative abilities to manage risk. It includes a “main score” that offers a snapshot of the risk and regulatory compliance landscape that lenders must navigate.
While the mains score decreased from 128 points in 2021 to a score of 94 last year, which suggests an overall easing of concerns, these results are somewhat misleading. This is because two of the major drivers for the lower score included a reduction in the number of formal enforcement actions—down 18%—and the overall dollar value of penalties and fines—down a whopping 94%—that were imposed as part of those enforcement actions. But there were several other factors that also reflect ongoing concerns, most notably involving an increase in the number of new major regulations.
Some of the reduction in the number of enforcement actions and the dollar amount of fines is simply attributable to timing. Developing an enforcement case is complicated and often plays out over a lengthy period. The survey period covered regulatory activities for the period from July 2021 to June 2022. Consider the $3.7 billion enforcement action levied by the Consumer Financial Protection Bureau against Wells Fargo at the end of 2022.
This large penalty did not take place during the most recent survey, but it will be reflected in next year’s overall survey score.
Also, even though the main score is lower, that does not mean that regulators have been looking the other way or becoming less vigilant. On the contrary, regulatory examinations are just as rigorous as ever. No one should take the lower score to mean that risk and compliance management is getting any easier.
Formidable challenges
Change management was mentioned as the most pressing regulatory compliance challenge in the next 12 months by a majority of respondents. This shows that the ability to absorb the breadth and volume of regulatory change is an overwhelming and formidable challenge, regardless of a financial institution’s resources.
Complicating the implementation of these changes is the general business environment and its own set of challenges, especially in the present economic environment. It also suggests that institutions are feeling pressure from regulators, with several significant regulatory initiatives underway. Most notably, these include Community Reinvestment Act (CRA) modernization, small-business lending data-collection efforts via Section 1071 of the Dodd-Frank Act, and changes to the Bank Secrecy Act.
Survey respondents are anticipating challenges arising from implementing regulatory changes across their enterprises. The CRA rule changes and the 1071 regulations could hit at roughly the same time. Each are complicated and will require a consolidated effort across institutions to implement.
These regulations have been on the horizon and in play for the past several years. For many banks, CRA changes will require new evaluation methods, new data to collect and a new examination process to adjust to, along with new approaches for working with their communities and business partners.
In some ways, the CRA rules and Section 1071 are intertwined and have to sync up. Furthermore, the 1071 data will also be used for fair lending analyses. Lenders will have to implement a system for obtaining and reporting the data. They will also need to analyze and determine what the data shows about their lending patterns, especially in regard to the gender, race, and ethnicity of small-business loan applicants. Sixty-eight percent of survey respondents are either “very” or “somewhat” concerned about their ability to manage implementation of the forthcoming 1071 regulation.
Surprising findings
Wolters Kluwer expected that more survey respondents would report experiencing increased regulatory scrutiny on fair lending examinations. Sixteen percent of respondents indicated more scrutiny, only slightly higher than 2021 and likely attributable to a higher regulatory focus on fair lending. It will be worth watching these results for 2023’s survey.
Climate-related financial risk management is also an area to monitor. Only 27% indicated they were giving significant attention to climate-related risk management, with 23% giving it some consideration. These numbers are likely to rise as the approach regulators take to climate-related risk management becomes clearer and more developed.
The survey revealed a significant increase in concerns for managing risks across business lines. In fact, the 59% share was the highest for risk management in the past four years.
There was also a significant increase for third-party risk management. This share went from 15% in the 2021 survey to 26% in 2022, reflecting the growth of third-party partnerships and increased regulator attention.
There were also across-the-board increases in compliance management system investments. These included investments to strengthen risk management, update policies and procedures, manage regulatory content, improve quality assurance capabilities, and strengthen consumer complaint management.
Respondents are also giving considerable attention to interest rate increases, inflation, recession, and ransomware attacks in their enterprise risk-planning efforts.
Finally, and maybe not surprisingly, 83% indicated their belief that a reduction in overall regulatory burden reduction was either “somewhat unlikely” or “very unlikely” during the next two years.
Top obstacles
The top three obstacles cited for implementing an effective compliance program included manual processes (54%); inadequate staffing (44%); and too many competing business priorities (38%). Let’s break these down a little bit.
With manual processes, today’s environment is too complex to manage compliance without the help of technology and automated processes. Spreadsheets just don’t work. The share of those who expressed concern jumped from 45% in 2021 to 54% in 2022. Manual processes lead to errors, inconsistencies, and disconnects across the so-called three lines of defense.
The three lines of defense start with operational management controls executed on a daily basis. That’s backed up by compliance and risk controls to ensure the first line of defense is properly designed and operating as intended. The last line of defense is an internal audit.
Inadequate staffing saw an increase over the 2021 score of 41%. This modest jump could reflect a couple of things, ranging from the effects of the alleged “great resignation” to the long-standing challenges of attracting and retaining good talent. Another factor might be working from home practices. Anticipation about the future could play a role here, as compliance officers look down the road and see a lot to do; their responses could be suggesting that future staffing is inadequate to handle that load.
Finally, having too many competing business priorities is a challenge that speaks for itself. There has been an emergence of anecdotal evidence of people having to take on more than one role, and the survey results reinforce that trend.
How might financial institutions overcome these obstacles? It appears that the potential answer lies in the appropriate deployment of technology. Regulators are expecting it, especially in an environment where many banks are under remote supervision. This means incorporation of technology into enterprise risk-management programs. It also involves having a fully functioning compliance management system integrated with your institution’s three lines of defense. With these tools and the analytics they provide, one can build solid business cases for identifying and securing needed resources—including more team members—earlier on in your lending institution’s journey to a more sound and effective compliance foundation.