I recently finished reading a report published by Invictus Consulting Group, LLC, a bank management consulting firm located in NYC. The report touched upon 11 subject areas of interest to all bank CEOs and CFOs. I have created a three part posting to cover the critical takeaways I derived from the report.
• Part One: Regulatory, Compliance and Cybersecurity
• Part Two: Balance Sheet Risk Management
• Part Three: Board of Directors’ Topics
I encourage you to download their full report, 2016: A Regulatory Outlook. Invictus is doing some great work in the bank industry.

Part One: Regulatory, Compliance and Cybersecurity

Consumer Finance Protection Bureau (CFPB) and Compliance Issues:

• Examiners will pay close attention to compliance with bank secrecy and money laundering issues.
• CFPB estimates there are more than 40 million borrowers with student loans who own at least $1.2 trillion.
• There are over 8 million student loan borrowers in default owing more than $110 billion.
• Be careful of loan origination incentive compensation packages, especially any form of compensation that incents the originator to steer consumers to costlier mortgages.
• CFPB assessed over $95 million in fines and enforcement orders worth $5.8 billion in relief to consumers violated by consumer protection law failures. Check out the CFPB website for reference material.
• Vintage analysis of loans is a tool recommended by many including the American Bankers Association in an April 2015 discussion paper and related economic data to support the economic cycle.
• FASB, via the controversial Current Expected Credit Loss (CECL) standard will require financial institutions to change the way they approach their reserve processes by replacing an incurred loss approach with a lifetime expected loss estimate. The draft of the final standard is expected first quarter of 2016.
• A few things to prepare for with CECL: Segmentation of loan portfolio into groups of similar risk characteristics; estimation of average loan life within each pool, tracking of historical loss data for each loan pool; estimating credit losses for each pool.


• FFIEC has released a cybersecurity risk assessment tool to help CEOs and boards to understand and determine their cybersecurity risk. The OCC will begin using the tool in 2016 exams.
• Watch the FDIC videos on cyber challenges.
• Banks are worried about cybersecurity readiness. Regulators will be focused on it.
• Boards and CEOs are responsible for cybersecurity.
• Information: Where is it stored? Who has access to it? Is it adequately protected from all types of threats? Is there adequate internet connection security?  Are there adequate controls over personal devices?
• Join the Financial Services Information Sharing and Analysis Center.

Exams and Enforcement:

• The top Matters Requiring Attention (MRAs) for small banks are credit (45%), enterprise governance (18%), bank information technology (12%), bank secrecy and anti-money laundering (9%) and consumer compliance (9%).
• There is a goal to reduce exam times through the use of automated tools. One example reduced onsite exam time from 32 days to 18 days.
• Focused and enhanced IT exams are being discussed.

See Part Two and Three for continued analysis of the Invictus Report.