�౦��Ϸ����

PDF version of this article

As the primary federal regulator for most community banks, the �౦��Ϸ���� appreciates the challenges these institutions face as they often have limited staff and resources. Community banks, particularly those with tight profit margins, need to be certain that every dollar is well spent. Accordingly, as part of its Community Banking Initiative, the �౦��Ϸ���� recently shared an Information Package¹ with its supervised institutions that provides details about resources and technical assistance that the �౦��Ϸ���� offers on a variety of supervisory matters. This article furthers these efforts to support community banks by highlighting the resources made available by the �౦��Ϸ���� and how they may assist institutions in understanding and fulfilling regulatory expectations without seeking outside help from consulting services. The �౦��Ϸ���� is committed to open communication with its supervised institutions and encourages bankers to check with their �౦��Ϸ���� contact (case manager, field supervisor, or onsite examinerin-charge) to clarify regulatory expectations first to avoid potentially unnecessary consultant expenses.

Multiple Factors Influence the Decision to Work with Consultants

According to insights provided by community bankers, factors prompting institutions to hire consultants vary. For some banks, hiring consultants is a proactive strategy to obtain specific expertise to address new or complex areas for which the bank lacks depth or proficiency. Consultants may be particularly helpful in managing risks and regulatory compliance in more technical and evolving areas such as IT. Bankers also may believe contracting periodically for certain services with an outside firm is more cost effective than hiring and training additional full-time equivalent staff, or there may be a lack of qualified, affordable resources in a small or rural bank’s employment market.

Bankers also face a large volume of marketing solicitations from vendors offering services to ensure institutions keep pace with regulatory expectations. When there is a question as to whether a vendor’s proposed product and service is consistent with regulatory expectations, institutions are encouraged to discuss the proposal with their �౦��Ϸ���� regional or field office contacts.

Technical Assistance Available from the �౦��Ϸ����

�౦��Ϸ����-produced technical assistance videos address a variety of issues that community banks face as part of regulatory and examination processes. They range in length from several minutes to over an hour (broken into sections), depending upon the complexity of the material and the depth of treatment provided in each video. The training provided in these videos may help institutions economize on the need for consultants or other contractors as personnel learn to perform the functions themselves. The videos in the program are grouped into sections as follows:²

• Virtual Technical Assistance Program: These videos provide technical training for bank officers and employees on a range of regulatory issues, including Interest Rate Risk, the Allowance for Loan and Lease Losses, Troubled Debt Restructurings, Flood Insurance, Managing Fair Lending Risk, Appraisals and Evaluations and Evaluation of Municipal Securities.
• Rulemaking Videos: These videos provide an overview of complex rulemakings, including the “Regulatory Capital Interim Final Rule.”
• New Director Education Videos: These videos provide information to new bank directors about their fiduciary role and responsibilities as well as an overview of the �౦��Ϸ����’s risk management and compliance examination processes.
• Virtual Directors’ College Program: These videos are a virtual version of the Directors’ College Program that �౦��Ϸ���� regional offices deliver to bank directors and executive officers throughout the year.

The videos are a relatively new resource first introduced in the spring of 2013. The �౦��Ϸ���� has received positive feedback from members of its Advisory Committee on Community Banking.³ Members described the videos as a good resource for training bank directors and management, and noted the informational value of receiving detailed presentations of regulatory and supervisory expectations directly from the �౦��Ϸ����.⁴

Independent Reviews

It is important to distinguish the use of third-party consultants as described above with independent reviews of processes that are part of a sound risk management framework. Some �౦��Ϸ���� and interagency policies and guidance do require such reviews. For example,⁵ an independent review is a critical component of the control processes for BSA/AML, interest rate risk (IRR) and liquidity risk management, and ALLL methodology. Also, the �౦��Ϸ���� Compliance Examination Manual⁶ requires banks to conduct compliance audits, which are independent reviews of institutions’ compliance with consumer protection laws and regulations and adherence to internal policies and procedures. The �౦��Ϸ����’s expectations for independent reviews are not new; most have been in place for many years.

�౦��Ϸ���� and interagency policies and guidance state that independent reviews will vary substantially in form and scope for institutions depending on business model and complexity of operations, and generally may be conducted by any of the following: an institution’s staff or board member, so long as the individual is qualified and independent of the function under review; the institution’s internal audit section, as applicable; or a third party such as the institution external audit firm. For example, guidance regarding BSA/AML compliance indicates “Independent testing of the BSA/AML Compliance Program⁷ should be conducted by the internal audit department, outside auditors, consultants, or other qualified persons that are independent of the BSA/AML function.” As discussed previously, smaller community banks often face resource constraints and may not have sufficient qualified and independent staff to conduct independent reviews. In such cases, bankers and examiners should discuss regulatory expectations for independent reviews so institutions can assess their options and potentially avoid contracting for costly and unnecessary services.

Communication Between Bankers and Examiners Regarding Independent Reviews

As described in the Summer 2012 Supervisory Insights article “The Risk Management Examination and Your Community Bank,” the �౦��Ϸ���� is committed to open communication with community banks, recognizing this is critical to administering an effective supervisory process.⁸ A key component of this communication is ensuring bankers understand examination procedures and regulatory expectations.

Examiners and bankers often share and discuss emerging issues and industry practices during examinations. Common questions involve bankers asking examiners “how can my bank do better?” and “what general trends are you seeing in other banks and in the market?” In such discussions, it is possible that an examiner might cite the use of a third party to perform certain functions as a tool some other banks have found helpful. This sharing of a particular practice should not be misinterpreted as a regulatory requirement. Explicit requirements and directions from the �౦��Ϸ���� to banks are provided in the �౦��Ϸ���� Report of Examination and written correspondence between the bank and the �౦��Ϸ����. Bankers are encouraged to follow up with their examiner-in-charge, field supervisor or assistant regional director before hiring consultants, if they have any questions or concerns about �౦��Ϸ���� expectations.

�౦��Ϸ���� Guidance on Banks’ Use of Consultants

The �౦��Ϸ���� only requires institutions it supervises to hire consultants in certain, limited circumstances, for example as part of an enforcement action or to address a severe operational deficiency. In these cases, which amounted to fewer than two percent of all risk and consumer protection/CRA examinations in 2013, the �౦��Ϸ���� incorporated provisions into formal and informal enforcement actions requiring institutions to obtain independent third-party reviews where significant violations or operational deficiencies existed, or to verify that restitution had been paid to consumers. Examinations that result in this type of enforcement action provision are uncommon. When such a provision is used, the �౦��Ϸ���� reviews the consultant’s engagement letter to ensure the appropriateness of the proposed scope of the work and the final work product to ensure the completeness of the response and that it has sufficiently addressed the noted deficiency. The �౦��Ϸ���� provides written guidance to examiners relative to requiring the hiring of a consultant as part of an enforcement action in the �౦��Ϸ����’s Risk Management Manual of Examination Policies.⁹ Such a recommendation requires multiple levels of review before approval.

Conclusion

Some community banks note a growing use of consultants associated with regulatory compliance requirements. This may be due, in part, to a misunderstanding of regulatory expectations. There are often cost-effective alternatives to working with consultants, including drawing on the expertise of board or staff members who possess the requisite skills and independence. The �౦��Ϸ���� believes that its supervised institutions can frequently manage regulatory and compliance responsibilities using internal resources, and continues to develop resources to assist institutions in understanding �౦��Ϸ����’s regulatory and supervisory expectations. Bankers are encouraged to access technical assistance and clarification by �౦��Ϸ���� field and regional office staff to determine whether internal or external resources are necessary to maintain a sound and compliant risk management framework.

Laura Brix
Senior Examination Specialist
RMS
lbrix@fdic.gov
 

Kristopher Rengert
Senior Consumer Researcher
DCP
krengert@fdic.gov
 

¹ See http://www.fdic.gov/regulations/resources/cbi/infopackage.html.

² The Technical Assistance Videos can be found on the Directors’ Resource Center webpage at http://www.fdic.gov/regulations/resources/director/video.html. They are also available on the �౦��Ϸ����’s YouTube channel.

³ The �౦��Ϸ���� Board of Directors approved establishing the �౦��Ϸ���� Advisory Committee on Community Banking in 2009 to provide the �౦��Ϸ���� with advice and guidance on a broad range of important policy issues impacting small community banks throughout the country, as well as the local communities they serve, with a focus on rural areas. The 15-member board generally meets three times per year.

⁴ Minutes from the Advisory Committee on Community Banking meeting on July 25, 2013 and April 9, 2014, accessed at http://www.fdic.gov/communitybanking/.

⁵ See, for example, “Interagency Policy Statement on Allowance for Loan and Lease Losses” (Interagency Policy Statement on the Allowance for Loan and Lease Losses (2006));”Financial Institution Management of Interest Rate Risk” (Financial Institution Management of Interest Rate Risk (FIL-22010)); “Bank Secrecy Act: Provision for Independent Testing for BSA/AML” (Bank Secrecy Act Provision for Independent Testing for BSA/AML Compliance (FIL-38-2008)). This is not an exhaustive list of risk management guidance that address independent reviews, but rather examples that reflect �౦��Ϸ����’s expectations in this area.
 

⁶ See http://www.fdic.gov/regulations/compliance/manual/.

⁷ Supra, footnote 7, “Bank Secrecy Act: Provision for Independent Testing for BSA/AML Compliance.

⁸ See /regulations/examinations/supervisory/insights/sisum12/sisummer12-article1.pdf.

⁹ See “Formal Enforcement Actions” (Section 15.1), “Management” (Section 4.1) and “Internal Routine and Controls” (Section 4.2). See /regulations/safety/manual/.