Recent years have seen a steady improvement in the financial performance and condition of small FDIC-insured depository institutions. The improvement has been driven by reductions in the volume of nonperforming loans and a recovery in loan growth that recently has gathered momentum. Yet as every banker knows, the operating environment remains highly competitive and challenging. In the FDIC’s experience, the plans and strategies of bank management and the approach to managing risk are the most important determinants of a bank’s ability to generate sustainable earnings. External financial trends have an important influence on earnings, of course, but it is bank management that charts the course in the face of those trends and ultimately determines success.
This article starts with an informal perspective on strategic planning and concludes by discussing strategic planning in the context of issues bank boards and managements are dealing with today. Strategic planning is a specific aspect of corporate governance that is of particular interest given the significant business decisions banks need to make regarding loan growth, asset-liability management, and other matters. The discussion is intended to provide food for thought, but should not be viewed as supervisory guidance. Select existing FDIC guidance on corporate governance, including strategic planning, is summarized in a text box at the end of this article.
Perspectives on Governance and Planning
Successful bank operations require sound decision-making by a bank’s board of directors and executive officers and effective control of operations; this is the subject matter of corporate governance. Corporate governance can be more or less formal depending on the size and complexity of the bank, but the effectiveness of governance is always a critical determinant of the long-term health of the bank.
Strategic planning involves setting the direction of the bank and the broad parameters by which it will operate. Doing this is a basic responsibility of boards of directors, with the assistance of executive officers. Indeed, setting the strategic objectives and future direction of the bank is a key theme running through FDIC guidance regarding corporate governance and is the initial step in a sound governance framework. For example, the Pocket Guide for Directors states that the board of directors should “…establish, with management, the institution’s longand short-term business objectives, and adopt operating policies to achieve these objectives in a legal and sound manner.”1 The FDIC’s Risk Management Manual of Examination Policies2 and the Interagency Guidelines Establishing Standards for Safety and Soundness (safety-and-soundness standards)3 also outline basic principles for a sound planning process.
Often, banks will have a written strategic plan, but the importance of strategic planning goes beyond producing a piece of paper. Strategic planning can be viewed as a dynamic process for evaluating the bank’s current status, establishing appropriate business objectives, developing plans and risk tolerances, and ensuring policies and controls are in place to make sure the bank operates within the parameters established by the board. Such planning reflects an active and engaged board of directors.
There is no one right way to conduct strategic planning, but a prerequisite is a solid understanding by directors and officers of the current operating environment; the bank’s condition, risk exposure, and business model; and key opportunities and challenges. Such challenges could be external or could involve the bank’s own operational and risk management weaknesses, if applicable. Understanding the starting point can help ensure that planned initiatives are consistent with available expertise and resources. Management should also consider the poten-tial risk impact, contingencies and unforeseen events when making strategic decisions, including the possibility that the economic environment may change unfavorably and unexpectedly. Effective planning processes cover at least a three-to-five year time horizon and provide for regular reviews of results to determine whether adjustments or other course corrections are needed.
An important aspect of the planning process is managing the tradeoff between risk and return. This tradeoff is relevant to many strategic decisions including those regarding loans, investments, asset-liability management and initiatives regarding non-interest income. Generally speaking, capital, earnings and staff expertise should have a reason-able correlation to the institution’s risk profile. This means, first, that banks must understand their own risk profile, including current credit risk and exposure to adverse future credit developments, asset-liability mismatches, and exposure to the potential for securities depreciation. Assessing risk involves not only understanding the bank’s loans, investments and deposits, but taking a macro view by considering possible adverse changes in the institution’s market area or to interest rates.
When evaluating risk-return tradeoffs, the next key question is whether the bank is positioned for sustained performance given its risk profile. Higher-risk profiles should be balanced by greater resources in terms of capital and reserves, reasonably sustainable income, and risk management expertise. Managing to earnings targets without regard to risk would be inadvisable. For example, a bank with peer average capital ratios and a one percent return-on-assets (ROA), but extremely high risk in the loan portfolio, might not have sufficient earnings and capital support for its activities, while average capital ratios and a lower ROA might be more than adequate for a bank with a low and stable risk profile.
Another critical aspect of managing the tradeoff between risk and return is the use of risk limits and riskmitigating strategies when limits are breached. As part of their oversight of management, a board of directors is expected to establish risk limits for the bank’s material financial activities, including loans and investments, interest rate risk, funding sources, and other matters. Risk limits can allow for exceptions with appropriate vetting and approval, but generally speaking the limits should be set so mitigating steps are expected when limits are breached.
None of this discussion should be taken to suggest that the FDIC expects elaborate, consultant-driven strategic planning documents every time a small bank wants to try something new. What is important is a clear focus on the bank’s core mission, vision, and values; solid understanding of the institution’s current risks; proper due diligence and resource allocation before expanding into new lines of business; and an objective, frequent, and wellinformed follow-up process.
Bank examiners and bank boards and management must concern themselves with risk-management issues relevant to the long-run health of banks. Accordingly, there is significant overlap between the risk-management factors examiners review when rating a bank, and the types of issues an engaged bank management team should be considering as part of the planning process. The text box illustrates this idea in the context of how examiners rate the quality of earnings.
Navigating a Changing Environment
The current earnings environment brings opportunities and challenges to small banks’ management teams. Community banks’ earnings continue to recover from the effects of the financial crisis (see Chart 1).7
As of first quarter 2015, year-over-year earnings grew 16 percent for community banks, driven by a recovery in loan growth and ongoing improvements in asset quality. Loan balances in all major categories at community banks increased year-over-year as of first quarter 2015 (see Chart 2), and noncurrent loan rates continued to trend downward (see Chart 3).
Amid these positive developments, the earnings environment remains uncertain. Challenges include ongoing competitive pressure on net interest margin and non-interest income, the effects of a historically low interest-rate environment, and the risks posed by a potential future increase in interest rates. Given this challenging and everchanging business environment, sound governance and planning are prerequisites for sustained profitability that can and should provide signposts for business decisions. In this section, we emphasize these points with reference to some of the critical strategic decisions small banks are facing today.
There is an old saying that “failing to plan is planning to fail.” One important lesson we learned from the financial crisis is that poor planning can harm institutions, their communities, and the financial system as a whole. Many financial institution failures were traced to management engaging in a new or expanded business line without adequate planning, controls, and understanding of the risks related to the new activity.
One of the most important current strategic planning questions for small banks is how to participate in the recent renewal of loan growth. The increase in lending is a welcome development that in broad terms signals ongoing recovery from the crisis. It is appropriate that small banks contribute to this recovery and benefit from the opportunities it creates. At the same time, it is especially important for banks entering new areas of lending or considering significant expansion plans to do this pursuant to a prudent, diligently executed strategy. The business focus of many small banks on real estate lending, a lending sector whose performance has been highly cyclical, underscores the importance of prudent risk management of lending activities.
Strategic decisions regarding lending should be discussed in terms of the implications for the bank’s risk profile inherent in those decisions. For example, the bank may be considering pursuing a higher-yielding lending segment, but would need to carefully consider whether these loans are of a quality to assure either continued debt servicing or principal repayment.8 In other words, will the new lending segment contribute to sustainable earnings or have an unacceptably high risk of hurting the bank’s performance in the long term? Conversely, some lower-yielding lending segments may contribute more to earnings over time based on their lower incidence of credit loss.
Significant changes in lending activity are likely to require board-approved changes to the lending policy. Banks’ lending policies reflect strategic decisions about market area, underwriting standards, appropriate diversification, extent of planned growth and other matters. Important controls to implement the lending policy include, among other things, credit approval processes, ongoing credit monitoring and risk rating, management of exceptions, and handling of problem credits. The safety-and-soundness standards and Interagency Guidelines for Real Estate Lending Policies provide guidance on sound risk management and controls for the lending function.9
The real-estate crises of the late 1980s and early 1990s, and the more recent crisis, provide striking examples of the importance of maintaining prudent risk management of lending activities.10 A good example is the experience of ADC lenders during the crisis. Studies conducted by the FDIC Office of Inspector General (OIG) based on Material Loss Reviews11 indicate that during the recent crisis, the level of ADC concentrations, the risk management of those concentrations, and the responsiveness to supervisory concerns where applicable, all mattered greatly in separating the survivors from those that failed.
In describing the characteristics of a sample of ADC specialists that remained in satisfactory condition between year-end 2007 and April 2011, a 2012 OIG report12 stated, “Ultimately, the strategic decisions and disciplined, values-based practices and actions taken by the Boards and management helped to mitigate and control the institutions’ overall ADC loan risk exposure and allowed them to react to a changing economic environment.”13 In particular, the report stated that ADC specialists that remained in satisfactory condition throughout the period were more likely to have implemented more conservative growth strategies, relied on core deposits and limited net non-core funding dependence, implemented prudent risk-management practices and limited speculative lending, loan participations, and out-of-area lending, and maintained stable capital levels and access to additional capital if needed.
Recent improvements in small banks’ earnings highlight the importance of maintaining an adequate ALLL. ALLL ratios at small banks currently are trending downward with provisions near historic lows. The ALLL, which is intended to measure probable credit losses on loans or groups of loans, is one of the most significant management estimates in an institution’s financial statements.14 Moreover, the processes for determining the ALLL are an important part of the overall risk management of the loan portfolio and should generate important information for the board and senior management about financial conditions and trends facing the institution. The processes include regular and consistent risk analysis, effective loan review that identifies and addresses problem assets in a timely manner, prompt charge-off of loans or portions of loans that are uncollectible, and a regular review of the ALLL methodology by a party independent of the credit approval and ALLL estimation process. This review by a second set of eyes should help ensure the ALLL methodology is credible and not influenced by a desire to bolster reported earnings.
Another important area of strategic focus is the response to the historically low interest rate environment and preparedness for potential future increases in interest rates. The interest rate environment has been challenging for small banks’ earnings during the post-crisis period and poses strategic challenges for bank management teams going forward. Dimensions of the issue include the downward trend in NIM and increase in maturities of assets, the changing composition of liabilities, and the potential impact of a rising-rate environment on interest income and expense and the value of investment portfolios. The possibility of interest rates transitioning away from historically low levels raises strategic questions about preparedness and highlights the importance of the whatif questions bankers can and should be posing to their interest rate riskmanagement staff and systems.
Supervisory guidance and technical resources on interest rate risk are readily available to every small bank. The last issue of Supervisory Insights, for example, was devoted to practical advice on interest rate risk management for small banks. Perhaps the most important advice is that planning for the potential impact of rising interest rates is too important to be left entirely to those who run the interest rate risk-management systems and models. Senior management and the board should actively question how the bank would fare under rising interest rates, including what would happen if depositors prove more ratesensitive than expected, the extent of securities depreciation that would be expected, and whether risk-mitigation steps are needed.
An intensely competitive financial services marketplace continues to place ongoing pressure on non-interest income. Pressures on interest and non-interest income, in turn, put pressure on banks to reduce overhead expense. Consequently, many small institutions would likely give strategic attention to opportunities that might arise to increase non-interest income or reduce non-interest expense. As a general matter, banks should be thorough in their due diligence with regard to planned new activities to increase fee or other non-interest income, including identifying and vetting in advance the potential risks of the activity and the expertise and resources needed for success. Expense reductions should be carefully reviewed to ensure they do not compromise franchise value or the ability to conduct important functions in a safe-and-sound manner and in compliance with applicable laws and regulations. As a general rule, even more care is warranted when the bank has been approached with unsolicited opportunities to boost income or cut expense.
Finally, we recognize that strategic planning choices that are straightforward in principle may not be easy to implement when the operating environment changes continuously and sometimes dramatically. A good example of this is cybersecurity risk, the importance of which has become increasingly evident over time. We have always expected business continuity and disaster recovery considerations to be incorporated in an institution’s business model. However, in addition to preparing for natural disasters and other physical threats, continuity now also means preserving access to customer data and the integrity and security of that data in the face of cyberattacks.
For this reason, the FDIC encourages banks to practice responses to cyber risk as part of their regular disasterplanning and business-continuity exercises. They can use the FDIC’s Cyber Challenge program, which is available on our public website at www.fdic.gov.15 Cyber Challenge was designed to encourage community bank directors to discuss operational risk issues and the potential impact of information technology disruptions. The FDIC also works as a member of the FFIEC to implement actions to enhance the effectiveness of cybersecurity-related supervisory programs, guidance, and examiner training. The FFIEC recently released a Cybersecurity Assessment Tool to help institutions identify risks and assess their cybersecurity preparedness.16
Conclusion
Banking is an intensely competitive business that is subject to significant and unexpected economic change. The return of loan growth and an uncertain future interest-rate environment pose important strategic questions for bank directors and executive managers. In this challenging environment, a disciplined approach to identifying opportunities and risks, planning for the achievement of goals within acceptable risk tolerances, and staying on course with an appropriate control framework are pre-requisites for success. Long-standing corporate governance principles, sensibly applied based on the size and complexity of operations, are the starting point for an engaged bank management team to achieve these goals.
Policy staff of the Division of Risk Management Supervision
1 See https://www.fdic.gov/regulations/resources/director/pocket.html.
2 See for example the Management and Earnings sections https://www.fdic.gov/regulations/safety/manual/.
3 See for example the Asset Growth and Earnings sections https://www.fdic.gov/regulations/laws/rules/2000-8630.html#fdic2000appendixatopart364.
4 FDIC Statement of Policy, Uniform Financial Ratings System, January 1, 1997 https://www.fdic.gov/regulations/laws/rules/5000-900.html.
5 Part 364 of the FDIC Rules and Regulations, Standards for Safety and Soundness. https://www.fdic.gov/regulations/laws/rules/2000-8600.html.
6 Appendix A to Part 364 – Interagency Guidelines Establishing Standards for Safety and Soundness, https://www.fdic.gov/regulations/laws/rules/2000-8630.html#fdic2000appendixatopart364.
7 Data for charts 1, 2 and 3 are from the FDIC Quarterly Banking Profile https://www.fdic.gov/analysis/quarterly-banking-profile/index.html.
8 See “Quality of Bank Earnings” in FDIC, Risk Management Manual of Examination Policies, page 5.1-6, for further discussion.
9 See https://www.fdic.gov/regulations/laws/rules/2000-8630.html#fdic2000appendixatopart364 and https://www.fdic.gov/regulations/laws/rules/2000-8700.html#fdic2000appendixatosubapart365.
10 Information about the banking crisis of the 1980s and early 1990s can be found, for example, in Federal Deposit Insurance Corporation, History of the Eighties: Lessons for the Future, Federal Deposit Insurance Corporation, 1997.
11 The Inspector General of the appropriate federal banking agency must conduct a Material Loss Review when losses to the Deposit Insurance Fund from failure of an insured depository institution exceed certain thresholds. See http://www.fdicoig.gov/mlr.shtml for further details.
12 FDIC Office of Inspector General, “Acquisition, Development and Construction Loan Concentration Study,” Report No. EVAL-13-001, October, 2012.
13 Ibid, page iii.
14 See “Interagency Policy Statement on the Allowance for Loan and Lease Losses,” 2006.
15 https://www.fdic.gov/regulations/resources/director/technical/cyber/purpose.html.
16 The Assessment and other resources are available at https://www.ffiec.gov/cybersecurity.htm.
17 FFIEC Policy Statement on Uniform Financial Institutions Rating System. https://www.fdic.gov/regulations/laws/rules/5000-900.html.
18 https://www.fdic.gov/regulations/laws/rules/1000-4100.html.
19 https://www.fdic.gov/regulations/laws/rules/2000-8630.html#fdic2000appendixatopart364.