Recent years have seen a steady improvement in the financial performance and condition of small FDIC-insured depository institutions. The improvement has been driven by reductions in the volume of nonperforming loans and a recovery in loan growth that recently has gathered momentum. Yet as every banker knows, the operating environment remains highly competitive and challenging. In the FDIC’s experience, the plans and strategies of bank management and the approach to managing risk are the most important determinants of a bank’s ability to generate sustainable earnings. External financial trends have an important influence on earnings, of course, but it is bank management that charts the course in the face of those trends and ultimately determines success.
This article starts with an informal perspective on strategic planning and concludes by discussing strategic planning in the context of issues bank boards and managements are dealing with today. Strategic planning is a specific aspect of corporate governance that is of particular interest given the significant business decisions banks need to make regarding loan growth, asset-liability management, and other matters. The discussion is intended to provide food for thought, but should not be viewed as supervisory guidance. Select existing FDIC guidance on corporate governance, including strategic planning, is summarized in a text box at the end of this article.
Perspectives on Governance and Planning
Successful bank operations require sound decision-making by a bank’s board of directors and executive officers and effective control of operations; this is the subject matter of corporate governance. Corporate governance can be more or less formal depending on the size and complexity of the bank, but the effectiveness of governance is always a critical determinant of the long-term health of the bank.
Strategic planning involves setting the direction of the bank and the broad parameters by which it will operate. Doing this is a basic responsibility of boards of directors, with the assistance of executive officers. Indeed, setting the strategic objectives and future direction of the bank is a key theme running through FDIC guidance regarding corporate governance and is the initial step in a sound governance framework. For example, the Pocket Guide for Directors states that the board of directors should “…establish, with management, the institution’s longand short-term business objectives, and adopt operating policies to achieve these objectives in a legal and sound manner.”1 The FDIC’s Risk Management Manual of Examination Policies2 and the Interagency Guidelines Establishing Standards for Safety and Soundness (safety-and-soundness standards)3 also outline basic principles for a sound planning process.
Often, banks will have a written strategic plan, but the importance of strategic planning goes beyond producing a piece of paper. Strategic planning can be viewed as a dynamic process for evaluating the bank’s current status, establishing appropriate business objectives, developing plans and risk tolerances, and ensuring policies and controls are in place to make sure the bank operates within the parameters established by the board. Such planning reflects an active and engaged board of directors.
There is no one right way to conduct strategic planning, but a prerequisite is a solid understanding by directors and officers of the current operating environment; the bank’s condition, risk exposure, and business model; and key opportunities and challenges. Such challenges could be external or could involve the bank’s own operational and risk management weaknesses, if applicable. Understanding the starting point can help ensure that planned initiatives are consistent with available expertise and resources. Management should also consider the poten-tial risk impact, contingencies and unforeseen events when making strategic decisions, including the possibility that the economic environment may change unfavorably and unexpectedly. Effective planning processes cover at least a three-to-five year time horizon and provide for regular reviews of results to determine whether adjustments or other course corrections are needed.
An important aspect of the planning process is managing the tradeoff between risk and return. This tradeoff is relevant to many strategic decisions including those regarding loans, investments, asset-liability management and initiatives regarding non-interest income. Generally speaking, capital, earnings and staff expertise should have a reason-able correlation to the institution’s risk profile. This means, first, that banks must understand their own risk profile, including current credit risk and exposure to adverse future credit developments, asset-liability mismatches, and exposure to the potential for securities depreciation. Assessing risk involves not only understanding the bank’s loans, investments and deposits, but taking a macro view by considering possible adverse changes in the institution’s market area or to interest rates.
When evaluating risk-return tradeoffs, the next key question is whether the bank is positioned for sustained performance given its risk profile. Higher-risk profiles should be balanced by greater resources in terms of capital and reserves, reasonably sustainable income, and risk management expertise. Managing to earnings targets without regard to risk would be inadvisable. For example, a bank with peer average capital ratios and a one percent return-on-assets (ROA), but extremely high risk in the loan portfolio, might not have sufficient earnings and capital support for its activities, while average capital ratios and a lower ROA might be more than adequate for a bank with a low and stable risk profile.
Another critical aspect of managing the tradeoff between risk and return is the use of risk limits and riskmitigating strategies when limits are breached. As part of their oversight of management, a board of directors is expected to establish risk limits for the bank’s material financial activities, including loans and investments, interest rate risk, funding sources, and other matters. Risk limits can allow for exceptions with appropriate vetting and approval, but generally speaking the limits should be set so mitigating steps are expected when limits are breached.
None of this discussion should be taken to suggest that the FDIC expects elaborate, consultant-driven strategic planning documents every time a small bank wants to try something new. What is important is a clear focus on the bank’s core mission, vision, and values; solid understanding of the institution’s current risks; proper due diligence and resource allocation before expanding into new lines of business; and an objective, frequent, and wellinformed follow-up process.
Bank examiners and bank boards and management must concern themselves with risk-management issues relevant to the long-run health of banks. Accordingly, there is significant overlap between the risk-management factors examiners review when rating a bank, and the types of issues an engaged bank management team should be considering as part of the planning process. The text box illustrates this idea in the context of how examiners rate the quality of earnings.
Rating Earnings
Knowing whether your earnings are adequate for current operations and sufficient to maintain capital and loan loss reserves going forward is an important responsibility for bank directors and management. Let’s consider two insured institutions, each with $500 million in total assets and each with an ROA of one percent. Earnings should be rated the same at each bank, right? Not necessarily. Let’s first look at how examiners rate earnings.
The Uniform Financial Institutions Rating System (UFIRS) was adopted by the Federal Financial Institutions Examination Council (FFIEC) on November 13, 1979, and was updated effective January 1, 1997.4 Under the UFIRS, each financial institution is assigned a composite rating based on an evaluation and rating of six essential components of an institution’s financial condition and operations. These component factors address the adequacy of capital, the quality of assets, the capability of management, the quality and level of earnings, the adequacy of liquidity, and the sensitivity to market risk. Evaluations of the components take into consideration the institution’s size and sophistication, the nature and complexity of its activities, and the institution’s risk profile.
The UFIRS states that the rating of the earnings component reflects not only the quantity and trend of earnings, but also factors that may affect the sustainability or quality of earnings. The quantity as well as the quality of earnings can be affected by excessive or inadequately managed credit risk that may result in loan losses, high administration costs, and require additions to the allowance for loan and lease losses (ALLL), or by high levels of market risk that may unduly expose an institution’s earnings to volatility in interest rates. The quality of earnings may also be diminished by undue reliance on non-recurring or volatile earnings sources, such as extraordinary gains on asset sales, nonrecurring events, or favorable tax effects. Future earnings may be adversely affected by an inability to forecast or control funding and operating expenses, improperly executed or ill-advised business strategies, or poorly managed or uncontrolled exposure to other risks.
According to the UFIRS, the rating of an institution’s earnings is based on, but not limited to, an assessment of the following evaluation factors:
- The level of earnings, including trends and stability.
- The ability to provide for adequate capital through retained earnings.
- The quality and sources of earnings.
- The level of expenses in relation to operations.
- The adequacy of the budgeting systems, forecasting processes, and management information systems in general.
- The adequacy of provisions to maintain the allowance for loan and lease losses and other valuation allowance accounts.
- The earnings exposure to market risk such as interest rate, foreign exchange, and price risks.
Now, let’s look at what Interagency Guidelines say about how a bank’s board and management should be evaluating earnings. The FDIC issued Part 364 of its Rules and Regulations to implement standards for safety and soundness required by Section 39 of the FDI Act.5 Appendix A to Part 364 – Interagency Guidelines Establishing Standards for Safety and Soundness – sets forth the safety-and-soundness standards that we use to identify and address problems at insured depository institutions before capital becomes impaired.6 Appendix A outlines procedures that banks should employ to periodically evaluate and monitor earnings to ensure earnings are sufficient to maintain capital and loan loss reserves. At a minimum, this analysis should:
- Compare recent earnings trends relative to equity, assets, or other commonly used benchmarks to the institution’s historical results and those of its peers;
- Evaluate the adequacy of earnings given the size, complexity, and risk profile of the institution’s assets and operations;
- Assess the source, volatility, and sustainability of earnings, including the effect of nonrecurring or extraordinary income or expenses;
- Take steps to ensure earnings are sufficient to maintain adequate capital and reserves after considering asset quality and growth rate; and
- Provide periodic earnings reports with adequate information for management and the board of directors to assess earnings performance.
Now, let’s return to our two $500 million banks that each have a one percent ROA, but this time, with a little more information.
The first bank’s ROA had been hovering at about 0.8 percent for several years, but increased due to income from a new program of high yielding, but high-risk lending the bank launched about a year ago. The new lending program has grown rapidly. The bank’s loan loss reserve has been dwindling due to increasing loan losses related to the program, and the capital ratio has been falling due to the growth. Also, the bank’s board has not placed limits on loan growth, and management has been unable or unwilling to forecast how large the high-risk loan portfolio will become.
The second bank has not changed its lending product line for a number of years and has grown steadily, maintaining around a one percent ROA during that time, including through several business cycles. Management and the bank’s board have recently decided to launch a new product line and have forecasted the effects on earnings, the loan loss reserve, and capital over the next three years. The board has placed limits on the size of the new product line and risk tolerance “circuit breakers” so new lending will stop if the income it produces isn’t sufficient to build the additional loan loss reserves and capital needed for the new activity.
Now, would you rate earnings the same at both banks? No, and here’s why. Although these are just thumbnails and we don’t have all the facts, the first bank appears to have some credit-risk issues and risk-management problems that would indicate earnings may be falling short of what they need to support operations and build capital and reserves. And, they don’t appear to be doing an adequate job of monitoring the adequacy of earnings, contrary to the expectations in Appendix A to Part 364. On the other hand, the second bank appears to have done a good job of maintaining earnings. Also, management’s decision to “look before they leap” into a new product shows they have considered the risk/return of the new strategy and have built in a contingency plan if it doesn’t work.
Navigating a Changing Environment
The current earnings environment brings opportunities and challenges to small banks’ management teams. Community banks’ earnings continue to recover from the effects of the financial crisis (see Chart 1).7
As of first quarter 2015, year-over-year earnings grew 16 percent for community banks, driven by a recovery in loan growth and ongoing improvements in asset quality. Loan balances in all major categories at community banks increased year-over-year as of first quarter 2015 (see Chart 2), and noncurrent loan rates continued to trend downward (see Chart 3).
Amid these positive developments, the earnings environment remains uncertain. Challenges include ongoing competitive pressure on net interest margin and non-interest income, the effects of a historically low interest-rate environment, and the risks posed by a potential future increase in interest rates. Given this challenging and everchanging business environment, sound governance and planning are prerequisites for sustained profitability that can and should provide signposts for business decisions. In this section, we emphasize these points with reference to some of the critical strategic decisions small banks are facing today.
There is an old saying that “failing to plan is planning to fail.” One important lesson we learned from the financial crisis is that poor planning can harm institutions, their communities, and the financial system as a whole. Many financial institution failures were traced to management engaging in a new or expanded business line without adequate planning, controls, and understanding of the risks related to the new activity.
One of the most important current strategic planning questions for small banks is how to participate in the recent renewal of loan growth. The increase in lending is a welcome development that in broad terms signals ongoing recovery from the crisis. It is appropriate that small banks contribute to this recovery and benefit from the opportunities it creates. At the same time, it is especially important for banks entering new areas of lending or considering significant expansion plans to do this pursuant to a prudent, diligently executed strategy. The business focus of many small banks on real estate lending, a lending sector whose performance has been highly cyclical, underscores the importance of prudent risk management of lending activities.
Strategic decisions regarding lending should be discussed in terms of the implications for the bank’s risk profile inherent in those decisions. For example, the bank may be considering pursuing a higher-yielding lending segment, but would need to carefully consider whether these loans are of a quality to assure either continued debt servicing or principal repayment.8 In other words, will the new lending segment contribute to sustainable earnings or have an unacceptably high risk of hurting the bank’s performance in the long term? Conversely, some lower-yielding lending segments may contribute more to earnings over time based on their lower incidence of credit loss.
Significant changes in lending activity are likely to require board-approved changes to the lending policy. Banks’ lending policies reflect strategic decisions about market area, underwriting standards, appropriate diversification, extent of planned growth and other matters. Important controls to implement the lending policy include, among other things, credit approval processes, ongoing credit monitoring and risk rating, management of exceptions, and handling of problem credits. The safety-and-soundness standards and Interagency Guidelines for Real Estate Lending Policies provide guidance on sound risk management and controls for the lending function.9
The real-estate crises of the late 1980s and early 1990s, and the more recent crisis, provide striking examples of the importance of maintaining prudent risk management of lending activities.10 A good example is the experience of ADC lenders during the crisis. Studies conducted by the FDIC Office of Inspector General (OIG) based on Material Loss Reviews11 indicate that during the recent crisis, the level of ADC concentrations, the risk management of those concentrations, and the responsiveness to supervisory concerns where applicable, all mattered greatly in separating the survivors from those that failed.
In describing the characteristics of a sample of ADC specialists that remained in satisfactory condition between year-end 2007 and April 2011, a 2012 OIG report12 stated, “Ultimately, the strategic decisions and disciplined, values-based practices and actions taken by the Boards and management helped to mitigate and control the institutions’ overall ADC loan risk exposure and allowed them to react to a changing economic environment.”13 In particular, the report stated that ADC specialists that remained in satisfactory condition throughout the period were more likely to have implemented more conservative growth strategies, relied on core deposits and limited net non-core funding dependence, implemented prudent risk-management practices and limited speculative lending, loan participations, and out-of-area lending, and maintained stable capital levels and access to additional capital if needed.
Recent improvements in small banks’ earnings highlight the importance of maintaining an adequate ALLL. ALLL ratios at small banks currently are trending downward with provisions near historic lows. The ALLL, which is intended to measure probable credit losses on loans or groups of loans, is one of the most significant management estimates in an institution’s financial statements.14 Moreover, the processes for determining the ALLL are an important part of the overall risk management of the loan portfolio and should generate important information for the board and senior management about financial conditions and trends facing the institution. The processes include regular and consistent risk analysis, effective loan review that identifies and addresses problem assets in a timely manner, prompt charge-off of loans or portions of loans that are uncollectible, and a regular review of the ALLL methodology by a party independent of the credit approval and ALLL estimation process. This review by a second set of eyes should help ensure the ALLL methodology is credible and not influenced by a desire to bolster reported earnings.
Another important area of strategic focus is the response to the historically low interest rate environment and preparedness for potential future increases in interest rates. The interest rate environment has been challenging for small banks’ earnings during the post-crisis period and poses strategic challenges for bank management teams going forward. Dimensions of the issue include the downward trend in NIM and increase in maturities of assets, the changing composition of liabilities, and the potential impact of a rising-rate environment on interest income and expense and the value of investment portfolios. The possibility of interest rates transitioning away from historically low levels raises strategic questions about preparedness and highlights the importance of the whatif questions bankers can and should be posing to their interest rate riskmanagement staff and systems.
Supervisory guidance and technical resources on interest rate risk are readily available to every small bank. The last issue of Supervisory Insights, for example, was devoted to practical advice on interest rate risk management for small banks. Perhaps the most important advice is that planning for the potential impact of rising interest rates is too important to be left entirely to those who run the interest rate risk-management systems and models. Senior management and the board should actively question how the bank would fare under rising interest rates, including what would happen if depositors prove more ratesensitive than expected, the extent of securities depreciation that would be expected, and whether risk-mitigation steps are needed.
An intensely competitive financial services marketplace continues to place ongoing pressure on non-interest income. Pressures on interest and non-interest income, in turn, put pressure on banks to reduce overhead expense. Consequently, many small institutions would likely give strategic attention to opportunities that might arise to increase non-interest income or reduce non-interest expense. As a general matter, banks should be thorough in their due diligence with regard to planned new activities to increase fee or other non-interest income, including identifying and vetting in advance the potential risks of the activity and the expertise and resources needed for success. Expense reductions should be carefully reviewed to ensure they do not compromise franchise value or the ability to conduct important functions in a safe-and-sound manner and in compliance with applicable laws and regulations. As a general rule, even more care is warranted when the bank has been approached with unsolicited opportunities to boost income or cut expense.
Finally, we recognize that strategic planning choices that are straightforward in principle may not be easy to implement when the operating environment changes continuously and sometimes dramatically. A good example of this is cybersecurity risk, the importance of which has become increasingly evident over time. We have always expected business continuity and disaster recovery considerations to be incorporated in an institution’s business model. However, in addition to preparing for natural disasters and other physical threats, continuity now also means preserving access to customer data and the integrity and security of that data in the face of cyberattacks.
For this reason, the FDIC encourages banks to practice responses to cyber risk as part of their regular disasterplanning and business-continuity exercises. They can use the FDIC’s Cyber Challenge program, which is available on our public website at www.fdic.gov.15 Cyber Challenge was designed to encourage community bank directors to discuss operational risk issues and the potential impact of information technology disruptions. The FDIC also works as a member of the FFIEC to implement actions to enhance the effectiveness of cybersecurity-related supervisory programs, guidance, and examiner training. The FFIEC recently released a Cybersecurity Assessment Tool to help institutions identify risks and assess their cybersecurity preparedness.16
Conclusion
Banking is an intensely competitive business that is subject to significant and unexpected economic change. The return of loan growth and an uncertain future interest-rate environment pose important strategic questions for bank directors and executive managers. In this challenging environment, a disciplined approach to identifying opportunities and risks, planning for the achievement of goals within acceptable risk tolerances, and staying on course with an appropriate control framework are pre-requisites for success. Long-standing corporate governance principles, sensibly applied based on the size and complexity of operations, are the starting point for an engaged bank management team to achieve these goals.
Policy staff of the Division of Risk Management Supervision
Select Concepts and Existing Guidance on Corporate Governance
Corporate governance broadly refers to the set of relationships, policies and processes that provide strategic direction and control in a company. For a bank, corporate governance determines the effectiveness and safety and soundness of operations. The appropriate scope and formality of governance depends on the volume, scope, and complexity of activities. For a small, non-complex bank, governance does not necessarily need to be complicated: what is needed is a board and senior management that are fully engaged in understanding and managing the bank and its risks.
The governance responsibilities of banks’ managements and boards of directors are different. The UFIRS,17 effective January 1, 1997, states: “Generally, directors need not be actively involved in day-to-day operations; however, they must provide clear guidance regarding acceptable risk exposure levels and ensure that appropriate policies, procedures, and practices have been established. Senior management is responsible for developing and implementing policies, procedures, and practices that translate the board’s goals, objectives, and risk limits into prudent operating standards.” Directors and officers may work toward a common goal, but ultimately the board is responsible for monitoring management and business operations.
The duties and responsibilities of directors of state nonmember banks are summarized in the FDIC’s Pocket Guide for Directors and the Statement Concerning the Responsibilities of Bank Directors and Officers. These include important common law duties of loyalty and care. The Pocket Guide for Directors also indicates that bank boards should “establish, with management, the institution’s long- and short-term business objectives, and adopt operating policies to achieve these objectives in a legal and sound manner.” This critical planning function is discussed further below. Among the other duties of the board specifically described in the Pocket Guide are monitoring bank operations to ensure they are controlled adequately and are in compliance with laws and policies, keeping informed of the activities and condition of the institution and its operating environment, appointing qualified management, and supervising management. Supervising management includes, at a minimum, establishing policies regarding loans, investments, capital planning, profit planning and budget, internal audit and controls, and compliance, among other things; monitoring implementation of board approved policies; providing for third-party review and testing of compliance with policies; heeding supervisory reports and recommendations; and avoiding preferential transactions.
An authoritative source of guidance on bank governance is the Interagency Guidelines Establishing Standards for Safety and Soundness. Section 39 of the FDI Act required each federal banking agency to establish certain safety-and-soundness standards for insured depository institutions.18 These interagency guidelines are detailed in Appendix A to Part 364 of the FDIC Rules and Regulations,19 published in 1995, and provide institutions with supervisory expectations for internal controls and information systems, internal audit, loan documentation, credit underwriting, interest-rate exposure, asset growth, asset quality, earnings and compensation, fees, and benefits.
The safety-and-soundness standards provide a framework for sound risk management, corporate governance, and the supervision of operations for many of the most important areas of the bank. These standards are intended to guide risk-management practices and identify emerging problems and deficiencies before capital becomes impaired. Bank directors should be aware of these standards and ensure that bank management has established appropriate risk-management procedures and policies for each area.
2 See for example the Management and Earnings sections https://www.fdic.gov/regulations/safety/manual/.
3 See for example the Asset Growth and Earnings sections https://www.fdic.gov/regulations/laws/rules/2000-8630.html#fdic2000appendixatopart364.
4 FDIC Statement of Policy, Uniform Financial Ratings System, January 1, 1997 https://www.fdic.gov/regulations/laws/rules/5000-900.html.
5 Part 364 of the FDIC Rules and Regulations, Standards for Safety and Soundness. https://www.fdic.gov/regulations/laws/rules/2000-8600.html.
6 Appendix A to Part 364 – Interagency Guidelines Establishing Standards for Safety and Soundness, https://www.fdic.gov/regulations/laws/rules/2000-8630.html#fdic2000appendixatopart364.
7 Data for charts 1, 2 and 3 are from the FDIC Quarterly Banking Profile https://www.fdic.gov/analysis/quarterly-banking-profile/index.html.
8 See “Quality of Bank Earnings” in FDIC, Risk Management Manual of Examination Policies, page 5.1-6, for further discussion.
9 See https://www.fdic.gov/regulations/laws/rules/2000-8630.html#fdic2000appendixatopart364 and https://www.fdic.gov/regulations/laws/rules/2000-8700.html#fdic2000appendixatosubapart365.
10 Information about the banking crisis of the 1980s and early 1990s can be found, for example, in Federal Deposit Insurance Corporation, History of the Eighties: Lessons for the Future, Federal Deposit Insurance Corporation, 1997.
11 The Inspector General of the appropriate federal banking agency must conduct a Material Loss Review when losses to the Deposit Insurance Fund from failure of an insured depository institution exceed certain thresholds. See http://www.fdicoig.gov/mlr.shtml for further details.
12 FDIC Office of Inspector General, “Acquisition, Development and Construction Loan Concentration Study,” Report No. EVAL-13-001, October, 2012.
13 Ibid, page iii.
14 See “Interagency Policy Statement on the Allowance for Loan and Lease Losses,” 2006.
16 The Assessment and other resources are available at https://www.ffiec.gov/cybersecurity.htm.
17 FFIEC Policy Statement on Uniform Financial Institutions Rating System. https://www.fdic.gov/regulations/laws/rules/5000-900.html.