banking new york march 2012

THE INDUSTRY MAGAZINE FOR FINANCIAL EXECUTIVES & PROFESSIONALS • MARCH 2012 • VOLUME 21

The Risk Management Issue

WILL U.S. BANKS SURVIVE THE EURO CRISIS?

INSIDEWEATHER-RELATED BUSINESS INTERRUPTION

COMPLIANCE EFFECTIVENESS

CREDIT UNION EXPANSION

EFFECTIVE ERM

Diebold’s security integration connects an array of systems, giving operators unifi ed control and citizens peace of mind. It’s another example of Diebold

doing more to build relationships. Relationships that have inspired us to become leaders and innovators in the banking industry for more than 150 years.

For the entire story, visit Diebold.com/boldsecurity.

1.800.806.6827 diebold.com [email protected]

Managing security systems at the new World Trade Center is more than a challenge. It’s an honor.

BOLDSECURITY CHANGES

ALL.

die7614-02_WTC_Banking NewYork_v01AR_20111228.indd 1 12/28/11 5:20 PM

04 LETTER TO THE EDITORNew Report Sheds Light on Wall Street Inequity

06 NEWSNY Lenders Wary of Oil and Gas Leases

07 NEWSBoA Ditches Agent-Card Business

SPECIAL RISK MANAGEMENT SECTION

08 Managing Mother Nature

10 Demonstrating Compliance Effectiveness

12 When Credit Unions Expand

14 Effective ERM: The Roadmap to Operational Efficiency

16 COVER STORY Euro Crisis Underscores Need for Risk Management Programs, Even at Smaller Banks

20 PROFILE Sterling National Bank Still Does Business the Traditional Way

22 ECONOMY2012 a Good Year, but Not a Boom Year, Economists Note

25 LEGAL CORNER D&O Liability Policy Pitfalls Can Ensnare Bank Executives

28 HR DESKHow to Hire a Chief Risk Officer

30 SMALL CHANGE

14

6 10

22

BANKING NEW YORK Volume 21 | MARCH 2012

16

CONTRIBUTING WRITERS THIS ISSUEMaura Ewing, Steve Viuker, Scott Van Voorhis

TWG STAFFCHAIRMAN Timothy M. Warren CEO & PUBLISHER Timothy M. Warren Jr.PRESIDENT David B. LovinsCONTROLLER DIR. OF OPERATIONS Jeffrey E. Lewis

SALESDIRECTOR OF EVENTS Sarah WarrenPUBLISHING GROUP SALES MANAGER George ChateauneufADVERTISING, MARKETING & EVENTS COORDINATOR Emily TorresADVERTISING ACCOUNT MANAGER Cara Feldman ADVERTISING ACCOUNT MANAGER Richard Ofsthun

EDITORIALCUSTOM PUBLICATIONS EDITOR Christina P. O’NeillASSOCIATE EDITOR Cassidy Norton Murphy

ARTCREATIVE DIRECTOR John BottiniSENIOR GRAPHIC DESIGNER Scott EllisonGRAPHIC DESIGNER Ellie AliabadiDESIGN INTERN Alyssa Sullivan

©2012 The Warren Group Inc. All rights reserved. The Warren Group is a trademark of The Warren Group Inc. No part of this publication may be reproduced in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher. Advertising, editorial and production inquiries should be directed to: The Warren Group, 280 Summer Street, Boston, MA 02210 www.thewarrengroup.com

CORRECTION:

In “Patriot National Bank Survives Downturn, Reports Small But Significant Profit” in the last issue of Banking New York, Solaia Capital Advisors was spelled incorrectly, as was Bard Management. It was also reported that a former colleague of Michael Carrazza’s at Bard Management was a member of the takeover team at Patriot National Bank; this is incorrect. We regret the errors.

4 | Banking New York

As a local community banker, a recent news report on the financial assistance provided

by federal regulators to the nation’s largest and riskiest financial institutions at the height of the recent financial crisis made my blood boil. The report, drawing from 29,000 pages of Federal Reserve documents obtained under the Freedom of Information Act, uncovers trillions of dollars in secret Federal Reserve Board “no strings attached” loans that allowed these too-big-to-fail institutions to net $13 billion in profits – at exactly the same time they were bringing our economy to the brink of collapse. Once again Wall Street gets the gold while Main Streets like ours get the shaft.

The report reads like a horror story for community bankers and taxpayers in general. It reveals the special, privileged world of Wall Street that a Main Street banker never sees.

In a struggling economy, community banks like mine strive to serve the needs of our local customers and help drive stability and prosperity right here in Western New York. We do this – and have been doing so for 110 years – while not receiving the kind of privileged regulatory treatment made available to a handful of the nation’s largest financial institutions. While those that helped trigger the financial collapse get away scot-free, community bankers like mine face the harshest examination climate in more than two generations! You would think Congress and the regulatory agencies would not allow such inequities to

happen – but they have. None of us want to see a sequel of the financial crisis, so let’s nip this in the bud right now and put a hard stop on too-big-to-fail.

The report is further evidence of why I and other community bankers across the nation will not waiver in our support of fair and proportional regulations that distinguish Main Street community banks from Wall Street mega banks. After all, we should

never again let a handful of too-big-to-fail financial firms bring this nation to its economic knees, all the while wreaking havoc on local economies like ours. n

Sal MarrancaPresident and CEO, Cattaraugus County Bank, Little Valley, NY

LETTER TO THE EDITOR | By Sal Marranca

New Report Sheds Light on Wall Street Inequity

Currency Recyclers

Contact us: 800-347-1414 ext. [email protected] visit www.magner.com

It’s Time to Expect More from Currency Automation Solutions and Self-Service Coin Centers

50 Y EARS1 9 6 1 - 2 0 1 1

Doing Things the Right Way

Self-Service Coin Centers Currency Dispensers

Market to 75,000 CPAs And ACCounting ProfessionAls

FOR MORE INFORMATIONContact Advertising at 617.896.5344 or email [email protected]

Your advertising message will reach the most influential

CPAs, as well as the businesses and individual clients

to whom they recommend products and services.

start growing your business now by advertising

in all of our official association magazines.

Call today and ask about our package discounts.

MAXiMizeYour CoMPaNY’sexPosure

NEWS


Lenders in upstate New York are increasingly concerned about oil and natural gas leases on mortgaged properties and are refusing

to finance properties with those leases.New York state law conflicts with long-

standing requirements of secondary market investors, said Greg May, vice president of residential mortgage lending at Tompkins Trust Company in Ithaca, NY.

Fannie Mae and Freddie Mac require gas lines as well as any other mining-related activities be set back at least 200 feet from residential properties. The Federal Housing Authority requires setbacks of at least 300 feet from the property line. “Typically, gas leases do not respect those setbacks,” May said.

New York state law requires that pipelines and oil and gas buildings be set back 100 feet from residential buildings. State laws are silent on subsurface lines.

Homeowners with gas lines within those secondary market setback limits are in violation of their mortgage terms and in technical default, May said. If they stop paying their mortgages,

the investor could try to force the lender to buy back the loan, although the lender could argue that they met the terms when the mortgage was recorded.

Secondary market rules prohibit any mining-related activity – including roads and pump stations and other structures – with the setback limits.

“They’re looking to preserve the integrity of the residential property,” May said. “Those activities appear to be more commercial. If it suddenly turns into a quasi-commercial property, it could have a negative impact on the property.”

More lenders are becoming concerned and are refusing to finance properties with gas leases, according to May. “Each one I talk to says, ‘You’re right, Greg. That’s a problem.’ Before, lenders didn’t understand there’s a conflict. More and more lenders are coming to understand that.”

How many homeowners have mortgages violating setback requirements is unknown, but it’s probably large. Tens of thousands of property owners have gas leases. Homeowners are supposed to obtain their lender’s approval before signing a gas lease, he said, but Tompkins Trust Company has yet to receive a request to approve one, a situation that’s probably typical among lenders.

The state must put into place larger setback requirements that do not conflict with mortgage investor rules, May said, noting that other states don’t have that conflict. “It’s a simple fix,” he said.

Terms of leases might not be recorded; there might be only a memorandum of the lease. “Without the terms of the lease, appraisers don’t know if the lease is for $1 or something much larger,” he said. “It’s important them to effectively compare apples to apples.”

And because the FHA’s setback requirements are based on property lines, a neighbor’s gas line can create a problem, he said, saying a centralized database would help. n

NY Lenders Wary of Oil and Gas Leases

The state attorney general’s investigation of possible foreclosures involving military personnel should alert mortgage lenders

and servicers to the hazards of noncompliance with the Servicemembers Civil Relief Act (SCRA).

State Attorney General Eric Schneiderman is investigating whether lenders illegally foreclosed on homes of servicemembers at Fort Drum.

Compliance experts predict a growing number of investigations across the country by both state and federal regulators, as well as more private lawsuits against lenders.

Holly Petraeus, wife of the former general David Petraeus and head of the new Consumer Finance Protection Bureau’s Office of Servicemembers Affairs, is taking a very public role in her effort to protect servicemembers.

Expect more news stories in the mainstream media, warn compliance experts. “This is a really great news story,” Kirk Jensen, a partner at the Washington, DC-based law firm Buckley Sandler, said in a recent presentation. “The press loves this story.”

Although it investigates potential violations of other regulations only after receiving multiple complaints, the Department of Justice will investigate a lender’s SCRA compliance after a single complaint, Jensen said.

“It’s under a microscope right now, and it should be,” said Mary Beth Guard, executive editor for BankersOnline.com, which provides compliance advice and training.

The law forbids lenders from foreclosing on homes of active duty military personnel except by court order. That includes members of the Coast Guard, reservists ordered to report for military service, and National Guardsmen called to active service for more than 30 consecutive days.

Lenders cannot foreclose on a servicemember’s home while they are on active duty, or within nine months after they leave military service, without court approval. After Dec. 31, 2012, the nine-month grace period reverts to three months.

Continual changes to the SCRA, which also

restricts evictions of servicemembers from rental properties and repossessions of their property securing personal loans, makes compliance trickier. Congress originally enacted the law in 1918 as the Soldiers and Sailors Civil Relief Act, re-enacted it in 1940, again in 2003, and modified it in 2010. Because of that long history, sections of the law’s language, written in different financial times, are archaic, with legal definitions differing from current ones.

“Many institutions do not really have a compliance program that meets regulators’ requirements,” said Jeff Naimon, an attorney with Buckley Sandler.

The key is finding if homeowners are in active duty. “If they are, you just have to back off,” said Guard, former general counsel for the Oklahoma Bankers Association. “There’s nothing worse for your reputation than foreclosing on military personnel.”

The law does not require servicemembers to send lenders a copy of their orders or tell them they are in military service to have foreclosure proceedings stopped.

The Department of Defense has a searchable online database of servicemembers’ names, but it has shortcomings, according to compliance experts. For instance, a servicemember’s name won’t be found in the database, Guard noted, if it differs from the legal name recorded on the mortgage.

The database may not always be accurate and current, and lenders cannot do automated batch-file checks, although the Justice Department can, Jensen said. Lenders must check it at the right time in foreclosure process and be able to prove that they have used the database

Lenders should send notices to all borrowers with late payments to inform them about the SCRA, Guard advised.

“People may make assumptions on who is or is not in the military,” she said. “Send the

AG Investigates Ft. Drum Foreclosures

MARCH 2012 | 7

continued on page 21


Taken separately, the most severe natural events are unlikely to occur. However, Mother Nature can take many forms,

and her wrath is notoriously difficult to predict accurately, even with the best practices and software tools used by meteorologists. It is that unpredictability that makes such events so destructive.

But severe weather is only one part of the risk equation. Industries must manage weather risk on a day-to-day basis. Despite the severity of extreme events and the frequency of lesser events, risk analysis of weather is still rarely given the prominence it deserves. It is crucial to determine what risks emerge when various types of weather conditions strike. Organizations should take a more strategic approach to this type of risk. Increasingly, companies are adopting more sophisticated techniques to specifically account for, rather than ignore, the inherent uncertainty and unpredictability that characterize weather risk.

Techniques such as quantitative risk management (QRM) and decision-making under uncertainty (DMU) are widely used to predict uncertain outcomes. Utilizing QRM and DMU requires thinking more quantitatively, with numbers and probabilities, recognizing the reality that uncertainty exists in nearly every decision and accounting for those uncertainties in a quantitative way. Quantitative risk analysis (QRA) is becoming an increasingly important tool in planning for weather risk.

One helpful example of QRA is the use of Monte Carlo simulation. An analytical technique that’s been around since World War II, Monte Carlo simulation is a computational method which, in simple terms, looks at all possible outcomes and identifies the probabilities of different outcomes occurring. Monte Carlo simulation in particular is being applied by a wide range of private

companies and government agencies to formulate mitigation strategies.

In traditional risk-assessment models, actuarial experts confer on what the best, worst and most likely scenarios are for a given variable. But this “three-point estimate” method does not assess the probabilities that this will happen – one has no idea if each case has a one percent chance or a 50 percent chance or a 99 percent chance of occurring.

Monte Carlo simulation fixes this problem by allowing decision-makers to use ranges of values instead of single-point estimates to represent uncertain values. These ranges are known as probability distributions, and include commonly-used ones like the normal, or “bell curve,” and the uniform, which means that every value in the range has an equal chance of occurring. Depending on the distribution, certain parts of each range are more likely to happen than others.

Monte Carlo simulation also allows for identifying the drivers of risk and ranking them from most to least important based on the impact each has on the bottom line. This allows decision makers to put resources into mitigating the most important risks instead of wasting time by guessing.

In early 2009, critics alleged that the method had failed because the financial crisis happened while big banks were using Monte Carlo. The flaw with that argument is that it ignores the model itself, which is only as good as its practitioner. The old adage “garbage in, garbage out” still applies. If you are inaccurately modeling by using the wrong distribution functions or not representing the likelihood of something happening within those results, you will get the wrong outcome.

Take an example of modeling stock market behavior. Mathematically, using the normal

Managing Mother NaturePlanning for Extreme Weather Events

RISK MANAGEMENT

Randy Heffernan is vice president of Palisade Corporation, based in Ithaca, which specializes in risk and decision analysis software. He can be reached at [email protected].


By Randy Heffernan

THE POWER OF AN ADVANCE

One advance can help fund hundreds of neighborhood needs. FHLBNY advances are a reliable liquidity source for our member lenders to finance

home mortgage, small business, and economic development activities.

Tioga State Bank, an FHLBNY member, used an advance to help provide financing to Bates Troy Inc., a local family-owned and operated community business offering cleaning

and clothing restoration services for healthcare facilities. The project allowed this Binghamton, New York-based “green dry cleaner” to expand their facilities and equipment

and offer several new production job opportunities.

Contact us to see how the power of an advance can impact your community.

101 Park Avenue, New York, NY 10178 | (212) 441- 6700 | www.fhlbny.comNote: The Federal Home Loan Bank of New York uses the word “advances” to refer to the loans it provides to our member lenders.

Expanded regulations continue to go into effect as a result of the Dodd-Frank Act. As a result, financial services organizations must

not only show that they have compliance and ethics programs in place, but be capable of demonstrating that their programs are actually working. Regulatory scrutiny of corporate compliance programs has shifted from a focus on policies, procedures and retrospective audits, to proactive measures of

effectiveness and desired results. Regulators are increasingly working to prevent organizations from “going through the motions” of compliance and instead requiring them to proactively show the substance behind their programs. Many financial services organizations now seek to implement measurements that will help them demonstrate the effectiveness of their compliance and ethics programs.

In 2011 alone, examples of increasing regulatory scrutiny include the whistleblower programs finalized by the SEC in May and the Commodity Futures Trading Commission (CFTC) in August. Whistleblower allegations, motivated by “bounty hunter” payments from enforcement agencies, are likely to grow significantly as a result of these new programs. For example, if a whistleblower claims that a financial services organization has violated privacy laws, the whistleblower can receive a percentage of the fine levied, if the investigators determine that the claim is valid and are successful with a whistleblower lawsuit. A concern in the industry is that due to these financial rewards, rather than calling an internal company hotline to

report a suspected issue, whistleblowers will call a regulator instead. The regulator may in turn demand evidence of an effective compliance program from the organization.

There are several guidelines and tools available for financial services organizations to use as they strive to demonstrate the effectiveness of their compliance programs. The most commonly cited resource is the list of seven elements of effective compliance and ethics programs that were revised in 2010 by the United States Sentencing Commission when they modified the U.S. Federal Sentencing Guidelines. These provisions set forth the attributes of effective compliance and ethics programs. There are also tools and checklists available for self-assessment that often build on these seven elements, adding specific assessment questions for each of the elements.

For any compliance self-assessment, facilitated by the use of one of these tools or some other means, the depth and timeliness of the evidence is critical to success. For instance, let’s consider a common process, such as managing the code of conduct for an organization. In our example we’ll look at various techniques, progressing from very basic and potentially high-risk, up through highly effective approaches offering increased protections and the potential for reduced sanctions and fines resulting from audits, reviews and allegations of wrong-doing.•At the most basic level, a financial services or-

ganization should publish a code of conduct and revise periodically. However, if this is the extent of the organization’s management of the code of conduct, an audit or review is likely to identify significant deficiencies, leaving the organization exposed to the possibility of severe penalties in


Demonstrating Compliance EffectivenessWhy it’s Critical for Financial Services Compliance and Ethics Programs


Steve McGraw is president and CEO of Compliance 360, an enterprise governance, risk and compliance software company. He can be reached at (678) 992-0262.

By Steve McGraw

RISK MANAGEMENT

MARCH 2012 | 11

terms of fines and sanctions.•Taking the next step, the organiza-

tion should distribute the code of conduct directly to all employees and collect attestations indicating that the code has been read and under-stood. Any compliance gaps identi-fied should be remediated, possibly through enhanced training and ad-ditional outreach. Going to this lev-el is certainly an improvement but may still leave an auditor wanting to know how the organization knows that employees really read and un-derstood the code of conduct.

•Going a step further, the employee attestations could also include sub-ject matter questions with scored results, allowing compliance officers to make an objective assessment of each employee’s understanding of the code of conduct. As sub-par scores are logged, remediation tasks can be initiated, completed and logged. This approach provides a more compelling body of evidence showing that the organization is proactively focused on assessing the effectiveness of the code of conduct and using quantified measures to address potential shortcomings.

•Having the ability to log, investigate and track any incidents related to the code of conduct, and monitor for recurring issues or trends that might require broad, corrective actions, can also contribute to the body of evidence of a commitment to com-pliance.

•Additionally, having the ability to make this evidentiary information available to auditors in a well-orga-nized, easily accessible manner is important. Maintaining time-based snapshots of this information can allow organizations to demonstrate the effectiveness of their compliance programs for any point in time.Producing the evidence of compliance

is typically the greatest challenge for a financial services organization. This requires a determination of what the evidence needs to be, how the organization will monitor it and how often to update it so the organization has the ability at any point in time to say, “here’s the evidence that we have in place now, and here’s the evidence of the system that we had in place during the time period in question.”

Some may wonder why organizations would need to maintain this historical information. This is critical because allegations of compliance breakdowns are seldom processed with expediency. For instance, when a whistleblower submits an allegation to the government, due to bureaucracy or work backlogs, it can take regulators months or even years to come to the organization with a lawsuit or claim of a compliance or ethics breach. It is critical that the organization have the ability to look back to the timeframe in question and say, “Here are the regulations that

were in effect at that time, and here is the evidence of what we were doing to comply with those regulations.” This information must be provided accurately, consistently and confidently to the regulators in order for it to be effective – even if the whistleblower’s allegation is upheld.

No compliance program can prevent every potential issue. But, if the organization can show that they were doing the right things, with a true intent of preventing issues, the organization may benefit from a reduction in fines and sanctions. An organization is likely to incur higher fines and sanctions, as well as a higher likelihood of negative publicity, if they were found to be in violation of regulations and they were doing nothing or the bare minimum to prevent issues and ensure the effectiveness of their compliance program. From the perspective of the board of directors for many financial



In the wake of the mortgage and banking crises, public opinion of the banking industry in general, but more particularly regarding the largest

banking providers, has become decidedly negative. Even the recent wave of Occupy protests have singled out the major banks for particularly pointed criticism. “Bank Transfer Day,” bolstered by social networking, was picked up and encouraged by protesters across the country, and became a plus for those institutions perceived

to be smaller and closer to the customer. Estimates of the impact vary, but some meaningful amount of assets was moved out of large banks to credit unions during the fall of 2011. This incident serves as a recent reminder that competition in the retail banking space is fierce, and that all participants must balance marketing pressures with regulatory obligations.

In many ways, the regulation of shareholder-owned banking institutions and credit unions is similar, as are the risks of non-compliance. Both types of institutions have requirements related to their capital structure; restrictions on their permissible activities; and are subject to examination and corrective action and/or penalties from their regulating bodies.

That said, there are two distinct regulatory differences between shareholder-owned banks and credit unions that will be at the core of debate regarding regulatory reform and economic stimulus in 2012: tax-exempt status and Community Reinvestment Act obligations.

TAX STATUSIt comes as no surprise to anyone in the banking

sector that the tax-exempt status of credit unions is

a huge benefit in the marketplace. The “savings” to credit unions from not having to pay taxes on their earnings enables them to offer consumer benefits such as free checking accounts, reduced fees and lower interest rates. In the world of consumer banking and finance, those are powerful benefits.

Tax-paying competitors argue that the benefits credit unions enjoy are unfair for several reasons. Among their reasons:•Failure of credit unions to fulfill their tax-ex-

empt mission•Functional equivalency of services offered to

the public• Imposition of significant costs on taxpayers

Without question, the tax-exempt status of credit unions is their key structural differential that translates into an advantage with consumers. But banks, which have long argued for the tax treatment of credit unions to be reviewed in light of the points made above, are making a new push for review in light of a move by credit unions to expand their services into a traditional stronghold of banks: namely, small commercial lending.

Listed as the top priority for legislative action by the Credit Union National Association (CUNA) is passage of HR 1418 and S 509, which would lift the cap on “Member Business Lending” from its current level of 12.25 percent of assets to 27.5 percent of assets. CUNA’s promotional literature argues that passage could result in much needed small commercial lending, and suggests that, in the first year after passage, $13 billion in additional small business lending would occur and 140,000 new jobs would be created.

Banking representatives scoff at those numbers and counter with statistics suggesting there is no

When Credit Unions Expand: Compliance and Risk Management

John Lovallo is senior vice president at Levick Strategic Communications, a Washington, DC-based communications firm that represents companies and countries facing the highest-stakes communications challenge, with a concentration on developing and implementing corporate reputation, financial communications, and investor relations brand-building campaigns. He can be reached at [email protected] or (212) 823-2002.

By John Lovallo

RISK MANAGEMENT

MARCH 2012 | 13

shortage of lending capacity to small businesses, only a shortage of demand.

COMMUNITY REINVESTMENT ACT (CRA)

Another key difference between shareholder-owned banks and credit unions is the former’s obligations under the CRA. Since 1977, all banks and savings associations must take substantial action to serve the credit needs of all members of their communities and avoid discrimination. This regulation requires examiners to review each institution’s operations across five performance areas comprising 12 assessment factors. Poor performance on CRA reviews can have serious consequences for the institutions in question, particularly when they seek to expand through merger, acquisition, or branching. CRA compliance is quite expensive for the institutions effected.

While credit unions were specifically created and given advantageous tax treatment due to their role in serving people of modest means, banking critics would argue that many credit unions have left that community focus behind.

COMPLIANCE AND RISK MANAGEMENT IMPERATIVES

In the legislative battle to win extension of credit union Member Business Lending while preserving tax-exempt status or to prevent it (depending on your point of view), the track records of the two types of institutions relative to compliance and risk management will be crucial. For credit unions to be successful, they will need to demonstrate a willingness to address critical comments relative to the CRA and a lack of expertise with risk management issues surrounding commercial lending.

One necessity for credit unions as they attempt to win congressional authorization for expanded business lending will be to demonstrate that they have best practice risk management programs in place that are scalable

with the proposed increased lending activities. What would a best practice risk management program look like? Here are six absolutely essential components:

It must be comprehensive – it must take a global view of what could go wrong; involve every department,

process, and person; and be constantly in action.

It must be detailed – deconstructing the business and seeking potential weak spots in the operations which can lead to risks.


We identify hidden risks, so you maximize potential. All financial institutions take risks. At ICS Risk Advisors we help clients manage those risks. A collaborative approach with value-added solutions. That’s what years of experience with one single focus will get you.

ICSriskadvisors.com // 888.250.4400


Risk management used to be a “trial by fire” method of operation. You wait for something to happen and clean up the mess when it

does. Today’s world of on-demand information, market fluctuations, and constantly evolving computer vulnerabilities requires a much more proactive approach. Enterprise risk management (ERM) helps business leaders control risk and make decisions swiftly. The challenges for any risk

management system stem from complexity in maintenance and coordination. Each new regulatory mandate adds a new project initiative and the integration and maintenance of these new project initiatives usually involves little synchronization. By instituting an ERM program, you will have set the framework for evaluating uncertainties, thereby managing threats and providing opportunity to build value for your institution. A structured ERM program provides a holistic view of the institution’s business opportunities and risk profile, with the goal to minimize operational losses while maximizing returns on new business ventures.

UNDERSTANDING THE RISK MANAGEMENT LIFECYCLE

In order to better understand the process of ERM, consider the Risk Management Lifecycle. Composed of three separate parts: assess, audit, and remediation, the lifecycle will help you link previously unconnected activities. First, you assess the likelihood of adverse effects that may result from exposure to vulnerabilities. Following the assessment the audit examines and validates the controls and records your performance against

internal policies and procedures. Lastly, the institution remediates control deficiencies and develops response plans. Having a strong risk management life cycle in place provides protection against unforeseen business or regulatory changes and is the base process necessary for an effective ERM program.

TWO PATHS FOR SUCCESSFUL ERMThere are two approaches that you can take

when creating an ERM program but both take into account the same four elements within the institution: strategy, reporting, compliance and operations. Knowing which one will work best in your institution is best determined by looking at how your institution views its world: operationally or strategically.

If your institution has a business model where the strategic objectives come first, the top-down method will work most effectively. First, you take into account the strategic objectives of the institution. Next, you identify the positive and negative events that affect the institution and whether they come from an internal or external source. Third, you distinguish the influencing factors of the events, such as those that are

Effective ERMThe Roadmap to Operational Efficiency

Michael D. Cohn, CPA, CISA, CGEIT, is the director of WolfPAC Solutions Group at Wolf & Company, P.C., a certified accounting and business consulting firm headquartered in Boston, with offices in Albany. He can be reached at (617) 428-5488 or [email protected].

Strategy

Reporting

Compliance

Bottom-up

Top-down

Operations

By Michael D. Cohn

RISK MANAGEMENT

related to swings in the economy or technology dependent. Lastly, event identification will recognize the impact these events will have throughout the organization if the event occurs.

A Bottom Up approach works best when an institution is operations-oriented. Beginning with each business operation, you must create an inventory of the people, business processes and technologies used therein. Next, you utilize a common language of assessing risk. This common language means measuring the quantity (or inherent) risk against the quality of risk management and controls. Once residual risk has been measured, it is time to integrate individual risk management assessments (i.e. technological, vendor, transactional, etc.) with each assessment focusing on different threats. Lastly, you must communicate with directors and executive managers so that they can evaluate risks and controls according to the products and services offered.

KEY SUCCESS FACTORS FOR AN EFFECTIVE ERM PROGRAM

An ERM program can only be as successful as the sum of its parts. Defining a risk management

methodology with measures consistent throughout the institution and aligned with the institution’s strategy will warrant a workable program. Remember that simplicity is fundamental in order to make the ERM program explainable to each person in the institution. Additionally, the roles and responsibilities of the program should be understood by everyone. The institution’s board of directors and audit committee must provide guidance and oversight with support for the program articulated and enforced at the executive level. Finally, the program must be viewed as a living thing, so as regulatory and economic factors change, you integrate new risk management tools into the daily activities and operations.

A structured ERM program can increase the operational efficiency at your institution by providing insight to minimize operational losses while maximizing returns on new business ventures. The institution can begin to address risk from a strategic nature, first aligned with business objectives or across operational units and business lines. Whichever approach is chosen, the program needs to be adopted across the organization, practiced by all employees, and supported by management and the board at every turn. n

MARCH 2012 | 15

EURO CRISIS UNDERSCORES NEED FOR RISK MANAGEMENT PROGRAMS, EVEN AT SMALLER BANKSBy Scott Van Voorhis

For banks in the Big Apple and across New York State, the near-meltdown of the global financial system in 2008 was a wakeup call.

Once a backwater, risk management has vaulted to the forefront of bank operations in the years since. Along with a prudent desire to improve in this crucial area, financial institutions are also now scrambling to meet a myriad of new demands issued by state and federal regulators and Congress, say risk management consultants who work with the financial industry.

Many Empire State banks are now coming to the painful realization that becoming more aware of potential risks is one thing, but designing effective programs to guard against what can be a bewildering array of threats may be an even greater challenge, experts say.

Worse still, banks across New York may not have that much longer to fine-tune their efforts before their new and improved risk management systems face their first major test.

The debt crisis in the Euro zone has already begun to make banks in New York and across the world increasingly nervous. A debt meltown in Europe, in turn, could send a 2008-sized shock wave that would not only shake the financial behemoths on Wall Street, but also rattle community and regional banks across the state, industry consultants say.

“Most of the banks are struggling to comply

with all the risk management guidelines,” said Pat Trendacosta, financial services attorney with Frandzel Robins Bloom & Csato. “A lot of banks I don’t think understand fully the concept and philosophy behind the risk management being pushed by the regulators.”

Behind the drive to minimize risk is the understanding that the banking industry’s quality control measures were lacking in the years leading up to the 2008 crash.

Alan Morley, a consultant with the ForwardThink Group, compared the shoddy mortgages that were funneled through the banking system in the bubble years to a chocolate factory that winds up in trouble after using bad ingredients.

“We haven’t really done as good a job as we could have done,” he said. “That allowed poor production, poor raw ingredients to go through the system and get [sold].”

As a result, “operational risk and compliance risk has suddenly become the absolute focus for banks,” he said.

Meanwhile, federal and state regulators are doing more than just tyring to ferret out potentially questionable lending practices – they are often taking a deeper look at a bank’s approach to risk management. In particular, regulators are

Pat Trendacosta

Alan Morley

MARCH 2012 | 17


A financial newspaper is fixed to a pillar by a newspaper seller with The Bank of England building behind, in the city of London, Thursday, Oct. 27, 2011. Investors flocked to the markets early Thursday after European leaders delivered a long-awaited action plan to tackle the eurozone debt crisis and slash Greece's massive debts. (AP Photo/Kirsty Wigglesworth)

increasingly focusing not just what a bank’s policies and guidelines are as related to risk, but, crucially, whether the bank’s own employees are following the rules.

“Where the rubber meets the road is how you are doing things, how you are running your bank,” Morley said. “What safeguards have put in and are they being adhered to. If you failed to follow your own policies and procedures, there can be a compliance issue.”

On top of that, there is a new generation of tougher bank examiners who can shut down banks that are found to be out of compliance.

“The government has recruited many new examiners,” Morley said. “They have teeth.”

And even as they scramble to meet post-2008 requirements, banks are also faced with complying with an earlier wave of post-9/11 edicts aimed at cutting off financing for terror groups and preventing money laundering, Morley notes.

Both are complicated and time-consuming, forcing the bank to verify that customers are truly who they say they are.

“It is a lot of background checking and verification,” Morley said. “Every couple of years they have to go through the process all over again.”

While there has been a rise in interest by banks in overall risk management concepts, the number of financial institutions with full-blown programs is still in the minority.

John White, chief executive and founder of New York-based ICS Risk Advisors, cites numbers that show just 25 percent of banks with formal risk management programs.

“That is not a lot, considering all the problems that have occurred,” White said. “That is something that

has to be changed.”The nation’s largest banks, including those with

New York headquarters or a substantial presence in the state, have had the resources to beef up their risk management programs. In fact, many of the industry’s best practices come from these heavyweights. The larger banks may already have risk management chiefs and risk management committees in place, notes Cory Gunderson, managing director at Protiviti, who works in the firm’s New York office.

“They are largely in an enhancement mode, continuing to improve their capabilities to manage

risk,” he said. “They are focusing a great deal these days on really tactical issues.”

By contrast, smaller banks are typically more skeptical of the benefits of a rigorous risks management program, with thinner margins and less money to spend on such initiatives.

“The smaller the bank, the less interested they are,” White noted.

As tough as it can be to devote the kind of resources necessary to adequately analyze and monitor risk, it is essential for banks, whatever their size, to make the commitment.

To be effective, banks need to do more than just hire a knowledgeable consultant. Financial institutions also need to internalize the changes, putting some of their best and brightest staff to work in an area that has not always been attractive to rising talent, according to White.

“They need to gain public confidence, the banking world needs to gain momentum,” White said. “One way to do that is to show they have the systems in place.”

Financial institutions also need to learn how to weild data effectively when analyzing potential risks. In hopes of staying one step ahead of the regulators, banks are producting ever larger quantities of data, but too often, bank risk managers are simply becoming overwhelmed in a sea of data and are unable to step back, feeling that since the data is there, it should be used.

“With so much data at your fingertips, it’s really hard to see what this really means when I blow it all up,” Gunderson said.

The big test for small banks – say under $5 billion in assets – is to build as robust a risk management program as possible without putting a big dent in the bank’s bottom line, Morley said.

“The challenge is making the investment without killing the bank,” he said.

But with the growing debt crisis in the Euro zone, the urgency for having an active risk management program is only growing. New York’s largest banks are some of the most exposed to the debt crisis, with complex interrelationships with other major global and European banks. The big banks are already doing various stress tests to see what the impact of various Euro zone debt disasters might have on their financial footings, industry experts say.

But community and regional banks across New

RISK MANAGEMENT PROGRAMS continued from page 17


John White

Cory Gunderson

RISK MANAGEMENT PROGRAMS continued from page 17

MARCH 2012 | 19

FOR ALL THE RIGHT REASONSIndependent & Cost-Effective Portfolio Risk Review

Offices: Florida, Maine, New YorkProfessional Services for Bankers by Bankers

LOAN REVIEW PROGRAMS

LOAN LOSS RESERVE VALIDATION

CREDIT DATABASE FORMATION

PORTFOLIO STRESS TESTING

PORTFOLIO ACQUISITION REVIEW

LOAN POLICY MAINTENANCE

PROBLEM LOAN MANAGEMENT

LOAN & CREDIT SEMINARS

CREDIT ANALYSIS

REGULATORY RELATIONS

Toll Free 888.967.7380www.CEISREVIEW.comCEIS REVIEW INC.

York State could also take a significant hit should the European debt crisis become another, 2008-style global meltdown, Gunderson warns.

While the smaller banks may not have direct links to big European banks, they more likely do have financial links to major U.S. banks in New York City.

“You need to understand what the impact would be if something happened to your counterparty, if they were shut down for a few days,” he said.

But that’s just for starters. As they weigh the impact of a European debt debacle, all banks, including smaller banks seemingly far from the action, need to understand their liquidity position, and, if it is lacking, take steps to shore it up, Gunderson advises.

“If you don’t have strong liquidity and things turn in the world, if you can’t meet your obligations, banks and go away almost overnight,” he said.

Community and regional banks also have to examine their loan portfolio carefully. Given their narrower geographic footprints, there is likely to be

more of a concentration in one business sector or another, such as extensive lending agreements with a major local business.

While this is natural, bank executives then need to ask the tough questions of what would happen should that plant or firm face a severe setback or shut down, according to Gunderson.

“You tend to have aftershocks or indirect impacts of something happening in Europe,” he said. “They have to have an awareness of what their exposure can be. There is just a domino affect that can go pretty far down the chain.”

In the short-term, the commitment of cash and executive talent can seem formidable, but the good news is that becoming better at judging and weighing risk is likely to pay off for banks in bottom line returns and stability, albeit over the long run, industry experts say.

“Those are the organizations that tend to do better in the ups and downs of the economic cycle,” Gunderson said. “It can be a competitive advantage.” n


PROFILE | By Maura Ewing

In a storied New York, before big-box chains dominated the commercial market, neighborly customer service was a given: the local butcher

knew your weekly order, the barber asked about your children by name, and the clothing store had an outfit in mind when you walked through the door. Louis J. Cappelli, CEO of Sterling National Bank, believes that this level of service should not be antiquated, and that his clients – primarily small and medium-sized businesses – come to him precisely because this is what he has to offer.

Cappelli’s career dates back to a time when huge national banks were unheard of, and the local banker did indeed know all of his clients’ names. He started as an office boy in 1949 – making him one of the longest running bankers in the industry – and has worked himself up the chain to CEO, a position he has held since 1992. “Most CEOs are specialists either in credit or in marketing, and come in at near the top of an organization and so do not have experience in so many areas of the business. My experience in so many facets of the business makes things easier for me,” he says.

Sterling National Bank, a community-based bank in the heart of Manhattan since 1929, works much like the suit-shop who tailors outfits to its customers’ tastes. But instead of keeping up with fashion trends, Sterling is on top of the market climate that businesses face, and adapts its products accordingly.

“We can take care of virtually all of the needs of any small or mid-sized business,” Cappelli says with confidence, a claim that is particularly salient in today’s tight commercial lending environment. Sterling orients its lending practices against primary current assets, accounts receivable, and inventory, rather than relying on loans against real estate, which got many banks – as well as their clients – into trouble over the past few years. “Our loans are repaid virtually every time. Inventory turns over, we keep relending,” Cappelli says.

He also believes it’s important to offer boutique products to address changing trends in both lending and business modeling. A few particularly creative products which have garnered recent attention are its factoring and trade finance division, which offers a cash advance on accounts receivable, and resource funding which, in response to the growing trend of temporary staffing, provides the back office for a staffing company. “We cut probably 20 to 30,000 checks a week to pay for the temporary employment,” he says. “All it is lending. It’s just lending to a particular industry, and providing them with more support.”

The most important element of a community-based bank is high-touch customer service, according to Cappelli. All of the bank’s clients have his direct line, none of his 525 employees use voicemail so that anyone calling will be sure to get a human voice, and Cappelli eats lunch with a client every day of the workweek. “There are very few institutions where a customer is able to sit with a chairman or president of a bank. That’s how we sell,” he says. “To me community banking is more a state of mind in how you deliver your product. Big banks are not providing in that space.”

Cappelli doesn’t see his bank’s growing size as a barrier to this type of customer service. “When we were a $500 million dollar bank someone asked if we could do this if we became a $1 billion dollar bank. I said we’ll meet people for breakfast, we’ll meet them for lunch, we meet them for dinner, we’ll meet them for drinks. We’ll meet them.” Today Sterling has $2.7 billion in assets, up 15 percent from this time last year, and Cappelli is true to his word.

Like all banks, Sterling’s clients were nervous

Sterling National Bank Still Does Business the Traditional Way

Louis J. Cappelli

MARCH 2012 | 21

during the 2008 crash. But not only did Sterling not lose any business, they’ve continued to grow. “We’ve made loans continuously through that period up until the present time,” Cappelli says. Sterling’s loans, $1.46 billion, went up 13 percent this quarter. Further, as of Sept. 30, 2011, the bank’s tangible common equity ratio is 7.43 percent.

Unlike the CEOs of most big banks, Cappelli was not fazed by the tighter banking regulations that followed the ’08 crash. “Banking is a regulated business. Banks shouldn’t fear tighter regulations, but adapt their business model so as not to be affected. We should all be accustomed to it,” he says. “What occurred after the crash was probably more political, and based on the need for politicians to create more laws. And I think that that is an issue. Looking at TARP, for instance – the government has been paid back, in fact the government has made a profit – and people still talk about it negatively. Had they not created TARP, and had not come in to rescue the banks, and had they allowed big banks to fail, you might have 30 or 40 percent unemployment; it certainly would have been higher than it is right now,” he says.

“A common misconception is that banks don’t care about Main Street,” he says. “But banks are just as concerned about Main Street as they are anything else. That’s something our industry has to prove.” By meeting the needs of small and medium business, one client at a time, Cappelli works day in and day out to prove just this. n

damn notice. Don’t try to second-guess if the borrower is a servicemember.”

Yet even if lenders send notices, borrowers may not open the mail or respond.

The SCRA also requires lenders to reduce the mortgage rate of servicemembers to 6 percent or less if they submit a written request and a copy of their orders. The rate reduction is retroactive to when they entered the military or were called into active duty, and the law’s definition of interest rate, which includes all fees and chargers, differs from definitions used by other regulations, such as the Truth in Lending Act.

Banks sometimes make the mistake of shortening the term instead of lowering the payment, thinking the homeowner will be better off retiring their mortgage sooner, Guard said. “Service members need relief right away, and they need the rate lowered and the loan re-amortize for lower payments.”

Another dilemma that banks face is what to do if servicemembers have not requested a rate adjustment but employees at the local bank know they are in the military. “Our advice is, if you truly know the person is in military service, go ahead and lower the rate,” Guard said. “It’s incumbent on bankers to be proactive." n

FT. DRUM FORECLOSURES continued from page 7

Got Apps?

We Do!Ask us how our core processing apps

• Speed Products to Market

• Increase Customization

• Deliver Unparalleled Flexibility

Core ProCeSSInG ServICewww.cocc.com - 888.678.0444


2012 a Good Year, but Not a Boom Year, Economists Note

Economy-watchers have a lot to keep track of in the coming year – the euro crisis overseas, the U.S. housing market, job

growth and the Fed’s low interest rate policy. At a Jan. 17 conference held at Hofstra University in Hempstead, Long Island, an economist and a business journalist/professor interpreted what that may mean for the finance and business sectors in New York state this coming year. And “may” is the operative word.

The conference was sponsored by the Association for Corporate Growth. The featured speakers were Dr. Irwin Kellner, chief economist,

MarketWatch.com and former chief economist for North Fork Bank, Chase, Chemical and Manufacturers Hanover, and Greg David, director of the Business and Economics Reporting Program, Graduate School of Journalism, City University of New York. David also served 25 years at Crain’s New York Business as editor and editorial director.

Before an audience of 125, 45 of whom were bankers, Kellner cited many reasons to believe that 2012 will be a bad year for the economy, due to political gridlock and the euro situation, about which he is particularly pessimistic. “The euro is not long for this world and had no reason for its

Greg David, speaker, director of the business reporting program at the City University of New York (CUNY) Graduate School of Journalism, columnist for Crain’s New York Business and author of Modern New York: The Life and Economics of a City, to be published in April.

ECONOMY | By Steve Viuker

MARCH 2012 | 23

being, given the way it was constructed,” he said. Stateside, in addition to a problematic housing market, consumers dipped into meager savings to finance holiday purchases, indicating either high debt loads or maxed-out credit cards, he said.

However, those who prepare for a good year – not a boom year – will be very well rewarded, he continued. “Businesses are less pessimistic. Many were surprised how well the holiday shopping season went. Surveys show confidence higher than in the past three to four years. Hiring is up and jobless trends are working their way down. Jobs in the private sector are growing nicely and business inventories are lean.”

Kellner concluded on a plus note – gas and heating prices are down this year. He also predicted that the housing market will bottom out this year. Long Island housing prices are down one-third from 2006-2007 prices. Broker fees are down to 3 percent and mortgage rates are at their lowest since the 1950s.

Election years are usually good years for the economy, although not necessarily for the stock market, he noted. “The political gridlock was broken last year when President Obama finally figured out how to deal with the Republicans. He put them in a box and they had to pass his programs. I would look for the economy to grow in 2012 by three percent,” he said, adding that most economists believe the economy grew by that percentage in the fourth quarter of 2011.

Greg David noted that while New York City lost 137,000 jobs in the recent recession, “it was the mildest downturn in the history of modern New York.” Critical to this relatively soft landing is the several hundred million dollars in TARP money that came directly to New York City-based banks, which he cited as the city’s most important industry. With the Fed driving interest rates down to zero, and Wall Street profits soaring, “Many people who thought they were going to lose their jobs were kept employed. And bonuses and salaries remained higher than originally expected. Tourism thrived during the recession. And because the dollar was weak, New York continued to be a destination of choice for European tourists,” he said.

However, the bailouts and the low interest rates were a temporary reprieve, he said, and the adverse consequences will be felt in state tax revenues. Post-crisis regulation will ultimately have an effect

on state tax coffers. Before the financial crisis, Wall Street accounted for 20 percent of all state tax revenue – now, it’s 14 percent and headed lower, without another industry to fill the gap.

Since the recession ended, the city has gained nearly 82,000 jobs. Northern suburbs, such as Westchester County, have been adding jobs. However, Long Island has seen four consecutive years of job losses and is beset by high costs, including public-sector costs. David observed that the fiscal 2013 state budget proposed by governor Cuomo has the first year to year decline in state spending since the 1990s. The budget’s 2 percent cap on local property tax increases will, over time, cut down public employees’ compensation, but the governor didn’t deliver on pension reform, he noted. State pension costs now exceed $8 billion in New York state.

On Jan. 25, a bit more than a week after the conference, the Fed indicated it will keep short-term interest rates near zero for almost three more years. Long term interest rates should remain steady; if not a down a bit; the Fed also indicated it might revive a bond-buying program to lower long-term interest rates.

Dr. Irwin Kellner, speaker and chief economist with MarketWatch.com, a leading interactive financial news website.



The Fed’s changed stance on guidance may be an incentive for banks to make longer-term loans available to customers due to the low cost of funds, The Wall Street Journal reported on Jan. 26. But low rates also limit profit margins on loans, and offer no optimism for savers, the Journal article added. n

Anthony Gubitosa, senior vice president, Citibank, NA; Fredric Hugue, director of relationship management, Astoria Federal Savings; and Stephen Sipola, senior vice president, Astoria Federal Savings.

Barry Garfield, event chairman, an ACG New York director and a partner in the Long Island-based CPA firm of Holtz Rubenstein Reminick LLP.

A GOOD YEAR continued from page 23

MARCH 2012 | 25

LEGAL CORNER | By Joseph P. Monteleone

D&O Liability Policy Pitfalls Can Ensnare Bank Executives

There are a number of key issues that might influence the effectiveness of a directors’ and officers’ (D&O) liability insurance policy

when a bank fails and the Federal Deposit Insurance Corporation (FDIC) steps in.

The standard for D&O liability in claims brought against them by the FDIC in its capacity as a receiver of a failed bank is either negligence or gross negligence, depending on applicable state law. Although it might be more difficult to establish gross

negligence, neither standard presents any insurance implications, as the policies will typically cover any wrongdoing short of willful or knowing misconduct. The FDIC, however, may sometimes elect to seek civil penalties against these individuals, and fines and penalties are almost always excluded from D&O coverage.

Perhaps the two most important policy provisions to consider are the regulatory and insured-versus-insured exclusions. The regulatory exclusion is typically added to a policy by way of an endorsement, but it is not necessarily commonplace. On the other hand, the insured-versus-insured exclusion is found in most policy forms, but may be substantially modified by way of endorsements.

Both of these exclusions were actively litigated during the savings and loan crisis in the 1980s and 1990s in actions brought by the FDIC and other regulators directly against D&O insurers. After an initial round of somewhat mixed results, the courts ultimately upheld the regulatory exclusion on a widespread basis.

The language of the exclusion varies from insurer to insurer, but a well-crafted exclusion will preclude coverage for any claim brought by the FDIC or similar federal or state banking regulator. Simply put, one essentially need only consider who is the claimant to determine the applicability of the exclusion.

The problem for insurers, however, is that many of them were caught flat-footed at the advent of the

current wave of bank failures and did not have these exclusions in place as the claims began to be asserted.

Insurers have experienced somewhat more mixed results with the insured-versus-insured exclusion. Although present in most policy forms, there are often many “carveouts” to the exclusion that reduce its efficacy. One such carveout, for example, is that the exclusion may not apply to any claim brought by a receiver. Although the intent of the exclusion was not limited to precluding coverage for collusive suits (and suits by the FDIC against bank officers and directors are rarely, if ever, collusive), many courts have considered this factor in deciding not to uphold the exclusion.

PERSONAL ASSETS TARGETEDMost D&O policies on the market provide coverage

for directors and officers and, to a more limited extent, the corporate entity and its non-officer employees. In a failed bank situation, the entity coverage, which would extend to the bank itself and any corporate parent holding company, is not a consideration, as both are typically insolvent and not the subject of any claims.

Employee coverage is a bit more tricky, and may be limited to situations where securities claims are brought and where the employee is a co-defendant with an otherwise covered director or officer. In many failed bank situations, key wrongdoers and targets of the FDIC are non-officer employees. Policy wordings vary and must be carefully analyzed to determine if these employees are afforded coverage.

Finally, and although the FDIC is frequently the most aggressive plaintiff in pursuit of bank directors and officers, failed bank situations typically result in a number of claims from different constituencies. As a real-life example, in a current failed bank case, claims have been brought by:• the FDIC• a class action by shareholders of the bank’s parent

company

Joseph P. Monteleone is a partner in the Tressler law firm in New York, and author of the D&O and E&O Monitor blog www.dandoeandomonitor.com. He can be reached at [email protected].


services organizations, the ability to demonstrate the effectiveness of their compliance programs is viewed as a critical component in the protection of the brand.

For most financial services organizations, relying on manual means to demonstrate the effectiveness of their compliance programs is virtually impossible and usually problematic. These organizations should consider automating their processes with a “compliance system of record,” allowing them to confidently and consistently demonstrate the effectiveness of their compliance programs. Even if the organization is following its own checklist or one that is already in existence, the seven elements of effective compliance and ethics programs, found in the Federal Sentencing Guidelines, should be closely examined:

1. Establish Policies, Procedures and Controls2. Exercise Effective Compliance and Ethics

Oversight3. Exercise Due Diligence to Avoid Delegation

of Authority to Unethical Individuals4. Communicate and Educate Employees on

Compliance and Ethics Programs5. Monitor and Audit Compliance and Ethics

Programs for Effectiveness6. Ensure Consistent Enforcement and

Discipline of Violations 7. Respond Appropriately to Incidents and Take Steps to Prevent Future Incidents

1. ESTABLISH POLICIES, PROCEDURES AND CONTROLS

Organizations must establish standards, procedures and controls to prevent and detect unethical conduct. According to the guidelines, these standards of conduct and internal controls should be reasonably capable of reducing the likelihood of misconduct. The standards should be incorporated into a written code of conduct that enables audit systems and other procedures to have a reasonable chance of preventing and detecting wrongdoing.

2. EXERCISE EFFECTIVE COMPLIANCE AND ETHICS OVERSIGHT

Organizations must involve multiple layers of management in the compliance and ethics process with the goal of ensuring the effectiveness of the programs. Designated individuals in each management level must be appropriately knowledgeable of the program. The tone at the top of the organization is important but if the “tone in the middle” is broken, the marching orders from the top cannot succeed. Guidelines should impose specific duties on various levels of management, including the board of directors, senior management and individuals with primary responsibility for the compliance and ethics programs.

3. EXERCISE DUE DILIGENCE TO AVOID DELEGATION OF AUTHORITY TO UNETHICAL INDIVIDUALS

Organizations must use reasonable efforts to avoid delegating substantial authority to individuals with a history of engaging in illegal activities or other behavior inconsistent with an effective compliance and ethics program.

Many organizations are increasingly more reliant on third parties to handle a variety of outsourced operational functions. Outsourcing functions that are beyond an organization’s core strengths may make good sense from the perspectives of economics and business focus. Organizations, however, must also


distribution to model the stock market shows that the likelihood of the market crashes of 2008 or 1987 should only occur once every 300,000 years. Clearly this is not the case, and yet the normal distribution was – and still is – commonly used for this purpose, mainly for convenience.

So what does this have to do with the weather? In the southern tier of New York State, extreme flooding occurred in the 1930s, the 1950s, in 1972, and then again this year, when the Susquehanna and Chemung rivers converged and put houses under 10 feet of water. These extreme events, as with significant stock market dips, are not that infrequent. People are starting to realize they can’t just rely on the average as being the default or expected scenario all the time. Clearly the risks organizations face are not limited to the financial markets.

We have to pay attention to the way we are constructing risk models of all types. It’s important to look at all the outcomes, and re-examine the assumptions underlying the models. In training classes, the questions heard most frequently include: Which probability distribution do I use? How do I properly model my situation? What is the worthwhile analysis to do? As a result, we spend a significant amount of time helping professionals in all industries construct proper risk models. Simulation is easy; making sure your model is accurate is the most important step. n

MOTHER NATURE continued from page 8

COMPLIANCE continued from page 11

MARCH 2012 | 27

use proper safeguards to ensure they are dealing with reputable and ethical businesses since they cannot outsource their liability along with operational functions.

4. COMMUNICATE AND EDUCATE EMPLOYEES ON COMPLIANCE AND ETHICS PROGRAMS

The organization must take reasonable steps to communicate its standards, procedures and other aspects of the compliance and ethics programs periodically and in a practical manner throughout all levels of an organization, including senior management and the board of directors.

5. MONITOR AND AUDIT COMPLIANCE AND ETHICS PROGRAMS FOR EFFECTIVENESS

Organizations must ensure that compliance and ethics programs are followed by employees. They must also create mechanisms for auditing and reporting on the effectiveness of the programs.

6. ENSURE CONSISTENT ENFORCEMENT AND DISCIPLINE OF VIOLATIONS

The guidelines indicate that organizations should consistently promote the value and importance of compliance and ethics programs. Organizations should reward those actions that demonstrate adherence to an ethical culture and discipline individuals who fail to adhere to the organization’s ethical standards.

7. RESPOND APPROPRIATELY TO INCIDENTS AND TAKE STEPS TO PREVENT FUTURE INCIDENTS

The guidelines require that organizations take appropriate investigative actions in response to suspected compliance and ethics violations. Organizations should also take appropriate steps to preserve the confidentiality of investigations.

With a “compliance system of record,” policies, assessments, audits, incidents, investigations and corrective action plans can be linked back to applicable laws and regulations to create a dynamic body of evidence of compliance and ensure a continual audit-ready state for

the organization.As a result of the United States

Sentencing Commission’s modifications to the Federal Sentencing Guidelines and the ongoing process of regulatory updates resulting from the Dodd-Frank Act, financial services organizations should establish compliance and ethics programs rooted in these guidelines and evaluate existing corporate compliance and ethics programs to ensure that they conform. By establishing effective compliance and ethics programs and

satisfying the requirements in the guidelines, organizations are eligible to receive benefits such as reduced fines, reduced sentences or deferred prosecution. Aside from the benefits of reducing the likelihood and severity of civil enforcement actions, establishing an effective compliance and ethics program makes good business sense and can enable organizations to better protect the corporate brand by reducing the likelihood of bad events and minimizing the consequences should they occur. n

�

�

�

�

�

�

�

Full-Color Redesigned

Statements with

Custom Formatting

Built-In Response

Buttons

Improved Customer

Service

Interactive PDF

Delivered Electronically

Reduced Processing

Costs

Targeted Cross-Marketing

Eliminate Inserts with

Onserts

21 Harristown Rd, Glen Rock, NJ 07452 • 201.652.6000 • 888.FSI.6200 ww.insideFSI.net• w

Core Processing • Item Processing • Integrated Packages • Corporate & Branch Capture

OFAC & Patriot Act Solutions • Web Hosting & Services

Trust well placed.

Do your statements

look like this?

Call

today to schedule

an online demo

and see what

eDoc can do for

your statements.

888-FSI-6200


HR DESK | By Carll Wilkinson

As the concept of enterprise risk management (ERM) continues to gain traction among regulators and community bankers, more

small banks and credit unions are considering the addition of a chief risk officer (CRO), but dreading the expense. The solution is to emphasize effective ERM as a competitive advantage.

All community banks and credit unions already embrace a culture of internal controls and risk assessment. However,

a CRO can make a material difference in two ways:1. Consolidate line-of-business risk

management into a centralized “executive dashboard,” enabling the institution to more strategically manage risk and allocate resources.

2. Implement sophisticated quantitative models and stress testing to more accurately measure and manage credit risk and interest rate risk, thereby reducing losses, improving net interest margins, bringing additional visibility to capital ratios by line of business and ultimately driving additional earnings.

SIZE MATTERSWhen considering a CRO hire, community

banks and credit unions must consider the role they are asking the potential hire to play. This will vary depending specifically on the size of the institution.

There are critical differences in the types of risks commonly faced by large and small institutions. Large banks are particularly vulnerable to counterparty risk and liquidity risk (see: Lehman Brothers). Small banks, on the other hand, are more prone to credit risk, portfolio concentration and interest rate risk. These considerations need to inform the selection of a CRO.

In addition, the banking industry in general rewards economies of scale, something that is in short supply for institutions under $1 billion (or even $5 billion) in assets. Top-20 banks can have multi-million dollar BASEL II and III budgets with hundreds of high-powered experts at their disposal; community banks obviously do not. Therefore, it is important that small institutions keep feasibility of an ERM strategy top of mind and set the expectations of, and for, a CRO realistically.

PREFERABLE CANDIDATE TRAITSIn the same vein, CRO candidates must possess

skills that most directly match the needs and capabilities of the hiring institution. Small community banks and credit unions should consider the following traits when attempting to identify the right candidate:

Technical Banking Skills: The single most important area where most small banks and credit unions can realize an immediate improvement in risk methodology is in the management of credit risk and portfolio concentration. A CRO must be able to accurately calculate likelihood of default and loss given default, with legitimate stress testing. This can create an immediate competitive advantage and add to the institution’s bottom line, as well as make the regulators more comfortable with capital ratio calculations. While it is not realistic to hire a CRO to do original financial modeling (e.g., Quants), they should be able to select a software vendor, use the software and be experts in Excel. The only way to achieve this is with specific expertise in finance, accounting, credit, or asset/liability management.

Entrepreneurial attitude: As all community bankers know, sometimes the only way to get a project done is to do it oneself. There are thousands of bankers employed at large financial institutions with superior technical skills who would be lost trying to manage ERM at a small bank with serious resource constraints. A successful CRO needs to be a self-starter

How to Hire a Chief Risk Officer

Carll Wilkinson is the managing partner of Executive Search Group, the largest bank specific search firm in New England. His team specializes in middle and senior management searches for community and regional banks, credit unions and wealth management firms throughout the Eastern United States.

and a problem-solver who understands that the very best solution may not be the most realistic option for a small bank or credit union, and who can find a way to use available resources to achieve success.

Superior communication skills: The active participation and buy-in of stakeholders across the organization, including board directors, senior management and business unit managers, is necessary for the successful execution of an ERM strategy. The best way to achieve this participation is through frequent, open, respectful dialogue, and driving this conversation is one of the key responsibilities of the CRO.

Global banking perspective: A CRO can’t be expected to create an ERM methodology if they don’t completely understand the fundamental aspects of a bank. While having deep and granular expertise in every functional area of a bank is probably unrealistic, a CRO candidate must at least understand the basics, like the difference between deposit and loan operations, or what “ALM” means.

WHERE TO FIND CANDIDATESSo, where does one find these technically

proficient, entrepreneurial, articulate and well-rounded bankers? Since it is not always possible to find someone with previous CRO experience, the search will come down to evaluating transferable skill sets among (mostly passive) candidates. Here are the top five places to look:

In a commercial credit or finance/accounting department – Look for a seasoned commercial credit officer or CFO who might relish the challenge of creating an ERM framework.

At a public accounting firm – Look for a manager or senior manager in the financial services practice who wants to make a move out of public accounting and into a bank or credit union.

At the FDIC, OCC, Federal Reserve, or local FHLB – Look for a credit officer or senior examiner with a combination of internal bank and external regulatory experience.

At an ALM service provider or software vendor – Look for an ALM analyst at a consulting or public accounting firm, or an investment bank, who has community bank-specific ALM experience.

In a risk, internal audit, or BASEL department at a regional or national bank – Look for “big bank” talent with community banking experience, but make sure they are enough of a generalist to run ERM without extensive support.

WHAT TO OFFERPay will vary based on size and ownership of the

institution, its geography, and the experience of the individual, but a realistic base salary range for the skill sets discussed above is between $90,000 and $150,000. n

MARCH 2012 | 29

D&O LIABILITY POLICY continued from page 25

CREDIT UNION EXPANSION continued from page 13

• an Employee Retirement Income Security Act ac-tion brought by participants in and beneficiaries of the bank’s pension and welfare plans

• a Department of Labor investigation in connection with alleged ERISA violations

• a Securities Exchange Commission investigation involving alleged securities law violations

• a Department of Justice investigation concerning potential criminal conduct of one or more bank of-ficers

All of the claims are subject to coverage under the same limited pool of insurance proceeds.

What happens if the insurance is not sufficient to satisfy all of those feeding at the trough? The unfortunate answer for bank directors and officers is that many of these claimants, in particular the FDIC, will pursue the directors’ and officers’ personal assets in addition to the available insurance. n

It must be quantitative – assessing the significance of the potential risks identified in terms of hard numbers.

It must be responsive to identified risks in a structured, timely manner.

It must be proactive – seeking solutions that prevent risks from happening in the first place.

It must be effectively communicated both internally as well as externally.

An industry-wide failure to demonstrate these best practices would severely damage the push for enhanced Member Business Lending capacity.

Shareholder-owned banks and credit unions both operate under a set of regulatory requirements designed to ensure that they provide services in a fair and prudent manner. However, two significant differences in their regulation are front and center in the debate as to whether credit unions should be permitted to dramatically expand their role as lenders to small business: tax exempt status and Community Reinvestment Act obligations. Regulatory compliance histories and risk management experience will be important evidence in the debate.

Regardless of the outcome, all financial institutions will benefit, as will consumers, from implementation of the best risk management practices. n


GLENS FALLS NATIONAL BANK AND TRUST CO.

Marilyn R. Hensel has been appointed to assistant vice president and trust officer in the trust department. She joined the bank with extensive trust and tax experience. She is a certified trust and financial advisor through the Institute of Certified Bankers, and a graduate of the State University of New York at Albany with a bachelor’s degree in economics and a business minor.

HUDSON VALLEY BANKMartin G. Noble, a veteran area banker, has

joined the bank as first senior vice president of business and professional banking. In this newly-created position, he is responsible for the day-to-day operations of the division with a special focus on loan administration. He comes to Hudson Valley from Patriot National Bank in Stamford, Conn.

PROVIDENT BANKProvident Bank announced appointments in

key leadership positions. Jim Peoples has been named executive vice president of Provident Bank and market president for the central market that covers Rockland, Westchester and Bergen counties. Peoples was most recently chairman, president and CEO of United Western Bank in Denver, Colo.

Rick Jones has been named market president for the north market that covers Orange, Sullivan, Ulster, Putnam, and Dutchess counties. He joined Provident Bank in 2004 as executive vice president and previously served as head of business services. Jones joined Provident Bank after retiring from JP Morgan Chase where he served as senior vice president of client management and personal financial services for JP Morgan Chase’s Personal Financial Wealth Services Group since 2002.

Rodney Whitwell has been named executive vice president and COO of Provident Bank. He joined the bank in August and served as senior vice president of strategy/corporate development. As COO, he will be responsible for driving strategy and consolidating operational functions under his leadership, including Provident’s direct banking channels, systems and technology, products and services, marketing, and bank operations.

SIGNATURE BANKSignature Bank has appointed a new private

client banking team to its network. Three banking veterans have also joined existing teams. Craig Anzalone, group director and senior vice president, heads a new three-person team, which will be based at Signature Bank’s private client banking office in Garden City, Long Island. Before joining Signature Bank, he served as business banking manager at Wells Fargo in Melville, Long Island, where he managed the business banking teams serving Long Island clients.

Joining Anzalone’s team are Patricia Modena, associate group director and vice president and Karen Perry-Taylor, senior client associate. Modena most recently served as senior relationship manager at Wells Fargo in Melville, where she managed a portfolio of business clients. Perry-Taylor also hails from Wells Fargo in Melville where she was a business client associate, handling the day-to-day needs of clients of the Long Island business banking portfolio.

Recently, Signature Bank also expanded three existing private client banking teams with the appointment of William Pyszczymuka, Veronica Higbie and Anna Walsh, all to the post of associate group director and vice president. Pyszczymuka joins the team led by Michael Doti, Richard DeSousa and Thomas Murphy Jr., each of whom are group directors and senior vice Presidents in Jericho, Long Island. Most recently, he was a branch business manager at Capital One Bank in Hicksville, Long Island, where he catered to small business clients.

Higbie joins the team headed by Group Director and Senior Vice President Thomas Rogers in the Melville private client banking office. Prior, she was a business relationship manager at HSBC’s branch in Melville, where she managed commercial client relationships.

Walsh was named to the team led by Lawrence Blascovich and Louis Krawiecz in the newly-opened Signature Bank private client banking office at 2 Penn Plaza in Manhattan. Walsh was operations manager and vice president for the premier corporate and professional services division at HSBC in midtown Manhattan, where she had worked with Blascovich and Krawiecz. n

Small Change

Reach more than 110,000 banking executives, CEOs and key decision makers in more than 900 different

banks, from the smallest de novo and community banks to the largest commercial and investment banks

in the world. Attract new customers through leading industry magazines with the combined force of the

most reputable banking associations across the Northeast.

To reserve adverTising space call 1.800.356.8805 exT.344

or email [email protected]

Visit www.thewarrengroup.com for additional products and serVices

OpeningtheDoorSuccess to

banking new york march 2012

Documents

warren group

warren jr

banking industry

bard management

risk management programs

risk management issuewill

banking new yorkas

banking new york volume