BID® Daily Newsletter
Mar 9, 2023

BID® Daily Newsletter

Mar 9, 2023

Acing Regulatory Exams Requires Knowing What Regulators Want

Summary: As regulators shift their focus areas for this year’s audits, CFIs should pay particular attention to the new areas that have caught the eyes of regulatory agencies. Knowing what each particular regulator is focusing can be key to acing regulatory exams.

Anyone who has taken a standardized test is probably familiar with the theory that the letter C is the most common answer for a multiple-choice question. While the theory has been embraced by countless students over the years, it turns out that, statistically, it doesn’t hold up. Instead, test takers would be better served by strategies such as looking to the surrounding answers to rule out letter options (as answer choices are rarely repeated consecutively); selecting the longest answer, since test writers tend to include qualifying language within correct responses; or narrowing down the answer options by eliminating those that are clearly wrong.
The best approach students can take to multiple-choice tests, of course, is to study and prepare themselves for the material they are going to be tested on. The same holds true for community financial institutions (CFIs) when it comes to heightened oversight of regulatory exams and compliance reviews. Familiarizing your CFI with the specific things that regulators are most likely to be looking for, and paying close attention to, in exams and reviews is the best way to ensure your organization is compliant.
Major Focus Areas.

While the particular areas that each regulator is honing in on vary, some common threads are managing risks born from economic changes and a desire to protect consumers. As data sharing and open banking pick up pace at the same time cybercriminals are stepping up their efforts to target banks and bank-related activities, regulators are taking a closer look at anything that appears to pose a risk to consumers, investors, or the markets in general. For CFIs, knowing where regulators are concentrating their attention provides a roadmap for assessing your organization’s strength in each of these areas and determining where you may need to step up your own focus within your institution.
Following are a few key areas where each of the major regulators have indicated they are paying particularly close attention, and which will almost certainly be key focus areas for regulatory exams this year:
Federal Reserve.
The Fed’s Supervision and Regulation Report from last May notes the trends Fed regulators identified for increased risk in 2022. The report also highlights their supervisory priorities specific to CFIs, which fall into three main areas:
  • Credit risk. Due to CFIs’ portfolio concentration in Commercial Real Estate (CRE) and small businesses, which have been disproportionately impacted by the pandemic and remain more vulnerable to the subsequent economic uncertainty, credit risk is particularly concerning to the Fed. Particularly noted were the following areas of credit management:
    • Loan modifications and underwriting
    • Credit concentrations/high-risk portfolios
    • Current Expected Credit Losses (CECL) implementation
  • Capital. Since liquidity risk has risen since the report’s publication last May, capital adequacy, needs, and vulnerabilities will be assessed to make sure CFIs have enough cash on hand to weather further economic uncertainty.
  • Operational Risk. This includes both general IT concerns and cybersecurity practices. Cybersecurity is cited as a top risk area by the Fed, especially since 2020. The struggle for IT talent within the financial industry is a well-known challenge, so the Fed will examine third-party vendor relationships with fintechs and other nonbanks with particular scrutiny. Their focus on the partnership will likely be around safe data practices and defenses against cyberattacks. Be sure to anticipate regulators’ questions with data to support your own due diligence efforts in choosing your vendors and highlight the security practices both you and your vendors employ to keep sensitive data secure.
Office of the Comptroller of the Currency (OCC).

The OCC has noted that it is enhancing its supervision of financial institutions as the banking system evolves. According to its 2023 Bank Supervision Operating Plan, “examiners will focus on the impacts of volatile economic conditions such as high inflation, increasing recession possibilities, and rising interest rates.” In addition, regulators will consider the impact of geopolitical events and assess your CFI’s risks. The following are among the OCC’s top areas of focus:
  • New digital assets and payment offerings. The OCC, as well as the Federal Deposit Insurance Corp. (FDIC), will require that financial institutions inform regulators and receive nonobjection documentation before proceeding with implementation. These standards apply to artificial intelligence, banking-as-a-service, cloud computing, cryptocurrency, and any other new technology in these areas.
  • Operational resilience and cybersecurity. Regulators will conduct enhanced risk-based supervision, particularly regarding third-party relationships that involve customer data. This includes whether CFIs have proper cybersecurity controls and a plan in place if a security breach occurs.
  • Bank Secrecy Act (BSA), anti-money laundering (AML), and Office of Foreign Assets Control (OFAC). Along with determining a CFI’s risk in these areas, examiners will assess technology and programs related to these initiatives as well as any plans to enhance compliance.
  • Fair lending and Community Reinvestment Act (CRA). Another focus for regulators will be ensuring compliance with nondiscriminatory lending practices and your CFI’s efforts to support your community, according to the latest CRA legislation in 2020.
FDIC.

Other areas where the Consumer Financial Protection Bureau (CFPB) is focusing its oversight in the coming year are CRE and subordinated debt. “The issuance of subordinated debt has benefits and risks for banking organizations, and financial institutions should remain aware of the generally applicable capital rule’s requirements,” stated the regulator in its recent Supervisory Insights.
Though there are various areas that different regulators are focusing on, risk seems to be a common factor. Not only are regulating agencies concerned about the security of consumer data, but they also are anticipating risks that have arisen from the economic market that pose a threat to CFIs’ portfolios. The best way to handle upcoming regulatory exams is to know where your strengths and weaknesses are and prepare any documentation to support your staff’s capability to maintain those strengths and confidently tackle areas requiring improvements.
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

FDIC Aims To Change the Definition of Deposit Broker
The FDIC is proposing a rule that would change the definition of “deposit broker” and expand the types of exceptions allowed. We outline how the proposed rule could significantly impact banking operations.
Using Regtech To Streamline New Regulatory Requirements
As regulatory requirements increase, regtech can help you stay compliant while also lowering costs and increasing efficiency. We discuss possible use cases.