The FDIC recently announced a joint agency proposal revising the capital requirement framework for banks with total assets of $100 billion or more. The proposal would implement the final components of the Basel III agreement and further strengthen the banking system following the banking turmoil in March 2023.
Doran Jones believes this is a good time for banks to review their regulatory capital framework. In our experience, banks tend to focus on meeting the required amount of regulatory capital. We recommend that banks take a more wholistic approach to assessing their framework because that is exactly what the regulators are going to do when they perform an examination. According to the Office of Comptroller of the Currency, “The core assessment of a bank’s capital adequacy and the assignment of the capital component rating include an analysis of many different risks and factors, individually and in the aggregate, that affect a bank’s capital. Examiners’ assessments of capital adequacy consider the totality of a bank’s circumstances beyond meeting minimum regulatory capital ratios (i.e., the OCC’s conclusions on a bank’s capital adequacy may differ significantly from conclusions that might be drawn solely from an evaluation of compliance with minimum regulatory capital requirements).”
Regulators rate a bank’s capital adequacy based on each bank’s specific circumstances, not just minimum risk-weighted standards. Factors that affect a regulator’s capital adequacy rating include:
- Amount and quality of capital
- The bank’s overall financial condition
- The composition of the balance sheet, including intangible assets and the associated risks (concentration risk, market risk, etc.)
- The amount, composition and trend of problem assets, and the adequacy of related valuation reserves
- Access to credit markets and additional sources of capital
- The effectiveness of capital planning activities
- The risk level of off-balance sheet activities
- The amount quality and trend of earnings
- The bank’s growth strategy and track record of managing growth
In our experience, three primary areas of focus for a capital adequacy examination, and where many banks fall short, are the bank’s strategic and capital planning processes, the quality of capital risk management, and the effectiveness of capital adequacy internal controls. We will be discussing each of these topics in a series of articles pertaining to this timely topic.
Quality of Risk Management
Each bank’s board and management should identify, measure, monitor, and control risk by implementing an effective risk management system appropriate for the size and complexity of bank operations. The bank should have a formal periodic risk and control assessment process performed by the business and compliance or risk management. Ongoing monitoring and testing should be performed by the business, and compliance should perform periodic testing.
An appropriate capital risk management program should:
- maintain satisfactory capital levels that are consistent with the bank’s risk profile and appetite and stated capital needs
- identify emerging risks to the bank’s capital and provide for timely mitigation of those risks
- assess the overall quality of risk management programs and internal controls, validation of forecasting models and processes, and internal audit systems
- include controls for compliance with capital and dividend regulations
- provide appropriate board oversight of regulatory reporting, capital accounts, and dividends
- include risk assessments that accurately identify and rate the risks that can affect capital adequacy
Doran Jones Recommends
Annual review of capital requirements risk management policies, procedures, monitoring and testing plans and results, and risk and control assessments. The review should confirm they:
- are consistent with the board’s stated risk appetite and are reviewed and approved at appropriate intervals
- comply with applicable laws, regulations, and internal standards
- Require that adequate and accurate records are maintained
- provide appropriate limits and targets for capital ratios, levels, and dividend payouts
- provide adequate and effective controls to ensure capital levels remain sufficient to support the growth and business goals stated in the strategic and business plans
- provide processes and controls for timely operational, financial, and regulatory reporting
- contain clear objectives and processes for maintaining adequate capital levels, including provisions to restrict dividend and capital payouts when required capital levels or internal targets are in jeopardy
Conclusion
It should not be surprising that, following the string of bank failures earlier this year, regulators are shining a spotlight on capital adequacy as a critical component of bank safety and soundness. Banks should be taking a proactive approach to reviewing their capital management processes and controls to avoid any unpleasant surprises when their regulators inevitably perform an in-depth examination.
Technology Considerations
Many banks, especially small- and mid-sized banks, are utilizing spreadsheet based EUCs to perform capital adequacy calculations. These spreadsheets need to be quite large and complex (often employing complex macros) and are very error-prone and inefficient. These spreadsheets are not only subject to data entry error but also errors resulting from erroneous spreadsheet logic, formulas, and links to outside data. In fact, studies by Raymond Panko at the University of Hawaii show that 90% of spreadsheets with more than 150 rows contain errors, and the European Spreadsheet Risks Interest Group estimated that more than 90% of all spreadsheets contain errors. Another risk associated with EUCs is that turnover can create a problem if critical knowledge of the EUC is lost.
These banks should be considering looking at tailored technology solutions to automate their capital adequacy processes that are tailored to their specific size, complexity, and business model. Such solutions can consist of basic financial risk automation (FRM) services to modular asset liability management solutions such as Moodys that can be integrated with security trading platforms to monitor the volume, mix, maturity structure, interest rate sensitivity, and liquidity of the bank’s assets and liabilities that provides a comprehensive strategic planning and risk management solution.
Automated Regulatory Reporting using tools like AxiomSL are being used extensively by banks because of increasingly frequent, complex, and dynamic reporting requirements.
Doran Jones can provide the regulatory compliance and risk management expertise with extensive technological knowledge and experience to design and implement a cost-effective solution that will increase efficiency and lower risk by upgrading your risk and compliance systems or identifying and remediating gaps in existing processes.
Contact us to learn how a strategic partnership with Doran Jones can provide you with cost-effective solutions by leveraging our expertise with these and other critical risk and compliance functions.