The Oakleaf Group recently attended the American Bankers Association’s (ABA) annual Risk and Compliance Conference held in San Antonio, TX. This year, the general theme of the conference was the convergence of the Risk Management and Compliance functions in the banking industry. In the past, the ABA held two separate conferences for Risk and Compliance, but in 2023 they combined them into one event emphasizing the interconnectedness and importance of strengthening “the effectiveness of both teams to withstand regulatory scrutiny and control tomorrow’s threats today”.
The conference spanned the landscape of risk management, delving into the intricacies of the three defense lines and senior leadership guidance. A recurring theme emerged throughout the discussions: regardless of how meticulously crafted and executed the defense strategies might be, the failure to nurture a top-down risk culture could lead to severe organizational failures, as evidenced in recent times and in past decades.
The fast-paced regulatory and technological changes reshaping the banking industry were a focal point of many sessions. Presenters, panelists, and attendees alike underscored the necessity for banks to stay ahead of this wave. They unanimously agreed that banks must commit to continuous improvements to avoid falling into the trap of obsolete and ineffective risk and compliance processes, procedures, and controls.
Speed of Change. Attendees were united in their recognition of ongoing regulatory changes over the past three years encompassing actions taken in response to the Covid 19 Pandemic and the entrance of the new Administration. Yet, the most significant implications emerge from the examination of the unprecedented speed of three recent bank failures: Silicon Valley Bank, Signature Bank, and Silvergate Bank, as well as the sale of First Republic Bank. Technological changes such as lightning-fast spreading of depositor concerns through social media and the ability of depositors to withdraw funds in record time indicate to industry professionals that risk and compliance data and monitoring processes are likely to need faster cycle times. More and better data must be provided faster.
Fortunately, technological enhancements were on display throughout the conference as innovative new techniques to efficiently monitor regulations, capture and synthesize vast amounts of data and documentation, and analyze complex enterprise risk management metrics have been developed by industry service providers. Clearly, there are new and improved tools available to perform risk and compliance assessments more quickly and frequently and stay ahead of rapid changes. In light of these emerging trends and tools, banks would be well-advised to incorporate such technological enhancements into their operations.
Risk Management Culture. Interestingly, the recent bank failures were discussed at the conference along with previous risk management failures of banks, non-banks, and the U.S. Space Program. In each instance, a significant and, in some cases, key cause of failure was an inadequate risk management “culture” established by senior management and the board. Many professionals observed how SVB suffered from a lack of risk management culture simply evidenced by the fact that the bank operated without a chief risk officer for eight months leading up to its failure. More than a decade before, Washington Mutual and Countrywide had risk management infrastructure in place but lacked senior leadership who embraced it and communicated the appropriate “tone-at-the-top” to support a meaningful and effective implementation from the board down through their organizations. The conference drove home this theme with a presentation by Colonel Eileen Collins, the first female Space Shuttle Pilot and Mission Commander in NASA history. Colonel Collins attributed the loss of the Space Shuttle Columbia crew in 2003 to a faulty NASA culture and Government oversight as set forth in the 248-page Columbia Accident Investigation Board final report. In a type of root-cause assessment, Colonel Collins conveyed that certain team members held the view that nothing could be done to address questions about Columbia’s heat shield while it was orbit, but her view was that further testing could have been performed, the risk better assessed, and with an appropriate safety culture and values employed, the astronauts could have been rescued. Instead, misplaced measures of success such as schedule and cost efficiency took priority, with disastrous results.
Risk and Compliance Lines of Defense. The Conference presenters and attendees had a lively dialogue in several sessions debating and aligning on the responsibilities of each line of defense and the need for accurate reporting, clear communication, and independence between them. The compliance functions within banking organizations reviewed the important work they do while the risk functions explained how operational risk is business-wide and interacts with the compliance functions. Both agreed on the importance of managing an appropriate, and well-defined risk appetite and tolerances communicated from the top-down. Moreover, both agreed on the importance of accurate data gathering, controlled data governance, and effective analytical tools for monitoring, reporting, and managing risk in both the first and second lines of defense. A key third line of defense was represented by internal audit managers as they rely on effective and accurate reporting from the first and second lines to provide assurance to senior management and the board that risks are controlled and performing within risk tolerances. Again, changes in the industry are driving the need to increase the speed of testing and the ability to respond faster to emerging risks. Regulators expect this. It is evident that the entire banking organizations will be impacted and need to respond to this trend.
The ABA’s 2023 Risk and Compliance Conference provided valuable insights into the merging worlds of risk and compliance within the banking industry. The lessons learned from this conference highlight the importance of embracing technological advancements, fostering a robust risk management culture, and accurately defining and maintaining lines of defense. These takeaways will guide banking organizations as they navigate the dynamic regulatory and technological landscape. As the industry continues to evolve, the ability to adapt quickly, stay proactive, and maintain a robust risk management culture will be paramount. By reflecting on our past failures and adjusting our course accordingly, we are better equipped to face and control the threats of tomorrow.
Visit our website or contact us to learn about Oakleaf’s services and how we can help you ensure compliance and mitigate risk in this dynamic environment.
Oakleaf at a Glance
See Who We Are | Meet Our Leadership Team
Join The Oakleaf Team
Join Oakleaf and put your talents and skills to work with our leading financial, banking, and mortgage client organizations.
See The Work We Do
See how we support our clients and their teams in tackling their most complex matters. Or contact us if you want to discuss anything further.