Author: Jackie Marshall, JaMarshall@jackhenry.com
The FFIEC’s recent supplement to Authentication in an Internet Banking Environment guidance is creating lots of buzz among bankers and technology service providers. There is no shortage of webinars, articles, and white papers on this hot topic. Many discussions are based on a broad interpretation or a general expectation of assessment of online banking risk and the application of multiple-layers of security controls. With so much room for subjective interpretation, some community financial institutions (FIs) are unsure as to where to begin with compliance strategies.
Based on the Guidance Supplement ‘s objectives, what is clear is that FIs are tasked to evaluate the online banking services they offer and determine if an effective combination of security control layers is currently in place based on the risk level of the transaction and the risk level of the customer. Many choices are outlined in the Supplement (9 to be exact), including out-of-band verification, positive pay, debit blocks, and enhanced customer education techniques. What is proving to be a challenge for many FIs is determining which combination of controls are most effective at preventing and detecting fraud.
Two security control elements stand out and are segregated half-way through the directive: “The (FFIEC) agencies expect that an institution’s layered security program will contain the following two elements, at a minimum”:
#1 - Controls to detect and respond to suspicious activity (i.e., unusual online banking activity based on previous customer history). These controls may be manual or automated transaction monitoring or anomaly detection.
#2 - Controls to manage administrative functions (i.e., preventive or detective controls to manage access for setting up or making changes to system access privileges, system configuration values, and new profile creation for online financial transactions).
The reason these two categories of controls are emphasized is because many of the identified incidents of commercial account takeover could have been avoided had these two control categories been practiced consistently.
In summary, as your FI navigates through a risk assessment methodology for online banking transactions and considers enhancing strategies for multiple authentication controls, begin with a layered approach and focus first on those two control categories emphasized as the most effective at preventing and detecting fraud.
Author: Kris Bishop, firstname.lastname@example.org
According to the FDIC’s website:
|Total since 2001
87% of the bank failures in the last decade have occurred in the past 2.5 years. Several economic factors have caused banking institutions to merge over the past several years. The wave of bank mergers has raised concerns about increased fees, decreased competition and loss of the local community bank. In the past we have had a larger number of new charters to back fill the local bank that was consumed through acquisition. However, only 43 new charters have been approved in the last 2.5 years.
Things can’t be all bad right? If we look at the banking industry as a whole over the past two years we find only about 4% reduction in the total number of banks. In comparison, this reduction is in line with the reductions in banks over the entire decade of about 3% over all. So, one could make a case that we have experienced a market correction with respect to the high number of de novo banks established in the early part of the last decade.
In my opinion, we will continue to see the largest reduction in banks under $650M in assets. The larger mid-tier banks have more capital for stabilization and long-term growth through acquisition. They have also become more comfortable with performing the due diligence and negations required for the FDIC assisted type of transaction.
Is the local community bank going the way of the savings and loan? I don’t believe we will see the largest banks in the country making many acquisitions during this time frame as they could experience market cap issues, or just the sheer size of the acquisition required to move their financial needle could take the focus off of any positive changes they have made to adapt in this market.
The M&A growth will occur in the lower and middle sections of the mid-tier space with regional and some super-regional banks. The banks in this area that are looking for solid growth numbers will have to earn them through acquisitions as organic growth in most markets is as stagnate as the national economy seems to be. A $10B regional bank will be able to accomplish this easier than a $70B super-regional, due to their ability to acquire market share and revenue growth at the same time through the purchase of a $1 - $4B bank in a new area or an area it’s currently underserving.
Where will this growth come from and where will the acquisitions be? My crystal ball tells me the growth will be concentrated in certain geographical pockets of the country where the banking industry has been hit the hardest. The interesting question will be where these regional banks and all this cash will come from? The suggestions here are multinational companies that already have a small banking presence in the U.S., as well as some of the stronger, traditionally more conservative U.S. banks in the middle of the mid-tier space.
Will our neighbors to the north continue to come south? If so how far south and how long will they stay? One Canadian based bank has stated they will be looking for more acquisitions in the U.S. While others from the frozen north have bought into the southern U.S. markets only to sell out a few years later. Will the strong super-regional banks in the northeast and mid-west come south, or will the strongest southern U.S. banks continue their deposit and market growth in the markets they know best?
When I think about the overall reduction in banks over the last 10 years (3%) compared to the last 2.5 years (4%), I think maybe the more things change the more they stay the same. What do you think?
Author:Brad Dahlman, email@example.com
Banks and Credit Unions have always had financial reporting. Since the beginning of time they have kept “the books” with a fairly detailed general ledger that tracked the institutions balance sheet and income statement. Over the past twenty years, organizations have begun digging a bit deeper into profitability (below the “total institution” level) – into branch, product and customer/member profitability.
These profitability solutions help financial institutions better understand some key questions like…
- Which are my most profitable branches, product and customers/members?
- How do I protect my most profitable clients?
- How can I improve profit for an underperforming branch/product?
- What might be the impact of regulatory changes be on the profitability of my products? (Frank-Dodd and Durbin in just the past year have had a huge impact on product profitability)
- Should we measure employees based on asset growth or profitability improvement?
Having answers to these questions and managing your institution with profitability in mind has never been more important.
Regulatory Interest in Profitability Analysis
Something new and interesting happened this month…Regulators have started to ask for profitability analysis. In just the past week alone, three clients have approached us for help in understanding profitability based on a regulator examination comment. One financial institutions regulatory comment said:
“Revise the 2011 Business Plan to include, but not limited to the:
- Ensure sufficient earnings are obtained to reach your strategic net worth goal for 2011.
- Implement Branch Accounting by NLT (no later than) 2012.
- Cost/Benefit analysis for each product and service by NLT (no later than) 12/31/11.
Stop and think about that for a second. Regulators are now EXPECTING that you would know which branch and products are contributing to your bottom line and which are not. They are also expecting this information be shared and incorporated into your strategic plan. This means that they will be expecting you to not only understand this information but use it to manage your business. Once these systems are in place the next likely questions are …
- What is your strategy to improve the profit of your unprofitable branches?
- Will you be closing branches?
- Dedicating additional resources to make them profitable (i.e. grow the business)?
- Reducing expenses at branches to reach profitability levels?
- Why are some products losing money?
- What is the likely impact of regulatory changes on the profitability of your checking products?
Are you Ready?
It was only a matter of time before regulators started asking for more detailed profitability analytics. This increased regulatory scrutiny of earnings and profitability is only going to increase. Are you ready for the regulators? Maybe you’ve been asked for profitability analysis already – share your comments below.
Author: Milton King, firstname.lastname@example.org
Just 5 years ago our definition of distributed capture revolved primarily around merchant and branch capture. Since then that definition has changed dramatically. Distributed capture now includes consumer scanning (at home), smartphones, and phone-to-phone processing. What a difference a half-decade can make!
For those of us in the industry we have always had to keep transaction fraud at the forefront of everything we do. Back in the “old days,” way back in 2005, that meant running scanned items through a local hot-file or against some national database. Life was simple.
What do you do with a client that won’t stand still? One who is scanning from her living room on Monday, her office on Tuesday and her smartphone anywhere, anytime (not while driving of course). Or, the business owner that wants his funds ASAP regardless of where they come from.
How do you meet the needs of these two clients without exposing them or the bank or credit union? Oddly enough, the answer is an odd combination of old and new technology. 2005 meets 2011.
If you consider the woman I mentioned in the third paragraph, let’s call her Lauren for the sake of discussion. Her home business requires her to be on the move and accept checks at the same time. Her strategy up until now has been to get to the branch or night drop whenever she can. Usually, that meant a mad rush to branch Friday afternoon.
Home, smartphone and even image ATM capture are a dream come true. We still need to guard her transactions from fraud just like she walked them in to a branch. In Lauren’s case we need to be able to manage all of her channels (home, smartphone and ATM) with one fraud system. Some immediate areas of opportunity are:
- Duplicate items - this could be fraudulent or a result of her accidentally scanning an item at home and via smartphone. We need to catch that quickly and notify her so that she doesn’t count on the same funds twice.
- Hot-files and National Database Information – though this may fall into the old technology category. The ability to scan earlier in process allows us to leverage this technology to a higher level. We can be proactive vs. reactive.
Those are just two examples of where we can offer Lauren what she needs while protecting her interest and the interest of our organizations. Lauren is no longer rushing to the branch on Friday. She is a happy client that can’t imagine life without these services.
Also, in the third paragraph, I mentioned the business owner who wants his funds ASAP. Let’s call him Nate. He and his brother Ben own a business that is low margin and inventory intensive. Nate is the sales-minded brother who wants to see money in the bank and sees accepting checks as a way to bring in more customers. Ben is more cautious and is concerned about exposing the business to the risk associated with checks. When done right, both Nate and Ben could be happy:
- Uniformity – apply the same fraud technology to every check regardless of its origin.
- Comprehensive – include every channel and be open to future channels.
- Speed – early scanning + early fraud detection = less exposure for all.
At the end of the day, we need to give Lauren, Nate and Ben what they need. At the same time we have a responsibility to our organization. In the world of technology, 2005 is a lifetime ago. In reality, the right approach still takes advantage of what all technology, new or old, has to offer.
Share the approaches you take to protect the client who won’t stand still by leaving a comment below.
Author: Pat True, RTrue@profitstars.com
I always enjoyed watching Norm Abram on The New Yankee Workshop. While fascinated by Mr. Abram’s skill, I was even more awestruck by his collection of tools. With those tools, he could probably build anything. I would not have been surprised to tune in and find him building a submarine. It just goes to show you that with the right tools and the right skill, you can accomplish almost anything. The same can be said of many professions, including commercial lending. Successful lending calls for the right skills and the right tools.
In today’s credit market, many banks are re-evaluating the tools at their disposal and considering how to best monitor revolving credit transactions, especially when they are secured by accounts receivable. As you consider your current systems and processes, you may look for the following features in order to manage risk most efficiently, and to help achieve the strongest possible service delivery to your clients:
Do your current processes monitor …?
- Dilution rates
- Debtor concentrations
- AR Turn rates
- Average invoice size and number of invoices per month
- Credit memo activity
- Payment compliance (assuming a lock box is involved)
Does your current system provide …?
- Efficient methods of obtaining invoice and credit memo data from the businesses accounting system reports
- Effective and efficient funding processes
- Clear methods of determining and communicating the collateral value of specific invoices as they age
- Effective and easy to read reports for both the bank and the business client
- Trend data and effective tools to access this data
- Bank relationship profitability tracking
- Exception management (red flag warnings such as invoice thresholds, invoice date alerts, etc.)
- Accounting reports to guide internal bank GL management
Other key tools for success might include –
- Sales tools such as cost justification models, business cash flow forecasting, bank pricing assistance
- The possibility of insuring accounts against debtor default, especially for larger transactions
Whether your approach is to structure a system from within or to acquire it from a third party, addressing these key issues can go a long way toward mitigating risk and assuring long term success for your portfolio. What’s in your toolbox to ensure successful commercial lending?