Author: Alexis Long

Categories
Financial Institutions and Banking General

Bank Wire: Cybersecurity Testing is More Important than Ever

Rapidly increasing cyber risks make it essential for banks to conduct regular tests of their cybersecurity preparedness, including vulnerability and penetration testing. According to IBM’s “Cost of a Data Breach Report 2024,” the average breach cost $6.08 million in the financial industry (defined as banking, insurance and investment companies). That’s second only to health care. To help prevent cyberattacks, banks must develop effective information security programs and test them regularly to ensure that they’re operating as expected.

According to the Federal Financial Institutions Examination Council’s (FFIEC’s) Information Technology Examination Handbook, the primary testing tools include self-assessments, penetration tests, vulnerability assessments and audits. Penetration testing is particularly important, given the speed with which hackers’ techniques are evolving. It involves subjecting a system to real-world attacks selected and conducted by the testers to identify weaknesses in business processes and technical controls.

FFIEC to retire Cybersecurity Assessment Tool

The FFIEC will “sunset” its Cybersecurity Assessment Tool (CAT) at the end of August 2025. First made available nearly 10 years ago, the CAT is a voluntary tool banks can use to identify their cybersecurity risks and determine their preparedness. The FFIEC notes that while “fundamental security controls addressed throughout the maturity levels of the CAT are sound, several new and updated government and industry resources are available that financial institutions can leverage to better manage cybersecurity risks.”

Government resources include:

  • The National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 (go to nist.govand search for cyber framework), and
  • The Cybersecurity and Infrastructure Security Agency’s (CISA) Cybersecurity Performance Goals (go to cisa.gov and search for cybersecurity performance goals).

Industry resources include:

and search for “the profile,”) and

  • The Center for Internet Security Critical Security Controls (go to cisecurity.org and search for controls.)

The FFIEC doesn’t endorse any particular tool, but says that these standardized tools can assist banks in their self-assessment activities.

CFPB targeting improper overdraft opt-in practices

In a recent Consumer Financial Protection Circular (2024-05), the Consumer Financial Protection Bureau (CFPB) explained how to tell if a bank is violating the Electronic Fund Transfer Act and Regulation E. A violation may happen if the bank lacks proof that it has obtained consumers’ affirmative consent before levying overdraft fees for ATM and one-time debit card transactions.

Regulation E’s overdraft provisions establish an “opt-in” regime. The CFPB clarifies that banks are prohibited from charging such fees unless consumers affirmatively consent to enrollment. The form of records that demonstrate consent may vary depending on which channel the consumer uses to opt in to covered overdraft services.

© 2024

Categories
Financial Institutions and Banking

BOLI: A Powerful Employee Benefit Tool

Community banks continue to deal with a shortage of skilled labor and rising employee benefit costs. So many are turning to bank-owned life insurance (BOLI). BOLI is a highly tax-efficient long-term investment option. It also can be a powerful tool for funding benefits for executives and other key employees, enhancing a bank’s appeal to prospective workers. For example, a bank may use BOLI to fund retiree health benefits, nonqualified deferred compensation plans and supplemental executive retirement plans. Here’s a brief introduction.

How does it work?

To take advantage of BOLI, a bank purchases life insurance policies — either directly or through an insurance trust — on the lives of executives or other highly compensated employees who consent in writing to be insured. The bank owns the policies, pays the premiums and is the designated beneficiary. Typically, the bank uses the proceeds of these policies to offset or underwrite various benefits for key employees. However, some banks elect to share some of the proceeds with the insured’s family.

Banks are allowed to use BOLI for specific purposes. Examples include funding employee benefit and compensation plans, providing key person insurance, and recovering some employee benefit costs. Banks can’t purchase BOLI for rank-and-file employees — the policies are limited to employees the bank has an “insurable interest” in. Generally, that means the loss of the insured employee would have a significant negative financial impact on the bank, or the insurance proceeds will be used to fund benefits promised to the employee or his or her beneficiaries.

What are the pros and cons?

One advantage is that BOLI can be an attractive investment and benefit-funding strategy, often outperforming the after-tax returns of other traditional bank investments. A policy’s cash value grows on a tax-deferred basis. If the policy is held until the insured’s death, the death benefits are also generally tax-free to the bank.

In addition, BOLI can help banks reduce the risks of losing key employees. So, it can be a highly effective tool for providing valuable benefits to key employees while managing risk.

One big disadvantage is that if the bank surrenders a BOLI policy, the surrender charges, taxes and penalties can be costly. Also, BOLI policies are illiquid assets, which can expose a bank to liquidity risk. This is a major concern today, in light of recent bank failures due to liquidity issues.

How do banking regulators view BOLI?

The federal banking agencies have given their blessing to BOLI, provided banks have a comprehensive risk management process for purchasing and holding it. This includes effective senior management and board oversight. “Bank-Owned Life Insurance: Interagency Statement on the Purchase and Risk Management of Life Insurance” provides guidance from the federal banking agencies on using BOLI.

For example, the statement directs banks to establish internal policies and procedures governing their BOLI holdings, including guidelines that limit the aggregate cash surrender value (CSV) of policies from any insurance company and from all insurance companies. According to the statement, “It is generally not prudent for an institution to hold BOLI with an aggregate CSV that exceeds 25% of its Tier 1 capital.” It also advises bank management to conduct a thorough pre-purchase analysis to help understand the risks, rewards and characteristics of BOLI.

Worth a look

Implementing a BOLI program can be complex. But in today’s environment, it may be worthwhile for banks seeking a competitive edge in the battle to attract and retain quality talent.

© 2024

Categories
Financial Institutions and Banking General

Assessing Asset Concentration: Maintain the Right Balance

One advantage of community banks is the business relationships they’re typically able to develop within their local communities. This includes providing loans to local industries and businesses that may have a strong impact on the bank’s profitability — for better or worse. Asset concentration in local industries can be a strength. However, it’s important to manage those assets carefully to avoid the downsides, including the risk of heavy concentration in an industry that’s losing ground.

Determine the risks and rewards

Asset concentrations increase a bank’s risk by exposing it to potential losses. For example, banks with concentrated assets are vulnerable to significant losses in the event of a local industry or economic downturn. But that doesn’t mean that banks should avoid such concentrations at all costs. On the contrary, asset concentrations enable banks to better serve their communities by taking advantage of local industry expertise and market knowledge. So, you should weigh the risks against the benefits — and implement measures to mitigate potential risks.

First, evaluate your credit risk management policies, keeping in mind that asset concentration risks are felt well beyond the area of concentration. Suppose a bank has a heavy concentration of loans to businesses in a particular industry. A downturn in that sector could make it harder for businesses in the industry to repay their commercial loans and for individuals who work in the industry to repay their auto loans or mortgages.

So, it’s critical to consider the impact of asset concentrations on your entire loan portfolio and to implement policies to address the elevated risk. Such policies might include tightening underwriting standards, placing caps on asset concentrations, conducting global cash-flow analyses, performing stress tests and monitoring loans carefully.

Also ensure that your bank’s level of capital and reserves is commensurate with its concentration risk and aligns with the bank’s strategic plan. If your bank has a significant loan concentration in a particular industry, market or loan type, consider the relationships among these loans when evaluating the sufficiency of your capital and determining an appropriate allowance for loan and lease losses (ALLL).

Use diversification strategies wisely

In addition, take a judicious approach to diversification. An obvious solution to a risky asset concentration is to diversify. But diversification presents its own risks, so handle the process carefully. For example, a bank with a heavy concentration of loans in an industry or geographic territory might diversify by making loans to businesses in other industries or territories. But doing so might require the bank to venture out of its comfort zone into areas where it doesn’t possess the same level of knowledge and expertise.

Look for ways to diversify within a particular industry. For example, a bank with a high concentration of agricultural loans should consider lending to both crop producers, such as corn or soybean farmers, and livestock producers. This can mitigate the bank’s risk because economic and other external forces that hurt one industry segment may help the other. A decline in crop prices, for instance, would harm crop producers but it would benefit livestock producers by reducing their feed costs.

Another diversification strategy is to increase the size of your bank’s securities portfolio. Doing so instantly shrinks the bank’s loan-to-asset ratio. (A high ratio is often a red flag.) But keep in mind that investing in securities poses problems of its own and may divert capital away from the community the bank serves.

Stay on top of the local economy

A superficial understanding of the industries in which your customers operate may lead to bad decisions. Your bank’s lending officers need to be conversant with the many factors involved in the local business environment in order to analyze, and react to, its fluctuating risks and rewards.

Categories
Financial Institutions and Banking

Should your bank outsource its internal audit program?

For community banks, a strong internal audit program is a critical tool for ensuring regulatory compliance, managing risk, maintaining operational efficiency, and inspiring confidence in their financial and reporting practices. It also can help prevent and detect fraud. According to the Association of Certified Fraud Examiners’ most recent report on occupational fraud, though tips are by far the most common way frauds are exposed, internal audits are the second most common method. The report found that internal audits are associated with significant reductions in the magnitude and duration of frauds.

Internal audits aren’t the same as external audits, which focus on ensuring that financial statements are free from material misstatement and comply with Generally Accepted Accounting Principles or other relevant frameworks. Both types of audits are essential for a bank’s financial health, providing a robust framework for accountability and transparency. However, internal audits involve different procedures, are usually broader in scope, and can be tailored to fit your bank’s risk-management, operational and governance needs.

One question many banks face is whether to conduct internal audits in-house or to outsource the internal audit function. The answer to that question depends on your bank’s circumstances. Let’s look at some factors to consider.

Pros of outsourcing

Outsourcing internal audits offers several important advantages over conducting them in-house, including:

Improved independence and objectivity. Outsourced internal auditors are usually independent, objective and less susceptible to influence from bank management, providing a fresh look at the bank’s operations and internal controls. Outsourcing also makes it easier to rotate internal auditors, which can be a challenge with an in-house internal auditing department.

Access to expertise. Outsourced internal auditors possess specialized expertise and skills that would be challenging or cost-prohibitive to maintain in-house. This is particularly true for banks in smaller communities as well as those that plan to offer new products and services or expand into new markets.

Access to technology. Outsourced internal auditors often have access to sophisticated technology tools that would be impractical for a bank to purchase in-house.

Reduced costs. By allowing banks to avoid overhead and fixed labor costs associated with an in-house staff, outsourcing can reduce costs. It also gives banks the flexibility to quickly scale their internal audit programs up or down as their needs change or special projects arise.

If your bank’s management concludes that the pros of outsourcing the internal audit function outweigh the cons, it’s critical to handle outsourcing relationships with care.

Cons of outsourcing

Perhaps the biggest disadvantage of outsourcing is that outsourced internal auditors may initially lack an in-house auditor’s deep and broad familiarity with the bank’s operations. This creates a learning curve that may counteract the cost-effectiveness of an outsourced audit. One option is to outsource the internal audit function to the bank’s external auditor. But be sure to weigh the potential impact of such an arrangement on the external auditor’s independence when considering this approach.

Outsourcing arrangements may result in conflicts of interest, mistakes or misaligned goals if not carefully managed. For instance, outsourced internal auditors might recommend additional auditing activities to increase their fees, or their perceived goals might not be aligned with the bank’s goals for the internal audit function. To avoid these issues, it’s important to

1) prepare a comprehensive engagement letter or contract that spells out the audit’s scope and the parties’ expectations regarding the auditing firm’s activities and advice,

2) promote open and ongoing communication, and

3) monitor the auditor’s activities closely.

Co-sourcing: The best of both worlds?

Co-sourcing — that is, splitting internal audit activities between in-house and outsourced auditors — may offer the best of both worlds. For example, it allows a short-staffed bank to maintain the advantages of in-house auditors while gaining access to the additional human resources.

And co-sourcing can be a good way to conduct special-purpose audits, such as anti-money laundering/countering the financing of terrorism (AML/CFT) audits or IT audits. These require specialized skills that the in-house auditing team might not possess.

The buck stops here

Outsourcing the internal audit doesn’t absolve your bank’s management or board from responsibility for it. Among other things, understand and follow the federal agencies’ guidance on managing third-party risks, including the Federal Deposit Insurance Corporation’s “Interagency Policy Statement on the Internal Audit Function and Its Outsourcing.” Failure to properly manage these risks can hurt your bank’s reputation, and weaknesses in the internal audit process may lead regulators to conclude that your bank isn’t operating in a safe and sound manner.

Sidebar: Review outsourcing agreements carefully

When managing relationships with outsourced vendors and other third parties, scrutinize the contract or engagement letter. Under banking agency guidance, an agreement should, among other things:

  • Define the parties’ expectations and responsibilities,
  • Establish the fees and scope of the work,
  • Set responsibilities for providing and receiving reports and other information,
  • Outline the process for changing the agreement’s terms or terminating it,
  • Provide that internal audit reports are the bank’s property,
  • Specify how long the vendor must retain workpapers,
  • Acknowledge that vendor-provided internal audit services are subject to regulatory review and provide that examiners will be granted full, timely access to reports and workpapers,
  • Prescribe a process for resolving disputes and allocating the cost of damages arising from errors, omissions or negligence, and
  • State that the vendor will comply with any applicable regulations or professional standards.

© 2024

Categories
General

Estate Planning Q&A: Guardianship

If you’re the parent of a newborn, toddler or older child, you may be thinking about naming a guardian for him or her. This can be a difficult decision, especially if you have many choices or, on the other hand, no one you can trust. The following are answers to common questions about guardianship:

Q. How do I choose a guardian for my child?

A. In most cases involving a single parent or a paren ting couple, you designate the guardian in a legally valid will. This means the guardian will raise your child if you (or you and your partner) should die unexpectedly. A similar provision may address incapacitation issues. Choose the best person for the job and designate an alternate in case your first choice can’t fulfill the duties. Parents frequently name a married couple who are relatives or close friends. If you take this approach, ensure both spouses have legal authority to act on the child’s behalf. Also, select someone who has the necessary time and resources for this immense responsibility. Although it’s usually not recommended, you can name different guardians for different children. In addition, consider the living arrangements and the geographic area where your child would reside if the guardian assumed legal responsibilities. Do you really want to uproot your child and send him or her to live somewhere far away from familiar surroundings?

Q. Do I have to justify my decision?

A. No. However, it can’t hurt — and it could help — to prepare a letter of explanation for the benefit of any judge presiding over a guardianship matter for your family. The letter can provide insights into your choice of guardian. Notably, the judge will apply a standard based on the child’s “best interests,” so you should explain why the guardian you’ve named is the optimal choice. Focus on aspects such as the child’s preferences, who can best meet the child’s needs, the moral and ethical character of the potential guardian, and the guardian’s relationship to the child.

Whether you’re naming a guardian for a child in your will or you’re attempting to become a guardian yourself, you must adhere to the legal principles under state and local law. Fortunately, we can provide any necessary guidance. © 2025

Categories
General

In Certain Situations, Filing a Gift Tax Return is Required or Recommended

Thanks to the annual gift tax exclusion, you can systematically reduce your taxable estate with little effort. And while you typically don’t have to file a gift tax return, in some situations, doing so may be required or recommended.

Know When a Return is Required

The annual gift tax exclusion amount for 2024 is $18,000 per recipient. (It’ll increase to $19,000 per recipient beginning in 2025.) So, for example, if you have three children and seven grandchildren, you can give up to $180,000 in 2024 ($18,000 x 10) without gift tax liability. Under this scenario, you aren’t required to file a gift tax return. If your spouse consents to a “split gift,” you can jointly give up to $36,000 per recipient in 2024. When making split gifts, you must file a gift tax return (unless you reside in a community property state). If your gift exceeds the annual gift tax exclusion amount, the federal gift and estate tax exemption may shelter the excess from tax if a gift tax return is filed. In 2024, the exemption amount is an inflation-adjusted $13.61 million. In 2025, the exemption amount increases to an inflation-adjusted $13.99 million.

Avoid a Filing Penalty

Failing to file a required gift tax return may result in a penalty of 5% per month of the tax due, up to 25%. Bear in mind that you might file a gift tax return even if you’re technically not required to do so. The return establishes the value of assets for tax purposes and provides a measure of audit protection from the IRS. If you file a gift tax return and honestly disclose the value of the gifts, a safe-harbor rule prohibits audits after three years. However, the safe-harbor rule doesn’t apply in the event of fraudulent statements or inadequate disclosure.

Mind the Filing Deadline

The due date for filing a gift tax return for 2024 is April 15, 2025, the same due date for filing an individual income tax return. If you file for an extension, the filing due date is October 15, 2025. Contact us if you have questions about whether a gift requires filing a gift tax return. © 2024

Categories
General

The Amount You and Your Employees Can Save for Retirement is Going Up Slightly in 2025

How much can you and your employees contribute to your 401(k)s or other retirement plans next year? In Notice 2024-80, the IRS recently announced cost-of-living adjustments that apply to the dollar limitations for retirement plans, as well as other qualified plans, for 2025. With inflation easing, the amounts aren’t increasing as much as in recent years. 401(k) plans.

The 2025 contribution limit for employees who participate in 401(k) plans will increase to $23,500 (up from $23,000 in 2024). This contribution amount also applies to 403(b) plans, most 457 plans and the federal government’s Thrift Savings Plan. The catch-up contribution limit for employees age 50 or over who participate in 401(k) plans and the other plans mentioned above will remain $7,500 (the same as in 2024). However, under the SECURE 2.0 law, specific individuals can save more with catch-up contributions beginning in 2025.

The new catch-up contribution amount for taxpayers who are age 60, 61, 62 or 63 will be $11,250. Therefore, participants in 401(k) plans who are 50 or older can contribute up to $31,000 in 2025. Those who are age 60, 61, 62 or 63 can contribute up to $34,750. SEP plans and defined contribution plans. The limitation for defined contribution plans, including a Simplified Employee Pension (SEP) plan, will increase from $69,000 to $70,000 in 2025. To participate in a SEP, an eligible employee must receive at least a certain amount of compensation for the year. That amount will remain $750 in 2025. SIMPLE plans The deferral limit to a SIMPLE plan will increase to $16,500 in 2025 (up from $16,000 in 2024).

The catch-up contribution limit for employees who are age 50 or over and participate in SIMPLE plans will remain $3,500. However, SIMPLE catch-up contributions for employees who are age 60, 61, 62 or 63 will be higher under a change made by SECURE 2.0. Beginning in 2025, they will be $5,250. Therefore, participants in SIMPLE plans who are 50 or older can contribute $20,000 in 2025. Those who are age 60, 61, 62 or 63 can contribute up to $21,750. The IRS also announced that in 2025: The limitation on the annual benefit under a defined benefit plan will increase from $275,000 to $280,000. The dollar limitation concerning the definition of “key employee” in a top-heavy plan will increase from $220,000 to $230,000. The limitation used in the definition of “highly compensated employee” will increase from $155,000 to $160,000.

The 2025 limit on annual contributions to an individual IRA will remain $7,000 (the same as 2024). The IRA catch-up contribution limit for individuals age 50 or older isn’t subject to an annual cost-of-living adjustment and will remain $1,000. Plan ahead The contribution amounts will make it easier for you and your employees to save a significant amount in your retirement plans in 2025. Contact us if you have questions about your tax-advantaged retirement plan or want to explore other retirement plan options. © 2024

Categories
General

Get the Word Out About IRA Qualified Charitable Distributions

The SECURE 2.0 Act made some enhancements to IRA qualified charitable distributions (QCDs) that may benefit your not-for-profit organization — so long as donors know about them. You can encourage your supporters to contribute more by boning up on the new rules and communicating their tax advantages.

QCDs to RMDs

First, the basics:

QCDs were established in 2006 and became permanent in 2015. Taxpayers age 70½ or older are allowed to make QCDs up to an annual limit from their IRAs directly to a qualified charity. A charitable deduction can’t be claimed for a QCD, but the QCD amount is excluded from the donor’s taxable income. And the QCD can be used to satisfy the IRA owner’s required minimum distribution (RMD), if applicable.

SECURE 2.0 enhancements

SECURE 2.0, signed into law in 2022, includes some significant QCD enhancements. Beginning this year, what was previously a $100,000 annual distribution limit is now indexed annually for inflation — $105,000 in 2024. SECURE 2.0 also created a new QCD opportunity starting in 2023. Taxpayers can make a once-per-lifetime QCD of up to $50,000, annually indexed for inflation ($53,000 in 2024), through a split-interest entity. These include charitable gift annuities, charitable remainder annuity trusts and charitable remainder unitrusts. Split-interest entities generally allow donors to make gifts to your nonprofit while creating an income stream for themselves. After a designated period of time, the balance goes to your organization. As with regular QCDs, the amount of a split-interest entity QCD isn’t deductible, but it counts toward RMDs and isn’t included in the donor’s taxable income. Spouses can each make a QCD to the same split-interest entity to double the gift. Split-interest entities must pay a 5% minimum fixed percentage annually for the life of the donor or the donor’s spouse, and these payments are taxed as ordinary income.

Boost donations

How can you get the word out and boost donations? Consider preparing a presentation, brochure or both on how QCDs work, stressing the tax advantages for donors. A QCD might be especially tax-smart for donors who: Can’t benefit from the charitable deduction because their total itemized deductions for the year won’t exceed the standard deduction for their filing status, or want to donate more to charity during the year than they can deduct due to adjusted gross income (AGI)-based limits on their charitable deduction.

In general, deductions for cash gifts to public charities can’t exceed 60% of AGI and deductions for donations of long-term capital gains property to charities can’t exceed 30% of AGI. But don’t limit your education campaign to these technicalities. Supporters increasingly are interested in outcomes. Be as specific as possible about how you’ll apply a donor’s QCD — for example, to fund a new program or facility or pay for additional staff.

Qualified recipients

Note that donor-advised fund sponsors, private foundations and supporting organizations continue to be ineligible as QCD recipients. Indeed, you should make certain that your nonprofit is allowed to accept — and is set up to receive — QCDs. Contact us for help. © 2024

Categories
General

Employers: In 2025, the Social Security wage base is going up

As we approach 2025, changes are coming to the Social Security wage base. The Social Security Administration recently announced that the wage base for computing Social Security tax will increase to $176,100 for 2025 (up from $168,600 for 2024). Wages and self-employment income above this amount aren’t subject to Social Security tax. If your business has employees, you may need to budget for additional payroll costs, especially if you have many high earners.

Social Security basics

The Federal Insurance Contributions Act (FICA) imposes two taxes on employers, employees and self-employed workers. One is for Old Age, Survivors and Disability Insurance, which is commonly known as the Social Security tax, and the other is for Hospital Insurance, which is commonly known as the Medicare tax. A maximum amount of compensation is subject to the Social Security tax, but there’s no maximum for Medicare tax. For 2025, the FICA tax rate for employers will be 7.65% — 6.2% for Social Security and 1.45% for Medicare (the same as in 2024).

Updates for 2025

For 2025, an employee will pay: 6.2% Social Security tax on the first $176,100 of wages (6.2% × $176,100 makes the maximum tax $10,918.20), plus 1.45% Medicare tax on the first $200,000 of wages ($250,000 for joint returns, $125,000 for married taxpayers filing separate returns), plus 2.35% Medicare tax (regular 1.45% Medicare tax plus 0.9% additional Medicare tax) on all wages in excess of $200,000 ($250,000 for joint returns, $125,000 for married taxpayers filing separate returns). For 2025, the self-employment tax imposed on self-employed people will be: 12.4% Social Security tax on the first $176,100 of self-employment income, for a maximum tax of $21,836.40 (12.4% × $176,100), plus 2.90% Medicare tax on the first $200,000 of self-employment income ($250,000 of combined self-employment income on a joint return, $125,000 on a return of a married individual filing separately), plus 3.8% (2.90% regular Medicare tax plus 0.9% additional Medicare tax) on all self-employment income in excess of $200,000 ($250,000 of combined self-employment income on a joint return, $125,000 for married taxpayers filing separate returns).

History of the wage base

When the government introduced the Social Security payroll tax in 1937, the wage base was $3,000. It remained that amount through 1950. As the U.S. economy grew and wages began to rise, the wage base needed to be adjusted to ensure that the Social Security system continued to collect sufficient revenue. By 1980, it had risen to $25,900. Twenty years later it had increased to $76,200 and by 2020, it was $137,700. Inflation and wage growth were key factors in these adjustments.

Employees with more than one employer

You may have questions about employees who work for your business and have second jobs. Those employees would have taxes withheld from two different employers. Can the employees ask you to stop withholding Social Security tax once they reach the wage base threshold? The answer is no. Each employer must withhold Social Security taxes from an employee’s wages, even if the combined withholding exceeds the maximum amount that can be imposed for the year. Fortunately, the employees will get a credit on their tax returns for any excess withheld.

Looking ahead

Do you have questions about payroll tax filing or payments now or in 2025? Contact us. We’ll help ensure you stay in compliance. © 2024

 

Categories
General

Bank Wire: Should your board approve loans?

Should your board approve loans?

Bank Director’s “2023 Governance Best Practices Survey” found that a majority of banks approve individual loans at the board level, though the practice appears to be declining. According to the survey, 64% of respondents said that their board (or a board-level committee) approves individual loans, and 36% said the board approves loan policies or limits. Four years earlier, Bank Director’s “2019 Risk Survey” reported that 77% of respondents said their board approved individual loans.

But should directors be approving individual loans? There’s no one right answer to this question. Some bankers believe that additional oversight by experienced directors provides significant benefits, especially for larger loans. On the other hand, board involvement in individual loan approvals may raise potential directors’ liability concerns. Plus, taking loan approvals off directors’ plates can free them up to focus on strategic planning, risk management and other “big picture” activities.

SEC’s new climate disclosure rules

The Securities and Exchange Commission’s controversial climate disclosure rule has been placed on hold as a result of harsh criticism and multiple legal challenges. The SEC adopted the rule earlier this year in an effort to enhance and standardize climate-related disclosures by public companies and in public offerings. Among other things, the rule requires companies to disclose material climate-related risks, efforts to mitigate those risks, board oversight of climate-related risks, and costs associated with severe weather events and other natural conditions. Although the rule mainly affects large companies, smaller companies could experience a trickle-down effect if, for example, large companies ask their vendors, suppliers or other business partners to collect and share climate-related information.

If the rule survives legal scrutiny, it will have a significant impact on many companies’ financial statements. However, as of this writing, the rule’s future is highly uncertain.

Third-party risk management: An instruction manual

In 2023, the federal banking agencies published Interagency Guidance on Third-Party Relationships: Risk Management. It outlines sound risk-management principles for banks when contemplating relationships with fintech companies and other providers.

In May 2024, the agencies published Third Party Risk Management: A Guide for Community Banks. Although the guide isn’t a substitute for the interagency guidance, it provides community banks with valuable tips for managing third-party relationships. The 30-page guide offers potential considerations and examples in connection with risk management, the third-party relationship life cycle, and governance related to third-party risk. It also includes an appendix that lists various government resources community banks can use in their third-party risk management efforts.

© 2024