By Mark Dabertin and Tom Pareigat
Bank examinations, holding company inspections and other “supervisory events” can be a source of anxiety and dread for those who work in the banking industry. Much like a medical exam (or perhaps more like a root canal!), the bank examination process can be stressful for the bank and its staff. And understandably so. It’s never pleasant to be poked and prodded and questioned about your health and wellness. And it’s even worse when test results come back with unfavorable news.
The good news is that bank management does have the capacity to manage the examination process and favorably impact the overall examination experience from the bank’s perspective. This article provides some guidance in how to best prepare yourself and your staff for your next supervisory event.
How a bank can ‘manage’ an exam
As defined in Webster’s Dictionary, to “manage” means “to handle or direct with a degree of skill: such as: (a) to make and keep compliant; (b) to treat with care; or (c) to exercise executive, administrative, and supervisory direction.” Although your regulator ultimately calls the shots and oversees the exam with an appointed “examiner-in-charge,” bank management can, and should, seek to manage the exam from the bank’s perspective.
Federal banking regulators have their own blueprint for examination standards. The general theme across the various regulatory agencies and types of examinations is that the purpose of the examination process is to assess whether the bank has a sound risk management system consisting of policies, processes, personnel, and control systems to measure, monitor, and control risk.
Compliance officers and senior management can begin to manage the process effectively by thinking strategically about how to best communicate the quality of bank’s risk management systems so that examiners are able to meet their required objectives. This will require some front-end preparation and internal collaboration. It will also require some clear messaging and effective communication with field examiners during the exam itself.
Pre-exam management considerations
Evaluate the first-day letter and request list. In many cases, the exam request list will include a set of standard items which have been provided during past examinations. Be sure to review the list and identify any new or specific requests not previously included. A centralized approach to gathering and reviewing all responsive materials prior to submission is essential. For requested items that seem confusing, don’t hesitate to reach out to your examiner contact for clarification.
Understand your org chart and authority structures. Consistent with the adage, “the right hand needs to know what the left hand is doing,” it’s important that each employee who interfaces with examiners has a good understanding of not only their own position within the bank, but how his/her role interfaces with other parts of the organization. Nothing raises red flags more quickly than employees who seem unable to articulate their role, its responsibilities and its limitations in terms of authority and control. While risk management and compliance are technically everyone’s job—it’s important to clarify who does what within your control framework and be sure all are on the same page. Have discussions well ahead of the exam to be sure all are on the same page.
Circle the wagons. Bring together relevant staff for the purpose of thoroughly vetting what will be told to the examiners and the key information that will be shared with examiners during the initial meeting. This will help resolve any material differences in understanding among staff and/or functional areas and will reduce the risk of providing inconsistent information. Also, use this time to clarify basic protocol and logistics such as:
- Identifying a primary bank contact to oversee the exam event.
- Confirming where examiners will be located within your facility and how building and data access will be handled.
- Identifying key subject-matter experts and how meetings by and between examiners and SMEs will be scheduled.
Additionally, collaborate internally regarding how on-site exam requests will be fulfilled. It is recommended that exam requests be centrally tracked and recorded so responses to examiners are timely and accurate.
Know the applicable agency guidance. Beyond knowing the law and the bank’s policy requirements, reviewing the current bank agency guidance, including the applicable exam procedures, should be considered an essential part of exam preparation. In September 2018, federal banking regulators issued a Statement Reaffirming the Role of Supervisory Guidance. The statement clarifies that supervisory guidance does not have the force and effect of law, and will not be the basis of a formal enforcement action. However, it also reminds us that supervisory guidance can outline the agencies’ supervisory expectations or priorities and articulate the agencies’ general views regarding appropriate practices for a given subject area. Demonstrating in-depth knowledge of agency guidance in conversations with the examiners should instill confidence with examiners that bank management knows what is required and is therefore more likely to insist on maintaining appropriate controls. In addition, having such knowledge enables management to drive the conversation by proactively drawing attention to the most germane aspects of the bank’s risk management systems.
Charting the course: initial interactions with the exam team
Request an update meeting with field examiners. Before the exam begins, reach out to the EIC and request the opportunity to provide the onsite exam team with an overview of the bank and actions taken since the prior examination, with a focus on the bank’s system of internal controls. Whether the focus of the exam is compliance, safety and soundness, or a more targeted review of a particular area (such as anti-money laundering or fair lending compliance), it’s important for bank management to be able to effectively describe for the examiners the system of integrated controls the bank relies upon for purposes of complying with the applicable requirements. By clearly explaining how compliance is achieved and maintained, you can positively manage the exam by charting the direction the examiners are likely to pursue in confirming the existence of appropriate controls.
Consider a ‘that was then . . . this is now’ approach. Use the opening meeting with examiners to provide context on how the bank has progressed and improved since the prior examination period. Since most examinations cover a distinct period of time, be sure to present information that clearly demonstrates how and when prior exam findings and recommendations were addressed and resolved during the examination period. Keep in mind that most exam-related documents will already have been provided in response to the “first-day” letter. Use this opportunity to orient the exam team to the key documents you have provided. Providing this context will greatly help examiners when they begin to apply their prescribed examination procedures.
Keep it real. Affirmatively acknowledge those items still in progress, or continued areas for improvement. Avoid puffery that suggests a prior finding has been fully addressed when, in fact, it has not. This type of posturing calls into question not only the integrity of management, but also could cause regulators to question management’s capacity to understand effective risk mitigation. The best practice is to acknowledge proactively the true status of any prior exam findings and recommendations. Where an item remains in process, make clear the planned timeline for completion and provide context around actions being taken so examiners can confirm it’s a key priority.
Highlight internal control practices. Keep in mind that during the course of an exam, regulators’ primary focus is to evaluate the key controls in place to address and sustain regulatory adherence by assessing the design and operational effectiveness of controls. Common pitfalls associated with describing a bank’s relevant controls to examiners often relate to management’s inability to demonstrate adequately, in the form of written policies, procedures, and/or ongoing business reporting, that the claimed system for maintaining compliance (1) exists, and (2) is being followed. In short, be sure the content of your initial discussions with examiners speaks clearly about your key controls and how they are documented and implemented.
Stay focused on exam scope. Depending on the scope and purpose of the exam, be sure to tailor the bank’s early interactions to the relevant areas of review. For example, at the start of a safety and soundness exam, the most relevant presentation would be management’s own assessment of how the bank measures up under each component of the CAMELS ratings. An initial presentation at the start of a consumer compliance exam would most certainly warrant a review of how the bank implements the key requirements of its compliance management system. Avoid fogging up initial meetings with irrelevant, self-serving data not germane to the scope and purpose of the supervisory event. And remember, it is always better for management to acknowledge the need to further strengthen controls than to overstate the quality and effectiveness of the controls that currently exist.
Practical considerations during the exam
Openness is essential. The old saying, “tell the examiners as little as possible,” is never a sound exam strategy. To this end, the civil money penalty matrix contained in the OCC’s Policy and Procedure Manual, which is used by that agency in determining the appropriateness and amount of civil penalty assessments, treats “concealment” as the second most weighty negative factor after “intent” out of a total of ten factors. In June 2013, the CFPB published Bulletin 2013-06 (Responsible Business Conduct: Self-Policing, Self-Reporting, Remediation, and Cooperation—a document that was revised and reissued in March 2020), which explains the importance of open communications and the circumstances under which that agency may be willing to treat what it refers to collectively as “responsible conduct” as a favorable factor in resolving a potential or existing enforcement. Bottom line, transparency is the best approach. But please read the next paragraph.
Avoid guesswork when interfacing with examiners. Some employees mistakenly believe they need to know all and tell all when speaking with examiners. This often results in speculating on matters outside of the employee’s scope of knowledge or authority. Remind bank staff that if they are questioned about matters which they know nothing about, they should defer to the SME, and respond with a simple “I don’t know the answer to that specific question—but let me put you in touch with the right person.”
Respond to issues during the exam. Along with being transparent during the exam process, management should strive to maintain close communications with the examiners throughout the duration of the exam. While it may seem tedious, daily discussion with the examiners is advisable. It allows for examiner misunderstandings to be cleared up early and informally—rather than have them hit a more formal preliminary issues list. Also, learning about any bona fide issues early on will allow management to vet its remediation plans with the examiners, and potentially implement certain remedial actions before the final exam report is written.
Manage your expectations
Keep in mind that the exam process is intended not only to validate and confirm the Bank’s efforts, but also to identify and recommend improvements and enhancements based on an ever-changing industry. In the end, a “favorable” exam outcome does not mean that no issues were identified, or no regulatory concerns were raised. That’s not a reasonable expectation in an industry governed by both objective and subjective standards of evaluation. But with a well-organized and proactive plan to prepare for and actively communicate the bank’s improving internal control environment, a favorable outcome will be management’s ability learn from the exam experience, strengthen its supervisory relationships, and ultimately improve the quality and effectiveness of the bank’s risk and control environment and compliance structures.
Mark T. Dabertin is special counsel in the financial services practice group of the law firm Pepper Hamilton, resident in the Berwyn, Pennsylvania, office. He has over 25 years of broad-based experience in financial services law and regulatory compliance. Thomas G. Pariegat is EVP and general counsel at the Bancorp, Inc., headquartered in Wilmington, Delaware. He has been practicing law since 1984 and has over 30 years of consumer protection and regulatory compliance experience. He serves on the ABA Bank Compliance editorial advisory board.