By Karen KrollHybrid bank exams–those that take place both on-site and virtually—appear here to stay. How can bank leaders best adjust to this shift? Key steps include preparing their technology, security policies and employees for the change and maintaining solid lines of communication with regulators.
While a move toward virtual exams has been underway for several years, the pandemic accelerated the trend.
“It’s now clear to regulators that some form of online or remote examinations is feasible and makes sense,” says Michael Malloy, law professor at the University of the Pacific. The three primary regulatory agencies—the FDIC, the Federal Reserve and the OCC—are looking at shifting to a flex-hybrid form, he adds.
The concept of “flex-hybrid” is an evolving one and involves choosing which portions of the exam process might be effectively carried out through online discussion and digital submission of data and other information, or through on-site interviews and observation, Malloy says. Typically, financial information and other hard data would be transmitted digitally, with follow-up inquiries handled through online communication or through on-site meetings—the “hybrid” aspect of this approach. To the extent available on site, interviews and discussion with management and bank personnel, together with other aspects of examination and observation, would take place at the bank. That’s the “flexible” aspect, he adds.
Conducting portions of exams virtually allows both banks and regulatory agencies to use their staff more efficiently. That could be a key concern as staffing levels at agencies become more of a question mark. “Agencies may not be sure how much staff they’ll have in the future,” says Rick Freer, a former compliance official at the OCC and senior director for examination and compliance programs with the American Bankers Association.
Improving technology has made transferring documents, such as loan records, more straightforward and secure, also facilitating off-site reviews, says Dennis Hild, regulatory affairs managing director with Crowe, which ABA endorses for compliance, risk management and governance. Similarly, more robust data tools allow examiners to review data off-site.
Typically, banks’ online portion of the exams include providing basic financial information on bank operations, including policies and procedures and bank review findings, and some file reviews. Of course, if a virtual exam reveals potential concerns about, for instance, disclosure requirements, examiners are more likely to want to head on-site and take a deeper look, Freer says.
The nature of some banks’ balance sheets and risk profiles may require the involvement of subject matter experts, who might participate remotely if they’re not reasonably near the bank, says Vincent P. Van Nevel, managing director with the Louisville-based consulting firm ProBank Austin. And in some cases, the full exam may be performed offsite, with examiners heading on-site for file cleanup and exit meetings with management and/or the board of directors, he adds.
As more exams shift to a hybrid format, bank leaders can help ensure they proceed efficiently, securely, and effectively Here are some steps banks should consider to smooth the process:
Technology demands intensify when you’re transferring more information, as some commercial loan files can be so extensive they “stretch the technology’s limits,” Hild says. Ideally, banks will test their systems before the exam, so they’re not struggling to quickly figure out how to securely transfer larger files when they receive request letters.
Get comfortable with digital management of files
Even today, the digitizing of files often tends to be handed to IT employees, Malloy notes. As more exams involve digital files, bankers will need to be comfortable and competent taking the steps required to open and maintain digital files without compromising the files’ integrity.
They’ll also need to make sure the information to which regulators have remote access is current. With loan files, the most recent information often hasn’t made it to the imaging or electronic filing system and instead is sitting in an officer’s email account or a pending file, Van Nevel says. As an exam approaches, file scrubbing can help ensure the files expected to be requested are organized, updated, and in a format that can easily be accessed by regulators, he adds.
Communicate with regulators
Even as hybrid exams become more popular, bankers will need to communicate with regulators. For instance, when an institution is looking at new board members or new technology or fintech partners, regulators want to know this, as both can bring risks, Hild says. “Open and frequent communication is fundamental and important,” he adds.
Moreover, without open lines of communication, banks may not understand what regulators are including in their risk assessments, Hild says. That can lead to surprises during the examination, when examiners ask for supporting documentation for an area they deemed as higher risk in their preliminary risk assessment and scoping
Designate a contact person
To the extent possible, banks should designate one employee as the primary contact for regulators, Hild says. That individual should oversee and coordinate communication between the bank and its primary regulator. This helps streamline communication, and the agencies can be more confident issues won’t get lost.
Even within community banks, where employees often hold multiple roles, it helps to designate one individual as the contact, Hild says. Again, regulators will know who to call, boosting efficiency and minimizing demands on other executives. The contact individual also can develop a greater understanding of the exam process.
As more files move digitally, bankers will need to think through the steps required to maintain their integrity. “You want to make sure you’re not jeopardizing security,” Malloy says.
Assess technology resources
Some banks may find their communities lack the technological bandwidth and/or experts needed to handle more hybrid exams, Malloy notes. To ensure reliable, consistent access to digital capabilities and expertise, they may need to hire their own people or invest in their own systems. “You may not be able to rely on what’s available as a general utility,” he says.
Understand records management regulations
“Banks need to have data retention policies that will help them going forward,” says Paul P. Schaus, president and CEO of CCG Catalyst Consulting. And this requires understanding how regulations can differ across the U.S. Schaus provides an example: One state may allow a bank to destroy paper documents once they’ve been digitized. Another may state that if you digitize a record, yet still store the paper, a court can demand the original record.
“It gets confusing, especially if you’re operating across multiple state lines,” Schaus says. While many banks had been doing a great job essentially using bandages to develop records retention initiatives, that may not suffice going forward. “COVID showed us the holes” in these approaches, he says. Even as the pandemic recedes, banks need to be prepared for the challenges coming next.
On-site exams remain key
To be sure, it’s unlikely exams will be permanently all virtual. The regulatory agencies are signaling that portions of most exams will continue to be conducted on-site, Malloy says. Smaller or rural banks may not have the resources to engage in virtual or mostly virtual exams. Even with larger banks that can more readily manage virtual exams, “there’s a sense that the onsite portion remains important to bank examiners, so regulators can see what they want, not what they’re shown,” he says. Particularly in complex institutions with a high volume of activity, it makes sense to have examiners onsite, observing and following file trails, he adds.
Discussions between examiners and management tend to be more effective when done face to face, says David Gibbons, a former bank regulator and bank holding company chief risk officer now working as a consultant. In-person contacts make easier reading body language, converse and build relationships. Verification activities may always need to be performed physically, he adds.
When they’re on-site, regulators’ ability to meet with the bank’s board of directors can be helpful for new members who aren’t as familiar with the exam process, Hild adds. They also can gain a better understanding of their fiduciary duties and responsibilities, helping to ensure the institution doesn’t get tripped up on a compliance or regulatory issue.
And whether an exam is conducted mostly on-site or remotely, examiners expect banks to be running sound compliance management systems, Freer says. This includes having implemented solid governance policies and procedures and engaging strong internal and external audit teams.
While it appears all regulatory agencies are moving to more hybrid bank exams, some ambiguity remains due to leadership changes. “That lends a little uncertainty around this and other issues,” Hild says.
To date, however, “all three examining agencies have made clear they think some form of a flex-hybrid approach will be a regular part of exam procedures,” Malloy says.
Over the past year, the Federal Reserve, the FDIC and the OCC have commented on the shift to hybrid exams. In a May 2021 speech, then-FDIC Chairman Jelena McWilliams said in part: “The pandemic, and our ability to adjust to it quickly while still fulfilling the agency’s mission, have demonstrated that technology can enable us to maintain smaller on-site teams with the remote support of larger off-site teams.”
The Federal Reserve addressed the topic in its bank supervision and regulation report, released publicly in November 2021: “Banks have provided positive feedback on the use of off-site exams and activities during the COVID event. However, they have also expressed that they find value in having some on-site examiner presence. . . . Based on experiences and feedback, the Federal Reserve intends to adopt an on-site and off-site ‘hybrid’ approach.”
In response to a question, a spokesperson with the OCC notes that “OCC examiners have effectively and efficiently executed our risk-based, supervisory strategies almost entirely offsite since March 2020. Through this experience, the OCC better understands the benefits and limitations of offsite examination activities and will plan future exams accordingly. While the location of our examination activities may be more flexible going forward, the OCC will continue to have dedicated teams of examiners assigned to supervise the largest and most complex institutions and will execute effective, risk-based supervisory strategies at all OCC-supervised institutions.”
Karen Kroll is a regular contributor to ABA Banking Journal, Bank Marketing and Risk and Compliance.