Pivot! How to Build a Strategic Plan that Evolves With Your Financial Institution

Frank Perdue, CEO of Perdue Farms, once said, "A business that doesn't change is a business that is going to die."

New and emerging technologies, evolving consumer demand, and sudden shifts in the market have many financial institutions (FI's) reevaluating their strategic planning.

Given the risks FI's face in today’s market, this certainly makes sense. Cyber threats are becoming increasingly sophisticated; the regulatory landscape is ever-changing; FI's are exposed to a plethora of third-party risks; and the list goes on.

At the same time, nontraditional banking services, like those provided by fintechs, retailers, and automakers continue to grow — especially among younger consumers

Consider that 57% of Millennials and 64% of Gen Z have a financial account with a nonbank, and 17% of those banking with nontraditional financial institutions now identify them as their primary financial institution – that's double what it was just a year ago. 

With all the change and disruption, the question becomes: "How do financial institutions build a plan that allows them to change course whenever they need to?"

Let's take a closer look. 

• Creating a winning strategic plan
• Strategy and risk go hand in hand
• Risk is unavoidable, but it’s not unknowable
• Potential risks
• How well does your bank understand risk?

Creating a winning strategic plan  

The first step institutions need to take is to identify their strategy.

More often, financial institutions’ strategies are too general, pointing to things like growing deposits, penetrating deeper into the marketplace, or spending more of their budget on cybersecurity. But those aren’t strategies. They are goals. They are missing a critical element of strategy – the how. 

For instance, a community bank may say that its strategy is to be more profitable this year than in the last, but this is neither specific enough nor does it provide the appropriate levels of guidance and direction. If it isn’t measurable on a granular level, it will be difficult to monitor for success or failure.  

Being more profitable may also not align with that bank’s mission (why they exist), vision (goals for the future), and core values (beliefs and ideals). While every bank aims to make money, a bank may be more focused on serving the members of the community rather than prioritizing huge profits.  

To set a clear strategy, financial institutions must create individual goals and determine the actions necessary to achieve each of those goals, all while ensuring those actions and goals will help an institution act upon its mission, vision, and core values in a way that ultimately adds value.  

One example might be that a bank needs to grow deposits to meet high demand for small business loans; therefore, the strategy might be to grow deposits through acquisition or enter a new market to increase funding for small business lending. 

Strategy and risk go hand in hand. 

The more FI's can build a strategy that is centered on the institution’s mission, vision, and core values, the more flexible the plan becomes. Rather than scrapping an entire strategy when outside factors change, like new consumer demands or needs, FI's only need to adjust how they achieve their existing strategy.  

In other words, the foundation of a strategic plan, if solid, should remain intact and ready in the face of any risk. To be successful, the how of that strategy must be nimble, which requires financial institutions to understand all the potential risks that threaten the organization’s mission, vision, and core values. Without that understanding, the institution may be blindsided by unexpected shifts and risk losing its competitive edge.

A successful strategy is an asset to any organization, but it must also be adaptable; rather than expecting every aspect of your plan to remain constant from start to finish, look for ways to adjust how you meet your goals if outside factors change. This can be accomplished by carefully tracking and anticipating risk, and then developing contingency plans to mitigate those risks in order to stay on track with your strategic goals.

Risk is unavoidable, but it’s not unknowable.  

While every bank faces its share of surprises and setbacks, many of the risks of doing business can be identified and mitigated with the help of thoughtful risk assessments.  

The key word here is thoughtful.   

When you are conducting a proper risk assessment, there are some highly effective tools that can help ensure your risk is aligned with your FI's strategy. This will allow for changes to be easily made whenever threats or opportunities emerge and still allow your financial institution to stick to the overall plan.  

A well-executed risk assessment digs into real-world risks and the specific controls a bank uses to mitigate their impact, allowing the board and management to make better, more insightful decisions. From big picture ideas to specific areas of concern, a good risk assessment looks at the good and bad in every situation to provide a thorough understanding of threats and opportunities.  

The value of a well-executed risk assessment

The applications of a well-executed risk assessment are broad. From observations on potential new products and services to setting budget priorities to pointing out areas in need of compliance reviews, a smart risk assessment gives the board and management a valuable viewpoint. It can uncover possible weaknesses in controls, shed light on policies that act as controls, assess the ongoing effectiveness of automated controls, aid with vendor selection and ongoing vendor management, or suggest new controls or improvements to existing ones.  

Risks can come from both inside and outside of an institution. A new business line, a new vendor, or a new market can all present new risks to the institution. For instance, if the institution chooses to transition from physical servers to a cloud environment, it introduces a variety of potential risks.  

The institution must carefully assess how it will incorporate the cloud into its technology management and operations. Erratic network performance, data loss, unplanned downtime, insufficient resources allocated to accommodating peak activity times, or a lack of redundancy are just some of the potential risks that could be introduced by moving to the cloud.

Another example is when an institution enters a new market. Expanding operations to a new country or region puts the institution at risk for a variety of issues, including foreign exchange risks, economic downturns, and regulatory issues unique to that country or region. Successfully operating in this new context requires an understanding of the underlying risks and managing them appropriately.

Risk Financial Institutions Face

Financial institutions face a plethora of risks, including:

• Third-party risk. How strong is the vendor? Is your vendor likely to go under?  
• Fourth-party risk. If the vendor relies on subcontractors, how well are they vetted?  
• Cyber. How secure are the new servers?  
• Operational. In what scenarios could this technology fail?  
• Transaction. What are the business continuity planning issues that must be addressed?  

• Strategic risk. Is there a chance this action won’t support the bank’s long-term goals?  
• Reputational. What could go wrong with this vendor that could impact the institution’s reputation?  
• Compliance. Regulators see no difference between a FI and its vendors when it comes to compliance. Does the vendor follow all applicable laws, regulations, and institutional procedures? 

External factors that can introduce risk include regulatory changes, technological advances, new competition, evolving consumer demands, and economic conditions. That’s exactly what happened when the COVID-19 pandemic began spreading in early 2020. As news about the emerging virus grew from bad to worse and many communities moved into lockdown, financial institutions had to reevaluate and reinvent their approach to banking when the branch channel became unavailable. 

Potential Board Oversight Challenges

There are additional risks your financial institution might face that could originate at the board level. A few examples include:

1. Dominant Official:
A dominant official or policymaker is an individual, or a group of persons who are acting together, who hold influence, a measure of control, and or policymaking authority. Problems may arise if the board doesn’t provide proper oversight and simply puts all of its trust in the dominant officer alone.

2. Absentee Director:
All too often, a director gets so consumed by their other responsibilities that they aren’t able to provide the attention needed for proper and effective oversight. In cases like this, a director should establish an honorary director position with a limited level of power and responsibility.

3. No Strategic Direction:
If a financial institution lacks a strategic direction, its decision-making capabilities will become compromised.

4. Weak Enterprise Risk Management Plan:
Poor policies, procedures, training, monitoring, and systems can lead to a weak risk management plan.

5. Lack of Transparency and Communication:
A board should always be made fully aware of all matters related to its supervisory, fiduciary, and governance duties.

6. Director Indifference or Self-Interested Directors:
Some board directors are indifferent about their roles or they may be self-interested people who want to push agendas for personal gain.

7. Board Member Lack of Adherence to the Code of Conduct:
Board members must maintain a strict code of conduct for themselves in a manner that is honest, impartial, transparent, and fair for all the financial institution's constituents.

8. Failure to Effectively Act as External Examiner:
A failure to effectively act as an external examiner or to process operational matters over which they have operational oversight.

For more information on just what problem areas examiners are looking for when it comes to Board oversight, check out our blog: What Examiners are Looking for: Board Oversight

How well does your bank understand risk?  

The biggest obstacle to strategic success is failing to understand risk. A thorough risk management program includes voices from across the FI working together to recognize likely pitfalls and consider ways to avoid them by designing and implementing controls.  

Risk management invites ideas from all areas of the FI, revealing potential weaknesses and also hidden strengths. An in-depth approach to risk management not only mitigates the probability or impact of unfortunate events, but it also helps maximize the realization of opportunities.

Ultimately, true success is found when an FI's vision, mission, and values align with its strategy and risk. Understanding these elements and ensuring that they work together will enable an FI to quickly pivot when needed and evolve with time.  

One of the key measures of an FI’s understanding of risk is its willingness to embrace new ideas and technologies that can help it leverage opportunities and manage potential threats. For example, many FI's are now exploring blockchain technology as a way to streamline operations and improve security across various departments.

By implementing such advanced solutions, FI's can better understand their risks and be proactive in identifying, mitigating, and managing them. Ultimately, this approach can help achieve greater strategic success over time by allowing FI's to manage their resources and maximize opportunities for growth and profitability.

For more information on how you can maximize the realization of opportunities, check out the book The Upside of Risk!