One billion in assets is a special number for banks. After crossing this threshold, your financial institution can raise more capital and realize new opportunities.
But banks with over $1 billion in assets must also know they’ll face increased regulatory pressure. Graduating from $500 million plus to $1 billion in assets means careful preparation to manage risk and satisfy examiners.
Table of Contents
FDICIA Requirements for Banks with $1 Billion in Assets
Approaching the $1 billion Threshold
Enterprise Risk Management (ERM) for Your $1 Billion Bank
Managing Operational Risks
How Banks Approaching $1 Billion in Assets Can Successfully Manage Risk and Satisfy Examiners
FDICIA Requirements for Banks with $1 Billion in Assets
Passed in 1991, the Federal Deposit Insurance Corporation Improvement Act (FDICIA) imposes audit and reporting requirements on FDIC-insured banks with $500 million or more in assets.
At $500 million or more in assets, regulators require your bank to deliver:
- Annual audited comparative financial statements
- An independent audit of financial statements from a public accountant that complies with SEC provisions, whether or not your bank is SEC-registered
- An audit committee of mostly independent directors
You already know these FDICIA requirements if you’re approaching $1 billion in assets.
But when you hit the one billion mark, FDICIA compliance becomes much more complicated. Examiners not only expect that you have the above internal controls but that you also possess a recognizable internal control framework.
Independent audits must verify that this framework is effective in managing risk.
Approaching the $1 Billion Dollar Threshold
Some banks fail to surpass $1 billion in assets and miss out on opportunities because they hesitate in the face of regulatory requirements.
The key for banks reaching $1 billion in assets is not to run from regulations but to embrace a holistic approach to managing risk.
As your bank nears the $1 billion threshold, adopting an enterprise risk management solution becomes increasingly important to ensure risk is managed holistically and consistently.
Related: The OCC Walks the Enterprise Risk Walk – And So Should You
Enterprise Risk Management (ERM) for Your $1 Billion Bank
Enterprise risk management (ERM) refers to the structured way your bank identifies, assesses, and manages risk. It goes far beyond just FDICIA compliance.
Some banks already practice ERM at an institutional level, while many other banks silo risk management in individual departments. Building a strong risk management culture at your bank requires that all your employees understand your institution’s risk tolerance and communicate across departments.
Related: ERM 101: What’s Your FI’s Risk Appetite?
As your bank approaches $1 billion in assets, you can count on regulators wanting to see how your institution systematically manages risk. Enterprise risk management empowers your bank to assess your risk tolerance regularly, adjust practices as necessary, and align your first, second, and third lines of risk and compliance management.
ERM gives you the tools to develop an internal control framework that satisfies regulatory requirements.
You should be proactively strategizing the ERM system you want to build and the roadmap to get there before your bank reaches the $1 billion threshold. Once you achieve one billion, the clock starts ticking on examiners' expectations. The first fiscal year after you gain $1 billion in assets, regulators will begin to probe deeper into your internal controls. They’ll want to see that you have a program devoted to risk management.
For banks with less than $1 billion in assets, there are cost-effective, easy-to-implement ERM solutions that will help you better manage risks across your institution and seize strategic opportunities.
Risk management is about more than passing an examination. It’s about leveraging risk to grow your financial institution in asset size, scope, and influence.
Managing Operational Risks
Most risk experts and banking leaders grasp credit risk. The larger your bank becomes, the more you will need to rely on risk data to identify and mitigate potential credit damage to your portfolio.
Your typical bank CEO rises through the ranks with a thorough grasp of market risk. Where they sometimes fail is in fully comprehending the importance of operational risk.
Enterprise risk management involves a bank’s total risk exposure, including operational risks. Operational risks for banks are losses that result from inadequate or failed internal processes, people, systems, or events.
Some of the operational risks that banks need to be aware of as they grow include:
The Failure of IT Systems and Technology: Software glitches or downed systems can cause headaches for your financial institution and customers. When you fail to address the viability and strength of your IT systems, you risk significant reputational damage.
Data Breaches and Cyber Security Threats: Many smaller financial institutions outsource their IT functions to a third-party provider. As you cross the $1 billion asset threshold, regulators will want to ensure you manage third-party risk, especially for vendors performing critical activities.
Physical Disasters: As we’ve seen over the past years, physical disasters are on the rise and threaten human safety. From power outages to wildfires, your bank needs a plan for what to do in an emergency. Business continuity planning is a must-have for regulators examining your bank’s internal risk controls.
Human Error: Your employees will make mistakes. These can include everything from simple data entry errors to loan officers giving preferential treatment to certain applicants. Compliance with fair lending laws is an essential operational risk your bank needs to track because examiners will look more closely at your lending for disparate impacts as your institution grows.
The above list barely scratches the surface of all the operational risks that banks above the $1 billion threshold face in managing risk holistically and satisfying examiner expectations.
Failure to develop institution-wide internal controls can lead to increased regulatory scrutiny, fines, and other enforcement actions from your examiners.
Examiners want banks to demonstrate that they manage all aspects of risk. Just look at the recent interagency guidance on third-party risk management. That’s one aspect of enterprise risk management that touches everything from operational, compliance, reputational, and strategic risk.
As your bank approaches $1 billion in assets, your examiners will begin to ask more questions about your business continuity plans and vendor risk management program.
How Banks Approaching $1 Billion in Assets Can Successfully Manage Risk and Satisfy Examiners
As your bank grows in asset size, you need to implement plans that address all aspects of risk. If you’ve been solely focused on credit, liquidity, and interest rate risk, understand that this will not be enough for regulators when you surpass $1 billion in total assets.
Ask yourself these questions:
- How are we managing third-party risk? Are we performing adequate due diligence with vendors during onboarding and throughout the lifecycle of our vendor relationships?
- What are we doing with findings from compliance reviews, internal and external audits, and exams? Do we have a plan to remediate any regulatory and compliance issues that may arise?
- What is our business continuity plan in the case of a systems failure or unforeseen natural event? How are we managing the possible reputational risks that arise if we fail to deliver timely service to our customers?
- Do we have a recognizable internal control system that extends across our entire institution? Do we have the buy-in of all employees in our defined approach to risk, and are divisions communicating with one another?
Creating a risk management culture is much easier when you embrace a holistic solution that addresses compliance, remediation, vendor risk, business continuity planning, and more.
Related: What Is Regulatory Change Management at Financial Institutions?
Ncontracts has designed such a solution with our Risk Performance Management suite. Our best-in-class software gives you the tools to take risk management out of its silos, developing a core set of key risk metrics and performance indicators.
Subscribe to the Nsight Blog
Share this
What Is Compliance Risk Management?
The Cost of Non-Compliance: Lending Compliance Edition
