Malzahn Strategic - Minneapolis, MN skyline

Pandemics and Enterprise Risk Management – How ALL Risks Are Interrelated

This pandemic is a new type of disaster that I’ve never lived through and we are ALL (the entire world!) in this together. Pandemics and enterprise risk management go together and by now you have activated your Pandemic Plan at your financial institution and you’re testing it with healthy employees working from home. But the real test is when employees get sick and cannot work at all—for weeks! Are you ready for that scenario? That’s what the Business Continuity Management is all about.

The Pandemic Plan is part of your Disaster Recovery Plan first: A disaster occurs (in this case, the Coronavirus pandemic is real). How will you recover from it when it’s done running its course? Then the Business Continuity Plan kicks in. How are you going to indefinitely conduct business in the “new norm”?

This pandemic is a perfect example on how ALL risks are interrelated and how one affects another. Let’s examine all the risks individually and how the pandemic of the Coronavirus that produces the COVID-19 disease has already affected or could affect each risk:

Human Resources: People first! The HR risk is one of the highest risks you will encounter in this crisis due to several reasons: 1) You may not have the people to replace key talent if they are sick and away from the office for several weeks. 2) Maintaining the morale of the employees high at times like these requires strategic leadership. 3) You may encounter legal issues if you don’t handle the PTO, sick time, or FMLA correctly and wisely. Ensure your employee manual has clear leave of absence policies. Be ready to make exceptions that are fair across the board even though the exceptions may not be the same for each employee. Handle people with care and compassion. Be emotionally prepared in the terrible event you do lose an employee to death due to the virus.

Technology: Beware of a rise in cybercrime! Cyber criminals are also working from home 24 hours a day trying to exploit every opportunity they can. And this situation is no exception. They are sending email schemes with malicious links to steal yours and your customers’ sensitive data. DO NOT click on anything from anybody unless it’s a reputable source and you confirm the links are legitimate. They are also working on Business Email Compromise (BEC) schemes so please put your employees on high alert!

Liquidity: Financial Institutions can have liquidity risk in good times (when everything is going well, companies are expanding operations and drawing on their credit facilities) and mostly during bad times as we are experiencing these days. Companies are drawing all their lines of credit available and hoarding the cash to survive the next several months. Make sure you have your Liquidity Contingency Funding Plan up to date, that you update your test scenarios, and test all your liquidity sources. Preparing an unfunded commitments report gives you an indication of potential liquidity issues if you don’t have enough to fund the existing commitments. Ensure your customers the bank is the safest place to keep their cash so they don’t rush to take it out which can also cause safety issues if they get robbed.

Interest Rate Risk: Most of the community banks I talked with at the beginning of the year were preparing for a year of “no change” on interest rates. Little did we know what was about to come! These are unprecedented times and the Fed now has lowered the rates 150 basis points in the past few days. This monumental change is causing the Net Interest Margins to compress in a way that no one anticipated. Ensure you manage your balance sheet as evenly as possible (no asset or liability sensitive at any time). Since it’s still the first quarter of the year, for some institutions it may be worth redoing your budget with the new reality.

Credit: Once businesses draw on their lines of credit up to their limits or borrow additional money from banks, they will become highly leveraged. If companies don’t recover soon, they won’t be able to pay their loans back and now you have credit risk. During this crisis, ensure you lend to qualified businesses and that you do your due diligence as usual following your loan policy. You may have to help your customers refinance, restructure debt, or defer payments, but in the end, your financial institution needs to get repaid. Otherwise, your institution will join the list of failed businesses.

Operational: Without key employees and using backup systems in place you may experience operational risk. The current level of uncertainty is a huge distraction to employees so they will most likely make more mistakes. In addition, working remotely they may not have access to all the procedures and the processes may have to be redesigned. Despite the present situation, you must ensure your processes and procedures are being followed to continue being a safe and sound institution. Ensuring your online banking and mobile platforms work without interruption will be a determining factor to gain your customers’ loyalty and trust.

Compliance / Regulatory / Legal: In an effort to help your customers, you may be tempted to take shortcuts and skip giving the proper disclosures or not following the Customer Identification Program (CIP) as you should. Beware of people who take advantage of these situations and open fraudulent accounts. Ensure your employees are following bank regulations, policies, and procedures that are in place precisely to protect the bank and your legitimate customers.

Strategic: Wrong decisions can be made during stressful times and in crisis situations. The key to make wise decisions is to plan ahead for pandemics and enterprise risk management and be ready to execute your Disaster Recovery and Pandemic Plans when the time comes. The time to plan is no longer now… that was a long time ago. Make sure the leadership of your Institution consult with the Board of Directors on key strategic decisions that will affect the future of the organization beyond the pandemic’s effects. Some of these decisions are layoffs, establishing HR policies that may become permanent, and putting off branch closures or acquisitions.

Reputation: Your reputation is on the line every minute as you navigate through the pandemic crisis. Everything you do or not do has consequences. Communication at all levels is crucial in maintaining your reputation intact. Working together as a team in every area of the institution is also key to ensure there are no areas that are overlooked. Understanding that everyone is severely distracted by the world events is another key to successfully navigating through the crisis.

Price: You may experience price risk if changes in the value of either trading portfolios or other obligations that are entered into, as part of distributing risk. You can also experience price risk from portfolios subject to daily price movements (mark to market basis), and from lending pipelines, OREO, and mortgage servicing. Ensure you are monitoring your institution’s investment portfolio closely.

Model: During a pandemic, you may need to create new reports or use different systems to produce reports. A key vendor may go out of business due to the financial consequences of the pandemic and your entire model may go away forcing you to look at other solutions at the last minute. Your vendors may not have tested their pandemic plans and now are not able to service your institution. Ensure your Vendor Management Program includes Model Validation and that it requires key vendors to have a DRP in place, tested with results showing that they are able to service your organization. You can also request financial statements from your key vendors to ensure they are financially sound.

Earnings and Capital: In the end, ALL these risks affect your earnings resulting in capital losses. The formal definition of each risk always starts by “The potential of loss of earnings and capital due to… (insert each risk).” Ensuring that you are looking at all the risks from an “enterprise-wide” perspective will help your institution survive this pandemic crisis successfully. Communication amongst all areas of the organization, working together, and ensuring your employees are safe will help you get through this pandemic crisis (as well as future incidents) in a safe and sound manner.

If you need help completing or enhancing your Financial Institution’s Enterprise Risk Management Program, we’re here to help!

If you're looking for a great software solution for Vendor Management, Compliance, or general ERM, visit Ncontract's website to learn about their solutions!