4 Ways to Fine Tune Your Risk Management Strategy Post-Pandemic

The COVID-19 pandemic sent shock waves through local and world economies, with unprecedented shifts in consumer behavior, employment dynamics, and federal stimulus. Through it all, community banks and credit unions proved that they were up to the task. Having entered the event on much stronger financial footing than the great recession, these institutions met the challenge to respond by helping deliver key aid through the Paycheck Protection Program (PPP) and loan forbearance measures.

However, in early 2021, institutions are finding themselves at a crossroads. They are evaluating their enterprise risk management (ERM) strategies and searching for the sources of greatest exposure as business conditions begin to normalize later this year. This search will focus on fine tuning four primary risk management sectors: credit, cyber security, fraud and financial crimes, and financial performance. A recent study by KPMG stated:

“Operational resilience, including cyber security, will be a strategic priority, but other risks will rank just as high. Credit risk will be a central concern over the next 12 months or more: banks will need to stay close to their customers, working through loan repayments, forgiveness, and forbearance. Expected loss (CECL) modeling will be an important aspect, while banks will also be very focused on related modeling of capital and liquidity.”

1. Credit Risk

Credit risk management in any institution serves as the foundation for managing other key areas of the overall ERM strategy, since loan losses would impact key areas such as financial performance and liquidity. During the pandemic recovery process, there are still many significant questions to be answered:

• How will commercial real estate portfolios, specifically retail and office space segments, perform in 2021 and 2022 if remote employee trends continue?
• When will key sectors such as travel and leisure return to post-pandemic levels?
• How will the events of 2020 impact strategic changes to supply chains and foreign trade dynamics in the manufacturing, wholesale, energy, and agricultural sectors?
• Will banks and credit unions see increased demand for commercial and industrial and SBA loans as businesses begin to re-grow revenue streams?
• How will underwriters address the likelihood of weaker 2020 and 2021 financial performance from many existing consumer and business relationships?

These questions and others will be top-of-mind for senior credit officers in the next several months. In many respects, we are in unchartered waters. Liquidity for many businesses has been bolstered by PPP loans and forbearance agreements. As these aids diminish, will business owners succeed in the emerging economy? At the very least, the makeup of commercial and consumer loan demand is likely to change. Businesses will likely be hungry for working capital lines while consumers demand will remain strong in the residential and short-term revolving credit markets.

2. Cyber Security

Of all risk identified within an ERM strategy, cyber security will probably see the most movement in 2021. With more institutions, employees, and clients doing business digitally, there is simply increasing exposure to this risk sector. Cyber attacks of all types, including denial of service attacks and phishing schemes, have been on the rise during COVID-19. The two industries targeted more than any other have been financial services and technical/professional services, as indicated in this chart from a recent study by the Bank for International Settlements.

The evolving risk environment will also drive a need to deploy updated IT regulatory compliance strategies. Community banks and credit unions will need to rely more than ever on their chosen vendor relationships to navigate the changing compliance landscape in the months and years ahead.

3. Fraud and Financial Crimes

Events of 2020 became a “perfect storm” for fraudsters to exploit every area of real and perceived vulnerability. Sadly, the verdict is still out on 2021. While vaccines should help with the pandemic, economic recovery is still fragile – fraudsters will likely find new loopholes, and these five financial crimes will likely continue to grow:

• Insider Fraud: In moving most people into a remote environment, we removed some of the human checks and balances. The ability to keep someone “honest” because of people looking “over your shoulder” is no longer there. Combining that reduced oversight with some of the external pressures (finances, exhaustion, sickness, etc.) and employees become vulnerable to being recruited for, or engaging in, fraud themselves.            
• P2P Fraud: Events of 2020 accelerated the adoption of P2P for products like Zelle, PayPal, Venmo, and the Cash App. Unlike cash where you physically must steal it from someone, the ability to steal virtually makes it easier for fraudsters. With faster payments comes faster fraud.
• ID Fraud: We’ve become a more digital industry with the ability to service anyone anywhere. But this exposes institutions to additional ID fraud losses if not managed correctly. When opening accounts was a more face-to-face practice, that alone was enough to deter a lot of fraudsters. It’s harder for people to keep their cool when they’re looking someone straight in the eye as they attempt to defraud them. ID Fraud usually takes time to identify (pun intended). This is why many of the fraudulent accounts will come to light in 2021 and even in 2022.
• PPP Loans: We’re seeing elaborate stories coming out of how people defrauded SBA loans. There was a case in south Florida where a person made up a business and used the loan money to purchase luxury cars. Another example is the Hawaiian CEO that took $12.8M in PPP loans and used $2M of that for personal gain. The PPP loans are essential, however, with anything done that fast and with little oversight, it’s also a fraudster’s playground.
• Scams: In the U.S., it is reported that more than 10% of the population is scammed every year. And while it is the most prevalent financial crime, it falls in so many different categories that the true value is unknown. It’s also the hardest to prevent from the perspective of a bank or credit union, as the scam is against your customer/member and not directly against your institution. 

4. Financial Performance

Given the magnitude of the 2020 economic disruption on the American economy, banks and credit unions appear to have weathered the storm quite well. In the year ahead, it will be a matter of measuring and evaluating exposure from the “ripple effects” mentioned earlier. Simply put, there is no precedent for the type of economic slowdown we experienced in 2020. No one can say for sure what the recovery will look like, or how long it will take for some sectors to return to pre-pandemic levels. This will all become important to banks and credit unions as they fine tune their asset liability management strategies for the coming years and prepare for upcoming deadlines on CECL compliance.

Through it all, there is a sense that the U.S. and world economies will experience a strong recovery through the latter part of 2021 and into 2022. As with any period of dynamic change, it will be important for banks, credit unions, and their technology partners to communicate early and often to discuss both opportunities and challenges associated with our lives in the “next normal.”